im itself, only of the rest of the system.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
As per private discussion with Theo de Raadt, OpenBSD does not consider
bugs in its xnf(4) that allow a backend to cause mischief to be security
issues. I believe the same applies to its xbf(4). Should the support
document be updated?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible
On 3/24/22 10:11, Roger Pau Monné wrote:
> On Thu, Mar 24, 2022 at 09:56:29AM -0400, Demi Marie Obenour wrote:
>> As per private discussion with Theo de Raadt, OpenBSD does not consider
>> bugs in its xnf(4) that allow a backend to cause mischief to be security
>> issues
On 3/24/22 18:21, Marek Marczykowski-Górecki wrote:
> On Thu, Mar 24, 2022 at 11:49:14AM -0400, Demi Marie Obenour wrote:
>> On 3/24/22 10:11, Roger Pau Monné wrote:
>>> On Thu, Mar 24, 2022 at 09:56:29AM -0400, Demi Marie Obenour wrote:
>>>> As per private discussi
take a few tries.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
On 3/25/22 18:42, Chris Cappuccio wrote:
> Demi Marie Obenour [d...@invisiblethingslab.com] wrote:
>> Linux???s netfront and blkfront drivers recently had a security
>> vulnerability (XSA-396) that allowed a malicious backend to potentially
>> compromise them. In follow-up
On 3/27/22 21:45, Damien Miller wrote:
> On Fri, 25 Mar 2022, Demi Marie Obenour wrote:
>
>> Linux’s netfront and blkfront drivers recently had a security
>> vulnerability (XSA-396) that allowed a malicious backend to potentially
>> compromise them. In follow-up audits
On 3/28/22 10:39, Mark Kettenis wrote:
>> Date: Mon, 28 Mar 2022 09:51:22 -0400
>> From: Demi Marie Obenour
>>
>> On 3/27/22 21:45, Damien Miller wrote:
>>> On Fri, 25 Mar 2022, Demi Marie Obenour wrote:
>>>
>>>> Linux’s netfront and blkfr
On 3/29/22 04:16, Claudio Jeker wrote:
> On Mon, Mar 28, 2022 at 04:38:33PM -0400, Demi Marie Obenour wrote:
>> On 3/28/22 10:39, Mark Kettenis wrote:
>>>> Date: Mon, 28 Mar 2022 09:51:22 -0400
>>>> From: Demi Marie Obenour
>>>>
>>>> On
access the ESRT. Additionally, Xen must mark the memory
as reserved, so that Linux knows accessing it is safe.
See https://lore.kernel.org/xen-devel/20200818184018.GN1679@mail-itl/T/
for details.
Signed-off-by: Demi Marie Obenour
---
xen/arch/arm/efi/efi-boot.h | 9 +++--
xen/arch/x86/efi/efi
>(desc_ptr->Type == EfiBootServicesCode ||
> > desc_ptr->Type == EfiBootServicesData))) )
> > {
> >
>
> I see CC list is pretty small, did you forget to add the maintainers?
Yeah, I did indeed forget.
> Cheers,
> Luca
>
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
access the ESRT. Additionally, Xen must mark the memory
as reserved, so that Linux knows accessing it is safe.
See https://lore.kernel.org/xen-devel/20200818184018.GN1679@mail-itl/T/
for details.
Signed-off-by: Demi Marie Obenour
---
xen/arch/arm/efi/efi-boot.h | 9 +++--
xen/arch/x86/efi/efi
On Wed, Apr 06, 2022 at 12:10:17PM +0200, Jan Beulich wrote:
> On 02.04.2022 01:14, Demi Marie Obenour wrote:
> > The EFI System Resource Table (ESRT) is necessary for fwupd to identify
> > firmware updates to install. According to the UEFI specification §23.4,
> > the tab
overflow check
- Remove BUILD_BUG_ON()s
- Avoid overriding attribute of memory descriptor containing ESRT
Changes since v1:
- Remove the esrt_status enum
- Use EFI types
- Fix style nits
- Remove an unused overflow check
Demi Marie Obenour (4):
Grab the EFI System Resource Table and check it
Add
access the ESRT. Additionally, Xen must mark the memory
as reserved, so that Linux knows accessing it is safe.
See https://lore.kernel.org/xen-devel/20200818184018.GN1679@mail-itl/T/
for details.
