commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2024-07-18 19:15:19
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.17339 (New)
Package is "xen"
Thu Jul 18 19:15:19 2024 rev:347 rq:1187952 version:4.18.2_06
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2024-06-25 23:07:01.473315130
+0200
+++ /work/SRC/openSUSE:Factory/.xen.new.17339/xen.changes 2024-07-18
19:15:24.500892690 +0200
@@ -1,0 +2,7 @@
+Wed Jul 3 12:41:39 MDT 2024 - carn...@suse.com
+
+- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
+ guest IRQ handling (XSA-458)
+ xsa458.patch
+
+---
@@ -21,0 +29,13 @@
+
+---
+Wed Jun 12 12:03:14 UTC 2024 - Daniel Garcia
+
+- Fix python3 shebang in tools package (bsc#1212476)
+- Depend directly on %primary_python instead of python3 so this
+ package will continue working without rebuilding even if python3
+ changes in the system.
+- Remove not needed patches, these patches adds the python3 shebang to
+ some scripts, but that's done during the build phase so it's not
+ needed:
+ - bin-python3-conversion.patch
+ - migration-python3-conversion.patch
Old:
bin-python3-conversion.patch
migration-python3-conversion.patch
New:
xsa458.patch
BETA DEBUG BEGIN:
Old: needed:
- bin-python3-conversion.patch
- migration-python3-conversion.patch
Old: - bin-python3-conversion.patch
- migration-python3-conversion.patch
BETA DEBUG END:
BETA DEBUG BEGIN:
New: guest IRQ handling (XSA-458)
xsa458.patch
BETA DEBUG END:
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.mQey2Y/_old 2024-07-18 19:15:26.836985227 +0200
+++ /var/tmp/diff_new_pack.mQey2Y/_new 2024-07-18 19:15:26.840985385 +0200
@@ -26,6 +26,8 @@
# Keep it at the original location (/usr/lib) for backward compatibility
%define _libexecdir /usr/lib
+%{?!primary_python:%define primary_python python3}
+
Name: xen
ExclusiveArch: %ix86 x86_64 aarch64
%define xen_build_dir xen-4.18.2-testing
@@ -117,6 +119,7 @@
%ifarch x86_64
BuildRequires: pesign-obs-integration
%endif
+BuildRequires: python-rpm-macros
Provides: installhint(reboot-needed)
Version:4.18.2_06
@@ -180,6 +183,7 @@
Patch24:6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
Patch25:
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
# EMBARGOED security fixes
+Patch100: xsa458.patch
# libxc
Patch301: libxc-bitmap-long.patch
Patch302: libxc-sr-xl-migration-debug.patch
@@ -241,8 +245,6 @@
Patch467: libxl.LIBXL_HOTPLUG_TIMEOUT.patch
# python3 conversion patches
Patch500: build-python3-conversion.patch
-Patch501: migration-python3-conversion.patch
-Patch502: bin-python3-conversion.patch
# Hypervisor and PV driver Patches
Patch600: xen.bug1026236.suse_vtsc_tolerance.patch
Patch601: x86-ioapic-ack-default.patch
@@ -306,8 +308,8 @@
Requires: %{name} = %{version}-%{release}
Requires: %{name}-libs = %{version}-%{release}
Recommends: multipath-tools
-Requires: python3
-Requires: python3-curses
+Requires: %{primary_python}
+Requires: %{primary_python}-curses
%ifarch %{ix86} x86_64
Requires: qemu-seabios
%endif
@@ -499,7 +501,7 @@
sed -i~ 's/ XENSTORETYPE=domain$/ XENSTORETYPE=daemon/'
tools/hotplug/Linux/launch-xenstore.in
configure_flags="${configure_flags} --disable-stubdom"
%endif
-export PYTHON="/usr/bin/python3"
+export PYTHON=$(realpath /usr/bin/python3)
configure_flags="${configure_flags} --disable-qemu-traditional"
./configure \
--disable-xen \
@@ -833,6 +835,7 @@
# Xen utilities
install -m755 %SOURCE36 %{buildroot}/usr/sbin/xen2libvirt
install -m755 %SOURCE10183 %{buildroot}/usr/sbin/xen_maskcalc
+%python3_fix_shebang
rm -f %{buildroot}/etc/xen/README*
# Example config
++ xsa458.patch ++
From: Jan Beulich
Subject: x86/IRQ: avoid double unlock in map_domain_pirq()
Forever since its introduction the main loop in the function dealing
with multi-vector MSI had error exit points ("break") with different
properties: In one case no IRQ descriptor lock is being held.
Nevertheless the subsequent error cleanup path assumed such a lock would
uniformly need releasing. Identify the case by setting "desc" to NULL,
thus allowing the unlock to be skipped as necessary.
This is CVE-2024-31143 / XSA-458.
Coverity ID: 1605298
Fixes: d1b6d0a02489 ("x86: enable multi-vector MSI")
Signed-off-by: Jan Beulich
Reviewed-by:
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2024-06-25 23:06:43 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.18349 (New) Package is "xen" Tue Jun 25 23:06:43 2024 rev:346 rq:1183065 version:4.18.2_06 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2024-06-06 12:31:17.085556322 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.18349/xen.changes 2024-06-25 23:07:01.473315130 +0200 @@ -1,0 +2,22 @@ +Mon Jun 24 16:20:00 CEST 2024 - jbeul...@suse.com + +- bsc#1214718 - The system hangs intermittently when Power Control + Mode is set to Minimum Power on SLES15SP5 Xen + ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch + 666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch + 666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch + 66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch + 6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch + 6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch +- Upstream bug fixes (bsc#1027519) + 66450626-sched-set-all-sched_resource-data-inside-locked.patch + 66450627-x86-respect-mapcache_domain_init-failing.patch + 6646031f-x86-ucode-further-identify-already-up-to-date.patch + 666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch + 666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch + 666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch + 667187cc-x86-Intel-unlock-CPUID-earlier.patch + 6672c846-x86-xstate-initialisation-of-XSS-cache.patch + 6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch + +--- New: 66450626-sched-set-all-sched_resource-data-inside-locked.patch 66450627-x86-respect-mapcache_domain_init-failing.patch 6646031f-x86-ucode-further-identify-already-up-to-date.patch ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch 666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch 666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch 666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch 666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch 666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch 667187cc-x86-Intel-unlock-CPUID-earlier.patch 66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch 6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch 6672c846-x86-xstate-initialisation-of-XSS-cache.patch 6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch 6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch BETA DEBUG BEGIN: New:- Upstream bug fixes (bsc#1027519) 66450626-sched-set-all-sched_resource-data-inside-locked.patch 66450627-x86-respect-mapcache_domain_init-failing.patch New: 66450626-sched-set-all-sched_resource-data-inside-locked.patch 66450627-x86-respect-mapcache_domain_init-failing.patch 6646031f-x86-ucode-further-identify-already-up-to-date.patch New: 66450627-x86-respect-mapcache_domain_init-failing.patch 6646031f-x86-ucode-further-identify-already-up-to-date.patch 666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch New: Mode is set to Minimum Power on SLES15SP5 Xen ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch 666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch New: ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch 666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch 666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch New: 666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch 666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch 66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch New: 6646031f-x86-ucode-further-identify-already-up-to-date.patch 666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch 666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch New: 666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch 666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch 666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch New: 666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch 666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch 667187cc-x86-Intel-unlock-CPUID-earlier.patch New: 666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch 667187cc-x86-Intel-unlock-CPUID-earlier.patch 6672c846-x86-xstate-initialisation-of-XSS-cache.patch New: 666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch 66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch 6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch New: 66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch 6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch 6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch New:
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2024-05-23 15:34:11 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.24587 (New) Package is "xen" Thu May 23 15:34:11 2024 rev:344 rq:1175908 version:4.18.2_04 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2024-04-10 17:49:16.834023025 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.24587/xen.changes 2024-05-23 15:34:32.558053096 +0200 @@ -1,0 +2,17 @@ +Wed May 15 11:15:00 CEST 2024 - jbeul...@suse.com + +- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may + trigger Xen bug check (XSA-454) + 6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch +- Upstream bug fixes (bsc#1027519) + 6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch + 6627a5fc-x86-MTRR-inverted-WC-check.patch + 662a6a4c-x86-spec-reporting-of-BHB-clearing.patch + 662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch + 663090fd-x86-gen-cpuid-syntax.patch + 663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch + 663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch + 663d05b5-x86-ucode-distinguish-up-to-date.patch + 663eaa27-libxl-XenStore-error-handling-in-device-creation.patch + +--- New: 6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch 6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch 6627a5fc-x86-MTRR-inverted-WC-check.patch 662a6a4c-x86-spec-reporting-of-BHB-clearing.patch 662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch 663090fd-x86-gen-cpuid-syntax.patch 663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch 663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch 663d05b5-x86-ucode-distinguish-up-to-date.patch 663eaa27-libxl-XenStore-error-handling-in-device-creation.patch BETA DEBUG BEGIN: New: trigger Xen bug check (XSA-454) 6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch - Upstream bug fixes (bsc#1027519) New:- Upstream bug fixes (bsc#1027519) 6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch 6627a5fc-x86-MTRR-inverted-WC-check.patch New: 6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch 6627a5fc-x86-MTRR-inverted-WC-check.patch 662a6a4c-x86-spec-reporting-of-BHB-clearing.patch New: 6627a5fc-x86-MTRR-inverted-WC-check.patch 662a6a4c-x86-spec-reporting-of-BHB-clearing.patch 662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch New: 662a6a4c-x86-spec-reporting-of-BHB-clearing.patch 662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch 663090fd-x86-gen-cpuid-syntax.patch New: 662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch 663090fd-x86-gen-cpuid-syntax.patch 663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch New: 663090fd-x86-gen-cpuid-syntax.patch 663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch 663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch New: 663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch 663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch 663d05b5-x86-ucode-distinguish-up-to-date.patch New: 663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch 663d05b5-x86-ucode-distinguish-up-to-date.patch 663eaa27-libxl-XenStore-error-handling-in-device-creation.patch New: 663d05b5-x86-ucode-distinguish-up-to-date.patch 663eaa27-libxl-XenStore-error-handling-in-device-creation.patch BETA DEBUG END: Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.FLYKYP/_old 2024-05-23 15:34:36.198185188 +0200 +++ /var/tmp/diff_new_pack.FLYKYP/_new 2024-05-23 15:34:36.198185188 +0200 @@ -119,7 +119,7 @@ %endif Provides: installhint(reboot-needed) -Version:4.18.2_02 +Version:4.18.2_04 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -154,6 +154,16 @@ # For xen-libs Source99: baselibs.conf # Upstream patches +Patch1: 6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch +Patch2: 6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch +Patch3: 6627a5fc-x86-MTRR-inverted-WC-check.patch +Patch4: 662a6a4c-x86-spec-reporting-of-BHB-clearing.patch +Patch5: 662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch +Patch6: 663090fd-x86-gen-cpuid-syntax.patch +Patch7: 663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch +Patch8: 663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch +Patch9: 663d05b5-x86-ucode-distinguish-up-to-date.patch +Patch10:663eaa27-libxl-XenStore-error-handling-in-device-creation.patch # EMBARGOED security fixes # libxc Patch301:
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2024-03-26 19:24:44 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.1905 (New) Package is "xen" Tue Mar 26 19:24:44 2024 rev:342 rq:1162273 version:4.18.1_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2024-03-03 20:19:52.671038480 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.1905/xen.changes2024-03-26 19:25:36.845299673 +0100 @@ -1,0 +2,37 @@ +Mon Mar 25 15:30:00 CET 2024 - jbeul...@suse.com + +- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative + Race Conditions (XSA-453) + 65f83951-x86-mm-use-block_lock_speculation-in.patch + +--- +Fri Mar 15 10:11:56 MDT 2024 - carn...@suse.com + +- Update to Xen 4.18.1 bug fix release (bsc#1027519) + xen-4.18.1-testing-src.tar.bz2 + * No upstream changelog found in sources or webpage +- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data + Sampling (XSA-452) +- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative + Race Conditions (XSA-453) +- Dropped patches included in new tarball + 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch + 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch + 655b2ba9-fix-sched_move_domain.patch + 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch + 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch + 656ee5e1-x86emul-avoid-triggering-event-assertions.patch + 656ee602-cpupool-adding-offline-CPU.patch + 656ee6c3-domain_create-error-path.patch + 6571ca95-fix-sched_move_domain.patch + 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch + 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch + 65a7a0a4-x86-Intel-GPCC-setup.patch + 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch + 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch + 65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch + 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch + 65b8f9ab-VT-d-else-vs-endif-misplacement.patch + xsa451.patch + +--- Old: 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch 655b2ba9-fix-sched_move_domain.patch 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch 656ee5e1-x86emul-avoid-triggering-event-assertions.patch 656ee602-cpupool-adding-offline-CPU.patch 656ee6c3-domain_create-error-path.patch 6571ca95-fix-sched_move_domain.patch 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch 65a7a0a4-x86-Intel-GPCC-setup.patch 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch 65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch 65b8f9ab-VT-d-else-vs-endif-misplacement.patch xen-4.18.0-testing-src.tar.bz2 xsa451.patch New: 65f83951-x86-mm-use-block_lock_speculation-in.patch xen-4.18.1-testing-src.tar.bz2 BETA DEBUG BEGIN: Old:- Dropped patches included in new tarball 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch Old: 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch 655b2ba9-fix-sched_move_domain.patch Old: 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch 655b2ba9-fix-sched_move_domain.patch 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch Old: 655b2ba9-fix-sched_move_domain.patch 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch Old: 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch 656ee5e1-x86emul-avoid-triggering-event-assertions.patch Old: 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch 656ee5e1-x86emul-avoid-triggering-event-assertions.patch 656ee602-cpupool-adding-offline-CPU.patch Old: 656ee5e1-x86emul-avoid-triggering-event-assertions.patch 656ee602-cpupool-adding-offline-CPU.patch 656ee6c3-domain_create-error-path.patch Old: 656ee602-cpupool-adding-offline-CPU.patch 656ee6c3-domain_create-error-path.patch 6571ca95-fix-sched_move_domain.patch Old: 656ee6c3-domain_create-error-path.patch 6571ca95-fix-sched_move_domain.patch 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch Old: 6571ca95-fix-sched_move_domain.patch 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2024-03-03 20:19:26
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1770 (New)
Package is "xen"
Sun Mar 3 20:19:26 2024 rev:341 rq:1154130 version:4.18.0_06
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2024-02-02 15:45:11.664180648
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.1770/xen.changes2024-03-03
20:19:52.671038480 +0100
@@ -1,0 +2,7 @@
+Tue Feb 13 09:35:57 MST 2024 - carn...@suse.com
+
+- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
+ exceptions from emulation stubs (XSA-451)
+ xsa451.patch
+
+---
New:
xsa451.patch
BETA DEBUG BEGIN:
New: exceptions from emulation stubs (XSA-451)
xsa451.patch
BETA DEBUG END:
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.dloRA8/_old 2024-03-03 20:19:54.159092313 +0100
+++ /var/tmp/diff_new_pack.dloRA8/_new 2024-03-03 20:19:54.159092313 +0100
@@ -172,6 +172,7 @@
Patch16:65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
Patch17:65b8f9ab-VT-d-else-vs-endif-misplacement.patch
# EMBARGOED security fixes
+Patch100: xsa451.patch
# libxc
Patch301: libxc-bitmap-long.patch
Patch302: libxc-sr-xl-migration-debug.patch
++ xsa451.patch ++
From: Jan Beulich
Subject: x86: account for shadow stack in exception-from-stub recovery
Dealing with exceptions raised from within emulation stubs involves
discarding return address (replaced by exception related information).
Such discarding of course also requires removing the corresponding entry
from the shadow stack.
Also amend the comment in fixup_exception_return(), to further clarify
why use of ptr[1] can't be an out-of-bounds access.
While touching do_invalid_op() also add a missing fall-through
annotation.
This is CVE-2023-46841 / XSA-451.
Fixes: 209fb9919b50 ("x86/extable: Adjust extable handling to be shadow stack
compatible")
Signed-off-by: Jan Beulich
Reviewed-by: Andrew Cooper
--- a/xen/arch/x86/extable.c
+++ b/xen/arch/x86/extable.c
@@ -86,26 +86,29 @@ search_one_extable(const struct exceptio
}
unsigned long
-search_exception_table(const struct cpu_user_regs *regs)
+search_exception_table(const struct cpu_user_regs *regs, unsigned long
*stub_ra)
{
const struct virtual_region *region = find_text_region(regs->rip);
unsigned long stub = this_cpu(stubs.addr);
if ( region && region->ex )
+{
+*stub_ra = 0;
return search_one_extable(region->ex, region->ex_end, regs->rip);
+}
if ( regs->rip >= stub + STUB_BUF_SIZE / 2 &&
regs->rip < stub + STUB_BUF_SIZE &&
regs->rsp > (unsigned long)regs &&
regs->rsp < (unsigned long)get_cpu_info() )
{
-unsigned long retptr = *(unsigned long *)regs->rsp;
+unsigned long retaddr = *(unsigned long *)regs->rsp, fixup;
-region = find_text_region(retptr);
-retptr = region && region->ex
- ? search_one_extable(region->ex, region->ex_end, retptr)
- : 0;
-if ( retptr )
+region = find_text_region(retaddr);
+fixup = region && region->ex
+? search_one_extable(region->ex, region->ex_end, retaddr)
+: 0;
+if ( fixup )
{
/*
* Put trap number and error code on the stack (in place of the
@@ -117,7 +120,8 @@ search_exception_table(const struct cpu_
};
*(unsigned long *)regs->rsp = token.raw;
-return retptr;
+*stub_ra = retaddr;
+return fixup;
}
}
--- a/xen/arch/x86/include/asm/uaccess.h
+++ b/xen/arch/x86/include/asm/uaccess.h
@@ -421,7 +421,8 @@ union stub_exception_token {
unsigned long raw;
};
-extern unsigned long search_exception_table(const struct cpu_user_regs *regs);
+extern unsigned long search_exception_table(const struct cpu_user_regs *regs,
+unsigned long *stub_ra);
extern void sort_exception_tables(void);
extern void sort_exception_table(struct exception_table_entry *start,
const struct exception_table_entry *stop);
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -845,7 +845,7 @@ void do_unhandled_trap(struct cpu_user_r
}
static void fixup_exception_return(struct cpu_user_regs *regs,
- unsigned long fixup)
+ unsigned long fixup, unsigned long stub_ra)
{
if (
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2023-09-22 21:47:14
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1770 (New)
Package is "xen"
Fri Sep 22 21:47:14 2023 rev:336 rq:1112599 version:4.17.2_04
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2023-08-11 15:55:25.499724005
+0200
+++ /work/SRC/openSUSE:Factory/.xen.new.1770/xen.changes2023-09-22
21:48:15.474698284 +0200
@@ -1,0 +2,30 @@
+Mon Sep 18 11:36:39 MDT 2023 - carn...@suse.com
+
+- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
+ execution leak via division by zero (XSA-439)
+ xsa439-00.patch
+ xsa439-01.patch
+ xsa439-02.patch
+ xsa439-03.patch
+ xsa439-04.patch
+ xsa439-05.patch
+ xsa439-06.patch
+ xsa439-07.patch
+ xsa439-08.patch
+ xsa439-09.patch
+
+---
+Fri Sep 8 10:10:18 MDT 2023 - carn...@suse.com
+
+- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
+ reference dropped too early for 64-bit PV guests (XSA-438)
+ xsa438.patch
+
+---
+Sun Aug 13 13:13:13 UTC 2023 - oher...@suse.de
+
+- Handle potential unaligned access to bitmap in
+ libxc-sr-restore-hvm-legacy-superpage.patch
+ If setting BITS_PER_LONG at once, the initial bit must be aligned
+
+---
New:
xsa438.patch
xsa439-00.patch
xsa439-01.patch
xsa439-02.patch
xsa439-03.patch
xsa439-04.patch
xsa439-05.patch
xsa439-06.patch
xsa439-07.patch
xsa439-08.patch
xsa439-09.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.sat1Rp/_old 2023-09-22 21:48:22.502953429 +0200
+++ /var/tmp/diff_new_pack.sat1Rp/_new 2023-09-22 21:48:22.506953574 +0200
@@ -119,7 +119,7 @@
%endif
Provides: installhint(reboot-needed)
-Version:4.17.2_02
+Version:4.17.2_04
Release:0
Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License:GPL-2.0-only
@@ -160,6 +160,17 @@
Patch3: 643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch
Patch4: 6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
Patch5: 64d33a57-libxenstat-Linux-nul-terminate-string.patch
+Patch9: xsa438.patch
+Patch10:xsa439-00.patch
+Patch11:xsa439-01.patch
+Patch12:xsa439-02.patch
+Patch13:xsa439-03.patch
+Patch14:xsa439-04.patch
+Patch15:xsa439-05.patch
+Patch16:xsa439-06.patch
+Patch17:xsa439-07.patch
+Patch18:xsa439-08.patch
+Patch19:xsa439-09.patch
# EMBARGOED security fixes
# libxc
Patch301: libxc-bitmap-long.patch
++ libxc-sr-restore-hvm-legacy-superpage.patch ++
--- /var/tmp/diff_new_pack.sat1Rp/_old 2023-09-22 21:48:22.678959819 +0200
+++ /var/tmp/diff_new_pack.sat1Rp/_new 2023-09-22 21:48:22.678959819 +0200
@@ -438,7 +438,7 @@
+return -1;
+
+do {
-+if ( sp.count >= BITS_PER_LONG ) {
++if ( sp.count >= BITS_PER_LONG && (sp.count % BITS_PER_LONG) == 0 ) {
+sp.count -= BITS_PER_LONG;
+ctx->restore.tot_pages += BITS_PER_LONG;
+pfn_set_long_allocated(ctx, sp.base_pfn + sp.count);
++ xsa438.patch ++
From: Jan Beulich
Subject: x86/shadow: defer releasing of PV's top-level shadow reference
sh_set_toplevel_shadow() re-pinning the top-level shadow we may be
running on is not enough (and at the same time unnecessary when the
shadow isn't what we're running on): That shadow becomes eligible for
blowing away (from e.g. shadow_prealloc()) immediately after the
paging lock was dropped. Yet it needs to remain valid until the actual
page table switch occurred.
