pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/sysutils Upgrade Xen 4.11 packages to 4.11.2. CHANGES ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/ed2e7d4bc1ce
branches: trunk
changeset: 338765:ed2e7d4bc1ce
user: bouyer <bouyer%pkgsrc.org@localhost>
date: Fri Aug 30 13:16:27 2019 +0000
description:
Upgrade Xen 4.11 packages to 4.11.2. CHANGES since 4.11.1:
- include security patches up to and including XSA297
- various performances improvements, code cleanup and bug fixes
diffstat:
sysutils/xenkernel411/Makefile | 6 +-
sysutils/xenkernel411/distinfo | 21 +-
sysutils/xenkernel411/patches/patch-XSA284 | 33 --
sysutils/xenkernel411/patches/patch-XSA285 | 45 ---
sysutils/xenkernel411/patches/patch-XSA287 | 330 ---------------------------
sysutils/xenkernel411/patches/patch-XSA288 | 310 -------------------------
sysutils/xenkernel411/patches/patch-XSA290-1 | 239 -------------------
sysutils/xenkernel411/patches/patch-XSA290-2 | 73 -----
sysutils/xenkernel411/patches/patch-XSA291 | 55 ----
sysutils/xenkernel411/patches/patch-XSA292 | 97 -------
sysutils/xenkernel411/patches/patch-XSA293-1 | 319 --------------------------
sysutils/xenkernel411/patches/patch-XSA293-2 | 262 ---------------------
sysutils/xenkernel411/patches/patch-XSA294 | 73 -----
sysutils/xentools411/Makefile | 7 +-
sysutils/xentools411/distinfo | 10 +-
15 files changed, 16 insertions(+), 1864 deletions(-)
diffs (truncated from 1967 to 300 lines):
diff -r eb5abecd924f -r ed2e7d4bc1ce sysutils/xenkernel411/Makefile
--- a/sysutils/xenkernel411/Makefile Fri Aug 30 13:00:56 2019 +0000
+++ b/sysutils/xenkernel411/Makefile Fri Aug 30 13:16:27 2019 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.7 2019/07/15 16:24:18 nia Exp $
+# $NetBSD: Makefile,v 1.8 2019/08/30 13:16:27 bouyer Exp $
-VERSION= 4.11.1
-PKGREVISION= 3
+VERSION= 4.11.2
+#PKGREVISION= 0
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel411-${VERSION}
CATEGORIES= sysutils
diff -r eb5abecd924f -r ed2e7d4bc1ce sysutils/xenkernel411/distinfo
--- a/sysutils/xenkernel411/distinfo Fri Aug 30 13:00:56 2019 +0000
+++ b/sysutils/xenkernel411/distinfo Fri Aug 30 13:16:27 2019 +0000
@@ -1,21 +1,10 @@
-$NetBSD: distinfo,v 1.4 2019/03/25 15:28:13 bouyer Exp $
+$NetBSD: distinfo,v 1.5 2019/08/30 13:16:27 bouyer Exp $
-SHA1 (xen411/xen-4.11.1.tar.gz) = aeb45f3b05aaa73dd2ef3a0c533a975495b58c17
-RMD160 (xen411/xen-4.11.1.tar.gz) = c0eaf57cfbd4f762e8367bcf88e99912d2089084
-SHA512 (xen411/xen-4.11.1.tar.gz) = c1655c5decdaed95a2b9a99652318cfc72f6cfdae957cfe60d635f7787e8850f33e8fafc4c4b8d61fb579c9b9d93028a6382903e71808a0418b931e76d72a649
-Size (xen411/xen-4.11.1.tar.gz) = 25152217 bytes
+SHA1 (xen411/xen-4.11.2.tar.gz) = 82766db0eca7ce65962732af8a31bb5cce1eb7ce
+RMD160 (xen411/xen-4.11.2.tar.gz) = 6dcb1ac3e72381474912607b30b59fa55d87d38b
+SHA512 (xen411/xen-4.11.2.tar.gz) = 48d3d926d35eb56c79c06d0abc6e6be2564fadb43367cc7f46881c669a75016707672179c2cca1c4cfb14af2cefd46e2e7f99470cddf7df2886d8435a2de814e
+Size (xen411/xen-4.11.2.tar.gz) = 25164925 bytes
SHA1 (patch-Config.mk) = 9372a09efd05c9fbdbc06f8121e411fcb7c7ba65
