Linus,
Please git pull the following tag:
git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip.git
for-linus-6.15a-rc6-tag
xen: branch for v6.15-rc6
It contains the following patches:
- A fix for the xenbus driver allowing to use a PVH Dom0 with Xenstore
running in another domain.
- A fi
On Wed, 7 May 2025, Volodymyr Babchuk wrote:
> Add new alpine-based build that enables LibAFL-based fuzzer.
>
> Use this new build to run two fuzzing sessions: hypercall fuzzing and
> gicv2 fuzzing. Currently, this is all the fuzzing modes supported by
> xen fuzzer. Every fuzzing session will run
Rule 13.2 states: "The value of an expression and its persistent side effects
shall be the same under all permitted evaluation orders".
Eclair complains about a Rule 13.2 violations because validate_far_branch()
assigns to rc, and the entirety of commit_far_branch() is also assigned to rc.
I'm un
On 07/05/2025 11:46 pm, victorm.l...@amd.com wrote:
> From: Nicola Vetrini
>
> Rule 13.2 states: "The value of an expression and its persistent
> side effects shall be the same under all permitted evaluation orders".
>
> The full expansion of macro "commit_far_branch" contains an assignment to
> v
On Sat, 10 May 2025, Andrew Cooper wrote:
> On 07/05/2025 11:46 pm, victorm.l...@amd.com wrote:
> > From: Nicola Vetrini
> >
> > Rule 13.2 states: "The value of an expression and its persistent
> > side effects shall be the same under all permitted evaluation orders".
> >
> > The full expansion of
On 10/05/2025 12:28 am, Stefano Stabellini wrote:
> From: Federico Serafini
>
> MISRA C Rule 14.3 states that "Controlling expressions shall not be
> invariant".
>
> Change the #define to static inline to resolve the violation.
>
> Signed-off-by: Federico Serafini
> Signed-off-by: Victor Lira
A
From: Federico Serafini
MISRA C Rule 14.3 states that "Controlling expressions shall not be
invariant".
Change the #define to static inline to resolve the violation.
Signed-off-by: Federico Serafini
Signed-off-by: Victor Lira
diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
ind
On Wed, 7 May 2025, Volodymyr Babchuk wrote:
> LibAFL, which is a part of AFL++ project is a instrument that allows
> us to perform fuzzing on beremetal code (Xen hypervisor in this case)
> using QEMU as an emulator. It employs QEMU's ability to create
> snapshots to run many tests relatively quick
On Fri, 9 May 2025, Teddy Astie wrote:
> Le 09/05/2025 à 23:13, Stefano Stabellini a écrit :
> > On Fri, 9 May 2025, Roger Pau Monné wrote:
> >> On Thu, May 08, 2025 at 04:25:28PM -0700, Stefano Stabellini wrote:
> >>> On Thu, 8 May 2025, Roger Pau Monné wrote:
> On Wed, May 07, 2025 at 04:02:
On 06/05/2025 12:12 am, Stefano Stabellini wrote:
> On Fri, 2 May 2025, victorm.l...@amd.com wrote:
>> diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c
>> b/xen/arch/x86/x86_emulate/x86_emulate.c
>> index 8e14ebb35b..d678855238 100644
>> --- a/xen/arch/x86/x86_emulate/x86_emulate.c
>> +++ b/xen
On Fri, 9 May 2025, Andrew Cooper wrote:
> On 09/05/2025 11:10 pm, Stefano Stabellini wrote:
> > On Fri, 9 May 2025, Andrew Cooper wrote:
> >> The CI improvements have been backported to all Xen branches.
> >>
> >> Remove the transitionary tar/cpio parameter in scripts/alpine-rootfs.sh
> >>
> >> Si
Le 09/05/2025 à 23:13, Stefano Stabellini a écrit :
> On Fri, 9 May 2025, Roger Pau Monné wrote:
>> On Thu, May 08, 2025 at 04:25:28PM -0700, Stefano Stabellini wrote:
>>> On Thu, 8 May 2025, Roger Pau Monné wrote:
On Wed, May 07, 2025 at 04:02:11PM -0700, Stefano Stabellini wrote:
> On Tu
On 09/05/2025 11:10 pm, Stefano Stabellini wrote:
> On Fri, 9 May 2025, Andrew Cooper wrote:
>> The CI improvements have been backported to all Xen branches.