Propagate up the call chain the shadow entry that needs releasing
eventually, and carry out the release immediately after switching page
tables. Handle update_cr3() failures by switching to idle pagetables.
Note that various further uses of update_cr3() are HVM-only or only act
on paused vCPU-s, in which case sh_set_toplevel_shadow() will not defer
releasing of the reference.
While changing the update_cr3() hook, also convert the "do_locking"
parameter to boolean.
This is CVE-2023-34322 / XSA-438.
Signed-off-by: Jan Beulich
Reviewed-by: George Dunlap
--- a/xen/arch/x86/include/asm/mm.h
+++ b/xen/arch/x86/include/asm/mm.h
@@ -552,7 +552,7 @@ void audit_domains(void);
#endif
void make_cr3(struct vcpu *v, mfn_t mfn);
-void update_cr3(struct vcpu *v);
+pagetable_t update_cr3(struct vcpu *v);
int vcpu_destroy_pagetables(struct vcpu *);
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2023-08-11 15:55:17 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.11712 (New) Package is "xen" Fri Aug 11 15:55:17 2023 rev:335 rq:1103355 version:4.17.2_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2023-08-06 16:29:30.279675762 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.11712/xen.changes 2023-08-11 15:55:25.499724005 +0200 @@ -1,0 +2,32 @@ +Thu Aug 10 11:10:00 CEST 2023 - jbeul...@suse.com + +- bsc#1212684 - xentop fails with long interface name + 64d33a57-libxenstat-Linux-nul-terminate-string.patch + +--- +Tue Aug 8 11:36:00 MDT 2023 - carn...@suse.com + +- Update to Xen 4.17.2 bug fix release (bsc#1027519) + xen-4.17.2-testing-src.tar.bz2 + * No upstream changelog found in sources or webpage +- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative + Return Stack Overflow (XSA-434) +- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data + Sampling (XSA-435) +- Dropped patches contained in new tarball + 64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch + 645dec48-AMD-IOMMU-assert-boolean-enum.patch + 64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch + 646b782b-PCI-pci_get_pdev-respect-segment.patch + 647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch + 648863fc-AMD-IOMMU-Invalidate-All-check.patch + 64bea1b2-x86-AMD-Zenbleed.patch + +--- +Tue Aug 1 11:11:11 UTC 2023 - oher...@suse.de + +- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch + A bit is an index in bitmap, while bits is the allocated size + of the bitmap. + +--- Old: 64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch 645dec48-AMD-IOMMU-assert-boolean-enum.patch 64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch 646b782b-PCI-pci_get_pdev-respect-segment.patch 647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch 648863fc-AMD-IOMMU-Invalidate-All-check.patch 64bea1b2-x86-AMD-Zenbleed.patch xen-4.17.1-testing-src.tar.bz2 New: 64d33a57-libxenstat-Linux-nul-terminate-string.patch xen-4.17.2-testing-src.tar.bz2 Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.HwViuV/_old 2023-08-11 15:55:26.979732824 +0200 +++ /var/tmp/diff_new_pack.HwViuV/_new 2023-08-11 15:55:26.983732848 +0200 @@ -28,7 +28,7 @@ Name: xen ExclusiveArch: %ix86 x86_64 aarch64 -%define xen_build_dir xen-4.17.1-testing +%define xen_build_dir xen-4.17.2-testing # %define with_gdbsx 0 %define with_dom0_support 0 @@ -119,12 +119,12 @@ %endif Provides: installhint(reboot-needed) -Version:4.17.1_06 +Version:4.17.2_02 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only Group: System/Kernel -Source0:xen-4.17.1-testing-src.tar.bz2 +Source0:xen-4.17.2-testing-src.tar.bz2 Source1:stubdom.tar.bz2 Source2:mini-os.tar.bz2 Source3:xen-utils-0.1.tar.bz2 @@ -159,13 +159,7 @@ Patch2: 643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch Patch3: 643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch Patch4: 6447a8fd-x86-EFI-permit-crash-dump-analysis.patch -Patch5: 64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch -Patch6: 645dec48-AMD-IOMMU-assert-boolean-enum.patch -Patch7: 64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch -Patch8: 646b782b-PCI-pci_get_pdev-respect-segment.patch -Patch9: 647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch -Patch10:648863fc-AMD-IOMMU-Invalidate-All-check.patch -Patch11:64bea1b2-x86-AMD-Zenbleed.patch +Patch5: 64d33a57-libxenstat-Linux-nul-terminate-string.patch # EMBARGOED security fixes # libxc Patch301: libxc-bitmap-long.patch ++ 6447a8fd-x86-EFI-permit-crash-dump-analysis.patch ++ --- /var/tmp/diff_new_pack.HwViuV/_old 2023-08-11 15:55:27.019733062 +0200 +++ /var/tmp/diff_new_pack.HwViuV/_new 2023-08-11 15:55:27.023733086 +0200 @@ -52,7 +52,7 @@ rm -f cppcheck-misra.* xen-cppcheck.xml --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile -@@ -224,6 +224,9 @@ endif +@@ -225,6 +225,9 @@ endif $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(orphan-handling-y) $(note_file_option) -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2023-08-06 16:29:24
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.22712 (New)
Package is "xen"
Sun Aug 6 16:29:24 2023 rev:334 rq:1102421 version:4.17.1_06
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2023-07-09 20:42:51.694040301
+0200
+++ /work/SRC/openSUSE:Factory/.xen.new.22712/xen.changes 2023-08-06
16:29:30.279675762 +0200
@@ -1,0 +2,14 @@
+Fri Jul 28 15:15:15 UTC 2023 - oher...@suse.de
+
+- Add more debug to libxc-sr-track-migration-time.patch
+ This is supposed to help with doing the math in case xl restore
+ fails with ERANGE as reported in bug#1209311
+
+---
+Tue Jul 25 10:44:08 MDT 2023 - carn...@suse.com
+
+- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed
+ (XSA-433)
+ 64bea1b2-x86-AMD-Zenbleed.patch
+
+---
New:
64bea1b2-x86-AMD-Zenbleed.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.KPhJ4Z/_old 2023-08-06 16:29:31.775685344 +0200
+++ /var/tmp/diff_new_pack.KPhJ4Z/_new 2023-08-06 16:29:31.779685370 +0200
@@ -165,6 +165,7 @@
Patch8: 646b782b-PCI-pci_get_pdev-respect-segment.patch
Patch9: 647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
Patch10:648863fc-AMD-IOMMU-Invalidate-All-check.patch
+Patch11:64bea1b2-x86-AMD-Zenbleed.patch
# EMBARGOED security fixes
# libxc
Patch301: libxc-bitmap-long.patch
++ 64bea1b2-x86-AMD-Zenbleed.patch ++
# Commit f91c5ea970675637721bb7f18adaa189837eb783
# Date 2023-07-24 17:07:14 +0100
# Author Andrew Cooper
# Committer Andrew Cooper
x86/amd: Mitigations for Zenbleed
Zenbleed is a malfunction on AMD Zen2 uarch parts which results in corruption
of the vector registers. An attacker can trigger this bug deliberately in
order to access stale data in the physical vector register file. This can
include data from sibling threads, or a higher-privilege context.
Microcode is the preferred mitigation but in the case that's not available use
the chickenbit as instructed by AMD. Re-evaluate the mitigation on late
microcode load too.
This is XSA-433 / CVE-2023-20593.
Signed-off-by: Andrew Cooper
Acked-by: Roger Pau Monné
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -13,6 +13,7 @@
#include
#include
#include
+#include
#include "cpu.h"
@@ -878,6 +879,72 @@ void __init detect_zen2_null_seg_behavio
}
+void amd_check_zenbleed(void)
+{
+ const struct cpu_signature *sig = _cpu(cpu_sig);
+ unsigned int good_rev, chickenbit = (1 << 9);
+ uint64_t val, old_val;
+
+ /*
+* If we're virtualised, we can't do family/model checks safely, and
+* we likely wouldn't have access to DE_CFG even if we could see a
+* microcode revision.
+*
+* A hypervisor may hide AVX as a stopgap mitigation. We're not in a
+* position to care either way. An admin doesn't want to be disabling
+* AVX as a mitigation on any build of Xen with this logic present.
+*/
+ if (cpu_has_hypervisor || boot_cpu_data.x86 != 0x17)
+ return;
+
+ switch (boot_cpu_data.x86_model) {
+ case 0x30 ... 0x3f: good_rev = 0x0830107a; break;
+ case 0x60 ... 0x67: good_rev = 0x0860010b; break;
+ case 0x68 ... 0x6f: good_rev = 0x08608105; break;
+ case 0x70 ... 0x7f: good_rev = 0x08701032; break;
+ case 0xa0 ... 0xaf: good_rev = 0x08a8; break;
+ default:
+ /*
+* With the Fam17h check above, parts getting here are Zen1.
+* They're not affected.
+*/
+ return;
+ }
+
+ rdmsrl(MSR_AMD64_DE_CFG, val);
+ old_val = val;
+
+ /*
+* Microcode is the preferred mitigation, in terms of performance.
+* However, without microcode, this chickenbit (specific to the Zen2
+* uarch) disables Floating Point Mov-Elimination to mitigate the
+* issue.
+*/
+ val &= ~chickenbit;
+ if (sig->rev < good_rev)
+ val |= chickenbit;
+
+ if (val == old_val)
+ /* Nothing to change. */
+ return;
+
+ /*
+* DE_CFG is a Core-scoped MSR, and this write is racy during late
+* microcode load. However, both threads calculate the new value from
+* state which is shared, and unrelated to the old value, so the
+* result should be consistent.
+*/
+
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2023-07-09 20:40:46
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.23466 (New)
Package is "xen"
Sun Jul 9 20:40:46 2023 rev:333 rq:1097441 version:4.17.1_06
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2023-05-26 20:15:37.788318570
+0200
+++ /work/SRC/openSUSE:Factory/.xen.new.23466/xen.changes 2023-07-09
20:42:51.694040301 +0200
@@ -1,0 +2,9 @@
+Thu Jul 6 13:41:00 CET 2023 - jbeul...@suse.com
+
+- Upstream bug fixes (bsc#1027519)
+ 645dec48-AMD-IOMMU-assert-boolean-enum.patch
+ 646b782b-PCI-pci_get_pdev-respect-segment.patch
+ 647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
+ 648863fc-AMD-IOMMU-Invalidate-All-check.patch
+
+---
New:
645dec48-AMD-IOMMU-assert-boolean-enum.patch
646b782b-PCI-pci_get_pdev-respect-segment.patch
647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
648863fc-AMD-IOMMU-Invalidate-All-check.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.1m0yOy/_old 2023-07-09 20:42:53.314050047 +0200
+++ /var/tmp/diff_new_pack.1m0yOy/_new 2023-07-09 20:42:53.318050071 +0200
@@ -119,7 +119,7 @@
%endif
Provides: installhint(reboot-needed)
-Version:4.17.1_04
+Version:4.17.1_06
Release:0
Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License:GPL-2.0-only
@@ -160,7 +160,11 @@
Patch3: 643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch
Patch4: 6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
Patch5: 64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch
-Patch6: 64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
+Patch6: 645dec48-AMD-IOMMU-assert-boolean-enum.patch
+Patch7: 64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
+Patch8: 646b782b-PCI-pci_get_pdev-respect-segment.patch
+Patch9: 647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
+Patch10:648863fc-AMD-IOMMU-Invalidate-All-check.patch
# EMBARGOED security fixes
# libxc
Patch301: libxc-bitmap-long.patch
++ 645dec48-AMD-IOMMU-assert-boolean-enum.patch ++
# Commit 4c507d8a6b6e8be90881a335b0a66eb28e0f7737
# Date 2023-05-12 09:35:36 +0200
# Author Roger Pau Monné
# Committer Jan Beulich
iommu/amd-vi: fix assert comparing boolean to enum
Or else when iommu_intremap is set to iommu_intremap_full the assert
triggers.
Fixes: 1ba66a870eba ('AMD/IOMMU: without XT, x2APIC needs to be forced into
physical mode')
Signed-off-by: Roger Pau Monné
Reviewed-by: Jan Beulich
--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c
+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c
@@ -240,7 +240,7 @@ static int __must_check amd_iommu_setup_
*/
if ( dte->it_root )
ASSERT(dte->int_ctl == IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED);
-ASSERT(dte->iv == iommu_intremap);
+ASSERT(dte->iv == !!iommu_intremap);
ASSERT(dte->ex == ivrs_dev->dte_allow_exclusion);
ASSERT(dte->sys_mgt == MASK_EXTR(ivrs_dev->device_flags,
ACPI_IVHD_SYSTEM_MGMT));
++ 646b782b-PCI-pci_get_pdev-respect-segment.patch ++
# Commit c7908869ac26961a3919491705e521179ad3fc0e
# Date 2023-05-22 16:11:55 +0200
# Author Roger Pau Monné
# Committer Jan Beulich
pci: fix pci_get_pdev() to always account for the segment
When a domain parameter is provided to pci_get_pdev() the search
function would match against the bdf, without taking the segment into
account.
Fix this and also account for the passed segment.
Fixes: 8cf6e0738906 ('PCI: simplify (and thus correct)
pci_get_pdev{,_by_domain}()')
Signed-off-by: Roger Pau Monné
Reviewed-by: Andrew Cooper
Reviewed-by: Jan Beulich
--- a/xen/drivers/passthrough/pci.c
+++ b/xen/drivers/passthrough/pci.c
@@ -552,7 +552,7 @@ struct pci_dev *pci_get_pdev(const struc
}
else
list_for_each_entry ( pdev, >pdev_list, domain_list )
-if ( pdev->sbdf.bdf == sbdf.bdf )
+if ( pdev->sbdf.sbdf == sbdf.sbdf )
return pdev;
return NULL;
++ 647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch ++
# Commit b35b22acb887f682efe8385b3df165220bc84c86
# Date 2023-06-05 16:11:10 +0100
# Author Alejandro Vallejo
# Committer Andrew Cooper
x86/microcode: Add missing unlock in microcode_update_helper()
microcode_update_helper() may return early while holding
cpu_add_remove_lock, hence preventing any
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2023-05-26 20:15:25
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1533 (New)
Package is "xen"
Fri May 26 20:15:25 2023 rev:332 rq:1089051 version:4.17.1_04
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2023-05-09 13:08:17.165359616
+0200
+++ /work/SRC/openSUSE:Factory/.xen.new.1533/xen.changes2023-05-26
20:15:37.788318570 +0200
@@ -1,0 +2,7 @@
+Mon May 22 07:52:57 MDT 2023 - carn...@suse.com
+
+- bsc#1211433 - VUL-0: CVE-2022-42336: xen: Mishandling of guest
+ SSBD selection on AMD hardware (XSA-431)
+ 64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
+
+---
New:
64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.cTk9Zo/_old 2023-05-26 20:15:38.928325365 +0200
+++ /var/tmp/diff_new_pack.cTk9Zo/_new 2023-05-26 20:15:38.936325413 +0200
@@ -119,7 +119,7 @@
%endif
Provides: installhint(reboot-needed)
-Version:4.17.1_02
+Version:4.17.1_04
Release:0
Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License:GPL-2.0-only
@@ -160,6 +160,7 @@
Patch3: 643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch
Patch4: 6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
Patch5: 64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch
+Patch6: 64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
# EMBARGOED security fixes
# libxc
Patch301: libxc-bitmap-long.patch
++ 64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch ++
Subject: x86/amd: fix legacy setting of SSBD on AMD Family 17h
From: Roger Pau Monné roger@citrix.com Tue May 16 17:22:35 2023 +0200
Date: Tue May 16 17:22:35 2023 +0200:
Git: 66c930ceac3989b6dc6031bfc30e1e894fc6aebe
The current logic to set SSBD on AMD Family 17h and Hygon Family 18h
processors requires that the setting of SSBD is coordinated at a core
level, as the setting is shared between threads. Logic was introduced
to keep track of how many threads require SSBD active in order to
coordinate it, such logic relies on using a per-core counter of
threads that have SSBD active.
Given the current logic, it's possible for a guest to under or
overflow the thread counter, because each write to VIRT_SPEC_CTRL.SSBD
by the guest gets propagated to the helper that does the per-core
active accounting. Overflowing the counter is not so much of an
issue, as this would just make SSBD sticky.
Underflowing however is more problematic: on non-debug Xen builds a
guest can perform empty writes to VIRT_SPEC_CTRL that would cause the
counter to underflow and thus the value gets saturated to the max
value of unsigned int. At which points attempts from any thread to
set VIRT_SPEC_CTRL.SSBD won't get propagated to the hardware anymore,
because the logic will see that the counter is greater than 1 and
assume that SSBD is already active, effectively loosing the setting
of SSBD and the protection it provides.
Fix this by introducing a per-CPU variable that keeps track of whether
the current thread has legacy SSBD active or not, and thus only
attempt to propagate the value to the hardware once the thread
selected value changes.
This is XSA-431 / CVE-2022-42336
Fixes: b2030e6730a2 ('amd/virt_ssbd: set SSBD at vCPU context switch')
Reported-by: Andrew Cooper
Signed-off-by: Roger Pau Monné
Reviewed-by: Jan Beulich
master commit: eda98ea870803ea204a1928519b3f21ec6a679b6
master date: 2023-05-16 17:17:24 +0200
diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c
index 1ddb55cbe5..b6a20d375a 100644
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -783,12 +783,23 @@ bool __init amd_setup_legacy_ssbd(void)
return true;
}
+/*
+ * legacy_ssbd is always initialized to false because when SSBD is set
+ * from the command line guest attempts to change it are a no-op (see
+ * amd_set_legacy_ssbd()), whereas when SSBD is inactive hardware will
+ * be forced into that mode (see amd_init_ssbd()).
