.
>
> No functional change.
>
> Signed-off-by: Federico Serafini
Acked-by: Marek Marczykowski-Górecki
> ---
> xen/common/efi/runtime.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c
&g
ot
> > contain any expression which has potential side effect).
> >
> > Refactor the code to address the rule violation.
> >
> > Suggested-by: Andrew Cooper
> > Signed-off-by: Federico Serafini
>
> Reviewed-by: Stefano Stabellini
Acked-by: Marek M
eless, it
looks like it might have uncovered some issue that would be silently
ignored otherwise.
[1] https://github.com/QubesOS/qubes-issues/issues/9488#issuecomment-2389152014
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
It will be useful for further tests.
Signed-off-by: Marek Marczykowski-Górecki
---
Changes in v2:
- deduplicate via collect_xen_artifacts function
---
automation/scripts/build | 16 +---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/automation/scripts/build b
Check if xen.efi is bootable with an XTF dom0.
The multiboot2+EFI path is tested on hardware tests already.
Signed-off-by: Marek Marczykowski-Górecki
---
This requires rebuilding debian:bookworm container.
Changes in v2:
- drop forcing TEST_TIMEOUT in the script - now can be set from test.yml
Marek Marczykowski-Górecki (3):
automation: preserve built xen.efi
automation: add a smoke test for xen.efi on X86
automation: shorten the timeout for smoke tests
automation/build/debian/bookworm.dockerfile | 1 +-
automation/gitlab-ci/test.yaml | 20 --
automation
The smoke tests when successful complete in about 5s. Don't waste
20min+ on failure, shorten the timeout to 120s
Signed-off-by: Marek Marczykowski-Górecki
---
automation/gitlab-ci/test.yaml | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/automation/gitl
>
> Signed-off-by: Stefano Stabellini
with commit message fixed:
Reviewed-by: Marek Marczykowski-Górecki
> diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml
> index 8675016b6a..e947736195 100644
> --- a/automation/gitlab-ci/test.yaml
> +++ b/au
es.
>
> Reviewed-by: Daniel P. Smith
Since it seems it's only the other patch causing issues, for this one:
Acked-by: Marek Marczykowski-Górecki
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
On Thu, Oct 03, 2024 at 10:27:15AM +0100, Frediano Ziglio wrote:
> On Thu, Oct 3, 2024 at 2:11 AM Marek Marczykowski-Górecki
> wrote:
> >
> > On Wed, Oct 02, 2024 at 04:27:19PM +0100, Frediano Ziglio wrote:
> > > On Wed, Oct 2, 2024 at 3:04 PM Marek Marczy
On Wed, Oct 02, 2024 at 04:27:19PM +0100, Frediano Ziglio wrote:
> On Wed, Oct 2, 2024 at 3:04 PM Marek Marczykowski-Górecki
> wrote:
> >
> > On Tue, Oct 01, 2024 at 11:22:37AM +0100, Frediano Ziglio wrote:
> > > This series came from part of the work of removing dupl
On Wed, Oct 02, 2024 at 04:30:25PM -0700, Stefano Stabellini wrote:
> On Thu, 3 Oct 2024, Marek Marczykowski-Górecki wrote:
> > The problem is this doesn't work. The group-level variable overrides the
> > one in yaml. See the commit message and the link there...
>
> No
On Wed, Oct 02, 2024 at 03:22:59PM -0700, Stefano Stabellini wrote:
> I forgot to reply to one important part below
>
>
> On Wed, 2 Oct 2024, Stefano Stabellini wrote:
> > On Wed, 2 Oct 2024, Marek Marczykowski-Górecki wrote:
> > > Check if xen.efi is bootable with an
On Wed, Oct 02, 2024 at 09:42:13PM +0100, Andrew Cooper wrote:
> On 02/10/2024 1:42 pm, Marek Marczykowski-Górecki wrote:
> > It will be useful for further tests.