Signed-off-by: Demi Marie Obenour
---
xen/arch/arm/efi/efi-boot.h | 1 +
xen/arch/x86/efi/efi-boot.h
access the ESRT. Additionally, Xen must mark the memory
as reserved, so that Linux knows accessing it is safe.
See https://lore.kernel.org/xen-devel/20200818184018.GN1679@mail-itl/T/
for details.
Signed-off-by: Demi Marie Obenour
---
xen/arch/arm/efi/efi-boot.h | 1 +
xen/arch/x86/efi/efi-boot.h
xen/arch/x86/include/asm/e820.h
index 92f5efa4f5..98eca96425 100644
--- a/xen/arch/x86/include/asm/e820.h
+++ b/xen/arch/x86/include/asm/e820.h
@@ -16,7 +16,7 @@ struct __packed e820entry {
uint32_t type;
};
-#define E820MAX1024
+#define E820MAX1026
struct e820map {
unsigned int nr_map;
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
/* Int16, Fn02: Get keyboard shift flags. */
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
x27;d at offset 0, such as Wayland. If @count is set to 0, this
+ * ioctl will fail.
*/
#define IOCTL_GNTDEV_MAP_GRANT_REF \
_IOC(_IOC_NONE, 'G', 0, sizeof(struct ioctl_gntdev_map_grant_ref))
--
Sincerely,
Demi Marie Obenour
she/her/hers
OpenPGP_0xB288B55FFF9C22C1.asc
Description: Ope
. Document both of these.
Signed-off-by: Demi Marie Obenour
---
include/uapi/xen/gntdev.h | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/include/uapi/xen/gntdev.h b/include/uapi/xen/gntdev.h
index 9ac5515b9bc2..7a7145395c09 100644
--- a/include/uapi/xen/gntdev.h
+++ b
t; "$loopdev"
write_dev "$loopdev"
release_lock "block"
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
On Thu, Aug 18, 2022 at 09:02:11AM +0200, Jan Beulich wrote:
> On 17.08.2022 22:46, Demi Marie Obenour wrote:
> > This is a huge performance improvement for two reasons:
> >
> > 1. It uses the filesystem’s asynchronous I/O support, rather than using
> >synchronous
On Thu, Aug 18, 2022 at 04:12:10PM +0200, Jan Beulich wrote:
> On 18.08.2022 16:04, Demi Marie Obenour wrote:
> > On Thu, Aug 18, 2022 at 09:02:11AM +0200, Jan Beulich wrote:
> >> On 17.08.2022 22:46, Demi Marie Obenour wrote:
> >>> --- a/tools/hotplug/Linux/block
&
or other random bit-flips.
Marek, do you have any suggestions?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
info->mem.addr;
+info->mem.size = len - (info->mem.addr - desc->PhysicalStart);
+
return 0;
}
}
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
On Thu, Aug 25, 2022 at 09:59:56AM +0200, Jan Beulich wrote:
> On 24.08.2022 23:04, Demi Marie Obenour wrote:
> > The XEN_FW_EFI_MEM_INFO platform op has very surprising behavior: it
> > only sets info->mem.size if the initial value was *larger* than the size
> > of the
This is needed for fwupd to work in Qubes OS.
Signed-off-by: Demi Marie Obenour
---
drivers/firmware/efi/esrt.c | 34 --
drivers/xen/efi.c | 33 +
include/linux/efi.h | 10 ++
3 files changed, 67
On Fri, Aug 26, 2022 at 09:53:29AM +0200, Jan Beulich wrote:
> On 25.08.2022 23:52, Demi Marie Obenour wrote:
> > @@ -40,6 +41,38 @@
> >
> > #define efi_data(op) (op.u.efi_runtime_call)
> >
> > +static_assert(XEN_PAGE_SHIFT == EFI_PAGE_SHIFT,
>
On Fri, Aug 26, 2022 at 09:18:50AM +0200, Jan Beulich wrote:
> On 25.08.2022 22:36, Demi Marie Obenour wrote:
> > On Thu, Aug 25, 2022 at 09:59:56AM +0200, Jan Beulich wrote:
> >> On 24.08.2022 23:04, Demi Marie Obenour wrote:
> >>> Fix both of these problems by unco
This is needed for fwupd to work in Qubes OS.