+ */
+static DEFINE_PER_CPU(bool, legacy_ssbd);
+
+/* Must be called only when the SSBD setting needs toggling. */
static void core_set_legacy_ssbd(bool enable)
{
const struct cpuinfo_x86 *c = _cpu_data;
struct ssbd_ls_cfg *status;
unsigned long flags;
+ BUG_ON(this_cpu(legacy_ssbd) == enable);
+
if ((c->x86 != 0x17 && c->x86 != 0x18) || c->x86_num_siblings <= 1) {
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2023-05-09 13:08:08 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.1533 (New) Package is "xen" Tue May 9 13:08:08 2023 rev:331 rq:1085553 version:4.17.1_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2023-04-01 23:26:56.439318701 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.1533/xen.changes2023-05-09 13:08:17.165359616 +0200 @@ -1,0 +2,57 @@ +Thu May 4 11:22:27 MDT 2023 - carn...@suse.com + +- bsc#1210570 - gcc-13 realloc use-after-free analysis error + 64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch + +--- +Fri Apr 28 14:53:15 MDT 2023 - carn...@suse.com + +- bsc#1209237 - xen-syms doesn't contain debug-info + 643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch + 643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch + 6447a8fd-x86-EFI-permit-crash-dump-analysis.patch + +--- +Thu Apr 27 11:40:25 MDT 2023 - carn...@suse.com + +- Update to Xen 4.17.1 bug fix release (bsc#1027519) + xen-4.17.1-testing-src.tar.bz2 + * No upstream changelog found in sources or webpage +- Dropped patches contained in new tarball + 63a03b73-VMX-VMExit-based-BusLock-detection.patch + 63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch + 63a03bce-VMX-Notify-VMExit.patch + 63a03e28-x86-high-freq-TSC-overflow.patch + 63c05478-VMX-calculate-model-specific-LBRs-once.patch + 63c05478-VMX-support-CPUs-without-model-specific-LBR.patch + 63d24e91-tools-xenstore-revert-simplify-loop-handling.patch + 63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch + 63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch + 63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch + 63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch + 63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch + 640f3035-x86-altp2m-help-gcc13.patch + 641041e8-VT-d-constrain-IGD-check.patch + 64104238-bunzip-gcc13.patch + 6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch + 64199e0c-x86-shadow-account-for-log-dirty-mode.patch + 64199e0d-x86-HVM-bound-number-of-pca-regions.patch + 64199e0e-x86-HVM-serialize-pca-list-manipulation.patch + 64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch + libxl.fix-guest-kexec-skip-cpuid-policy.patch + xsa430.patch + +--- +Tue Apr 11 09:36:33 MDT 2023 - carn...@suse.com + +- bsc#1210315 - VUL-0: CVE-2022-42335: xen: x86 shadow paging + arbitrary pointer dereference (XSA-430) + xsa430.patch + +--- +Fri Mar 31 11:02:49 MDT 2023 - carn...@suse.com + +- Not building the shim is correctly handled by --disable-pvshim + Drop disable-building-pv-shim.patch + +--- Old: 63a03b73-VMX-VMExit-based-BusLock-detection.patch 63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch 63a03bce-VMX-Notify-VMExit.patch 63a03e28-x86-high-freq-TSC-overflow.patch 63c05478-VMX-calculate-model-specific-LBRs-once.patch 63c05478-VMX-support-CPUs-without-model-specific-LBR.patch 63d24e91-tools-xenstore-revert-simplify-loop-handling.patch 63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch 63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch 63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch 63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch 63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch 640f3035-x86-altp2m-help-gcc13.patch 641041e8-VT-d-constrain-IGD-check.patch 64104238-bunzip-gcc13.patch 6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch 64199e0c-x86-shadow-account-for-log-dirty-mode.patch 64199e0d-x86-HVM-bound-number-of-pca-regions.patch 64199e0e-x86-HVM-serialize-pca-list-manipulation.patch 64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch disable-building-pv-shim.patch libxl.fix-guest-kexec-skip-cpuid-policy.patch xen-4.17.0-testing-src.tar.bz2 New: 643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch 643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch 6447a8fd-x86-EFI-permit-crash-dump-analysis.patch 64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch xen-4.17.1-testing-src.tar.bz2 Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.U87ehu/_old 2023-05-09 13:08:19.381372805 +0200 +++ /var/tmp/diff_new_pack.U87ehu/_new 2023-05-09 13:08:19.385372829 +0200 @@ -28,7 +28,7 @@ Name: xen ExclusiveArch: %ix86 x86_64 aarch64 -%define
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2023-04-01 23:26:54 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.9019 (New) Package is "xen" Sat Apr 1 23:26:54 2023 rev:330 rq:1075603 version:4.17.0_06 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2023-03-11 18:23:12.274619379 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.9019/xen.changes2023-04-01 23:26:56.439318701 +0200 @@ -1,0 +2,48 @@ +Thu Mar 23 08:10:00 CET 2023 - jbeul...@suse.com + +- Upstream bug fixes (bsc#1027519) + 63a03b73-VMX-VMExit-based-BusLock-detection.patch + 63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch + 63a03bce-VMX-Notify-VMExit.patch + 63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch + 63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch + 63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch + 63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch + 641041e8-VT-d-constrain-IGD-check.patch + 6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch +- Use "proper" upstream backports: + 640f3035-x86-altp2m-help-gcc13.patch + 64104238-bunzip-gcc13.patch + 64199e0c-x86-shadow-account-for-log-dirty-mode.patch + 64199e0d-x86-HVM-bound-number-of-pca-regions.patch + 64199e0e-x86-HVM-serialize-pca-list-manipulation.patch + 64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch +- ... in place of: + bunzip-gcc13.patch + altp2m-gcc13.patch + xsa427.patch + xsa428-1.patch + xsa428-2.patch + xsa429.patch + +--- +Thu Mar 16 08:08:08 UTC 2023 - oher...@suse.de + +- bsc#1209245 - fix host-assisted kexec/kdump for HVM domUs + libxl.fix-guest-kexec-skip-cpuid-policy.patch + +--- +Tue Mar 7 10:44:12 MST 2023 - carn...@suse.com + +- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus + log-dirty mode use-after-free (XSA-427) + xsa427.patch +- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM + pinned cache attributes mis-handling (XSA-428) + xsa428-1.patch + xsa428-2.patch +- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative + vulnerability in 32bit SYSCALL path (XSA-429) + xsa429.patch + +--- Old: altp2m-gcc13.patch bunzip-gcc13.patch New: 63a03b73-VMX-VMExit-based-BusLock-detection.patch 63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch 63a03bce-VMX-Notify-VMExit.patch 63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch 63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch 63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch 63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch 640f3035-x86-altp2m-help-gcc13.patch 641041e8-VT-d-constrain-IGD-check.patch 64104238-bunzip-gcc13.patch 6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch 64199e0c-x86-shadow-account-for-log-dirty-mode.patch 64199e0d-x86-HVM-bound-number-of-pca-regions.patch 64199e0e-x86-HVM-serialize-pca-list-manipulation.patch 64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch libxl.fix-guest-kexec-skip-cpuid-policy.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.p2IWAX/_old 2023-04-01 23:26:58.367328836 +0200 +++ /var/tmp/diff_new_pack.p2IWAX/_new 2023-04-01 23:26:58.375328878 +0200 @@ -119,7 +119,7 @@ %endif Provides: installhint(reboot-needed) -Version:4.17.0_04 +Version:4.17.0_06 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -155,12 +155,27 @@ # For xen-libs Source99: baselibs.conf # Upstream patches -Patch1: 63a03e28-x86-high-freq-TSC-overflow.patch -Patch2: 63c05478-VMX-calculate-model-specific-LBRs-once.patch -Patch3: 63c05478-VMX-support-CPUs-without-model-specific-LBR.patch -Patch4: 63d24e91-tools-xenstore-revert-simplify-loop-handling.patch -Patch5: 63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch -Patch6: 63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch +Patch1: 63a03b73-VMX-VMExit-based-BusLock-detection.patch +Patch2: 63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch +Patch3: 63a03bce-VMX-Notify-VMExit.patch +Patch4: 63a03e28-x86-high-freq-TSC-overflow.patch +Patch5: 63c05478-VMX-calculate-model-specific-LBRs-once.patch +Patch6: 63c05478-VMX-support-CPUs-without-model-specific-LBR.patch +Patch7: 63d24e91-tools-xenstore-revert-simplify-loop-handling.patch +Patch8:
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2023-03-11 18:23:10
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.31432 (New)
Package is "xen"
Sat Mar 11 18:23:10 2023 rev:329 rq:1070523 version:4.17.0_04
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2023-03-02 23:03:15.903323840
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.31432/xen.changes 2023-03-11
18:23:12.274619379 +0100
@@ -1,0 +2,8 @@
+Thu Mar 2 10:33:46 MST 2023 - carn...@suse.com
+
+- bsc#1208736 - GCC 13: xen package fails
+ bunzip-gcc13.patch
+ altp2m-gcc13.patch
+- Drop gcc13-fixes.patch
+
+---
Old:
gcc13-fixes.patch
New:
altp2m-gcc13.patch
bunzip-gcc13.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.JuKbCg/_old 2023-03-11 18:23:13.814627404 +0100
+++ /var/tmp/diff_new_pack.JuKbCg/_new 2023-03-11 18:23:13.814627404 +0100
@@ -207,7 +207,8 @@
# Needs to go upstream
Patch420: suspend_evtchn_lock.patch
Patch421: vif-route.patch
-Patch422: gcc13-fixes.patch
+Patch422: bunzip-gcc13.patch
+Patch423: altp2m-gcc13.patch
# Other bug fixes or features
Patch450: xen.sysconfig-fillup.patch
Patch451: xenconsole-no-multiple-connections.patch
++ altp2m-gcc13.patch ++
x86/altp2m: help gcc13 to avoid it emitting a warning
Switches of altp2m-s always expect a valid altp2m to be in place (and
indeed altp2m_vcpu_initialise() sets the active one to be at index 0).
The compiler, however, cannot know that, and hence it cannot eliminate
p2m_get_altp2m()'s case of returnin (literal) NULL. If then the compiler
decides to special case that code path, the dereference in instances of
atomic_dec(_get_altp2m(v)->active_vcpus);
will, to the code generator, appear to be NULL dereferences, leading to
In function 'atomic_dec',
inlined from '...' at ...:
./arch/x86/include/asm/atomic.h:182:5: error: array subscript 0 is outside
array bounds of 'int[0]' [-Werror=array-bounds=]
Aid the compiler by adding a BUG_ON() checking the return value of the
problematic p2m_get_altp2m(). Since with the use of the local variable
the 2nd p2m_get_altp2m() each will look questionable at the first glance
(Why is the local variable not used here?), open-code the only relevant
piece of p2m_get_altp2m() there.
To avoid repeatedly doing these transformations, and also to limit how
"bad" the open-coding really is, convert the entire operation to an
inline helper, used by all three instances (and accepting the redundant
BUG_ON(idx >= MAX_ALTP2M) in two of the three cases).
Reported-by: Charles Arnold
Signed-off-by: Jan Beulich
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -4063,13 +4063,7 @@ void vmx_vmexit_handler(struct cpu_user_
}
}
-if ( idx != vcpu_altp2m(v).p2midx )
-{
-BUG_ON(idx >= MAX_ALTP2M);
-atomic_dec(_get_altp2m(v)->active_vcpus);
-vcpu_altp2m(v).p2midx = idx;
-atomic_inc(_get_altp2m(v)->active_vcpus);
-}
+p2m_set_altp2m(v, idx);
}
if ( unlikely(currd->arch.monitor.vmexit_enabled) )
--- a/xen/arch/x86/include/asm/p2m.h
+++ b/xen/arch/x86/include/asm/p2m.h
@@ -879,6 +879,26 @@ static inline struct p2m_domain *p2m_get
return v->domain->arch.altp2m_p2m[index];
}
+/* set current alternate p2m table */
+static inline bool p2m_set_altp2m(struct vcpu *v, unsigned int idx)
+{
+struct p2m_domain *orig;
+
+BUG_ON(idx >= MAX_ALTP2M);
+
+if ( idx == vcpu_altp2m(v).p2midx )
+return false;
+
+orig = p2m_get_altp2m(v);
+BUG_ON(!orig);
+atomic_dec(>active_vcpus);
+
+vcpu_altp2m(v).p2midx = idx;
+atomic_inc(>domain->arch.altp2m_p2m[idx]->active_vcpus);
+
+return true;
+}
+
/* Switch alternate p2m for a single vcpu */
bool_t p2m_switch_vcpu_altp2m_by_id(struct vcpu *v, unsigned int idx);
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -1787,13 +1787,8 @@ bool_t p2m_switch_vcpu_altp2m_by_id(stru
if ( d->arch.altp2m_eptp[idx] != mfn_x(INVALID_MFN) )
{
-if ( idx != vcpu_altp2m(v).p2midx )
-{
-atomic_dec(_get_altp2m(v)->active_vcpus);
-vcpu_altp2m(v).p2midx = idx;
-atomic_inc(_get_altp2m(v)->active_vcpus);
+if ( p2m_set_altp2m(v, idx) )
altp2m_vcpu_update_p2m(v);
-}
rc = 1;
}
@@ -2070,13 +2065,8 @@ int p2m_switch_domain_altp2m_by_id(struc
if ( d->arch.altp2m_visible_eptp[idx] != mfn_x(INVALID_MFN) )
{
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2023-03-02 23:02:53
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.31432 (New)
Package is "xen"
Thu Mar 2 23:02:53 2023 rev:328 rq:1068230 version:4.17.0_04
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2023-02-19 18:18:44.289395707
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.31432/xen.changes 2023-03-02
23:03:15.903323840 +0100
@@ -1,0 +2,6 @@
+Tue Feb 28 08:56:55 MST 2023 - carn...@suse.com
+
+- bsc#1208736 - GCC 13: xen package fails
+ gcc13-fixes.patch
+
+---
New:
gcc13-fixes.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.d1G9L6/_old 2023-03-02 23:03:17.903352428 +0100
+++ /var/tmp/diff_new_pack.d1G9L6/_new 2023-03-02 23:03:17.907352485 +0100
@@ -207,6 +207,7 @@
# Needs to go upstream
Patch420: suspend_evtchn_lock.patch
Patch421: vif-route.patch
+Patch422: gcc13-fixes.patch
# Other bug fixes or features
Patch450: xen.sysconfig-fillup.patch
Patch451: xenconsole-no-multiple-connections.patch
++ gcc13-fixes.patch ++
References: bsc#1208736
common/bunzip2.c: In function 'get_next_block':
common/bunzip2.c:261:41: error: 'length' may be used uninitialized
[-Werror=maybe-uninitialized]
261 | minLen = maxLen = length[0];
| ~~^~~
common/bunzip2.c:224:31: note: 'length' declared here
224 | unsigned char length[MAX_SYMBOLS],
temp[MAX_HUFCODE_BITS+1];
| ^~
In function 'atomic_dec',
inlined from 'vmx_vmexit_handler' at arch/x86/hvm/vmx/vmx.c:4069:13:
./arch/x86/include/asm/atomic.h:182:5: error: array subscript 0 is outside
array bounds of 'int[0]' [-Werror=array-bounds=]
182 | asm volatile (
| ^~~
In function 'vmx_vmexit_handler':
cc1: note: source object is likely at address zero
In function 'atomic_dec',
inlined from 'p2m_switch_vcpu_altp2m_by_id' at arch/x86/mm/p2m.c:1792:13:
./arch/x86/include/asm/atomic.h:182:5: error: array subscript 0 is outside
array bounds of 'int[0]' [-Werror=array-bounds=]
182 | asm volatile (
| ^~~
In function 'p2m_switch_vcpu_altp2m_by_id':
cc1: note: source object is likely at address zero
--- xen-4.17.0-testing/xen/common/bunzip2.c.orig2023-02-28
08:51:03.301930999 -0700
+++ xen-4.17.0-testing/xen/common/bunzip2.c 2023-02-28 08:53:52.865925508
-0700
@@ -142,6 +142,10 @@ static unsigned int __init get_bits(stru
return bits;
}
+#if __GNUC__ >= 13
+#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
+#endif
+
/* Unpacks the next block and sets up for the inverse burrows-wheeler step. */
static int __init get_next_block(struct bunzip_data *bd)
--- xen-4.17.0-testing/xen/arch/x86/include/asm/atomic.h.orig 2023-02-28
09:22:51.037869226 -0700
+++ xen-4.17.0-testing/xen/arch/x86/include/asm/atomic.h2023-02-28
09:23:26.261868085 -0700
@@ -177,6 +177,10 @@ static inline int atomic_inc_and_test(at
return c;
}
+#if __GNUC__ >= 12
+#pragma GCC diagnostic ignored "-Warray-bounds"
+#endif
+
static inline void atomic_dec(atomic_t *v)
{
asm volatile (
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2023-02-19 18:18:41
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.22824 (New)
Package is "xen"
Sun Feb 19 18:18:41 2023 rev:327 rq:1066241 version:4.17.0_04
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2023-02-14 16:43:06.889621005
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.22824/xen.changes 2023-02-19
18:18:44.289395707 +0100
@@ -1,0 +2,7 @@
+Wed Feb 15 11:07:08 MST 2023 - carn...@suse.com
+
+- bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return
+ Address Predictions (XSA-426)
+ 63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
+
+---
New:
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.VNeVtW/_old 2023-02-19 18:18:45.561403790 +0100
+++ /var/tmp/diff_new_pack.VNeVtW/_new 2023-02-19 18:18:45.565403815 +0100
@@ -160,6 +160,7 @@
Patch3: 63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
Patch4: 63d24e91-tools-xenstore-revert-simplify-loop-handling.patch
Patch5:
63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
+Patch6:
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
# EMBARGOED security fixes
# libxc
Patch301: libxc-bitmap-long.patch
++
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
++
Subject: x86/spec-ctrl: Mitigate Cross-Thread Return Address Predictions
From: Andrew Cooper andrew.coop...@citrix.com Thu Sep 8 21:27:58 2022 +0100
Date: Tue Feb 14 17:53:49 2023 +:
Git: 3685e754e6017c616769b28133286d06bf07b613
This is XSA-426 / CVE-2022-27672
Signed-off-by: Andrew Cooper
Reviewed-by: Jan Beulich
(cherry picked from commit 63305e5392ec2d17b85e7996a97462744425db80)
diff --git a/docs/misc/xen-command-line.pandoc
b/docs/misc/xen-command-line.pandoc
index 424b12cfb2..e7fe8b0cc9 100644
--- a/docs/misc/xen-command-line.pandoc
+++ b/docs/misc/xen-command-line.pandoc
@@ -2343,7 +2343,7 @@ guests to use.
on entry and exit. These blocks are necessary to virtualise support for
guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc.
* `rsb=` offers control over whether to overwrite the Return Stack Buffer /
- Return Address Stack on entry to Xen.
+ Return Address Stack on entry to Xen and on idle.
* `md-clear=` offers control over whether to use VERW to flush
microarchitectural buffers on idle and exit from Xen. *Note: For
compatibility with development versions of this fix, `mds=` is also accepted
diff --git a/xen/arch/x86/include/asm/cpufeatures.h
b/xen/arch/x86/include/asm/cpufeatures.h
index 865f110986..da0593de85 100644
--- a/xen/arch/x86/include/asm/cpufeatures.h
+++ b/xen/arch/x86/include/asm/cpufeatures.h
@@ -35,7 +35,8 @@ XEN_CPUFEATURE(SC_RSB_HVM,X86_SYNTH(19)) /* RSB
overwrite needed for HVM
XEN_CPUFEATURE(XEN_SELFSNOOP, X86_SYNTH(20)) /* SELFSNOOP gets used by Xen
itself */
XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on
idle */
XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR
*/
-/* Bits 23,24 unused. */
+/* Bits 23 unused. */
+XEN_CPUFEATURE(SC_RSB_IDLE, X86_SYNTH(24)) /* RSB overwrite needed for
idle. */
XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle
*/
XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks
*/
XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect
Branch Tracking */
diff --git a/xen/arch/x86/include/asm/spec_ctrl.h
b/xen/arch/x86/include/asm/spec_ctrl.h
index 6a77c39378..391973ef6a 100644
--- a/xen/arch/x86/include/asm/spec_ctrl.h
+++ b/xen/arch/x86/include/asm/spec_ctrl.h
@@ -159,6 +159,21 @@ static always_inline void spec_ctrl_enter_idle(struct
cpu_info *info)
*/
alternative_input("", "verw %[sel]", X86_FEATURE_SC_VERW_IDLE,
[sel] "m" (info->verw_sel));
+
+/*
+ * Cross-Thread Return Address Predictions:
+ *
+ * On vulnerable systems, the return predictions (RSB/RAS) are statically
+ * partitioned between active threads. When entering idle, our entries
+ * are re-partitioned to allow the other threads to use them.
+ *
+ * In some cases, we might still have guest entries in the RAS, so flush
+ * them before injecting them sideways to our sibling thread.
+ *
+ * (ab)use alternative_input() to
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2023-02-14 16:43:02
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.27156 (New)
Package is "xen"
Tue Feb 14 16:43:02 2023 rev:326 rq:1065597 version:4.17.0_04
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2023-01-27 10:23:53.489964341
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.27156/xen.changes 2023-02-14
16:43:06.889621005 +0100
@@ -1,0 +2,24 @@
+Thu Feb 9 09:56:27 MST 2023 - carn...@suse.com
+
+- bsc#1205792 - Partner-L3: launch-xenstore error messages show in
+ SLES15 SP4 xen kernel.
+ 63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
+
+---
+Mon Feb 6 12:17:00 CET 2023 - jbeul...@suse.com
+
+- bsc#1026236 - tidy/modernize patch
+ xen.bug1026236.suse_vtsc_tolerance.patch
+
+---
+Mon Feb 6 12:15:00 CET 2023 - jbeul...@suse.com
+
+- Upstream bug fixes (bsc#1027519)
+ 63c05478-VMX-calculate-model-specific-LBRs-once.patch
+ 63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
+- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause
+ Xenstore crash via soft reset (XSA-425)
+ xsa425.patch ->
+ 63d24e91-tools-xenstore-revert-simplify-loop-handling.patch
+
+---
Old:
xsa425.patch
New:
63c05478-VMX-calculate-model-specific-LBRs-once.patch
63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
63d24e91-tools-xenstore-revert-simplify-loop-handling.patch
63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.dLb4nZ/_old 2023-02-14 16:43:08.337629599 +0100
+++ /var/tmp/diff_new_pack.dLb4nZ/_new 2023-02-14 16:43:08.341629623 +0100
@@ -156,7 +156,10 @@
Source99: baselibs.conf
# Upstream patches
Patch1: 63a03e28-x86-high-freq-TSC-overflow.patch
-Patch100: xsa425.patch
+Patch2: 63c05478-VMX-calculate-model-specific-LBRs-once.patch
+Patch3: 63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
+Patch4: 63d24e91-tools-xenstore-revert-simplify-loop-handling.patch
+Patch5:
63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
# EMBARGOED security fixes
# libxc
Patch301: libxc-bitmap-long.patch
++ 63c05478-VMX-calculate-model-specific-LBRs-once.patch ++
# Commit e94af0d58f86c3a914b9cbbf4d9ed3d43b974771
# Date 2023-01-12 18:42:00 +
# Author Andrew Cooper
# Committer Andrew Cooper
x86/vmx: Calculate model-specific LBRs once at start of day
There is no point repeating this calculation at runtime, especially as it is
in the fallback path of the WRSMR/RDMSR handlers.
Move the infrastructure higher in vmx.c to avoid forward declarations,
renaming last_branch_msr_get() to get_model_specific_lbr() to highlight that
these are model-specific only.
No practical change.