> >
> > Signed-off-by: Marek Marczykowski-Górecki
> > ---
> > automation/scripts/build | 7 ++-
en/arch/x86/efi/mbi2.c| 66 +++
> xen/arch/x86/efi/stub.c| 10 +--
> xen/arch/x86/include/asm/efi.h | 18
> 6 files changed, 123 insertions(+), 125 deletions(-)
> create mode 100644 xen/arch/x86/efi/mbi2.c
> create mode 100644 xen/arch/x86/include/asm/efi.h
>
> --
> 2.34.1
>
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
On Wed, Oct 02, 2024 at 02:41:55PM +0200, Marek Marczykowski-Górecki wrote:
> Check if xen.efi is bootable with an XTF dom0.
>
> The TEST_TIMEOUT is set in the script to override project-global value.
> Setting it in the gitlab yaml file doesn't work, as it's too l
is tested on hardware tests already.
Signed-off-by: Marek Marczykowski-Górecki
---
This requires rebuilding debian:bookworm container.
The TEST_TIMEOUT issue mentioned above applies to xilix-* jobs too. It's
not clear to me why the default TEST_TIMEOUT is set at the group level
instead of i
It will be useful for further tests.
Signed-off-by: Marek Marczykowski-Górecki
---
automation/scripts/build | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/automation/scripts/build b/automation/scripts/build
index b3c71fb6fb60..4cd41cb2c471 100755
--- a/automation
is tested on hardware tests already.
Signed-off-by: Marek Marczykowski-Górecki
---
This requires rebuilding debian:bookworm container.
The TEST_TIMEOUT issue mentioned above applies to xilix-* jobs too. It's
not clear to me why the default TEST_TIMEOUT is set at the group level
instead of i
iano Ziglio
I was hoping it would fix also an issue with xen.efi as the crash is
pretty similar
(https://github.com/QubesOS/qubes-issues/issues/8206#issuecomment-2366835136),
but it seems to be something different.
Anyway,
Acked-by: Marek Marczykowski-Górecki
> ---
> xen/common/efi/boot.c |
f the function
> logic, so that panic messages with workaround suggestions are suitably
> printed.
>
> Signed-off-by: Roger Pau Monné
Since this changes behavior for running on EFI,
Acked-by: Marek Marczykowski-Górecki
> ---
> Changes since v2:
> - Updated to match previous
gt; It's a bit awkward, but this should do:
>
> {
> #ifdef CONFIG_XEN_GUEST
> wallclock_source = WALLCLOCK_XEN;
> #else
> no_config_param("XEN_GUEST", "wallclock", s, ss);
> #endif
> }
Can you boot the binary build with CONFIG_XEN_GUEST=y as native? If so,
the above will not be enough, a runtime check is needed anyway.
> There probably wants to be something similar for EFI, although it's not
> a plain CONFIG so it might be more tricky.
It needs to be runtime check here even more. Not only because of
different boot modes, but due to interaction with efi=no-rs (or any
other reason for not having runtime services). See the comment there.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
On Thu, Sep 12, 2024 at 03:47:53PM +0200, Roger Pau Monné wrote:
> On Thu, Sep 12, 2024 at 03:30:29PM +0200, Marek Marczykowski-Górecki wrote:
> > On Thu, Sep 12, 2024 at 02:56:55PM +0200, Roger Pau Monné wrote:
> > > On Thu, Sep 12, 2024 at 01:57:00PM +0200, Jan Beulich
> the last option overrides any previous one, and hence if that last
> option is not valid the logic will fallback to the default selection
> (in this case to probing).
That would be my expectation too. If some kind of preference would be
expected, it should looks like wallclock=efi,cmos, but I don't think we
need that.
> Thinking about this, it might make sense to unconditionally set
> wallclock_source = WALLCLOCK_UNSET at the start of parse_wallclock()
> to avoid previous instances carrying over if later ones are not valid.
This may be a good idea. But more importantly, the behavior should be
included in the option documentation (that if a selected value is not
available, it fallback to auto). And maybe a log message when that
happens (but I'm okay with skipping this one, as selected wallclock
source is logged already)?
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
/ property in descriptions of such patches.
I guess it's because guest_handle_cast() is a macro, yet it's lowercase
so looks like a function? Wasn't there some other MISRA rule about
lowercase/uppercase for macro names?