Signed-off-by: Demi Marie Obenour
---
Changes since v1:
- Use a different type (struct xen_efi_mem_info) for memory information
provided by Xen, as Xen reports it in a different way than the
standard Linux functions do.
drivers/firmware/efi
On Wed, Aug 24, 2022 at 08:11:56AM +0200, Juergen Gross wrote:
> On 24.08.22 02:20, Marek Marczykowski-Górecki wrote:
> > On Tue, Aug 23, 2022 at 09:48:57AM +0200, Juergen Gross wrote:
> > > On 23.08.22 09:40, Demi Marie Obenour wrote:
> > > > I recently had a VM’s
On Mon, Aug 29, 2022 at 04:39:29PM +0200, Marek Marczykowski-Górecki wrote:
> On Mon, Aug 29, 2022 at 02:55:55PM +0200, Juergen Gross wrote:
> > On 28.08.22 07:15, Demi Marie Obenour wrote:
> > > On Wed, Aug 24, 2022 at 08:11:56AM +0200, Juergen Gross wrote:
> > >
On Mon, Aug 29, 2022 at 02:55:55PM +0200, Juergen Gross wrote:
> On 28.08.22 07:15, Demi Marie Obenour wrote:
> > On Wed, Aug 24, 2022 at 08:11:56AM +0200, Juergen Gross wrote:
> > > On 24.08.22 02:20, Marek Marczykowski-Górecki wrote:
> > > > On Tue, Aug 23, 202
unconditionally and ignoring guest attempts
to change it.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
On Mon, Sep 05, 2022 at 01:46:54PM +0200, Ard Biesheuvel wrote:
> On Sun, 28 Aug 2022 at 04:52, Demi Marie Obenour
> wrote:
> >
> > This is needed for fwupd to work in Qubes OS.
> >
>
> Please elaborate on:
Will do in v3.
> - the current situation
The ESRT i
On Tue, Sep 06, 2022 at 08:49:54AM +0200, Jan Beulich wrote:
> On 26.08.2022 20:01, Demi Marie Obenour wrote:
> > On Fri, Aug 26, 2022 at 09:53:29AM +0200, Jan Beulich wrote:
> >> On 25.08.2022 23:52, Demi Marie Obenour wrote:
> >>> @@ -40,6 +41,38 @@
>
On Tue, Sep 06, 2022 at 10:01:00AM +, Andrew Cooper wrote:
> On 06/09/2022 10:52, Jan Beulich wrote:
> > On 02.09.2022 04:05, Demi Marie Obenour wrote:
> >> On Intel chips (Ice Lake and later) and ARM64, a bit needs to be set in
> >> a CPU register to enforce cons
On Tue, Sep 13, 2022 at 04:47:24PM +0200, Jan Beulich wrote:
> On 13.09.2022 16:22, Demi Marie Obenour wrote:
> > On Tue, Sep 06, 2022 at 10:01:00AM +, Andrew Cooper wrote:
> >> On 06/09/2022 10:52, Jan Beulich wrote:
> >>> On 02.09.2022 04:05, Demi Marie Obenou
On Wed, Sep 14, 2022 at 08:36:02AM +0200, Jan Beulich wrote:
> On 13.09.2022 19:22, Demi Marie Obenour wrote:
> > On Tue, Sep 13, 2022 at 04:47:24PM +0200, Jan Beulich wrote:
> >> On 13.09.2022 16:22, Demi Marie Obenour wrote:
> >>> On Tue, Sep 06, 2022 at 10:01:0
On Wed, Sep 14, 2022 at 08:44:25AM +0200, Jan Beulich wrote:
> On 14.09.2022 08:40, Demi Marie Obenour wrote:
> > On Wed, Sep 14, 2022 at 08:36:02AM +0200, Jan Beulich wrote:
> >> On 13.09.2022 19:22, Demi Marie Obenour wrote:
> >>> On Tue, Sep 13, 2022 at 04:47
On Wed, Sep 14, 2022 at 09:32:20AM +0200, Jan Beulich wrote:
> On 14.09.2022 09:11, Demi Marie Obenour wrote:
> > On Wed, Sep 14, 2022 at 08:44:25AM +0200, Jan Beulich wrote:
> >> On 14.09.2022 08:40, Demi Marie Obenour wrote:
> >>> On Wed, Sep 14, 2022 at 08:36
ontrol, put command line option
> and Kconfig control in common files.
