--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: x...@packages.debian.org, t...@security.debian.org,
m...@daemonizer.de
Control: affects -1 + src:xen
Please unblock package xen.
[ Reason ]
Xen in bookworm is currently affected by CVE-2022-42335 and
CVE-2022-42336 (see #1034842 and #1036298).
[ Impact ]
The above mentioned CVEs are not fixed in bookworm.
[ Tests ]
The Debian package is based only on upstream commits that have passed
the upstream automated tests.
The Debian package has been successfully tested by the xen packaging
team on their test machines.
[ Risks ]
There could be upstream changes unrelated to the above mentioned
security fixes that cause regressions. However upstream has an automated
testing machinery (osstest) that only allows a commit in the upstream
stable branch if all test pass.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
This security fix is based on the latest upstream stable-4.17 branch.
The branch in general only accepts bug fixes and does not allow new
features, so the changes there are mainly security and other bug fixes.
This does not strictly follow the "only targeted fixes" release policy,
but, as explained below, we believe it is still appropriate for an
unblock request.
The package we have uploaded to unstable is exactly what we would have
done as a security update in a stable release, what we have historically
done together with the security team and are planning to continue to do.
As upstream does extensive automated testing on their stable branches
chances for unnoticed regressions are low. We believe this way the risk
for bugs is lower than trying to manually pick and adjust patches
without all the deep knowledge that upstream has. This approach is
similar to what the linux package is doing.
Please note that piuparts currently fails for xen in unstable. We
believe this is due to adduser now being marked as Protected:yes (see
discussion in #1035654) and not related to the xen packaging. Please let
us know if there is anything we have to do on the xen packaging side.
unblock xen/4.17.1+2-gb773c48e36-1
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/build/centos/7.2.dockerfile xen-4.17.1+2-gb773c48e36/automation/build/centos/7.2.dockerfile
--- xen-4.17.0+74-g3eac216e6e/automation/build/centos/7.2.dockerfile 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/build/centos/7.2.dockerfile 1970-01-01 01:00:00.000000000 +0100
@@ -1,52 +0,0 @@
-FROM centos:7.2.1511
-LABEL maintainer.name="The Xen Project" \
- maintainer.email="xen-de...@lists.xenproject.org"
-
-# ensure we only get bits from the vault for
-# the version we want
-COPY CentOS-7.2.repo /etc/yum.repos.d/CentOS-Base.repo
-
-# install EPEL for dev86, xz-devel and possibly other packages
-RUN yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
- yum clean all
-
-RUN mkdir /build
-WORKDIR /build
-
-# work around https://github.com/moby/moby/issues/10180
-# and install Xen depends
-RUN rpm --rebuilddb && \
- yum -y install \
- yum-plugin-ovl \
- gcc \
- gcc-c++ \
- ncurses-devel \
- zlib-devel \
- openssl-devel \
- python-devel \
- libuuid-devel \
- pkgconfig \
- # gettext for Xen < 4.13
- gettext \
- flex \
- bison \
- libaio-devel \
- glib2-devel \
- yajl-devel \
- pixman-devel \
- glibc-devel \
- # glibc-devel.i686 for Xen < 4.15
- glibc-devel.i686 \
- make \
- binutils \
- git \
- wget \
- acpica-tools \
- python-markdown \
- patch \
- checkpolicy \
- dev86 \
- xz-devel \
- bzip2 \
- nasm \
- && yum clean all
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/build/centos/CentOS-7.2.repo xen-4.17.1+2-gb773c48e36/automation/build/centos/CentOS-7.2.repo
--- xen-4.17.0+74-g3eac216e6e/automation/build/centos/CentOS-7.2.repo 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/build/centos/CentOS-7.2.repo 1970-01-01 01:00:00.000000000 +0100
@@ -1,35 +0,0 @@
-# CentOS-Base.repo
-#
-# This is a replacement file that pins things to just use CentOS 7.2
-# from the CentOS Vault.
-#
-
-[base]
-name=CentOS-7.2.1511 - Base
-baseurl=http://vault.centos.org/7.2.1511/os/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#released updates
-[updates]
-name=CentOS-7.2.1511 - Updates
-baseurl=http://vault.centos.org/7.2.1511/updates/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#additional packages that may be useful
-[extras]
-name=CentOS-7.2.1511 - Extras
-baseurl=http://vault.centos.org/7.2.1511/extras/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#additional packages that extend functionality of existing packages
-[centosplus]
-name=CentOS-7.2.1511 - Plus
-baseurl=http://vault.centos.org/7.2.1511/centosplus/$basearch/
-gpgcheck=1
-gpgcheck=1
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/build/debian/stretch.dockerfile xen-4.17.1+2-gb773c48e36/automation/build/debian/stretch.dockerfile
--- xen-4.17.0+74-g3eac216e6e/automation/build/debian/stretch.dockerfile 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/build/debian/stretch.dockerfile 2023-05-16 17:23:29.000000000 +0200
@@ -53,15 +53,3 @@
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
-
-RUN wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
-COPY stretch-llvm-8.list /etc/apt/sources.list.d/
-
-RUN apt-get update && \
- apt-get --quiet --yes install \
- clang-8 \
- lld-8 \
- && \
- apt-get autoremove -y && \
- apt-get clean && \
- rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/build/debian/stretch-llvm-8.list xen-4.17.1+2-gb773c48e36/automation/build/debian/stretch-llvm-8.list
--- xen-4.17.0+74-g3eac216e6e/automation/build/debian/stretch-llvm-8.list 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/build/debian/stretch-llvm-8.list 1970-01-01 01:00:00.000000000 +0100
@@ -1,3 +0,0 @@
-# Strech LLVM 8 repos
-deb http://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main
-deb-src http://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/build/debian/unstable-arm32-gcc.dockerfile xen-4.17.1+2-gb773c48e36/automation/build/debian/unstable-arm32-gcc.dockerfile
--- xen-4.17.0+74-g3eac216e6e/automation/build/debian/unstable-arm32-gcc.dockerfile 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/build/debian/unstable-arm32-gcc.dockerfile 1970-01-01 01:00:00.000000000 +0100
@@ -1,24 +0,0 @@
-FROM debian:unstable
-LABEL maintainer.name="The Xen Project" \
- maintainer.email="xen-de...@lists.xenproject.org"
-
-ENV DEBIAN_FRONTEND=noninteractive
-ENV USER root
-ENV CROSS_COMPILE /usr/bin/arm-linux-gnueabihf-
-
-RUN mkdir /build
-WORKDIR /build
-
-# build depends
-RUN apt-get update && \
- apt-get --quiet --yes install \
- build-essential \
- flex \
- bison \
- git \
- gcc-arm-linux-gnueabihf \
- && \
- apt-get autoremove -y && \
- apt-get clean && \
- rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
-
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/build/debian/unstable-arm64v8-arm32-gcc.dockerfile xen-4.17.1+2-gb773c48e36/automation/build/debian/unstable-arm64v8-arm32-gcc.dockerfile
--- xen-4.17.0+74-g3eac216e6e/automation/build/debian/unstable-arm64v8-arm32-gcc.dockerfile 1970-01-01 01:00:00.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/build/debian/unstable-arm64v8-arm32-gcc.dockerfile 2023-05-16 17:23:29.000000000 +0200
@@ -0,0 +1,23 @@
+FROM arm64v8/debian:unstable
+LABEL maintainer.name="The Xen Project" \
+ maintainer.email="xen-de...@lists.xenproject.org"
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV USER root
+ENV CROSS_COMPILE /usr/bin/arm-linux-gnueabihf-
+
+RUN mkdir /build
+WORKDIR /build
+
+# build depends
+RUN apt-get update && \
+ apt-get --quiet --yes install \
+ build-essential \
+ flex \
+ bison \
+ git \
+ gcc-arm-linux-gnueabihf \
+ && \
+ apt-get autoremove -y && \
+ apt-get clean && \
+ rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/configs/x86/hvm_only_config xen-4.17.1+2-gb773c48e36/automation/configs/x86/hvm_only_config
