diff options
| author | CoprDistGit <infra@openeuler.org> | 2023-10-12 04:00:49 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2023-10-12 04:00:49 +0000 |
| commit | c22f60e6e55f1bf300dd76d2222a93911f3b2bb2 (patch) | |
| tree | ef665e7018377f53612ac2751dcaea35a1c587b6 | |
| parent | 39a4763249cd6289e5019acfe0c98dbb169f5f2e (diff) | |
automatic import of xenopeneuler22.03_LTS
138 files changed, 40652 insertions, 0 deletions
@@ -0,0 +1,5 @@ +/ipxe.tar.bz2 +/mini-os.tar.bz2 +/stubdom.tar.bz2 +/xen-4.13.1-testing-src.tar.bz2 +/xen-utils-0.1.tar.bz2 diff --git a/5eb51be6-cpupool-fix-removing-cpu-from-pool.patch b/5eb51be6-cpupool-fix-removing-cpu-from-pool.patch new file mode 100644 index 0000000..0ed7f48 --- /dev/null +++ b/5eb51be6-cpupool-fix-removing-cpu-from-pool.patch @@ -0,0 +1,29 @@ +# Commit 498d73647fa17d9eb7a67d2e9bdccac6b438e559 +# Date 2020-05-08 10:44:22 +0200 +# Author Juergen Gross <jgross@suse.com> +# Committer Jan Beulich <jbeulich@suse.com> +cpupool: fix removing cpu from a cpupool + +Commit cb563d7665f2 ("xen/sched: support core scheduling for moving +cpus to/from cpupools") introduced a regression when trying to remove +an offline cpu from a cpupool, as the system would crash in this +situation. + +Fix that by testing the cpu to be online. + +Fixes: cb563d7665f2 ("xen/sched: support core scheduling for moving cpus to/from cpupools") +Signed-off-by: Juergen Gross <jgross@suse.com> +Acked-by: Dario Faggioli <dfaggioli@suse.com> + +--- a/xen/common/cpupool.c ++++ b/xen/common/cpupool.c +@@ -519,6 +519,9 @@ static int cpupool_unassign_cpu(struct c + debugtrace_printk("cpupool_unassign_cpu(pool=%d,cpu=%d)\n", + c->cpupool_id, cpu); + ++ if ( !cpu_online(cpu) ) ++ return -EINVAL; ++ + master_cpu = sched_get_resource_cpu(cpu); + ret = cpupool_unassign_cpu_start(c, master_cpu); + if ( ret ) diff --git a/5eb51caa-sched-vcpu-pause-flags-atomic.patch b/5eb51caa-sched-vcpu-pause-flags-atomic.patch new file mode 100644 index 0000000..848b593 --- /dev/null +++ b/5eb51caa-sched-vcpu-pause-flags-atomic.patch @@ -0,0 +1,76 @@ +# Commit e0d92d9bd7997c6bcda17a19aba4f3957dd1a2e9 +# Date 2020-05-08 10:47:38 +0200 +# Author Juergen Gross <jgross@suse.com> +# Committer Jan Beulich <jbeulich@suse.com> +sched: always modify vcpu pause flags atomically + +credit2 is currently modifying the pause flags of vcpus non-atomically +via sched_set_pause_flags() and sched_clear_pause_flags(). This is +dangerous as there are cases where the paus flags are modified without +any lock held. + +So drop the non-atomic pause flag modification functions and rename the +atomic ones dropping the _atomic suffix. + +Fixes: a76255b4266516 ("xen/sched: make credit2 scheduler vcpu agnostic.") +Signed-off-by: Juergen Gross <jgross@suse.com> +Reviewed-by: Dario Faggioli <dfaggioli@suse.com> + +--- a/xen/common/sched_credit.c ++++ b/xen/common/sched_credit.c +@@ -452,7 +452,7 @@ static inline void __runq_tickle(struct + SCHED_UNIT_STAT_CRANK(cur, kicked_away); + SCHED_UNIT_STAT_CRANK(cur, migrate_r); + SCHED_STAT_CRANK(migrate_kicked_away); +- sched_set_pause_flags_atomic(cur->unit, _VPF_migrating); ++ sched_set_pause_flags(cur->unit, _VPF_migrating); + } + /* Tickle cpu anyway, to let new preempt cur. */ + SCHED_STAT_CRANK(tickled_busy_cpu); +@@ -983,7 +983,7 @@ csched_unit_acct(struct csched_private * + { + SCHED_UNIT_STAT_CRANK(svc, migrate_r); + SCHED_STAT_CRANK(migrate_running); +- sched_set_pause_flags_atomic(currunit, _VPF_migrating); ++ sched_set_pause_flags(currunit, _VPF_migrating); + /* + * As we are about to tickle cpu, we should clear its bit in + * idlers. But, if we are here, it means there is someone running +--- a/xen/include/xen/sched-if.h ++++ b/xen/include/xen/sched-if.h +@@ -175,7 +175,7 @@ static inline void sched_set_pause_flags + struct vcpu *v; + + for_each_sched_unit_vcpu ( unit, v ) +- __set_bit(bit, &v->pause_flags); ++ set_bit(bit, &v->pause_flags); + } + + /* Clear a bit in pause_flags of all vcpus of a unit. */ +@@ -184,26 +184,6 @@ static inline void sched_clear_pause_fla + { + struct vcpu *v; + +- for_each_sched_unit_vcpu ( unit, v ) +- __clear_bit(bit, &v->pause_flags); +-} +- +-/* Set a bit in pause_flags of all vcpus of a unit via atomic updates. */ +-static inline void sched_set_pause_flags_atomic(struct sched_unit *unit, +- unsigned int bit) +-{ +- struct vcpu *v; +- +- for_each_sched_unit_vcpu ( unit, v ) +- set_bit(bit, &v->pause_flags); +-} +- +-/* Clear a bit in pause_flags of all vcpus of a unit via atomic updates. */ +-static inline void sched_clear_pause_flags_atomic(struct sched_unit *unit, +- unsigned int bit) +-{ +- struct vcpu *v; +- + for_each_sched_unit_vcpu ( unit, v ) + clear_bit(bit, &v->pause_flags); + } diff --git a/5ec2a760-x86-determine-MXCSR-mask-always.patch b/5ec2a760-x86-determine-MXCSR-mask-always.patch new file mode 100644 index 0000000..9a5feb3 --- /dev/null +++ b/5ec2a760-x86-determine-MXCSR-mask-always.patch @@ -0,0 +1,69 @@ +# Commit 2b532519d64e653a6bbfd9eefed6040a09c8876d +# Date 2020-05-18 17:18:56 +0200 +# Author Jan Beulich <jbeulich@suse.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86: determine MXCSR mask in all cases + +For its use(s) by the emulator to be correct in all cases, the filling +of the variable needs to be independent of XSAVE availability. As +there's no suitable function in i387.c to put the logic in, keep it in +xstate_init(), arrange for the function to be called unconditionally, +and pull the logic ahead of all return paths there. + +Fixes: 9a4496a35b20 ("x86emul: support {,V}{LD,ST}MXCSR") +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/cpu/common.c ++++ b/xen/arch/x86/cpu/common.c +@@ -487,8 +487,7 @@ void identify_cpu(struct cpuinfo_x86 *c) + + /* Now the feature flags better reflect actual CPU features! */ + +- if ( cpu_has_xsave ) +- xstate_init(c); ++ xstate_init(c); + + #ifdef NOISY_CAPS + printk(KERN_DEBUG "CPU: After all inits, caps:"); +--- a/xen/arch/x86/xstate.c ++++ b/xen/arch/x86/xstate.c +@@ -587,6 +587,18 @@ void xstate_init(struct cpuinfo_x86 *c) + u32 eax, ebx, ecx, edx; + u64 feature_mask; + ++ if ( bsp ) ++ { ++ static typeof(current->arch.xsave_area->fpu_sse) __initdata ctxt; ++ ++ asm ( "fxsave %0" : "=m" (ctxt) ); ++ if ( ctxt.mxcsr_mask ) ++ mxcsr_mask = ctxt.mxcsr_mask; ++ } ++ ++ if ( !cpu_has_xsave ) ++ return; ++ + if ( (bsp && !use_xsave) || + boot_cpu_data.cpuid_level < XSTATE_CPUID ) + { +@@ -610,8 +622,6 @@ void xstate_init(struct cpuinfo_x86 *c) + + if ( bsp ) + { +- static typeof(current->arch.xsave_area->fpu_sse) __initdata ctxt; +- + xfeature_mask = feature_mask; + /* + * xsave_cntxt_size is the max size required by enabled features. +@@ -620,10 +630,6 @@ void xstate_init(struct cpuinfo_x86 *c) + xsave_cntxt_size = _xstate_ctxt_size(feature_mask); + printk("xstate: size: %#x and states: %#"PRIx64"\n", + xsave_cntxt_size, xfeature_mask); +- +- asm ( "fxsave %0" : "=m" (ctxt) ); +- if ( ctxt.mxcsr_mask ) +- mxcsr_mask = ctxt.mxcsr_mask; + } + else + { diff --git a/5ec50b05-x86-idle-rework-C6-EOI-workaround.patch b/5ec50b05-x86-idle-rework-C6-EOI-workaround.patch new file mode 100644 index 0000000..d2e42b0 --- /dev/null +++ b/5ec50b05-x86-idle-rework-C6-EOI-workaround.patch @@ -0,0 +1,100 @@ +# Commit 5fef1fd713660406a6187ef352fbf79986abfe43 +# Date 2020-05-20 12:48:37 +0200 +# Author Roger Pau Monné <roger.pau@citrix.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86/idle: rework C6 EOI workaround + +Change the C6 EOI workaround (errata AAJ72) to use x86_match_cpu. Also +call the workaround from mwait_idle, previously it was only used by +the ACPI idle driver. Finally make sure the routine is called for all +states equal or greater than ACPI_STATE_C3, note that the ACPI driver +doesn't currently handle them, but the errata condition shouldn't be +limited by that. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/acpi/cpu_idle.c ++++ b/xen/arch/x86/acpi/cpu_idle.c +@@ -537,26 +537,35 @@ void trace_exit_reason(u32 *irq_traced) + } + } + +-/* +- * "AAJ72. EOI Transaction May Not be Sent if Software Enters Core C6 During +- * an Interrupt Service Routine" +- * +- * There was an errata with some Core i7 processors that an EOI transaction +- * may not be sent if software enters core C6 during an interrupt service +- * routine. So we don't enter deep Cx state if there is an EOI pending. +- */ +-static bool errata_c6_eoi_workaround(void) ++bool errata_c6_eoi_workaround(void) + { +- static int8_t fix_needed = -1; ++ static int8_t __read_mostly fix_needed = -1; + + if ( unlikely(fix_needed == -1) ) + { +- int model = boot_cpu_data.x86_model; +- fix_needed = (cpu_has_apic && !directed_eoi_enabled && +- (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) && +- (boot_cpu_data.x86 == 6) && +- ((model == 0x1a) || (model == 0x1e) || (model == 0x1f) || +- (model == 0x25) || (model == 0x2c) || (model == 0x2f))); ++#define INTEL_FAM6_MODEL(m) { X86_VENDOR_INTEL, 6, m, X86_FEATURE_ALWAYS } ++ /* ++ * Errata AAJ72: EOI Transaction May Not be Sent if Software Enters ++ * Core C6 During an Interrupt Service Routine" ++ * ++ * There was an errata with some Core i7 processors that an EOI ++ * transaction may not be sent if software enters core C6 during an ++ * interrupt service routine. So we don't enter deep Cx state if ++ * there is an EOI pending. ++ */ ++ static const struct x86_cpu_id eoi_errata[] = { ++ INTEL_FAM6_MODEL(0x1a), ++ INTEL_FAM6_MODEL(0x1e), ++ INTEL_FAM6_MODEL(0x1f), ++ INTEL_FAM6_MODEL(0x25), ++ INTEL_FAM6_MODEL(0x2c), ++ INTEL_FAM6_MODEL(0x2f), ++ { } ++ }; ++#undef INTEL_FAM6_MODEL ++ ++ fix_needed = cpu_has_apic && !directed_eoi_enabled && ++ x86_match_cpu(eoi_errata); + } + + return (fix_needed && cpu_has_pending_apic_eoi()); +@@ -664,7 +673,7 @@ static void acpi_processor_idle(void) + return; + } + +- if ( (cx->type == ACPI_STATE_C3) && errata_c6_eoi_workaround() ) ++ if ( (cx->type >= ACPI_STATE_C3) && errata_c6_eoi_workaround() ) + cx = power->safe_state; + + +--- a/xen/arch/x86/cpu/mwait-idle.c ++++ b/xen/arch/x86/cpu/mwait-idle.c +@@ -769,6 +769,9 @@ static void mwait_idle(void) + return; + } + ++ if ((cx->type >= 3) && errata_c6_eoi_workaround()) ++ cx = power->safe_state; ++ + eax = cx->address; + cstate = ((eax >> MWAIT_SUBSTATE_SIZE) & MWAIT_CSTATE_MASK) + 1; + +--- a/xen/include/asm-x86/cpuidle.h ++++ b/xen/include/asm-x86/cpuidle.h +@@ -26,4 +26,6 @@ void update_idle_stats(struct acpi_proce + void update_last_cx_stat(struct acpi_processor_power *, + struct acpi_processor_cx *, uint64_t); + ++bool errata_c6_eoi_workaround(void); ++ + #endif /* __X86_ASM_CPUIDLE_H__ */ diff --git a/5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch b/5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch new file mode 100644 index 0000000..be68d1d --- /dev/null +++ b/5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch @@ -0,0 +1,102 @@ +# Commit fc44a7014cafe28b8c53eeaf6ac2a71f5bc8b815 +# Date 2020-05-22 16:07:38 +0200 +# Author Roger Pau Monné <roger.pau@citrix.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86/idle: prevent entering C6 with in service interrupts on Intel + +Apply a workaround for Intel errata BDX99, CLX30, SKX100, CFW125, +BDF104, BDH85, BDM135, KWB131: "A Pending Fixed Interrupt May Be +Dispatched Before an Interrupt of The Same Priority Completes". + +Apply the errata to all server and client models (big cores) from +Broadwell to Cascade Lake. The workaround is grouped together with the +existing fix for errata AAJ72, and the eoi from the function name is +removed. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/acpi/cpu_idle.c ++++ b/xen/arch/x86/acpi/cpu_idle.c +@@ -537,7 +537,7 @@ void trace_exit_reason(u32 *irq_traced) + } + } + +-bool errata_c6_eoi_workaround(void) ++bool errata_c6_workaround(void) + { + static int8_t __read_mostly fix_needed = -1; + +@@ -562,10 +562,40 @@ bool errata_c6_eoi_workaround(void) + INTEL_FAM6_MODEL(0x2f), + { } + }; ++ /* ++ * Errata BDX99, CLX30, SKX100, CFW125, BDF104, BDH85, BDM135, KWB131: ++ * A Pending Fixed Interrupt May Be Dispatched Before an Interrupt of ++ * The Same Priority Completes. ++ * ++ * Resuming from C6 Sleep-State, with Fixed Interrupts of the same ++ * priority queued (in the corresponding bits of the IRR and ISR APIC ++ * registers), the processor may dispatch the second interrupt (from ++ * the IRR bit) before the first interrupt has completed and written to ++ * the EOI register, causing the first interrupt to never complete. ++ */ ++ static const struct x86_cpu_id isr_errata[] = { ++ /* Broadwell */ ++ INTEL_FAM6_MODEL(0x47), ++ INTEL_FAM6_MODEL(0x3d), ++ INTEL_FAM6_MODEL(0x4f), ++ INTEL_FAM6_MODEL(0x56), ++ /* Skylake (client) */ ++ INTEL_FAM6_MODEL(0x5e), ++ INTEL_FAM6_MODEL(0x4e), ++ /* {Sky/Cascade}lake (server) */ ++ INTEL_FAM6_MODEL(0x55), ++ /* {Kaby/Coffee/Whiskey/Amber} Lake */ ++ INTEL_FAM6_MODEL(0x9e), ++ INTEL_FAM6_MODEL(0x8e), ++ /* Cannon Lake */ ++ INTEL_FAM6_MODEL(0x66), ++ { } ++ }; + #undef INTEL_FAM6_MODEL + +- fix_needed = cpu_has_apic && !directed_eoi_enabled && +- x86_match_cpu(eoi_errata); ++ fix_needed = cpu_has_apic && ++ ((!directed_eoi_enabled && x86_match_cpu(eoi_errata)) || ++ x86_match_cpu(isr_errata)); + } + + return (fix_needed && cpu_has_pending_apic_eoi()); +@@ -673,7 +703,7 @@ static void acpi_processor_idle(void) + return; + } + +- if ( (cx->type >= ACPI_STATE_C3) && errata_c6_eoi_workaround() ) ++ if ( (cx->type >= ACPI_STATE_C3) && errata_c6_workaround() ) + cx = power->safe_state; + + +--- a/xen/arch/x86/cpu/mwait-idle.c ++++ b/xen/arch/x86/cpu/mwait-idle.c +@@ -769,7 +769,7 @@ static void mwait_idle(void) + return; + } + +- if ((cx->type >= 3) && errata_c6_eoi_workaround()) ++ if ((cx->type >= 3) && errata_c6_workaround()) + cx = power->safe_state; + + eax = cx->address; +--- a/xen/include/asm-x86/cpuidle.h ++++ b/xen/include/asm-x86/cpuidle.h +@@ -26,6 +26,6 @@ void update_idle_stats(struct acpi_proce + void update_last_cx_stat(struct acpi_processor_power *, + struct acpi_processor_cx *, uint64_t); + +-bool errata_c6_eoi_workaround(void); ++bool errata_c6_workaround(void); + + #endif /* __X86_ASM_CPUIDLE_H__ */ diff --git a/5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch b/5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch new file mode 100644 index 0000000..7d2af46 --- /dev/null +++ b/5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch @@ -0,0 +1,68 @@ +# Commit b2d502466547e6782ccadd501b8ef1482c391f2c +# Date 2020-05-22 16:08:54 +0200 +# Author Roger Pau Monné <roger.pau@citrix.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86/idle: prevent entering C3/C6 on some Intel CPUs due to errata + +Apply a workaround for errata BA80, AAK120, AAM108, AAO67, BD59, +AAY54: Rapid Core C3/C6 Transition May Cause Unpredictable System +Behavior. + +Limit maximum C state to C1 when SMT is enabled on the affected CPUs. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/cpu/intel.c ++++ b/xen/arch/x86/cpu/intel.c +@@ -297,6 +297,41 @@ static void early_init_intel(struct cpui + } + + /* ++ * Errata BA80, AAK120, AAM108, AAO67, BD59, AAY54: Rapid Core C3/C6 Transition ++ * May Cause Unpredictable System Behavior ++ * ++ * Under a complex set of internal conditions, cores rapidly performing C3/C6 ++ * transitions in a system with Intel Hyper-Threading Technology enabled may ++ * cause a machine check error (IA32_MCi_STATUS.MCACOD = 0x0106), system hang ++ * or unpredictable system behavior. ++ */ ++static void probe_c3_errata(const struct cpuinfo_x86 *c) ++{ ++#define INTEL_FAM6_MODEL(m) { X86_VENDOR_INTEL, 6, m, X86_FEATURE_ALWAYS } ++ static const struct x86_cpu_id models[] = { ++ /* Nehalem */ ++ INTEL_FAM6_MODEL(0x1a), ++ INTEL_FAM6_MODEL(0x1e), ++ INTEL_FAM6_MODEL(0x1f), ++ INTEL_FAM6_MODEL(0x2e), ++ /* Westmere (note Westmere-EX is not affected) */ ++ INTEL_FAM6_MODEL(0x2c), ++ INTEL_FAM6_MODEL(0x25), ++ { } ++ }; ++#undef INTEL_FAM6_MODEL ++ ++ /* Serialized by the AP bringup code. */ ++ if ( max_cstate > 1 && (c->apicid & (c->x86_num_siblings - 1)) && ++ x86_match_cpu(models) ) ++ { ++ printk(XENLOG_WARNING ++ "Disabling C-states C3 and C6 due to CPU errata\n"); ++ max_cstate = 1; ++ } ++} ++ ++/* + * P4 Xeon errata 037 workaround. + * Hardware prefetcher may cause stale data to be loaded into the cache. + * +@@ -323,6 +358,8 @@ static void Intel_errata_workarounds(str + + if (cpu_has_tsx_force_abort && opt_rtm_abort) + wrmsrl(MSR_TSX_FORCE_ABORT, TSX_FORCE_ABORT_RTM); ++ ++ probe_c3_errata(c); + } + + diff --git a/5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch b/5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch new file mode 100644 index 0000000..5305469 --- /dev/null +++ b/5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch @@ -0,0 +1,33 @@ +# Commit b72d8870b5f68f06b083e6bfdb28f081bcb6ab3b +# Date 2020-05-22 20:04:23 +0100 +# Author Andrew Cooper <andrew.cooper3@citrix.com> +# Committer Andrew Cooper <andrew.cooper3@citrix.com> +x86/idle: Extend ISR/C6 erratum workaround to Haswell + +This bug was first discovered against Haswell. It is definitely affected. + +(The XenServer ticket for this bug was opened on 2013-05-30 which is coming up +on 7 years old, and predates Broadwell). + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Acked-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/acpi/cpu_idle.c ++++ b/xen/arch/x86/acpi/cpu_idle.c +@@ -572,8 +572,16 @@ bool errata_c6_workaround(void) + * registers), the processor may dispatch the second interrupt (from + * the IRR bit) before the first interrupt has completed and written to + * the EOI register, causing the first interrupt to never complete. ++ * ++ * Note: Haswell hasn't had errata issued, but this issue was first ++ * discovered on Haswell hardware, and is affected. + */ + static const struct x86_cpu_id isr_errata[] = { ++ /* Haswell */ ++ INTEL_FAM6_MODEL(0x3c), ++ INTEL_FAM6_MODEL(0x3f), ++ INTEL_FAM6_MODEL(0x45), ++ INTEL_FAM6_MODEL(0x46), + /* Broadwell */ + INTEL_FAM6_MODEL(0x47), + INTEL_FAM6_MODEL(0x3d), diff --git a/5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch b/5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch new file mode 100644 index 0000000..f8d6125 --- /dev/null +++ b/5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch @@ -0,0 +1,154 @@ +# Commit 93401e28a84b9dc5945f5d0bf5bce68e9d5ee121 +# Date 2020-05-27 09:49:37 +0200 +# Author Jan Beulich <jbeulich@suse.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86: clear RDRAND CPUID bit on AMD family 15h/16h + +Inspired by Linux commit c49a0a80137c7ca7d6ced4c812c9e07a949f6f24: + + There have been reports of RDRAND issues after resuming from suspend on + some AMD family 15h and family 16h systems. This issue stems from a BIOS + not performing the proper steps during resume to ensure RDRAND continues + to function properly. + + Update the CPU initialization to clear the RDRAND CPUID bit for any family + 15h and 16h processor that supports RDRAND. If it is known that the family + 15h or family 16h system does not have an RDRAND resume issue or that the + system will not be placed in suspend, the "cpuid=rdrand" kernel parameter + can be used to stop the clearing of the RDRAND CPUID bit. + + Note, that clearing the RDRAND CPUID bit does not prevent a processor + that normally supports the RDRAND instruction from executing it. So any + code that determined the support based on family and model won't #UD. + +Warn if no explicit choice was given on affected hardware. + +Check RDRAND functions at boot as well as after S3 resume (the retry +limit chosen is entirely arbitrary). + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> +Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/docs/misc/xen-command-line.pandoc ++++ b/docs/misc/xen-command-line.pandoc +@@ -488,6 +488,10 @@ The Speculation Control hardware feature + be ignored, e.g. `no-ibrsb`, at which point Xen won't use them itself, and + won't offer them to guests. + ++`rdrand` can be used to override the default disabling of the feature on certain ++AMD systems. Its negative form can of course also be used to suppress use and ++exposure of the feature. ++ + ### cpuid_mask_cpu + > `= fam_0f_rev_[cdefg] | fam_10_rev_[bc] | fam_11_rev_b` + +--- a/xen/arch/x86/cpu/amd.c ++++ b/xen/arch/x86/cpu/amd.c +@@ -3,6 +3,7 @@ + #include <xen/mm.h> + #include <xen/smp.h> + #include <xen/pci.h> ++#include <xen/warning.h> + #include <asm/io.h> + #include <asm/msr.h> + #include <asm/processor.h> +@@ -645,6 +646,26 @@ static void init_amd(struct cpuinfo_x86 + if (acpi_smi_cmd && (acpi_enable_value | acpi_disable_value)) + amd_acpi_c1e_quirk = true; + break; ++ ++ case 0x15: case 0x16: ++ /* ++ * There are some Fam15/Fam16 systems where upon resume from S3 ++ * firmware fails to re-setup properly functioning RDRAND. ++ * By the time we can spot the problem, it is too late to take ++ * action, and there is nothing Xen can do to repair the problem. ++ * Clear the feature unless force-enabled on the command line. ++ */ ++ if (c == &boot_cpu_data && ++ cpu_has(c, X86_FEATURE_RDRAND) && ++ !is_forced_cpu_cap(X86_FEATURE_RDRAND)) { ++ static const char __initconst text[] = ++ "RDRAND may cease to work on this hardware upon resume from S3.\n" ++ "Please choose an explicit cpuid={no-}rdrand setting.