Signed-off-by: Andrew Cooper
Reviewed-by: Jan Beulich
Reviewed-by: Kevin Tian
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -396,6 +396,142 @@ void vmx_pi_hooks_deassign(struct domain
domain_unpause(d);
}
+static const struct lbr_info {
+u32 base, count;
+} p4_lbr[] = {
+{ MSR_P4_LER_FROM_LIP, 1 },
+{ MSR_P4_LER_TO_LIP,1 },
+{ MSR_P4_LASTBRANCH_TOS,1 },
+{ MSR_P4_LASTBRANCH_0_FROM_LIP, NUM_MSR_P4_LASTBRANCH_FROM_TO },
+{ MSR_P4_LASTBRANCH_0_TO_LIP, NUM_MSR_P4_LASTBRANCH_FROM_TO },
+{ 0, 0 }
+}, c2_lbr[] = {
+{ MSR_IA32_LASTINTFROMIP, 1 },
+{ MSR_IA32_LASTINTTOIP, 1 },
+{ MSR_C2_LASTBRANCH_TOS,1 },
+{ MSR_C2_LASTBRANCH_0_FROM_IP, NUM_MSR_C2_LASTBRANCH_FROM_TO },
+{ MSR_C2_LASTBRANCH_0_TO_IP,NUM_MSR_C2_LASTBRANCH_FROM_TO },
+{ 0, 0 }
+}, nh_lbr[] = {
+{ MSR_IA32_LASTINTFROMIP, 1 },
+{ MSR_IA32_LASTINTTOIP, 1 },
+{ MSR_NHL_LBR_SELECT, 1 },
+{ MSR_NHL_LASTBRANCH_TOS, 1 },
+{ MSR_P4_LASTBRANCH_0_FROM_LIP, NUM_MSR_P4_LASTBRANCH_FROM_TO },
+{ MSR_P4_LASTBRANCH_0_TO_LIP, NUM_MSR_P4_LASTBRANCH_FROM_TO },
+{ 0, 0 }
+}, sk_lbr[] = {
+{ MSR_IA32_LASTINTFROMIP, 1 },
+{ MSR_IA32_LASTINTTOIP, 1 },
+{ MSR_NHL_LBR_SELECT, 1 },
+{ MSR_NHL_LASTBRANCH_TOS, 1 },
+{ MSR_SKL_LASTBRANCH_0_FROM_IP, NUM_MSR_SKL_LASTBRANCH },
+{ MSR_SKL_LASTBRANCH_0_TO_IP, NUM_MSR_SKL_LASTBRANCH },
+{ MSR_SKL_LASTBRANCH_0_INFO,NUM_MSR_SKL_LASTBRANCH
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2023-01-27 10:15:16
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.32243 (New)
Package is "xen"
Fri Jan 27 10:15:16 2023 rev:325 rq:1061070 version:4.17.0_04
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2023-01-04 18:10:43.000587609
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.32243/xen.changes 2023-01-27
10:23:53.489964341 +0100
@@ -1,0 +2,7 @@
+Wed Jan 25 10:39:54 MST 2023 - carn...@suse.com
+
+- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause
+ Xenstore crash via soft reset (XSA-425)
+ xsa425.patch
+
+---
@@ -4,0 +12,6 @@
+
+---
+Tue Dec 20 13:35:00 CET 2022 - jbeul...@suse.com
+
+- Upstream bug fixes (bsc#1027519)
+ 63a03e28-x86-high-freq-TSC-overflow.patch
New:
63a03e28-x86-high-freq-TSC-overflow.patch
xsa425.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.4Q4ydH/_old 2023-01-27 10:23:55.313974205 +0100
+++ /var/tmp/diff_new_pack.4Q4ydH/_new 2023-01-27 10:23:55.317974227 +0100
@@ -119,7 +119,7 @@
%endif
Provides: installhint(reboot-needed)
-Version:4.17.0_02
+Version:4.17.0_04
Release:0
Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License:GPL-2.0-only
@@ -155,6 +155,8 @@
# For xen-libs
Source99: baselibs.conf
# Upstream patches
+Patch1: 63a03e28-x86-high-freq-TSC-overflow.patch
+Patch100: xsa425.patch
# EMBARGOED security fixes
# libxc
Patch301: libxc-bitmap-long.patch
++ 63a03e28-x86-high-freq-TSC-overflow.patch ++
# Commit ad15a0a8ca2515d8ac58edfc0bc1d3719219cb77
# Date 2022-12-19 11:34:16 +0100
# Author Neowutran
# Committer Jan Beulich
x86/time: prevent overflow with high frequency TSCs
Make sure tsc_khz is promoted to a 64-bit type before multiplying by
1000 to avoid an 'overflow before widen' bug. Otherwise just above
4.294GHz the value will overflow. Processors with clocks this high are
now in production and require this to work correctly.
Signed-off-by: Neowutran
Reviewed-by: Jan Beulich
--- a/xen/arch/x86/time.c
+++ b/xen/arch/x86/time.c
@@ -2585,7 +2585,7 @@ int tsc_set_info(struct domain *d,
case TSC_MODE_ALWAYS_EMULATE:
d->arch.vtsc_offset = get_s_time() - elapsed_nsec;
d->arch.tsc_khz = gtsc_khz ?: cpu_khz;
-set_time_scale(>arch.vtsc_to_ns, d->arch.tsc_khz * 1000);
+set_time_scale(>arch.vtsc_to_ns, d->arch.tsc_khz * 1000UL);
/*
* In default mode use native TSC if the host has safe TSC and
++ xsa425.patch ++
From: Jason Andryuk
Subject: Revert "tools/xenstore: simplify loop handling connection I/O"
I'm observing guest kexec trigger xenstored to abort on a double free.
gdb output:
Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140645614258112) at
./nptl/pthread_kill.c:44
44./nptl/pthread_kill.c: No such file or directory.
(gdb) bt
at ./nptl/pthread_kill.c:44
at ./nptl/pthread_kill.c:78
at ./nptl/pthread_kill.c:89
at ../sysdeps/posix/raise.c:26
at talloc.c:119
ptr=ptr@entry=0x559fae724290) at talloc.c:232
at xenstored_core.c:2945
(gdb) frame 5
at talloc.c:119
119TALLOC_ABORT("Bad talloc magic value - double free");
(gdb) frame 7
at xenstored_core.c:2945
2945talloc_increase_ref_count(conn);
(gdb) p conn
$1 = (struct connection *) 0x559fae724290
Looking at a xenstore trace, we have:
IN 0x559fae71f250 20230120 17:40:53 READ (/local/domain/3/image/device-model-dom
id )
wrl: dom0 1 msec 1 credit 100 reserve100 disc
ard
wrl: dom3 1 msec 1 credit 100 reserve100 disc
ard
wrl: dom0 0 msec 1 credit 100 reserve 0 disc
ard
wrl: dom3 0 msec 1 credit 100 reserve 0 disc
ard
OUT 0x559fae71f250 20230120 17:40:53 ERROR (ENOENT )
wrl: dom0 1 msec 1 credit 100 reserve100 disc
ard
wrl: dom3 1 msec 1 credit 100 reserve100 disc
ard
IN 0x559fae71f250 20230120 17:40:53 RELEASE (3 )
DESTROY watch 0x559fae73f630
DESTROY watch 0x559fae75ddf0
DESTROY watch 0x559fae75ec30
DESTROY watch 0x559fae75ea60
DESTROY watch 0x559fae732c00
DESTROY watch 0x559fae72cea0
DESTROY watch 0x559fae728fc0
DESTROY watch 0x559fae729570
DESTROY connection 0x559fae724290
orphaned node
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2023-01-04 18:10:31
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1563 (New)
Package is "xen"
Wed Jan 4 18:10:31 2023 rev:324 rq:1046568 version:4.17.0_02
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-12-10 21:18:07.845662587
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.1563/xen.changes2023-01-04
18:10:43.000587609 +0100
@@ -1,0 +2,5 @@
+Tue Jan 3 14:10:18 UTC 2023 - Stefan Schubert
+
+- Migration of PAM settings to /usr/lib/pam.d.
+
+---
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.TokY4g/_old 2023-01-04 18:10:44.236594895 +0100
+++ /var/tmp/diff_new_pack.TokY4g/_new 2023-01-04 18:10:44.240594919 +0100
@@ -1,7 +1,7 @@
#
# spec file for package xen
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -269,6 +269,9 @@
Summary:Xen Virtualization: Control tools for domain 0
License:GPL-2.0-only
Group: System/Kernel
+%if 0%{?suse_version} > 1500
+BuildRequires: pam-devel
+%endif
%ifarch x86_64
%if 0%{?suse_version} >= 1315
Requires: grub2-x86_64-xen
@@ -825,17 +828,17 @@
mkdir -p %{buildroot}/usr/lib/supportconfig/plugins
install -m 755 %SOURCE13 %{buildroot}/usr/lib/supportconfig/plugins/xen
-# Xen API remote authentication files
-install -d %{buildroot}/etc/pam.d
-install -m644 %SOURCE30 %{buildroot}/etc/pam.d/xen-api
+# Xen API remote authentication files and Logrotate files
install -m644 %SOURCE31 %{buildroot}/etc/xen/
-
-# Logrotate
%if 0%{?suse_version} > 1500
mkdir -p %{buildroot}%{_distconfdir}/logrotate.d
install -m644 -D %SOURCE14 %{buildroot}%{_distconfdir}/logrotate.d/xen
+install -d %{buildroot}%{_pam_vendordir}
+install -m644 %SOURCE30 %{buildroot}/%{_pam_vendordir}/xen-api
%else
install -m644 -D %SOURCE14 %{buildroot}%{_sysconfdir}/logrotate.d/xen
+install -d %{buildroot}/etc/pam.d
+install -m644 %SOURCE30 %{buildroot}/etc/pam.d/xen-api
%endif
# Directories
@@ -1067,8 +1070,10 @@
%dir /var/log/xen/console
%if 0%{?suse_version} > 1500
%{_distconfdir}/logrotate.d/xen
+%{_pam_vendordir}/xen-api
%else
%config(noreplace) %{_sysconfdir}/logrotate.d/xen
+%config /etc/pam.d/xen-api
%endif
/etc/xen/auto
%config /etc/xen/examples
@@ -1076,7 +1081,6 @@
%config /etc/xen/vm
%config(noreplace) /etc/xen/xenapiusers
%config(noreplace) /etc/xen/xl.conf
-%config /etc/pam.d/xen-api
%config %{_unitdir}
%exclude %{_unitdir}/%{name}-vcpu-watch.service
%exclude %{_unitdir}/xendomains-wait-disks.service
@@ -1170,7 +1174,7 @@
%service_add_pre xen-qemu-dom0-disk-backend.service
%if 0%{?suse_version} > 1500
# Prepare for migration to /usr/etc; save any old .rpmsave
-for i in logrotate.d/xen ; do
+for i in logrotate.d/xen pam.d/xen-api ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave
%{_sysconfdir}/${i}.rpmsave.old ||:
done
%endif
@@ -1178,7 +1182,7 @@
%if 0%{?suse_version} > 1500
%posttrans tools
# Migration to /usr/etc, restore just created .rpmsave
-for i in logrotate.d/xen ; do
+for i in logrotate.d/xen pam.d/xen-api ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave
%{_sysconfdir}/${i} ||:
done
%endif
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2022-12-10 21:17:47 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.1835 (New) Package is "xen" Sat Dec 10 21:17:47 2022 rev:323 rq:1041918 version:4.17.0_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-09-02 21:56:43.224322251 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.1835/xen.changes2022-12-10 21:18:07.845662587 +0100 @@ -1,0 +2,76 @@ +Thu Dec 8 10:54:29 MST 2022 - carn...@suse.com + +- Update to Xen 4.17.0 FCS release (jsc#PED-1858) + xen-4.17.0-testing-src.tar.bz2 + * On x86 "vga=current" can now be used together with GrUB2's gfxpayload setting. Note that +this requires use of "multiboot2" (and "module2") as the GrUB commands loading Xen. + * The "gnttab" option now has a new command line sub-option for disabling the +GNTTABOP_transfer functionality. + * The x86 MCE command line option info is now updated. + * Out-of-tree builds for the hypervisor now supported. + * __ro_after_init support, for marking data as immutable after boot. + * The project has officially adopted 4 directives and 24 rules of MISRA-C, +added MISRA-C checker build integration, and defined how to document +deviations. + * IOMMU superpage support on x86, affecting PV guests as well as HVM/PVH ones +when they don't share page tables with the CPU (HAP / EPT / NPT). + * Support for VIRT_SSBD and MSR_SPEC_CTRL for HVM guests on AMD. + * Improved TSC, CPU, and APIC clock frequency calibration on x86. + * Support for Xen using x86 Control Flow Enforcement technology for its own +protection. Both Shadow Stacks (ROP protection) and Indirect Branch +Tracking (COP/JOP protection). + * Add mwait-idle support for SPR and ADL on x86. + * Extend security support for hosts to 12 TiB of memory on x86. + * Add command line option to set cpuid parameters for dom0 at boot time on x86. + * Improved static configuration options on Arm. + * cpupools can be specified at boot using device tree on Arm. + * It is possible to use PV drivers with dom0less guests, allowing statically +booted dom0less guests with PV devices. + * On Arm, p2m structures are now allocated out of a pool of memory set aside at +domain creation. + * Improved mitigations against Spectre-BHB on Arm. + * Support VirtIO-MMIO devices device-tree binding creation in toolstack on Arm. + * Allow setting the number of CPUs to activate at runtime from command line +option on Arm. + * Grant-table support on Arm was improved and hardened by implementing +"simplified M2P-like approach for the xenheap pages" + * Add Renesas R-Car Gen4 IPMMU-VMSA support on Arm. + * Add i.MX lpuart and i.MX8QM support on Arm. + * Improved toolstack build system. + * Add Xue - console over USB 3 Debug Capability. + * gitlab-ci automation: Fixes and improvements together with new tests. + * dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options +- Drop patches contained in new tarball or invalid + 62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch + xsa410-01.patch + xsa410-02.patch + xsa410-03.patch + xsa410-04.patch + xsa410-05.patch + xsa410-06.patch + xsa410-07.patch + xsa410-08.patch + xsa410-09.patch + xsa410-10.patch + xsa411.patch + +--- +Wed Sep 28 10:14:10 MDT 2022 - carn...@suse.com + +- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may + take excessively long (XSA-410) + xsa410-01.patch + xsa410-02.patch + xsa410-03.patch + xsa410-04.patch + xsa410-05.patch + xsa410-06.patch + xsa410-07.patch + xsa410-08.patch + xsa410-09.patch + xsa410-10.patch +- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in + transitive grant copy handling (XSA-411) + xsa411.patch + +--- @@ -23,0 +100 @@ + * No upstream changelog found in sources or webpage Old: 62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch xen-4.16.2-testing-src.tar.bz2 New: xen-4.17.0-testing-src.tar.bz2 Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.y0ZhNI/_old 2022-12-10 21:18:09.125670071 +0100 +++ /var/tmp/diff_new_pack.y0ZhNI/_new 2022-12-10 21:18:09.129670094 +0100 @@ -28,7 +28,7 @@ Name: xen ExclusiveArch: %ix86 x86_64 aarch64 -%define xen_build_dir xen-4.16.2-testing +%define xen_build_dir xen-4.17.0-testing # %define with_gdbsx 0 %define with_dom0_support 0 @@ -119,12 +119,12 @@ %endif Provides:
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2022-09-02 21:56:26
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.2083 (New)
Package is "xen"
Fri Sep 2 21:56:26 2022 rev:322 rq:1000665 version:4.16.2_04
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-08-30 14:48:53.788031084
+0200
+++ /work/SRC/openSUSE:Factory/.xen.new.2083/xen.changes2022-09-02
21:56:43.224322251 +0200
@@ -1,0 +2,6 @@
+Thu Sep 1 06:21:39 UTC 2022 - Stefan Schubert
+
+- Migration to /usr/etc: Saving user changed configuration files
+ in /etc and restoring them while an RPM update.
+
+---
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.MVDYgY/_old 2022-09-02 21:56:44.736325910 +0200
+++ /var/tmp/diff_new_pack.MVDYgY/_new 2022-09-02 21:56:44.740325920 +0200
@@ -1169,6 +1169,20 @@
%service_add_pre xenconsoled.service
%service_add_pre xen-init-dom0.service
%service_add_pre xen-qemu-dom0-disk-backend.service
+%if 0%{?suse_version} > 1500
+# Prepare for migration to /usr/etc; save any old .rpmsave
+for i in logrotate.d/xen ; do
+ test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave
%{_sysconfdir}/${i}.rpmsave.old ||:
+done
+%endif
+
+%if 0%{?suse_version} > 1500
+%posttrans tools
+# Migration to /usr/etc, restore just created .rpmsave
+for i in logrotate.d/xen ; do
+ test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave
%{_sysconfdir}/${i} ||:
+done
+%endif
%post tools
%{fillup_only -n xencommons xencommons}
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2022-08-30 14:48:41
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.2083 (New)
Package is "xen"
Tue Aug 30 14:48:41 2022 rev:321 rq:183 version:4.16.2_04
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-08-24 15:10:20.520438132
+0200
+++ /work/SRC/openSUSE:Factory/.xen.new.2083/xen.changes2022-08-30
14:48:53.788031084 +0200
@@ -1,0 +2,12 @@
+Mon Aug 29 10:24:31 MDT 2022 - carn...@suse.com
+
+- bsc#1201994 - Xen DomU unable to emulate audio device
+ 62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
+
+---
+Tue Aug 23 08:52:05 MDT 2022 - carn...@suse.com
+
+- Things are compiling fine now with gcc12.
+ Drop gcc12-fixes.patch
+
+---
Old:
gcc12-fixes.patch
New:
62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.nuVQB4/_old 2022-08-30 14:48:55.300034942 +0200
+++ /var/tmp/diff_new_pack.nuVQB4/_new 2022-08-30 14:48:55.304034953 +0200
@@ -119,7 +119,7 @@
%endif
Provides: installhint(reboot-needed)
-Version:4.16.2_02
+Version:4.16.2_04
Release:0
Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License:GPL-2.0-only
@@ -155,6 +155,7 @@
# For xen-libs
Source99: baselibs.conf
# Upstream patches
+Patch1:
62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
# EMBARGOED security fixes
# libxc
Patch301: libxc-bitmap-long.patch
@@ -228,7 +229,6 @@
Patch621: xen.build-compare.doc_html.patch
# Build patches
Patch6: xen.stubdom.newlib.patch
-Patch7: gcc12-fixes.patch
URL:http://www.cl.cam.ac.uk/Research/SRG/netos/xen/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define pyver %(python3 -c "import sys; print(sys.version.rpartition('.')[0])")
++
62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
++
Subject: tools/libxl: Replace deprecated -soundhw on QEMU command line
From: Anthony PERARD anthony.per...@citrix.com Thu Aug 18 09:25:50 2022 +0200
Date: Thu Aug 18 09:25:50 2022 +0200:
Git: 62ca138c2c052187783aca3957d3f47c4dcfd683
-soundhw is deprecated since 825ff02911c9 ("audio: add soundhw
deprecation notice"), QEMU v5.1, and is been remove for upcoming v7.1
by 039a68373c45 ("introduce -audio as a replacement for -soundhw").
Instead we can just add the sound card with "-device", for most option
that "-soundhw" could handle. "-device" is an option that existed
before QEMU 1.0, and could already be used to add audio hardware.
The list of possible option for libxl's "soundhw" is taken the list
from QEMU 7.0.
The list of options for "soundhw" are listed in order of preference in
the manual. The first three (hda, ac97, es1370) are PCI devices and
easy to test on Linux, and the last four are ISA devices which doesn't
seems to work out of the box on linux.
The sound card 'pcspk' isn't listed even if it used to be accepted by
'-soundhw' because QEMU crash when trying to add it to a Xen domain.
Also, it wouldn't work with "-device" might need to be "-machine
pcspk-audiodev=default" instead.
Signed-off-by: Anthony PERARD
Reviewed-by: Jason Andryuk
--- a/docs/man/xl.cfg.5.pod.in
+++ b/docs/man/xl.cfg.5.pod.in
@@ -2540,9 +2540,9 @@ The form serial=DEVICE is also accepted
=item B
-Select the virtual sound card to expose to the guest. The valid
-devices are defined by the device model configuration, please see the
-B manpage for details. The default is not to export any sound
+Select the virtual sound card to expose to the guest. The valid devices are
+B, B, B, B, B, B, B if there are
+available with the device model QEMU. The default is not to export any sound
device.