--- xen-4.17.0+74-g3eac216e6e/automation/configs/x86/hvm_only_config 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/configs/x86/hvm_only_config 1970-01-01 01:00:00.000000000 +0100
@@ -1,3 +0,0 @@
-CONFIG_HVM=y
-# CONFIG_PV is not set
-# CONFIG_DEBUG is not set
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/configs/x86/no_hvm_pv_config xen-4.17.1+2-gb773c48e36/automation/configs/x86/no_hvm_pv_config
--- xen-4.17.0+74-g3eac216e6e/automation/configs/x86/no_hvm_pv_config 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/configs/x86/no_hvm_pv_config 1970-01-01 01:00:00.000000000 +0100
@@ -1,3 +0,0 @@
-# CONFIG_HVM is not set
-# CONFIG_PV is not set
-# CONFIG_DEBUG is not set
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/configs/x86/pv_only_config xen-4.17.1+2-gb773c48e36/automation/configs/x86/pv_only_config
--- xen-4.17.0+74-g3eac216e6e/automation/configs/x86/pv_only_config 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/configs/x86/pv_only_config 1970-01-01 01:00:00.000000000 +0100
@@ -1,3 +0,0 @@
-CONFIG_PV=y
-# CONFIG_HVM is not set
-# CONFIG_DEBUG is not set
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/gitlab-ci/build.yaml xen-4.17.1+2-gb773c48e36/automation/gitlab-ci/build.yaml
--- xen-4.17.0+74-g3eac216e6e/automation/gitlab-ci/build.yaml 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/gitlab-ci/build.yaml 2023-05-16 17:23:29.000000000 +0200
@@ -27,13 +27,6 @@
CXX: clang++
clang: y
-.clang-8-tmpl:
- variables: &clang-8
- CC: clang-8
- CXX: clang++-8
- LD: ld.lld-8
- clang: y
-
.x86-64-build-tmpl:
<<: *build
variables:
@@ -98,16 +91,6 @@
variables:
<<: *clang
-.clang-8-x86-64-build:
- extends: .x86-64-build
- variables:
- <<: *clang-8
-
-.clang-8-x86-64-build-debug:
- extends: .x86-64-build-debug
- variables:
- <<: *clang-8
-
.clang-x86-32-build:
extends: .x86-32-build
variables:
@@ -123,7 +106,7 @@
variables:
XEN_TARGET_ARCH: arm32
tags:
- - x86_64
+ - arm64
.arm32-cross-build:
extends: .arm32-cross-build-tmpl
@@ -184,16 +167,6 @@
variables:
CONTAINER: archlinux:current
-centos-7-2-gcc:
- extends: .gcc-x86-64-build
- variables:
- CONTAINER: centos:7.2
-
-centos-7-2-gcc-debug:
- extends: .gcc-x86-64-build-debug
- variables:
- CONTAINER: centos:7.2
-
centos-7-gcc:
extends: .gcc-x86-64-build
variables:
@@ -254,16 +227,6 @@
variables:
CONTAINER: debian:stretch
-debian-stretch-clang-8:
- extends: .clang-8-x86-64-build
- variables:
- CONTAINER: debian:stretch
-
-debian-stretch-clang-8-debug:
- extends: .clang-8-x86-64-build-debug
- variables:
- CONTAINER: debian:stretch
-
debian-stretch-gcc:
extends: .gcc-x86-64-build
variables:
@@ -274,21 +237,11 @@
variables:
CONTAINER: debian:stretch
-debian-stretch-32-clang:
- extends: .clang-x86-32-build
- variables:
- CONTAINER: debian:stretch-i386
-
debian-stretch-32-clang-debug:
extends: .clang-x86-32-build-debug
variables:
CONTAINER: debian:stretch-i386
-debian-stretch-32-gcc:
- extends: .gcc-x86-32-build
- variables:
- CONTAINER: debian:stretch-i386
-
debian-stretch-32-gcc-debug:
extends: .gcc-x86-32-build-debug
variables:
@@ -334,21 +287,11 @@
CONTAINER: debian:unstable
RANDCONFIG: y
-debian-unstable-32-clang:
- extends: .clang-x86-32-build
- variables:
- CONTAINER: debian:unstable-i386
-
debian-unstable-32-clang-debug:
extends: .clang-x86-32-build-debug
variables:
CONTAINER: debian:unstable-i386
-debian-unstable-32-gcc:
- extends: .gcc-x86-32-build
- variables:
- CONTAINER: debian:unstable-i386
-
debian-unstable-32-gcc-debug:
extends: .gcc-x86-32-build-debug
variables:
@@ -505,23 +448,23 @@
debian-unstable-gcc-arm32:
extends: .gcc-arm32-cross-build
variables:
- CONTAINER: debian:unstable-arm32-gcc
+ CONTAINER: debian:unstable-arm64v8-arm32-gcc
debian-unstable-gcc-arm32-debug:
extends: .gcc-arm32-cross-build-debug
variables:
- CONTAINER: debian:unstable-arm32-gcc
+ CONTAINER: debian:unstable-arm64v8-arm32-gcc
debian-unstable-gcc-arm32-randconfig:
extends: .gcc-arm32-cross-build
variables:
- CONTAINER: debian:unstable-arm32-gcc
+ CONTAINER: debian:unstable-arm64v8-arm32-gcc
RANDCONFIG: y
debian-unstable-gcc-arm32-debug-randconfig:
extends: .gcc-arm32-cross-build-debug
variables:
- CONTAINER: debian:unstable-arm32-gcc
+ CONTAINER: debian:unstable-arm64v8-arm32-gcc
RANDCONFIG: y
# Arm builds
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/scripts/build xen-4.17.1+2-gb773c48e36/automation/scripts/build
--- xen-4.17.0+74-g3eac216e6e/automation/scripts/build 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/scripts/build 2023-05-16 17:23:29.000000000 +0200
@@ -85,24 +85,3 @@
cp -r dist binaries/
fi
fi
-
-if [[ "${hypervisor_only}" == "y" ]]; then
- # If we are build testing a specific Kconfig exit now, there's no point in
- # testing all the possible configs.
- exit 0
-fi
-
-# Build all the configs we care about
-case ${XEN_TARGET_ARCH} in
- x86_64) arch=x86 ;;
- *) exit 0 ;;
-esac
-
-cfg_dir="automation/configs/${arch}"
-for cfg in `ls ${cfg_dir}`; do
- echo "Building $cfg"
- make -j$(nproc) -C xen clean
- rm -f xen/.config
- make -C xen KBUILD_DEFCONFIG=../../../../${cfg_dir}/${cfg} defconfig
- make -j$(nproc) -C xen
-done
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/scripts/qemu-alpine-arm64.sh xen-4.17.1+2-gb773c48e36/automation/scripts/qemu-alpine-arm64.sh
--- xen-4.17.0+74-g3eac216e6e/automation/scripts/qemu-alpine-arm64.sh 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/scripts/qemu-alpine-arm64.sh 2023-05-16 17:23:29.000000000 +0200
@@ -2,14 +2,6 @@
set -ex
-apt-get -qy update
-apt-get -qy install --no-install-recommends u-boot-qemu \
- u-boot-tools \
- device-tree-compiler \
- cpio \
- curl \
- busybox-static
-
# DomU Busybox
cd binaries
mkdir -p initrd
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/scripts/qemu-alpine-x86_64.sh xen-4.17.1+2-gb773c48e36/automation/scripts/qemu-alpine-x86_64.sh
--- xen-4.17.0+74-g3eac216e6e/automation/scripts/qemu-alpine-x86_64.sh 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/scripts/qemu-alpine-x86_64.sh 2023-05-16 17:23:29.000000000 +0200
@@ -2,10 +2,6 @@
set -ex
-apt-get -qy update
-apt-get -qy install --no-install-recommends cpio \
- busybox-static
-
# DomU Busybox
cd binaries
mkdir -p initrd
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/scripts/qemu-smoke-arm32.sh xen-4.17.1+2-gb773c48e36/automation/scripts/qemu-smoke-arm32.sh
--- xen-4.17.0+74-g3eac216e6e/automation/scripts/qemu-smoke-arm32.sh 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/scripts/qemu-smoke-arm32.sh 2023-05-16 17:23:29.000000000 +0200
@@ -2,12 +2,6 @@
set -ex
-export DEBIAN_FRONTEND=noninteractive
-apt-get -qy update
-apt-get -qy install --no-install-recommends device-tree-compiler \
- curl \
- cpio
-
cd binaries
# Use the kernel from Debian
curl --fail --silent --show-error --location --output vmlinuz http://http.us.debian.org/debian/dists/bullseye/main/installer-armhf/current/images/netboot/vmlinuz
diff -Nru xen-4.17.0+74-g3eac216e6e/automation/scripts/qemu-smoke-arm64.sh xen-4.17.1+2-gb773c48e36/automation/scripts/qemu-smoke-arm64.sh
--- xen-4.17.0+74-g3eac216e6e/automation/scripts/qemu-smoke-arm64.sh 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/automation/scripts/qemu-smoke-arm64.sh 2023-05-16 17:23:29.000000000 +0200
@@ -38,15 +38,6 @@
"
fi
-export DEBIAN_FRONTEND=noninteractive
-apt-get -qy update
-apt-get -qy install --no-install-recommends u-boot-qemu \
- u-boot-tools \
- device-tree-compiler \
- busybox-static \
- cpio \
- curl
-
# XXX QEMU looks for "efi-virtio.rom" even if it is unneeded
curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom
./binaries/qemu-system-aarch64 \
diff -Nru xen-4.17.0+74-g3eac216e6e/Config.mk xen-4.17.1+2-gb773c48e36/Config.mk
--- xen-4.17.0+74-g3eac216e6e/Config.mk 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/Config.mk 2023-05-16 17:23:29.000000000 +0200
@@ -229,15 +229,15 @@
MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git
endif
OVMF_UPSTREAM_REVISION ?= 7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5