\n"; ++ ++ setup_clear_cpu_cap(X86_FEATURE_RDRAND); ++ warning_add(text); ++ } ++ break; + } + + display_cacheinfo(c); +--- a/xen/arch/x86/cpu/common.c ++++ b/xen/arch/x86/cpu/common.c +@@ -10,6 +10,7 @@ + #include <asm/io.h> + #include <asm/mpspec.h> + #include <asm/apic.h> ++#include <asm/random.h> + #include <asm/setup.h> + #include <mach_apic.h> + #include <public/sysctl.h> /* for XEN_INVALID_{SOCKET,CORE}_ID */ +@@ -97,6 +98,11 @@ void __init setup_force_cpu_cap(unsigned + __set_bit(cap, boot_cpu_data.x86_capability); + } + ++bool __init is_forced_cpu_cap(unsigned int cap) ++{ ++ return test_bit(cap, forced_caps); ++} ++ + static void default_init(struct cpuinfo_x86 * c) + { + /* Not much we can do here... */ +@@ -496,6 +502,27 @@ void identify_cpu(struct cpuinfo_x86 *c) + printk("\n"); + #endif + ++ /* ++ * If RDRAND is available, make an attempt to check that it actually ++ * (still) works. ++ */ ++ if (cpu_has(c, X86_FEATURE_RDRAND)) { ++ unsigned int prev = 0; ++ ++ for (i = 0; i < 5; ++i) ++ { ++ unsigned int cur = arch_get_random(); ++ ++ if (prev && cur != prev) ++ break; ++ prev = cur; ++ } ++ ++ if (i >= 5) ++ printk(XENLOG_WARNING "CPU%u: RDRAND appears to not work\n", ++ smp_processor_id()); ++ } ++ + if (system_state == SYS_STATE_resume) + return; + +--- a/xen/arch/x86/cpuid.c ++++ b/xen/arch/x86/cpuid.c +@@ -67,6 +67,9 @@ static int __init parse_xen_cpuid(const + { + if ( !val ) + setup_clear_cpu_cap(mid->bit); ++ else if ( mid->bit == X86_FEATURE_RDRAND && ++ (cpuid_ecx(1) & cpufeat_mask(X86_FEATURE_RDRAND)) ) ++ setup_force_cpu_cap(X86_FEATURE_RDRAND); + mid = NULL; + } + +--- a/xen/include/asm-x86/processor.h ++++ b/xen/include/asm-x86/processor.h +@@ -166,6 +166,7 @@ extern const struct x86_cpu_id *x86_matc + extern void identify_cpu(struct cpuinfo_x86 *); + extern void setup_clear_cpu_cap(unsigned int); + extern void setup_force_cpu_cap(unsigned int); ++extern bool is_forced_cpu_cap(unsigned int); + extern void print_cpu_info(unsigned int cpu); + extern unsigned int init_intel_cacheinfo(struct cpuinfo_x86 *c); + diff --git a/5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch b/5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch new file mode 100644 index 0000000..c043307 --- /dev/null +++ b/5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch @@ -0,0 +1,91 @@ +# Commit 9f3e9139fa6c3d620eb08dff927518fc88200b8d +# Date 2020-05-27 16:44:04 +0100 +# Author Andrew Cooper <andrew.cooper3@citrix.com> +# Committer Andrew Cooper <andrew.cooper3@citrix.com> +x86/boot: Fix load_system_tables() to be NMI/#MC-safe + +During boot, load_system_tables() is used in reinit_bsp_stack() to switch the +virtual addresses used from their .data/.bss alias, to their directmap alias. + +The structure assignment is implemented as a memset() to zero first, then a +copy-in of the new data. This causes the NMI/#MC stack pointers to +transiently become 0, at a point where we may have an NMI watchdog running. + +Rewrite the logic using a volatile tss pointer (equivalent to, but more +readable than, using ACCESS_ONCE() for all writes). + +This does drop the zeroing side effect for holes in the structure, but the +backing memory for the TSS is fully zeroed anyway, and architecturally, they +are all reserved. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/cpu/common.c ++++ b/xen/arch/x86/cpu/common.c +@@ -729,11 +729,12 @@ static cpumask_t cpu_initialized; + */ + void load_system_tables(void) + { +- unsigned int cpu = smp_processor_id(); ++ unsigned int i, cpu = smp_processor_id(); + unsigned long stack_bottom = get_stack_bottom(), + stack_top = stack_bottom & ~(STACK_SIZE - 1); + +- struct tss64 *tss = &this_cpu(tss_page).tss; ++ /* The TSS may be live. Disuade any clever optimisations. */ ++ volatile struct tss64 *tss = &this_cpu(tss_page).tss; + seg_desc_t *gdt = + this_cpu(gdt) - FIRST_RESERVED_GDT_ENTRY; + seg_desc_t *compat_gdt = +@@ -748,30 +749,26 @@ void load_system_tables(void) + .limit = (IDT_ENTRIES * sizeof(idt_entry_t)) - 1, + }; + +- *tss = (struct tss64){ +- /* Main stack for interrupts/exceptions. */ +- .rsp0 = stack_bottom, +- +- /* Ring 1 and 2 stacks poisoned. */ +- .rsp1 = 0x8600111111111111ul, +- .rsp2 = 0x8600111111111111ul, +- +- /* +- * MCE, NMI and Double Fault handlers get their own stacks. +- * All others poisoned. +- */ +- .ist = { +- [IST_MCE - 1] = stack_top + IST_MCE * PAGE_SIZE, +- [IST_DF - 1] = stack_top + IST_DF * PAGE_SIZE, +- [IST_NMI - 1] = stack_top + IST_NMI * PAGE_SIZE, +- [IST_DB - 1] = stack_top + IST_DB * PAGE_SIZE, +- +- [IST_MAX ... ARRAY_SIZE(tss->ist) - 1] = +- 0x8600111111111111ul, +- }, +- +- .bitmap = IOBMP_INVALID_OFFSET, +- }; ++ /* ++ * Set up the TSS. Warning - may be live, and the NMI/#MC must remain ++ * valid on every instruction boundary. (Note: these are all ++ * semantically ACCESS_ONCE() due to tss's volatile qualifier.) ++ * ++ * rsp0 refers to the primary stack. #MC, #DF, NMI and #DB handlers ++ * each get their own stacks. No IO Bitmap. ++ */ ++ tss->rsp0 = stack_bottom; ++ tss->ist[IST_MCE - 1] = stack_top + IST_MCE * PAGE_SIZE; ++ tss->ist[IST_DF - 1] = stack_top + IST_DF * PAGE_SIZE; ++ tss->ist[IST_NMI - 1] = stack_top + IST_NMI * PAGE_SIZE; ++ tss->ist[IST_DB - 1] = stack_top + IST_DB * PAGE_SIZE; ++ tss->bitmap = IOBMP_INVALID_OFFSET; ++ ++ /* All other stack pointers poisioned. */ ++ for ( i = IST_MAX; i < ARRAY_SIZE(tss->ist); ++i ) ++ tss->ist[i] = 0x8600111111111111ul; ++ tss->rsp1 = 0x8600111111111111ul; ++ tss->rsp2 = 0x8600111111111111ul; + + BUILD_BUG_ON(sizeof(*tss) <= 0x67); /* Mandated by the architecture. */ + diff --git a/5ed69804-x86-ucode-fix-start-end-update.patch b/5ed69804-x86-ucode-fix-start-end-update.patch new file mode 100644 index 0000000..ff6e346 --- /dev/null +++ b/5ed69804-x86-ucode-fix-start-end-update.patch @@ -0,0 +1,207 @@ +# Commit 3659f54e9bd31f0f59268402fd67fb4b4118e184 +# Date 2020-06-02 19:18:44 +0100 +# Author Andrew Cooper <andrew.cooper3@citrix.com> +# Committer Andrew Cooper <andrew.cooper3@citrix.com> +x86/ucode: Fix errors with start/end_update() + +c/s 9267a439c "x86/ucode: Document the behaviour of the microcode_ops hooks" +identified several poor behaviours of the start_update()/end_update_percpu() +hooks. + +AMD have subsequently confirmed that OSVW don't, and are not expected to, +change across a microcode load, rendering all of this complexity unecessary. + +Instead of fixing up the logic to not leave the OSVW state reset in a number +of corner cases, delete the logic entirely. + +This in turn allows for the removal of the poorly-named 'start_update' +parameter to microcode_update_one(), and for svm_host_osvw_{init,reset}() to +become static. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/acpi/power.c ++++ b/xen/arch/x86/acpi/power.c +@@ -286,7 +286,7 @@ static int enter_state(u32 state) + console_end_sync(); + watchdog_enable(); + +- microcode_update_one(true); ++ microcode_update_one(); + + if ( !recheck_cpu_features(0) ) + panic("Missing previously available feature(s)\n"); +--- a/xen/arch/x86/microcode_amd.c ++++ b/xen/arch/x86/microcode_amd.c +@@ -24,7 +24,6 @@ + #include <asm/msr.h> + #include <asm/processor.h> + #include <asm/microcode.h> +-#include <asm/hvm/svm/svm.h> + + #define pr_debug(x...) ((void)0) + +@@ -590,27 +589,10 @@ static struct microcode_patch *cpu_reque + return patch; + } + +-#ifdef CONFIG_HVM +-static int start_update(void) +-{ +- /* +- * svm_host_osvw_init() will be called on each cpu by calling '.end_update' +- * in common code. +- */ +- svm_host_osvw_reset(); +- +- return 0; +-} +-#endif +- + static const struct microcode_ops microcode_amd_ops = { + .cpu_request_microcode = cpu_request_microcode, + .collect_cpu_info = collect_cpu_info, + .apply_microcode = apply_microcode, +-#ifdef CONFIG_HVM +- .start_update = start_update, +- .end_update_percpu = svm_host_osvw_init, +-#endif + .free_patch = free_patch, + .compare_patch = compare_patch, + .match_cpu = match_cpu, +--- a/xen/arch/x86/microcode.c ++++ b/xen/arch/x86/microcode.c +@@ -578,9 +578,6 @@ static int do_microcode_update(void *pat + else + ret = secondary_thread_fn(); + +- if ( microcode_ops->end_update_percpu ) +- microcode_ops->end_update_percpu(); +- + return ret; + } + +@@ -652,16 +649,6 @@ static long microcode_update_helper(void + } + spin_unlock(µcode_mutex); + +- if ( microcode_ops->start_update ) +- { +- ret = microcode_ops->start_update(); +- if ( ret ) +- { +- microcode_free_patch(patch); +- goto put; +- } +- } +- + cpumask_clear(&cpu_callin_map); + atomic_set(&cpu_out, 0); + atomic_set(&cpu_updated, 0); +@@ -760,28 +747,14 @@ static int __init microcode_init(void) + __initcall(microcode_init); + + /* Load a cached update to current cpu */ +-int microcode_update_one(bool start_update) ++int microcode_update_one(void) + { +- int err; +- + if ( !microcode_ops ) + return -EOPNOTSUPP; + + microcode_ops->collect_cpu_info(&this_cpu(cpu_sig)); + +- if ( start_update && microcode_ops->start_update ) +- { +- err = microcode_ops->start_update(); +- if ( err ) +- return err; +- } +- +- err = microcode_update_cpu(NULL); +- +- if ( microcode_ops->end_update_percpu ) +- microcode_ops->end_update_percpu(); +- +- return err; ++ return microcode_update_cpu(NULL); + } + + /* BSP calls this function to parse ucode blob and then apply an update. */ +@@ -825,7 +798,7 @@ int __init early_microcode_update_cpu(vo + spin_unlock(µcode_mutex); + ASSERT(rc); + +- return microcode_update_one(true); ++ return microcode_update_one(); + } + + int __init early_microcode_init(void) +--- a/xen/arch/x86/hvm/svm/svm.c ++++ b/xen/arch/x86/hvm/svm/svm.c +@@ -1082,7 +1082,7 @@ static void svm_guest_osvw_init(struct d + spin_unlock(&osvw_lock); + } + +-void svm_host_osvw_reset() ++static void svm_host_osvw_reset(void) + { + spin_lock(&osvw_lock); + +@@ -1092,7 +1092,7 @@ void svm_host_osvw_reset() + spin_unlock(&osvw_lock); + } + +-void svm_host_osvw_init() ++static void svm_host_osvw_init(void) + { + spin_lock(&osvw_lock); + +--- a/xen/arch/x86/smpboot.c ++++ b/xen/arch/x86/smpboot.c +@@ -358,7 +358,7 @@ void start_secondary(void *unused) + + initialize_cpu_data(cpu); + +- microcode_update_one(false); ++ microcode_update_one(); + + /* + * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard +--- a/xen/include/asm-x86/hvm/svm/svm.h ++++ b/xen/include/asm-x86/hvm/svm/svm.h +@@ -93,9 +93,6 @@ extern u32 svm_feature_flags; + #define DEFAULT_TSC_RATIO 0x0000000100000000ULL + #define TSC_RATIO_RSVD_BITS 0xffffff0000000000ULL + +-extern void svm_host_osvw_reset(void); +-extern void svm_host_osvw_init(void); +- + /* EXITINFO1 fields on NPT faults */ + #define _NPT_PFEC_with_gla 32 + #define NPT_PFEC_with_gla (1UL<<_NPT_PFEC_with_gla) +--- a/xen/include/asm-x86/microcode.h ++++ b/xen/include/asm-x86/microcode.h +@@ -24,8 +24,6 @@ struct microcode_ops { + size_t size); + int (*collect_cpu_info)(struct cpu_signature *csig); + int (*apply_microcode)(const struct microcode_patch *patch); +- int (*start_update)(void); +- void (*end_update_percpu)(void); + void (*free_patch)(void *mc); + bool (*match_cpu)(const struct microcode_patch *patch); + enum microcode_match_result (*compare_patch)( +--- a/xen/include/asm-x86/processor.h ++++ b/xen/include/asm-x86/processor.h +@@ -586,7 +586,7 @@ void microcode_set_module(unsigned int); + int microcode_update(XEN_GUEST_HANDLE_PARAM(const_void), unsigned long len); + int early_microcode_update_cpu(void); + int early_microcode_init(void); +-int microcode_update_one(bool start_update); ++int microcode_update_one(void); + int microcode_init_intel(void); + int microcode_init_amd(void); + diff --git a/5eda60cb-SVM-split-recalc-NPT-fault-handling.patch b/5eda60cb-SVM-split-recalc-NPT-fault-handling.patch new file mode 100644 index 0000000..6ae1e04 --- /dev/null +++ b/5eda60cb-SVM-split-recalc-NPT-fault-handling.patch @@ -0,0 +1,98 @@ +# Commit 51ca66c37371b10b378513af126646de22eddb17 +# Date 2020-06-05 17:12:11 +0200 +# Author Igor Druzhinin <igor.druzhinin@citrix.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86/svm: do not try to handle recalc NPT faults immediately + +A recalculation NPT fault doesn't always require additional handling +in hvm_hap_nested_page_fault(), moreover in general case if there is no +explicit handling done there - the fault is wrongly considered fatal. + +This covers a specific case of migration with vGPU assigned which +uses direct MMIO mappings made by XEN_DOMCTL_memory_mapping hypercall: +at a moment log-dirty is enabled globally, recalculation is requested +for the whole guest memory including those mapped MMIO regions +which causes a page fault being raised at the first access to them; +but due to MMIO P2M type not having any explicit handling in +hvm_hap_nested_page_fault() a domain is erroneously crashed with unhandled +SVM violation. + +Instead of trying to be opportunistic - use safer approach and handle +P2M recalculation in a separate NPT fault by attempting to retry after +making the necessary adjustments. This is aligned with Intel behavior +where there are separate VMEXITs for recalculation and EPT violations +(faults) and only faults are handled in hvm_hap_nested_page_fault(). +Do it by also unifying do_recalc return code with Intel implementation +where returning 1 means P2M was actually changed. + +Since there was no case previously where p2m_pt_handle_deferred_changes() +could return a positive value - it's safe to replace ">= 0" with just "== 0" +in VMEXIT_NPF handler. finish_type_change() is also not affected by the +change as being able to deal with >0 return value of p2m->recalc from +EPT implementation. + +Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com> +Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/hvm/svm/svm.c ++++ b/xen/arch/x86/hvm/svm/svm.c +@@ -2947,9 +2947,10 @@ void svm_vmexit_handler(struct cpu_user_ + v->arch.hvm.svm.cached_insn_len = vmcb->guest_ins_len & 0xf; + rc = vmcb->exitinfo1 & PFEC_page_present + ? p2m_pt_handle_deferred_changes(vmcb->exitinfo2) : 0; +- if ( rc >= 0 ) ++ if ( rc == 0 ) ++ /* If no recal adjustments were being made - handle this fault */ + svm_do_nested_pgfault(v, regs, vmcb->exitinfo1, vmcb->exitinfo2); +- else ++ else if ( rc < 0 ) + { + printk(XENLOG_G_ERR + "%pv: Error %d handling NPF (gpa=%08lx ec=%04lx)\n", +--- a/xen/arch/x86/mm/p2m-pt.c ++++ b/xen/arch/x86/mm/p2m-pt.c +@@ -341,6 +341,7 @@ static int do_recalc(struct p2m_domain * + unsigned int level = 4; + l1_pgentry_t *pent; + int err = 0; ++ bool recalc_done = false; + + table = map_domain_page(pagetable_get_mfn(p2m_get_pagetable(p2m))); + while ( --level ) +@@ -402,6 +403,8 @@ static int do_recalc(struct p2m_domain * + clear_recalc(l1, e); + err = p2m->write_p2m_entry(p2m, gfn, pent, e, level + 1); + ASSERT(!err); ++ ++ recalc_done = true; + } + } + unmap_domain_page((void *)((unsigned long)pent & PAGE_MASK)); +@@ -448,12 +451,14 @@ static int do_recalc(struct p2m_domain * + clear_recalc(l1, e); + err = p2m->write_p2m_entry(p2m, gfn, pent, e, level + 1); + ASSERT(!err); ++ ++ recalc_done = true; + } + + out: + unmap_domain_page(table); + +- return err; ++ return err ?: recalc_done; + } + + int p2m_pt_handle_deferred_changes(uint64_t gpa) +--- a/xen/arch/x86/mm/p2m.c ++++ b/xen/arch/x86/mm/p2m.c +@@ -1194,7 +1194,7 @@ static int finish_type_change(struct p2m + rc = p2m->recalc(p2m, gfn); + /* + * ept->recalc could return 0/1/-ENOMEM. pt->recalc could return +- * 0/-ENOMEM/-ENOENT, -ENOENT isn't an error as we are looping ++ * 0/1/-ENOMEM/-ENOENT, -ENOENT isn't an error as we are looping + * gfn here. If rc is 1 we need to have it 0 for success. + */ + if ( rc == -ENOENT || rc > 0 ) diff --git a/5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch b/5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch new file mode 100644 index 0000000..7d21a6f --- /dev/null +++ b/5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch @@ -0,0 +1,57 @@ +# Commit f7039ee41b3d3448775a1623f230037fd0455104 +# Date 2020-06-09 12:56:24 +0200 +# Author Paul Durrant <pdurrant@amazon.com> +# Committer Jan Beulich <jbeulich@suse.com> +ioreq: handle pending emulation racing with ioreq server destruction + +When an emulation request is initiated in hvm_send_ioreq() the guest vcpu is +blocked on an event channel until that request is completed. If, however, +the emulator is killed whilst that emulation is pending then the ioreq +server may be destroyed. Thus when the vcpu is awoken the code in +handle_hvm_io_completion() will find no pending request to wait for, but will +leave the internal vcpu io_req.state set to IOREQ_READY and the vcpu shutdown +deferall flag in place (because hvm_io_assist() will never be called). The +emulation request is then completed anyway. This means that any subsequent call +to hvmemul_do_io() will find an unexpected value in io_req.state and will +return X86EMUL_UNHANDLEABLE, which in some cases will result in continuous +re-tries. + +This patch fixes the issue by moving the setting of io_req.state and clearing +of shutdown deferral (as will as MSI-X write completion) out of hvm_io_assist() +and directly into handle_hvm_io_completion(). + +Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> +Signed-off-by: Paul Durrant <pdurrant@amazon.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/hvm/ioreq.c ++++ b/xen/arch/x86/hvm/ioreq.c +@@ -107,15 +107,7 @@ static void hvm_io_assist(struct hvm_ior + ioreq_t *ioreq = &v->arch.hvm.hvm_io.io_req; + + if ( hvm_ioreq_needs_completion(ioreq) ) +- { +- ioreq->state = STATE_IORESP_READY; + ioreq->data = data; +- } +- else +- ioreq->state = STATE_IOREQ_NONE; +- +- msix_write_completion(v); +- vcpu_end_shutdown_deferral(v); + + sv->pending = false; + } +@@ -207,6 +199,12 @@ bool handle_hvm_io_completion(struct vcp + } + } + ++ vio->io_req.state = hvm_ioreq_needs_completion(&vio->io_req) ? ++ STATE_IORESP_READY : STATE_IOREQ_NONE; ++ ++ msix_write_completion(v); ++ vcpu_end_shutdown_deferral(v); ++ + io_completion = vio->io_completion; + vio->io_completion = HVMIO_no_completion; + diff --git a/5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch b/5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch new file mode 100644 index 0000000..02e6737 --- /dev/null +++ b/5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch @@ -0,0 +1,106 @@ +# Commit caab85ab58c0cdf74ab070a5de5c4df89f509ff3 +# Date 2020-06-09 17:42:18 +0100 +# Author Andrew Cooper <andrew.cooper3@citrix.com> +# Committer Andrew Cooper <andrew.cooper3@citrix.com> +x86/spec-ctrl: CPUID/MSR definitions for Special Register Buffer Data Sampling + +This is part of XSA-320 / CVE-2020-0543 + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Wei Liu <wl@xen.org> + +--- a/docs/misc/xen-command-line.pandoc ++++ b/docs/misc/xen-command-line.pandoc +@@ -483,10 +483,10 @@ accounting for hardware capabilities as + + Currently accepted: + +-The Speculation Control hardware features `md-clear`, `ibrsb`, `stibp`, `ibpb`, +-`l1d-flush` and `ssbd` are used by default if available and applicable. They can +-be ignored, e.g. `no-ibrsb`, at which point Xen won't use them itself, and +-won't offer them to guests. ++The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`, ++`stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and ++applicable. They can be ignored, e.g. `no-ibrsb`, at which point Xen won't ++use them itself, and won't offer them to guests. + + `rdrand` can be used to override the default disabling of the feature on certain + AMD systems. Its negative form can of course also be used to suppress use and +--- a/tools/libxl/libxl_cpuid.c ++++ b/tools/libxl/libxl_cpuid.c +@@ -213,6 +213,7 @@ int libxl_cpuid_parse_config(libxl_cpuid + + {"avx512-4vnniw",0x00000007, 0, CPUID_REG_EDX, 2, 1}, + {"avx512-4fmaps",0x00000007, 0, CPUID_REG_EDX, 3, 1}, ++ {"srbds-ctrl", 0x00000007, 0, CPUID_REG_EDX, 9, 1}, + {"md-clear", 0x00000007, 0, CPUID_REG_EDX, 10, 1}, + {"cet-ibt", 0x00000007, 0, CPUID_REG_EDX, 20, 1}, + {"ibrsb", 0x00000007, 0, CPUID_REG_EDX, 26, 1}, +--- a/tools/misc/xen-cpuid.c ++++ b/tools/misc/xen-cpuid.c +@@ -157,6 +157,7 @@ static const char *const str_7d0[32] = + [ 2] = "avx512_4vnniw", [ 3] = "avx512_4fmaps", + [ 4] = "fsrm", + ++ /* 8 */ [ 9] = "srbds-ctrl", + [10] = "md-clear", + /* 12 */ [13] = "tsx-force-abort", + +--- a/xen/arch/x86/msr.c ++++ b/xen/arch/x86/msr.c +@@ -134,6 +134,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t + /* Write-only */ + case MSR_TSX_FORCE_ABORT: + case MSR_TSX_CTRL: ++ case MSR_MCU_OPT_CTRL: + case MSR_U_CET: + case MSR_S_CET: + case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE: +@@ -288,6 +289,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t + /* Read-only */ + case MSR_TSX_FORCE_ABORT: + case MSR_TSX_CTRL: ++ case MSR_MCU_OPT_CTRL: + case MSR_U_CET: + case MSR_S_CET: + case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE: +--- a/xen/arch/x86/spec_ctrl.c ++++ b/xen/arch/x86/spec_ctrl.c +@@ -312,12 +312,13 @@ static void __init print_details(enum in + printk("Speculative mitigation facilities:\n"); + + /* Hardware features which pertain to speculative mitigations. */ +- printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", ++ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS/IBPB" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", ++ (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBPB)) ? " IBPB" : "", + (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", + (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", +--- a/xen/include/asm-x86/msr-index.h ++++ b/xen/include/asm-x86/msr-index.h +@@ -179,6 +179,9 @@ + #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 + #define MSR_IA32_VMX_VMFUNC 0x491 + ++#define MSR_MCU_OPT_CTRL 0x00000123 ++#define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) ++ + #define MSR_U_CET 0x000006a0 + #define MSR_S_CET 0x000006a2 + #define MSR_PL0_SSP 0x000006a4 +--- a/xen/include/public/arch-x86/cpufeatureset.h ++++ b/xen/include/public/arch-x86/cpufeatureset.h +@@ -252,6 +252,7 @@ XEN_CPUFEATURE(IBPB, 8*32+12) / + /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ + XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ + XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single Precision */ ++XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ + XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*A VERW clears microarchitectural buffers */ + XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ + XEN_CPUFEATURE(CET_IBT, 9*32+20) /* CET - Indirect Branch Tracking */ diff --git a/5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch b/5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch new file mode 100644 index 0000000..e80d8c4 --- /dev/null +++ b/5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch @@ -0,0 +1,172 @@ +# Commit 6a49b9a7920c82015381740905582b666160d955 +# Date 2020-06-09 17:42:18 +0100 +# Author Andrew Cooper <andrew.cooper3@citrix.com> +# Committer Andrew Cooper <andrew.cooper3@citrix.com> +x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling sidechannel + +See patch documentation and comments. + +This is part of XSA-320 / CVE-2020-0543 + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/docs/misc/xen-command-line.pandoc ++++ b/docs/misc/xen-command-line.pandoc +@@ -1995,7 +1995,7 @@ By default SSBD will be mitigated at run + ### spec-ctrl (x86) + > `= List of [ <bool>, xen=<bool>, {pv,hvm,msr-sc,rsb,md-clear}=<bool>, + > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, +-> l1d-flush,branch-harden}=<bool> ]` ++> l1d-flush,branch-harden,srb-lock}=<bool> ]` + + Controls for speculative execution sidechannel mitigations. By default, Xen + will pick the most appropriate mitigations based on compiled in support, +@@ -2072,6 +2072,12 @@ If Xen is compiled with `CONFIG_SPECULAT + speculation barriers to protect selected conditional branches. By default, + Xen will enable this mitigation. + ++On hardware supporting SRBDS_CTRL, the `srb-lock=` option can be used to force ++or prevent Xen from protect the Special Register Buffer from leaking stale ++data. By default, Xen will enable this mitigation, except on parts where MDS ++is fixed and TAA is fixed/mitigated (in which case, there is believed to be no ++way for an attacker to obtain the stale data). ++ + ### sync_console + > `= <boolean>` + +--- a/xen/arch/x86/acpi/power.c ++++ b/xen/arch/x86/acpi/power.c +@@ -295,6 +295,9 @@ static int enter_state(u32 state) + ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); + spec_ctrl_exit_idle(ci); + ++ if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) ++ wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); ++ + done: + spin_debug_enable(); + local_irq_restore(flags); +--- a/xen/arch/x86/smpboot.c ++++ b/xen/arch/x86/smpboot.c +@@ -361,12 +361,14 @@ void start_secondary(void *unused) + microcode_update_one(); + + /* +- * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard +- * any firmware settings. Note: MSR_SPEC_CTRL may only become available +- * after loading microcode. ++ * If any speculative control MSRs are available, apply Xen's default ++ * settings. Note: These MSRs may only become available after loading ++ * microcode. + */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); ++ if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) ++ wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + + tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ + +--- a/xen/arch/x86/spec_ctrl.c ++++ b/xen/arch/x86/spec_ctrl.c +@@ -65,6 +65,9 @@ static unsigned int __initdata l1d_maxph + static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ + static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ + ++static int8_t __initdata opt_srb_lock = -1; ++uint64_t __read_mostly default_xen_mcu_opt_ctrl; ++ + static int __init parse_spec_ctrl(const char *s) + { + const char *ss; +@@ -112,6 +115,7 @@ static int __init parse_spec_ctrl(const + opt_ssbd = false; + opt_l1d_flush = 0; + opt_branch_harden = false; ++ opt_srb_lock = 0; + } + else if ( val > 0 ) + rc = -EINVAL; +@@ -178,6 +182,8 @@ static int __init parse_spec_ctrl(const + opt_l1d_flush = val; + else if ( (val = parse_boolean("branch-harden", s, ss)) >= 0 ) + opt_branch_harden = val; ++ else if ( (val = parse_boolean("srb-lock", s, ss)) >= 0 ) ++ opt_srb_lock = val; + else + rc = -EINVAL; + +@@ -341,7 +347,7 @@ static void __init print_details(enum in + "\n"); + + /* Settings for Xen's protection, irrespective of guests. */ +- printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s\n", ++ printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s%s\n", + thunk == THUNK_NONE ? "N/A" : + thunk == THUNK_RETPOLINE ? "RETPOLINE" : + thunk == THUNK_LFENCE ? "LFENCE" : +@@ -352,6 +358,8 @@ static void __init print_details(enum in + (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", + !