=item B
--- a/tools/libs/light/libxl_dm.c
+++ b/tools/libs/light/libxl_dm.c
@@ -1204,6 +1204,7 @@ static int libxl__build_device_model_arg
uint64_t ram_size;
const char *path, *chardev;
bool is_stubdom = libxl_defbool_val(b_info->device_model_stubdomain);
+int rc;
dm_args = flexarray_make(gc, 16, 1);
dm_envs = flexarray_make(gc, 16, 1);
@@ -1531,7 +1532,23 @@ static int libxl__build_device_model_arg
}
}
if (b_info->u.hvm.soundhw) {
-flexarray_vappend(dm_args, "-soundhw", b_info->u.hvm.soundhw,
NULL);
+libxl__qemu_soundhw soundhw;
+
+rc =
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2022-08-24 15:10:19 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.2083 (New) Package is "xen" Wed Aug 24 15:10:19 2022 rev:320 rq:998682 version:4.16.2_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-08-01 21:28:11.237275758 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.2083/xen.changes2022-08-24 15:10:20.520438132 +0200 @@ -1,0 +2,45 @@ +Thu Aug 18 14:18:46 MDT 2022 - carn...@suse.com + +- Update to Xen 4.16.2 bug fix release (bsc#1027519) + xen-4.16.2-testing-src.tar.bz2 +- Drop patches contained in new tarball + 625fca42-VT-d-reserved-CAP-ND.patch + 626f7ee8-x86-MSR-handle-P5-MC-reads.patch + 627549d6-IO-shutdown-race.patch + 62a1e594-x86-clean-up-_get_page_type.patch + 62a1e5b0-x86-ABAC-race-in-_get_page_type.patch + 62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch + 62a1e5f0-x86-dont-change-cacheability-of-directmap.patch + 62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch + 62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch + 62a1e649-x86-track-and-flush-non-coherent.patch + 62a99614-IOMMU-x86-gcc12.patch + 62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch + 62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch + 62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch + 62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch + 62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch + 62c56cc0-libxc-fix-compilation-error-with-gcc13.patch + 62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch + 62cc31ee-cmdline-extend-parse_boolean.patch + 62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch + 62cd91d0-x86-spec-ctrl-rework-context-switching.patch + 62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch + 62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch + 62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch + 62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch + 62cd91d5-x86-cpuid-BTC_NO-enum.patch + 62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch + 62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch + xsa408.patch + +--- +Thu Jul 28 07:07:07 UTC 2022 - oher...@suse.de + +- bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels + A previous change to the built-in default had a logic error, + effectively restoring the upstream limit of 1023 channels per domU. + Fix the logic to calculate the default based on the number of vcpus. + adjust libxl.max_event_channels.patch + +--- Old: 625fca42-VT-d-reserved-CAP-ND.patch 626f7ee8-x86-MSR-handle-P5-MC-reads.patch 627549d6-IO-shutdown-race.patch 62a1e594-x86-clean-up-_get_page_type.patch 62a1e5b0-x86-ABAC-race-in-_get_page_type.patch 62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch 62a1e5f0-x86-dont-change-cacheability-of-directmap.patch 62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch 62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch 62a1e649-x86-track-and-flush-non-coherent.patch 62a99614-IOMMU-x86-gcc12.patch 62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch 62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch 62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch 62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch 62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch 62c56cc0-libxc-fix-compilation-error-with-gcc13.patch 62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch 62cc31ee-cmdline-extend-parse_boolean.patch 62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch 62cd91d0-x86-spec-ctrl-rework-context-switching.patch 62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch 62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch 62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch 62cd91d5-x86-cpuid-BTC_NO-enum.patch 62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch 62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch xen-4.16.1-testing-src.tar.bz2 xsa408.patch New: xen-4.16.2-testing-src.tar.bz2 Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.hGJYLi/_old 2022-08-24 15:10:21.91336 +0200 +++ /var/tmp/diff_new_pack.hGJYLi/_new 2022-08-24 15:10:21.948441346 +0200 @@ -28,7 +28,7 @@ Name: xen ExclusiveArch: %ix86 x86_64 aarch64 -%define xen_build_dir xen-4.16.1-testing +%define xen_build_dir xen-4.16.2-testing # %define with_gdbsx 0 %define with_dom0_support 0 @@ -119,12 +119,12 @@ %endif Provides:
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2022-07-01 13:43:49
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1548 (New)
Package is "xen"
Fri Jul 1 13:43:49 2022 rev:318 rq:985936 version:4.16.1_02
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-05-12 22:58:11.772622463
+0200
+++ /work/SRC/openSUSE:Factory/.xen.new.1548/xen.changes2022-07-01
13:43:51.674799559 +0200
@@ -1,0 +2,6 @@
+Tue Jun 28 14:31:48 UTC 2022 - Stefan Schubert
+
+- Moved logrotate files from user specific directory /etc/logrotate.d
+ to vendor specific directory /usr/etc/logrotate.d.
+
+---
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.cacpdD/_old 2022-07-01 13:43:53.414802173 +0200
+++ /var/tmp/diff_new_pack.cacpdD/_new 2022-07-01 13:43:53.418802180 +0200
@@ -831,7 +831,12 @@
install -m644 %SOURCE31 %{buildroot}/etc/xen/
# Logrotate
-install -m644 -D %SOURCE14 %{buildroot}/etc/logrotate.d/xen
+%if 0%{?suse_version} > 1500
+mkdir -p %{buildroot}%{_distconfdir}/logrotate.d
+install -m644 -D %SOURCE14 %{buildroot}%{_distconfdir}/logrotate.d/xen
+%else
+install -m644 -D %SOURCE14 %{buildroot}%{_sysconfdir}/logrotate.d/xen
+%endif
# Directories
mkdir -p %{buildroot}/var/lib/xenstored
@@ -1060,7 +1065,11 @@
%dir /var/lib/xenstored
%dir /var/log/xen
%dir /var/log/xen/console
-%config /etc/logrotate.d/xen
+%if 0%{?suse_version} > 1500
+%{_distconfdir}/logrotate.d/xen
+%else
+%config(noreplace) %{_sysconfdir}/logrotate.d/xen
+%endif
/etc/xen/auto
%config /etc/xen/examples
%config /etc/xen/cpupool
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2022-05-12 22:57:49
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1538 (New)
Package is "xen"
Thu May 12 22:57:49 2022 rev:317 rq:976117 version:4.16.1_02
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-04-16 00:13:02.953552960
+0200
+++ /work/SRC/openSUSE:Factory/.xen.new.1538/xen.changes2022-05-12
22:58:11.772622463 +0200
@@ -1,0 +2,5 @@
+Tue May 10 16:08:02 UTC 2022 - Dirk M??ller
+
+- fix python3 >= 3.10 version detection
+
+---
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.9Nla62/_old 2022-05-12 22:58:13.292624504 +0200
+++ /var/tmp/diff_new_pack.9Nla62/_new 2022-05-12 22:58:13.304624520 +0200
@@ -231,7 +231,7 @@
Patch7: gcc12-fixes.patch
URL:http://www.cl.cam.ac.uk/Research/SRG/netos/xen/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%define pyver %(python3 -c "import sys; print(sys.version[:3])")
+%define pyver %(python3 -c "import sys; print(sys.version.rpartition('.')[0])")
%description
Xen is a virtual machine monitor for x86 that supports execution of
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2022-04-16 00:12:55 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.1941 (New) Package is "xen" Sat Apr 16 00:12:55 2022 rev:316 rq:969996 version:4.16.1_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-04-08 00:27:01.482789653 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.1941/xen.changes2022-04-16 00:13:02.953552960 +0200 @@ -1,0 +2,77 @@ +Wed Apr 13 08:54:02 MDT 2022 - carn...@suse.com + +- Update to Xen 4.16.1 bug fix release (bsc#1027519) + xen-4.16.1-testing-src.tar.bz2 +- Drop patches contained in new tarball + 61b31d5c-x86-restrict-all-but-self-IPI.patch + 61b88e78-x86-CPUID-TSXLDTRK-definition.patch + 61bc429f-revert-hvmloader-PA-range-should-be-UC.patch + 61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch + 61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch + 61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch + 61e0296a-x86-time-calibration-relative-counts.patch + 61e029c8-x86-time-TSC-freq-calibration-accuracy.patch + 61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch + 61e98e88-x86-introduce-get-set-reg-infra.patch + 61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch + 61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch + 61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch + 61eaaa23-x86-get-set-reg-infra-build.patch + 61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch + 61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch + 61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch + 61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch + 61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch + 61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch + 61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch + 61f933a4-x86-cpuid-advertise-SSB_NO.patch + 61f933a5-x86-drop-use_spec_ctrl-boolean.patch + 61f933a6-x86-new-has_spec_ctrl-boolean.patch + 61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch + 61f933a8-x86-SPEC_CTRL-record-last-write.patch + 61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch + 61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch + 61f933ab-x86-AMD-SPEC_CTRL-infra.patch + 61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch + 61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch + 6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch + 6202afa4-x86-TSX-move-has_rtm_always_abort.patch + 6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch + 6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch + 6202afa8-x86-Intel-PSFD-for-guests.patch + 62278667-Arm-introduce-new-processors.patch + 62278668-Arm-move-errata-CSV2-check-earlier.patch + 62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch + 6227866a-Arm-Spectre-BHB-handling.patch + 6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch + 6227866c-x86-AMD-cease-using-thunk-lfence.patch + 6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch + 624ebcef-VT-d-dont-needlessly-look-up-DID.patch + 624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch + 624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch + xsa397.patch + xsa399.patch + xsa400-01.patch + xsa400-02.patch + xsa400-03.patch + xsa400-04.patch + xsa400-05.patch + xsa400-06.patch + xsa400-07.patch + xsa400-08.patch + xsa400-09.patch + xsa400-10.patch + xsa400-11.patch + xsa400-12.patch + +--- +Fri Apr 8 12:00:00 CEST 2022 - jbeul...@suse.com + +- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359, + CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity + map (AMD-Vi) handling issues (XSA-400) + 624ebcef-VT-d-dont-needlessly-look-up-DID.patch + 624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch + 624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch + +--- Old: 61b31d5c-x86-restrict-all-but-self-IPI.patch 61b88e78-x86-CPUID-TSXLDTRK-definition.patch 61bc429f-revert-hvmloader-PA-range-should-be-UC.patch 61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch 61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch 61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch 61e0296a-x86-time-calibration-relative-counts.patch 61e029c8-x86-time-TSC-freq-calibration-accuracy.patch 61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch 61e98e88-x86-introduce-get-set-reg-infra.patch 61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch 61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch 61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch 61eaaa23-x86-get-set-reg-infra-build.patch
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2022-04-08 00:26:39
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1900 (New)
Package is "xen"
Fri Apr 8 00:26:39 2022 rev:315 rq:967124 version:4.16.0_08
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-03-16 21:30:17.503390239
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.1900/xen.changes2022-04-08
00:27:01.482789653 +0200
@@ -1,0 +2,30 @@
+Mon Apr 4 09:58:24 MDT 2022 - carn...@suse.com
+
+- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions
+ between dirty vram tracking and paging log dirty hypercalls
+ (XSA-397)
+ xsa397.patch
+- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID
+ cleanup (XSA-399)
+ xsa399.patch
+- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
+ CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
+ map (AMD-Vi) handling issues (XSA-400)
+ xsa400-01.patch
+ xsa400-02.patch
+ xsa400-03.patch
+ xsa400-04.patch
+ xsa400-05.patch
+ xsa400-06.patch
+ xsa400-07.patch
+ xsa400-08.patch
+ xsa400-09.patch
+ xsa400-10.patch
+ xsa400-11.patch
+ xsa400-12.patch
+- Additional upstream bug fixes for XSA-400 (bsc#1027519)
+ 61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
+ 61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
+ 6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch
+
+---
@@ -78 +108 @@
- list not giving any output
+ list not giving any output (see also bsc#1194267)
New:
61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch
xsa397.patch
xsa399.patch
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
xsa400-12.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.0b60M3/_old 2022-04-08 00:27:04.294758093 +0200
+++ /var/tmp/diff_new_pack.0b60M3/_new 2022-04-08 00:27:04.294758093 +0200
@@ -119,7 +119,7 @@
%endif
Provides: installhint(reboot-needed)
-Version:4.16.0_06
+Version:4.16.0_08
Release:0
Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License:GPL-2.0-only
@@ -195,7 +195,24 @@
Patch38:6227866a-Arm-Spectre-BHB-handling.patch
Patch39:6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
Patch40:6227866c-x86-AMD-cease-using-thunk-lfence.patch
+Patch41:
61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
+Patch42:61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
+Patch43:
6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch
# EMBARGOED security fixes
+Patch97:xsa397.patch
+Patch99:xsa399.patch
+Patch101: xsa400-01.patch
+Patch102: xsa400-02.patch
+Patch103: xsa400-03.patch
+Patch104: xsa400-04.patch
+Patch105: xsa400-05.patch
+Patch106: xsa400-06.patch
+Patch107: xsa400-07.patch
+Patch108: xsa400-08.patch
+Patch109: xsa400-09.patch
+Patch110: xsa400-10.patch
+Patch111: xsa400-11.patch
+Patch112: xsa400-12.patch
# libxc
Patch301: libxc-bitmap-long.patch
Patch302: libxc-sr-xl-migration-debug.patch
++ 61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch ++
Subject: VT-d: split domid map cleanup check into a function
From: Jan Beulich jbeul...@suse.com Thu Jan 6 14:10:05 2022 +0100
Date: Thu Jan 6 14:10:05 2022 +0100:
Git: fa45f6b5560e738955993fe061a04d64c6f71c14
This logic will want invoking from elsewhere.
No functional change intended.
Signed-off-by: Jan Beulich
Reviewed-by: Roger Pau Monn??
Reviewed-by: Kevin Tian
master commit: 9fdc10abe9457e4c9879a266f82372cb08e88ffb
master date: 2021-11-24 11:06:20 +0100
diff --git a/xen/drivers/passthrough/vtd/iommu.c
b/xen/drivers/passthrough/vtd/iommu.c
index f9ce402f22..de11c258ca 100644
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -157,6 +157,51 @@ static void cleanup_domid_map(struct domain *domain,
struct vtd_iommu *iommu)
}
}
+static bool any_pdev_behind_iommu(const struct domain *d,
+ const struct pci_dev *exclude,
+ const struct vtd_iommu *iommu)
+{
+const struct pci_dev *pdev;
+
+
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2022-03-16 21:30:16 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.25692 (New) Package is "xen" Wed Mar 16 21:30:16 2022 rev:314 rq:961753 version:4.16.0_06 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-03-05 14:44:42.331720428 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.25692/xen.changes 2022-03-16 21:30:17.503390239 +0100 @@ -1,0 +2,12 @@ +Mon Mar 14 10:14:00 CET 2022 - jbeul...@suse.com + +- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401: + xen: BHB speculation issues (XSA-398) + 62278667-Arm-introduce-new-processors.patch + 62278668-Arm-move-errata-CSV2-check-earlier.patch + 62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch + 6227866a-Arm-Spectre-BHB-handling.patch + 6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch + 6227866c-x86-AMD-cease-using-thunk-lfence.patch + +--- New: 62278667-Arm-introduce-new-processors.patch 62278668-Arm-move-errata-CSV2-check-earlier.patch 62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch 6227866a-Arm-Spectre-BHB-handling.patch 6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch 6227866c-x86-AMD-cease-using-thunk-lfence.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.ZyhYrp/_old 2022-03-16 21:30:19.539391781 +0100 +++ /var/tmp/diff_new_pack.ZyhYrp/_new 2022-03-16 21:30:19.543391785 +0100 @@ -189,6 +189,12 @@ Patch32:6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch Patch33:6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch Patch34:6202afa8-x86-Intel-PSFD-for-guests.patch +Patch35:62278667-Arm-introduce-new-processors.patch +Patch36:62278668-Arm-move-errata-CSV2-check-earlier.patch +Patch37:62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch +Patch38:6227866a-Arm-Spectre-BHB-handling.patch +Patch39:6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch +Patch40:6227866c-x86-AMD-cease-using-thunk-lfence.patch # EMBARGOED security fixes # libxc Patch301: libxc-bitmap-long.patch ++ 62278667-Arm-introduce-new-processors.patch ++ # Commit 35d1b85a6b43483f6bd007d48757434e54743e98 # Date 2022-03-08 16:38:02 + # Author Bertrand Marquis # Committer Andrew Cooper xen/arm: Introduce new Arm processors Add some new processor identifiers in processor.h and sync Xen definitions with status of Linux 5.17 (declared in arch/arm64/include/asm/cputype.h). This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -65,6 +65,7 @@ #define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 +#define ARM_CPU_PART_CORTEX_A35 0xD04 #define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 @@ -72,11 +73,20 @@ #define ARM_CPU_PART_CORTEX_A75 0xD0A #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N10xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V10xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 +#define ARM_CPU_PART_CORTEX_A7100xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 +#define ARM_CPU_PART_NEOVERSE_N20xD49 +#define ARM_CPU_PART_CORTEX_A78C0xD4B #define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) #define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35) #define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -84,6 +94,14 @@ #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM,
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2022-03-05 14:43:58
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1958 (New)
Package is "xen"
Sat Mar 5 14:43:58 2022 rev:313 rq:959301 version:4.16.0_06
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-02-22 21:18:18.214287469
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.1958/xen.changes2022-03-05
14:44:42.331720428 +0100
@@ -1,0 +2,6 @@
+Thu Mar 3 14:42:07 MST 2022 - carn...@suse.com
+
+- bsc#1196545 - GCC 12: xen package fails
+ gcc12-fixes.patch
+
+---
New:
gcc12-fixes.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.69cyPx/_old 2022-03-05 14:44:44.175720892 +0100
+++ /var/tmp/diff_new_pack.69cyPx/_new 2022-03-05 14:44:44.183720895 +0100
@@ -262,6 +262,7 @@
Patch621: xen.build-compare.doc_html.patch
# Build patches
Patch6: xen.stubdom.newlib.patch
+Patch7: gcc12-fixes.patch
URL:http://www.cl.cam.ac.uk/Research/SRG/netos/xen/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define pyver %(python3 -c "import sys; print(sys.version[:3])")
++ gcc12-fixes.patch ++
References: bsc#1196545
Compiling against gcc12.
Many of the failures are -Werror=array-bounds where macros
from mm.h are being used. Common Examples are,
include/asm/mm.h:528:61: error: array subscript 0 is outside array bounds of
'long unsigned int[0]' [-Werror=array-bounds]
include/xen/mm.h:287:21: error: array subscript [0, 288230376151711743] is
outside array bounds of 'struct page_info[0]' [-Werror=array-bounds]
There are also several other headers that generate array-bounds macro failures.
The pragmas to override are mostly in '.c' files with the exception of,
xen/arch/x86/mm/shadow/private.h
xen/include/asm-x86/paging.h
--- a/xen/drivers/passthrough/amd/iommu_intr.c
+++ b/xen/drivers/passthrough/amd/iommu_intr.c
@@ -23,6 +23,10 @@
#include "iommu.h"
+#if __GNUC__ >= 12
+#pragma GCC diagnostic ignored "-Warray-bounds"
+#endif
+
union irte32 {
uint32_t raw;
struct {
--- a/xen/drivers/passthrough/x86/hvm.c
+++ b/xen/drivers/passthrough/x86/hvm.c
@@ -901,6 +901,9 @@ static void __hvm_dpci_eoi(struct domain
hvm_pirq_eoi(pirq);
}
+#if __GNUC__ >= 12
+#pragma GCC diagnostic ignored "-Waddress"
+#endif
static void hvm_gsi_eoi(struct domain *d, unsigned int gsi)
{
struct pirq *pirq = pirq_info(d, gsi);
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -32,6 +32,10 @@
#include
#include
+#if __GNUC__ >= 12
+#pragma GCC diagnostic ignored "-Warray-bounds"
+#endif
+
static DEFINE_SPINLOCK(domctl_lock);
static int nodemask_to_xenctl_bitmap(struct xenctl_bitmap *xenctl_nodemap,
--- a/xen/common/efi/boot.c
+++ b/xen/common/efi/boot.c
@@ -31,6 +31,10 @@
#undef __ASSEMBLY__
#endif
+#if __GNUC__ >= 12
+#pragma GCC diagnostic ignored "-Warray-bounds"
+#endif
+
#define EFI_REVISION(major, minor) (((major) << 16) | (minor))
#define SMBIOS3_TABLE_GUID \
--- a/xen/common/xmalloc_tlsf.c
+++ b/xen/common/xmalloc_tlsf.c
@@ -28,6 +28,10 @@
#include
#include
+#if __GNUC__ >= 12
+#pragma GCC diagnostic ignored "-Warray-bounds"
+#endif
+
#define MAX_POOL_NAME_LEN 16
/* Some IMPORTANT TLSF parameters */
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -35,6 +35,10 @@
#include
#endif
+#if __GNUC__ >= 12
+#pragma GCC diagnostic ignored "-Warray-bounds"
+#endif
+
struct memop_args {
/* INPUT */
struct domain *domain; /* Domain to be affected. */
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -155,6 +155,10 @@
#define PGC_reserved 0
#endif
+#if __GNUC__ >= 12
+#pragma GCC diagnostic ignored "-Warray-bounds"
+#endif
+
/*
* Comma-separated list of hexadecimal page numbers containing bad bytes.
* e.g. 'badpage=0x3f45,0x8a321'.