>
> [1]
> https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html
>
> Requested-by: Demi Marie Obenour
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, Sep 15, 2022 at 01:56:06PM +0100, Julien Grall wrote:
> Hi Demi,
>
> On 15/09/2022 12:24, Demi Marie Obenour wrote:
> > On Thu, Sep 15, 2022 at 12:04:55PM +0200, Jan Beulich wrote:
> > > [1] specifies a long list o
existing drivers include less attack surface (since the
peer is no longer network-adjacent), slightly better performance, and no
need for ARP or NDP traffic.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
it is, parse it as if not running under
Xen. This allows programs such as fwupd which require the ESRT to run
under Xen, and so makes fwupd support in Qubes OS possible.
Signed-off-by: Demi Marie Obenour
---
Changes since v2:
- Massively updated commit message.
- Fetch the ESRT inline in drivers
On Mon, Sep 19, 2022 at 01:46:59PM -0700, Elliott Mitchell wrote:
> On Sun, Sep 18, 2022 at 08:41:25AM -0400, Demi Marie Obenour wrote:
> > How difficult would it be to provide layer 3 (point-to-point) versions
> > of the existing netfront and netback drivers? Ideally, these
On Mon, Sep 19, 2022 at 04:21:27PM -0700, Elliott Mitchell wrote:
> On Mon, Sep 19, 2022 at 05:41:05PM -0400, Demi Marie Obenour wrote:
> > On Mon, Sep 19, 2022 at 01:46:59PM -0700, Elliott Mitchell wrote:
> > > On Sun, Sep 18, 2022 at 08:41:25AM -0400, Demi Marie Obenour
This patch series fixes handling of EFI tables when running under Xen.
These fixes allow the ESRT to be loaded when running paravirtualized in
dom0, making the use of EFI capsule updates possible.
Demi Marie Obenour (5):
efi: memmap: Disregard bogus entries instead of returning them
efi: xen
The ESRT can be parsed if EFI_PARAVIRT is enabled, even if EFI_MEMMAP is
not. Also allow the ESRT to be in reclaimable memory, as that is where
future Xen versions will put it.
Reported-by: Marek Marczykowski-Górecki
Signed-off-by: Demi Marie Obenour
Tested-by: Marek Marczykowski-Górecki
Signed-off-by: Demi Marie Obenour
Tested-by: Marek Marczykowski-Górecki
---
drivers/firmware/efi/efi.c | 7 +++
drivers/xen/efi.c | 25 +
include/linux/efi.h| 2 ++
3 files changed, 34 insertions(+)
diff --git a/drivers/firmware/efi/efi.c b/drivers
ever, none of the callers of
efi_mem_desc_lookup() currently care about this. In the future, Xen may
gain a hypercall that returns the actual start address, which can be
used instead.
Co-developed-by: Ard Biesheuvel
Signed-off-by: Ard Biesheuvel
Signed-off-by: Demi Marie Obenour
Tested
Doing so cannot work and should never happen.
Signed-off-by: Demi Marie Obenour
Tested-by: Marek Marczykowski-Górecki
---
drivers/firmware/efi/efi.c | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index
From: Demi Marie Obenour
This allows specifying a disk sequence number in XenStore. If it does
not match the disk sequence number of the underlying device, the device
will not be exported and a warning will be logged. Userspace can use
this to eliminate race conditions due to major/minor
insecure.
- The DM_DEV_CREATE ioctl gains a new flag. Unknown flags were
previously ignored, so this could theoretically break buggy userspace
tools.
- I have no idea if I got the block device reference counting and
locking correct.
Demi Marie Obenour (7):
block: Support creating a struct
No functional change intended.
Signed-off-by: Demi Marie Obenour
---
drivers/block/xen-blkback/blkback.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/block/xen-blkback/blkback.c
b/drivers/block/xen-blkback/blkback.c
index
This allows userspace to use block devices with delete-on-close
behavior, which is necessary to ensure virtual devices (such as loop or
device-mapper devices) are cleaned up automatically. Protocol details
are included in comments.