(caps & ARCH_CAPS_TSX_CTRL) ? "" : + (opt_tsx & 1) ? " TSX+" : " TSX-", ++ !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : ++ opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", + opt_ibpb ? " IBPB" : "", + opt_l1d_flush ? " L1D_FLUSH" : "", + opt_md_clear_pv || opt_md_clear_hvm ? " VERW" : "", +@@ -1149,6 +1157,34 @@ void __init init_speculation_mitigations + tsx_init(); + } + ++ /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ ++ if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) ++ { ++ uint64_t val; ++ ++ rdmsrl(MSR_MCU_OPT_CTRL, val); ++ ++ /* ++ * On some SRBDS-affected hardware, it may be safe to relax srb-lock ++ * by default. ++ * ++ * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way ++ * to access the Fill Buffer. If TSX isn't available (inc. SKU ++ * reasons on some models), or TSX is explicitly disabled, then there ++ * is no need for the extra overhead to protect RDRAND/RDSEED. ++ */ ++ if ( opt_srb_lock == -1 && ++ (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && ++ (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && opt_tsx == 0)) ) ++ opt_srb_lock = 0; ++ ++ val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; ++ if ( !opt_srb_lock ) ++ val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; ++ ++ default_xen_mcu_opt_ctrl = val; ++ } ++ + print_details(thunk, caps); + + /* +@@ -1180,6 +1216,9 @@ void __init init_speculation_mitigations + + wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); + } ++ ++ if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) ++ wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + } + + static void __init __maybe_unused build_assertions(void) +--- a/xen/include/asm-x86/spec_ctrl.h ++++ b/xen/include/asm-x86/spec_ctrl.h +@@ -54,6 +54,8 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_ + */ + extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; + ++extern uint64_t default_xen_mcu_opt_ctrl; ++ + static inline void init_shadow_spec_ctrl_state(void) + { + struct cpu_info *info = get_cpu_info(); diff --git a/5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch b/5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch new file mode 100644 index 0000000..2d5bc64 --- /dev/null +++ b/5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch @@ -0,0 +1,43 @@ +# Commit 7028534d8482d25860c4d1aa8e45f0b911abfc5a +# Date 2020-06-11 16:26:06 +0100 +# Author Andrew Cooper <andrew.cooper3@citrix.com> +# Committer Andrew Cooper <andrew.cooper3@citrix.com> +x86/spec-ctrl: Update docs with SRBDS workaround + +RDRAND/RDSEED can be hidden using cpuid= to mitigate SRBDS if microcode +isn't available. + +This is part of XSA-320 / CVE-2020-0543. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Acked-by: Julien Grall <jgrall@amazon.com> + +--- a/docs/misc/xen-command-line.pandoc ++++ b/docs/misc/xen-command-line.pandoc +@@ -481,16 +481,21 @@ choice of `dom0-kernel` is deprecated an + This option allows for fine tuning of the facilities Xen will use, after + accounting for hardware capabilities as enumerated via CPUID. + ++Unless otherwise noted, options only have any effect in their negative form, ++to hide the named feature(s). Ignoring a feature using this mechanism will ++cause Xen not to use the feature, nor offer them as usable to guests. ++ + Currently accepted: + + The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`, + `stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and +-applicable. They can be ignored, e.g. `no-ibrsb`, at which point Xen won't +-use them itself, and won't offer them to guests. ++applicable. They can all be ignored. + +-`rdrand` can be used to override the default disabling of the feature on certain +-AMD systems. Its negative form can of course also be used to suppress use and +-exposure of the feature. ++`rdrand` and `rdseed` can be ignored, as a mitigation to XSA-320 / ++CVE-2020-0543. The RDRAND feature is disabled by default on certain AMD ++systems, due to possible malfunctions after ACPI S3 suspend/resume. `rdrand` ++may be used in its positive form to override Xen's default behaviour on these ++systems, and make the feature fully usable. + + ### cpuid_mask_cpu + > `= fam_0f_rev_[cdefg] | fam_10_rev_[bc] | fam_11_rev_b` diff --git a/5ef44e0d-x86-PMTMR-use-FADT-flags.patch b/5ef44e0d-x86-PMTMR-use-FADT-flags.patch new file mode 100644 index 0000000..916fd44 --- /dev/null +++ b/5ef44e0d-x86-PMTMR-use-FADT-flags.patch @@ -0,0 +1,102 @@ +# Commit f325d2477eef8229c47d97031d314629521c70ab +# Date 2020-06-25 09:11:09 +0200 +# Author Grzegorz Uriasz <gorbak25@gmail.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86/acpi: use FADT flags to determine the PMTMR width + +On some computers the bit width of the PM Timer as reported +by ACPI is 32 bits when in fact the FADT flags report correctly +that the timer is 24 bits wide. On affected machines such as the +ASUS FX504GM and never gaming laptops this results in the inability +to resume the machine from suspend. Without this patch suspend is +broken on affected machines and even if a machine manages to resume +correctly then the kernel time and xen timers are trashed. + +Signed-off-by: Grzegorz Uriasz <gorbak25@gmail.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/acpi/boot.c ++++ b/xen/arch/x86/acpi/boot.c +@@ -473,10 +473,17 @@ static int __init acpi_parse_fadt(struct + + #ifdef CONFIG_X86_PM_TIMER + /* detect the location of the ACPI PM Timer */ +- if (fadt->header.revision >= FADT2_REVISION_ID) { ++ if (fadt->header.revision >= FADT2_REVISION_ID && ++ fadt->xpm_timer_block.space_id == ACPI_ADR_SPACE_SYSTEM_IO) { + /* FADT rev. 2 */ +- if (fadt->xpm_timer_block.space_id == +- ACPI_ADR_SPACE_SYSTEM_IO) { ++ if (fadt->xpm_timer_block.access_width != 0 && ++ ACPI_ACCESS_BIT_WIDTH(fadt->xpm_timer_block.access_width) != 32) ++ printk(KERN_WARNING PREFIX "PM-Timer has invalid access width(%u)\n", ++ fadt->xpm_timer_block.access_width); ++ else if (fadt->xpm_timer_block.bit_offset != 0) ++ printk(KERN_WARNING PREFIX "PM-Timer has invalid bit offset(%u)\n", ++ fadt->xpm_timer_block.bit_offset); ++ else { + pmtmr_ioport = fadt->xpm_timer_block.address; + pmtmr_width = fadt->xpm_timer_block.bit_width; + } +@@ -488,8 +495,12 @@ static int __init acpi_parse_fadt(struct + */ + if (!pmtmr_ioport) { + pmtmr_ioport = fadt->pm_timer_block; +- pmtmr_width = fadt->pm_timer_length == 4 ? 24 : 0; ++ pmtmr_width = fadt->pm_timer_length == 4 ? 32 : 0; + } ++ if (pmtmr_width < 32 && (fadt->flags & ACPI_FADT_32BIT_TIMER)) ++ printk(KERN_WARNING PREFIX "PM-Timer is too short\n"); ++ if (pmtmr_width > 24 && !(fadt->flags & ACPI_FADT_32BIT_TIMER)) ++ pmtmr_width = 24; + if (pmtmr_ioport) + printk(KERN_INFO PREFIX "PM-Timer IO Port: %#x (%u bits)\n", + pmtmr_ioport, pmtmr_width); +--- a/xen/arch/x86/time.c ++++ b/xen/arch/x86/time.c +@@ -452,16 +452,13 @@ static u64 read_pmtimer_count(void) + static s64 __init init_pmtimer(struct platform_timesource *pts) + { + u64 start; +- u32 count, target, mask = 0xffffff; ++ u32 count, target, mask; + +- if ( !pmtmr_ioport || !pmtmr_width ) ++ if ( !pmtmr_ioport || (pmtmr_width != 24 && pmtmr_width != 32) ) + return 0; + +- if ( pmtmr_width == 32 ) +- { +- pts->counter_bits = 32; +- mask = 0xffffffff; +- } ++ pts->counter_bits = pmtmr_width; ++ mask = 0xffffffff >> (32 - pmtmr_width); + + count = inl(pmtmr_ioport) & mask; + start = rdtsc_ordered(); +@@ -481,7 +478,6 @@ static struct platform_timesource __init + .name = "ACPI PM Timer", + .frequency = ACPI_PM_FREQUENCY, + .read_counter = read_pmtimer_count, +- .counter_bits = 24, + .init = init_pmtimer + }; + +--- a/xen/include/acpi/acmacros.h ++++ b/xen/include/acpi/acmacros.h +@@ -122,6 +122,14 @@ + #endif + + /* ++ * Algorithm to obtain access bit or byte width. ++ * Can be used with access_width of struct acpi_generic_address and access_size of ++ * struct acpi_resource_generic_register. ++ */ ++#define ACPI_ACCESS_BIT_WIDTH(size) (1 << ((size) + 2)) ++#define ACPI_ACCESS_BYTE_WIDTH(size) (1 << ((size) - 1)) ++ ++/* + * Macros for moving data around to/from buffers that are possibly unaligned. + * If the hardware supports the transfer of unaligned data, just do the store. + * Otherwise, we have to move one byte at a time. diff --git a/5ef6156a-x86-disallow-access-to-PT-MSRs.patch b/5ef6156a-x86-disallow-access-to-PT-MSRs.patch new file mode 100644 index 0000000..67e08c4 --- /dev/null +++ b/5ef6156a-x86-disallow-access-to-PT-MSRs.patch @@ -0,0 +1,49 @@ +# Commit bcdfbb70fca579baa04f212c0936b77919bdae11 +# Date 2020-06-26 16:34:02 +0100 +# Author Andrew Cooper <andrew.cooper3@citrix.com> +# Committer Andrew Cooper <andrew.cooper3@citrix.com> +x86/msr: Disallow access to Processor Trace MSRs + +We do not expose the feature to guests, so should disallow access to the +respective MSRs. For simplicity, drop the entire block of MSRs, not just the +subset which have been specified thus far. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Wei Liu <wl@xen.org> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/msr.c ++++ b/xen/arch/x86/msr.c +@@ -135,6 +135,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t + case MSR_TSX_FORCE_ABORT: + case MSR_TSX_CTRL: + case MSR_MCU_OPT_CTRL: ++ case MSR_RTIT_OUTPUT_BASE ... MSR_RTIT_ADDR_B(7): + case MSR_U_CET: + case MSR_S_CET: + case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE: +@@ -290,6 +291,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t + case MSR_TSX_FORCE_ABORT: + case MSR_TSX_CTRL: + case MSR_MCU_OPT_CTRL: ++ case MSR_RTIT_OUTPUT_BASE ... MSR_RTIT_ADDR_B(7): + case MSR_U_CET: + case MSR_S_CET: + case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE: +--- a/xen/include/asm-x86/msr-index.h ++++ b/xen/include/asm-x86/msr-index.h +@@ -182,6 +182,14 @@ + #define MSR_MCU_OPT_CTRL 0x00000123 + #define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) + ++#define MSR_RTIT_OUTPUT_BASE 0x00000560 ++#define MSR_RTIT_OUTPUT_MASK 0x00000561 ++#define MSR_RTIT_CTL 0x00000570 ++#define MSR_RTIT_STATUS 0x00000571 ++#define MSR_RTIT_CR3_MATCH 0x00000572 ++#define MSR_RTIT_ADDR_A(n) (0x00000580 + (n) * 2) ++#define MSR_RTIT_ADDR_B(n) (0x00000581 + (n) * 2) ++ + #define MSR_U_CET 0x000006a0 + #define MSR_S_CET 0x000006a2 + #define MSR_PL0_SSP 0x000006a4 diff --git a/5efcb354-x86-protect-CALL-JMP-straight-line-speculation.patch b/5efcb354-x86-protect-CALL-JMP-straight-line-speculation.patch new file mode 100644 index 0000000..6951789 --- /dev/null +++ b/5efcb354-x86-protect-CALL-JMP-straight-line-speculation.patch @@ -0,0 +1,35 @@ +# Commit 3b7dab93f2401b08c673244c9ae0f92e08bd03ba +# Date 2020-07-01 17:01:24 +0100 +# Author Andrew Cooper <andrew.cooper3@citrix.com> +# Committer Andrew Cooper <andrew.cooper3@citrix.com> +x86/spec-ctrl: Protect against CALL/JMP straight-line speculation + +Some x86 CPUs speculatively execute beyond indirect CALL/JMP instructions. + +With CONFIG_INDIRECT_THUNK / Retpolines, indirect CALL/JMP instructions are +converted to direct CALL/JMP's to __x86_indirect_thunk_REG(), leaving just a +handful of indirect JMPs implementing those stubs. + +There is no architectrual execution beyond an indirect JMP, so use INT3 as +recommended by vendors to halt speculative execution. This is shorter than +LFENCE (which would also work fine), but also shows up in logs if we do +unexpected execute them. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/indirect-thunk.S ++++ b/xen/arch/x86/indirect-thunk.S +@@ -24,10 +24,12 @@ + .macro IND_THUNK_LFENCE reg:req + lfence + jmp *%\reg ++ int3 /* Halt straight-line speculation */ + .endm + + .macro IND_THUNK_JMP reg:req + jmp *%\reg ++ int3 /* Halt straight-line speculation */ + .endm + + /* diff --git a/5f046c18-evtchn-dont-ignore-error-in-get_free_port.patch b/5f046c18-evtchn-dont-ignore-error-in-get_free_port.patch new file mode 100644 index 0000000..8792d3f --- /dev/null +++ b/5f046c18-evtchn-dont-ignore-error-in-get_free_port.patch @@ -0,0 +1,45 @@ +# Commit 2e9c2bc292231823a3a021d2e0a9f1956bf00b3c +# Date 2020-07-07 14:35:36 +0200 +# Author Julien Grall <jgrall@amazon.com> +# Committer Jan Beulich <jbeulich@suse.com> +xen/common: event_channel: Don't ignore error in get_free_port() + +Currently, get_free_port() is assuming that the port has been allocated +when evtchn_allocate_port() is not return -EBUSY. + +However, the function may return an error when: + - We exhausted all the event channels. This can happen if the limit + configured by the administrator for the guest ('max_event_channels' + in xl cfg) is higher than the ABI used by the guest. For instance, + if the guest is using 2L, the limit should not be higher than 4095. + - We cannot allocate memory (e.g Xen has not more memory). + +Users of get_free_port() (such as EVTCHNOP_alloc_unbound) will validly +assuming the port was valid and will next call evtchn_from_port(). This +will result to a crash as the memory backing the event channel structure +is not present. + +Fixes: 368ae9a05fe ("xen/pvshim: forward evtchn ops between L0 Xen and L2 DomU") +Signed-off-by: Julien Grall <jgrall@amazon.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +--- + xen/common/event_channel.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -195,10 +195,10 @@ static int get_free_port(struct domain * + { + int rc = evtchn_allocate_port(d, port); + +- if ( rc == -EBUSY ) +- continue; +- +- return port; ++ if ( rc == 0 ) ++ return port; ++ else if ( rc != -EBUSY ) ++ return rc; + } + + return -ENOSPC; diff --git a/5f046c48-x86-shadow-dirty-VRAM-inverted-conditional.patch b/5f046c48-x86-shadow-dirty-VRAM-inverted-conditional.patch new file mode 100644 index 0000000..b25f024 --- /dev/null +++ b/5f046c48-x86-shadow-dirty-VRAM-inverted-conditional.patch @@ -0,0 +1,30 @@ +# Commit 23a216f99d40fbfbc2318ade89d8213eea6ba1f8 +# Date 2020-07-07 14:36:24 +0200 +# Author Jan Beulich <jbeulich@suse.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86/shadow: correct an inverted conditional in dirty VRAM tracking + +This originally was "mfn_x(mfn) == INVALID_MFN". Make it like this +again, taking the opportunity to also drop the unnecessary nearby +braces. + +This is XSA-319. + +Fixes: 246a5a3377c2 ("xen: Use a typesafe to define INVALID_MFN") +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/mm/shadow/common.c ++++ b/xen/arch/x86/mm/shadow/common.c +@@ -3249,10 +3249,8 @@ int shadow_track_dirty_vram(struct domai + int dirty = 0; + paddr_t sl1ma = dirty_vram->sl1ma[i]; + +- if ( !mfn_eq(mfn, INVALID_MFN) ) +- { ++ if ( mfn_eq(mfn, INVALID_MFN) ) + dirty = 1; +- } + else + { + page = mfn_to_page(mfn); diff --git a/5f046c64-EPT-set_middle_entry-adjustments.patch b/5f046c64-EPT-set_middle_entry-adjustments.patch new file mode 100644 index 0000000..4c00c22 --- /dev/null +++ b/5f046c64-EPT-set_middle_entry-adjustments.patch @@ -0,0 +1,122 @@ +# Commit 1104288186ee73a7f9bfa41cbaa5bb7611521028 +# Date 2020-07-07 14:36:52 +0200 +# Author Jan Beulich <jbeulich@suse.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86/EPT: ept_set_middle_entry() related adjustments + +ept_split_super_page() wants to further modify the newly allocated +table, so have ept_set_middle_entry() return the mapped pointer rather +than tearing it down and then getting re-established right again. + +Similarly ept_next_level() wants to hand back a mapped pointer of +the next level page, so re-use the one established by +ept_set_middle_entry() in case that path was taken. + +Pull the setting of suppress_ve ahead of insertion into the higher level +table, and don't have ept_split_super_page() set the field a 2nd time. + +This is part of XSA-328. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> + +--- a/xen/arch/x86/mm/p2m-ept.c ++++ b/xen/arch/x86/mm/p2m-ept.c +@@ -187,8 +187,9 @@ static void ept_p2m_type_to_flags(struct + #define GUEST_TABLE_SUPER_PAGE 2 + #define GUEST_TABLE_POD_PAGE 3 + +-/* Fill in middle levels of ept table */ +-static int ept_set_middle_entry(struct p2m_domain *p2m, ept_entry_t *ept_entry) ++/* Fill in middle level of ept table; return pointer to mapped new table. */ ++static ept_entry_t *ept_set_middle_entry(struct p2m_domain *p2m, ++ ept_entry_t *ept_entry) + { + mfn_t mfn; + ept_entry_t *table; +@@ -196,7 +197,12 @@ static int ept_set_middle_entry(struct p + + mfn = p2m_alloc_ptp(p2m, 0); + if ( mfn_eq(mfn, INVALID_MFN) ) +- return 0; ++ return NULL; ++ ++ table = map_domain_page(mfn); ++ ++ for ( i = 0; i < EPT_PAGETABLE_ENTRIES; i++ ) ++ table[i].suppress_ve = 1; + + ept_entry->epte = 0; + ept_entry->mfn = mfn_x(mfn); +@@ -208,14 +214,7 @@ static int ept_set_middle_entry(struct p + + ept_entry->suppress_ve = 1; + +- table = map_domain_page(mfn); +- +- for ( i = 0; i < EPT_PAGETABLE_ENTRIES; i++ ) +- table[i].suppress_ve = 1; +- +- unmap_domain_page(table); +- +- return 1; ++ return table; + } + + /* free ept sub tree behind an entry */ +@@ -253,10 +252,10 @@ static bool_t ept_split_super_page(struc + + ASSERT(is_epte_superpage(ept_entry)); + +- if ( !ept_set_middle_entry(p2m, &new_ept) ) ++ table = ept_set_middle_entry(p2m, &new_ept); ++ if ( !table ) + return 0; + +- table = map_domain_page(_mfn(new_ept.mfn)); + trunk = 1UL << ((level - 1) * EPT_TABLE_ORDER); + + for ( i = 0; i < EPT_PAGETABLE_ENTRIES; i++ ) +@@ -267,7 +266,6 @@ static bool_t ept_split_super_page(struc + epte->sp = (level > 1); + epte->mfn += i * trunk; + epte->snp = is_iommu_enabled(p2m->domain) && iommu_snoop; +- epte->suppress_ve = 1; + + ept_p2m_type_to_flags(p2m, epte, epte->sa_p2mt, epte->access); + +@@ -306,8 +304,7 @@ static int ept_next_level(struct p2m_dom + ept_entry_t **table, unsigned long *gfn_remainder, + int next_level) + { +- unsigned long mfn; +- ept_entry_t *ept_entry, e; ++ ept_entry_t *ept_entry, *next = NULL, e; + u32 shift, index; + + shift = next_level * EPT_TABLE_ORDER; +@@ -332,19 +329,17 @@ static int ept_next_level(struct p2m_dom + if ( read_only ) + return GUEST_TABLE_MAP_FAILED; + +- if ( !ept_set_middle_entry(p2m, ept_entry) ) ++ next = ept_set_middle_entry(p2m, ept_entry); ++ if ( !next ) + return GUEST_TABLE_MAP_FAILED; +- else +- e = atomic_read_ept_entry(ept_entry); /* Refresh */ ++ /* e is now stale and hence may not be used anymore below. */ + } +- + /* The only time sp would be set here is if we had hit a superpage */ +- if ( is_epte_superpage(&e) ) ++ else if ( is_epte_superpage(&e) ) + return GUEST_TABLE_SUPER_PAGE; + +- mfn = e.mfn; + unmap_domain_page(*table); +- *table = map_domain_page(_mfn(mfn)); ++ *table = next ?: map_domain_page(_mfn(e.mfn)); + *gfn_remainder &= (1UL << shift) - 1; + return GUEST_TABLE_NORMAL_PAGE; + } diff --git a/5f046c78-EPT-atomically-modify-ents-in-ept_next_level.patch b/5f046c78-EPT-atomically-modify-ents-in-ept_next_level.patch new file mode 100644 index 0000000..29c102f --- /dev/null +++ b/5f046c78-EPT-atomically-modify-ents-in-ept_next_level.patch @@ -0,0 +1,53 @@ +# Commit bc3d9f95d661372b059a5539ae6cb1e79435bb95 +# Date 2020-07-07 14:37:12 +0200 +# Author Roger Pau Monné <roger.pau@citrix.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86/ept: atomically modify entries in ept_next_level + +ept_next_level was passing a live PTE pointer to ept_set_middle_entry, +which was then modified without taking into account that the PTE could +be part of a live EPT table. This wasn't a security issue because the +pages returned by p2m_alloc_ptp are zeroed, so adding such an entry +before actually initializing it didn't allow a guest to access +physical memory addresses it wasn't supposed to access. + +This is part of XSA-328. + +Reported-by: Jan Beulich <jbeulich@suse.com> +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/mm/p2m-ept.c ++++ b/xen/arch/x86/mm/p2m-ept.c +@@ -307,6 +307,8 @@ static int ept_next_level(struct p2m_dom + ept_entry_t *ept_entry, *next = NULL, e; + u32 shift, index; + ++ ASSERT(next_level); ++ + shift = next_level * EPT_TABLE_ORDER; + + index = *gfn_remainder >> shift; +@@ -323,16 +325,20 @@ static int ept_next_level(struct p2m_dom + + if ( !is_epte_present(&e) ) + { ++ int rc; ++ + if ( e.sa_p2mt == p2m_populate_on_demand ) + return GUEST_TABLE_POD_PAGE; + + if ( read_only ) + return GUEST_TABLE_MAP_FAILED; + +- next = ept_set_middle_entry(p2m, ept_entry); ++ next = ept_set_middle_entry(p2m, &e); + if ( !next ) + return GUEST_TABLE_MAP_FAILED; +- /* e is now stale and hence may not be used anymore below. */ ++ ++ rc = atomic_write_ept_entry(p2m, ept_entry, e, next_level); ++ ASSERT(rc == 0); + } + /* The only time sp would be set here is if we had hit a superpage */ + else if ( is_epte_superpage(&e) ) diff --git a/5f046c9a-VT-d-improve-IOMMU-TLB-flush.patch b/5f046c9a-VT-d-improve-IOMMU-TLB-flush.patch new file mode 100644 index 0000000..e87f09c --- /dev/null +++ b/5f046c9a-VT-d-improve-IOMMU-TLB-flush.patch @@ -0,0 +1,35 @@ +# Commit 5fe515a0fede07543f2a3b049167b1fd8b873caf +# Date 2020-07-07 14:37:46 +0200 +# Author Jan Beulich <jbeulich@suse.com> +# Committer Jan Beulich <jbeulich@suse.com> +vtd: improve IOMMU TLB flush + +Do not limit PSI flushes to order 0 pages, in order to avoid doing a +full TLB flush if the passed in page has an order greater than 0 and +is aligned. Should increase the performance of IOMMU TLB flushes when +dealing with page orders greater than 0. + +This is part of XSA-321. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> + +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -570,13 +570,14 @@ static int __must_check iommu_flush_iotl + if ( iommu_domid == -1 ) + continue; + +- if ( page_count != 1 || dfn_eq(dfn, INVALID_DFN) ) ++ if ( !page_count || (page_count & (page_count - 1)) || ++ dfn_eq(dfn, INVALID_DFN) || !IS_ALIGNED(dfn_x(dfn), page_count) ) + rc = iommu_flush_iotlb_dsi(iommu, iommu_domid, + 0, flush_dev_iotlb); + else + rc = iommu_flush_iotlb_psi(iommu, iommu_domid, + dfn_to_daddr(dfn), +- PAGE_ORDER_4K, ++ get_order_from_pages(page_count), + !dma_old_pte_present, + flush_dev_iotlb); + diff --git a/5f046cb5-VT-d-prune-rename-cache-flush-funcs.patch b/5f046cb5-VT-d-prune-rename-cache-flush-funcs.patch new file mode 100644 index 0000000..9b2e539 --- /dev/null +++ b/5f046cb5-VT-d-prune-rename-cache-flush-funcs.patch @@ -0,0 +1,179 @@ +# Commit 62298825b9a44f45761acbd758138b5ba059ebd1 +# Date 2020-07-07 14:38:13 +0200 +# Author Roger Pau Monné <roger.pau@citrix.com> +# Committer Jan Beulich <jbeulich@suse.com> +vtd: prune (and rename) cache flush functions + +Rename __iommu_flush_cache to iommu_sync_cache and remove +iommu_flush_cache_page. Also remove the iommu_flush_cache_entry +wrapper and just use iommu_sync_cache instead. Note the _entry suffix +was meaningless as the wrapper was already taking a size parameter in +bytes. While there also constify the addr parameter. + +No functional change intended. + +This is part of XSA-321. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/drivers/passthrough/vtd/extern.h ++++ b/xen/drivers/passthrough/vtd/extern.h +@@ -43,8 +43,7 @@ void disable_qinval(struct vtd_iommu *io + int enable_intremap(struct vtd_iommu *iommu, int eim); + void disable_intremap(struct vtd_iommu *iommu); + +-void iommu_flush_cache_entry(void *addr, unsigned int size); +-void iommu_flush_cache_page(void *addr, unsigned long npages); ++void iommu_sync_cache(const void *addr, unsigned int size); + int iommu_alloc(struct acpi_drhd_unit *drhd); + void iommu_free(struct acpi_drhd_unit *drhd); + +--- a/xen/drivers/passthrough/vtd/intremap.c ++++ b/xen/drivers/passthrough/vtd/intremap.c +@@ -230,7 +230,7 @@ static void free_remap_entry(struct vtd_ + iremap_entries, iremap_entry); + + update_irte(iommu, iremap_entry, &new_ire, false); +- iommu_flush_cache_entry(iremap_entry, sizeof(*iremap_entry)); ++ iommu_sync_cache(iremap_entry, sizeof(*iremap_entry)); + iommu_flush_iec_index(iommu, 0, index); + + unmap_vtd_domain_page(iremap_entries); +@@ -406,7 +406,7 @@ static int ioapic_rte_to_remap_entry(str + } + + update_irte(iommu, iremap_entry, &new_ire, !init); +- iommu_flush_cache_entry(iremap_entry, sizeof(*iremap_entry)); ++ iommu_sync_cache(iremap_entry, sizeof(*iremap_entry)); + iommu_flush_iec_index(iommu, 0, index); + + unmap_vtd_domain_page(iremap_entries); +@@ -695,7 +695,7 @@ static int msi_msg_to_remap_entry( + update_irte(iommu, iremap_entry, &new_ire, msi_desc->irte_initialized); + msi_desc->irte_initialized = true; + +- iommu_flush_cache_entry(iremap_entry, sizeof(*iremap_entry)); ++ iommu_sync_cache(iremap_entry, sizeof(*iremap_entry)); + iommu_flush_iec_index(iommu, 0, index); + + unmap_vtd_domain_page(iremap_entries); +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -140,7 +140,8 @@ static int context_get_domain_id(struct + } + + static int iommus_incoherent; +-static void __iommu_flush_cache(void *addr, unsigned int size) ++ ++void iommu_sync_cache(const void *addr, unsigned int size) + { + int i; + static unsigned int clflush_size = 0; +@@ -155,16 +156,6 @@ static void __iommu_flush_cache(void *ad + cacheline_flush((char *)addr + i); + } + +-void iommu_flush_cache_entry(void *addr, unsigned int size) +-{ +- __iommu_flush_cache(addr, size); +-} +- +-void iommu_flush_cache_page(void *addr, unsigned long npages) +-{ +- __iommu_flush_cache(addr, PAGE_SIZE * npages); +-} +- + /* Allocate page table, return its machine address */ + uint64_t alloc_pgtable_maddr(unsigned long npages, nodeid_t node) + { +@@ -183,7 +174,7 @@ uint64_t alloc_pgtable_maddr(unsigned lo + vaddr = __map_domain_page(cur_pg); + memset(vaddr, 0, PAGE_SIZE); + +- iommu_flush_cache_page(vaddr, 1); ++ iommu_sync_cache(vaddr, PAGE_SIZE); + unmap_domain_page(vaddr); + cur_pg++; + } +@@ -216,7 +207,7 @@ static u64 bus_to_context_maddr(struct v + } + set_root_value(*root, maddr); + set_root_present(*root); +- iommu_flush_cache_entry(root, sizeof(struct root_entry)); ++ iommu_sync_cache(root, sizeof(struct root_entry)); + } + maddr = (u64) get_context_addr(*root); + unmap_vtd_domain_page(root_entries); +@@ -263,7 +254,7 @@ static u64 addr_to_dma_page_maddr(struct + */ + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); +- iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); ++ iommu_sync_cache(pte, sizeof(struct dma_pte)); + } + + if ( level == 2 ) +@@ -640,7 +631,7 @@ static int __must_check dma_pte_clear_on + *flush_flags |= IOMMU_FLUSHF_modified; + + spin_unlock(&hd->arch.mapping_lock); +- iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); ++ iommu_sync_cache(pte, sizeof(struct dma_pte)); + + unmap_vtd_domain_page(page); + +@@ -679,7 +670,7 @@ static void iommu_free_page_table(struct + iommu_free_pagetable(dma_pte_addr(*pte), next_level); + + dma_clear_pte(*pte); +- iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); ++ iommu_sync_cache(pte, sizeof(struct dma_pte)); + } + + unmap_vtd_domain_page(pt_vaddr); +@@ -1400,7 +1391,7 @@ int domain_context_mapping_one( + context_set_address_width(*context, agaw); + context_set_fault_enable(*context); + context_set_present(*context); +- iommu_flush_cache_entry(context, sizeof(struct context_entry)); ++ iommu_sync_cache(context, sizeof(struct context_entry)); + spin_unlock(&iommu->lock); + + /* Context entry was previously non-present (with domid 0). */ +@@ -1564,7 +1555,7 @@ int domain_context_unmap_one( + + context_clear_present(*context); + context_clear_entry(*context); +- iommu_flush_cache_entry(context, sizeof(struct context_entry)); ++ iommu_sync_cache(context, sizeof(struct context_entry)); + + iommu_domid= domain_iommu_domid(domain, iommu); + if ( iommu_domid == -1 ) +@@ -1791,7 +1782,7 @@ static int __must_check intel_iommu_map_ + + *pte = new; + +- iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); ++ iommu_sync_cache(pte, sizeof(struct dma_pte)); + spin_unlock(&hd->arch.mapping_lock); + unmap_vtd_domain_page(page); + +@@ -1866,7 +1857,7 @@ int iommu_pte_flush(struct domain *d, ui + int iommu_domid; + int rc = 0; + +- iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); ++ iommu_sync_cache(pte, sizeof(struct dma_pte)); + + for_each_drhd_unit ( drhd ) + { +@@ -2724,7 +2715,7 @@ static int __init intel_iommu_quarantine + dma_set_pte_addr(*pte, maddr); + dma_set_pte_readable(*pte); + } +- iommu_flush_cache_page(parent, 1); ++ iommu_sync_cache(parent, PAGE_SIZE); + + unmap_vtd_domain_page(parent); + parent = map_vtd_domain_page(maddr); diff --git a/5f046cca-x86-IOMMU-introduce-cache-sync-hook.patch b/5f046cca-x86-IOMMU-introduce-cache-sync-hook.patch new file mode 100644 index 0000000..f2ad08f --- /dev/null +++ b/5f046cca-x86-IOMMU-introduce-cache-sync-hook.patch @@ -0,0 +1,86 @@ +# Commit 91526b460e5009fc56edbd6809e66c327281faba +# Date 2020-07-07 14:38:34 +0200 +# Author Roger Pau Monné <roger.pau@citrix.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86/iommu: introduce a cache sync hook + +The hook is only implemented for VT-d and it uses the already existing +iommu_sync_cache function present in VT-d code. The new hook is +added so that the cache can be flushed by code outside of VT-d when +using shared page tables. + +Note that alloc_pgtable_maddr must use the now locally defined +sync_cache function, because IOMMU ops are not yet setup the first +time the function gets called during IOMMU initialization. + +No functional change intended. + +This is part of XSA-321. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/drivers/passthrough/vtd/extern.h ++++ b/xen/drivers/passthrough/vtd/extern.h +@@ -43,7 +43,6 @@ void disable_qinval(struct vtd_iommu *io + int enable_intremap(struct vtd_iommu *iommu, int eim); + void disable_intremap(struct vtd_iommu *iommu); + +-void iommu_sync_cache(const void *addr, unsigned int size); + int iommu_alloc(struct acpi_drhd_unit *drhd); + void iommu_free(struct acpi_drhd_unit *drhd); + +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -141,7 +141,7 @@ static int context_get_domain_id(struct + + static int iommus_incoherent; + +-void iommu_sync_cache(const void *addr, unsigned int size) ++static void sync_cache(const void *addr, unsigned int size) + { + int i; + static unsigned int clflush_size = 0; +@@ -174,7 +174,7 @@ uint64_t alloc_pgtable_maddr(unsigned lo + vaddr = __map_domain_page(cur_pg); + memset(vaddr, 0, PAGE_SIZE); + +- iommu_sync_cache(vaddr, PAGE_SIZE); ++ sync_cache(vaddr, PAGE_SIZE); + unmap_domain_page(vaddr); + cur_pg++; + } +@@ -2763,6 +2763,7 @@ const struct iommu_ops __initconstrel in + .iotlb_flush_all = iommu_flush_iotlb_all, + .get_reserved_device_memory = intel_iommu_get_reserved_device_memory, + .dump_p2m_table = vtd_dump_p2m_table, ++ .sync_cache = sync_cache, + }; + + const struct iommu_init_ops __initconstrel intel_iommu_init_ops = { +--- a/xen/include/asm-x86/iommu.h ++++ b/xen/include/asm-x86/iommu.h +@@ -121,6 +121,13 @@ extern bool untrusted_msi; + int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, + const uint8_t gvec); + ++#define iommu_sync_cache(addr, size) ({ \ ++ const struct iommu_ops *ops = iommu_get_ops(); \ ++ \ ++ if ( ops->sync_cache ) \ ++ iommu_vcall(ops, sync_cache, addr, size); \ ++}) ++ + #endif /* !__ARCH_X86_IOMMU_H__ */ + /* + * Local variables: +--- a/xen/include/xen/iommu.h ++++ b/xen/include/xen/iommu.h +@@ -250,6 +250,7 @@ struct iommu_ops { + int (*setup_hpet_msi)(struct msi_desc *); + + int (*adjust_irq_affinities)(void); ++ void (*sync_cache)(const void *addr, unsigned int size); + #endif /* CONFIG_X86 */ + + int __must_check (*suspend)(void); diff --git a/5f046ce9-VT-d-sync_cache-misaligned-addresses.patch b/5f046ce9-VT-d-sync_cache-misaligned-addresses.patch new file mode 100644 index 0000000..9f710c6 --- /dev/null +++ b/5f046ce9-VT-d-sync_cache-misaligned-addresses.patch @@ -0,0 +1,41 @@ +# Commit b6d9398144f21718d25daaf8d72669a75592abc5 +# Date 2020-07-07 14:39:05 +0200 +# Author Roger Pau Monné <roger.pau@citrix.com> +# Committer Jan Beulich <jbeulich@suse.com> +vtd: don't assume addresses are aligned in sync_cache + +Current code in sync_cache assume that the address passed in is +aligned to a cache line size. Fix the code to support passing in +arbitrary addresses not necessarily aligned to a cache line size. + +This is part of XSA-321. + +Reported-by: Jan Beulich <jbeulich@suse.com> +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -143,8 +143,8 @@ static int iommus_incoherent; + + static void sync_cache(const void *addr, unsigned int size) + { +- int i; +- static unsigned int clflush_size = 0; ++ static unsigned long clflush_size = 0; ++ const void *end = addr + size; + + if ( !iommus_incoherent ) + return; +@@ -152,8 +152,9 @@ static void sync_cache(const void *addr, + if ( clflush_size == 0 ) + clflush_size = get_cache_line_size(); + +- for ( i = 0; i < size; i += clflush_size ) +- cacheline_flush((char *)addr + i); ++ addr -= (unsigned long)addr & (clflush_size - 1); ++ for ( ; addr < end; addr += clflush_size ) ++ cacheline_flush((char *)addr); + } + + /* Allocate page table, return its machine address */ diff --git a/5f046cfd-x86-introduce-alternative_2.patch b/5f046cfd-x86-introduce-alternative_2.patch new file mode 100644 index 0000000..4519f70 --- /dev/null +++ b/5f046cfd-x86-introduce-alternative_2.patch @@ -0,0 +1,28 @@ +# Commit 23570bce00ee6ba2139ece978ab6f03ff166e21d +# Date 2020-07-07 14:39:25 +0200 +# Author Roger Pau Monné <roger.pau@citrix.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86/alternative: introduce alternative_2 + +It's based on alternative_io_2 without inputs or outputs but with an +added memory clobber. + +This is part of XSA-321. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Acked-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/include/asm-x86/alternative.h ++++ b/xen/include/asm-x86/alternative.h +@@ -114,6 +114,11 @@ extern void alternative_branches(void); + #define alternative(oldinstr, newinstr, feature) \ + asm volatile (ALTERNATIVE(oldinstr, newinstr, feature) : : : "memory") + ++#define alternative_2(oldinstr, newinstr1, feature1, newinstr2, feature2) \ ++ asm volatile (ALTERNATIVE_2(oldinstr, newinstr1, feature1, \ ++ newinstr2, feature2) \ ++ : : : "memory") ++ + /* + * Alternative inline assembly with input. + * diff --git a/5f046d1a-VT-d-optimize-CPU-cache-sync.patch b/5f046d1a-VT-d-optimize-CPU-cache-sync.patch new file mode 100644 index 0000000..3eb5378 --- /dev/null +++ b/5f046d1a-VT-d-optimize-CPU-cache-sync.patch @@ -0,0 +1,95 @@ +# Commit a64ea16522a73a13a0d66cfa4b66a9d3b95dd9d6 +# Date 2020-07-07 14:39:54 +0200 +# Author Roger Pau Monné <roger.pau@citrix.com> +# Committer Jan Beulich <jbeulich@suse.com> +vtd: optimize CPU cache sync + +Some VT-d IOMMUs are non-coherent, which requires a cache write back +in order for the changes made by the CPU to be visible to the IOMMU. +This cache write back was unconditionally done using clflush, but there are +other more efficient instructions to do so, hence implement support +for them using the alternative framework. + +This is part of XSA-321. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/drivers/passthrough/vtd/extern.h ++++ b/xen/drivers/passthrough/vtd/extern.h +@@ -68,7 +68,6 @@ int __must_check qinval_device_iotlb_syn + u16 did, u16 size, u64 addr); + + unsigned int get_cache_line_size(void); +-void cacheline_flush(char *); + void flush_all_cache(void); + + uint64_t alloc_pgtable_maddr(unsigned long npages, nodeid_t node); +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -31,6 +31,7 @@ + #include <xen/pci_regs.h> + #include <xen/keyhandler.h> + #include <asm/msi.h> ++#include <asm/nops.h> + #include <asm/irq.h> + #include <asm/hvm/vmx/vmx.h> + #include <asm/p2m.h> +@@ -154,7 +155,42 @@ static void sync_cache(const void *addr, + + addr -= (unsigned long)addr & (clflush_size - 1); + for ( ; addr < end; addr += clflush_size ) +- cacheline_flush((char *)addr); ++/* ++ * The arguments to a macro must not include preprocessor directives. Doing so ++ * results in undefined behavior, so we have to create some defines here in ++ * order to avoid it. ++ */ ++#if defined(HAVE_AS_CLWB) ++# define CLWB_ENCODING "clwb %[p]" ++#elif defined(HAVE_AS_XSAVEOPT) ++# define CLWB_ENCODING "data16 xsaveopt %[p]" /* clwb */ ++#else ++# define CLWB_ENCODING ".byte 0x66, 0x0f, 0xae, 0x30" /* clwb (%%rax) */ ++#endif ++ ++#define BASE_INPUT(addr) [p] "m" (*(const char *)(addr)) ++#if defined(HAVE_AS_CLWB) || defined(HAVE_AS_XSAVEOPT) ++# define INPUT BASE_INPUT ++#else ++# define INPUT(addr) "a" (addr), BASE_INPUT(addr) ++#endif ++ /* ++ * Note regarding the use of NOP_DS_PREFIX: it's faster to do a clflush ++ * + prefix than a clflush + nop, and hence the prefix is added instead ++ * of letting the alternative framework fill the gap by appending nops. ++ */ ++ alternative_io_2(".byte " __stringify(NOP_DS_PREFIX) "; clflush %[p]", ++ "data16 clflush %[p]", /* clflushopt */ ++ X86_FEATURE_CLFLUSHOPT, ++ CLWB_ENCODING, ++ X86_FEATURE_CLWB, /* no outputs */, ++ INPUT(addr)); ++#undef INPUT ++#undef BASE_INPUT ++#undef CLWB_ENCODING ++ ++ alternative_2("", "sfence", X86_FEATURE_CLFLUSHOPT, ++ "sfence", X86_FEATURE_CLWB); + } + + /* Allocate page table, return its machine address */ +--- a/xen/drivers/passthrough/vtd/x86/vtd.c ++++ b/xen/drivers/passthrough/vtd/x86/vtd.c +@@ -51,11 +51,6 @@ unsigned int get_cache_line_size(void) + return ((cpuid_ebx(1) >> 8) & 0xff) * 8; + } + +-void cacheline_flush(char * addr) +-{ +- clflush(addr); +-} +- + void flush_all_cache() + { + wbinvd(); diff --git a/5f046d2b-EPT-flush-cache-when-modifying-PTEs.patch b/5f046d2b-EPT-flush-cache-when-modifying-PTEs.patch new file mode 100644 index 0000000..9726fba --- /dev/null +++ b/5f046d2b-EPT-flush-cache-when-modifying-PTEs.patch @@ -0,0 +1,157 @@ +# Commit c23274fd0412381bd75068ebc9f8f8c90a4be748 +# Date 2020-07-07 14:40:11 +0200 +# Author Roger Pau Monné <roger.pau@citrix.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86/ept: flush cache when modifying PTEs and sharing page tables + +Modifications made to the page tables by EPT code need to be written +to memory when the page tables are shared with the IOMMU, as Intel +IOMMUs can be non-coherent and thus require changes to be written to +memory in order to be visible to the IOMMU. + +In order to achieve this make sure data is written back to memory +after writing an EPT entry when the recalc bit is not set in +atomic_write_ept_entry. If such bit is set, the entry will be +adjusted and atomic_write_ept_entry will be called a second time +without the recalc bit set. Note that when splitting a super page the +new tables resulting of the split should also be written back. + +Failure to do so can allow devices behind the IOMMU access to the +stale super page, or cause coherency issues as changes made by the +processor to the page tables are not visible to the IOMMU. + +This allows to remove the VT-d specific iommu_pte_flush helper, since +the cache write back is now performed by atomic_write_ept_entry, and +hence iommu_iotlb_flush can be used to flush the IOMMU TLB. The newly +used method (iommu_iotlb_flush) can result in less flushes, since it +might sometimes be called rightly with 0 flags, in which case it +becomes a no-op. + +This is part of XSA-321. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/mm/p2m-ept.c ++++ b/xen/arch/x86/mm/p2m-ept.c +@@ -58,6 +58,19 @@ static int atomic_write_ept_entry(struct + + write_atomic(&entryptr->epte, new.epte); + ++ /* ++ * The recalc field on the EPT is used to signal either that a ++ * recalculation of the EMT field is required (which doesn't effect the ++ * IOMMU), or a type change. Type changes can only be between ram_rw, ++ * logdirty and ioreq_server: changes to/from logdirty won't work well with ++ * an IOMMU anyway, as IOMMU #PFs are not synchronous and will lead to ++ * aborts, and changes to/from ioreq_server are already fully flushed ++ * before returning to guest context (see ++ * XEN_DMOP_map_mem_type_to_ioreq_server). ++ */ ++ if ( !new.recalc && iommu_use_hap_pt(p2m->domain) ) ++ iommu_sync_cache(entryptr, sizeof(*entryptr)); ++ + return 0; + } + +@@ -278,6 +291,9 @@ static bool_t ept_split_super_page(struc + break; + } + ++ if ( iommu_use_hap_pt(p2m->domain) ) ++ iommu_sync_cache(table, EPT_PAGETABLE_ENTRIES * sizeof(ept_entry_t)); ++ + unmap_domain_page(table); + + /* Even failed we should install the newly allocated ept page. */ +@@ -337,6 +353,9 @@ static int ept_next_level(struct p2m_dom + if ( !next ) + return GUEST_TABLE_MAP_FAILED; + ++ if ( iommu_use_hap_pt(p2m->domain) ) ++ iommu_sync_cache(next, EPT_PAGETABLE_ENTRIES * sizeof(ept_entry_t)); ++ + rc = atomic_write_ept_entry(p2m, ept_entry, e, next_level); + ASSERT(rc == 0); + } +@@ -821,7 +840,10 @@ out: + need_modify_vtd_table ) + { + if ( iommu_use_hap_pt(d) ) +- rc = iommu_pte_flush(d, gfn, &ept_entry->epte, order, vtd_pte_present); ++ rc = iommu_iotlb_flush(d, _dfn(gfn), (1u << order), ++ (iommu_flags ? IOMMU_FLUSHF_added : 0) | ++ (vtd_pte_present ? IOMMU_FLUSHF_modified ++ : 0)); + else if ( need_iommu_pt_sync(d) ) + rc = iommu_flags ? + iommu_legacy_map(d, _dfn(gfn), mfn, order, iommu_flags) : +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -1884,53 +1884,6 @@ static int intel_iommu_lookup_page(struc + return 0; + } + +-int iommu_pte_flush(struct domain *d, uint64_t dfn, uint64_t *pte, +- int order, int present) +-{ +- struct acpi_drhd_unit *drhd; +- struct vtd_iommu *iommu = NULL; +- struct domain_iommu *hd = dom_iommu(d); +- bool_t flush_dev_iotlb; +- int iommu_domid; +- int rc = 0; +- +- iommu_sync_cache(pte, sizeof(struct dma_pte)); +- +- for_each_drhd_unit ( drhd ) +- { +- iommu = drhd->iommu; +- if ( !test_bit(iommu->index, &hd->arch.iommu_bitmap) ) +- continue; +- +- flush_dev_iotlb = !!find_ats_dev_drhd(iommu); +- iommu_domid= domain_iommu_domid(d, iommu); +- if ( iommu_domid == -1 ) +- continue; +- +- rc = iommu_flush_iotlb_psi(iommu, iommu_domid, +- __dfn_to_daddr(dfn), +- order, !present, flush_dev_iotlb); +- if ( rc > 0 ) +- { +- iommu_flush_write_buffer(iommu); +- rc = 0; +- } +- } +- +- if ( unlikely(rc) ) +- { +- if ( !d->is_shutting_down && printk_ratelimit() ) +- printk(XENLOG_ERR VTDPREFIX +- " d%d: IOMMU pages flush failed: %d\n", +- d->domain_id, rc); +- +- if ( !is_hardware_domain(d) ) +- domain_crash(d); +- } +- +- return rc; +-} +- + static int __init vtd_ept_page_compatible(struct vtd_iommu *iommu) + { + u64 ept_cap, vtd_cap = iommu->cap; +--- a/xen/include/asm-x86/iommu.h ++++ b/xen/include/asm-x86/iommu.h +@@ -97,10 +97,6 @@ static inline int iommu_adjust_irq_affin + : 0; + } + +-/* While VT-d specific, this must get declared in a generic header. */ +-int __must_check iommu_pte_flush(struct domain *d, u64 gfn, u64 *pte, +- int order, int present); +- + static inline bool iommu_supports_x2apic(void) + { + return iommu_init_ops && iommu_init_ops->supports_x2apic diff --git a/5f046d5c-check-VCPUOP_register_vcpu_info-alignment.patch b/5f046d5c-check-VCPUOP_register_vcpu_info-alignment.patch new file mode 100644 index 0000000..353b5cd --- /dev/null +++ b/5f046d5c-check-VCPUOP_register_vcpu_info-alignment.patch @@ -0,0 +1,55 @@ +# Commit 3fdc211b01b29f252166937238efe02d15cb5780 +# Date 2020-07-07 14:41:00 +0200 +# Author Julien Grall <jgrall@amazon.com> +# Committer Jan Beulich <jbeulich@suse.com> +xen: Check the alignment of the offset pased via VCPUOP_register_vcpu_info + +Currently a guest is able to register any guest physical address to use +for the vcpu_info structure as long as the structure can fits in the +rest of the frame. + +This means a guest can provide an address that is not aligned to the +natural alignment of the structure. + +On Arm 32-bit, unaligned access are completely forbidden by the +hypervisor. This will result to a data abort which is fatal. + +On Arm 64-bit, unaligned access are only forbidden when used for atomic +access. As the structure contains fields (such as evtchn_pending_self) +that are updated using atomic operations, any unaligned access will be +fatal as well. + +While the misalignment is only fatal on Arm, a generic check is added +as an x86 guest shouldn't sensibly pass an unaligned address (this +would result to a split lock). + +This is XSA-327. + +Reported-by: Julien Grall <jgrall@amazon.com> +Signed-off-by: Julien Grall <jgrall@amazon.