>>
>> Remove the transitionary tar/cpio parameter in scripts/alpine-rootfs.sh
>>
>> Signed-off-by: Andrew Cooper
>> ---
>> CC: Anthony PERAR
On Fri, 9 May 2025, Andrew Cooper wrote:
> The CI improvements have been backported to all Xen branches.
>
> Remove the transitionary tar/cpio parameter in scripts/alpine-rootfs.sh
>
> Signed-off-by: Andrew Cooper
> ---
> CC: Anthony PERARD
> CC: Stefano Stabellini
> CC: Marek Marczykowski-Gór
The CI improvements have been backported to all Xen branches.
Remove the transitionary tar/cpio parameter in scripts/alpine-rootfs.sh
Signed-off-by: Andrew Cooper
---
CC: Anthony PERARD
CC: Stefano Stabellini
CC: Marek Marczykowski-Górecki
---
.gitlab-ci.yml | 27 +-
On Tue, May 06, 2025 at 11:20:12AM +0200, Juergen Gross wrote:
> In order to prepare for some MSR access function reorg work, switch
> most users of native_{read|write}_msr[_safe]() to the more generic
> rdmsr*()/wrmsr*() variants.
>
> For now this will have some intermediate performance impact wi
On Fri, 9 May 2025, Roger Pau Monné wrote:
> On Thu, May 08, 2025 at 06:46:07AM -0400, Stewart Hildebrand wrote:
> > From: Oleksandr Andrushchenko
> >
> > There are two originators for the PCI configuration space access:
> > 1. The domain that owns physical host bridge: MMIO handlers are
> > ther
On Fri, 9 May 2025, Roger Pau Monné wrote:
> On Thu, May 08, 2025 at 04:25:28PM -0700, Stefano Stabellini wrote:
> > On Thu, 8 May 2025, Roger Pau Monné wrote:
> > > On Wed, May 07, 2025 at 04:02:11PM -0700, Stefano Stabellini wrote:
> > > > On Tue, 6 May 2025, Roger Pau Monné wrote:
> > > > > On M
On Thu, 8 May 2025, Stewart Hildebrand wrote:
> On Arm, we expect read handlers to have the bits above the access size
> zeroed. vPCI read handlers may return all 1s. Mask off the bits above
> the access size.
>
> Fixes: 9a5e22b64266 ("xen/arm: check read handler behavior")
> Signed-off-by: Stewar
On 5/9/25 5:47 AM, Alejandro Vallejo wrote:
>> A Linux driver that needs access to userspace memory
>> pages can get it in two different ways:
>>
>> 1. It can pin the pages using the pin_user_pages family of APIs.
>>If these functions succeed, the driver is guaranteed to be
On 5/9/25 6:50 AM, Roger Pau Monné wrote:
> On Fri, May 09, 2025 at 11:47:36AM +0200, Alejandro Vallejo wrote:
>>> A Linux driver that needs access to userspace memory
>>> pages can get it in two different ways:
>>>
>>> 1. It can pin the pages using the pin_user_pages family of APIs
On 5/9/25 5:47 AM, Alejandro Vallejo wrote:
>> 2. It can grab the *current* location of the pages and register an
>>MMU notifier. This works for GPU memory and file-backed memory.
>>However, when the invalidate_range function of this callback, the
>>driver *must* stop a
On 09/05/2025 4:34 pm, Frediano Ziglio wrote:
> On Fri, May 9, 2025 at 4:04 PM Andrew Cooper
> wrote:
>> On 07/05/2025 10:42 am, Frediano Ziglio wrote:
>>> Ross Lagerwall (4):
>>> xen/lib: Export additional sha256 functions
>>> kexec: Include purgatory in Xen
>>> kexec: Implement new EFI lo
Remove a never-implemented description of live patch signing from the
TODO section and document signing as implemented by the following
patches.
Signed-off-by: Ross Lagerwall
---
docs/misc/livepatch.pandoc | 104 ++---
1 file changed, 52 insertions(+), 52 deletion
Split out of "[PATCH 0/8] xen: Untangle mm.h"
https://lore.kernel.org/xen-devel/20250312174513.4075066-1-andrew.coop...@citrix.com/
Andrew Cooper (3):
xen/elfstructs: Include xen/types.h
xen/livepatch: Fix include hierarchy
xen: Sort includes
xen/arch/arm/arm32/livepatch.c | 1 -
xen/ar
elfstructs.h needs the stdint.h types. Two headers arrange this manually, but
elf.h and livepatch.h do not, which breaks source files whose headers are
properly sorted.
elfstructs.h is used by tools too, so use stdint directly outside of Xen.