And yes, I don't really see why this would violate the side effect rule
either.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
On Fri, Sep 06, 2024 at 12:30:03PM +0200, Linux regression tracking (Thorsten
Leemhuis) wrote:
> On 08.08.24 12:31, Marek Marczykowski-Górecki wrote:
> >
> > When testing Linux 6.11-rc2, I've got the crash like below. It's a PVH
> > guest started with 400MB me
levant for Xen.
> >
> > Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> > 36e4fc57fc16
> >
> > Signed-off-by: Nikola Jelic
> > Signed-off-by: Milan Djokic
Acked-by: Marek Marczykowski-Górecki
> This looks okay to me now, but
On Thu, Aug 08, 2024 at 01:22:30PM +0200, Jan Beulich wrote:
> On 23.07.2024 16:28, Marek Marczykowski-Górecki wrote:
> > I'm observing a crash like the one below when trying to resume from S3.
> > It happens on Xen nested in KVM (QEMU 9.0, Linux 6.9.3) but only on AMD.
> &
ps://github.com/QubesOS/qubes-linux-kernel/blob/005ae1ac3819d957379e48fb2cfd33f511a47275/config-qubes
(options set in the latter takes precedence)
Especially, it has:
CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y
CONFIG_XEN_UNPOPULATED_ALLOC=y
#regzbot introduced: v6.10..v6.11-rc2
--
Best Regards,
Marek Marczykowski-Górecki
Invisi
On Wed, Aug 07, 2024 at 12:26:26PM +0200, Jürgen Groß wrote:
> On 07.08.24 12:23, Marek Marczykowski-Górecki wrote:
> > On Tue, Aug 06, 2024 at 05:24:22PM +0200, Jürgen Groß wrote:
> > > On 06.08.24 17:21, Marek Marczykowski-Górecki wrote:
> > > > On Tue, Aug 06, 20
On Tue, Aug 06, 2024 at 05:24:22PM +0200, Jürgen Groß wrote:
> On 06.08.24 17:21, Marek Marczykowski-Górecki wrote:
> > On Tue, Aug 06, 2024 at 04:12:32PM +0200, Jürgen Groß wrote:
> > > Marek,
> > >
> > > On 17.06.24 16:03, Marek Marczykowski-Górecki wrote:
&
On Tue, Aug 06, 2024 at 04:12:32PM +0200, Jürgen Groß wrote:
> Marek,
>
> On 17.06.24 16:03, Marek Marczykowski-Górecki wrote:
> > On Mon, Jun 17, 2024 at 01:22:37PM +0200, Jan Beulich wrote:
> > > Hello,
> > >
> > > while it feels like we had a si
On Tue, Jul 30, 2024 at 03:01:52PM +0100, Andrew Cooper wrote:
> On 30/07/2024 2:46 pm, Marek Marczykowski-Górecki wrote:
> > On Fri, Jul 26, 2024 at 05:19:42PM -0700, Stefano Stabellini wrote:
> >> Upgrade Yocto to a newer version. Use ext4 as image format for testing
> &g
ilename for the rootfs.
>
> Signed-off-by: Stefano Stabellini
Reviewed-by: Marek Marczykowski-Górecki
> ---
>
> all yocto tests pass:
> https://gitlab.com/xen-project/people/sstabellini/xen/-/pipelines/1390081173
>
> Changes in v2:
> - s/EXT4/IMAGE_FMT/
> - s
still can be worked around
with a cmdline option). But might warrant adjusting commit message.
> Signed-off-by: Roger Pau Monné
Other points still stand, and I think this generally is an improvement,
so, preferably with adjusted commit message:
Acked-by: Marek Marczykowski-Górecki
> ---
> C
or paths may
result in incorrect state (like pages removed from mmio_ro_ranges too
early). Debug build has asserts for relevant cases.
Signed-off-by: Marek Marczykowski-Górecki
---
Shadow mode is not tested, but I don't expect it to work differently than
HAP in areas related to this patch.
Change
a generic API for making just parts of an MMIO page R/O and use it to fix
USB3 console with share=yes or share=hwdom options. More details in commit
messages.
Marek Marczykowski-Górecki (2):
x86/mm: add API for marking only part of a MMIO page read only
drivers/char: Use sub-page ro API to make
plenty of it). This
configuration is already documented as unsafe with untrusted guests and
not security supported.