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> + +--- a/xen/common/domain.c ++++ b/xen/common/domain.c +@@ -1300,10 +1300,20 @@ int map_vcpu_info(struct vcpu *v, unsign + void *mapping; + vcpu_info_t *new_info; + struct page_info *page; ++ unsigned int align; + + if ( offset > (PAGE_SIZE - sizeof(vcpu_info_t)) ) + return -EINVAL; + ++#ifdef CONFIG_COMPAT ++ if ( has_32bit_shinfo(d) ) ++ align = alignof(new_info->compat); ++ else ++#endif ++ align = alignof(*new_info); ++ if ( offset & (align - 1) ) ++ return -EINVAL; ++ + if ( !mfn_eq(v->vcpu_info_mfn, INVALID_MFN) ) + return -EINVAL; + diff --git a/5f1a9916-x86-S3-put-data-sregs-into-known-state.patch b/5f1a9916-x86-S3-put-data-sregs-into-known-state.patch new file mode 100644 index 0000000..c6a0e78 --- /dev/null +++ b/5f1a9916-x86-S3-put-data-sregs-into-known-state.patch @@ -0,0 +1,35 @@ +# Commit 55f8c389d4348cc517946fdcb10794112458e81e +# Date 2020-07-24 10:17:26 +0200 +# Author Jan Beulich <jbeulich@suse.com> +# Committer Jan Beulich <jbeulich@suse.com> +x86/S3: put data segment registers into known state upon resume + +wakeup_32 sets %ds and %es to BOOT_DS, while leaving %fs at what +wakeup_start did set it to, and %gs at whatever BIOS did load into it. +All of this may end up confusing the first load_segments() to run on +the BSP after resume, in particular allowing a non-nul selector value +to be left in %fs. + +Alongside %ss, also put all other data segment registers into the same +state that the boot and CPU bringup paths put them in. + +Reported-by: M. Vefa Bicakci <m.v.b@runbox.com> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/acpi/wakeup_prot.S ++++ b/xen/arch/x86/acpi/wakeup_prot.S +@@ -66,6 +66,12 @@ ENTRY(__ret_point) + mov REF(saved_ss), %ss + LOAD_GREG(sp) + ++ mov $__HYPERVISOR_DS64, %eax ++ mov %eax, %ds ++ mov %eax, %es ++ mov %eax, %fs ++ mov %eax, %gs ++ + /* Reload code selector */ + pushq $__HYPERVISOR_CS + leaq 1f(%rip),%rax diff --git a/5f21b9fd-x86-cpuid-APIC-bit-clearing.patch b/5f21b9fd-x86-cpuid-APIC-bit-clearing.patch new file mode 100644 index 0000000..ae96985 --- /dev/null +++ b/5f21b9fd-x86-cpuid-APIC-bit-clearing.patch @@ -0,0 +1,25 @@ +# Commit 64219fa179c3e48adad12bfce3f6b3f1596cccbf +# Date 2020-07-29 19:03:41 +0100 +# Author Fam Zheng <famzheng@amazon.com> +# Committer Andrew Cooper <andrew.cooper3@citrix.com> +x86/cpuid: Fix APIC bit clearing + +The bug is obvious here, other places in this function used +"cpufeat_mask" correctly. + +Fixed: b648feff8ea2 ("xen/x86: Improvements to in-hypervisor cpuid sanity checks") +Signed-off-by: Fam Zheng <famzheng@amazon.com> +Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/cpuid.c ++++ b/xen/arch/x86/cpuid.c +@@ -961,7 +961,7 @@ void guest_cpuid(const struct vcpu *v, u + { + /* Fast-forward MSR_APIC_BASE.EN. */ + if ( vlapic_hw_disabled(vcpu_vlapic(v)) ) +- res->d &= ~cpufeat_bit(X86_FEATURE_APIC); ++ res->d &= ~cpufeat_mask(X86_FEATURE_APIC); + + /* + * PSE36 is not supported in shadow mode. This bit should be diff --git a/5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch b/5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch new file mode 100644 index 0000000..e8b9180 --- /dev/null +++ b/5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch @@ -0,0 +1,113 @@ +# Commit e32605b07ef2e01c9d05da9b2d5d7b8f9a5c7c1b +# Date 2020-08-27 12:48:46 +0100 +# Author Andrew Cooper <andrew.cooper3@citrix.com> +# Committer Andrew Cooper <andrew.cooper3@citrix.com> +x86: Begin to introduce support for MSR_ARCH_CAPS + +... including serialisation/deserialisation logic and unit tests. + +There is no current way to configure this MSR correctly for guests. +The toolstack side this logic needs building, which is far easier to +do with it in place. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/tools/tests/cpu-policy/test-cpu-policy.c ++++ b/tools/tests/cpu-policy/test-cpu-policy.c +@@ -328,6 +328,11 @@ static void test_msr_deserialise_failure + .msr = { .idx = 0xce, .val = ~0ull }, + .rc = -EOVERFLOW, + }, ++ { ++ .name = "truncated val", ++ .msr = { .idx = 0x10a, .val = ~0ull }, ++ .rc = -EOVERFLOW, ++ }, + }; + + printf("Testing MSR deserialise failure:\n"); +--- a/xen/arch/x86/msr.c ++++ b/xen/arch/x86/msr.c +@@ -183,8 +183,10 @@ int guest_rdmsr(struct vcpu *v, uint32_t + break; + + case MSR_ARCH_CAPABILITIES: +- /* Not implemented yet. */ +- goto gp_fault; ++ if ( !cp->feat.arch_caps ) ++ goto gp_fault; ++ *val = mp->arch_caps.raw; ++ break; + + case MSR_INTEL_MISC_FEATURES_ENABLES: + *val = msrs->misc_features_enables.raw; +--- a/xen/include/public/arch-x86/cpufeatureset.h ++++ b/xen/include/public/arch-x86/cpufeatureset.h +@@ -259,7 +259,7 @@ XEN_CPUFEATURE(CET_IBT, 9*32+20) / + XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by Intel) */ + XEN_CPUFEATURE(STIBP, 9*32+27) /*A STIBP */ + XEN_CPUFEATURE(L1D_FLUSH, 9*32+28) /*S MSR_FLUSH_CMD and L1D flush. */ +-XEN_CPUFEATURE(ARCH_CAPS, 9*32+29) /* IA32_ARCH_CAPABILITIES MSR */ ++XEN_CPUFEATURE(ARCH_CAPS, 9*32+29) /*! IA32_ARCH_CAPABILITIES MSR */ + XEN_CPUFEATURE(SSBD, 9*32+31) /*A MSR_SPEC_CTRL.SSBD available */ + + /* Intel-defined CPU features, CPUID level 0x00000007:1.eax, word 10 */ +--- a/xen/include/xen/lib/x86/msr.h ++++ b/xen/include/xen/lib/x86/msr.h +@@ -3,7 +3,7 @@ + #define XEN_LIB_X86_MSR_H + + /* Maximum number of MSRs written when serialising msr_policy. */ +-#define MSR_MAX_SERIALISED_ENTRIES 1 ++#define MSR_MAX_SERIALISED_ENTRIES 2 + + /* MSR policy object for shared per-domain MSRs */ + struct msr_policy +@@ -23,6 +23,28 @@ struct msr_policy + bool cpuid_faulting:1; + }; + } platform_info; ++ ++ /* ++ * 0x0000010a - MSR_ARCH_CAPABILITIES ++ * ++ * This is an Intel-only MSR, which provides miscellaneous enumeration, ++ * including those which indicate that microarchitectrual sidechannels are ++ * fixed in hardware. ++ */ ++ union { ++ uint32_t raw; ++ struct { ++ bool rdcl_no:1; ++ bool ibrs_all:1; ++ bool rsba:1; ++ bool skip_l1dfl:1; ++ bool ssb_no:1; ++ bool mds_no:1; ++ bool if_pschange_mc_no:1; ++ bool tsx_ctrl:1; ++ bool taa_no:1; ++ }; ++ } arch_caps; + }; + + #ifdef __XEN__ +--- a/xen/lib/x86/msr.c ++++ b/xen/lib/x86/msr.c +@@ -39,6 +39,7 @@ int x86_msr_copy_to_buffer(const struct + }) + + COPY_MSR(MSR_INTEL_PLATFORM_INFO, p->platform_info.raw); ++ COPY_MSR(MSR_ARCH_CAPABILITIES, p->arch_caps.raw); + + #undef COPY_MSR + +@@ -99,6 +100,7 @@ int x86_msr_copy_from_buffer(struct msr_ + }) + + case MSR_INTEL_PLATFORM_INFO: ASSIGN(platform_info.raw); break; ++ case MSR_ARCH_CAPABILITIES: ASSIGN(arch_caps.raw); break; + + #undef ASSIGN + diff --git a/5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch b/5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch new file mode 100644 index 0000000..dda046b --- /dev/null +++ b/5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch @@ -0,0 +1,60 @@ +# Commit e46474278a0e87e2b32ad5dd5fc20e8d2cb0688b +# Date 2020-08-31 13:43:26 +0100 +# Author Andrew Cooper <andrew.cooper3@citrix.com> +# Committer Andrew Cooper <andrew.cooper3@citrix.com> +x86/intel: Expose MSR_ARCH_CAPS to dom0 + +The overhead of (the lack of) MDS_NO alone has been measured at 30% on some +workloads. While we're not in a position yet to offer MSR_ARCH_CAPS generally +to guests, dom0 doesn't migrate, so we can pass a subset of hardware values +straight through. + +This will cause PVH dom0's not to use KPTI by default, and all dom0's not to +use VERW flushing by default, and to use eIBRS in preference to retpoline on +recent Intel CPUs. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/cpuid.c ++++ b/xen/arch/x86/cpuid.c +@@ -627,6 +627,14 @@ int init_domain_cpuid_policy(struct doma + + recalculate_cpuid_policy(d); + ++ /* ++ * Expose the "hardware speculation behaviour" bits of ARCH_CAPS to dom0, ++ * so dom0 can turn off workarounds as appropriate. Temporary, until the ++ * domain policy logic gains a better understanding of MSRs. ++ */ ++ if ( is_hardware_domain(d) && boot_cpu_has(X86_FEATURE_ARCH_CAPS) ) ++ p->feat.arch_caps = true; ++ + return 0; + } + +--- a/xen/arch/x86/msr.c ++++ b/xen/arch/x86/msr.c +@@ -96,6 +96,22 @@ int init_domain_msr_policy(struct domain + if ( !opt_dom0_cpuid_faulting && is_control_domain(d) && is_pv_domain(d) ) + mp->platform_info.cpuid_faulting = false; + ++ /* ++ * Expose the "hardware speculation behaviour" bits of ARCH_CAPS to dom0, ++ * so dom0 can turn off workarounds as appropriate. Temporary, until the ++ * domain policy logic gains a better understanding of MSRs. ++ */ ++ if ( is_hardware_domain(d) && boot_cpu_has(X86_FEATURE_ARCH_CAPS) ) ++ { ++ uint64_t val; ++ ++ rdmsrl(MSR_ARCH_CAPABILITIES, val); ++ ++ mp->arch_caps.raw = val & ++ (ARCH_CAPS_RDCL_NO | ARCH_CAPS_IBRS_ALL | ARCH_CAPS_RSBA | ++ ARCH_CAPS_SSB_NO | ARCH_CAPS_MDS_NO | ARCH_CAPS_TAA_NO); ++ } ++ + d->arch.msr = mp; + + return 0; diff --git a/5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch b/5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch new file mode 100644 index 0000000..025f917 --- /dev/null +++ b/5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch @@ -0,0 +1,92 @@ +# Commit afe018e041ec112d90a8b4e6ed607d22aa06f280 +# Date 2020-08-31 14:21:46 +0100 +# Author Andrew Cooper <andrew.cooper3@citrix.com> +# Committer Andrew Cooper <andrew.cooper3@citrix.com> +x86/pv: Fix multiple bugs with SEGBASE_GS_USER_SEL + +The logic takes the segment selector unmodified from guest context. This +allowed the guest to load DPL0 descriptors into %gs. Fix up the RPL for +non-NUL selectors to be 3. + +Xen's context switch logic skips saving the inactive %gs base, as it cannot be +modified by the guest behind Xen's back. This depends on Xen caching updates +to the inactive base, which is was missing from this path. + +The consequence is that, following SEGBASE_GS_USER_SEL, the next context +switch will restore the stale inactive %gs base, and corrupt vcpu state. + +Rework the hypercall to update the cached idea of gs_base_user, and fix the +behaviour in the case of the AMD NUL selector bug to always zero the segment +base. + +Reported-by: Andy Lutomirski <luto@kernel.org> +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/x86_64/mm.c ++++ b/xen/arch/x86/x86_64/mm.c +@@ -1056,17 +1056,54 @@ long do_set_segment_base(unsigned int wh + break; + + case SEGBASE_GS_USER_SEL: +- __asm__ __volatile__ ( +- " swapgs \n" +- "1: movl %k0,%%gs \n" +- " "safe_swapgs" \n" +- ".section .fixup,\"ax\" \n" +- "2: xorl %k0,%k0 \n" +- " jmp 1b \n" +- ".previous \n" +- _ASM_EXTABLE(1b, 2b) +- : "+r" (base) ); ++ { ++ unsigned int sel = (uint16_t)base; ++ ++ /* ++ * We wish to update the user %gs from the GDT/LDT. Currently, the ++ * guest kernel's GS_BASE is in context. ++ */ ++ asm volatile ( "swapgs" ); ++ ++ if ( sel > 3 ) ++ /* Fix up RPL for non-NUL selectors. */ ++ sel |= 3; ++ else if ( boot_cpu_data.x86_vendor & ++ (X86_VENDOR_AMD | X86_VENDOR_HYGON) ) ++ /* Work around NUL segment behaviour on AMD hardware. */ ++ asm volatile ( "mov %[sel], %%gs" ++ :: [sel] "r" (FLAT_USER_DS32) ); ++ ++ /* ++ * Load the chosen selector, with fault handling. ++ * ++ * Errors ought to fail the hypercall, but that was never built in ++ * originally, and Linux will BUG() if this call fails. ++ * ++ * NUL the selector in the case of an error. This too needs to deal ++ * with the AMD NUL segment behaviour, but it is already a slowpath in ++ * #GP context so perform the flat load unconditionally to avoid ++ * complicated logic. ++ * ++ * Anyone wanting to check for errors from this hypercall should ++ * re-read %gs and compare against the input. ++ */ ++ asm volatile ( "1: mov %[sel], %%gs\n\t" ++ ".section .fixup, \"ax\", @progbits\n\t" ++ "2: mov %k[flat], %%gs\n\t" ++ " xor %[sel], %[sel]\n\t" ++ " jmp 1b\n\t" ++ ".previous\n\t" ++ _ASM_EXTABLE(1b, 2b) ++ : [sel] "+r" (sel) ++ : [flat] "r" (FLAT_USER_DS32) ); ++ ++ /* Update the cache of the inactive base, as read from the GDT/LDT. */ ++ v->arch.pv.gs_base_user = rdgsbase(); ++ ++ asm volatile ( safe_swapgs ); + break; ++ } + + default: + ret = -EINVAL; diff --git a/5f560c42-x86-PV-64bit-segbase-consistency.patch b/5f560c42-x86-PV-64bit-segbase-consistency.patch new file mode 100644 index 0000000..c068fd3 --- /dev/null +++ b/5f560c42-x86-PV-64bit-segbase-consistency.patch @@ -0,0 +1,212 @@ +# Commit a5eaac9245f4f382a3cd0e9710e9d1cba7db20e4 +# Date 2020-09-07 11:32:34 +0100 +# Author Andrew Cooper <andrew.cooper3@citrix.com> +# Committer Andrew Cooper <andrew.cooper3@citrix.com> +x86/pv: Fix consistency of 64bit segment bases + +The comments in save_segments(), _toggle_guest_pt() and write_cr() are false. +The %fs and %gs bases can be updated at any time by the guest. + +As a consequence, Xen's fs_base/etc tracking state is always stale when the +vcpu is in context, and must not be used to complete MSR_{FS,GS}_BASE reads, etc. + +In particular, a sequence such as: + + wrmsr(MSR_FS_BASE, 0x1ull << 32); + write_fs(__USER_DS); + base = rdmsr(MSR_FS_BASE); + +will return the stale base, not the new base. This may cause guest a guest +kernel's context switching of userspace to malfunction. + +Therefore: + * Update save_segments(), _toggle_guest_pt() and read_msr() to always read + the segment bases from hardware. + * Update write_cr(), write_msr() and do_set_segment_base() to not not waste + time caching data which is instantly going to become stale again. + * Provide comments explaining when the tracking state is and isn't stale. + +This bug has been present for 14 years, but several bugfixes since have built +on and extended the original flawed logic. + +Fixes: ba9adb737ba ("Apply stricter checking to RDMSR/WRMSR emulations.") +Fixes: c42494acb2f ("x86: fix FS/GS base handling when using the fsgsbase feature") +Fixed: eccc170053e ("x86/pv: Don't have %cr4.fsgsbase active behind a guest kernels back") +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/domain.c ++++ b/xen/arch/x86/domain.c +@@ -1546,6 +1546,16 @@ static void load_segments(struct vcpu *n + } + } + ++/* ++ * Record all guest segment state. The guest can load segment selectors ++ * without trapping, which will also alter the 64bit FS/GS bases. Arbitrary ++ * changes to bases can also be made with the WR{FS,GS}BASE instructions, when ++ * enabled. ++ * ++ * Guests however cannot use SWAPGS, so there is no mechanism to modify the ++ * inactive GS base behind Xen's back. Therefore, Xen's copy of the inactive ++ * GS base is still accurate, and doesn't need reading back from hardware. ++ */ + static void save_segments(struct vcpu *v) + { + struct cpu_user_regs *regs = &v->arch.user_regs; +@@ -1556,14 +1566,15 @@ static void save_segments(struct vcpu *v + regs->fs = read_sreg(fs); + regs->gs = read_sreg(gs); + +- /* %fs/%gs bases can only be stale if WR{FS,GS}BASE are usable. */ +- if ( (read_cr4() & X86_CR4_FSGSBASE) && !is_pv_32bit_vcpu(v) ) ++ if ( !is_pv_32bit_vcpu(v) ) + { +- v->arch.pv.fs_base = __rdfsbase(); ++ unsigned long gs_base = rdgsbase(); ++ ++ v->arch.pv.fs_base = rdfsbase(); + if ( v->arch.flags & TF_kernel_mode ) +- v->arch.pv.gs_base_kernel = __rdgsbase(); ++ v->arch.pv.gs_base_kernel = gs_base; + else +- v->arch.pv.gs_base_user = __rdgsbase(); ++ v->arch.pv.gs_base_user = gs_base; + } + + if ( regs->ds ) +--- a/xen/arch/x86/pv/domain.c ++++ b/xen/arch/x86/pv/domain.c +@@ -408,16 +408,19 @@ static void _toggle_guest_pt(struct vcpu + + void toggle_guest_mode(struct vcpu *v) + { ++ unsigned long gs_base; ++ + ASSERT(!is_pv_32bit_vcpu(v)); + +- /* %fs/%gs bases can only be stale if WR{FS,GS}BASE are usable. */ +- if ( read_cr4() & X86_CR4_FSGSBASE ) +- { +- if ( v->arch.flags & TF_kernel_mode ) +- v->arch.pv.gs_base_kernel = __rdgsbase(); +- else +- v->arch.pv.gs_base_user = __rdgsbase(); +- } ++ /* ++ * Update the cached value of the GS base about to become inactive, as a ++ * subsequent context switch won't bother re-reading it. ++ */ ++ gs_base = rdgsbase(); ++ if ( v->arch.flags & TF_kernel_mode ) ++ v->arch.pv.gs_base_kernel = gs_base; ++ else ++ v->arch.pv.gs_base_user = gs_base; + asm volatile ( "swapgs" ); + + _toggle_guest_pt(v); +--- a/xen/arch/x86/pv/emul-priv-op.c ++++ b/xen/arch/x86/pv/emul-priv-op.c +@@ -779,17 +779,6 @@ static int write_cr(unsigned int reg, un + } + + case 4: /* Write CR4 */ +- /* +- * If this write will disable FSGSBASE, refresh Xen's idea of the +- * guest bases now that they can no longer change. +- */ +- if ( (curr->arch.pv.ctrlreg[4] & X86_CR4_FSGSBASE) && +- !(val & X86_CR4_FSGSBASE) ) +- { +- curr->arch.pv.fs_base = __rdfsbase(); +- curr->arch.pv.gs_base_kernel = __rdgsbase(); +- } +- + curr->arch.pv.ctrlreg[4] = pv_fixup_guest_cr4(curr, val); + write_cr4(pv_make_cr4(curr)); + ctxt_switch_levelling(curr); +@@ -838,15 +827,13 @@ static int read_msr(unsigned int reg, ui + case MSR_FS_BASE: + if ( is_pv_32bit_domain(currd) ) + break; +- *val = (read_cr4() & X86_CR4_FSGSBASE) ? __rdfsbase() +- : curr->arch.pv.fs_base; ++ *val = rdfsbase(); + return X86EMUL_OKAY; + + case MSR_GS_BASE: + if ( is_pv_32bit_domain(currd) ) + break; +- *val = (read_cr4() & X86_CR4_FSGSBASE) ? __rdgsbase() +- : curr->arch.pv.gs_base_kernel; ++ *val = rdgsbase(); + return X86EMUL_OKAY; + + case MSR_SHADOW_GS_BASE: +@@ -975,14 +962,12 @@ static int write_msr(unsigned int reg, u + if ( is_pv_32bit_domain(currd) || !is_canonical_address(val) ) + break; + wrfsbase(val); +- curr->arch.pv.fs_base = val; + return X86EMUL_OKAY; + + case MSR_GS_BASE: + if ( is_pv_32bit_domain(currd) || !is_canonical_address(val) ) + break; + wrgsbase(val); +- curr->arch.pv.gs_base_kernel = val; + return X86EMUL_OKAY; + + case MSR_SHADOW_GS_BASE: +--- a/xen/arch/x86/x86_64/mm.c ++++ b/xen/arch/x86/x86_64/mm.c +@@ -1027,10 +1027,7 @@ long do_set_segment_base(unsigned int wh + { + case SEGBASE_FS: + if ( is_canonical_address(base) ) +- { + wrfsbase(base); +- v->arch.pv.fs_base = base; +- } + else + ret = -EINVAL; + break; +@@ -1047,10 +1044,7 @@ long do_set_segment_base(unsigned int wh + + case SEGBASE_GS_KERNEL: + if ( is_canonical_address(base) ) +- { + wrgsbase(base); +- v->arch.pv.gs_base_kernel = base; +- } + else + ret = -EINVAL; + break; +--- a/xen/include/asm-x86/domain.h ++++ b/xen/include/asm-x86/domain.h +@@ -505,7 +505,24 @@ struct pv_vcpu + bool_t syscall32_disables_events; + bool_t sysenter_disables_events; + +- /* Segment base addresses. */ ++ /* ++ * 64bit segment bases. ++ * ++ * FS and the active GS are always stale when the vCPU is in context, as ++ * the guest can change them behind Xen's back with MOV SREG, or ++ * WR{FS,GS}BASE on capable hardware. ++ * ++ * The inactive GS base is never stale, as guests can't use SWAPGS to ++ * access it - all modification is performed by Xen either directly ++ * (hypercall, #GP emulation), or indirectly (toggle_guest_mode()). ++ * ++ * The vCPU context switch path is optimised based on this fact, so any ++ * path updating or swapping the inactive base must update the cached ++ * value as well. ++ * ++ * Which GS base is active and inactive depends on whether the vCPU is in ++ * user or kernel context. ++ */ + unsigned long fs_base; + unsigned long gs_base_kernel; + unsigned long gs_base_user; diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..3d39ccd --- /dev/null +++ b/README.SUSE @@ -0,0 +1,704 @@ +README for the Xen packages +=========================== + +This file contains SUSE-specific instructions and suggestions for using Xen. + +For more in-depth documentation of using Xen on SUSE, consult the +virtualization chapter in the SLES or SUSE Linux manual, or read up-to-date +virtualization information, at +https://www.suse.com/documentation/sles11/singlehtml/book_xen/book_xen.html + +For more complete documentation on Xen itself, please install the xen-doc-html +package and read the documentation installed into /usr/share/doc/packages/xen/. + + +About +----- +Xen allows you to run multiple virtual machines on a single physical machine. + +See the Xen homepage for more information: + http://www.xenproject.org/ + +If you want to use Xen, you need to install the Xen hypervisor and a number of +supporting packages. During the initial SUSE installation (or when installing +from YaST) check-mark the "Xen Virtual Machine Host Server" pattern. If, +instead, you wish to install Xen manually later, click on the "Install +Hypervisor and Tools" icon in YaST. + +If you want to install and manage VMs graphically, be sure to install a +graphical desktop environment like KDE or GNOME. The following optional +packages are needed to manage VMs graphically. Note that "Install Hypervisor +and Tools" installs all the packages below: + virt-install (Optional, to install VMs) + virt-manager (Optional, to manage VMs graphically) + virt-viewer (Optional, to view VMs outside virt-manager) + vm-install (Optional, to install VMs with xl only) + +You then need to reboot your machine. Instead of booting a normal Linux +kernel, you will boot the Xen hypervisor and a slightly changed Linux kernel. +This Linux kernel runs in the first virtual machine and will drive most of +your hardware. + +This approach is called paravirtualization, since it is a partial +virtualization (the Linux kernel needs to be changed slightly, to make the +virtualization easier). It results in very good performance (consult +http://www.cl.cam.ac.uk/research/srg/netos/xen/performance.html) but has the +downside of unchanged operating systems not being supported. However, new +hardware features (e.g., Intel VT and AMD-V) are overcoming this limitation. + + +Terminology +----------- +The Xen open-source community has a number of terms that you should be +familiar with. + +A "domain" is Xen's term for a virtual machine. + +"Domain 0" is the first virtual machine. It can control all other virtual +machines. It also (usually) controls the physical hardware. A kernel used in +domain 0 may sometimes be referred to as a dom0 kernel. + +"Domain U" is any virtual machine other than domain 0. The "U" indicates it +is unprivileged (that is, it cannot control other domains). A kernel used in +an unprivileged domain may be referred to as a domU kernel. + +SUSE documentation will use the more industry-standard term "virtual +machine", or "VM", rather than "domain" where possible. And to that end, +domain 0 will be called the "virtual machine server", since it essentially the +server on which the other VMs run. All other domains are simply "virtual +machines". + +The acronym "HVM" refers to a hardware-assisted virtual machine. These are +VMs that have not been modified (e.g., Windows) and therefore need hardware +support such as Intel VT or AMD-V to run on Xen. + + +Kernels +------- +Xen supports two kinds of kernels: A privileged kernel (which boots the +machine, controls other VMs, and usually controls all your physical hardware) +and unprivileged kernels (which can't control other VMs, and usually don't need +drivers for physical hardware). The privileged kernel boots first (as the VM +server); an unprivileged kernel is used in all subsequent VMs. + +The VM server takes control of the boot process after Xen has initialized the +CPU and the memory. This VM contains a privileged kernel and all the hardware +drivers. + +For the other virtual machines, you usually don't need the hardware drivers. +(It is possible to hide a PCI device from the VM server and re-assign it to +another VM for direct access, but that is a more advanced topic.) Instead you +use virtual network and block device drivers in the unprivileged VMs to access +the physical network and block drivers in the VM server. + +For simplicity, SUSE ships a single Xen-enabled Linux kernel, rather than +separate privileged and unprivileged kernels. As most of the hardware drivers +are modules anyway, using this kernel as an unprivileged kernel has very +little extra overhead. + +The kernel is contained in the kernel-xen package, which you need to install to +use Xen. + + +Booting +------- +If you installed Xen during the initial SUSE installation, or installed one +of the kernel-xen* packages later, a "XEN" option should exist in your Grub +bootloader. Select that to boot SUSE on top of Xen. + +If you want to add additional entries, or modify the existing ones, you may +run the YaST2 Boot Loader program. + +Once you have booted this configuration successfully, you are running Xen with +a privileged kernel on top of it. + + +Xen Boot Parameters +------------------- +Normally, xen.gz requires no parameters. However, in special cases (such as +debugging or a dedicated VM server) you may wish to pass it parameters. + +Adding parameters to xen.gz can be done by editing the /etc/default/grub file. +Add the following line to this file; GRUB_CMDLINE_XEN_DEFAULT="<parameters>". The +parameters may be valid options passed to xen.gz (the hypervisor). After +editing this file, you must first run 'grub2-mkconfig -o /boot/grub2/grub.cfg' +and then reboot for the changes to take effect. + +For more information on how to add options to the hypervisor, see the sections +below called; "Dom0 Memory Ballooning" and "Troubleshooting". + +For a more complete discussion of possible parameters, see the user +documentation in the xen-doc-html package. + + +Creating a VM with virt-install +------------------------------- +The virt-install program (part of the virt-install package, and accessible +through YaST's Control Center) is the recommended method to create VMs. This +program handles creating both the VM's libvirt XML definition and disk(s). +It can help install any operating system, not just SUSE. virt-install has both +a command line only mode and a graphical wizard mode that may be used to define +and start VM installations. + +virt-install may be launched from the virt-manager VM management tool. Start +virt-manager either from the YaST Control Center or from the command line. +The installation icon from the main virt-manager screen may be selected to +begin the virt-install installation wizard. + +The use of virt-install or virt-manager requires the installation of the +libvirt packages and the libvirt daemon must be running on the host unless +you are managing a remote host. + +Each VM needs to have its own root filesystem. The root filesystem can live +on a block device (e.g., a hard disk partition, or an LVM2 or EVMS volume) or +in a file that holds the filesystem image. + +VMs can share filesystems, such as /usr or /opt, that are mounted read-only +from _all_ VMs. Never try to share a filesystem that is mounted read-write; +filesystem corruption will result. For sharing writable data between VMs, use +NFS or other networked or cluster filesystems. + +When defining the virtual network adapter(s), we recommend using a static MAC +for the VM rather than allowing Xen to randomly select one each time the VM +boots. (See "Network Troubleshooting" below.) The Xen Project has been +allocated a range of MAC addresses with the OUI of 00-16-3E. By using MACs +from this range you can be sure they will not conflict with any physical +adapters. + +When the VM shuts down (because the installation -- or at least the first +stage of it -- is done), the wizard finalizes the VM's configuration and +restarts the VM. + +The creation of VMs can be automated; read the virt-install man page for more +details. The installation of an OS within the VM can be automated if the OS +supports it. + + +Creating a VM with vm-install +----------------------------- +The vm-install program is also provided to create VMs. Like virt-install, +this optional program handles creating both the VM's libvirt XML definition +and disk(s). It also creates a legacy configuration file for use with 'xl'. +It can help install any operating system, not just SUSE. + +From the command line, run "vm-install". If the DISPLAY environment variable +is set and the supporting packages (python-gtk) are installed, a graphical +wizard will start. Otherwise, a text wizard will start. If vm-install is +started with the '--use-xl' flag, it will not require libvirt nor attempt +to communicate with libvirt when creating a VM and instead will only use the +'xl' toolstack to start VM installations. + +Once you have the VM configured, click "OK". The wizard will now create a +configuration file for the VM, and create a disk image. The disk image will +exist in /var/lib/xen/images, and a corresponding configuration file will exist +in /etc/xen/vm. The operating system's installation program will then run +within the VM. + +When the VM shuts down (because the installation -- or at least the first +stage of it -- is done), the wizard finalizes the VM's configuration and +restarts the VM. + +The creation of VMs can be automated; read the vm-install man page for more +details. The installation of an OS within the VM can be automated if the OS +supports it. + + +Creating a VM Manually +---------------------- +If you create a VM manually (as opposed to using virt-install, which is the +recommended way), you will need to create a disk (or reuse an existing one) +and a configuration file. + +If you are using a disk or disk image that is already installed with an +operating system and you want the VM to run in paravirtual mode, you'll +probably need to replace its kernel with a Xen-enabled kernel. + +The kernel and ramdisk used to bootstrap the VM must match any kernel modules +that might be present in the VM's disk. It is possible to manually copy the +kernel and ramdisk from the VM's disk (for example, after updating the kernel +within that VM) to the VM server's filesystem. However, an easier (and less +error-prone) method is to use /usr/lib/grub2/x86_64-xen/grub.xen as the VM +kernel. When the new VM is started, it runs grub.xen to read the grub +configuration from the VM disk, selecting the configured kernel and ramdisk +so that it can be used to bootstrap the new VM. + +Next, make a copy of one of the /etc/xen/examples/* files, and modify it to +suit your needs. You'll need to change (at very least) the "name" and "disk" +parameters. See /etc/xen/examples/ for example configuration files. + + +Managing Virtual Machines +------------------------- +VMs can be managed from the command line using 'virsh' or from virt-manager. + +VMs created by virt-install or vm-install (without vm-install's --use-xl flag) +will automatically be defined in libvirt. VMs defined in libvirt may be managed +by virt-manager or from the command line using the 'virsh' command. However, +if you copy a VM from another machine and manually create a VM XML configuration +file, you will need to import it into libvirt with a command like: + virsh define <path to>/my-vm.xml +This imports the configuration into libvirt (and therefore virt-manager becomes +aware of it, also). + +Now to start the VM: + virsh start my-vm +or start it from virt-manager's graphical menu. + +Have a look at running VMs with "virsh list". Attach to the VM's text console +with "virsh console <vm-name>". Attaching to multiple VM consoles is most +conveniently done with the terminal multiplexer "screen". + +Have a look at the other virsh commands by typing "virsh help". Note that most +virsh commands must be done as root. + + +Changes in the Xen VM Management Toolstack +------------------------------------------ +With SUSE Linux Enterprise Server 12, the way VMs are managed has changed +when compared with older SLES versions. Users familiar with the 'xm' command +and the xend management daemon will notice that these are absent. The xm/xend +toolstack has been replaced with the xl toolstack. The xl toolstack is +intended to remain backwards compatible with existing xm domain configuration +files. Most 'xm' commands can simply be replaced with 'xl'. One significant +difference is that xl does not support the concept of Managed Domains. The xl +command can only modify running VMs. Once the VM is shutdown, there is no +preserved state information other than what is saved in the configuration +file used to start the VM. In order to provide Managed Domains, users are +encouraged to use libvirt and it's tools to create and modify VMs. These +tools include the command line tool 'virsh' and the graphical tools +virt-manager and virt-install. + +Warning: Using xl commands to modify libvirt managed domains will result in +errors when virsh or virt-manager is used. Please use only virsh or +virt-manager to manage libvirt managed domains. If you are not using libvirt +managed domains then using xl commands is the correct way to modify running +domains. + + +Using the Mouse via VNC in Fully Virtual Mode +--------------------------------------------- +In a fully virtualized VM, the mouse may be emulated as a PS/2 mouse, USB +mouse, or USB tablet. The virt-install tool selects the best emulation that is +known to be automatically detected and supported by the operating system. + +However, when accessing some fully virtualized operating systems via VNC, the +mouse may be difficult to control if the VM is emulating a PS/2 mouse. PS/2 +provides mouse deltas, but VNC only provides absolute coordinates. In such +cases, you may want to manually switch the operating system and VM to use a +USB tablet. + +Emulation of a SummaSketch graphics tablet is provided for this reason. To +use the Summa emulation, you will need to configure your fully virtualized OS. +Note that the virtual tablet is connected to the second virtual serial port +(/dev/ttyS1 or COM2). + +Most Linux distributions ship with appropriate drivers, and only need to be +configured. To configure gpm, edit /etc/sysconfig/mouse and add these lines: +MOUSETYPE="summa" +XMOUSETYPE="SUMMA" +DEVICE=/dev/ttyS1 +The format and location of your configuration file could vary depending upon +your Linux distribution. The goal is to run the gpm daemon as follows: + gpm -t summa -m /dev/ttyS1 +X also needs to be configured to use the Summa emulation. Add the following +stanza to /etc/X11/xorg.conf, or use your distribution's tools to add these +settings: +Section "InputDevice" + Identifier "Mouse0" + Driver "summa" + Option "Device" "/dev/ttyS1" + Option "InputFashion" "Tablet" + Option "Mode" "Absolute" + Option "Name" "EasyPen" + Option "Compatible" "True" + Option "Protocol" "Auto" + Option "SendCoreEvents" "on" + Option "Vendor" "GENIUS" +EndSection +After making these changes, restart gpm and X. + + +HVM Console in Fully Virtual Mode +--------------------------------- +When running a VM in fully virtual mode, a special console is available that +provides some additional ways to control the VM. Press Ctrl-Alt-2 to access +the console; press Ctrl-Alt-1 to return to the VM. While at the console, +type "help" for help. + +The two most important commands are "send-key" and "change". The "send-key" +command allows you to send any key sequence to the VM, which might otherwise +be intercepted by your local window manager. + +The "change" command allows the target of a block device to be changed; for +example, use it to change from one CD ISO to another. Some versions of Xen +have this command disabled for security reasons. Consult the online +documentation for workarounds. + + +Networking +---------- +Your virtual machines become much more useful if you can reach them via the +network. Starting with openSUSE11.1 and SLE11, networking in domain 0 is +configured and managed via YaST. The yast2-networking module can be used +to create and manage bridged networks. During initial installation, a bridged +networking proposal will be presented if the "Xen Virtual Machine Host Server" +pattern is selected. The proposal will also be presented if you install Xen +after initial installation using the "Install Hypervisor and Tools" module in +YaST. + +The default proposal creates a virtual bridge in domain 0 for each active +ethernet device, enslaving the device to the bridge. Consider a machine +containing two ethernet devices (eth0 and eth1), both with active carriers. +YaST will create br0 and br1, enslaving the eth0 and eth1 devices repectively. + +VMs get a virtual network interface (e.g. eth0), which is visible in domain 0 +as vifN.0 and connected to the bridge. This means that if you set up an IP +address in the VMs belonging to the same subnet as br0 from your domain 0, +you'll be able to communicate not only with the other slave VMs, but also with +domain 0 and with the external network. If you have a DHCP server running in +your network, your VMs should succeed in getting an IP address. + +Be aware that this may have unwanted security implications. You may want to +opt for routing instead of bridging, so you can set up firewalling rules in +domain 0. + +Please read about the network configuration in the Xen manual. You can set up +bridging or routing for other interfaces also. + +For debugging, here's what happens on bootup of a domU: +- xenstored saves the device setup in xenstore +- domU is created +- vifN.0 shows up in domain 0 and a hotplug event is triggered +- hotplug is /sbin/udev; udev looks at /etc/udev/rules.d/40-xen.rules and + calls /etc/xen/scripts/vif-bridge online +- vif-bridge set the vifN.0 device up and enslaves it to the bridge +- eth0 shows up in domU (hotplug event triggered) +Similar things happen for block devices, except that /etc/xen/scripts/block is +called. + +It's not recommended to use ifplugd nor NetworkManager for managing the +interfaces if you use bridging mode. Use routing with nat or proxy-arp +in that case. You also need to do that in case you want to send out packets +on wireless; you can't bridge Xen "ethernet" packets into 802.11 packets. + + +Network Troubleshooting +----------------------- +First ensure the VM server is configured correctly and can access the network. + +Do not use ifplugd or NetworkManager, neither are bridge aware. + +Specify a static virtual MAC in the VM's configuration file. Random MACs can +be problematic, since with each boot of the VM it appears that some hardware +has been removed (the previous random MAC) and new hardware is present (the +new random MAC). This can cause network configuration files (which were +intended for the old MAC) to not be matched up with the new virtual hardware. + +In the VM's filesystem, ensure the ifcfg-eth* files are named appropriately. +For example, if you do decide to use a randomly-selected MAC for the VM, the +ifcfg-eth* file must not include the MAC in its name; name it generically +("ifcfg-eth0") instead. If you use a static virtual MAC for the VM, be sure +that is reflected in the file's name. + + +Thread-Local Storage +-------------------- +For some time now, the glibc thread library (NPTL) has used a shortcut to +access thread-local variables at a negative segment offset from the segment +selector GS instead of reading the linear address from the TDB (offset 0). +Unfortunately, this optimization has been made the default by the glibc and +gcc maintainers, as it saves one indirection. For Xen this is bad: The access +to these variables will trap, and Xen will need to use some tricks to make the +access work. It does work, but it's very slow. + +SUSE Linux 9.1 and SLES 9 were prior to this change, and thus are not +affected. SUSE Linux 9.2 and 9.3 are affected. For SUSE Linux 10.x and SLES +10, we have disabled negative segment references in gcc and glibc, and so +these are not affected. Other non-SUSE Linux distributions may be affected. + +For affected distributions, one way to work around the problem is to rename +the /lib/tls directory, so the pre-i686 version gets used, where no such +tricks are done. An example LSB-compliant init script which automates these +steps is installed at /usr/share/doc/packages/xen/boot.xen. This script +renames /lib/tls when running on Xen, and restores it when not running on Xen. +Modify this script to work with your specific distribution. + +Mono has a similar problem, but this has been fixed in SUSE Linux 10.1 and +SLES 10. Older or non-SUSE versions of Mono may have a performance impact. + + +Security +-------- +Domain 0 has control over all domains. This means that care should be taken to +keep domain 0 safe; ideally you strip it down to only do as little there as +possible, preferably with no local users except for the system administrator. +Most commands in domain 0 can only be performed as root, but this protection +scheme only has moderate security and might be defeated. In case domain 0 is +compromised, all other domains are compromised as well. + +To allow relocation of VMs (migration), the receiving machine listens on TCP +port 8002. You might want to put firewall rules in place in domain 0 to +restrict this to machines which you trust. Relocating VMs with sensitive data +is not a good idea in untrusted networks, since the data is not sent encrypted. + +The memory protections for the domUs are effective; so far no way to break out +of a virtual machine is known. A VM is an effective jail. + + +Limitations +----------- +When booting, Linux reserves data structures matching the amount of RAM found. +This has the side-effect that you can't dynamically grow the memory beyond +what the kernel has been booted with. But you can trick domU Linux to prepare +for a larger amount of RAM by passing the mem= boot parameter. + +The export of virtual hard disks from files in Xen can be handled via the +loopback driver (although in Xen >= 3.0.4, this is can be replaced by the +"blktap" user-space driver.) If you are still using loopback, it may be +possible to run out of loopback devices, as by default only 64 are supported. +You can change this by inserting: +options loop max_loop=128 +into /etc/modprobe.conf.local in domain 0. + + +Upgrading the Host Operating System +----------------------------------- +When upgrading the host operating system from one major release to another +(for example, SLES 11 to SLES 12 or openSUSE 12.3 to openSUSE 13.1) or when +applying a service pack like SLES 11 SP3 to SLES 11 SP2 all running VMs must +be shut down before the upgrade process is begun. + +On versions of SLES 11 and openSUSE 12 you are using the xm/xend toolstack. +After upgrading to SLES 12 and newer openSUSE versions this toolstack will be +replaced with the xl toolstack. The xl toolstack does not support Managed +Domains. If you wish to continue using Managed Domains you must switch to +using libvirt and its command line interface 'virsh'. You may also use +virt-manager as a GUI interface to libvirt. After upgrading the host but +before you can begin using libvirt on VMs that were previously managed by +xm/xend, you must run a conversion tool called /usr/sbin/xen2libvirt for all +VMs. + +For example, to convert all domains previously managed by xend: + xen2libvirt -r /var/lib/xend/domains/ + +Now typing 'virsh list --all' will show your previously xend managed domains +being managed by libvirt. Run 'xen2libvirt -h' to see additional options for +using this tool. + + +Memory Ballooning in VMs +------------------------ +Setting a VMs maximum memory value greater than the initial memory value +requires support for memory ballooning in the VMs operating system. Modern SLES +and openSUSE guests have this capability built-in. Windows installation media +does not support memory ballooning so you must first install the VM without +memory ballooning (maxmem equal to initial memory). After the installation, the +Virtual Machine Driver Pack (vmdp) must be installed. After this, the VMs +maxmem value may be increased. A reboot of the VM is required for this action +to take effect. + + +Dom0 Memory Ballooning +---------------------- +It is strongly recommended that you dedicate a fixed amount of RAM to dom0 +rather than relying on dom0 auto ballooning. Doing so will ensure your dom0 +has enough resources to operate well and will improve startup times for your +VMs. The amount of RAM dedicated to dom0 should never be less than the +recommended minimum amount for running your SUSE distribution in native mode. +The actual amount of RAM needed for dom0 depends on several factors including +how much physical RAM is on the host, the number of physical CPUs, and the +number of VMs running simultaneously where each VM has a specific requirement +for RAM. The following example shows the syntax for doing this. This would be +added to your grub1 or grub2 configuration; + +Grub2 Example: + Edit /etc/default/grub and add, + GRUB_CMDLINE_XEN_DEFAULT="dom0_mem=1024M,max:1024M" + and then run + grub2-mkconfig -o /boot/grub2/grub.cfg + +Grub1 Example: + Edit /boot/grub/menu.lst and edit the line containing xen.gz + kernel /boot/xen.gz dom0_mem=1024M,max:1024M + +After modifying your grub configuration, you will need to edit /etc/xen/xl.conf +and set autoballoon="off". This will prevent xl from automatically adjusting +the amount of memory assigned to dom0. Reboot the host for these changes to +take