-QEMU_UPSTREAM_REVISION ?= qemu-xen-4.17.0
-MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.17.0
+QEMU_UPSTREAM_REVISION ?= qemu-xen-4.17.1
+MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.17.1
SEABIOS_UPSTREAM_REVISION ?= rel-1.16.0
ETHERBOOT_NICS ?= rtl8139 8086100e
-QEMU_TRADITIONAL_REVISION ?= xen-4.17.0
+QEMU_TRADITIONAL_REVISION ?= xen-4.17.1
# Specify which qemu-dm to use. This may be `ioemu' to use the old
# Mercurial in-tree version, or a local directory, or a git URL.
diff -Nru xen-4.17.0+74-g3eac216e6e/debian/changelog xen-4.17.1+2-gb773c48e36/debian/changelog
--- xen-4.17.0+74-g3eac216e6e/debian/changelog 2023-03-23 22:22:48.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/debian/changelog 2023-05-18 21:26:30.000000000 +0200
@@ -1,3 +1,15 @@
+xen (4.17.1+2-gb773c48e36-1) unstable; urgency=medium
+
+ * Update to new upstream version 4.17.1+2-gb773c48e36, which also contains
+ security fixes for the following issues:
+ - x86 shadow paging arbitrary pointer dereference
+ XSA-430 CVE-2022-42335
+ (Closes: #1034842)
+ - Mishandling of guest SSBD selection on AMD hardware
+ XSA-431 CVE-2022-42336
+
+ -- Maximilian Engelhardt <m...@daemonizer.de> Thu, 18 May 2023 21:26:30 +0200
+
xen (4.17.0+74-g3eac216e6e-1) unstable; urgency=medium
* Update to new upstream version 4.17.0+74-g3eac216e6e, which also contains
diff -Nru xen-4.17.0+74-g3eac216e6e/debian/patches/prefix-abiname/config-prefix.diff xen-4.17.1+2-gb773c48e36/debian/patches/prefix-abiname/config-prefix.diff
--- xen-4.17.0+74-g3eac216e6e/debian/patches/prefix-abiname/config-prefix.diff 2023-03-23 22:22:48.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/debian/patches/prefix-abiname/config-prefix.diff 2023-05-18 21:26:30.000000000 +0200
@@ -9,7 +9,7 @@
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/Config.mk b/Config.mk
-index d1f569f..8a00b0f 100644
+index b9b999a..913b602 100644
--- a/Config.mk
+++ b/Config.mk
@@ -74,7 +74,7 @@ EXTRA_LIB += $(EXTRA_PREFIX)/lib
diff -Nru xen-4.17.0+74-g3eac216e6e/tools/xenstore/xenstored_core.c xen-4.17.1+2-gb773c48e36/tools/xenstore/xenstored_core.c
--- xen-4.17.0+74-g3eac216e6e/tools/xenstore/xenstored_core.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/tools/xenstore/xenstored_core.c 2023-05-16 17:23:29.000000000 +0200
@@ -1474,6 +1474,9 @@
if (!node)
return NULL;
+ if (conn && conn->transaction)
+ ta_node_created(conn->transaction);
+
node->data = data;
node->datalen = datalen;
diff -Nru xen-4.17.0+74-g3eac216e6e/tools/xenstore/xenstored_transaction.c xen-4.17.1+2-gb773c48e36/tools/xenstore/xenstored_transaction.c
--- xen-4.17.0+74-g3eac216e6e/tools/xenstore/xenstored_transaction.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/tools/xenstore/xenstored_transaction.c 2023-05-16 17:23:29.000000000 +0200
@@ -172,12 +172,20 @@
/* List of changed domains - to record the changed domain entry number */
struct list_head changed_domains;
+ /* There was at least one node created in the transaction. */
+ bool node_created;
+
/* Flag for letting transaction fail. */
bool fail;
};
uint64_t generation;
+void ta_node_created(struct transaction *trans)
+{
+ trans->node_created = true;
+}
+
static struct accessed_node *find_accessed_node(struct transaction *trans,
const char *name)
{
@@ -514,7 +522,12 @@
return 0;
}
-static int transaction_fix_domains(struct transaction *trans, bool update)
+/*
+ * Update or check number of nodes per domain at the end of a transaction.
+ * If "update" is true, "chk_quota" is ignored.
+ */
+static int transaction_fix_domains(struct transaction *trans, bool chk_quota,
+ bool update)
{
struct changed_domain *d;
int cnt;
@@ -522,7 +535,7 @@
list_for_each_entry(d, &trans->changed_domains, list) {
cnt = domain_entry_fix(d->domid, d->nbentry, update);
if (!update) {
- if (cnt >= quota_nb_entry_per_domain)
+ if (chk_quota && cnt >= quota_nb_entry_per_domain)
return ENOSPC;
if (cnt < 0)
return ENOMEM;
@@ -538,6 +551,7 @@
const char *arg = onearg(in);
struct transaction *trans;
bool is_corrupt = false;
+ bool chk_quota;
int ret;
if (!arg || (!streq(arg, "T") && !streq(arg, "F")))
@@ -552,13 +566,15 @@
if (!conn->transaction_started)
conn->ta_start_time = 0;
+ chk_quota = trans->node_created && domain_is_unprivileged(conn);
+
/* Attach transaction to ctx for auto-cleanup */
talloc_steal(ctx, trans);
if (streq(arg, "T")) {
if (trans->fail)
return ENOMEM;
- ret = transaction_fix_domains(trans, false);
+ ret = transaction_fix_domains(trans, chk_quota, false);
if (ret)
return ret;
ret = finalize_transaction(conn, trans, &is_corrupt);
@@ -568,7 +584,7 @@
wrl_apply_debit_trans_commit(conn);
/* fix domain entry for each changed domain */
- transaction_fix_domains(trans, true);
+ transaction_fix_domains(trans, false, true);
if (is_corrupt)
corrupt(conn, "transaction inconsistency");
diff -Nru xen-4.17.0+74-g3eac216e6e/tools/xenstore/xenstored_transaction.h xen-4.17.1+2-gb773c48e36/tools/xenstore/xenstored_transaction.h
--- xen-4.17.0+74-g3eac216e6e/tools/xenstore/xenstored_transaction.h 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/tools/xenstore/xenstored_transaction.h 2023-05-16 17:23:29.000000000 +0200
@@ -36,6 +36,9 @@
struct transaction *transaction_lookup(struct connection *conn, uint32_t id);
+/* Set flag for created node. */
+void ta_node_created(struct transaction *trans);
+
/* inc/dec entry number local to trans while changing a node */
void transaction_entry_inc(struct transaction *trans, unsigned int domid);
void transaction_entry_dec(struct transaction *trans, unsigned int domid);
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/arch/x86/alternative.c xen-4.17.1+2-gb773c48e36/xen/arch/x86/alternative.c
--- xen-4.17.0+74-g3eac216e6e/xen/arch/x86/alternative.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/arch/x86/alternative.c 2023-05-16 17:23:29.000000000 +0200
@@ -394,24 +394,28 @@
*/
if ( !(alt_done & alt_todo) )
{
- unsigned long cr0, cr4;
-
- cr0 = read_cr0();
- cr4 = read_cr4();
-
- if ( cr4 & X86_CR4_CET )
- write_cr4(cr4 & ~X86_CR4_CET);
-
- /* Disable WP to allow patching read-only pages. */
- write_cr0(cr0 & ~X86_CR0_WP);
+ /*
+ * Relax perms on .text to be RWX, so we can modify them.
+ *
+ * This relaxes perms globally, but we run ahead of bringing APs
+ * online, so only have our own TLB to worry about.
+ */
+ modify_xen_mappings_lite(XEN_VIRT_START + MB(2),
+ (unsigned long)&__2M_text_end,
+ PAGE_HYPERVISOR_RWX);
+ flush_local(FLUSH_TLB_GLOBAL);
_apply_alternatives(__alt_instructions, __alt_instructions_end,
alt_done);
- write_cr0(cr0);
-
- if ( cr4 & X86_CR4_CET )
- write_cr4(cr4);
+ /*
+ * Reinstate perms on .text to be RX. This also cleans out the dirty
+ * bits, which matters when CET Shstk is active.