Clean up trailing whitespace.
Signed-off-by: Andrew
xen/livepatch.h includes public/sysctl.h twice, which can be deduplicated, and
includes asm/livepatch.h meaning that each livepatch.c does not need to
include both.
Comment the #else and #endif cases to aid legibility.
Signed-off-by: Andrew Cooper
---
CC: Anthony PERARD
CC: Michal Orzel
CC: Ja
... needing later adjustment. Drop types.h when it's clearly not needed.
No functional change.
Signed-off-by: Andrew Cooper
Acked-by: Jan Beulich
---
CC: Anthony PERARD
CC: Michal Orzel
CC: Jan Beulich
CC: Julien Grall
CC: Roger Pau Monné
CC: Stefano Stabellini
CC: Volodymyr Babchuk
CC:
On 09/05/2025 4:57 pm, Oleksii Kurochko wrote:
> Add inclusion of xen/bitops.h to asm/cmpxchg.h to avoid compilation issues
> connected to GENMASK() which is used inside asm/cmpxchg.h.
>
> Signed-off-by: Oleksii Kurochko
Acked-by: Andrew Cooper
From: Jennifer Herbert
Verify livepatch signatures against the embedded public key in Xen.
Failing to verify does not prevent the livepatch from being loaded.
In future, this will be changed for certain cases (e.g. when Secure Boot
is enabled).
Signed-off-by: Jennifer Herbert
Signed-off-by: Ros
Introduce the following things:
- p2m_domain structure which describe per p2m-table state.
- Update arch_domain structure with the mentioned above structure.
- p2m_get_hostp2m() to recieve domain's p2m structure.
- Introudce p2m_write_lock() and p2m_is_write_locked().
- p2m_init() to initalize p2m:
On 09/05/2025 4:57 pm, Oleksii Kurochko wrote:
> diff --git a/xen/arch/riscv/include/asm/p2m.h
> b/xen/arch/riscv/include/asm/p2m.h
> index 28f57a74f2..8b46210768 100644
> --- a/xen/arch/riscv/include/asm/p2m.h
> +++ b/xen/arch/riscv/include/asm/p2m.h
> @@ -3,11 +3,73 @@
> #define ASM__RISCV__P2M
These utilities are needed for building and managing RISC-V guest page
tables and MMIO mappings by using functions map_regions_p2mt() and
guest_physmap_add_entry().
To implement p2m mapping functionality the following is introduced:
- Define P2M root level/order and entry count.
- Introdude radix
Refactor pte_t to be a union which hold page table entry plus
pt_t and pt_walk_t structures to simpilfy p2m functions.
Also, introduce some helpers which are using pt_walk_t.
Signed-off-by: Oleksii Kurochko
---
xen/arch/riscv/include/asm/page.h | 54 ++-
1 file chang
In this patch series are introduced necessary functions to build and manage
RISC-V guest page tables and MMIO/RAM mappings.
This patch series is based on the patch [1]:
https://lore.kernel.org/xen-devel/da9273c20dc7ac1c131322e38a8cef361dfd86a9.1746530883.git.oleksii.kuroc...@gmail.com/T/#u
Ole
Implement p2m_set_allocation() to construct p2m pages pool for guests
based on required number of pages.
This is implemented by:
- Adding a `struct paging_domain` which contains a freelist, a
counter variable and a spinlock to `struct arch_domain` to
indicate the free p2m pages and the number
- Extended p2m_type_t with additional types: p2m_ram_ro, p2m_mmio_direct_dev,
p2m_map_foreign_{rw,ro}, p2m_grant_map_{rw,ro}.
- Added macros to classify memory types: P2M_RAM_TYPES, P2M_GRANT_TYPES,
P2M_FOREIGN_TYPES.
- Introduced helper predicates: p2m_is_ram(), p2m_is_foreign(),
p2m_is_any_
Add inclusion of xen/bitops.h to asm/cmpxchg.h to avoid compilation issues
connected to GENMASK() which is used inside asm/cmpxchg.h.