Signed-off-by: Marek Marczykowski-Górecki
Reviewed-by: Jan Beulich
---
Changes in v4:
- restore mmio_ro_ranges in the fallback case
- set XHCI_SHARE_NONE in the fallback case
Changes
On Thu, Jul 25, 2024 at 11:26:31AM +0200, Jan Beulich wrote:
> On 23.07.2024 05:24, Marek Marczykowski-Górecki wrote:
> > + * so tolerate it.
> > + * But unaligned size would result in smaller area, so deny it.
> > + */
> > +ASSERT(IS_ALIGNED(
On Thu, Jul 25, 2024 at 02:06:04PM +, Anthony PERARD wrote:
> On Thu, May 16, 2024 at 03:58:28PM +0200, Marek Marczykowski-Górecki wrote:
> > Especially allow it to control MSI/MSI-X enabling bits. This part only
> > writes a flag to a sysfs, the actual implementation is on the
reason
> given by gitlab for the failures: "There has been a timeout failure or
> the job got stuck." (That message can be seen when going to the url,
> removing "/raw" part, and scrolling to the top. Or looking at the side
> bar and seen a duration that well above 1h)
>
> Communication between gitlab and the runner might be broken in those
> cases, or the runner stop working.
This time the runner VM got hit with
https://lore.kernel.org/xen-devel/ZO0WrR5J0xuwDIxW@mail-itl/ . So, I
guess the failure is warranted, just not the one you'd expect...
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
ssertion didn't
fail (or it crashed before reaching that part).
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c
index 371dd100c742..fe8e664e1b63 100644
--- a/xen/arch/x86/genapic/x2apic.c
+++ b/xen/a
On Tue, Jul 23, 2024 at 12:25:32PM +0200, Marek Marczykowski-Górecki wrote:
> On Mon, Jul 22, 2024 at 11:18:38AM +0100, Andrew Cooper wrote:
> > EFI systems can run with NX disabled, as has been discovered on a Broadwell
> > Supermicro X10SRM-TF system.
> >
> > Prior t
DISABLE from the early boot path")
> Link: https://xcp-ng.org/forum/post/80520
> Reported-by: Gene Bright
> Signed-off-by: Andrew Cooper
Acked-by: Andrew Cooper
> ---
> CC: Jan Beulich
> CC: Roger Pau Monné
> CC: Daniel P. Smith
> CC: Marek Marczykowski-Górecki
On Mon, Jul 22, 2024 at 11:18:37AM +0100, Andrew Cooper wrote:
> Make the "no extended leaves" case fatal and remove one level of indentation.
> Defer the max-leaf aquisition until it is first used.
>
> No functional change.
>
> Signed-off-by: Andrew Cooper
Acked-by
or paths may
result in incorrect state (like pages removed from mmio_ro_ranges too
early). Debug build has asserts for relevant cases.
Signed-off-by: Marek Marczykowski-Górecki
---
Shadow mode is not tested, but I don't expect it to work differently than
HAP in areas related to this patch.
Cha
a generic API for making just parts of an MMIO page R/O and use it to fix
USB3 console with share=yes or share=hwdom options. More details in commit
messages.
Marek Marczykowski-Górecki (3):
xen/list: add LIST_HEAD_RO_AFTER_INIT
x86/mm: add API for marking only part of a MMIO page read only
Similar to LIST_HEAD_READ_MOSTLY.
Signed-off-by: Marek Marczykowski-Górecki
Acked-by: Jan Beulich
---
New in v5
---
xen/include/xen/list.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/xen/include/xen/list.h b/xen/include/xen/list.h
index 6506ac40893b..62169f46742e 100644
--- a/xen
plenty of it). This
configuration is already documented as unsafe with untrusted guests and
not security supported.