-SHA1 (patch-XSA284) = dfab3d5f51cef2ac2e201988e2c8ffbe6066ad89
-SHA1 (patch-XSA285) = 99b2864579d7a09b2d3c911f2d4f4bae23f9e42e
-SHA1 (patch-XSA287) = 834156c50c47d683e64793a5e6874a21b2999b94
-SHA1 (patch-XSA288) = 8551dc11ecb1a3912b5708b0db65533038f60390
-SHA1 (patch-XSA290-1) = 21bcc513e9ff1aa10fa62fcf1aca1e5f3558622c
-SHA1 (patch-XSA290-2) = be394879eeb98917690d284c10e04ee432e83df3
-SHA1 (patch-XSA291) = 00b2949e1d2567e5d9bf823bdd69c31be2300800
-SHA1 (patch-XSA292) = a887098d4b38567d0c8ab3170c15a08b47cbe835
-SHA1 (patch-XSA293-1) = 7e46dab8b44cc1b129e5717502e26094f96e67b9
-SHA1 (patch-XSA293-2) = 02eeb9533fa22ee99699319cc0194045fa26fef5
-SHA1 (patch-XSA294) = 8f7dd8ba100c3b93cb6f48c72b403a3cf43c09e7
SHA1 (patch-xen_Makefile) = 465388d80de414ca3bb84faefa0f52d817e423a6
SHA1 (patch-xen_Rules.mk) = c743dc63f51fc280d529a7d9e08650292c171dac
SHA1 (patch-xen_arch_x86_Rules.mk) = 0bedfc53a128a87b6a249ae04fbdf6a053bfb70b
diff -r eb5abecd924f -r ed2e7d4bc1ce sysutils/xenkernel411/patches/patch-XSA284
--- a/sysutils/xenkernel411/patches/patch-XSA284 Fri Aug 30 13:00:56 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,33 +0,0 @@
-$NetBSD: patch-XSA284,v 1.1 2019/03/07 11:13:26 bouyer Exp $
-
-From: Jan Beulich <jbeulich%suse.com@localhost>
-Subject: gnttab: set page refcount for copy-on-grant-transfer
-
-Commit 5cc77f9098 ("32-on-64: Fix domain address-size clamping,
-implement"), which introduced this functionality, took care of clearing
-the old page's PGC_allocated, but failed to set the bit (and install the
-associated reference) on the newly allocated one. Furthermore the "mfn"
-local variable was never updated, and hence the wrong MFN was passed to
-guest_physmap_add_page() (and back to the destination domain) in this
-case, leading to an IOMMU mapping into an unowned page.
-
-Ideally the code would use assign_pages(), but the call to
-gnttab_prepare_for_transfer() sits in the middle of the actions
-mirroring that function.
-
-This is XSA-284.
-
-Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
-Acked-by: George Dunlap <george.dunlap%citrix.com@localhost>
-
---- xen/common/grant_table.c.orig
-+++ xen/common/grant_table.c
-@@ -2183,6 +2183,8 @@ gnttab_transfer(
- page->count_info &= ~(PGC_count_mask|PGC_allocated);
- free_domheap_page(page);
- page = new_page;
-+ page->count_info = PGC_allocated | 1;
-+ mfn = page_to_mfn(page);
- }
-
- spin_lock(&e->page_alloc_lock);
diff -r eb5abecd924f -r ed2e7d4bc1ce sysutils/xenkernel411/patches/patch-XSA285
--- a/sysutils/xenkernel411/patches/patch-XSA285 Fri Aug 30 13:00:56 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,45 +0,0 @@
-$NetBSD: patch-XSA285,v 1.1 2019/03/07 11:13:26 bouyer Exp $
-
-From: Jan Beulich <jbeulich%suse.com@localhost>
-Subject: IOMMU/x86: fix type ref-counting race upon IOMMU page table construction
-
-When arch_iommu_populate_page_table() gets invoked for an already
-running guest, simply looking at page types once isn't enough, as they
-may change at any time. Add logic to re-check the type after having
-mapped the page, unmapping it again if needed.