@@ -1529,6 +1533,7 @@ static void free_heap_pages(
}
+
/*
* Following rules applied for page offline:
* Once a page is broken, it can't be assigned anymore
--- a/xen/common/vmap.c
+++ b/xen/common/vmap.c
@@ -9,6 +9,10 @@
#include
#include
+#if __GNUC__ >= 12
+#pragma GCC diagnostic ignored "-Warray-bounds"
+#endif
+
static DEFINE_SPINLOCK(vm_lock);
static void *__read_mostly vm_base[VMAP_REGION_NR];
#define vm_bitmap(x) ((unsigned long *)vm_base[x])
--- a/xen/include/asm-x86/paging.h
+++ b/xen/include/asm-x86/paging.h
@@ -32,6 +32,10 @@
#include
#include
+#if __GNUC__ >= 12
+#pragma GCC diagnostic ignored "-Warray-bounds"
+#endif
+
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2022-02-22 21:17:55 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.1958 (New) Package is "xen" Tue Feb 22 21:17:55 2022 rev:312 rq:956542 version:4.16.0_06 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-01-27 23:16:44.727069963 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.1958/xen.changes2022-02-22 21:18:18.214287469 +0100 @@ -1,0 +2,42 @@ +Mon Feb 14 11:40:00 CET 2022 - jbeul...@suse.com + +- Upstream bug fixes (bsc#1027519) + 61e0296a-x86-time-calibration-relative-counts.patch + 61e029c8-x86-time-TSC-freq-calibration-accuracy.patch + 61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch + 61e98e88-x86-introduce-get-set-reg-infra.patch + 61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch + 61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch + 61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch + 61eaaa23-x86-get-set-reg-infra-build.patch + 61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch + 61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch + 61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch + 61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch + 61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch + 61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch + 61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch + 61f933a4-x86-cpuid-advertise-SSB_NO.patch + 61f933a5-x86-drop-use_spec_ctrl-boolean.patch + 61f933a6-x86-new-has_spec_ctrl-boolean.patch + 61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch + 61f933a8-x86-SPEC_CTRL-record-last-write.patch + 61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch + 61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch + 61f933ab-x86-AMD-SPEC_CTRL-infra.patch + 61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch + 61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch + 6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch + 6202afa4-x86-TSX-move-has_rtm_always_abort.patch + 6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch + 6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch + 6202afa8-x86-Intel-PSFD-for-guests.patch +- Drop patches replaced by the above: + xsa393.patch + xsa394.patch + xsa395.patch + libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch + libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch + libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch + +--- Old: libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch xsa393.patch xsa394.patch xsa395.patch New: 61e0296a-x86-time-calibration-relative-counts.patch 61e029c8-x86-time-TSC-freq-calibration-accuracy.patch 61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch 61e98e88-x86-introduce-get-set-reg-infra.patch 61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch 61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch 61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch 61eaaa23-x86-get-set-reg-infra-build.patch 61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch 61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch 61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch 61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch 61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch 61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch 61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch 61f933a4-x86-cpuid-advertise-SSB_NO.patch 61f933a5-x86-drop-use_spec_ctrl-boolean.patch 61f933a6-x86-new-has_spec_ctrl-boolean.patch 61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch 61f933a8-x86-SPEC_CTRL-record-last-write.patch 61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch 61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch 61f933ab-x86-AMD-SPEC_CTRL-infra.patch 61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch 61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch 6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch 6202afa4-x86-TSX-move-has_rtm_always_abort.patch 6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch 6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch 6202afa8-x86-Intel-PSFD-for-guests.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.HGscrv/_old 2022-02-22 21:18:24.086288548 +0100 +++ /var/tmp/diff_new_pack.HGscrv/_new 2022-02-22 21:18:24.090288548 +0100 @@ -119,7 +119,7 @@ %endif Provides: installhint(reboot-needed) -Version:4.16.0_04 +Version:4.16.0_06 Release:0
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2022-01-27 23:16:27
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1898 (New)
Package is "xen"
Thu Jan 27 23:16:27 2022 rev:311 rq:949116 version:4.16.0_04
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-01-13 00:22:32.451937599
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.1898/xen.changes2022-01-27
23:16:44.727069963 +0100
@@ -1,0 +2,21 @@
+Thu Jan 13 10:55:58 MST 2022 - carn...@suse.com
+
+- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm:
+ guest_physmap_remove_page not removing the p2m mappings (XSA-393)
+ xsa393.patch
+- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
+ Xen while unmapping a grant (XSA-394)
+ xsa394.patch
+- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
+ passed-through device IRQs (XSA-395)
+ xsa395.patch
+
+---
+Wed Jan 12 14:16:53 MST 2022 - carn...@suse.com
+
+- bsc#1191668 - L3: issue around xl and virsh operation - virsh
+ list not giving any output
+ libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
+ libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
+
+---
New:
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
xsa393.patch
xsa394.patch
xsa395.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.BvXlHj/_old 2022-01-27 23:16:46.467057942 +0100
+++ /var/tmp/diff_new_pack.BvXlHj/_new 2022-01-27 23:16:46.471057914 +0100
@@ -160,6 +160,9 @@
Patch3: 61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
Patch4: 61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
# EMBARGOED security fixes
+Patch11:xsa393.patch
+Patch12:xsa394.patch
+Patch13:xsa395.patch
# libxc
Patch301: libxc-bitmap-long.patch
Patch302: libxc-sr-xl-migration-debug.patch
@@ -222,6 +225,8 @@
Patch468: libxl.helper_done-crash.patch
Patch469: libxl.LIBXL_HOTPLUG_TIMEOUT.patch
Patch470: libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
+Patch471: libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
+Patch472:
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
# python3 conversion patches
Patch500: build-python3-conversion.patch
Patch501: migration-python3-conversion.patch
++ libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
++
References: bsc#1191668, bsc#1194267
If we are in libvxl_list_vcpu() and we are returning NULL, let's avoid
touching the output parameter *nr_vcpus_out (which should contain the
number of vcpus in the list). Ideally, the caller initialized it to 0,
which is therefore consistent with us returning NULL (or, as an alternative,
we can explicitly set it to 0 if we're returning null... But just not
touching it seems the best behavior).
In fact, the current behavior is especially problematic if, for
instance, a domain is destroyed after we have done some steps of the
for() loop. In which case, calls like xc_vcpu_getinfo() or
xc_vcpu_getaffinity() will start to fail, and we return back to the
caller inconsistent information, such as a NULL list of vcpus, but a
modified and not 0 any longer, number of vcpus in the list.
Signed-off-by: Dario Faggioli
Tested-by: James Fehlig
---
Cc: Wei Liu
Cc: Anthony PERARD
Cc: Juergen Gross
---
tools/libs/light/libxl_domain.c | 14 --
tools/libs/light/libxl_numa.c |4 +++-
2 files changed, 11 insertions(+), 7 deletions(-)
--- a/tools/libs/light/libxl_domain.c
+++ b/tools/libs/light/libxl_domain.c
@@ -1680,6 +1680,7 @@ libxl_vcpuinfo *libxl_list_vcpu(libxl_ct
libxl_vcpuinfo *ptr, *ret;
xc_domaininfo_t domaininfo;
xc_vcpuinfo_t vcpuinfo;
+int nr_vcpus;
if (xc_domain_getinfolist(ctx->xch, domid, 1, ) != 1) {
LOGED(ERROR, domid, "Getting infolist");
@@ -1696,27 +1697,27 @@ libxl_vcpuinfo *libxl_list_vcpu(libxl_ct
ret = ptr = libxl__calloc(NOGC, domaininfo.max_vcpu_id + 1,
sizeof(libxl_vcpuinfo));
-for (*nr_vcpus_out = 0;
- *nr_vcpus_out <= domaininfo.max_vcpu_id;
- ++*nr_vcpus_out, ++ptr) {
+for (nr_vcpus = 0;
+ nr_vcpus <= domaininfo.max_vcpu_id;
+ ++nr_vcpus, ++ptr) {
libxl_bitmap_init(>cpumap);
if (libxl_cpu_bitmap_alloc(ctx, >cpumap, 0))
goto err;
libxl_bitmap_init(>cpumap_soft);
if
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2022-01-13 00:22:11
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1892 (New)
Package is "xen"
Thu Jan 13 00:22:11 2022 rev:310 rq:945654 version:4.16.0_04
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2022-01-08 23:23:04.390204899
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.1892/xen.changes2022-01-13
00:22:32.451937599 +0100
@@ -1,0 +2,8 @@
+Tue Jan 11 10:47:10 MST 2022 - carn...@suse.com
+
+- bsc#1193307 - pci backend does not exist when attach a vf to a pv
+ guest
+ libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
+ Drop libxl-PCI-defer-backend-wait.patch
+
+---
Old:
libxl-PCI-defer-backend-wait.patch
New:
libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.sXgD8I/_old 2022-01-13 00:22:34.071938765 +0100
+++ /var/tmp/diff_new_pack.sXgD8I/_new 2022-01-13 00:22:34.075938768 +0100
@@ -221,7 +221,7 @@
Patch467: xenstore-run-in-studomain.patch
Patch468: libxl.helper_done-crash.patch
Patch469: libxl.LIBXL_HOTPLUG_TIMEOUT.patch
-Patch470: libxl-PCI-defer-backend-wait.patch
+Patch470: libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
# python3 conversion patches
Patch500: build-python3-conversion.patch
Patch501: migration-python3-conversion.patch
++ libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch ++
libxl/PCI: Fix PV hotplug & stubdom coldplug
Commit 0fdb48ffe7a1 "libxl: Make sure devices added by pci-attach are
reflected in the config" broken PCI hotplug (xl pci-attach) for PV
domains when it moved libxl__create_pci_backend() later in the function.
This also broke HVM + stubdom PCI passthrough coldplug. For that, the
PCI devices are hotplugged to a running PV stubdom, and then the QEMU
QMP device_add commands are made to QEMU inside the stubdom.
Are running PV domain calls libxl__wait_for_backend(). With the current
placement of libxl__create_pci_backend(), the path does not exist and
the call immediately fails:
libxl: error: libxl_device.c:1388:libxl__wait_for_backend: Backend
/local/domain/0/backend/pci/43/0 does not exist
libxl: error: libxl_pci.c:1764:device_pci_add_done: Domain
42:libxl__device_pci_add failed for PCI device 0:2:0.0 (rc -3)
libxl: error: libxl_create.c:1857:domcreate_attach_devices: Domain 42:unable to
add pci devices
The wait is only relevant when the backend is already present. num_devs
is already used to determine if the backend needs to be created. Re-use
num_devs to determine if the backend wait is necessary. The wait is
necessary to avoid racing with another PCI attachment reconfiguring the
front/back or changing to some other state like closing. If we are
creating the backend, then we don't have to worry about the state since
it is being created.
Fixes: 0fdb48ffe7a1 ("libxl: Make sure devices added by pci-attach are
reflected in the config")
Signed-off-by: Jason Andryuk
diff --git a/tools/libs/light/libxl_pci.c b/tools/libs/light/libxl_pci.c
index 4c2d7aeefb..e8fd3bd937 100644
--- a/tools/libs/light/libxl_pci.c
+++ b/tools/libs/light/libxl_pci.c
@@ -157,8 +157,10 @@ static int libxl__device_pci_add_xenstore(libxl__gc *gc,
if (domtype == LIBXL_DOMAIN_TYPE_INVALID)
return ERROR_FAIL;
-if (!starting && domtype == LIBXL_DOMAIN_TYPE_PV) {
-if (libxl__wait_for_backend(gc, be_path, GCSPRINTF("%d",
XenbusStateConnected)) < 0)
+/* wait is only needed if the backend already exists (num_devs != NULL) */
+if (num_devs && !starting && domtype == LIBXL_DOMAIN_TYPE_PV) {
+if (libxl__wait_for_backend(gc, be_path,
+GCSPRINTF("%d", XenbusStateConnected)) < 0)
return ERROR_FAIL;
}
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2022-01-08 23:23:02
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1892 (New)
Package is "xen"
Sat Jan 8 23:23:02 2022 rev:309 rq:944512 version:4.16.0_04
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2021-12-16 21:18:48.302509658
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.1892/xen.changes2022-01-08
23:23:04.390204899 +0100
@@ -1,0 +2,17 @@
+Thu Jan 6 16:05:00 CET 2022 - jbeul...@suse.com
+
+- bsc#1193447 - Slow execution of hvmloader+ovmf when VM contains
+ an sriov device
+ 61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
+- Upstream bug fixes (bsc#1027519)
+ 61b31d5c-x86-restrict-all-but-self-IPI.patch
+ 61b88e78-x86-CPUID-TSXLDTRK-definition.patch
+ 61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
+
+---
+Tue Jan 4 15:51:15 UTC 2022 - James Fehlig
+
+- Collect active VM config files in the supportconfig plugin
+ xen-supportconfig
+
+---
New:
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.NfxPMJ/_old 2022-01-08 23:23:05.878206113 +0100
+++ /var/tmp/diff_new_pack.NfxPMJ/_new 2022-01-08 23:23:05.878206113 +0100
@@ -1,7 +1,7 @@
#
# spec file for package xen
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -119,7 +119,7 @@
%endif
Provides: installhint(reboot-needed)
-Version:4.16.0_02
+Version:4.16.0_04
Release:0
Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License:GPL-2.0-only
@@ -155,6 +155,10 @@
# For xen-libs
Source99: baselibs.conf
# Upstream patches
+Patch1: 61b31d5c-x86-restrict-all-but-self-IPI.patch
+Patch2: 61b88e78-x86-CPUID-TSXLDTRK-definition.patch
+Patch3: 61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
+Patch4: 61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
# EMBARGOED security fixes
# libxc
Patch301: libxc-bitmap-long.patch
++ 61b31d5c-x86-restrict-all-but-self-IPI.patch ++
# Commit 7621880de0bb40bae6436a5b106babc0e4718f4d
# Date 2021-12-10 10:26:52 +0100
# Author Jan Beulich
# Committer Jan Beulich
x86: avoid wrong use of all-but-self IPI shorthand
With "nosmp" I did observe a flood of "APIC error on CPU0: 04(04), Send
accept error" log messages on an AMD system. And rightly so - nothing
excludes the use of the shorthand in send_IPI_mask() in this case. Set
"unaccounted_cpus" to "true" also when command line restrictions are the
cause.
Note that PV-shim mode is unaffected by this change, first and foremost
because "nosmp" and "maxcpus=" are ignored in this case.
Fixes: 5500d265a2a8 ("x86/smp: use APIC ALLBUT destination shorthand when
possible")
Signed-off-by: Jan Beulich
Acked-by: Andrew Cooper
--- a/xen/arch/x86/mpparse.c
+++ b/xen/arch/x86/mpparse.c
@@ -85,9 +85,14 @@ void __init set_nr_cpu_ids(unsigned int
if (!park_offline_cpus)
tot_cpus = max_cpus;
nr_cpu_ids = min(tot_cpus, NR_CPUS + 0u);
- if (park_offline_cpus && nr_cpu_ids < num_processors)
- printk(XENLOG_WARNING "SMP: Cannot bring up %u further CPUs\n",
- num_processors - nr_cpu_ids);
+ if (nr_cpu_ids < num_processors)
+ {
+ unaccounted_cpus = true;
+ if (park_offline_cpus)
+ printk(XENLOG_WARNING
+ "SMP: Cannot bring up %u further CPUs\n",
+ num_processors - nr_cpu_ids);
+ }
#ifndef nr_cpumask_bits
nr_cpumask_bits = ROUNDUP(nr_cpu_ids, BITS_PER_LONG);
++ 61b88e78-x86-CPUID-TSXLDTRK-definition.patch ++
# Commit 249e0f1d8f203188ccdcced5a05c2149739e1566
# Date 2021-12-14 12:30:48 +
# Author Andrew Cooper
# Committer Andrew Cooper
x86/cpuid: Fix TSXLDTRK definition
TSXLDTRK lives in CPUID leaf 7[0].edx, not 7[0].ecx.
Bit 16 in ecx is LA57.
Fixes: a6d1b558471f ("x86emul: support X{SUS,RES}LDTRK")
Signed-off-by: Andrew Cooper
Reviewed-by: Jan Beulich
--- a/tools/libs/light/libxl_cpuid.c
+++ b/tools/libs/light/libxl_cpuid.c
@@ -209,7 +209,6 @@ int
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2021-12-16 21:18:42
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.2520 (New)
Package is "xen"
Thu Dec 16 21:18:42 2021 rev:308 rq:940365 version:4.16.0_02
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2021-12-03 20:35:32.584191426
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.2520/xen.changes2021-12-16
21:18:48.302509658 +0100
@@ -1,0 +2,7 @@
+Thu Dec 9 09:36:20 MST 2021 - carn...@suse.com
+
+- bsc#1193307 - pci backend does not exist when attach a vf to a pv
+ guest
+ libxl-PCI-defer-backend-wait.patch
+
+---
New:
libxl-PCI-defer-backend-wait.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.A3cfjc/_old 2021-12-16 21:18:49.978510296 +0100
+++ /var/tmp/diff_new_pack.A3cfjc/_new 2021-12-16 21:18:49.982510297 +0100
@@ -217,6 +217,7 @@
Patch467: xenstore-run-in-studomain.patch
Patch468: libxl.helper_done-crash.patch
Patch469: libxl.LIBXL_HOTPLUG_TIMEOUT.patch
+Patch470: libxl-PCI-defer-backend-wait.patch
# python3 conversion patches
Patch500: build-python3-conversion.patch
Patch501: migration-python3-conversion.patch
++ libxl-PCI-defer-backend-wait.patch ++
libxl/PCI: defer backend wait upon attaching to PV guest
Attempting to wait when the backend hasn't been created yet can't work:
the function will complain "Backend ... does not exist". Move the
waiting past the creation of the backend (and that of other related
nodes), hoping that there are no other dependencies that would now be
broken.
Fixes: 0fdb48ffe7a1 ("libxl: Make sure devices added by pci-attach are
reflected in the config")
Signed-off-by: Jan Beulich
--- unstable.orig/tools/libs/light/libxl_pci.c 2021-11-17 12:05:49.0
+0100
+++ unstable/tools/libs/light/libxl_pci.c 2021-12-09 17:02:15.265069154
+0100
@@ -157,11 +157,6 @@ static int libxl__device_pci_add_xenstor
if (domtype == LIBXL_DOMAIN_TYPE_INVALID)
return ERROR_FAIL;
-if (!starting && domtype == LIBXL_DOMAIN_TYPE_PV) {
-if (libxl__wait_for_backend(gc, be_path, GCSPRINTF("%d",
XenbusStateConnected)) < 0)
-return ERROR_FAIL;
-}
-
back = flexarray_make(gc, 16, 1);
LOGD(DEBUG, domid, "Adding new pci device to xenstore");
@@ -213,6 +208,9 @@ static int libxl__device_pci_add_xenstor
if (rc < 0) goto out;
}
+if (!starting && domtype == LIBXL_DOMAIN_TYPE_PV)
+rc = libxl__wait_for_backend(gc, be_path, GCSPRINTF("%d",
XenbusStateConnected));
+
out:
libxl__xs_transaction_abort(gc, );
if (lock) libxl__unlock_file(lock);
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2021-12-03 20:35:25
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.31177 (New)
Package is "xen"
Fri Dec 3 20:35:25 2021 rev:307 rq:935029 version:4.16.0_02
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2021-11-20 02:39:17.320750755
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.31177/xen.changes 2021-12-03
20:35:32.584191426 +0100
@@ -1,0 +2,24 @@
+Wed Dec 1 09:45:10 MST 2021 - carn...@suse.com
+
+- Update to Xen 4.16.0 FCS release
+ xen-4.16.0-testing-src.tar.bz2
+ * Miscellaneous fixes to the TPM manager software in preparation
+for TPM 2.0 support.
+ * Increased reliance on the PV shim as 32-bit PV guests will only
+be supported in shim mode going forward. This change reduces
+the attack surface in the hypervisor.
+ * Increased hardware support by allowing Xen to boot on Intel
+devices that lack a Programmable Interval Timer.
+ * Cleanup of legacy components by no longer building QEMU
+Traditional or PV-Grub by default. Note both projects have
+upstream Xen support merged now, so it is no longer recommended
+to use the Xen specific forks.
+ * Initial support for guest virtualized Performance Monitor
+Counters on Arm.
+ * Improved support for dom0less mode by allowing the usage on
+Arm 64bit hardware with EFI firmware.
+ * Improved support for Arm 64-bit heterogeneous systems by
+leveling the CPU features across all to improve big.LITTLE
+support.
+
+---
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.TG7EYh/_old 2021-12-03 20:35:34.120185814 +0100
+++ /var/tmp/diff_new_pack.TG7EYh/_new 2021-12-03 20:35:34.128185784 +0100
@@ -28,7 +28,6 @@
Name: xen
ExclusiveArch: %ix86 x86_64 aarch64
-%define changeset 41121
%define xen_build_dir xen-4.16.0-testing
#
%define with_gdbsx 0
@@ -120,7 +119,7 @@
%endif
Provides: installhint(reboot-needed)
-Version:4.16.0_01
+Version:4.16.0_02
Release:0
Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License:GPL-2.0-only
@@ -452,7 +451,6 @@
XEN_FULLVERSION=$XEN_FULLVERSION
_EOV_
source ./.our_xenversion
-echo "%{changeset}" > xen/.scmversion
sed -i~ "
s/XEN_VERSION[[:blank:]]*=.*/XEN_VERSION = $XEN_VERSION/
s/XEN_SUBVERSION[[:blank:]]*=.*/XEN_SUBVERSION = $XEN_SUBVERSION/
++ xen-4.16.0-testing-src.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/xen-4.16.0-testing/CHANGELOG.md
new/xen-4.16.0-testing/CHANGELOG.md
--- old/xen-4.16.0-testing/CHANGELOG.md 2021-11-17 15:24:23.0 +0100
+++ new/xen-4.16.0-testing/CHANGELOG.md 2021-12-01 17:44:20.0 +0100
@@ -4,7 +4,7 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-## [unstable
UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) -
TBD
+## [4.16.0](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) -
2021-12-02
### Removed
- XENSTORED_ROOTDIR environment variable from configuartion files and
@@ -21,8 +21,33 @@
- qemu-traditional based device models (both, qemu-traditional and
ioemu-stubdom) will
no longer be built per default. In order to be able to use those, configure
needs to
be called with "--enable-qemu-traditional" as parameter.
+ - Fixes for credit2 scheduler stability in corner case conditions.
+ - Ongoing improvements in the hypervisor build system.
+ - vtpmmgr miscellaneous fixes in preparation for TPM 2.0 support.
+ - 32bit PV guests only supported in shim mode.
+ - Improved PVH dom0 debug key handling.
+ - Fix booting on some Intel systems without a PIT (i8254).
+ - Cleanup of the xenstore library interface.
+ - Fix truncation of return value from xencall2 by introducing a new helper
+ that returns a long instead.
+ - Fix system register accesses on Arm to use the proper 32/64bit access size.
+ - Various fixes for Arm OP-TEE mediator.
+ - Switch to domheap for Xen page tables.
+
+### Added
+ - 32bit Arm builds to the gitlab-ci automated tests.
+ - x86 full system tests to the gitlab-ci automated tests.
+ - Arm limited vPMU support for guests.
+ - Static physical memory allocation for dom0less on arm64.
+ - dom0less EFI support on arm64.
+ - GICD_ICPENDR register handling in vGIC emulation to support Zephyr OS.
+ - CPU feature leveling on arm64 platform with heterogeneous cores.