Signed-off-by: Oleksii Kurochko
---
This patch should go first; otherwise one of the further patches of this
patch series could face a compilation issue.
---
xen/
On Fri, May 9, 2025 at 4:04 PM Andrew Cooper wrote:
>
> On 07/05/2025 10:42 am, Frediano Ziglio wrote:
> > Ross Lagerwall (4):
> > xen/lib: Export additional sha256 functions
> > kexec: Include purgatory in Xen
> > kexec: Implement new EFI load types
> > kexec: Support non-page-aligned kex
On 09/05/2025 4:04 pm, Andrew Cooper wrote:
> On 07/05/2025 10:42 am, Frediano Ziglio wrote:
>> Ross Lagerwall (4):
>> xen/lib: Export additional sha256 functions
>> kexec: Include purgatory in Xen
>> kexec: Implement new EFI load types
>> kexec: Support non-page-aligned kexec segments
> I
On 07/05/2025 10:42 am, Frediano Ziglio wrote:
> Ross Lagerwall (4):
> xen/lib: Export additional sha256 functions
> kexec: Include purgatory in Xen
> kexec: Implement new EFI load types
> kexec: Support non-page-aligned kexec segments
I realise a lot of this is coming from kexec-tools and
When vpci fails to initialize a legacy capability of device, it just
returns an error and vPCI gets disabled for the whole device. That
most likely renders the device unusable, plus possibly causing issues
to Xen itself if guest attempts to program the native MSI or MSI-X
capabilities if present.
Define requirements for specific commands.
Signed-off-by: Ayan Kumar Halder
---
Changes from -
v1 - 1. Reworded the requirement so as to avoid mentioining variable names
or hardcoded strings. Otherwise, one would need to change the requirement
each time the code changes.
v2 - 1. Moved few chang
Define the requirements which are common for all the commands for XEN_VERSION
hypercall.
Signed-off-by: Ayan Kumar Halder
---
Changes from -
v1 - 1. Fixed `XenProd~version_hyp_ret_val~1` requirement as Xen does not return
0 for success in all the cases.
2. Reworded the requirements so as to writ
On Fri, May 09, 2025 at 11:47:36AM +0200, Alejandro Vallejo wrote:
> > A Linux driver that needs access to userspace memory
> > pages can get it in two different ways:
> >
> > 1. It can pin the pages using the pin_user_pages family of APIs.
> >If these functions succeed, the
When init_rebar() fails, the previous new changes will hide Rebar
capability, it can't rely on vpci_deassign_device() to remove all
Rebar related registers anymore, those registers must be removed
in cleanup function of Rebar.
To do that, call vpci_remove_registers() to remove all possible
registe
On 09/05/2025 9:14 am, Roger Pau Monné wrote:
> On Thu, May 08, 2025 at 05:03:36PM +0100, Andrew Cooper wrote:
>> The text for CONFIG_INDIRECT_THUNK isn't really correct, and was already
>> stale
>> by the time speculative vulnerabilities hit the headlines in 2018. It is
>> specifically an out-of
> A Linux driver that needs access to userspace memory
> pages can get it in two different ways:
>
> 1. It can pin the pages using the pin_user_pages family of APIs.
>If these functions succeed, the driver is guaranteed to be able
>to access the pages until it unpins
[Public]
Hi,
> -Original Message-
> From: Jan Beulich
> Sent: Wednesday, April 30, 2025 10:42 PM
> To: Penny, Zheng
> Cc: Huang, Ray ; Anthony PERARD
> ; xen-devel@lists.xenproject.org
> Subject: Re: [PATCH v4 14/15] tools/xenpm: remove px_cap dependency check
> for average frequency
>
On Thu, May 08, 2025 at 06:01:56PM +0100, Ross Lagerwall wrote:
> From: Kevin Lampis
>
> The livepatch list sysctl writes metadata into a buffer provided by the
> caller. The caller is expected to allocate an appropriately sized buffer
> but this is racy and may result in Xen writing beyond the e
On Thu, May 08, 2025 at 06:46:07AM -0400, Stewart Hildebrand wrote:
> From: Oleksandr Andrushchenko
>
> There are two originators for the PCI configuration space access:
> 1. The domain that owns physical host bridge: MMIO handlers are
> there so we can update vPCI register handlers with the valu
When init_msix() fails, it needs to clean all MSIX resources.