Signed-off-by: Demi Marie Obenour
---
drivers/block/xen
What would be involved in supporting regular files in Linux blkback? Is
it just a matter of using the call_{read,write}_iter functions for read
and write, and punting the work that cannot be done asynchronously to a
thread pool? Or is it more complex than that?
--
Sincerely,
Demi Marie Obenour
On Thu, Feb 02, 2023 at 11:50:37AM -0500, Mike Snitzer wrote:
> On Wed, Jan 25 2023 at 10:33P -0500,
> Demi Marie Obenour wrote:
>
> > This work aims to allow userspace to create and destroy block devices
> > in a race-free and leak-free way,
>
> "race-free and l
On Thu, Feb 02, 2023 at 02:56:34PM -0500, Mike Snitzer wrote:
> On Thu, Feb 02 2023 at 1:41P -0500,
> Demi Marie Obenour wrote:
>
> > On Thu, Feb 02, 2023 at 11:50:37AM -0500, Mike Snitzer wrote:
> > > On Wed, Jan 25 2023 at 10:33P -0500,
> > > Demi Marie Ob
intk("%s g.e. %#x (pfn %#lx)\n",
- what, ref, page ? page_to_pfn(page) : -1);
}
+module_param(free_per_iteration, uint, 0600);
+
int gnttab_try_end_foreign_access(grant_ref_t ref)
{
int ret = _gnttab_end_foreign_access_ref(ref);
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
opers can
enable them using the dynamic debug mechanism.
Fixes: QubesOS/qubes-issues#7410 (memory leak)
Fixes: QubesOS/qubes-issues#7359 (excessive logging)
Fixes: 569ca5b3f94c ("xen/gnttab: add deferred freeing logic")
Cc: sta...@vger.kernel.org
Signed-off-by: Demi Marie Obenour
.
Signed-off-by: Demi Marie Obenour
---
Config.mk| 20 ++--
README | 4 ++--
automation/build/centos/CentOS-7.2.repo | 8
automation/build/debian/stretch-llvm-8.list | 4 ++--
automation/build
On Mon, Feb 06, 2023 at 07:27:05PM -0800, Elliott Mitchell wrote:
> On Mon, Feb 06, 2023 at 10:10:33PM -0500, Demi Marie Obenour wrote:
> > Obtaining code over an insecure transport is a terrible idea for
> > blatently obvious reasons. Even for non-executable data, insecure
>
On Tue, Feb 07, 2023 at 05:16:21AM +0100, Marek Marczykowski-Górecki wrote:
> On Mon, Feb 06, 2023 at 10:10:33PM -0500, Demi Marie Obenour wrote:
> > Obtaining code over an insecure transport is a terrible idea for
> > blatently obvious reasons. Even for non-executable
Obtaining code over an insecure transport is a terrible idea for
blatently obvious reasons. Even for non-executable data, insecure
transports are considered deprecated.
This patch enforces the use of secure transports in automation and CI.
Signed-off-by: Demi Marie Obenour
---
README
Obtaining code over an insecure transport is a terrible idea for
blatently obvious reasons. Even for non-executable data, insecure
transports are considered deprecated.
This patch enforces the use of secure transports in the build system.
Signed-off-by: Demi Marie Obenour
---
Config.mk
Obtaining code over an insecure transport is a terrible idea for
blatently obvious reasons. Even for non-executable data, insecure
transports are considered deprecated.
Demi Marie Obenour (4):
Build system: Replace git:// and http:// with https://
Automation and CI: Replace git:// and http
-off-by: Demi Marie Obenour
---
This patch might well have flaws, not least due to its sheer size.
COPYING | 4 ++--
CREDITS | 2 +-
README| 4 ++--
SUPPORT.md
On Wed, Feb 08, 2023 at 08:26:37AM +, Julien Grall wrote:
> Hi,
>
> On 08/02/2023 07:40, Jan Beulich wrote:
> > On 08.02.2023 05:51, Demi Marie Obenour wrote:
> > > --- a/xen/drivers/passthrough/pci.c
> > > +++ b/xen/drivers/passthrough/pci.c
> > >
Obtaining code over an insecure transport is a terrible idea for
blatently obvious reasons. Even for non-executable data, insecure
transports are considered deprecated.
This patch enforces the use of secure transports in the build system.