Signed-off-by: Marek Marczykowski-Górecki
Reviewed-by: Jan Beulich
---
Changes in v4:
- restore mmio_ro_ranges in the fallback case
- set XHCI_SHARE_NONE in the fallback case
Changes
On Mon, Jul 22, 2024 at 06:16:51PM +0100, Andrew Cooper wrote:
> On 20/07/2024 1:15 am, Marek Marczykowski-Górecki wrote:
> > `cp --preserve=xattr` doesn't work in docker when SELinux is enabled. It
> > tries to set the "security.selinux" xattr, but SELinux
On Mon, Jul 22, 2024 at 03:01:45PM +0200, Jan Beulich wrote:
> On 22.07.2024 14:36, Marek Marczykowski-Górecki wrote:
> > On Mon, Jul 22, 2024 at 02:09:15PM +0200, Jan Beulich wrote:
> >> On 19.07.2024 04:33, Marek Marczykowski-Górecki wrote:
> >>> +
On Mon, Jul 22, 2024 at 02:09:15PM +0200, Jan Beulich wrote:
> On 19.07.2024 04:33, Marek Marczykowski-Górecki wrote:
> > @@ -4910,6 +4921,254 @@ long arch_memory_op(unsigned long cmd,
> > XEN_GUEST_HANDLE_PARAM(void) arg)
> > return rc;
> > }
>
`cp --preserve=xattr` doesn't work in docker when SELinux is enabled. It
tries to set the "security.selinux" xattr, but SELinux (or overlay fs?)
denies it.
Workaround it by skipping selinux.selinux xattr copying.
Signed-off-by: Marek Marczykowski-Górecki
---
Tested here:
https:/
a generic API for making just parts of an MMIO page R/O and use it to fix
USB3 console with share=yes or share=hwdom options. More details in commit
messages.
Marek Marczykowski-Górecki (3):
xen/list: add LIST_HEAD_RO_AFTER_INIT
x86/mm: add API for marking only part of a MMIO page read only
or paths may
result in incorrect state (like pages removed from mmio_ro_ranges too
early). Debug build has asserts for relevant cases.
Signed-off-by: Marek Marczykowski-Górecki
---
Shadow mode is not tested, but I don't expect it to work differently than
HAP in areas related to this pat
plenty of it). This
configuration is already documented as unsafe with untrusted guests and
not security supported.
Signed-off-by: Marek Marczykowski-Górecki
Reviewed-by: Jan Beulich
---
Changes in v4:
- restore mmio_ro_ranges in the fallback case
- set XHCI_SHARE_NONE in the fallback case
Changes
Similar to LIST_HEAD_READ_MOSTLY.
Signed-off-by: Marek Marczykowski-Górecki
---
New in v5
---
xen/include/xen/list.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/xen/include/xen/list.h b/xen/include/xen/list.h
index 6506ac40893b..62169f46742e 100644
--- a/xen/include/xen/list.h
+++ b
pstream. It's for the one writing the package version to make sure
> that -rc are older than actual release.
>
> While trying to to find if SPEC files where dealing with "-rc" suffix,
> I found a doc for fedora telling how to deal with RCs:
> https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/
> They say to replace the dash with a tilde, so "-rc" become "~rc", and
> package manager know what to do with it.
>
> Some other distribution know how to deal with "rc" suffix, but the dash
> "-" isn't actually allowed in the version string:
> https://man.archlinux.org/man/vercmp.8
>
> So unless we forgo "-rc" in tags, there's no way we can take into
> account how distributions package manager sorts version numbers. Also,
> there's no need to, it is the job of the packager to deal with version
> number, we just need to make is simple enough and consistent.
XEN_EXTRAVERSION isn't only about version for packaging (where indeed
some changes for -rc will likely be needed anyway, as different packages
have different ways of dealing with it). It's also about version
reported by Xen in various places like `xl info xen_version`. IMO it
makes sense to have consistent format there (always 3 parts separated by
a dot). It makes live easier for any tooling making use of this value.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
On Mon, Jul 15, 2024 at 11:07:42AM +0100, Andrew Cooper wrote:
> On 15/07/2024 9:11 am, Jan Beulich wrote:
> > On 13.07.2024 15:02, Andrew Cooper wrote:
> >> On 13/07/2024 3:45 am, Marek Marczykowski-Górecki wrote:
> >>> Hi,
> >>>
> >>> So
change is earlier, specifically 6ef4fa1e7fe7
"tools: (Actually) drop libsystemd as a dependency", but configure was
regenerated only later. But TBH, I don't fully understand interaction
between those m4 macros...