So, add a new function to do that.
Signed-off-by: Jiqian Chen
---
cc: "Roger Pau Monné"
---
v3->v4 changes:
* Change function name from fini_msix() to cleanup_msix().
* Change to use XFREE to free vpci->msix.
* In cleanup function, ch
When init_msi() fails, the previous new changes will hide MSI
capability, it can't rely on vpci_deassign_device() to remove
all MSI related resources anymore, those resources must be
removed in cleanup function of MSI.
To do that, add a new function to free MSI resources.
Signed-off-by: Jiqian Ch
vpci_remove_register() only supports removing a register in a time,
but the follow-on changes need to remove all registers within a range.
So, refactor it to support removing all matched registers in a calling
time.
And it is no matter to remove a non exist register, so remove the
__must_check pre
Current logic of emulating legacy capability list is only for domU.
So, expand it to emulate for dom0 too. Then it will be easy to hide
a capability whose initialization fails in a function.
And restrict adding PCI_STATUS register only for domU since dom0
has no limitation to access that register.
Refactor REGISTER_VPCI_INIT to contain more capability specific
information, this is benefit for follow-on changes to hide capability
when initialization fails.
What's more, change the definition of init_header() since it is
not a capability and it is needed for all devices' PCI config space.
Aft
No functional changes.
Follow-on changes will benifit from this.
Signed-off-by: Jiqian Chen
Acked-by: Roger Pau Monné
---
cc: "Roger Pau Monné"
---
v3->v4 changes:
* Add Acked-by of Roger.
v2->v3 changes:
new patch.
Best regards,
Jiqian Chen.
---
xen/drivers/vpci/header.c | 138 +
Add a new function to emulate extended capability list for dom0,
and call it in init_header(). So that it will be easy to hide a
extended capability whose initialization fails.
As for the extended capability list of domU, just move the logic
into above function and keep hiding it for domU.
Signed
When vpci fails to initialize a extended capability of device, it
just returns an error and vPCI gets disabled for the whole device.
So, add function to hide extended capability when initialization
fails. And remove the failed extended capability handler from vpci
extended capability list.
Signed
Hi,
This series is to
emulate legacy and extended capability list for dom0, including patch #1, #2,
#3.
hide legacy and extended capability when its initialization fails, including
patch #4, #5, #6.
remove all related registers and other resources when initializing capability
fails, including p
On Fri, May 09, 2025 at 12:52:28AM -0400, Demi Marie Obenour wrote:
> On 5/8/25 3:52 AM, Roger Pau Monné wrote:
> > On Wed, May 07, 2025 at 08:36:07PM -0400, Demi Marie Obenour wrote:
> >> On 5/7/25 1:39 PM, Roger Pau Monné wrote:
> >>> On Tue, May 06, 2025 at 04:56:12PM -0400, Demi Marie Obenour w
On Thu, May 08, 2025 at 04:25:28PM -0700, Stefano Stabellini wrote:
> On Thu, 8 May 2025, Roger Pau Monné wrote:
> > On Wed, May 07, 2025 at 04:02:11PM -0700, Stefano Stabellini wrote:
> > > On Tue, 6 May 2025, Roger Pau Monné wrote:
> > > > On Mon, May 05, 2025 at 11:11:10AM -0700, Stefano Stabell
On 5/6/2025 2:20 AM, Juergen Gross wrote:
Instead of having callback functions for rdmsr/wrmsr on native, switch
to inline the respective instructions directly in order to avoid
overhead with the call interface.
To me, this is a beneficial addition to the existing pvops MSR code.
This requir
On Thu, May 08, 2025 at 05:03:36PM +0100, Andrew Cooper wrote:
> The text for CONFIG_INDIRECT_THUNK isn't really correct, and was already stale
> by the time speculative vulnerabilities hit the headlines in 2018. It is
> specifically an out-of-line-ing mechansim, and repoline is one of several
> s
Hi Stefano,
On 5/9/25 1:14 AM, Stefano Stabellini wrote:
> On Wed, 7 May 2025, Christoph Hellwig wrote:
>> On Wed, May 07, 2025 at 04:09:15PM -0700, Stefano Stabellini wrote:
This mapping is not for a RAM backed address. In the eDMA case for the
iMX8QXP the `phys` coming in here is the a
65 matches
Mail list logo
