pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/sysutils/xenkernel48 Add patches from upstream, from x...
details: https://anonhg.NetBSD.org/pkgsrc/rev/736051bc541b
branches: trunk
changeset: 374229:736051bc541b
user: bouyer <bouyer%pkgsrc.org@localhost>
date: Thu Jan 18 10:28:13 2018 +0000
description:
Add patches from upstream, from xsa254/README.pti :
> This README gives references for one of three mitigation strategies
> for Meltdown.
> This series is a first-class migitation pagetable isolation series for
> Xen. It is available for Xen 4.6 to Xen 4.10 and later.
bump PKGREVISION
diffstat:
sysutils/xenkernel48/Makefile | 4 +-
sysutils/xenkernel48/distinfo | 6 +-
sysutils/xenkernel48/patches/patch-XSA254-1 | 389 ++++++++++++++
sysutils/xenkernel48/patches/patch-XSA254-2 | 44 +
sysutils/xenkernel48/patches/patch-XSA254-3 | 758 ++++++++++++++++++++++++++++
sysutils/xenkernel48/patches/patch-XSA254-4 | 165 ++++++
6 files changed, 1363 insertions(+), 3 deletions(-)
diffs (truncated from 1407 to 300 lines):
diff -r 2ead426e36ad -r 736051bc541b sysutils/xenkernel48/Makefile
--- a/sysutils/xenkernel48/Makefile Thu Jan 18 10:13:27 2018 +0000
+++ b/sysutils/xenkernel48/Makefile Thu Jan 18 10:28:13 2018 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.10 2018/01/15 09:47:54 jperkin Exp $
+# $NetBSD: Makefile,v 1.11 2018/01/18 10:28:13 bouyer Exp $
VERSION= 4.8.2
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel48-${VERSION}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= sysutils
MASTER_SITES= https://downloads.xenproject.org/release/xen/${VERSION}/
DIST_SUBDIR= xen48
diff -r 2ead426e36ad -r 736051bc541b sysutils/xenkernel48/distinfo
--- a/sysutils/xenkernel48/distinfo Thu Jan 18 10:13:27 2018 +0000
+++ b/sysutils/xenkernel48/distinfo Thu Jan 18 10:28:13 2018 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2017/12/15 14:02:15 bouyer Exp $
+$NetBSD: distinfo,v 1.5 2018/01/18 10:28:13 bouyer Exp $
SHA1 (xen48/xen-4.8.2.tar.gz) = 184c57ce9e71e34b3cbdd318524021f44946efbe
RMD160 (xen48/xen-4.8.2.tar.gz) = f4126cb0f7ff427ed7d20ce399dcd1077c599343
@@ -22,6 +22,10 @@
SHA1 (patch-XSA249) = 7037a35f37eb866f16fe90482e66d0eca95944c4
SHA1 (patch-XSA250) = 25ab2e8c67ebe2b40cf073197c17f1625f5581f6
SHA1 (patch-XSA251) = dc0786c85bcfbdd3f7a1c97a3af32c10deea8276
+SHA1 (patch-XSA254-1) = a2e1573bebd2f5e873da85d1f29a6cb5cfa2fb31
+SHA1 (patch-XSA254-2) = fddc172293fcd8cfbaaf61155bb16738fb6fdcf5
+SHA1 (patch-XSA254-3) = eaded260831b8146c7943ed5c9138d8bde256213
+SHA1 (patch-XSA254-4) = 9766e14d3e48d41d8bce969f07c9f3a7b22d9120
SHA1 (patch-xen_Makefile) = be3f4577a205b23187b91319f91c50720919f70b
SHA1 (patch-xen_Rules.mk) = 5f33a667bae67c85d997a968c0f8b014b707d13c
SHA1 (patch-xen_arch_x86_Rules.mk) = e2d148fb308c37c047ca41a678471217b6166977
diff -r 2ead426e36ad -r 736051bc541b sysutils/xenkernel48/patches/patch-XSA254-1
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel48/patches/patch-XSA254-1 Thu Jan 18 10:28:13 2018 +0000
@@ -0,0 +1,389 @@
+$NetBSD: patch-XSA254-1,v 1.1 2018/01/18 10:28:13 bouyer Exp $
+
+From: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
+Date: Wed, 17 Jan 2018 16:14:16 +0000 (+0100)
+Subject: x86/entry: Remove support for partial cpu_user_regs frames
+X-Git-Url: http://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff_plain;h=a7cf0a3b818377a8a49baed3606bfa2f214cd645;hp=40c02dd27a3e350197ef438b1ea6ad21f275c1c5
+
+x86/entry: Remove support for partial cpu_user_regs frames
+
+Save all GPRs on entry to Xen.