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
rch/x86/efi/runtime.h
> index 77866c5f21..88ab5651e9 100644
> --- a/xen/arch/x86/efi/runtime.h
> +++ b/xen/arch/x86/efi/runtime.h
> @@ -1,3 +1,6 @@
> +#ifndef X86_EFI_RUNTIME_H
> +#define X86_EFI_RUNTIME_H
> +
> #include
> #include
> #include
> @@ -17,3 +
o
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/block/xen-blkfront.c?id=ba3f67c1163812b5d7ec33705c31edaa30ce6c51,
so I'm cc-ing people mentioned there too.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
ich will close on
> exec().
>
> Link: https://github.com/QubesOS/qubes-issues/issues/8292
> Reported-by: Demi Marie Obenour
> Signed-off-by: Andrew Cooper
Reviewed-by: Marek Marczykowski-Górecki
> ---
> CC: Anthony PERARD
> CC: Juergen Gross
> CC: Demi Marie Obe
ing down a lot more
things to free some more memory.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
//github.com/QubesOS/qubes-linux-kernel/commit/3e8be4ac1682370977d4d0dc1d782c428d860282
Far from ideal, but gets it bootable...
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
On Tue, Jun 11, 2024 at 04:07:03PM +0200, Roger Pau Monné wrote:
> On Tue, Jun 11, 2024 at 03:15:42PM +0200, Marek Marczykowski-Górecki wrote:
> > It's location is discovered at startup
> > (device presents a linked-list of capabilities in one of its BARs).
> > The spec
On Tue, Jun 11, 2024 at 02:55:22PM +0200, Roger Pau Monné wrote:
> On Tue, Jun 11, 2024 at 01:38:35PM +0200, Marek Marczykowski-Górecki wrote:
> > On Tue, Jun 11, 2024 at 12:40:49PM +0200, Roger Pau Monné wrote:
> > > On Wed, May 22, 2024 at 05:39:03PM +0200, Marek Ma
On Tue, Jun 11, 2024 at 12:40:49PM +0200, Roger Pau Monné wrote:
> On Wed, May 22, 2024 at 05:39:03PM +0200, Marek Marczykowski-Górecki wrote:
> > In some cases, only few registers on a page needs to be write-protected.
> > Examples include USB3 console (64 bytes worth of regist
On Fri, Jun 07, 2024 at 09:01:25AM +0200, Jan Beulich wrote:
> On 22.05.2024 17:39, Marek Marczykowski-Górecki wrote:
> > --- a/xen/arch/x86/include/asm/mm.h
> > +++ b/xen/arch/x86/include/asm/mm.h
> > @@ -522,9 +522,34 @@ extern struct rangeset *mmio_ro_ranges;
> > voi
On Mon, Jun 10, 2024 at 04:25:01PM +0100, Andrew Cooper wrote:
> On 10/06/2024 2:32 pm, Marek Marczykowski-Górecki wrote:
> > This tests if QEMU works in PVH dom0. QEMU in dom0 requires enabling TUN
> > in the kernel, so do that too.
> >
> > Add it to both x86 runners, s
This tests if QEMU works in PVH dom0. QEMU in dom0 requires enabling TUN
in the kernel, so do that too.
Add it to both x86 runners, similar to the PVH domU test.
Signed-off-by: Marek Marczykowski-Górecki
---
Requires rebuilding test-artifacts/kernel/6.1.19
I'm actually not sure if there
, Jan Beulich wrote:
> >>>> On 07.06.2024 21:52, Andrew Cooper wrote:
> >>>>> On 07/06/2024 8:46 pm, Marek Marczykowski-Górecki wrote:
> >>>>>> Hi,
> >>>>>>
> >>>>>> I've got a new system, and it has
h 256 bus segments.