effect. + + +Adjusting LIBXL_HOTPLUG_TIMEOUT at runtime +------------------------------------------ +A domU with a large amount of disks may run into the hardcoded +LIBXL_HOTPLUG_TIMEOUT limit, which is 40 seconds. This happens if the +preparation for each disk takes an unexpected large amount of time. Then +the sum of all configured disks and the individual preparation time will +be larger than 40 seconds. The hotplug script which does the preparation +takes a lock before doing the actual preparation. Since the hotplug +scripts for each disk are spawned at nearly the same time, each one has +to wait for the lock. Due to this contention, the total execution time +of a script can easily exceed the timeout. In this case libxl will +terminate the script because it has to assume an error condition. + +Example: +10 configured disks, each one takes 3 seconds within the critital +section. The total execution time will be 30 seconds, which is still +within the limit. With 5 additional configured disks, the total +execution time will be 45 seconds, which would trigger the timeout. + +To handle such setup without a recompile of libxl, a special key/value +has to be created in xenstore prior domain creation. This can be done +either manually, or at system startup. A dedicated systemd service file +exists to set the required value. To enable it, run these commands: + +/etc/systemd/system # systemctl enable xen-LIBXL_HOTPLUG_TIMEOUT.service +/etc/systemd/system # systemctl start xen-LIBXL_HOTPLUG_TIMEOUT.service + + +In case the value in this service file needs to be changed, a copy with +the exact same name must be created in the /etc/systemd/system directory: + +/etc/systemd/system # cat xen-LIBXL_HOTPLUG_TIMEOUT.service +[Unit] +Description=set global LIBXL_HOTPLUG_TIMEOUT +ConditionPathExists=/proc/xen/capabilities + +Requires=xenstored.service +After=xenstored.service +Requires=xen-init-dom0.service +After=xen-init-dom0.service +Before=xencommons.service + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStartPre=/bin/grep -q control_d /proc/xen/capabilities +ExecStart=/usr/bin/xenstore-write /libxl/suse/per-device-LIBXL_HOTPLUG_TIMEOUT 10 + +[Install] +WantedBy=multi-user.target + +In this example the per-device value will be set to 10 seconds. + +The change for libxl which handles this xenstore value will enable +additional logging if the key is found. That extra logging will show how +the execution time of each script. + + +Troubleshooting +--------------- +First try to get Linux running on bare metal before trying with Xen. + +Be sure your Xen hypervisor (xen) and VM kernels (kernel-xen) are compatible. +The hypervisor and domain 0 kernel are a matched set, and usually must be +upgraded together. Consult the online documentation for a matrix of supported +32- and 64-bit combinations + +If you have trouble early in the boot, try passing pnpacpi=off to the Linux +kernel. If you have trouble with interrupts or timers, passing lapic to Xen +may help. Xen and Linux understand similar ACPI boot parameters. Try the +options acpi=off,force,ht,noirq or acpi_skip_timer_override. + +Other useful debugging options to Xen may be nosmp, noreboot, mem=4096M, +sync_console, noirqbalance (Dell). For a complete list of Xen boot options, +consult the "Xen Hypervisor Command Line Options" documentation. + +If domain 0 Linux crashes on X11 startup, please try to boot into runlevel 3. + +1) As a first step in debugging Xen you should add the following hypervisor +options to the xen.gz line in your grub configuration file. After rebooting, +the 'xl dmesg' command will produce more output to better analyze problems. + +Grub2 Example: + Edit /etc/default/grub and add, + GRUB_CMDLINE_XEN_DEFAULT="loglvl=all guest_loglvl=all" + and then run, + grub2-mkconfig -o /boot/grub2/grub.cfg + +Grub1 Example: + Edit /boot/grub/menu.lst and edit the line containing xen.gz + kernel /boot/xen.gz loglvl=all guest_loglvl=all + +2) With the log levels specified above and the host rebooted, more useful +information about domain 0 and running VMs can be obtained using the +'xl dmesg' and 'xl debug-keys' commands. For example, from the command line +run: + xl debug-keys h +and then run: + xl dmesg +Note that at the end of the output from 'xl dmesg' it includes help on a +series of commands that may be passed to 'xl debug-keys'. For example, by +passing the letter 'q' to 'xl debug-keys' it will "dump domain (and guest +debug) info". + xl debug-keys q +Now you can again run 'xl dmesg' to see the domain and guest debug info. + +3) Sometimes it is useful to attach a serial terminal and direct Xen to send +its output not only to the screen, but also to that terminal. First you need +to attach a serial cable from the serial port on the server to a second +machine's serial port. That second machine could be running minicom (or some +other program that can be setup to read from the serial port). Do the +following to prepare Xen to send its output over this serial line. + +Grub2 Example: + Edit /etc/default/grub and add, + GRUB_CMDLINE_XEN_DEFAULT="loglvl=all guest_loglvl=all console=com1 com1=115200,8n1" + Also append additional serial flags to the option below such that it appears as, + GRUB_CMDLINE_LINUX_DEFAULT="<pre-existing flags> console=ttyS0, 115200" + where pre-existing flags are those options already present and then run, + grub2-mkconfig -o /boot/grub2/grub.cfg + +Grub1 Example: + Edit the /etc/grub/menu.lst file and add the following to the Xen entry, + kernel /boot/xen.gz loglvl=all guest_loglvl=all console=com1 com1=115200,8n1 + module /boot/vmlinuz-xen <pre-existing flags> console=ttyS0, 115200 + +Once the hardware and software are configured correctly the server is rebooted +and its output should appear on the other terminal as the server boots up. + +4) To further debug Xen or domain 0 Linux crashes or hangs, it may be useful to +use the debug-enabled hypervisor, and/or to prevent automatic rebooting. + +Grub2 Example: + Edit /etc/default/grub and add, + GRUB_CMDLINE_XEN_DEFAULT="noreboot loglvl=all guest_loglvl=all" + Edit /boot/grub2/grub.cfg and look for these lines: + multiboot /boot/xen-<version>.gz ... + and replace them with: + multiboot /boot/xen-dbg-<version>.gz' ... Replace <version> with the + appropriate version string contained in the filename. Note that running + grub2-mkconfig -o /boot/grub2/grub.cfg will overwrite all manual changes + made to grub.cfg. + +Grub1 Example: + Edit your menu.lst configuration from something like this: + kernel (hd0,5)/xen.gz + To something like this: + kernel (hd0,5)/xen-dbg.gz noreboot loglvl=all guest_loglvl=all + +All hypervisor options require a reboot to take effect. After rebooting, the +Xen hypervisor will write any error messages to the log file (viewable with +the "xl dmesg" command). + +If problems persist, check if a newer version is available. Well-tested +versions will be shipped with SUSE and via YaST Online Update. + + +Resources +--------- +https://www.suse.com/documentation/sles11/singlehtml/book_xen/book_xen.html +http://doc.opensuse.org/products/draft/SLES/SLES-xen_sd_draft/cha.xen.basics.html + + +Feedback +-------- +In case you have remarks about, problems with, ideas for, or praise for Xen, +please report it back to the xen-devel list: + xen-devel@lists.xen.org +If you find issues with the packaging or setup done by SUSE, please report +it through bugzilla: + https://bugzilla.suse.com + + + ENJOY! + Your SUSE Team. diff --git a/aarch64-maybe-uninitialized.patch b/aarch64-maybe-uninitialized.patch new file mode 100644 index 0000000..7877ba3 --- /dev/null +++ b/aarch64-maybe-uninitialized.patch @@ -0,0 +1,22 @@ +Index: xen-4.12.0-testing/tools/libxl/libxl_arm_acpi.c +=================================================================== +--- xen-4.12.0-testing.orig/tools/libxl/libxl_arm_acpi.c ++++ xen-4.12.0-testing/tools/libxl/libxl_arm_acpi.c +@@ -99,7 +99,7 @@ int libxl__get_acpi_size(libxl__gc *gc, + const libxl_domain_build_info *info, + uint64_t *out) + { +- uint64_t size; ++ uint64_t size = 0; + int rc = 0; + + +@@ -124,7 +124,7 @@ static int libxl__allocate_acpi_tables(l + struct acpitable acpitables[]) + { + int rc; +- size_t size; ++ size_t size = 0; + + acpitables[RSDP].addr = GUEST_ACPI_BASE; + acpitables[RSDP].size = sizeof(struct acpi_table_rsdp); diff --git a/aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch b/aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch new file mode 100644 index 0000000..256006a --- /dev/null +++ b/aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch @@ -0,0 +1,37 @@ +From 98abe3b337e69371678859c4cfd19df61aebb0d9 Mon Sep 17 00:00:00 2001 +From: Olaf Hering <olaf@aepfle.de> +Date: Sun, 2 Feb 2014 20:42:42 +0100 +Subject: aarch64: rename PSR_MODE_ELxx to match linux headers + +https://bugs.launchpad.net/linaro-aarch64/+bug/1169164 + +Signed-off-by: Olaf Hering <olaf@aepfle.de> +--- + xen/include/public/arch-arm.h | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +Index: xen-4.13.0-testing/xen/include/public/arch-arm.h +=================================================================== +--- xen-4.13.0-testing.orig/xen/include/public/arch-arm.h ++++ xen-4.13.0-testing/xen/include/public/arch-arm.h +@@ -371,13 +371,13 @@ typedef uint64_t xen_callback_t; + + /* 64 bit modes */ + #define PSR_MODE_BIT 0x10 /* Set iff AArch32 */ +-#define PSR_MODE_EL3h 0x0d +-#define PSR_MODE_EL3t 0x0c +-#define PSR_MODE_EL2h 0x09 +-#define PSR_MODE_EL2t 0x08 +-#define PSR_MODE_EL1h 0x05 +-#define PSR_MODE_EL1t 0x04 +-#define PSR_MODE_EL0t 0x00 ++#define PSR_MODE_EL3h 0x0000000d ++#define PSR_MODE_EL3t 0x0000000c ++#define PSR_MODE_EL2h 0x00000009 ++#define PSR_MODE_EL2t 0x00000008 ++#define PSR_MODE_EL1h 0x00000005 ++#define PSR_MODE_EL1t 0x00000004 ++#define PSR_MODE_EL0t 0x00000000 + + #define PSR_GUEST32_INIT (PSR_ABT_MASK|PSR_FIQ_MASK|PSR_IRQ_MASK|PSR_MODE_SVC) + #define PSR_GUEST64_INIT (PSR_ABT_MASK|PSR_FIQ_MASK|PSR_IRQ_MASK|PSR_MODE_EL1h) diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..8cf2e95 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +xen-libs diff --git a/bin-python3-conversion.patch b/bin-python3-conversion.patch new file mode 100644 index 0000000..a4ba566 --- /dev/null +++ b/bin-python3-conversion.patch @@ -0,0 +1,428 @@ +Index: xen-4.13.0-testing/tools/misc/xencons +=================================================================== +--- xen-4.13.0-testing.orig/tools/misc/xencons ++++ xen-4.13.0-testing/tools/misc/xencons +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + + ############################################## + # Console client for Xen guest OSes +@@ -27,13 +27,13 @@ def __recv_from_sock(sock): + while not stop: + try: + data = sock.recv(1024) +- except socket.error, error: ++ except socket.error as error: + if error[0] != errno.EINTR: + raise + else: + try: + os.write(1, data) +- except os.error, error: ++ except os.error as error: + if error[0] != errno.EINTR: + raise + os.wait() +@@ -42,7 +42,7 @@ def __send_to_sock(sock): + while 1: + try: + data = os.read(0,1024) +- except os.error, error: ++ except os.error as error: + if error[0] != errno.EINTR: + raise + else: +@@ -50,7 +50,7 @@ def __send_to_sock(sock): + break + try: + sock.send(data) +- except socket.error, error: ++ except socket.error as error: + if error[0] == errno.EPIPE: + sys.exit(0) + if error[0] != errno.EINTR: +@@ -73,20 +73,20 @@ def connect(host,port): + + if os.fork(): + signal.signal(signal.SIGCHLD, __child_death) +- print "************ REMOTE CONSOLE: CTRL-] TO QUIT ********" ++ print("************ REMOTE CONSOLE: CTRL-] TO QUIT ********") + tcsetattr(0, TCSAFLUSH, nattrs) + try: + __recv_from_sock(sock) + finally: + tcsetattr(0, TCSAFLUSH, oattrs) +- print +- print "************ REMOTE CONSOLE EXITED *****************" ++ print() ++ print("************ REMOTE CONSOLE EXITED *****************") + else: + signal.signal(signal.SIGPIPE, signal.SIG_IGN) + __send_to_sock(sock) + + if __name__ == '__main__': + if len(sys.argv) != 3: +- print sys.argv[0] + " <host> <port>" ++ print(sys.argv[0] + " <host> <port>") + sys.exit(1) + connect(str(sys.argv[1]),int(sys.argv[2])) +Index: xen-4.13.0-testing/tools/misc/xencov_split +=================================================================== +--- xen-4.13.0-testing.orig/tools/misc/xencov_split ++++ xen-4.13.0-testing/tools/misc/xencov_split +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/python3 + + import sys, os, os.path as path, struct, errno + from optparse import OptionParser +@@ -51,7 +51,7 @@ def xencov_split(opts): + dir = opts.output_dir + path.dirname(fn) + try: + os.makedirs(dir) +- except OSError, e: ++ except OSError as e: + if e.errno == errno.EEXIST and os.path.isdir(dir): + pass + else: +@@ -89,8 +89,8 @@ def main(): + if __name__ == "__main__": + try: + sys.exit(main()) +- except Exception, e: +- print >>sys.stderr, "Error:", e ++ except Exception as e: ++ print("Error:", e, file=sys.stderr) + sys.exit(1) + except KeyboardInterrupt: + sys.exit(1) +Index: xen-4.13.0-testing/tools/misc/xenpvnetboot +=================================================================== +--- xen-4.13.0-testing.orig/tools/misc/xenpvnetboot ++++ xen-4.13.0-testing/tools/misc/xenpvnetboot +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + # + # Copyright (C) 2010 Oracle. All rights reserved. + # +@@ -17,9 +17,9 @@ import time + import string + import random + import tempfile +-import commands + import subprocess +-import urlgrabber ++import subprocess ++import urllib.request as request + from optparse import OptionParser + + +@@ -58,7 +58,7 @@ def mount(dev, path, option=''): + else: + mountcmd = '/bin/mount' + cmd = ' '.join([mountcmd, option, dev, path]) +- (status, output) = commands.getstatusoutput(cmd) ++ (status, output) = subprocess.getstatusoutput(cmd) + if status != 0: + raise RuntimeError('Command: (%s) failed: (%s) %s' % (cmd, status, output)) + +@@ -79,7 +79,7 @@ class Fetcher: + + def prepare(self): + if not os.path.exists(self.tmpdir): +- os.makedirs(self.tmpdir, 0750) ++ os.makedirs(self.tmpdir, 0o750) + + def cleanup(self): + pass +@@ -89,8 +89,8 @@ class Fetcher: + suffix = ''.join(random.sample(string.ascii_letters, 6)) + local_name = os.path.join(self.tmpdir, 'xenpvboot.%s.%s' % (os.path.basename(filename), suffix)) + try: +- return urlgrabber.urlgrab(url, local_name, copy_local=1) +- except Exception, err: ++ return request.urlretrieve(url, local_name) ++ except Exception as err: + raise RuntimeError('Cannot get file %s: %s' % (url, err)) + + +@@ -155,7 +155,7 @@ class TFTPFetcher(Fetcher): + suffix = ''.join(random.sample(string.ascii_letters, 6)) + local_name = os.path.join(self.tmpdir, 'xenpvboot.%s.%s' % (os.path.basename(filename), suffix)) + cmd = '/usr/bin/tftp %s -c get %s %s' % (host, os.path.join(basedir, filename), local_name) +- (status, output) = commands.getstatusoutput(cmd) ++ (status, output) = subprocess.getstatusoutput(cmd) + if status != 0: + raise RuntimeError('Command: (%s) failed: (%s) %s' % (cmd, status, output)) + return local_name +@@ -202,7 +202,7 @@ Supported locations: + + if not opts.location and not opts.kernel and not opts.ramdisk: + if not opts.quiet: +- print >> sys.stderr, 'You should at least specify a location or kernel/ramdisk.' ++ print('You should at least specify a location or kernel/ramdisk.', file=sys.stderr) + parser.print_help(sys.stderr) + sys.exit(1) + +@@ -228,14 +228,14 @@ Supported locations: + fetcher = TFTPFetcher(location, opts.output_directory) + else: + if not opts.quiet: +- print >> sys.stderr, 'Unsupported location: %s' % location ++ print('Unsupported location: %s' % location, file=sys.stderr) + sys.exit(1) + + try: + fetcher.prepare() +- except Exception, err: ++ except Exception as err: + if not opts.quiet: +- print >> sys.stderr, str(err) ++ print(str(err), file=sys.stderr) + fetcher.cleanup() + sys.exit(1) + +@@ -247,15 +247,15 @@ Supported locations: + for (kernel_path, _) in XEN_PATHS: + try: + kernel = fetcher.get_file(kernel_path) +- except Exception, err: ++ except Exception as err: + if not opts.quiet: +- print >> sys.stderr, str(err) ++ print(str(err), file=sys.stderr) + continue + break + + if not kernel: + if not opts.quiet: +- print >> sys.stderr, 'Cannot get kernel from loacation: %s' % location ++ print('Cannot get kernel from loacation: %s' % location, file=sys.stderr) + sys.exit(1) + + ramdisk = None +@@ -265,9 +265,9 @@ Supported locations: + for (_, ramdisk_path) in XEN_PATHS: + try: + ramdisk = fetcher.get_file(ramdisk_path) +- except Exception, err: ++ except Exception as err: + if not opts.quiet: +- print >> sys.stderr, str(err) ++ print(str(err), file=sys.stderr) + continue + break + finally: +@@ -280,7 +280,7 @@ Supported locations: + elif opts.output_format == 'simple0': + output = format_simple(kernel, ramdisk, opts.args, '\0') + else: +- print >> sys.stderr, 'Unknown output format: %s' % opts.output_format ++ print('Unknown output format: %s' % opts.output_format, file=sys.stderr) + sys.exit(1) + + sys.stdout.flush() +Index: xen-4.13.0-testing/tools/python/scripts/convert-legacy-stream +=================================================================== +--- xen-4.13.0-testing.orig/tools/python/scripts/convert-legacy-stream ++++ xen-4.13.0-testing/tools/python/scripts/convert-legacy-stream +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + # -*- coding: utf-8 -*- + + """ +@@ -39,16 +39,16 @@ def info(msg): + for line in msg.split("\n"): + syslog.syslog(syslog.LOG_INFO, line) + else: +- print msg ++ print(msg) + + def err(msg): + """Error message, routed to appropriate destination""" + if log_to_syslog: + for line in msg.split("\n"): + syslog.syslog(syslog.LOG_ERR, line) +- print >> sys.stderr, msg ++ print(msg, file=sys.stderr) + +-class StreamError(StandardError): ++class StreamError(Exception): + """Error with the incoming migration stream""" + pass + +@@ -637,7 +637,7 @@ def open_file_or_fd(val, mode): + else: + return open(val, mode, 0) + +- except StandardError, e: ++ except Exception as e: + if fd != -1: + err("Unable to open fd %d: %s: %s" % + (fd, e.__class__.__name__, e)) +@@ -723,7 +723,7 @@ def main(): + if __name__ == "__main__": + try: + sys.exit(main()) +- except SystemExit, e: ++ except SystemExit as e: + sys.exit(e.code) + except KeyboardInterrupt: + sys.exit(1) +Index: xen-4.13.0-testing/tools/python/scripts/verify-stream-v2 +=================================================================== +--- xen-4.13.0-testing.orig/tools/python/scripts/verify-stream-v2 ++++ xen-4.13.0-testing/tools/python/scripts/verify-stream-v2 +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + # -*- coding: utf-8 -*- + + """ Verify a v2 format migration stream """ +@@ -25,7 +25,7 @@ def info(msg): + for line in msg.split("\n"): + syslog.syslog(syslog.LOG_INFO, line) + else: +- print msg ++ print(msg) + + def err(msg): + """Error message, routed to appropriate destination""" +@@ -33,7 +33,7 @@ def err(msg): + if log_to_syslog: + for line in msg.split("\n"): + syslog.syslog(syslog.LOG_ERR, line) +- print >> sys.stderr, msg ++ print(msg, file=sys.stderr) + + def stream_read(_ = None): + """Read from input""" +@@ -86,7 +86,7 @@ def read_stream(fmt): + err(traceback.format_exc()) + return 1 + +- except StandardError: ++ except Exception: + err("Script Error:") + err(traceback.format_exc()) + err("Please fix me") +@@ -114,7 +114,7 @@ def open_file_or_fd(val, mode, buffering + else: + return open(val, mode, buffering) + +- except StandardError, e: ++ except Exception as e: + if fd != -1: + err("Unable to open fd %d: %s: %s" % + (fd, e.__class__.__name__, e)) +@@ -168,7 +168,7 @@ def main(): + if __name__ == "__main__": + try: + sys.exit(main()) +- except SystemExit, e: ++ except SystemExit as e: + sys.exit(e.code) + except KeyboardInterrupt: + sys.exit(2) +Index: xen-4.13.0-testing/tools/xenmon/xenmon.py +=================================================================== +--- xen-4.13.0-testing.orig/tools/xenmon/xenmon.py ++++ xen-4.13.0-testing/tools/xenmon/xenmon.