+
+The entry_int82() path is via a DPL1 gate, only usable by 32bit PV guests, so
+can get away with only saving the 32bit registers. All other entrypoints can
+be reached from 32 or 64bit contexts.
+
+This is part of XSA-254.
+
+Signed-off-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
+Reviewed-by: Wei Liu <wei.liu2%citrix.com@localhost>
+Acked-by: Jan Beulich <jbeulich%suse.com@localhost>
+master commit: f9eb74789af77e985ae653193f3622263499f674
+master date: 2018-01-05 19:57:07 +0000
+---
+
+diff --git a/tools/tests/x86_emulator/x86_emulate.c b/tools/tests/x86_emulator/x86_emulate.c
+index 19d8385..127a926 100644
+--- tools/tests/x86_emulator/x86_emulate.c.orig
++++ tools/tests/x86_emulator/x86_emulate.c
+@@ -33,7 +33,6 @@ typedef bool bool_t;
+ #define MASK_INSR(v, m) (((v) * ((m) & -(m))) & (m))
+
+ #define cpu_has_amd_erratum(nr) 0
+-#define mark_regs_dirty(r) ((void)(r))
+
+ /* For generic assembly code: use macros to define operation/operand sizes. */
+ #ifdef __i386__
+diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
+index c8a303d..747cf65 100644
+--- xen/arch/x86/domain.c.orig
++++ xen/arch/x86/domain.c
+@@ -148,7 +148,6 @@ static void noreturn continue_idle_domain(struct vcpu *v)
+ static void noreturn continue_nonidle_domain(struct vcpu *v)
+ {
+ check_wakeup_from_wait();
+- mark_regs_dirty(guest_cpu_user_regs());
+ reset_stack_and_jump(ret_from_intr);
+ }
+
+diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
+index 249932a..f4bf8b5 100644
+--- xen/arch/x86/traps.c.orig
++++ xen/arch/x86/traps.c
+@@ -3049,7 +3049,6 @@ static int emulate_privileged_op(struct cpu_user_regs *regs)
+ goto fail;
+ if ( admin_io_okay(port, op_bytes, currd) )
+ {
+- mark_regs_dirty(regs);
+ io_emul(regs);
+ }
+ else
+@@ -3079,7 +3078,6 @@ static int emulate_privileged_op(struct cpu_user_regs *regs)
+ goto fail;
+ if ( admin_io_okay(port, op_bytes, currd) )
+ {
+- mark_regs_dirty(regs);
+ io_emul(regs);
+ if ( (op_bytes == 1) && pv_post_outb_hook )
+ pv_post_outb_hook(port, regs->eax);
+diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S
+index 474ffbc..df693c2 100644
+--- xen/arch/x86/x86_64/compat/entry.S.orig
++++ xen/arch/x86/x86_64/compat/entry.S
+@@ -15,7 +15,8 @@
+ ENTRY(compat_hypercall)
+ ASM_CLAC
+ pushq $0
+- SAVE_VOLATILE type=TRAP_syscall compat=1
++ movl $TRAP_syscall, 4(%rsp)
++ SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */
+ CR4_PV32_RESTORE
+
+ cmpb $0,untrusted_msi(%rip)
+@@ -66,7 +67,6 @@ compat_test_guest_events:
+ /* %rbx: struct vcpu */
+ compat_process_softirqs:
+ sti
+- andl $~TRAP_regs_partial,UREGS_entry_vector(%rsp)
+ call do_softirq
+ jmp compat_test_all_events
+
+@@ -203,7 +203,8 @@ ENTRY(cstar_enter)
+ pushq $FLAT_USER_CS32
+ pushq %rcx
+ pushq $0
+- SAVE_VOLATILE TRAP_syscall
++ movl $TRAP_syscall, 4(%rsp)