Fortunately, I don't need this to work, if I disable VMD in the
firmware, I get a single segment and everything works fine.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
eers,
>
> On 25/03/2024 16:17, Marek Marczykowski-Górecki wrote:
> > On Sun, Oct 22, 2023 at 04:14:30PM +0200, Marek Marczykowski-Górecki wrote:
> > > On Mon, Aug 28, 2023 at 11:50:36PM +0200, Marek Marczykowski-Górecki
> > > wrote:
> > > &
On Thu, May 30, 2024 at 05:43:12PM -0700, Stefano Stabellini wrote:
> On Thu, 30 May 2024, Marek Marczykowski-Górecki wrote:
> > On Wed, May 29, 2024 at 03:19:43PM +0100, Andrew Cooper wrote:
> > > This restriction doesn't provide any security because anyone with suitable
&
ust setting of my project, to set "QUBES_JOBS" only
to some branches - I used to use branch protection rules as a proxy to
selecting on which branch to run hw tests...
> ---
> CC: Roger Pau Monné
> CC: Stefano Stabellini
> CC: Michal Orzel
> CC: Marek Marczykowski-Górec
On Wed, May 22, 2024 at 05:39:02PM +0200, Marek Marczykowski-Górecki wrote:
> On older systems, XHCI xcap had a layout that no other (interesting) registers
> were placed on the same page as the debug capability, so Linux was fine with
> making the whole page R/O. But at least on Tiger
plenty of it). This
configuration is already documented as unsafe with untrusted guests and
not security supported.
Signed-off-by: Marek Marczykowski-Górecki
---
Changes in v4:
- restore mmio_ro_ranges in the fallback case
- set XHCI_SHARE_NONE in the fallback case
Changes in v3:
- indentation fix
a generic API for making just parts of an MMIO page R/O and use it to fix
USB3 console with share=yes or share=hwdom options. More details in commit
messages.
Marek Marczykowski-Górecki (2):
x86/mm: add API for marking only part of a MMIO page read only
drivers/char: Use sub-page ro API to make
or paths may
result in incorrect state (like pages removed from mmio_ro_ranges too
early). Debug build has asserts for relevant cases.
Signed-off-by: Marek Marczykowski-Górecki
---
Shadow mode is not tested, but I don't expect it to work differently than
HAP in areas related to this p
On Wed, May 22, 2024 at 03:29:51PM +0200, Jan Beulich wrote:
> On 22.05.2024 15:22, Marek Marczykowski-Górecki wrote:
> > On Wed, May 22, 2024 at 09:52:44AM +0200, Jan Beulich wrote:
> >> On 21.05.2024 04:54, Marek Marczykowski-Górecki wrote:
> >>> +static v
On Wed, May 22, 2024 at 09:52:44AM +0200, Jan Beulich wrote:
> On 21.05.2024 04:54, Marek Marczykowski-Górecki wrote:
> > +static void subpage_mmio_write_emulate(
> > +mfn_t mfn,
> > +unsigned int offset,
> > +const void *data,
> > +unsigne
On Wed, May 22, 2024 at 10:05:05AM +0200, Jan Beulich wrote:
> On 21.05.2024 04:54, Marek Marczykowski-Górecki wrote:
> > --- a/xen/drivers/char/xhci-dbc.c
> > +++ b/xen/drivers/char/xhci-dbc.c
> > @@ -1216,20 +1216,19 @@ static void __init cf_check
> > dbc_uart_init
On Wed, May 22, 2024 at 09:52:44AM +0200, Jan Beulich wrote:
> On 21.05.2024 04:54, Marek Marczykowski-Górecki wrote:
> > --- a/xen/arch/x86/hvm/hvm.c
> > +++ b/xen/arch/x86/hvm/hvm.c
> > @@ -2009,6 +2009,14 @@ int hvm_hap_nested_page_fault(paddr_t gpa, unsigned
> >
On Tue, May 21, 2024 at 05:16:58PM +0200, Jan Beulich wrote:
> On 21.05.2024 04:54, Marek Marczykowski-Górecki wrote:
> > --- a/xen/arch/x86/include/asm/mm.h
> > +++ b/xen/arch/x86/include/asm/mm.h
> > @@ -522,9 +522,27 @@ extern struct rangeset *mmio_ro_ranges;
> > voi
#x27;t top
priority series, so if it won't hit 4.19, it's okay with me too.