+ */
+ modify_xen_mappings_lite(XEN_VIRT_START + MB(2),
+ (unsigned long)&__2M_text_end,
+ PAGE_HYPERVISOR_RX);
+ flush_local(FLUSH_TLB_GLOBAL);
alt_done |= alt_todo;
}
@@ -466,19 +470,6 @@
panic("Timed out waiting for alternatives self-NMI to hit\n");
set_nmi_callback(saved_nmi_callback);
-
- /*
- * When Xen is using shadow stacks, the alternatives clearing CR0.WP and
- * writing into the mappings set dirty bits, turning the mappings into
- * shadow stack mappings.
- *
- * While we can execute from them, this would also permit them to be the
- * target of WRSS instructions, so reset the dirty after patching.
- */
- if ( cpu_has_xen_shstk )
- modify_xen_mappings(XEN_VIRT_START + MB(2),
- (unsigned long)&__2M_text_end,
- PAGE_HYPERVISOR_RX);
}
void __init alternative_instructions(void)
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/amd.c xen-4.17.1+2-gb773c48e36/xen/arch/x86/cpu/amd.c
--- xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/amd.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/arch/x86/cpu/amd.c 2023-05-16 17:23:29.000000000 +0200
@@ -783,12 +783,23 @@
return true;
}
+/*
+ * legacy_ssbd is always initialized to false because when SSBD is set
+ * from the command line guest attempts to change it are a no-op (see
+ * amd_set_legacy_ssbd()), whereas when SSBD is inactive hardware will
+ * be forced into that mode (see amd_init_ssbd()).
+ */
+static DEFINE_PER_CPU(bool, legacy_ssbd);
+
+/* Must be called only when the SSBD setting needs toggling. */
static void core_set_legacy_ssbd(bool enable)
{
const struct cpuinfo_x86 *c = ¤t_cpu_data;
struct ssbd_ls_cfg *status;
unsigned long flags;
+ BUG_ON(this_cpu(legacy_ssbd) == enable);
+
if ((c->x86 != 0x17 && c->x86 != 0x18) || c->x86_num_siblings <= 1) {
BUG_ON(!set_legacy_ssbd(c, enable));
return;
@@ -816,12 +827,17 @@
*/
return;
+ if (this_cpu(legacy_ssbd) == enable)
+ return;
+
if (cpu_has_virt_ssbd)
wrmsr(MSR_VIRT_SPEC_CTRL, enable ? SPEC_CTRL_SSBD : 0, 0);
else if (amd_legacy_ssbd)
core_set_legacy_ssbd(enable);
else
ASSERT_UNREACHABLE();
+
+ this_cpu(legacy_ssbd) = enable;
}
/*
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/microcode/core.c xen-4.17.1+2-gb773c48e36/xen/arch/x86/cpu/microcode/core.c
--- xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/microcode/core.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/arch/x86/cpu/microcode/core.c 2023-05-16 17:23:29.000000000 +0200
@@ -490,10 +490,7 @@
ret = wait_for_condition(wait_cpu_callin, num_online_cpus(),
MICROCODE_CALLIN_TIMEOUT_US);
if ( ret )
- {
- set_state(LOADING_EXIT);
- return ret;
- }
+ goto out;
/* Control thread loads ucode first while others are in NMI handler. */
ret = alternative_call(ucode_ops.apply_microcode, patch);
@@ -505,8 +502,7 @@
{
printk(XENLOG_ERR
"Late loading aborted: CPU%u failed to update ucode\n", cpu);
- set_state(LOADING_EXIT);
- return ret;
+ goto out;
}
/* Let primary threads load the given ucode update */
@@ -537,6 +533,7 @@
}
}
+ out:
/* Mark loading is done to unblock other threads */
set_state(LOADING_EXIT);
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/arch/x86/genapic/x2apic.c xen-4.17.1+2-gb773c48e36/xen/arch/x86/genapic/x2apic.c
--- xen-4.17.0+74-g3eac216e6e/xen/arch/x86/genapic/x2apic.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/arch/x86/genapic/x2apic.c 2023-05-16 17:23:29.000000000 +0200
@@ -236,11 +236,11 @@
if ( x2apic_phys < 0 )
{
/*
- * Force physical mode if there's no interrupt remapping support: The
- * ID in clustered mode requires a 32 bit destination field due to
+ * Force physical mode if there's no (full) interrupt remapping support:
+ * The ID in clustered mode requires a 32 bit destination field due to
* the usage of the high 16 bits to hold the cluster ID.
*/
- x2apic_phys = !iommu_intremap ||
+ x2apic_phys = iommu_intremap != iommu_intremap_full ||
(acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL) ||
(IS_ENABLED(CONFIG_X2APIC_PHYSICAL) &&
!(acpi_gbl_FADT.flags & ACPI_FADT_APIC_CLUSTER));
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/arch/x86/hvm/hvm.c xen-4.17.1+2-gb773c48e36/xen/arch/x86/hvm/hvm.c
--- xen-4.17.0+74-g3eac216e6e/xen/arch/x86/hvm/hvm.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/arch/x86/hvm/hvm.c 2023-05-16 17:23:29.000000000 +0200
@@ -2332,6 +2332,21 @@
}
else if ( !(value & X86_CR0_PG) && (old_value & X86_CR0_PG) )
{
+ struct segment_register cs;
+
+ hvm_get_segment_register(v, x86_seg_cs, &cs);
+
+ /*
+ * Intel documents a #GP fault in this case, and VMEntry checks reject
+ * it as a valid state. AMD permits the state transition, and hits
+ * SHUTDOWN immediately thereafter. Follow the Intel behaviour.
+ */
+ if ( (v->arch.hvm.guest_efer & EFER_LME) && cs.l )
+ {
+ HVM_DBG_LOG(DBG_LEVEL_1, "Guest attempt to clear CR0.PG in 64bit mode");
+ return X86EMUL_EXCEPTION;
+ }
+
if ( hvm_pcid_enabled(v) )
{
HVM_DBG_LOG(DBG_LEVEL_1, "Guest attempts to clear CR0.PG "
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/arch/x86/hvm/vmx/vmx.c xen-4.17.1+2-gb773c48e36/xen/arch/x86/hvm/vmx/vmx.c
--- xen-4.17.0+74-g3eac216e6e/xen/arch/x86/hvm/vmx/vmx.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/arch/x86/hvm/vmx/vmx.c 2023-05-16 17:23:29.000000000 +0200
@@ -4038,6 +4038,10 @@
case EXIT_REASON_MCE_DURING_VMENTRY:
do_machine_check(regs);
break;
+
+ case EXIT_REASON_INIT:
+ printk(XENLOG_ERR "Error: INIT received - ignoring\n");
+ return; /* Renter the guest without further processing */
}
/* Now enable interrupts so it's safe to take locks. */
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/nospec.h xen-4.17.1+2-gb773c48e36/xen/arch/x86/include/asm/nospec.h
--- xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/nospec.h 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/arch/x86/include/asm/nospec.h 2023-05-16 17:23:29.000000000 +0200
@@ -10,15 +10,26 @@
static always_inline bool barrier_nospec_true(void)
{
#ifdef CONFIG_SPECULATIVE_HARDEN_BRANCH
- alternative("lfence", "", X86_FEATURE_SC_NO_BRANCH_HARDEN);
+ alternative("lfence #nospec-true", "", X86_FEATURE_SC_NO_BRANCH_HARDEN);
#endif
return true;
}
+static always_inline bool barrier_nospec_false(void)
+{
+#ifdef CONFIG_SPECULATIVE_HARDEN_BRANCH
+ alternative("lfence #nospec-false", "", X86_FEATURE_SC_NO_BRANCH_HARDEN);
+#endif
+ return false;
+}
+
/* Allow to protect evaluation of conditionals with respect to speculation */
static always_inline bool evaluate_nospec(bool condition)
{
- return condition ? barrier_nospec_true() : !barrier_nospec_true();
+ if ( condition )
+ return barrier_nospec_true();
+ else
+ return barrier_nospec_false();
}
/* Allow to block speculative execution in generic code */
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/paging.h xen-4.17.1+2-gb773c48e36/xen/arch/x86/include/asm/paging.h
--- xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/paging.h 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/arch/x86/include/asm/paging.h 2023-05-16 17:23:29.000000000 +0200
@@ -152,6 +152,10 @@
/*****************************************************************************
* Log dirty code */
+#define paging_logdirty_levels() \
+ (DIV_ROUND_UP(PADDR_BITS - PAGE_SHIFT - (PAGE_SHIFT + 3), \
+ PAGE_SHIFT - ilog2(sizeof(mfn_t))) + 1)
+
#if PG_log_dirty
/* get the dirty bitmap for a specific range of pfns */
@@ -190,10 +194,6 @@
#define L4_LOGDIRTY_IDX(pfn) ((pfn_x(pfn) >> (PAGE_SHIFT + 3 + PAGETABLE_ORDER * 2)) & \
(LOGDIRTY_NODE_ENTRIES-1))
-#define paging_logdirty_levels() \
- (DIV_ROUND_UP(PADDR_BITS - PAGE_SHIFT - (PAGE_SHIFT + 3), \
- PAGE_SHIFT - ilog2(sizeof(mfn_t))) + 1)
-
#ifdef CONFIG_HVM
/* VRAM dirty tracking support */
struct sh_dirty_vram {
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/arch/x86/livepatch.c xen-4.17.1+2-gb773c48e36/xen/arch/x86/livepatch.c
--- xen-4.17.0+74-g3eac216e6e/xen/arch/x86/livepatch.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/arch/x86/livepatch.c 2023-05-16 17:23:29.000000000 +0200
@@ -61,46 +61,32 @@
int noinline arch_livepatch_quiesce(void)
{
- /* If Shadow Stacks are in use, disable CR4.CET so we can modify CR0.WP. */
- if ( cpu_has_xen_shstk )
- write_cr4(read_cr4() & ~X86_CR4_CET);
-
- /* Disable WP to allow changes to read-only pages. */
- write_cr0(read_cr0() & ~X86_CR0_WP);
+ /*
+ * Relax perms on .text to be RWX, so we can modify them.