-
-This is XSA-285.
-
-Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
-Tentatively-Acked-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-
---- xen/drivers/passthrough/x86/iommu.c.orig
-+++ xen/drivers/passthrough/x86/iommu.c
-@@ -68,6 +68,27 @@ int arch_iommu_populate_page_table(struct domain *d)
- rc = hd->platform_ops->map_page(d, gfn, mfn,
- IOMMUF_readable |
- IOMMUF_writable);
-+
-+ /*
-+ * We may be working behind the back of a running guest, which
-+ * may change the type of a page at any time. We can't prevent
-+ * this (for instance, by bumping the type count while mapping
-+ * the page) without causing legitimate guest type-change
-+ * operations to fail. So after adding the page to the IOMMU,
-+ * check again to make sure this is still valid. NB that the
-+ * writable entry in the iommu is harmless until later, when
-+ * the actual device gets assigned.
-+ */
-+ if ( !rc && !is_hvm_domain(d) &&
-+ ((page->u.inuse.type_info & PGT_type_mask) !=
-+ PGT_writable_page) )
-+ {
-+ rc = hd->platform_ops->unmap_page(d, gfn);
-+ /* If the type changed yet again, simply force a retry. */
-+ if ( !rc && ((page->u.inuse.type_info & PGT_type_mask) ==
-+ PGT_writable_page) )
-+ rc = -ERESTART;
-+ }
- }
- if ( rc )
- {
diff -r eb5abecd924f -r ed2e7d4bc1ce sysutils/xenkernel411/patches/patch-XSA287
--- a/sysutils/xenkernel411/patches/patch-XSA287 Fri Aug 30 13:00:56 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,330 +0,0 @@
-$NetBSD: patch-XSA287,v 1.1 2019/03/07 11:13:26 bouyer Exp $
-
-From 67620c1ccb13f7b58645f48248ba1f408b021fdc Mon Sep 17 00:00:00 2001
-From: George Dunlap <george.dunlap%citrix.com@localhost>
-Date: Fri, 18 Jan 2019 15:00:34 +0000
-Subject: [PATCH] steal_page: Get rid of bogus struct page states
-
-The original rules for `struct page` required the following invariants
-at all times:
-
-- refcount > 0 implies owner != NULL
-- PGC_allocated implies refcount > 0
-
-steal_page, in a misguided attempt to protect against unknown races,
-violates both of these rules, thus introducing other races:
-
-- Temporarily, the count_info has the refcount go to 0 while
- PGC_allocated is set
-
-- It explicitly returns the page PGC_allocated set, but owner == NULL
- and page not on the page_list.
-
-The second one meant that page_get_owner_and_reference() could return
-NULL even after having successfully grabbed a reference on the page,
-leading the caller to leak the reference (since "couldn't get ref" and
-"got ref but no owner" look the same).
-
-Furthermore, rather than grabbing a page reference to ensure that the
-owner doesn't change under its feet, it appears to rely on holding
-d->page_alloc lock to prevent this.
-
-Unfortunately, this is ineffective: page->owner remains non-NULL for
-some time after the count has been set to 0; meaning that it would be
-entirely possible for the page to be freed and re-allocated to a
-different domain between the page_get_owner() check and the count_info
-check.
-
-Modify steal_page to instead follow the appropriate access discipline,
-taking the page through series of states similar to being freed and
-then re-allocated with MEMF_no_owner:
-
-- Grab an extra reference to make sure we don't race with anyone else
- freeing the page
-
-- Drop both references and PGC_allocated atomically, so that (if
-successful), anyone else trying to grab a reference will fail
-
-- Attempt to reset Xen's mappings
-
-- Reset the rest of the state.
-
-Then, modify the two callers appropriately:
-
-- Leave count_info alone (it's already been cleared)
-- Call free_domheap_page() directly if appropriate
-- Call assign_pages() rather than open-coding a partial assign
-
-With all callers to assign_pages() now passing in pages with the
-type_info field clear, tighten the respective assertion there.
-
-This is XSA-287.