Signed-off-by: Demi Marie Obenour
---
Config.mk
Obtaining code over an insecure transport is a terrible idea for
blatently obvious reasons. Even for non-executable data, insecure
transports are considered deprecated.
Demi Marie Obenour (4):
Build system: Replace git:// and http:// with https://
Automation and CI: Replace git:// and http
Obtaining code over an insecure transport is a terrible idea for
blatently obvious reasons. Even for non-executable data, insecure
transports are considered deprecated.
This patch enforces the use of secure transports in automation and CI.
Signed-off-by: Demi Marie Obenour
---
README
-off-by: Demi Marie Obenour
---
COPYING | 4 ++--
CREDITS | 2 +-
README| 4 ++--
SUPPORT.md| 2 +-
docs/features/feature-levelling.pandoc
On Wed, Feb 08, 2023 at 02:58:38PM -0800, Stefano Stabellini wrote:
> On Wed, 8 Feb 2023, Demi Marie Obenour wrote:
> > Obtaining code over an insecure transport is a terrible idea for
> > blatently obvious reasons. Even for non-executable data, insecure
> > transports are
On Thu, Feb 09, 2023 at 02:03:34PM +, George Dunlap wrote:
> On Wed, Feb 8, 2023 at 8:59 PM Demi Marie Obenour <
> d...@invisiblethingslab.com> wrote:
>
> > Obtaining code over an insecure transport is a terrible idea for
> > blatently obvious reasons. Even for no
On Thu, Feb 09, 2023 at 02:01:52PM +, George Dunlap wrote:
> On Wed, Feb 8, 2023 at 8:58 PM Demi Marie Obenour <
> d...@invisiblethingslab.com> wrote:
>
> > Obtaining code over an insecure transport is a terrible idea for
> > blatently obvious reasons. Even for no
On Thu, Feb 09, 2023 at 02:25:07PM +, George Dunlap wrote:
> On Wed, Feb 8, 2023 at 8:59 PM Demi Marie Obenour <
> d...@invisiblethingslab.com> wrote:
>
> > Obtaining code over an insecure transport is a terrible idea for
> > blatently obvious reasons. Even for no
On Mon, Feb 13, 2023 at 10:26:11AM +0100, Juergen Gross wrote:
> On 07.02.23 03:10, Demi Marie Obenour wrote:
> > When a grant entry is still in use by the remote domain, Linux must put
> > it on a deferred list. Normally, this list is very short, because
> > the PV networ
On Tue, Feb 14, 2023 at 08:51:09AM +0100, Juergen Gross wrote:
> On 13.02.23 22:01, Demi Marie Obenour wrote:
> > On Mon, Feb 13, 2023 at 10:26:11AM +0100, Juergen Gross wrote:
> > > On 07.02.23 03:10, Demi Marie Obenour wrote:
> > > > When a grant entry is still in u
urgent and hardest to review.
- Ensure that no links are broken, and fail with an error instead of
trying to use links that *are* broken.
Demi Marie Obenour (4):
Use HTTPS for all xenbits.xen.org Git repos
Build system: Replace git:// and http:// with https://
Automation and CI: Replace git
shell script:
git ls-files -z |
xargs -0 -- sed -Ei --
's@(git://xenbits\.xen\.org|http://xenbits\.xen\.org/git-http)/@https://xenbits.xen.org/git-http/@g'
All altered links have been tested and are known to work.
Signed-off-by: Demi Marie Obenour
---
original URLs. Therefore, configure will now error out
instead of trying to download them.
Signed-off-by: Demi Marie Obenour
---
Config.mk | 2 +-
stubdom/configure | 24 +++-
stubdom/configure.ac | 24
Obtaining code over an insecure transport is a terrible idea for
blatently obvious reasons. Even for non-executable data, insecure
transports are considered deprecated.
This patch enforces the use of secure transports in automation and CI.
All URLs are known to work.
Signed-off-by: Demi Marie
It is not used and the website is gone.
Signed-off-by: Demi Marie Obenour
---
xen/include/xen/pci_regs.h | 37 -
1 file changed, 37 deletions(-)
diff --git a/xen/include/xen/pci_regs.h b/xen/include/xen/pci_regs.h
index
urgent and hardest to review.
- Ensure that no links are broken, and fail with an error instead of
trying to use links that *are* broken.