++ SAVE_ALL
+ GET_CURRENT(bx)
+ movq VCPU_domain(%rbx),%rcx
+ cmpb $0,DOMAIN_is_32bit_pv(%rcx)
+diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S
+index 85f1a4b..ac9ab4c 100644
+--- xen/arch/x86/x86_64/entry.S.orig
++++ xen/arch/x86/x86_64/entry.S
+@@ -97,7 +97,8 @@ ENTRY(lstar_enter)
+ pushq $FLAT_KERNEL_CS64
+ pushq %rcx
+ pushq $0
+- SAVE_VOLATILE TRAP_syscall
++ movl $TRAP_syscall, 4(%rsp)
++ SAVE_ALL
+ GET_CURRENT(bx)
+ testb $TF_kernel_mode,VCPU_thread_flags(%rbx)
+ jz switch_to_kernel
+@@ -139,7 +140,6 @@ test_guest_events:
+ /* %rbx: struct vcpu */
+ process_softirqs:
+ sti
+- SAVE_PRESERVED
+ call do_softirq
+ jmp test_all_events
+
+@@ -189,7 +189,8 @@ GLOBAL(sysenter_eflags_saved)
+ pushq $3 /* ring 3 null cs */
+ pushq $0 /* null rip */
+ pushq $0
+- SAVE_VOLATILE TRAP_syscall
++ movl $TRAP_syscall, 4(%rsp)
++ SAVE_ALL
+ GET_CURRENT(bx)
+ cmpb $0,VCPU_sysenter_disables_events(%rbx)
+ movq VCPU_sysenter_addr(%rbx),%rax
+@@ -206,7 +207,6 @@ UNLIKELY_END(sysenter_nt_set)
+ leal (,%rcx,TBF_INTERRUPT),%ecx
+ UNLIKELY_START(z, sysenter_gpf)
+ movq VCPU_trap_ctxt(%rbx),%rsi
+- SAVE_PRESERVED
+ movl $TRAP_gp_fault,UREGS_entry_vector(%rsp)
+ movl %eax,TRAPBOUNCE_error_code(%rdx)
+ movq TRAP_gp_fault * TRAPINFO_sizeof + TRAPINFO_eip(%rsi),%rax
+@@ -224,7 +224,8 @@ UNLIKELY_END(sysenter_gpf)
+ ENTRY(int80_direct_trap)
+ ASM_CLAC
+ pushq $0
+- SAVE_VOLATILE 0x80
++ movl $0x80, 4(%rsp)
++ SAVE_ALL
+
+ cmpb $0,untrusted_msi(%rip)
+ UNLIKELY_START(ne, msi_check)
+@@ -252,7 +253,6 @@ int80_slow_path:
+ * IDT entry with DPL==0.
+ */
+ movl $((0x80 << 3) | X86_XEC_IDT),UREGS_error_code(%rsp)
+- SAVE_PRESERVED
+ movl $TRAP_gp_fault,UREGS_entry_vector(%rsp)
+ /* A GPF wouldn't have incremented the instruction pointer. */
+ subq $2,UREGS_rip(%rsp)
+diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c
+index a9b0282..df4ac81 100644
+diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c
+--- xen/arch/x86/x86_64/traps.c.orig 2017-09-06 12:26:35.000000000 +0200
++++ xen/arch/x86/x86_64/traps.c 2018-01-17 20:50:17.000000000 +0100
+@@ -66,15 +66,10 @@
+ regs->rbp, regs->rsp, regs->r8);
+ printk("r9: %016lx r10: %016lx r11: %016lx\n",
+ regs->r9, regs->r10, regs->r11);
+- if ( !(regs->entry_vector & TRAP_regs_partial) )
+- {
+- printk("r12: %016lx r13: %016lx r14: %016lx\n",
+- regs->r12, regs->r13, regs->r14);
+- printk("r15: %016lx cr0: %016lx cr4: %016lx\n",
+- regs->r15, crs[0], crs[4]);
+- }
+- else
+- printk("cr0: %016lx cr4: %016lx\n", crs[0], crs[4]);
++ printk("r12: %016lx r13: %016lx r14: %016lx\n",
++ regs->r12, regs->r13, regs->r14);
++ printk("r15: %016lx cr0: %016lx cr4: %016lx\n",
++ regs->r15, crs[0], crs[4]);
+ printk("cr3: %016lx cr2: %016lx\n", crs[3], crs[2]);
+ printk("ds: %04x es: %04x fs: %04x gs: %04x "
+ "ss: %04x cs: %04x\n",