Marek Marczykowski-Górecki (2):
x86/mm: add API for marking only part of a MMIO page read only
drivers/char: Use sub-page ro API to make just xhci dbc cap RO
xen/arch/x86/hvm/emulate.c | 2 +-
xe
plenty of it). This
configuration is already documented as unsafe with untrusted guests and
not security supported.
Signed-off-by: Marek Marczykowski-Górecki
---
Changes in v3:
- indentation fix
- remove stale comment
- fallback to pci_ro_device() if subpage_mmio_ro_add() fails
- extend commit
ot be called with overlapping
ranges, and on pages already added to mmio_ro_ranges separately.
Successful calls would result in correct handling, but error paths may
result in incorrect state (like pages removed from mmio_ro_ranges too
early). Debug build has asserts for relevant cases.
Signed-off-
On Fri, May 17, 2024 at 05:40:52PM -0700, Stefano Stabellini wrote:
> On Thu, 16 May 2024, Marek Marczykowski-Górecki wrote:
> > Add minimal linux-stubdom smoke test. It starts a simple HVM with
> > linux-stubdom. The actual stubdom implementation is taken from Qubes OS
> >
../../tools/include/xen-sd-notify.h:45:3:
error: cleanup argument not a function
45 | int __attribute__((cleanup(sd_closep))) fd = -1;
| ^~~
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
signature.asc
Description: PGP signature
Based on the initial stubdomain test add booting from CDOM. It's
significantly different in terms of emulated devices (contrary to PV
disk, the cdrom is backed by qemu), so test that path too.
Schedule it on the AMD runner, as it has less tests right now.
Signed-off-by: Marek Marczykowski-Gó
Make it run on newer runners that have new enough kernel for
dracut-install.
Signed-off-by: Marek Marczykowski-Górecki
---
automation/gitlab-ci/build.yaml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml
index 9b9e5464f179
Especially allow it to control MSI/MSI-X enabling bits. This part only
writes a flag to a sysfs, the actual implementation is on the kernel
side.
This requires Linux >= 5.10 in dom0 (or relevant patch backported).
Signed-off-by: Marek Marczykowski-Górecki
---
tools/libs/light/libxl_pci.c
And start collecting qemu log earlier, so it isn't lost in case of a
timeout during domain startup.
Signed-off-by: Marek Marczykowski-Górecki
---
automation/scripts/qemu-alpine-x86_64.sh| 2 +-
automation/scripts/qemu-smoke-dom0-arm32.sh | 2 +-
automation/scripts/qemu-smoke-dom0-arm
Signed-off-by: Marek Marczykowski-Górecki
---
automation/scripts/qubes-x86-64.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/automation/scripts/qubes-x86-64.sh
b/automation/scripts/qubes-x86-64.sh
index d81ed7b931cf..4beeff17d31b 100755
--- a/automation/scripts/qubes-x86-64.sh
+++ b
It fails on larger initramfs (~250MB one), let Linux do it.
Signed-off-by: Marek Marczykowski-Górecki
---
automation/scripts/qubes-x86-64.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/automation/scripts/qubes-x86-64.sh
b/automation/scripts/qubes-x86-64.sh
index
---
automation/gitlab-ci/build.yaml | 19 ---
automation/gitlab-ci/test.yaml | 9 -
2 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml
index f1e6a6144c90..88a59692a881 100644
--- a/automation/g
this bumps kernel version requirement on docker runners -
dracut-install uses faccessat2() syscall which was introduced in Linux
5.8.
Signed-off-by: Marek Marczykowski-Górecki
---
automation/build/alpine/3.18-arm64v8.dockerfile | 49 +--
automation/build/alpine/3.18.docke
ll grub
directly. For this reason, prepare bootsector as part of the Xen build
(which runs on x86_64) and then prepend do the disk image during the
test (and adjust partitions table afterwards).
Signed-off-by: Marek Marczykowski-Górecki
---
The test is implemented using hardware runner, bec
Update 6.1.x kernel to the latest version in this branch. This is
especially needed to include MSI-X related fixes for stubdomain
("xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled").
Signed-off-by: Marek Marczykowski-Górecki
---
automation/gitlab-ci/
1 - 100 of 1027 matches
Mail list logo