+ *
+ * This relaxes perms globally, but all other CPUs are waiting on us.
+ */
+ relax_virtual_region_perms();
+ flush_local(FLUSH_TLB_GLOBAL);
return 0;
}
void noinline arch_livepatch_revive(void)
{
- /* Reinstate WP. */
- write_cr0(read_cr0() | X86_CR0_WP);
-
- /* Clobber dirty bits and reinstate CET, if applicable. */
- if ( IS_ENABLED(CONFIG_XEN_SHSTK) && cpu_has_xen_shstk )
- {
- unsigned long tmp;
-
- reset_virtual_region_perms();
-
- write_cr4(read_cr4() | X86_CR4_CET);
-
- /*
- * Fix up the return address on the shadow stack, which currently
- * points at arch_livepatch_quiesce()'s caller.
- *
- * Note: this is somewhat fragile, and depends on both
- * arch_livepatch_{quiesce,revive}() being called from the same
- * function, which is currently the case.
- *
- * Any error will result in Xen dying with #CP, and its too late to
- * recover in any way.
- */
- asm volatile ("rdsspq %[ssp];"
- "wrssq %[addr], (%[ssp]);"
- : [ssp] "=&r" (tmp)
- : [addr] "r" (__builtin_return_address(0)));
- }
+ /*
+ * Reinstate perms on .text to be RX. This also cleans out the dirty
+ * bits, which matters when CET Shstk is active.
+ *
+ * The other CPUs waiting for us could in principle have re-walked while
+ * we were patching and cached the reduced perms in their TLB. Therefore,
+ * we need to do a global TLB flush.
+ *
+ * However, we can't use Xen's normal global TLB flush infrastructure, so
+ * delay the TLB flush to arch_livepatch_post_action(), which is called on
+ * all CPUs (including us) on the way out of patching.
+ */
+ tighten_virtual_region_perms();
}
int arch_livepatch_verify_func(const struct livepatch_func *func)
@@ -197,6 +183,8 @@
*/
void noinline arch_livepatch_post_action(void)
{
+ /* See arch_livepatch_revive() */
+ flush_local(FLUSH_TLB_GLOBAL);
}
static nmi_callback_t *saved_nmi_callback;
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/arch/x86/mm/shadow/hvm.c xen-4.17.1+2-gb773c48e36/xen/arch/x86/mm/shadow/hvm.c
--- xen-4.17.0+74-g3eac216e6e/xen/arch/x86/mm/shadow/hvm.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/arch/x86/mm/shadow/hvm.c 2023-05-16 17:23:29.000000000 +0200
@@ -814,7 +814,8 @@
/* Only previously present / valid entries need processing. */
if ( !(oflags & _PAGE_PRESENT) ||
- (!p2m_is_valid(p2mt) && !p2m_is_grant(p2mt)) )
+ (!p2m_is_valid(p2mt) && !p2m_is_grant(p2mt)) ||
+ !mfn_valid(omfn) )
return;
switch ( level )
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/arch/x86/mm/shadow/private.h xen-4.17.1+2-gb773c48e36/xen/arch/x86/mm/shadow/private.h
--- xen-4.17.0+74-g3eac216e6e/xen/arch/x86/mm/shadow/private.h 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/arch/x86/mm/shadow/private.h 2023-05-16 17:23:29.000000000 +0200
@@ -324,7 +324,7 @@
return 0;
shadows = pg->shadow_flags & SHF_page_type_mask;
/* More than one type bit set in shadow-flags? */
- return ( (shadows & ~(1UL << find_first_set_bit(shadows))) != 0 );
+ return shadows && (shadows & (shadows - 1));
}
#if (SHADOW_OPTIMIZATIONS & SHOPT_OUT_OF_SYNC)
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/arch/x86/mm.c xen-4.17.1+2-gb773c48e36/xen/arch/x86/mm.c
--- xen-4.17.0+74-g3eac216e6e/xen/arch/x86/mm.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/arch/x86/mm.c 2023-05-16 17:23:29.000000000 +0200
@@ -103,6 +103,7 @@
#include <xen/ioreq.h>
#include <xen/kernel.h>
#include <xen/lib.h>
+#include <xen/livepatch.h>
#include <xen/mm.h>
#include <xen/param.h>
#include <xen/domain.h>
@@ -5891,6 +5892,73 @@
return modify_xen_mappings(s, e, _PAGE_NONE);
}
+/*
+ * Similar to modify_xen_mappings(), but used by the alternatives and
+ * livepatch in weird contexts. All synchronization, TLB flushing, etc is the
+ * responsibility of the caller, and *MUST* not be introduced here.
+ *
+ * Must be limited to XEN_VIRT_{START,END}, i.e. over l2_xenmap[].
+ * Must be called with present flags, and over present mappings.
+ * It is the callers responsibility to not pass s or e in the middle of
+ * superpages if changing the permission on the whole superpage is going to be
+ * a problem.