+ - Report unpopulated memory regions safe to use for external mappings, Arm and
+ device
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2021-11-20 02:38:28
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1895 (New)
Package is "xen"
Sat Nov 20 02:38:28 2021 rev:306 rq:932003 version:4.16.0_01
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2021-11-12 15:59:03.598559302
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.1895/xen.changes2021-11-20
02:39:17.320750755 +0100
@@ -1,0 +2,14 @@
+Wed Nov 17 07:25:37 MST 2021 - carn...@suse.com
+
+- Update to Xen 4.16.0 RC3 release
+ xen-4.16.0-testing-src.tar.bz2
+- Drop iPXE sources and patches. iPXE is only used by QEMU
+ traditional which has never shipped with SLE15.
+ ipxe.tar.bz2
+ ipxe-enable-nics.patch
+ ipxe-no-error-logical-not-parentheses.patch
+ ipxe-use-rpm-opt-flags.patch
+- Drop building ocaml xenstored in the spec file. There are no
+ plans or need to support this version.
+
+---
Old:
ipxe-enable-nics.patch
ipxe-no-error-logical-not-parentheses.patch
ipxe-use-rpm-opt-flags.patch
ipxe.tar.bz2
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.s1grCB/_old 2021-11-20 02:39:19.004745198 +0100
+++ /var/tmp/diff_new_pack.s1grCB/_new 2021-11-20 02:39:19.004745198 +0100
@@ -33,7 +33,6 @@
#
%define with_gdbsx 0
%define with_dom0_support 0
-%bcond_withxen_oxenstored
%ifarch x86_64
%bcond_without xen_debug
%bcond_without xen_stubdom
@@ -97,17 +96,8 @@
BuildRequires: makeinfo
%endif
%endif
-BuildRequires: ncurses-devel
-%if %{?with_dom0_support}0
-%if %{with xen_oxenstored}
-BuildRequires: ocaml
-BuildRequires: ocaml-compiler-libs
-BuildRequires: ocaml-findlib
-BuildRequires: ocaml-ocamldoc
-BuildRequires: ocaml-runtime
-%endif
-%endif
BuildRequires: acpica
+BuildRequires: ncurses-devel
BuildRequires: openssl-devel
BuildRequires: python3-devel
BuildRequires: xz-devel
@@ -137,9 +127,8 @@
Group: System/Kernel
Source0:xen-4.16.0-testing-src.tar.bz2
Source1:stubdom.tar.bz2
-Source2:ipxe.tar.bz2
-Source3:mini-os.tar.bz2
-Source4:xen-utils-0.1.tar.bz2
+Source2:mini-os.tar.bz2
+Source3:xen-utils-0.1.tar.bz2
Source9:xen.changes
Source10: README.SUSE
Source11: boot.xen
@@ -218,11 +207,10 @@
Patch451: xenconsole-no-multiple-connections.patch
Patch452: hibernate.patch
Patch453: stdvga-cache.patch
-Patch454: ipxe-enable-nics.patch
-Patch455: xl-save-pc.patch
-Patch456: pygrub-boot-legacy-sles.patch
-Patch457: pygrub-handle-one-line-menu-entries.patch
-Patch458: aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch
+Patch454: xl-save-pc.patch
+Patch455: pygrub-boot-legacy-sles.patch
+Patch456: pygrub-handle-one-line-menu-entries.patch
+Patch457: aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch
Patch461: libxl.max_event_channels.patch
Patch463: libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch
Patch464: libxl.pvscsi.patch
@@ -239,8 +227,6 @@
Patch601: x86-ioapic-ack-default.patch
Patch602: xenwatchdogd-restart.patch
Patch621: xen.build-compare.doc_html.patch
-Patch623: ipxe-no-error-logical-not-parentheses.patch
-Patch624: ipxe-use-rpm-opt-flags.patch
# Build patches
Patch6: xen.stubdom.newlib.patch
URL:http://www.cl.cam.ac.uk/Research/SRG/netos/xen/
@@ -416,7 +402,7 @@
%endif
%prep
-%setup -q -n %xen_build_dir -a 1 -a 2 -a 3 -a 4
+%setup -q -n %xen_build_dir -a 1 -a 2 -a 3
%autosetup -D -T -n %xen_build_dir -p1
%build
@@ -497,7 +483,6 @@
--disable-xen \
--enable-tools \
--enable-docs \
---disable-rombios \
--prefix=/usr \
--exec_prefix=/usr \
--bindir=%{_bindir} \
@@ -511,11 +496,6 @@
--docdir=%{_defaultdocdir}/xen \
--with-initddir=%{_initddir} \
--with-rundir=%{_rundir} \
-%if %{?with_dom0_support}0
-%if %{with xen_oxenstored}
- --with-xenstored=oxenstored \
-%endif
-%endif
--enable-systemd \
--with-systemd=%{_unitdir} \
--with-systemd-modules-load=%{with_systemd_modules_load} \
@@ -952,7 +932,6 @@
rm -rf %{buildroot}/%{_datadir}/man
rm -rf %{buildroot}/%{_libexecdir}/%{name}
rm -rf %{buildroot}/%{_libdir}/python*
-rm -rf %{buildroot}/%{_libdir}/ocaml*
rm -rf %{buildroot}/%{_unitdir}
rm -rf %{buildroot}/%{_fillupdir}
rm -rf %{buildroot}/%{with_systemd_modules_load}
@@ -,48 +1090,6 @@
%{_defaultdocdir}/xen/boot.xen
%{_mandir}/man*/*
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2021-11-12 15:58:59 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.1890 (New) Package is "xen" Fri Nov 12 15:58:59 2021 rev:305 rq:930561 version:4.16.0_01 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2021-09-16 23:16:48.839931376 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.1890/xen.changes2021-11-12 15:59:03.598559302 +0100 @@ -1,0 +2,34 @@ +Mon Nov 8 09:09:58 MST 2021 - carn...@suse.com + +- Update to Xen 4.16.0 RC2 release + xen-4.16.0-testing-src.tar.bz2 +- Modified files + ipxe-use-rpm-opt-flags.patch + ipxe.tar.bz2 (new version) + +--- +Mon Nov 1 11:15:13 MDT 2021 - carn...@suse.com + +- Update to Xen 4.16.0 RC1 release + xen-4.16.0-testing-src.tar.bz2 +- Drop patches contained in new tarball or invalid + 615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch + libxc-sr-383b41974d5543b62f3181d216070fe3691fb130.patch + libxc-sr-5588ebcfca774477cf823949e5703b0ac48818cc.patch + libxc-sr-9e59d9f8ee3808acde9833192211da25f66d8cc2.patch + libxc-sr-f17a73b3c0264c62dd6b5dae01ed621c051c3038.patch + xenstore-launch.patch + +--- +Wed Oct 6 08:19:42 MDT 2021 - carn...@suse.com + +- bsc#1191363 - VUL-0: CVE-2021-28702: xen: PCI devices with RMRRs + not deassigned correctly (XSA-386) + 615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch + +--- +Mon Sep 13 11:50:00 CEST 2021 - jbeul...@suse.com + +- Revert "Simplify %autosetup". + +--- Old: libxc-sr-383b41974d5543b62f3181d216070fe3691fb130.patch libxc-sr-5588ebcfca774477cf823949e5703b0ac48818cc.patch libxc-sr-9e59d9f8ee3808acde9833192211da25f66d8cc2.patch libxc-sr-f17a73b3c0264c62dd6b5dae01ed621c051c3038.patch xen-4.15.1-testing-src.tar.bz2 xenstore-launch.patch New: xen-4.16.0-testing-src.tar.bz2 Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.0sUO7F/_old 2021-11-12 15:59:05.410560126 +0100 +++ /var/tmp/diff_new_pack.0sUO7F/_new 2021-11-12 15:59:05.414560127 +0100 @@ -29,7 +29,7 @@ Name: xen ExclusiveArch: %ix86 x86_64 aarch64 %define changeset 41121 -%define xen_build_dir xen-4.15.1-testing +%define xen_build_dir xen-4.16.0-testing # %define with_gdbsx 0 %define with_dom0_support 0 @@ -130,12 +130,12 @@ %endif Provides: installhint(reboot-needed) -Version:4.15.1_01 +Version:4.16.0_01 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only Group: System/Kernel -Source0:xen-4.15.1-testing-src.tar.bz2 +Source0:xen-4.16.0-testing-src.tar.bz2 Source1:stubdom.tar.bz2 Source2:ipxe.tar.bz2 Source3:mini-os.tar.bz2 @@ -169,40 +169,36 @@ # Upstream patches # EMBARGOED security fixes # libxc -Patch301: libxc-sr-383b41974d5543b62f3181d216070fe3691fb130.patch -Patch302: libxc-sr-9e59d9f8ee3808acde9833192211da25f66d8cc2.patch -Patch303: libxc-sr-5588ebcfca774477cf823949e5703b0ac48818cc.patch -Patch304: libxc-sr-f17a73b3c0264c62dd6b5dae01ed621c051c3038.patch -Patch305: libxc-bitmap-long.patch -Patch306: libxc-sr-xl-migration-debug.patch -Patch307: libxc-sr-readv_exact.patch -Patch308: libxc-sr-save-show_transfer_rate.patch -Patch309: libxc-sr-save-mfns.patch -Patch310: libxc-sr-save-types.patch -Patch311: libxc-sr-save-errors.patch -Patch312: libxc-sr-save-iov.patch -Patch313: libxc-sr-save-rec_pfns.patch -Patch314: libxc-sr-save-guest_data.patch -Patch315: libxc-sr-save-local_pages.patch -Patch316: libxc-sr-restore-pfns.patch -Patch317: libxc-sr-restore-types.patch -Patch318: libxc-sr-restore-mfns.patch -Patch319: libxc-sr-restore-map_errs.patch -Patch320: libxc-sr-restore-populate_pfns-pfns.patch -Patch321: libxc-sr-restore-populate_pfns-mfns.patch -Patch322: libxc-sr-restore-read_record.patch -Patch323: libxc-sr-restore-handle_buffered_page_data.patch -Patch324: libxc-sr-restore-handle_incoming_page_data.patch -Patch325: libxc-sr-LIBXL_HAVE_DOMAIN_SUSPEND_PROPS.patch -Patch326: libxc-sr-precopy_policy.patch -Patch327: libxc-sr-max_iters.patch -Patch328: libxc-sr-min_remaining.patch -Patch329: libxc-sr-abort_if_busy.patch -Patch330: libxc-sr-xg_sr_bitmap.patch -Patch331:
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2021-07-26 17:37:53
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1899 (New)
Package is "xen"
Mon Jul 26 17:37:53 2021 rev:303 rq:907839 version:4.15.0_01
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2021-06-05 23:30:11.264297234
+0200
+++ /work/SRC/openSUSE:Factory/.xen.new.1899/xen.changes2021-07-26
17:37:56.450105330 +0200
@@ -1,0 +2,10 @@
+Thu Jul 22 22:33:51 UTC 2021 - James Fehlig
+
+- spec: Change the '--with-system-ovmf' configure option to use
+ the new Xen-specific ovmf firmware. The traditional, unified
+ firmwares will no longer support multi-VMM. For more information
+
+ https://bugzilla.tianocore.org/show_bug.cgi?id=1689
+ https://bugzilla.tianocore.org/show_bug.cgi?id=2122
+
+---
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.g7x2f4/_old 2021-07-26 17:37:58.078103374 +0200
+++ /var/tmp/diff_new_pack.g7x2f4/_new 2021-07-26 17:37:58.082103370 +0200
@@ -517,7 +517,7 @@
--enable-systemd \
--with-systemd=%{_unitdir} \
--with-systemd-modules-load=%{with_systemd_modules_load} \
- --with-system-ovmf=%{_datadir}/qemu/ovmf-x86_64-ms.bin \
+ --with-system-ovmf=%{_datadir}/qemu/ovmf-x86_64-xen-4m.bin \
--with-system-seabios=%{_datadir}/qemu/bios-256k.bin \
${configure_flags}
make -C tools/include/xen-foreign %{?_smp_mflags}
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2021-04-23 17:49:38
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.12324 (New)
Package is "xen"
Fri Apr 23 17:49:38 2021 rev:301 rq:886799 version:4.14.1_16
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2021-03-21 23:19:27.340720399
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.12324/xen.changes 2021-04-23
17:49:41.650698085 +0200
@@ -1,0 +2,19 @@
+Mon Apr 19 12:03:30 MDT 2021 - carn...@suse.com
+
+- bsc#1180491 - "Panic on CPU 0: IO-APIC + timer doesn't work!"
+ 60787714-x86-HPET-avoid-legacy-replacement-mode.patch
+ 60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
+- Upstream bug fixes (bsc#1027519)
+ 60410127-gcc11-adjust-rijndaelEncrypt.patch
+ 60422428-x86-shadow-avoid-fast-fault-path.patch
+ 604b9070-VT-d-disable-QI-IR-before-init.patch
+ 60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch)
+ 60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
+
+---
+Thu Mar 25 10:10:10 UTC 2021 - oher...@suse.de
+
+- bsc#1137251 - Restore changes for xen-dom0-modules.service which
+ were silently removed on 2019-10-17
+
+---
@@ -23,2 +42,2 @@
-- bsc#1183072 - VUL-0: xen: HVM soft-reset crashes toolstack (XSA-368)
- Also resolves,
+- bsc#1183072 - VUL-0: CVE-2021-28687: xen: HVM soft-reset crashes
+ toolstack (XSA-368). Also resolves,
Old:
xsa368.patch
New:
60410127-gcc11-adjust-rijndaelEncrypt.patch
60422428-x86-shadow-avoid-fast-fault-path.patch
604b9070-VT-d-disable-QI-IR-before-init.patch
60535c11-libxl-domain-soft-reset.patch
60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
60787714-x86-HPET-avoid-legacy-replacement-mode.patch
60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.L3j0Cr/_old 2021-04-23 17:49:43.218700781 +0200
+++ /var/tmp/diff_new_pack.L3j0Cr/_new 2021-04-23 17:49:43.222700788 +0200
@@ -130,7 +130,7 @@
%endif
Provides: installhint(reboot-needed)
-Version:4.14.1_14
+Version:4.14.1_16
Release:0
Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License:GPL-2.0-only
@@ -186,7 +186,13 @@
Patch16:602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
Patch17:602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
Patch18:6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
-Patch200: xsa368.patch
+Patch19:60410127-gcc11-adjust-rijndaelEncrypt.patch
+Patch20:60422428-x86-shadow-avoid-fast-fault-path.patch
+Patch21:604b9070-VT-d-disable-QI-IR-before-init.patch
+Patch22:60535c11-libxl-domain-soft-reset.patch
+Patch23:60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
+Patch24:60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
+Patch25:60787714-x86-HPET-avoid-legacy-replacement-mode.patch
# libxc
Patch300: libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch
Patch301: libxc-sr-readv_exact.patch
@@ -901,10 +907,35 @@
echo -n > $conf
done
`"
+> mods
for mod in $mods
do
- echo "ExecStart=-/bin/sh -c 'modprobe $mod || :'" >>
%{buildroot}/%{_unitdir}/${bn}
+ # load by alias, if possible, to handle pvops and xenlinux
+ alias="$mod"
+ case "$mod" in
+ xen-evtchn) ;;
+ xen-gntdev) ;;
+ xen-gntalloc) ;;
+ xen-blkback) alias='xen-backend:vbd' ;;
+ xen-netback) alias='xen-backend:vif' ;;
+ xen-pciback) alias='xen-backend:pci' ;;
+ evtchn) unset alias ;;
+ gntdev) unset alias ;;
+ netbk) alias='xen-backend:vif' ;;
+ blkbk) alias='xen-backend:vbd' ;;
+ xen-scsibk) unset alias ;;
+ usbbk) unset alias ;;
+ pciback) alias='xen-backend:pci' ;;
+ xen-acpi-processor) ;;
+ blktap2) unset alias ;;
+ *) ;;
+ esac
+ if test -n "${alias}"
+ then
+ echo "ExecStart=-/bin/sh -c 'modprobe $alias || :'" >> mods
+ fi
done
+sort -u mods | tee -a %{buildroot}/%{_unitdir}/${bn}
rm -rfv %{buildroot}/%{_initddir}
install -m644 %SOURCE35 %{buildroot}/%{_fillupdir}/sysconfig.pciback
++ 60410127-gcc11-adjust-rijndaelEncrypt.patch ++
# Commit c6ad5a701b9a6df443a6c98d9e7201c958bbcafc
# Date 2021-03-04 16:47:51 +0100
# Author Jan Beulich
#
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2021-03-21 23:19:24
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.2401 (New)
Package is "xen"
Sun Mar 21 23:19:24 2021 rev:300 rq:879873 version:4.14.1_14
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2021-03-02 12:31:08.571610683
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.2401/xen.changes2021-03-21
23:19:27.340720399 +0100
@@ -1,0 +2,29 @@
+Fri Mar 12 19:19:19 UTC 2021 - oher...@suse.de
+
+- bsc#1177112 - Fix libxc.sr.superpage.patch
+ The receiving side did detect holes in a to-be-allocated superpage,
+ but allocated a superpage anyway. This resulted to over-allocation.
+
+---
+Mon Mar 8 16:16:16 UTC 2021 - oher...@suse.de
+
+- bsc#1167608 - adjust limit for max_event_channels
+ A previous change allowed an unbound number of event channels
+ to make sure even large domUs can start of of the box.
+ This may have a bad side effect in the light of XSA-344.
+ Adjust the built-in limit based on the number of vcpus.