+index f52f543..c1e2d54 100644
+--- xen/arch/x86/x86_emulate.c.orig
++++ xen/arch/x86/x86_emulate.c
+@@ -11,7 +11,6 @@
+
+ #include <xen/domain_page.h>
+ #include <asm/x86_emulate.h>
+-#include <asm/asm_defns.h> /* mark_regs_dirty() */
+ #include <asm/processor.h> /* current_cpu_info */
+ #include <asm/xstate.h>
+ #include <asm/amd.h> /* cpu_has_amd_erratum() */
+diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
+index c4d282a..9851416 100644
+--- xen/arch/x86/x86_emulate/x86_emulate.c.orig
++++ xen/arch/x86/x86_emulate/x86_emulate.c
+@@ -1559,10 +1559,10 @@ decode_register(
+ case 9: p = ®s->r9; break;
+ case 10: p = ®s->r10; break;
+ case 11: p = ®s->r11; break;
+- case 12: mark_regs_dirty(regs); p = ®s->r12; break;
+- case 13: mark_regs_dirty(regs); p = ®s->r13; break;
+- case 14: mark_regs_dirty(regs); p = ®s->r14; break;
+- case 15: mark_regs_dirty(regs); p = ®s->r15; break;
++ case 12: p = ®s->r12; break;
++ case 13: p = ®s->r13; break;
++ case 14: p = ®s->r14; break;
++ case 15: p = ®s->r15; break;
+ #endif
+ default: BUG(); p = NULL; break;
+ }
+diff --git a/xen/common/wait.c b/xen/common/wait.c
+index 4ac98c0..398f653 100644
+--- xen/common/wait.c.orig
++++ xen/common/wait.c
+@@ -128,7 +128,6 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv)
+ unsigned long dummy;
+ u32 entry_vector = cpu_info->guest_cpu_user_regs.entry_vector;
+
+- cpu_info->guest_cpu_user_regs.entry_vector &= ~TRAP_regs_partial;
+ ASSERT(wqv->esp == 0);
+
+ /* Save current VCPU affinity; force wakeup on *this* CPU only. */
+diff --git a/xen/include/asm-x86/asm_defns.h b/xen/include/asm-x86/asm_defns.h
+index f1c6fa1..99cb337 100644
+--- xen/include/asm-x86/asm_defns.h.orig
++++ xen/include/asm-x86/asm_defns.h
+@@ -17,15 +17,6 @@
+ void ret_from_intr(void);
+ #endif
+
+-#ifdef CONFIG_FRAME_POINTER
+-/* Indicate special exception stack frame by inverting the frame pointer. */
+-#define SETUP_EXCEPTION_FRAME_POINTER(offs) \
+- leaq offs(%rsp),%rbp; \
+- notq %rbp
+-#else
+-#define SETUP_EXCEPTION_FRAME_POINTER(offs)
+-#endif
+-
+ #ifndef NDEBUG
+ #define ASSERT_INTERRUPT_STATUS(x, msg) \
+ pushf; \
+@@ -42,31 +33,6 @@ void ret_from_intr(void);
+ #define ASSERT_INTERRUPTS_DISABLED \
+ ASSERT_INTERRUPT_STATUS(z, "INTERRUPTS DISABLED")
+
+-/*
+- * This flag is set in an exception frame when registers R12-R15 did not get
+- * saved.
+- */
+-#define _TRAP_regs_partial 16
+-#define TRAP_regs_partial (1 << _TRAP_regs_partial)
+-/*
+- * This flag gets set in an exception frame when registers R12-R15 possibly
+- * get modified from their originally saved values and hence need to be
+- * restored even if the normal call flow would restore register values.
+- *
+- * The flag being set implies _TRAP_regs_partial to be unset. Restoring
Home |
Main Index |
Thread Index |
Old Index