+ */
+void init_or_livepatch modify_xen_mappings_lite(
+ unsigned long s, unsigned long e, unsigned int _nf)
+{
+ unsigned long v = s, fm, nf;
+
+ /* Set of valid PTE bits which may be altered. */
+#define FLAGS_MASK (_PAGE_NX|_PAGE_DIRTY|_PAGE_ACCESSED|_PAGE_RW|_PAGE_PRESENT)
+ fm = put_pte_flags(FLAGS_MASK);
+ nf = put_pte_flags(_nf & FLAGS_MASK);
+#undef FLAGS_MASK
+
+ ASSERT(nf & _PAGE_PRESENT);
+ ASSERT(IS_ALIGNED(s, PAGE_SIZE) && s >= XEN_VIRT_START);
+ ASSERT(IS_ALIGNED(e, PAGE_SIZE) && e <= XEN_VIRT_END);
+
+ while ( v < e )
+ {
+ l2_pgentry_t *pl2e = &l2_xenmap[l2_table_offset(v)];
+ l2_pgentry_t l2e = l2e_read_atomic(pl2e);
+ unsigned int l2f = l2e_get_flags(l2e);
+
+ ASSERT(l2f & _PAGE_PRESENT);
+
+ if ( l2e_get_flags(l2e) & _PAGE_PSE )
+ {
+ l2e_write_atomic(pl2e, l2e_from_intpte((l2e.l2 & ~fm) | nf));
+
+ v += 1UL << L2_PAGETABLE_SHIFT;
+ continue;
+ }
+
+ /* else descend to l1 */
+ {
+ l1_pgentry_t *pl1t = map_l1t_from_l2e(l2e);
+
+ while ( v < e )
+ {
+ l1_pgentry_t *pl1e = &pl1t[l1_table_offset(v)];
+ l1_pgentry_t l1e = l1e_read_atomic(pl1e);
+ unsigned int l1f = l1e_get_flags(l1e);
+
+ ASSERT(l1f & _PAGE_PRESENT);
+
+ l1e_write_atomic(pl1e, l1e_from_intpte((l1e.l1 & ~fm) | nf));
+
+ v += 1UL << L1_PAGETABLE_SHIFT;
+
+ if ( l2_table_offset(v) == 0 )
+ break;
+ }
+
+ unmap_domain_page(pl1t);
+ }
+ }
+}
+
void __set_fixmap(
enum fixed_addresses idx, unsigned long mfn, unsigned long flags)
{
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/arch/x86/x86_emulate/x86_emulate.c xen-4.17.1+2-gb773c48e36/xen/arch/x86/x86_emulate/x86_emulate.c
--- xen-4.17.0+74-g3eac216e6e/xen/arch/x86/x86_emulate/x86_emulate.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/arch/x86/x86_emulate/x86_emulate.c 2023-05-16 17:23:29.000000000 +0200
@@ -4249,14 +4249,15 @@
goto imul;
case 0x6c ... 0x6d: /* ins %dx,%es:%edi */ {
- unsigned long nr_reps = get_rep_prefix(false, true);
+ unsigned long nr_reps;
unsigned int port = _regs.dx;
dst.bytes = !(b & 1) ? 1 : (op_bytes == 8) ? 4 : op_bytes;
- dst.mem.seg = x86_seg_es;
- dst.mem.off = truncate_ea_and_reps(_regs.r(di), nr_reps, dst.bytes);
if ( (rc = ioport_access_check(port, dst.bytes, ctxt, ops)) != 0 )
goto done;
+ nr_reps = get_rep_prefix(false, true);
+ dst.mem.off = truncate_ea_and_reps(_regs.r(di), nr_reps, dst.bytes);
+ dst.mem.seg = x86_seg_es;
/* Try the presumably most efficient approach first. */
if ( !ops->rep_ins )
nr_reps = 1;
@@ -4290,13 +4291,14 @@
}
case 0x6e ... 0x6f: /* outs %esi,%dx */ {
- unsigned long nr_reps = get_rep_prefix(true, false);
+ unsigned long nr_reps;
unsigned int port = _regs.dx;
dst.bytes = !(b & 1) ? 1 : (op_bytes == 8) ? 4 : op_bytes;
- ea.mem.off = truncate_ea_and_reps(_regs.r(si), nr_reps, dst.bytes);
if ( (rc = ioport_access_check(port, dst.bytes, ctxt, ops)) != 0 )
goto done;
+ nr_reps = get_rep_prefix(true, false);
+ ea.mem.off = truncate_ea_and_reps(_regs.r(si), nr_reps, dst.bytes);
/* Try the presumably most efficient approach first. */
if ( !ops->rep_outs )
nr_reps = 1;
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/common/virtual_region.c xen-4.17.1+2-gb773c48e36/xen/common/virtual_region.c
--- xen-4.17.0+74-g3eac216e6e/xen/common/virtual_region.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/common/virtual_region.c 2023-05-16 17:23:29.000000000 +0200
@@ -92,16 +92,28 @@
remove_virtual_region(r);
}
-#if defined(CONFIG_LIVEPATCH) && defined(CONFIG_XEN_SHSTK)
-void reset_virtual_region_perms(void)
+#if defined(CONFIG_LIVEPATCH) && defined(CONFIG_X86)
+void relax_virtual_region_perms(void)
{
const struct virtual_region *region;
rcu_read_lock(&rcu_virtual_region_lock);
list_for_each_entry_rcu( region, &virtual_region_list, list )
- modify_xen_mappings((unsigned long)region->start,
- ROUNDUP((unsigned long)region->end, PAGE_SIZE),
- PAGE_HYPERVISOR_RX);
+ modify_xen_mappings_lite((unsigned long)region->start,
+ ROUNDUP((unsigned long)region->end, PAGE_SIZE),
+ PAGE_HYPERVISOR_RWX);
+ rcu_read_unlock(&rcu_virtual_region_lock);
+}
+
+void tighten_virtual_region_perms(void)
+{
+ const struct virtual_region *region;
+
+ rcu_read_lock(&rcu_virtual_region_lock);
+ list_for_each_entry_rcu( region, &virtual_region_list, list )
+ modify_xen_mappings_lite((unsigned long)region->start,
+ ROUNDUP((unsigned long)region->end, PAGE_SIZE),
+ PAGE_HYPERVISOR_RX);
rcu_read_unlock(&rcu_virtual_region_lock);
}
#endif
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/drivers/char/ns16550.c xen-4.17.1+2-gb773c48e36/xen/drivers/char/ns16550.c
--- xen-4.17.0+74-g3eac216e6e/xen/drivers/char/ns16550.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/drivers/char/ns16550.c 2023-05-16 17:23:29.000000000 +0200
@@ -1631,13 +1631,6 @@
break;
#ifdef CONFIG_HAS_PCI
- case bridge_bdf:
- if ( !parse_pci(param_value, NULL, &uart->ps_bdf[0],
- &uart->ps_bdf[1], &uart->ps_bdf[2]) )
- PARSE_ERR_RET("Bad port PCI coordinates\n");
- uart->ps_bdf_enable = true;
- break;
-
case device:
if ( strncmp(param_value, "pci", 3) == 0 )
{
@@ -1652,9 +1645,16 @@
break;
case port_bdf:
+ if ( !parse_pci(param_value, NULL, &uart->ps_bdf[0],
+ &uart->ps_bdf[1], &uart->ps_bdf[2]) )
+ PARSE_ERR_RET("Bad port PCI coordinates\n");
+ uart->ps_bdf_enable = true;
+ break;
+
+ case bridge_bdf:
if ( !parse_pci(param_value, NULL, &uart->pb_bdf[0],
&uart->pb_bdf[1], &uart->pb_bdf[2]) )
- PARSE_ERR_RET("Bad port PCI coordinates\n");
+ PARSE_ERR_RET("Bad bridge PCI coordinates\n");
uart->pb_bdf_enable = true;
break;
#endif
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/drivers/passthrough/vtd/dmar.c xen-4.17.1+2-gb773c48e36/xen/drivers/passthrough/vtd/dmar.c
--- xen-4.17.0+74-g3eac216e6e/xen/drivers/passthrough/vtd/dmar.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/drivers/passthrough/vtd/dmar.c 2023-05-16 17:23:29.000000000 +0200
@@ -389,7 +389,7 @@
printk(VTDPREFIX " endpoint: %pp\n",
&PCI_SBDF(seg, bus, path->dev, path->fn));
- if ( drhd )
+ if ( drhd && pci_device_detect(seg, bus, path->dev, path->fn) )
{
if ( pci_conf_read8(PCI_SBDF(seg, bus, path->dev, path->fn),
PCI_CLASS_DEVICE + 1) != 0x03
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/drivers/vpci/msix.c xen-4.17.1+2-gb773c48e36/xen/drivers/vpci/msix.c
--- xen-4.17.0+74-g3eac216e6e/xen/drivers/vpci/msix.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/drivers/vpci/msix.c 2023-05-16 17:23:29.000000000 +0200
@@ -27,6 +27,11 @@
((addr) >= vmsix_table_addr(vpci, nr) && \
(addr) < vmsix_table_addr(vpci, nr) + vmsix_table_size(vpci, nr))
+#define VMSIX_ADDR_SAME_PAGE(addr, vpci, nr) \
+ (PFN_DOWN(addr) >= PFN_DOWN(vmsix_table_addr(vpci, nr)) && \
+ PFN_DOWN(addr) <= PFN_DOWN(vmsix_table_addr(vpci, nr) + \
+ vmsix_table_size(vpci, nr) - 1))
+
static uint32_t cf_check control_read(
const struct pci_dev *pdev, unsigned int reg, void *data)
{
@@ -149,7 +154,7 @@
for ( i = 0; i < ARRAY_SIZE(msix->tables); i++ )
if ( bars[msix->tables[i] & PCI_MSIX_BIRMASK].enabled &&
- VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, i) )
+ VMSIX_ADDR_SAME_PAGE(addr, msix->pdev->vpci, i) )
return msix;
}
@@ -182,36 +187,172 @@
return &msix->entries[(addr - start) / PCI_MSIX_ENTRY_SIZE];
}
-static void __iomem *get_pba(struct vpci *vpci)
+static void __iomem *get_table(struct vpci *vpci, unsigned int slot)
{
struct vpci_msix *msix = vpci->msix;
+ paddr_t addr = 0;
+
+ ASSERT(spin_is_locked(&vpci->lock));
+
+ if ( likely(msix->table[slot]) )
+ return msix->table[slot];
+
+ switch ( slot )
+ {
+ case VPCI_MSIX_TBL_TAIL:
+ addr = vmsix_table_size(vpci, VPCI_MSIX_TABLE);
+ fallthrough;
+ case VPCI_MSIX_TBL_HEAD:
+ addr += vmsix_table_addr(vpci, VPCI_MSIX_TABLE);
+ break;
+
+ case VPCI_MSIX_PBA_TAIL:
+ addr = vmsix_table_size(vpci, VPCI_MSIX_PBA);
+ fallthrough;
+ case VPCI_MSIX_PBA_HEAD:
+ addr += vmsix_table_addr(vpci, VPCI_MSIX_PBA);
+ break;
+
+ default:
+ ASSERT_UNREACHABLE();
+ return NULL;
+ }
+
+ msix->table[slot] = ioremap(round_pgdown(addr), PAGE_SIZE);
+
+ return msix->table[slot];
+}
+
+unsigned int get_slot(const struct vpci *vpci, unsigned long addr)
+{
+ unsigned long pfn = PFN_DOWN(addr);
+
/*
- * PBA will only be unmapped when the device is deassigned, so access it
- * without holding the vpci lock.