+ In case this is not enough, max_event_channels=/maxEventChannels=
+ has to be used to set the limit as needed for large domUs
+ adjust libxl.max_event_channels.patch
+
+---
+Fri Mar 5 08:49:56 MST 2021 - carn...@suse.com
+
+- bsc#1183072 - VUL-0: xen: HVM soft-reset crashes toolstack (XSA-368)
+ Also resolves,
+bsc#1179148 - kdump of HVM fails, soft-reset not handled by libxl
+bsc#1181989 - openQA job causes libvirtd to dump core when
+running kdump inside domain
+ xsa368.patch
+
+---
New:
xsa368.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.GSkM1v/_old 2021-03-21 23:19:28.812720904 +0100
+++ /var/tmp/diff_new_pack.GSkM1v/_new 2021-03-21 23:19:28.816720906 +0100
@@ -130,7 +130,7 @@
%endif
Provides: installhint(reboot-needed)
-Version:4.14.1_12
+Version:4.14.1_14
Release:0
Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License:GPL-2.0-only
@@ -186,6 +186,7 @@
Patch16:602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
Patch17:602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
Patch18:6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
+Patch200: xsa368.patch
# libxc
Patch300: libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch
Patch301: libxc-sr-readv_exact.patch
++ libxc.sr.superpage.patch ++
--- /var/tmp/diff_new_pack.GSkM1v/_old 2021-03-21 23:19:29.116721009 +0100
+++ /var/tmp/diff_new_pack.GSkM1v/_new 2021-03-21 23:19:29.116721009 +0100
@@ -470,7 +470,7 @@
free(ctx->x86.restore.cpuid.ptr);
free(ctx->x86.restore.msr.ptr);
-@@ -249,6 +277,368 @@ static int x86_hvm_cleanup(struct xc_sr_
+@@ -249,6 +277,380 @@ static int x86_hvm_cleanup(struct xc_sr_
return 0;
}
@@ -707,6 +707,18 @@
+return -1;
+}
+
++pfn = gap_start >> SUPERPAGE_1GB_SHIFT;
++do
++{
++xc_sr_set_bit(pfn, >x86.hvm.restore.attempted_1g);
++} while (++pfn <= gap_end >> SUPERPAGE_1GB_SHIFT);
++
++pfn = gap_start >> SUPERPAGE_2MB_SHIFT;
++do
++{
++xc_sr_set_bit(pfn, >x86.hvm.restore.attempted_2m);
++} while (++pfn <= gap_end >> SUPERPAGE_2MB_SHIFT);
++
+pfn = gap_start;
+
+while ( pfn <= gap_end )
@@ -839,7 +851,7 @@
struct xc_sr_restore_ops restore_ops_x86_hvm =
{
.pfn_is_valid= x86_hvm_pfn_is_valid,
-@@ -257,6 +647,7 @@ struct xc_sr_restore_ops restore_ops_x86
+@@ -257,6 +659,7 @@ struct xc_sr_restore_ops restore_ops_x86
.set_page_type = x86_hvm_set_page_type,
.localise_page = x86_hvm_localise_page,
.setup = x86_hvm_setup,
++ libxl.LIBXL_HOTPLUG_TIMEOUT.patch ++
--- /var/tmp/diff_new_pack.GSkM1v/_old 2021-03-21 23:19:29.128721013 +0100
+++ /var/tmp/diff_new_pack.GSkM1v/_new 2021-03-21 23:19:29.128721013 +0100
@@ -294,7 +294,7 @@
/* private */
libxl__ev_time time;
libxl__ev_child child;
-@@ -4845,6 +4848,9 @@ int libxl__is_domid_recent(libxl__gc *gc
+@@ -4847,6 +4850,9 @@ int libxl__is_domid_recent(libxl__gc *gc
#endif
++ libxl.max_event_channels.patch ++
--- /var/tmp/diff_new_pack.GSkM1v/_old 2021-03-21 23:19:29.144721018 +0100
+++ /var/tmp/diff_new_pack.GSkM1v/_new 2021-03-21 23:19:29.148721020 +0100
@@ -3,6 +3,11 @@
1023 is too low for a three digit value of vcpus
it is difficult to make the
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2021-03-02 12:28:08 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.2378 (New) Package is "xen" Tue Mar 2 12:28:08 2021 rev:299 rq:875549 version:4.14.1_12 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2021-02-17 18:09:09.605823781 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.2378/xen.changes2021-03-02 12:31:08.571610683 +0100 @@ -1,0 +2,29 @@ +Tue Feb 26 14:00:00 CET 2021 - jbeul...@suse.com + +- bsc#1177204 - L3-Question: conring size for XEN HV's with huge + memory to small. Inital Xen logs cut + 5ffc58c4-ACPI-reduce-verbosity-by-default.patch +- Upstream bug fixes (bsc#1027519) + 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch + 602bd768-page_alloc-only-flush-after-scrubbing.patch + 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch + 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch + 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch + 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch +- bsc#1181921 - GCC 11: xen package fails + gcc11-fixes.patch + +--- +Tue Feb 23 10:00:26 MST 2021 - carn...@suse.com + +- bsc#1182576 - L3: XEN domU crashed on resume when using the xl + unpause command + 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch + +--- +Thu Feb 18 11:42:54 MST 2021 - carn...@suse.com + +- Start using the %autosetup macro to simplify patch management + xen.spec + +--- New: 5ffc58c4-ACPI-reduce-verbosity-by-default.patch 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch 602bd768-page_alloc-only-flush-after-scrubbing.patch 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.MrJpcp/_old 2021-03-02 12:31:10.319611896 +0100 +++ /var/tmp/diff_new_pack.MrJpcp/_new 2021-03-02 12:31:10.319611896 +0100 @@ -130,26 +130,27 @@ %endif Provides: installhint(reboot-needed) -Version:4.14.1_11 +Version:4.14.1_12 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only Group: System/Kernel Source0:xen-4.14.1-testing-src.tar.bz2 Source1:stubdom.tar.bz2 -Source5:ipxe.tar.bz2 -Source6:mini-os.tar.bz2 +Source2:ipxe.tar.bz2 +Source3:mini-os.tar.bz2 +Source4:xen-utils-0.1.tar.bz2 Source9:xen.changes Source10: README.SUSE Source11: boot.xen Source12: boot.local.xenU Source13: xen-supportconfig -Source15: logrotate.conf +Source14: logrotate.conf Source21: block-npiv-common.sh Source22: block-npiv Source23: block-npiv-vport -Source26: init.xen_loop -Source29: block-dmmd +Source24: block-dmmd +Source28: init.xen_loop # Xen API remote authentication sources Source30: etc_pam.d_xen-api Source31: xenapiusers @@ -160,7 +161,6 @@ # Systemd service files Source41: xencommons.service Source42: xen-dom0-modules.service -Source57: xen-utils-0.1.tar.bz2 Source10172:xendomains-wait-disks.sh Source10173:xendomains-wait-disks.LICENSE Source10174:xendomains-wait-disks.README.md @@ -172,12 +172,20 @@ Patch2: 5fedf9f4-x86-hpet_setup-fix-retval.patch Patch3: 5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch Patch4: 5ff71655-x86-dpci-EOI-regardless-of-masking.patch -Patch5: 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch -Patch6: 600999ad-x86-dpci-do-not-remove-pirqs-from.patch -Patch7: 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch -Patch8: 6011bbc7-x86-timer-fix-boot-without-PIT.patch -Patch9: 6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch -Patch10:6013e546-x86-HVM-reorder-domain-init-error-path.patch +Patch5: 5ffc58c4-ACPI-reduce-verbosity-by-default.patch +Patch6: 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch +Patch7: 600999ad-x86-dpci-do-not-remove-pirqs-from.patch +Patch8: 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch +Patch9: 6011bbc7-x86-timer-fix-boot-without-PIT.patch +Patch10:
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2021-02-17 18:08:47
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.28504 (New)
Package is "xen"
Wed Feb 17 18:08:47 2021 rev:298 rq:871003 version:4.14.1_11
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2021-01-26 14:44:46.639257780
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.28504/xen.changes 2021-02-17
18:09:09.605823781 +0100
@@ -1,0 +2,22 @@
+Wed Feb 10 12:52:00 MST 2021 - carn...@suse.com
+
+- bsc#1181921 - GCC 11: xen package fails
+ gcc11-fixes.patch
+- Drop gcc10-fixes.patch
+
+---
+Tue Feb 2 05:37:27 MST 2021 - carn...@suse.com
+
+- Upstream bug fixes (bsc#1027519)
+ 5fedf9f4-x86-hpet_setup-fix-retval.patch
+ 5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
+ 5ff71655-x86-dpci-EOI-regardless-of-masking.patch
+ 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
+ 600999ad-x86-dpci-do-not-remove-pirqs-from.patch (Replaces xsa360.patch)
+ 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
+ 6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
+ 6013e546-x86-HVM-reorder-domain-init-error-path.patch
+- bsc#1180491 - "Panic on CPU 0: IO-APIC + timer doesn't work!"
+ 6011bbc7-x86-timer-fix-boot-without-PIT.patch
+
+---
Old:
gcc10-fixes.patch
xsa360.patch
New:
5fedf9f4-x86-hpet_setup-fix-retval.patch
5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
5ff71655-x86-dpci-EOI-regardless-of-masking.patch
5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
600999ad-x86-dpci-do-not-remove-pirqs-from.patch
600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
6011bbc7-x86-timer-fix-boot-without-PIT.patch
6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
6013e546-x86-HVM-reorder-domain-init-error-path.patch
gcc11-fixes.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.h87FzB/_old 2021-02-17 18:09:11.277825149 +0100
+++ /var/tmp/diff_new_pack.h87FzB/_new 2021-02-17 18:09:11.281825152 +0100
@@ -130,7 +130,7 @@
%endif
Provides: installhint(reboot-needed)
-Version:4.14.1_08
+Version:4.14.1_11
Release:0
Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License:GPL-2.0-only
@@ -169,7 +169,15 @@
Source99: baselibs.conf
# Upstream patches
Patch1: 5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch
-Patch36001: xsa360.patch
+Patch2: 5fedf9f4-x86-hpet_setup-fix-retval.patch
+Patch3: 5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
+Patch4: 5ff71655-x86-dpci-EOI-regardless-of-masking.patch
+Patch5: 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
+Patch6: 600999ad-x86-dpci-do-not-remove-pirqs-from.patch
+Patch7: 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
+Patch8: 6011bbc7-x86-timer-fix-boot-without-PIT.patch
+Patch9: 6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
+Patch10:6013e546-x86-HVM-reorder-domain-init-error-path.patch
# libxc
Patch300: libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch
Patch301: libxc-sr-readv_exact.patch
@@ -214,7 +222,7 @@
Patch420: suspend_evtchn_lock.patch
Patch422: stubdom-have-iovec.patch
Patch423: vif-route.patch
-Patch424: gcc10-fixes.patch
+Patch424: gcc11-fixes.patch
# Other bug fixes or features
Patch451: xenconsole-no-multiple-connections.patch
Patch452: hibernate.patch
@@ -427,7 +435,15 @@
%setup -q -n %xen_build_dir -a 1 -a 5 -a 6 -a 57
# Upstream patches
%patch1 -p1
-%patch36001 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
# libxc
%patch300 -p1
%patch301 -p1
++ 5fedf9f4-x86-hpet_setup-fix-retval.patch ++
# Commit 83736c567d6b64dbce98f251ca72e7870f556421
# Date 2020-12-31 16:19:00 +
# Author Andrew Cooper
# Committer Andrew Cooper
x86/hpet: Fix return value of hpet_setup()
hpet_setup() is idempotent if the rate has already been calculated, and
returns the cached value. However, this only works correctly when the return
statements are identical.
Use a sensibly named local variable, rather than a dead one with a bad name.
Fixes: a60bb68219 ("x86/time: reduce rounding errors in calculations")
Signed-off-by: Andrew Cooper
Reviewed-by: Roger Pau Monn??
--- a/xen/arch/x86/hpet.c
+++ b/xen/arch/x86/hpet.c
@@ -769,7 +769,7 @@ u64 __init hpet_setup(void)
{
static
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2021-01-26 14:44:43
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.28504 (New)
Package is "xen"
Tue Jan 26 14:44:43 2021 rev:297 rq:866148 version:4.14.1_08
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2021-01-22 21:49:20.501595301
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.28504/xen.changes 2021-01-26
14:44:46.639257780 +0100
@@ -1,0 +2,6 @@
+Thu Jan 21 08:46:20 MST 2021 - carn...@suse.com
+
+- bsc#1181254 - VUL-0: xen: IRQ vector leak on x86 (XSA-360)
+ xsa360.patch
+
+---
New:
xsa360.patch
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.2qywNC/_old 2021-01-26 14:44:48.399260504 +0100
+++ /var/tmp/diff_new_pack.2qywNC/_new 2021-01-26 14:44:48.403260510 +0100
@@ -130,7 +130,7 @@
%endif
Provides: installhint(reboot-needed)
-Version:4.14.1_06
+Version:4.14.1_08
Release:0
Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License:GPL-2.0-only
@@ -169,6 +169,7 @@
Source99: baselibs.conf
# Upstream patches
Patch1: 5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch
+Patch36001: xsa360.patch
# libxc
Patch300: libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch
Patch301: libxc-sr-readv_exact.patch
@@ -426,6 +427,7 @@
%setup -q -n %xen_build_dir -a 1 -a 5 -a 6 -a 57
# Upstream patches
%patch1 -p1
+%patch36001 -p1
# libxc
%patch300 -p1
%patch301 -p1
++ libxc.migrate_tracking.patch ++
--- /var/tmp/diff_new_pack.2qywNC/_old 2021-01-26 14:44:48.663260912 +0100
+++ /var/tmp/diff_new_pack.2qywNC/_new 2021-01-26 14:44:48.663260912 +0100
@@ -1,8 +1,6 @@
Track live migration state unconditionally in logfiles to see how long a domU
was suspended.
Depends on libxc.sr.superpage.patch
-Index: xen-4.14.1-testing/tools/libs/toollog/include/xentoollog.h
-===
--- xen-4.14.1-testing.orig/tools/libs/toollog/include/xentoollog.h
+++ xen-4.14.1-testing/tools/libs/toollog/include/xentoollog.h
@@ -133,6 +133,7 @@ const char *xtl_level_to_string(xentooll
@@ -13,8 +11,6 @@
#endif /* XENTOOLLOG_H */
/*
-Index: xen-4.14.1-testing/tools/libxc/xc_domain.c
-===
--- xen-4.14.1-testing.orig/tools/libxc/xc_domain.c
+++ xen-4.14.1-testing/tools/libxc/xc_domain.c
@@ -69,20 +69,28 @@ int xc_domain_cacheflush(xc_interface *x
@@ -48,8 +44,6 @@
}
-Index: xen-4.14.1-testing/tools/libxc/xc_private.h
-===
--- xen-4.14.1-testing.orig/tools/libxc/xc_private.h
+++ xen-4.14.1-testing/tools/libxc/xc_private.h
@@ -42,6 +42,15 @@
@@ -68,8 +62,6 @@
#if defined(HAVE_VALGRIND_MEMCHECK_H) && !defined(NDEBUG) &&
!defined(__MINIOS__)
/* Compile in Valgrind client requests? */
#include
-Index: xen-4.14.1-testing/tools/libxc/xc_resume.c
-===
--- xen-4.14.1-testing.orig/tools/libxc/xc_resume.c
+++ xen-4.14.1-testing/tools/libxc/xc_resume.c
@@ -284,7 +284,10 @@ out:
@@ -84,8 +76,6 @@
+SUSEINFO("domid %u: %s%s returned %d", domid, __func__, fast ? "
fast" : "", ret);
+return ret;
}
-Index: xen-4.14.1-testing/tools/libxc/xc_sr_common.c
-===
--- xen-4.14.1-testing.orig/tools/libxc/xc_sr_common.c
+++ xen-4.14.1-testing/tools/libxc/xc_sr_common.c
@@ -204,6 +204,65 @@ bool _xc_sr_bitmap_resize(struct xc_sr_b
@@ -154,8 +144,6 @@
/*
* Local variables:
* mode: C
-Index: xen-4.14.1-testing/tools/libxc/xc_sr_common.h
-===
--- xen-4.14.1-testing.orig/tools/libxc/xc_sr_common.h
+++ xen-4.14.1-testing/tools/libxc/xc_sr_common.h
@@ -268,6 +268,7 @@ struct xc_sr_context
@@ -175,8 +163,6 @@
struct xc_sr_record
{
uint32_t type;
-Index: xen-4.14.1-testing/tools/libxc/xc_sr_restore.c
-===
--- xen-4.14.1-testing.orig/tools/libxc/xc_sr_restore.c
+++ xen-4.14.1-testing/tools/libxc/xc_sr_restore.c
@@ -875,6 +875,7 @@ static int restore(struct xc_sr_context
@@ -203,8 +189,6 @@
if ( read_headers() )
return -1;
-Index: xen-4.14.1-testing/tools/libxc/xc_sr_save.c
-===
---
commit xen for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2021-01-22 21:49:19
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.28504 (New)
Package is "xen"
Fri Jan 22 21:49:19 2021 rev:296 rq:864498 version:4.14.1_06
Changes:
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2021-01-06 19:55:58.245008330
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.28504/xen.changes 2021-01-22
21:49:20.501595301 +0100
@@ -1,0 +2,13 @@
+Wed Jan 13 14:27:51 MST 2021 - carn...@suse.com
+
+- bsc#1180794 - bogus qemu binary path used when creating fv guest
+ under xen
+ xen.spec
+
+---
+Wed Jan 13 10:36:49 MST 2021 - carn...@suse.com
+
+- bsc#1180690 - L3-Question: xen: no needsreboot flag set
+ Add Provides: installhint(reboot-needed) in xen.spec for libzypp
+
+---
Other differences:
--
++ xen.spec ++
--- /var/tmp/diff_new_pack.jblw4X/_old 2021-01-22 21:49:22.101597570 +0100
+++ /var/tmp/diff_new_pack.jblw4X/_new 2021-01-22 21:49:22.105597576 +0100
@@ -22,6 +22,10 @@
%define _fillupdir /var/adm/fillup-templates
%endif
+# Tumbleweed now defines _libexecdir as /usr/libexec
+# Keep it at the original location (/usr/lib) for backward compatibility
+%define _libexecdir /usr/lib
+
Name: xen
ExclusiveArch: %ix86 x86_64 aarch64
%define changeset 41121
@@ -124,8 +128,9 @@
%ifarch x86_64
BuildRequires: pesign-obs-integration
%endif
+Provides: installhint(reboot-needed)
-Version:4.14.1_05
+Version:4.14.1_06
Release:0
Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License:GPL-2.0-only
@@ -862,7 +867,7 @@
# /usr/bin/qemu-system-i386
# Using qemu-system-x86_64 will result in an incompatible VM
%ifarch x86_64 aarch64
-hardcoded_path_in_existing_domU_xml='/usr/lib/xen/bin'
+hardcoded_path_in_existing_domU_xml='%{_libexecdir}/%{name}/bin'
mkdir -vp %{buildroot}${hardcoded_path_in_existing_domU_xml}
tee
%{buildroot}${hardcoded_path_in_existing_domU_xml}/qemu-system-%{qemu_arch} <<
'EOF'
#!/bin/sh
@@ -870,6 +875,7 @@
exec %{_bindir}/qemu-system-%{qemu_arch} "$@"
EOF
chmod 0755
%{buildroot}${hardcoded_path_in_existing_domU_xml}/qemu-system-%{qemu_arch}
+
#
unit='%{_libexecdir}/%{name}/bin/xendomains-wait-disks'
mkdir -vp '%{buildroot}%{_libexecdir}/%{name}/bin'
@@ -1119,12 +1125,11 @@
%dir /usr/lib/supportconfig
%dir /usr/lib/supportconfig/plugins
/usr/lib/supportconfig/plugins/xen
-%dir /usr/lib/xen
-%dir /usr/lib/xen/bin
-/usr/lib/xen/bin/qemu-system-%{qemu_arch}
-%{_libexecdir}/%{name}
+%dir %{_libexecdir}/%{name}
+%{_libexecdir}/%{name}/bin
%exclude %{_libexecdir}/%{name}-tools-domU
%ifarch x86_64
+%{_libexecdir}/%{name}/boot
%exclude %{_libexecdir}/%{name}/bin/xendomains-wait-disks
%endif
%{_fillupdir}/sysconfig.pciback
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-12-21 10:22:13 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.5145 (New) Package is "xen" Mon Dec 21 10:22:13 2020 rev:294 rq:856892 version:4.14.1_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-11-12 22:33:05.63007 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.5145/xen.changes2020-12-21 10:22:48.911948729 +0100 @@ -1,0 +2,127 @@ +Thu Dec 17 10:15:31 MST 2020 - carn...@suse.com + +- Update to Xen 4.14.1 bug fix release (bsc#1027519) + xen-4.14.1-testing-src.tar.bz2 + Contains the following recent security fixes + bsc#1179516 XSA-359 - CVE-2020-29571 + bsc#1179514 XSA-358 - CVE-2020-29570 + bsc#1179513 XSA-356 - CVE-2020-29567 + bsc#1178963 XSA-355 - CVE-2020-29040 + bsc#1178591 XSA-351 - CVE-2020-28368 + bsc#1179506 XSA-348 - CVE-2020-29566 + bsc#1179502 XSA-325 - CVE-2020-29483 + bsc#1179501 XSA-324 - CVE-2020-29484 + bsc#1179498 XSA-322 - CVE-2020-29481 + bsc#1179496 XSA-115 - CVE-2020-29480 +- Dropped patches contained in new tarball + 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch + 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch + 5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch + 5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch + 5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch + 5f560c42-x86-PV-64bit-segbase-consistency.patch + 5f560c42-x86-PV-rewrite-segment-ctxt-switch.patch + 5f5b6b7a-hypfs-fix-custom-param-writes.patch + 5f607915-x86-HVM-more-consistent-IO-completion.patch + 5f6a002d-x86-PV-handle-MSR_MISC_ENABLE-correctly.patch + 5f6a0049-memory-dont-skip-RCU-unlock-in-acquire_resource.patch + 5f6a0067-x86-vPT-fix-race-when-migrating-timers.patch + 5f6a008e-x86-MSI-drop-read_msi_msg.patch + 5f6a00aa-x86-MSI-X-restrict-reading-of-PBA-bases.patch + 5f6a00c4-evtchn-relax-port_is_valid.patch + 5f6a00df-x86-PV-avoid-double-exception-injection.patch + 5f6a00f4-evtchn-add-missing-barriers.patch + 5f6a0111-evtchn-x86-enforce-correct-upper-limit.patch + 5f6a013f-evtchn_reset-shouldnt-succeed-with.patch + 5f6a0160-evtchn-IRQ-safe-per-channel-lock.patch + 5f6a0178-evtchn-address-races-with-evtchn_reset.patch + 5f6a01a4-evtchn-preempt-in-evtchn_destroy.patch + 5f6a01c6-evtchn-preempt-in-evtchn_reset.patch + 5f6cfb5b-x86-PV-dont-GP-for-SYSENTER-with-NT-set.patch + 5f6cfb5b-x86-PV-dont-clobber-NT-on-return-to-guest.patch + 5f71a21e-x86-S3-fix-shadow-stack-resume.patch + 5f76ca65-evtchn-Flask-prealloc-for-send.patch + 5f76caaf-evtchn-FIFO-use-stable-fields.patch + 5f897c25-x86-traps-fix-read_registers-for-DF.patch + 5f897c7b-x86-smpboot-restrict-memguard_guard_stack.patch + 5f8ed5d3-x86-mm-map_pages_to_xen-single-exit-path.patch + 5f8ed5eb-x86-mm-modify_xen_mappings-one-exit-path.patch + 5f8ed603-x86-mm-prevent-races-in-mapping-updates.patch + 5f8ed635-IOMMU-suppress-iommu_dont_flush_iotlb-when.patch + 5f8ed64c-IOMMU-hold-page-ref-until-TLB-flush.patch + 5f8ed682-AMD-IOMMU-convert-amd_iommu_pte.patch + 5f8ed69c-AMD-IOMMU-update-live-PTEs-atomically.patch + 5f8ed6b0-AMD-IOMMU-suitably-order-DTE-mods.patch + xsa286-1.patch + xsa286-2.patch + xsa286-3.patch + xsa286-4.patch + xsa286-5.patch + xsa286-6.patch + xsa351-1.patch + xsa351-2.patch + xsa351-3.patch + xsa355.patch + +--- +Tue Dec 15 15:15:15 UTC 2020 - oher...@suse.de + +- bsc#1178736 - allow restart of xenwatchdogd, enable tuning of + keep-alive interval and timeout options via XENWATCHDOGD_ARGS= + add xenwatchdogd-options.patch + add xenwatchdogd-restart.patch + +--- +Tue Dec 15 10:10:10 UTC 2020 - oher...@suse.de + +- bsc#1177112 - Fix libxc.sr.superpage.patch + The receiving side may punch holes incorrectly into optimistically + allocated superpages. Also reduce overhead in bitmap handling. + add libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch + add libxc-bitmap-long.patch + add libxc-bitmap-longs.patch + +--- +Mon Dec 14 14:22:08 MST 2020 - carn...@suse.com + +- boo#1029961 - Move files in xen-tools-domU to /usr/bin from /bin + xen-destdir.patch + Drop tmp_build.patch + +--- +Fri Dec 4 06:54:08 MST 2020 - carn...@suse.com + +- bsc#1176782 - L3: xl dump-core shows missing nr_pages during + core. If maxmem and current are the same the issue doesn't happen + 5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch + +--- +Fri Nov 20 15:09:49 MST 2020 - carn...@suse.com + +- bsc#1178963 - VUL-0: xen: stack corruption