Demi Marie Obenour (3):
Use HTTPS for all xenbits.xen.org Git repos
Build system: Replace git:// and http:// with https://
Automation and CI: Replace git
them with the
URLs that were redirected to.
Signed-off-by: Demi Marie Obenour
---
Config.mk | 2 +-
stubdom/configure | 18 +-
stubdom/configure.ac | 18 +-
tools/firmware/etherboot/Makefile | 6 +-
4 files
shell script:
git ls-files -z |
xargs -0 -- sed -Ei --
's@(git://xenbits\.xen\.org|http://xenbits\.xen\.org/git-http)/@https://xenbits.xen.org/git-http/@g'
All altered links have been tested and are known to work.
Signed-off-by: Demi Marie Obenour
---
Obtaining code over an insecure transport is a terrible idea for
blatently obvious reasons. Even for non-executable data, insecure
transports are considered deprecated.
This patch enforces the use of secure transports in automation and CI.
All URLs are known to work.
Signed-off-by: Demi Marie
ieve OpenXT and EVE ship it as well. Mark EFI_SET_VIRTUAL_ADDRESS_MAP
as SUPPORTED and enable it by default.
Signed-off-by: Demi Marie Obenour
---
What is necessary for this patch to be accepted?
xen/common/Kconfig | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/xen/com
On Tue, Feb 21, 2023 at 11:07:58AM +0100, Jan Beulich wrote:
> On 19.02.2023 03:46, Demi Marie Obenour wrote:
> > --- a/stubdom/configure
> > +++ b/stubdom/configure
> > @@ -3535,7 +3535,7 @@ if test "x$ZLIB_URL" = "x"; then :
> > if t
+---
tools/misc/mkrpm| 2 +-
12 files changed, 37 insertions(+), 63 deletions(-)
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
shell script:
git ls-files -z |
xargs -0 -- sed -Ei --
's@(git://xenbits\.xen\.org|http://xenbits\.xen\.org/git-http)/@https://xenbits.xen.org/git-http/@g'
All altered links have been tested and are known to work.
Signed-off-by: Demi Marie Obenour
---
Also fix an old xenbits.xenproject.org link.
Signed-off-by: Demi Marie Obenour
---
Config.mk| 2 +-
tools/misc/mkrpm | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Config.mk b/Config.mk
index
75f1975e5e78af44d36c2372cba6e89b425267a5
The upstream URLs for zlib, PolarSSL, and the TPM emulator do not work
anymore, so do not attempt to use them.
Signed-off-by: Demi Marie Obenour
---
m4/stubdom.m4| 5 +++--
stubdom/configure| 21 +++--
stubdom/configure.ac | 6 +++---
3 files changed, 9 insertions
them with the
URLs that were redirected to.
Signed-off-by: Demi Marie Obenour
---
stubdom/configure | 12 ++--
stubdom/configure.ac | 12 ++--
tools/firmware/etherboot/Makefile | 6 +-
3 files changed, 13 insertions(+), 17 deletions(-)
diff --git a
v3.15/releases/armhf/alpine-minirootfs-3.15.1-armhf.tar.gz
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
On Mon, Feb 27, 2023 at 09:35:51AM +0100, Jan Beulich wrote:
> On 25.02.2023 21:37, Demi Marie Obenour wrote:
> > --- a/Config.mk
> > +++ b/Config.mk
> > @@ -191,7 +191,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES),
> > -I$(i))
> > EMBEDDED_EXTRA_CFLAGS
On Mon, Feb 27, 2023 at 09:25:32AM +0100, Jan Beulich wrote:
> On 24.02.2023 23:55, Demi Marie Obenour wrote:
> > On Tue, Feb 21, 2023 at 11:07:58AM +0100, Jan Beulich wrote:
> >> On 19.02.2023 03:46, Demi Marie Obenour wrote:
> >>> --- a/stubdom/configure
On Mon, Feb 27, 2023 at 09:42:24AM +0100, Jan Beulich wrote:
> On 25.02.2023 21:37, Demi Marie Obenour wrote:
> > --- a/stubdom/configure
> > +++ b/stubdom/configure
> > @@ -3545,7 +3545,7 @@ if test "x$LIBPCI_URL" = "x"; then :
> > if tes
1 - 100 of 441 matches
Mail list logo