+ * The logic below relies on having the tables identity mapped to the guest
+ * address space, or for the `addr` parameter to be translated into its
+ * host physical memory address equivalent.
*/
- void __iomem *pba = read_atomic(&msix->pba);
- if ( likely(pba) )
- return pba;
+ if ( pfn == PFN_DOWN(vmsix_table_addr(vpci, VPCI_MSIX_TABLE)) )
+ return VPCI_MSIX_TBL_HEAD;
+ if ( pfn == PFN_DOWN(vmsix_table_addr(vpci, VPCI_MSIX_TABLE) +
+ vmsix_table_size(vpci, VPCI_MSIX_TABLE) - 1) )
+ return VPCI_MSIX_TBL_TAIL;
+ if ( pfn == PFN_DOWN(vmsix_table_addr(vpci, VPCI_MSIX_PBA)) )
+ return VPCI_MSIX_PBA_HEAD;
+ if ( pfn == PFN_DOWN(vmsix_table_addr(vpci, VPCI_MSIX_PBA) +
+ vmsix_table_size(vpci, VPCI_MSIX_PBA) - 1) )
+ return VPCI_MSIX_PBA_TAIL;
+
+ ASSERT_UNREACHABLE();
+ return -1;
+}
+
+static bool adjacent_handle(const struct vpci_msix *msix, unsigned long addr)
+{
+ unsigned int i;
+
+ if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) )
+ return true;
+
+ if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_TABLE) )
+ return false;
+
+ for ( i = 0; i < ARRAY_SIZE(msix->tables); i++ )
+ if ( VMSIX_ADDR_SAME_PAGE(addr, msix->pdev->vpci, i) )
+ return true;
+
+ return false;
+}
+
+static int adjacent_read(const struct domain *d, const struct vpci_msix *msix,
+ unsigned long addr, unsigned int len,
+ unsigned long *data)
+{
+ const void __iomem *mem;
+ struct vpci *vpci = msix->pdev->vpci;
+ unsigned int slot;
+
+ *data = ~0ul;
+
+ if ( !adjacent_handle(msix, addr + len - 1) )
+ return X86EMUL_OKAY;
+
+ if ( VMSIX_ADDR_IN_RANGE(addr, vpci, VPCI_MSIX_PBA) &&
+ !access_allowed(msix->pdev, addr, len) )
+ /* PBA accesses must be aligned and 4 or 8 bytes in size. */
+ return X86EMUL_OKAY;
+
+ slot = get_slot(vpci, addr);
+ if ( slot >= ARRAY_SIZE(msix->table) )
+ return X86EMUL_OKAY;
+
+ if ( unlikely(!IS_ALIGNED(addr, len)) )
+ {
+ unsigned int i;
+
+ gprintk(XENLOG_DEBUG, "%pp: unaligned read to MSI-X related page\n",
+ &msix->pdev->sbdf);
+
+ /*
+ * Split unaligned accesses into byte sized ones. Shouldn't happen in
+ * the first place, but devices shouldn't have registers in the same 4K
+ * page as the MSIX tables either.
+ *
+ * It's unclear whether this could cause issues if a guest expects
+ * registers to be accessed atomically, it better use an aligned access
+ * if it has such expectations.
+ */
+ for ( i = 0; i < len; i++ )
+ {
+ unsigned long partial = ~0ul;
+ int rc = adjacent_read(d, msix, addr + i, 1, &partial);
+
+ if ( rc != X86EMUL_OKAY )
+ return rc;
- pba = ioremap(vmsix_table_addr(vpci, VPCI_MSIX_PBA),
- vmsix_table_size(vpci, VPCI_MSIX_PBA));
- if ( !pba )
- return read_atomic(&msix->pba);
+ *data &= ~(0xfful << (i * 8));
+ *data |= (partial & 0xff) << (i * 8);
+ }
+
+ return X86EMUL_OKAY;
+ }
spin_lock(&vpci->lock);
- if ( !msix->pba )
+ mem = get_table(vpci, slot);
+ if ( !mem )
{
- write_atomic(&msix->pba, pba);
spin_unlock(&vpci->lock);
+ gprintk(XENLOG_WARNING,
+ "%pp: unable to map MSI-X page, returning all bits set\n",
+ &msix->pdev->sbdf);
+ return X86EMUL_OKAY;
}
- else
+
+ switch ( len )
{
- spin_unlock(&vpci->lock);
- iounmap(pba);
+ case 1:
+ *data = readb(mem + PAGE_OFFSET(addr));
+ break;
+
+ case 2:
+ *data = readw(mem + PAGE_OFFSET(addr));
+ break;
+
+ case 4:
+ *data = readl(mem + PAGE_OFFSET(addr));
+ break;
+
+ case 8:
+ *data = readq(mem + PAGE_OFFSET(addr));
+ break;
+
+ default:
+ ASSERT_UNREACHABLE();
}
+ spin_unlock(&vpci->lock);
- return read_atomic(&msix->pba);
+ return X86EMUL_OKAY;
}
static int cf_check msix_read(
@@ -227,47 +368,11 @@
if ( !msix )
return X86EMUL_RETRY;
- if ( !access_allowed(msix->pdev, addr, len) )
- return X86EMUL_OKAY;
-
- if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) )
- {
- struct vpci *vpci = msix->pdev->vpci;
- unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA);
- const void __iomem *pba = get_pba(vpci);
-
- /*
- * Access to PBA.
- *
- * TODO: note that this relies on having the PBA identity mapped to the
- * guest address space. If this changes the address will need to be
- * translated.
- */
- if ( !pba )
- {
- gprintk(XENLOG_WARNING,
- "%pp: unable to map MSI-X PBA, report all pending\n",
- &msix->pdev->sbdf);
- return X86EMUL_OKAY;
- }
-
- switch ( len )
- {
- case 4:
- *data = readl(pba + idx);
- break;
-
- case 8:
- *data = readq(pba + idx);
- break;
-
- default:
- ASSERT_UNREACHABLE();
- break;
- }
+ if ( adjacent_handle(msix, addr) )
+ return adjacent_read(d, msix, addr, len, data);
+ if ( !access_allowed(msix->pdev, addr, len) )
return X86EMUL_OKAY;
- }
spin_lock(&msix->pdev->vpci->lock);
entry = get_entry(msix, addr);
@@ -303,57 +408,103 @@
return X86EMUL_OKAY;
}
-static int cf_check msix_write(
- struct vcpu *v, unsigned long addr, unsigned int len, unsigned long data)
-{
- const struct domain *d = v->domain;
- struct vpci_msix *msix = msix_find(d, addr);
- struct vpci_msix_entry *entry;
- unsigned int offset;
+static int adjacent_write(const struct domain *d, const struct vpci_msix *msix,
+ unsigned long addr, unsigned int len,
+ unsigned long data)
+{
+ void __iomem *mem;
+ struct vpci *vpci = msix->pdev->vpci;
+ unsigned int slot;
- if ( !msix )
- return X86EMUL_RETRY;
+ if ( !adjacent_handle(msix, addr + len - 1) )
+ return X86EMUL_OKAY;
- if ( !access_allowed(msix->pdev, addr, len) )
+ /*
+ * Only check start and end of the access because the size of the PBA is
+ * assumed to be equal or bigger (8 bytes) than the length of any access
+ * handled here.