-
-Signed-off-by: George Dunlap <george.dunlap%citrix.com@localhost>
-Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
----
- xen/arch/x86/mm.c | 84 ++++++++++++++++++++++++++++------------
- xen/common/grant_table.c | 20 +++++-----
- xen/common/memory.c | 19 +++++----
- xen/common/page_alloc.c | 2 +-
- 4 files changed, 83 insertions(+), 42 deletions(-)
-
-diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
-index 6509035a5c..d8ff58c901 100644
---- xen/arch/x86/mm.c.orig
-+++ xen/arch/x86/mm.c
-@@ -3966,70 +3966,106 @@ int donate_page(
- return -EINVAL;
- }
-
-+/*
-+ * Steal page will attempt to remove `page` from domain `d`. Upon
-+ * return, `page` will be in a state similar to the state of a page
-+ * returned from alloc_domheap_page() with MEMF_no_owner set:
-+ * - refcount 0
-+ * - type count cleared
-+ * - owner NULL
-+ * - page caching attributes cleaned up
-+ * - removed from the domain's page_list
-+ *
-+ * If MEMF_no_refcount is not set, the domain's tot_pages will be
-+ * adjusted. If this results in the page count falling to 0,
-+ * put_domain() will be called.
-+ *
-+ * The caller should either call free_domheap_page() to free the
-+ * page, or assign_pages() to put it back on some domain's page list.
-+ */
- int steal_page(
- struct domain *d, struct page_info *page, unsigned int memflags)
- {
- unsigned long x, y;
- bool drop_dom_ref = false;
-- const struct domain *owner = dom_xen;
-+ const struct domain *owner;
-+ int rc;
-
- if ( paging_mode_external(d) )
- return -EOPNOTSUPP;
-
-- spin_lock(&d->page_alloc_lock);
--
-- if ( is_xen_heap_page(page) || ((owner = page_get_owner(page)) != d) )
-+ /* Grab a reference to make sure the page doesn't change under our feet */
-+ rc = -EINVAL;
-+ if ( !(owner = page_get_owner_and_reference(page)) )
- goto fail;
-
-+ if ( owner != d || is_xen_heap_page(page) )
-+ goto fail_put;
-+
- /*
-- * We require there is just one reference (PGC_allocated). We temporarily
-- * drop this reference now so that we can safely swizzle the owner.
-+ * We require there are exactly two references -- the one we just
-+ * took, and PGC_allocated. We temporarily drop both these
-+ * references so that the page becomes effectively non-"live" for
-+ * the domain.
- */
- y = page->count_info;
- do {
- x = y;
-- if ( (x & (PGC_count_mask|PGC_allocated)) != (1 | PGC_allocated) )
-- goto fail;
-- y = cmpxchg(&page->count_info, x, x & ~PGC_count_mask);
-+ if ( (x & (PGC_count_mask|PGC_allocated)) != (2 | PGC_allocated) )
-+ goto fail_put;
-+ y = cmpxchg(&page->count_info, x, x & ~(PGC_count_mask|PGC_allocated));
- } while ( y != x );
-
- /*
-- * With the sole reference dropped temporarily, no-one can update type
-- * information. Type count also needs to be zero in this case, but e.g.
-- * PGT_seg_desc_page may still have PGT_validated set, which we need to
-- * clear before transferring ownership (as validation criteria vary
-- * depending on domain type).
-+ * NB this is safe even if the page ends up being given back to
-+ * the domain, because the count is zero: subsequent mappings will
-+ * cause the cache attributes to be re-instated inside
-+ * get_page_from_l1e().
-+ */
-+ if ( (rc = cleanup_page_cacheattr(page)) )
-+ {
-+ /*
-+ * Couldn't fixup Xen's mappings; put things the way we found
-+ * it and return an error
-+ */
-+ page->count_info |= PGC_allocated | 1;
-+ goto fail;
-+ }
-+
-+ /*
-+ * With the reference count now zero, nobody can grab references
-+ * to do anything else with the page. Return the page to a state
-+ * that it might be upon return from alloc_domheap_pages with
-+ * MEMF_no_owner set.
- */
-+ spin_lock(&d->page_alloc_lock);
Home |
Main Index |
Thread Index |
Old Index