+ */
+ if ( VMSIX_ADDR_IN_RANGE(addr, vpci, VPCI_MSIX_PBA) &&
+ (!access_allowed(msix->pdev, addr, len) || !is_hardware_domain(d)) )
+ /* Ignore writes to PBA for DomUs, it's undefined behavior. */
return X86EMUL_OKAY;
- if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) )
+ slot = get_slot(vpci, addr);
+ if ( slot >= ARRAY_SIZE(msix->table) )
+ return X86EMUL_OKAY;
+
+ if ( unlikely(!IS_ALIGNED(addr, len)) )
{
- struct vpci *vpci = msix->pdev->vpci;
- unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA);
- const void __iomem *pba = get_pba(vpci);
-
- if ( !is_hardware_domain(d) )
- /* Ignore writes to PBA for DomUs, it's behavior is undefined. */
- return X86EMUL_OKAY;
+ unsigned int i;
- if ( !pba )
- {
- /* Unable to map the PBA, ignore write. */
- gprintk(XENLOG_WARNING,
- "%pp: unable to map MSI-X PBA, write ignored\n",
- &msix->pdev->sbdf);
- return X86EMUL_OKAY;
- }
+ gprintk(XENLOG_DEBUG, "%pp: unaligned write to MSI-X related page\n",
+ &msix->pdev->sbdf);
- switch ( len )
+ for ( i = 0; i < len; i++ )
{
- case 4:
- writel(data, pba + idx);
- break;
+ int rc = adjacent_write(d, msix, addr + i, 1, data >> (i * 8));
- case 8:
- writeq(data, pba + idx);
- break;
-
- default:
- ASSERT_UNREACHABLE();
- break;
+ if ( rc != X86EMUL_OKAY )
+ return rc;
}
return X86EMUL_OKAY;
}
+ spin_lock(&vpci->lock);
+ mem = get_table(vpci, slot);
+ if ( !mem )
+ {
+ spin_unlock(&vpci->lock);
+ gprintk(XENLOG_WARNING,
+ "%pp: unable to map MSI-X page, dropping write\n",
+ &msix->pdev->sbdf);
+ return X86EMUL_OKAY;
+ }
+
+ switch ( len )
+ {
+ case 1:
+ writeb(data, mem + PAGE_OFFSET(addr));
+ break;
+
+ case 2:
+ writew(data, mem + PAGE_OFFSET(addr));
+ break;
+
+ case 4:
+ writel(data, mem + PAGE_OFFSET(addr));
+ break;
+
+ case 8:
+ writeq(data, mem + PAGE_OFFSET(addr));
+ break;
+
+ default:
+ ASSERT_UNREACHABLE();
+ }
+ spin_unlock(&vpci->lock);
+
+ return X86EMUL_OKAY;
+}
+
+static int cf_check msix_write(
+ struct vcpu *v, unsigned long addr, unsigned int len, unsigned long data)
+{
+ const struct domain *d = v->domain;
+ struct vpci_msix *msix = msix_find(d, addr);
+ struct vpci_msix_entry *entry;
+ unsigned int offset;
+
+ if ( !msix )
+ return X86EMUL_RETRY;
+
+ if ( adjacent_handle(msix, addr) )
+ return adjacent_write(d, msix, addr, len, data);
+
+ if ( !access_allowed(msix->pdev, addr, len) )
+ return X86EMUL_OKAY;
+
spin_lock(&msix->pdev->vpci->lock);
entry = get_entry(msix, addr);
offset = addr & (PCI_MSIX_ENTRY_SIZE - 1);
@@ -482,6 +633,26 @@
}
}
+ if ( is_hardware_domain(d) )
+ {
+ /*
+ * For dom0 only: remove any hypervisor mappings of the MSIX or PBA
+ * related areas, as dom0 is capable of moving the position of the BARs
+ * in the host address space.
+ *
+ * We rely on being called with the vPCI lock held once the domain is
+ * running, so the maps are not in use.
+ */
+ for ( i = 0; i < ARRAY_SIZE(pdev->vpci->msix->table); i++ )
+ if ( pdev->vpci->msix->table[i] )
+ {
+ /* If there are any maps, the domain must be running. */
+ ASSERT(spin_is_locked(&pdev->vpci->lock));
+ iounmap(pdev->vpci->msix->table[i]);
+ pdev->vpci->msix->table[i] = NULL;
+ }
+ }
+
return 0;
}
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/drivers/vpci/vpci.c xen-4.17.1+2-gb773c48e36/xen/drivers/vpci/vpci.c
--- xen-4.17.0+74-g3eac216e6e/xen/drivers/vpci/vpci.c 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/drivers/vpci/vpci.c 2023-05-16 17:23:29.000000000 +0200
@@ -54,9 +54,12 @@
spin_unlock(&pdev->vpci->lock);
if ( pdev->vpci->msix )
{
+ unsigned int i;
+
list_del(&pdev->vpci->msix->next);
- if ( pdev->vpci->msix->pba )
- iounmap(pdev->vpci->msix->pba);
+ for ( i = 0; i < ARRAY_SIZE(pdev->vpci->msix->table); i++ )
+ if ( pdev->vpci->msix->table[i] )
+ iounmap(pdev->vpci->msix->table[i]);
}
xfree(pdev->vpci->msix);
xfree(pdev->vpci->msi);
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/include/Makefile xen-4.17.1+2-gb773c48e36/xen/include/Makefile
--- xen-4.17.0+74-g3eac216e6e/xen/include/Makefile 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/include/Makefile 2023-05-16 17:23:29.000000000 +0200
@@ -34,7 +34,7 @@
headers-$(CONFIG_XENOPROF) += compat/xenoprof.h
headers-$(CONFIG_XSM_FLASK) += compat/xsm/flask_op.h
-headers-n := $(filter-out $(headers-y),$(headers-n) $(headers-))
+headers-n := $(sort $(filter-out $(headers-y),$(headers-n) $(headers-)))
cppflags-y := -include public/xen-compat.h -DXEN_GENERATING_COMPAT_HEADERS
cppflags-$(CONFIG_X86) += -m32
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/include/xen/elfstructs.h xen-4.17.1+2-gb773c48e36/xen/include/xen/elfstructs.h
--- xen-4.17.0+74-g3eac216e6e/xen/include/xen/elfstructs.h 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/include/xen/elfstructs.h 2023-05-16 17:23:29.000000000 +0200
@@ -561,8 +561,8 @@
#endif
#if defined(ELFSIZE) && (ELFSIZE == 32)
-#define PRIxElfAddr "08x"
-#define PRIuElfWord "8u"
+#define PRIxElfAddr PRIx32
+#define PRIuElfWord PRIu32
#define Elf_Ehdr Elf32_Ehdr
#define Elf_Phdr Elf32_Phdr
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/include/xen/mm.h xen-4.17.1+2-gb773c48e36/xen/include/xen/mm.h
--- xen-4.17.0+74-g3eac216e6e/xen/include/xen/mm.h 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/include/xen/mm.h 2023-05-16 17:23:29.000000000 +0200
@@ -100,6 +100,7 @@
unsigned int flags);
/* Alter the permissions of a range of Xen virtual address space. */
int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int flags);
+void modify_xen_mappings_lite(unsigned long s, unsigned long e, unsigned int flags);
int destroy_xen_mappings(unsigned long s, unsigned long e);
/* Retrieve the MFN mapped by VA in Xen virtual address space. */
mfn_t xen_map_to_mfn(unsigned long va);
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/include/xen/virtual_region.h xen-4.17.1+2-gb773c48e36/xen/include/xen/virtual_region.h
--- xen-4.17.0+74-g3eac216e6e/xen/include/xen/virtual_region.h 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/include/xen/virtual_region.h 2023-05-16 17:23:29.000000000 +0200
@@ -33,7 +33,9 @@
void unregister_init_virtual_region(void);
void register_virtual_region(struct virtual_region *r);
void unregister_virtual_region(struct virtual_region *r);
-void reset_virtual_region_perms(void);
+
+void relax_virtual_region_perms(void);
+void tighten_virtual_region_perms(void);
#endif /* __XEN_VIRTUAL_REGION_H__ */
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/include/xen/vpci.h xen-4.17.1+2-gb773c48e36/xen/include/xen/vpci.h
--- xen-4.17.0+74-g3eac216e6e/xen/include/xen/vpci.h 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/include/xen/vpci.h 2023-05-16 17:23:29.000000000 +0200
@@ -133,8 +133,12 @@
bool enabled : 1;
/* Masked? */
bool masked : 1;
- /* PBA map */
- void __iomem *pba;
+ /* Partial table map. */
+#define VPCI_MSIX_TBL_HEAD 0
+#define VPCI_MSIX_TBL_TAIL 1
+#define VPCI_MSIX_PBA_HEAD 2
+#define VPCI_MSIX_PBA_TAIL 3
+ void __iomem *table[4];
/* Entries. */
struct vpci_msix_entry {
uint64_t addr;
diff -Nru xen-4.17.0+74-g3eac216e6e/xen/Makefile xen-4.17.1+2-gb773c48e36/xen/Makefile
--- xen-4.17.0+74-g3eac216e6e/xen/Makefile 2023-03-21 13:47:52.000000000 +0100
+++ xen-4.17.1+2-gb773c48e36/xen/Makefile 2023-05-16 17:23:29.000000000 +0200
@@ -6,7 +6,7 @@
# All other places this is stored (eg. compile.h) should be autogenerated.
export XEN_VERSION = 4
export XEN_SUBVERSION = 17
-export XEN_EXTRAVERSION ?= .1-pre$(XEN_VENDORVERSION)
+export XEN_EXTRAVERSION ?= .2-pre$(XEN_VENDORVERSION)
export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION)
-include xen-version
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