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + + ##################################################################### + # xenmon is a front-end for xenbaked. +Index: xen-4.13.0-testing/tools/xentrace/xentrace_format +=================================================================== +--- xen-4.13.0-testing.orig/tools/xentrace/xentrace_format ++++ xen-4.13.0-testing/tools/xentrace/xentrace_format +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + + # by Mark Williamson, (C) 2004 Intel Research Cambridge + +@@ -7,8 +7,7 @@ + import re, sys, string, signal, struct, os, getopt + + def usage(): +- print >> sys.stderr, \ +- "Usage: " + sys.argv[0] + """ defs-file ++ print("Usage: " + sys.argv[0] + """ defs-file + Parses trace data in binary format, as output by Xentrace and + reformats it according to the rules in a file of definitions. The + rules in this file should have the format ({ and } show grouping +@@ -29,7 +28,7 @@ def usage(): + this script may not be able to keep up with the output of xentrace + if it is piped directly. In these circumstances you should have + xentrace output to a file for processing off-line. +- """ ++ """, file=sys.stderr) + sys.exit(1) + + def read_defs(defs_file): +@@ -49,7 +48,7 @@ def read_defs(defs_file): + + m = reg.match(line) + +- if not m: print >> sys.stderr, "Bad format file" ; sys.exit(1) ++ if not m: print("Bad format file", file=sys.stderr) ; sys.exit(1) + + defs[str(eval(m.group(1)))] = m.group(2) + +@@ -83,8 +82,8 @@ interrupted = 0 + + try: + defs = read_defs(arg[0]) +-except IOError, exn: +- print exn ++except IOError as exn: ++ print(exn) + sys.exit(1) + + # structure of trace record (as output by xentrace): +@@ -211,7 +210,7 @@ while not interrupted: + if cpu >= len(last_tsc): + last_tsc += [0] * (cpu - len(last_tsc) + 1) + elif tsc < last_tsc[cpu] and tsc_in == 1: +- print "TSC stepped backward cpu %d ! %d %d" % (cpu,tsc,last_tsc[cpu]) ++ print("TSC stepped backward cpu %d ! %d %d" % (cpu,tsc,last_tsc[cpu])) + + # provide relative TSC + if last_tsc[cpu] > 0 and tsc_in == 1: +@@ -239,18 +238,20 @@ while not interrupted: + + try: + +- if defs.has_key(str(event)): +- print defs[str(event)] % args ++ if str(event) in defs: ++ print(defs[str(event)] % args) + else: +- if defs.has_key(str(0)): print defs[str(0)] % args ++ if str(0) in defs: print(defs[str(0)] % args) + except TypeError: +- if defs.has_key(str(event)): +- print defs[str(event)] +- print args ++ if str(event) in defs: ++ print(defs[str(event)]) ++ print(args) + else: +- if defs.has_key(str(0)): +- print defs[str(0)] +- print args ++ if str(0) in defs: ++ print(defs[str(0)]) ++ print(args) + + +- except IOError, struct.error: sys.exit() ++ except IOError as xxx_todo_changeme: ++ struct.error = xxx_todo_changeme ++ sys.exit(1) diff --git a/block-dmmd b/block-dmmd new file mode 100644 index 0000000..58534f8 --- /dev/null +++ b/block-dmmd @@ -0,0 +1,384 @@ +#! /bin/bash + +# Usage: block-dmmd [add args | remove args] +# +# the dmmd device syntax (in xl commands/configs) is something like: +# script=block-dmmd,md;/dev/md0;md;/dev/md1;lvm;/dev/vg1/lv1 +# or +# script=block-dmmd,lvm;/dev/vg1/lv1;lvm;/dev/vg1/lv2;md;/dev/md0 +# device pairs (type;dev) are processed in order, with the last device +# assigned to the VM +# +# Note - When using the libxl stack, the "script=block-dmmd" option +# is required. See man xl-disk-configuration(5) for more information. +# +# md devices can optionally: +# specify a config file through: +# md;/dev/md100(/var/xen/config/mdadm.conf) +# use an array name (mdadm -N option): +# md;My-MD-name;lvm;/dev/vg1/lv1 +# +# Completely expressive syntax should be similar to: +# "format=raw, vdev=xvdb, access=rw, script=block-dmmd, \ +# target=md;/dev/md0(/etc/mdadm.conf);lvm;/dev/vg1/lv1" +# +## +# History: +# 2017-07-10, mlatimer@suse.com: +# Modification to use syslog for progress messages by ldevulder@suse.com +# 2017-06-12, mlatimer@suse.com: +# Merge LVM improvements by loic.devulder@mpsa.com +# Document libxl "script=block-dmmd" syntax in examples +# Remove xm/xend references (e.g. parsed_timeout from xend-config.sxp) +# 2016-05-27, mlatimer@suse.com: +# Merge improvements by loic.devulder@mpsa.com. Highlights include: +# - Re-write and simplification to speed up the script! +# - Add some (useful) logging messages and comments +# Minor tweaks and logging improvements +# 2016-05-26, mlatimer@suse.com: +# Verify MD activation if mdadm returns 2 +# 2016-05-20, mlatimer@suse.com: +# Strip leading "dmmd:" if present in xenstore params value +# 2013-07-03, loic.devulder@mpsa.com: +# Partial rewrite of the script for supporting MD activation by name +# 2009-06-09, mh@novell.com: +# Emit debugging messages into a temporary file; if no longer needed, +# just comment the exec I/O redirection below +# Make variables used in functions local to avoid global overridings +# Use vgscan and vgchange where required +# Use the C locale to avoid dealing with localized messages +# Assign output from assembling an MD device to a variable to aid +# debugging + +# We do not want to deal with localized messages +# We use LC_ALL because LC_ALL superse LANG +# But we also use LANG because some applications may still use LANG... +export LC_ALL=C +export LANG=${LC_ALL} + +# Loading common libraries +. $(dirname $0)/block-common.sh + +# Constants +typeset -rx MDADM_BIN=/sbin/mdadm +typeset -rx LVCHANGE_BIN=/sbin/lvchange +typeset -rx PVSCAN_BIN=/sbin/pvscan +typeset -rx VGSCAN_BIN=/sbin/vgscan +typeset -rx VGCHANGE_BIN=/sbin/vgchange +typeset -rx CLVMD_BIN=/usr/sbin/clvmd +typeset -rx DATE_SEC="date +%s" + +# We check for errors ourselves +set +e + +function reload_clvm() +{ + # If we are in cluster mode + if ps -e | grep -q [c]lvmd 2>/dev/null; then + # Logging message + log info "Synchronizing cLVM..." + + # Synchronize cLVM + ${CLVMD_BIN} -R > /dev/null 2>&1 \ + || return 1 + fi + + return 0 +} + +function run_mdadm() +{ + local mdadm_cmd=$1 + local msg + local rc + + msg="$(${MDADM_BIN} ${mdadm_cmd} 2>&1)" + rc=$? + case "${msg}" in + *"has been started"* | *"already active"*) + return 0 + ;; + *"is already in use"*) + # Hmm, might be used by another device in this domU + # Leave it to upper layers to detect a real error + return 2 + ;; + *) + return ${rc} + ;; + esac + + # Normally we should not get here, but if this happens + # we have to return an error + return 1 +} + +function activate_md() +{ + # Make it explicitly local + local par=$1 + local cfg dev dev_path rc t mdadm_opts + + if [[ ${par} == ${par%%(*} ]]; then + # No configuration file specified + dev=${par} + cfg="" + else + dev=${par%%(*} + t=${par#*(} + cfg="-c ${t%%)*}" + fi + + # Looking for device name or aliase + if [[ ${dev:0:1} == / ]]; then + dev_path=${dev%/*} + mdadm_opts="" + else + dev_path=/dev/md + mdadm_opts="-s -N" + fi + + # Logging message + log info "Activating MD device ${dev}..." + + # Is MD device already active? + # We need to use full path name, aliase is not possible... + if [ -e ${dev_path}/${dev##*/} ]; then + ${MDADM_BIN} -Q -D ${dev_path}/${dev##*/} 2>/dev/null \ + | grep -iq state.*\:.*inactive || return 0 + fi + + # Activate MD device + run_mdadm "-A ${mdadm_opts} ${dev} ${cfg}" + rc=$? + + # A return code of 2 can indicate the array configuration was incorrect + if [[ ${rc} == 2 ]]; then + # Logging message + log info "Verifying MD device ${dev} activation..." + + # If the array is active, return 0, otherwise return an error + ${MDADM_BIN} -Q -D ${dev_path}/${dev##*/} &>/dev/null && return 0 \ + || return 1 + fi + + return ${rc} +} + +function deactivate_md() +{ + local par=$1 + local dev + + if [[ ${par} == ${par%%(*} ]]; then + # No configuration file specified + dev=${par} + else + dev=${par%%(*} + fi + + # Looking for device name or aliase + if [[ ${dev:0:1} == / ]]; then + dev_path=${dev%/*} + else + dev_path=/dev/md + fi + + # Logging message + log info "Deactivating MD device ${dev}..." + + # We need the device name only while deactivating + ${MDADM_BIN} -S ${dev_path}/${dev##*/} > /dev/null 2>&1 + + return $? +} + +function lvm_action() +{ + local action=$1 + local dev=$2 + local run_timeout=90 + local end_time + + # Logging message + log info "${action} LVM device ${dev}..." + + # Set end_time for the loop + (( end_time = $(${DATE_SEC}) + run_timeout )) + + while true; do + # Action depends of what the user asks + if [[ ${action} == activate ]]; then + # First scan for PVs and VGs + # We need this for using MD device as PV + ${PVSCAN_BIN} > /dev/null 2>&1 + + ${LVCHANGE_BIN} -aey ${dev} > /dev/null 2>&1 \ + && [[ -e ${dev} ]] \ + && return 0 + elif [[ ${action} == deactivate ]]; then + ${LVCHANGE_BIN} -aen ${dev} > /dev/null 2>&1 \ + && return 0 + + # If the LV is already deactivated we may be in an infinite loop + # So we need to test if the LV is still present + [[ -e ${dev} ]] || return 0 + fi + + # It seems that we had a problem during lvchange + # If we are in a cluster the problem may be due to a cLVM locking bug, + # so try to reload it + reload_clvm + + # If it takes too long we need to return an error + if (( $(${DATE_SEC}) >= end_time )); then + log err "Failed to ${action} $1 within ${run_timeout} seconds" + return 1 + fi + + # Briefly sleep before restarting the loop + sleep 0.1 + + done + + # Normally we should not get here, but if this happens + # we have to return an error + return 1 +} + +# Variables +typeset command=$1 +typeset BP=100 +typeset SP=${BP} +typeset VBD +typeset -a stack + +function push() +{ + local value="$1" + + [[ -n "${value}" ]] \ + && stack[$((--SP))]="${value}" + + return 0 +} + +function pop() +{ + [[ "${SP}" != "${BP}" ]] \ + && VBD=${stack[$((SP++))]} \ + || VBD="" + + return 0 +} + +function activate_dmmd() +{ + case "$1" in + "md") + activate_md $2 + return $? + ;; + "lvm") + lvm_action activate $2 + return $? + ;; + esac + + # Normally we should not get here, but if this happens + # we have to return an error + return 1 +} + +function deactivate_dmmd() +{ + case "$1" in + "md") + deactivate_md $2 + return $? + ;; + "lvm") + lvm_action deactivate $2 + return $? + ;; + esac + + # Normally we should not get here, but if this happens + # we have to return an error + return 1 +} + +function cleanup_stack() +{ + while true; do + pop + [[ -z "${VBD}" ]] && break + deactivate_dmmd ${VBD} + done +} + +function parse_par() +{ + # Make these vars explicitly local + local ac par rc s t + + ac=$1 + par="$2" + + par="${par};" + while true; do + t=${par%%;*} + + [[ -z "${t}" ]] && return 0 + par=${par#*;} + + s=${par%%;*} + [[ -z "${s}" ]] && return 1 + par=${par#*;} + + if [[ "${ac}" == "activate" ]]; then + activate_dmmd ${t} ${s} \ + || return 1 + fi + push "${t} ${s}" + done +} + +case "${command}" in + "add") + p=$(xenstore-read ${XENBUS_PATH}/params) || true + claim_lock "dmmd" + dmmd=${p#dmmd:} + + if ! parse_par activate "${dmmd}"; then + cleanup_stack + release_lock "dmmd" + exit 1 + fi + + lastparam=${dmmd##*;} + usedevice=${lastparam%(*} + xenstore-write ${XENBUS_PATH}/node "${usedevice}" + write_dev "${usedevice}" + release_lock "dmmd" + + exit 0 + ;; + + "remove") + p=$(xenstore-read ${XENBUS_PATH}/params) || true + claim_lock "dmmd" + dmmd=${p#dmmd:} + + parse_par noactivate "${dmmd}" + + cleanup_stack + release_lock "dmmd" + + exit 0 + ;; +esac + +# Normally we should not get here, but if this happens +# we have to return an error +return 1 diff --git a/block-npiv b/block-npiv new file mode 100644 index 0000000..ff38787 --- /dev/null +++ b/block-npiv @@ -0,0 +1,129 @@ +#!/bin/bash + +# Usage: block-npiv [add npiv | remove dev] + +dir=$(dirname "$0") +. "$dir/block-npiv-common.sh" +. "$dir/block-common.sh" + +#set -x +#command=$1 + +case "$command" in + add) + # Params is one big arg, with fields separated by hyphens: + # single path: + # VPWWPN-TGTWWPN-LUN# + # multipath: + # {VPWWPN1.VPWWPN2....VPWWPNx}-{TGTWWPN1.TGTWWPN2....TGTWWPNx}-LUN# + # arg 1 - VPORT's WWPN + # arg 2 - Target's WWPN + # arg 3 - LUN # on Target + # no wwn contains a leading 0x - it is a 16 character hex value + # You may want to optionally pick a specific adapter ? + par=`xenstore-read $XENBUS_PATH/params` || true + NPIVARGS=(${par//-/ }) + wc=${#NPIVARGS[@]} + if [ $wc -eq 5 ]; then + # support old syntax + # FABRIC-VPWWPN-VPWWNN-TGTWWPN-LUN + VPORTWWPNS=${NPIVARGS[1]} + VPORTWWNNS=${NPIVARGS[2]} + TGTWWPNS=${NPIVARGS[3]} + LUN=${NPIVARGS[4]} + elif [ $wc -eq 3 ]; then + # new syntax + VPORTWWPNS=${NPIVARGS[0]} + TGTWWPNS=${NPIVARGS[1]} + LUN=${NPIVARGS[2]} + else + # wrong syntax + exit 1 + fi + + # Ensure we compare everything using lower-case hex characters + TGTWWPNS=`echo $TGTWWPNS | tr A-Z a-z |sed 's/[{.}]/ /g'` + VPORTWWPNS=`echo $VPORTWWPNS | tr A-Z a-z |sed 's/[{.}]/ /g'` + # Only one VPWWNN is supported + VPORTWWNN=`echo $VPORTWWNNS | tr A-Z a-z | sed -e 's/\..*//g' -e 's/{//'` + + claim_lock "npiv" + paths=0 + for VPORTWWPN in $VPORTWWPNS; do + find_vhost $VPORTWWPN + if test -z "$vhost" ; then + create_vport $VPORTWWPN $VPORTWWNN + if [ $? -ne 0 ] ; then exit 2; fi + sleep 8 + find_vhost $VPORTWWPN + if test -z "$vhost" ; then exit 3; fi + fi + for TGTWWPN in $TGTWWPNS; do + find_sdev $vhost $TGTWWPN $LUN + if test -z "$dev"; then + echo "- - -" > /sys/class/scsi_host/$vhost/scan + sleep 2 + find_sdev $vhost $TGTWWPN $LUN + fi + if test -z "$dev"; then + exit 4 + fi + paths=$(($paths+1)) + done + done + release_lock "npiv" + + if test $paths -gt 1; then + xenstore-write $XENBUS_PATH/multipath 1 + /etc/init.d/multipathd start + if test $? -ne 0 ; then exit 4; fi + dm=`multipath -l /dev/$dev | grep dm | cut -f2 -d' '` + else + xenstore-write $XENBUS_PATH/multipath 0 + dm=$dev + fi + + if test ! -z "$dm"; then + xenstore-write $XENBUS_PATH/node /dev/$dm + write_dev /dev/$dm + exit 0 + fi + + exit 4 + ;; + + remove) + node=`xenstore-read $XENBUS_PATH/node` || true + multipath=`xenstore-read $XENBUS_PATH/multipath` || true + # this is really screwy. the first delete of a lun will + # terminate the entire vport (all luns) + if test $multipath = 1; then + par=`xenstore-read $XENBUS_PATH/params` || true + NPIVARGS=(${par//-/ }) + wc=${#NPIVARGS[@]} + if [ $wc -eq 5 ]; then + # old syntax + # FABRIC-VPWWPN-VPWWNN-TGTWWPN-LUN + VPORTWWPNS=${NPIVARGS[1]} + elif [ $wc -eq 3 ]; then + # new syntax + VPORTWWPNS=${NPIVARGS[0]} + fi + VPORTWWPNS=`echo $VPORTWWPNS | tr A-Z a-z |sed 's/[{.}]/ /g'` + for VPORTWWPN in $VPORTWWPNS; do + find_vhost $VPORTWWPN + if test -z "$vhost" ; then exit 5; fi + flush_nodes_on_vhost $vhost + delete_vhost $vhost + done + else + dev=$node; dev=${dev#/dev/} + find_vhost_from_dev $dev + if test -z "$vhost" ; then exit 5; fi + flush_nodes_on_vhost $vhost + delete_vhost $vhost + fi + + exit 0 + ;; +esac diff --git a/block-npiv-common.sh b/block-npiv-common.sh new file mode 100644 index 0000000..b9a4ce9 --- /dev/null +++ b/block-npiv-common.sh @@ -0,0 +1,277 @@ + + +# Look for the NPIV vport with the WWPN +# $1 contains the WWPN (assumes it does not contain a leading "0x") +find_vhost() +{ + unset vhost + + # look in upstream locations + for fchost in /sys/class/fc_vports/* ; do + if test -e $fchost/port_name ; then + wwpn=`cat $fchost/port_name | sed -e s/^0x//` + if test $wwpn = $1 ; then + # Note: makes the assumption the vport will always have an scsi_host child + vhost=`ls -d $fchost/device/host*` + vhost=`basename $vhost` + return + fi + fi + done + + # look in vendor-specific locations + + # Emulex - just looks like another scsi_host - so look at fc_hosts... + for fchost in /sys/class/fc_host/* ; do + if test -e $fchost/port_name ; then + wwpn=`cat $fchost/port_name | sed -e s/^0x//` + if test $wwpn = $1 ; then + # Note: makes the assumption the vport will always have an scsi_host child + vhost=`basename $fchost` + return + fi + fi + done +} + + +# Create a NPIV vport with WWPN +# $1 contains the VPORT WWPN +# $2 may contain the VPORT WWNN +# (assumes no name contains a leading "0x") +create_vport() +{ + wwpn=$1 + wwnn=$2 + if [ -z "$wwnn" ]; then + # auto generate wwnn, follow FluidLabUpdateForEmulex.pdf + # Novell specific identifier + # byte 6 = 0 indicates WWNN, = 1 indicates WWPN + wwnn=${wwpn:0:6}"0"${wwpn:7} + fi + # find a base adapter with npiv support that is on the right fabric + + # Look via upstream interfaces + for fchost in /sys/class/fc_host/* ; do + if test -e $fchost/vport_create ; then + # is the link up, w/ NPIV support ? + pstate=`cat $fchost/port_state` + ptype=`cat $fchost/port_type | cut -c 1-5` + if [ $pstate = "Online" -a $ptype = "NPort" ] ; then + vmax=`cat $fchost/max_npiv_vports` + vinuse=`cat $fchost/npiv_vports_inuse` + avail=`expr $vmax - $vinuse` + if [ $avail -gt 0 ] ; then + # create the vport + echo $wwpn":"$wwnn > $fchost/vport_create + if [ $? -eq 0 ] ; then + return 0 + fi + # failed - so we'll just look for the next adapter + fi + fi + fi + done + + # Look in vendor-specific locations + + # Emulex: interfaces mirror upstream, but are under adapter scsi_host + for shost in /sys/class/scsi_host/* ; do + if [ -e $shost/vport_create ] ; then + fchost=`ls -d $shost/device/fc_host*` + # is the link up, w/ NPIV support ? + if [ -e $fchost/port_state ] ; then + pstate=`cat $fchost/port_state` + ptype=`cat $fchost/port_type | cut -c 1-5` + if [ $pstate = "Online" -a $ptype = "NPort" ] ; then + vmax=`cat $shost/max_npiv_vports` + vinuse=`cat $shost/npiv_vports_inuse` + avail=`expr $vmax - $vinuse` + if [ $avail -gt 0 ] ; then + # create the vport + echo $wwpn":"$wwnn > $shost/vport_create + if [ $? -eq 0 ] ; then + return 0 + fi + # failed - so we'll just look for the next adapter + fi + fi + fi + fi + done + + # BFA are under adapter scsi_host + for shost in /sys/class/scsi_host/* ; do + if [ -e $shost/vport_create ] ; then + fchost=`ls -d $shost/device/fc_host/*` + # is the link up, w/ NPIV support ? + if [ -e $fchost/port_state ] ; then + pstate=`cat $fchost/port_state` + ptype=`cat $fchost/port_type | cut -c 1-5` + if [ $pstate = "Online" -a $ptype = "NPort" ] ; then + # create the vport + echo $wwpn":"$wwnn > $shost/vport_create + if [ $? -eq 0 ] ; then + return 0 + fi + # failed - so we'll just look for the next adapter + fi + fi + fi + done + + return 1 +} + + +# Look for the LUN on the indicated scsi_host (which is an NPIV vport) +# $1 is the scsi_host name (normalized to simply the hostX name) +# $2 is the WWPN of the tgt port the lun is on +# Note: this implies we don't support a multipath'd lun, or we +# are explicitly identifying a "path" +# $3 is the LUN number of the scsi device +find_sdev() +{ + unset dev + hostno=${1/*host/} + for sdev in /sys/class/scsi_device/${hostno}:*:$3 ; do + if test -e $sdev/device/../fc_trans*/target${hostno}*/port_name ; then + tgtwwpn=`cat $sdev/device/../fc_trans*/target${hostno}*/port_name | sed -e s/^0x//` + if test $tgtwwpn = $2 ; then + if test -e $sdev/device/block* ; then + dev=`ls $sdev/device/block*` + dev=${dev##*/} + return + fi + fi + fi + done +} + + +# Look for the NPIV vhost based on a scsi "sdX" name +# $1 is the "sdX" name +find_vhost_from_dev() +{ + unset vhost + hostno=`readlink /sys/block/$1/device` + hostno=${hostno##*/} + hostno=${hostno%%:*} + if test -z "$hostno" ; then return; fi + vhost="host"$hostno +} + + +# We're about to terminate a vhost based on a scsi device +# Flush all nodes on that vhost as they are about to go away +# $1 is the vhost +flush_nodes_on_vhost() +{ + if test ! -x /sbin/blockdev ; then return; fi + hostno=${1/*host/} + for sdev in /sys/class/scsi_device/${hostno}:* ; do + if test -e $sdev/device/block* ; then + dev=`ls $sdev/device/block*` + dev="/dev/"$dev + if test -n "$dev"; then + blockdev --flushbufs $dev + fi + fi + done +} + + +# Terminate a NPIV vhost +# $1 is vhost +delete_vhost() +{ + # use upstream interface + for vport in /sys/class/fc_vports/* ; do + if test -e $vport/device/$1 ; then + if test -e $vport/vport_delete ; then + echo "1" > $vport/vport_delete + if test $? -ne 0 ; then exit 6; fi + sleep 4 + return + fi + fi + done + + # use vendor specific interface + + # Emulex + if test -e /sys/class/fc_host/$1/device/../scsi_host*/lpfc_drvr_version ; then + shost=`ls -1d /sys/class/fc_host/$1/device/../scsi_host* | sed s/.*scsi_host://` + vportwwpn=`cat /sys/class/fc_host/$1/port_name | sed s/^0x//` + vportwwnn=`cat /sys/class/fc_host/$1/node_name | sed s/^0x//` + echo "$vportwwpn:$vportwwnn" > /sys/class/scsi_host/$shost/vport_delete + if test $? -ne 0 ; then exit 6; fi + sleep 4 + return + fi + + # Qlogic + if test -e /sys/class/fc_host/$1/device/../scsi_host*/driver_version ; then + shost=`ls -1d /sys/class/fc_host/$1/device/../scsi_host* | sed s/.*scsi_host://` + vportwwpn=`cat /sys/class/fc_host/$1/port_name | sed s/^0x//` + vportwwnn=`cat /sys/class/fc_host/$1/node_name | sed s/^0x//` + echo "$vportwwpn:$vportwwnn" > /sys/class/scsi_host/$shost/vport_delete + if test $? -ne 0 ; then exit 6; fi + sleep 4 + return + fi + + # BFA + if test -e /sys/class/fc_host/$1/device/../scsi_host/*/driver_name ; then + shost=`ls -1d /sys/class/fc_host/$1/device/../scsi_host/* | sed s#.*scsi_host/##` + vportwwpn=`cat /sys/class/fc_host/$1/port_name | sed s/^0x//` + vportwwnn=`cat /sys/class/fc_host/$1/node_name | sed s/^0x//` + echo "$vportwwpn:$vportwwnn" > /sys/class/scsi_host/$shost/vport_delete + if test $? -ne 0 ; then exit 6; fi + sleep 4 + return + fi + + + exit 6 +} + + +vport_status() +{ + # Look via upstream interfaces + for fchost in /sys/class/fc_host/* ; do + if test -e $fchost/vport_create ; then + vport_status_display $fchost $fchost + fi + done + + # Look in vendor-specific locations + + # Emulex: interfaces mirror upstream, but are under adapter scsi_host + for shost in /sys/class/scsi_host/* ; do + if [ -e $shost/vport_create ] ; then + fchost=`ls -d $shost/device/fc_host*` + vport_status_display $fchost $shost + fi + done + + return 0 +} + + +vport_status_display() +{ + echo + echo "fc_host: " $2 + echo "port_state: " `cat $1/port_state` + echo "port_type: " `cat $1/port_type` + echo "fabric_name: " `cat $1/fabric_name` + echo "max_npiv_vports: " `cat $2/max_npiv_vports` + echo "npiv_vports_inuse: " `cat $2/npiv_vports_inuse` + echo "modeldesc: " `cat $2/modeldesc` + echo "speed: " `cat $1/speed` + + return 0 +} + diff --git a/block-npiv-vport b/block-npiv-vport new file mode 100644 index 0000000..d374a71 --- /dev/null +++ b/block-npiv-vport @@ -0,0 +1,79 @@ +#!/bin/bash + +# Usage: block-npiv-vport [create npivargs | delete vportwwpn | status] + +dir=$(dirname "$0") +. "$dir/block-npiv-common.sh" + +#set -x +command=$1 +params=$2 + +case "$command" in + create) + # Params is one big arg, with fields separated by hyphens: + # FABRIC-VPWWPN-VPWWNN-TGTWWPN-LUN# + # arg 2 - Fabric Name + # arg 3 - VPORT's WWPN + # arg 4 - VPORT's WWNN + # arg 5 - Target's WWPN + # arg 6 - LUN # on Target + # no wwn contains a leading 0x - it is a 16 character hex value + # You may want to optionally pick a specific adapter ? + NPIVARGS=$params; + LUN=${NPIVARGS##*-*-*-*-}; NPIVARGS=${NPIVARGS%-*} + if test $LUN = $NPIVARGS ; then exit 1; fi + TGTWWPN=${NPIVARGS##*-*-*-}; NPIVARGS=${NPIVARGS%-*} + if test $TGTWWPN = $NPIVARGS ; then exit 1; fi + VPORTWWNN=${NPIVARGS##*-*-}; NPIVARGS=${NPIVARGS%-*} + if test $VPORTWWNN = $NPIVARGS ; then exit 1; fi + VPORTWWPN=${NPIVARGS##*-}; NPIVARGS=${NPIVARGS%-*} + if test $VPORTWWPN = $NPIVARGS ; then exit 1; fi + FABRICNM=$NPIVARGS + + # Ensure we compare everything using lower-case hex characters + TGTWWPN=`echo $TGTWWPN | tr A-Z a-z` + VPORTWWPN=`echo $VPORTWWPN | tr A-Z a-z` + VPORTWWNN=`echo $VPORTWWNN | tr A-Z a-z` + FABRICNM=`echo $FABRICNM | tr A-Z a-z` + + find_vhost $VPORTWWPN $FABRICNM + if test -z "$vhost" ; then + create_vport $FABRICNM $VPORTWWPN $VPORTWWNN + if [ $? -ne 0 ] ; then exit 2; fi + sleep 8 + find_vhost $VPORTWWPN $FABRICNM + if test -z "$vhost" ; then exit 3; fi + fi + + exit 0 + ;; + + delete) + # Params is VPORT's WWPN + # no wwn contains a leading 0x - it is a 16 character hex value + VPORTWWPN=$params + + # Ensure we compare everything using lower-case hex characters + VPORTWWPN=`echo $VPORTWWPN | tr A-Z a-z` + + find_vhost $VPORTWWPN $FABRICNM + if test -z "$vhost" ; then exit 4; fi + delete_vhost $vhost + + exit 0 + ;; + + status) + vport_status + + exit 0 + ;; + + *) + echo "Usage: block-npiv-vport [create npivargs | delete vportwwpn | status]" + + exit 1 + ;; +esac + diff --git a/boot.local.xenU b/boot.local.xenU new file mode 100644 index 0000000..3d8be45 --- /dev/null +++ b/boot.local.xenU @@ -0,0 +1,79 @@ +#! /bin/sh +# +# Copyright (c) 2014 SUSE GmbH Nuernberg, Germany. All rights reserved. +# +# Author: Werner Fink <werner@suse.de>, 1996 +# Burchard Steinbild <bs@suse.de>, 1996 +# +# /etc/init.d/boot.local +# +# script with local commands to be executed from init on system startup +# +# +# Here you should add things, that should happen directly after booting +# before we're going to the first run level. +# + +date + +# echo "$MACHINE: running $0 $*" +my_REDIRECT="$(echo $REDIRECT | sed 's#^/dev/##')" +my_DEVICE="$(echo $my_REDIRECT | sed 's#^tty##')" +my_SPEED="$(stty speed)" +# echo REDIRECT $REDIRECT $my_REDIRECT +# echo my_DEVICE $my_DEVICE +# echo my_SPEED $my_SPEED + +# compose a line like that for inittab +# S0:12345:respawn:/sbin/agetty -L 9600 ttyS0 vt102 + +case $my_REDIRECT in + ttyS*) + echo adding this line to inittab + echo "$my_DEVICE:12345:respawn:/sbin/agetty -L $my_SPEED $my_REDIRECT vt102" + echo "$my_DEVICE:12345:respawn:/sbin/agetty -L $my_SPEED $my_REDIRECT vt102" >> /etc/inittab + echo $my_REDIRECT >> /etc/securetty + ;; + + hvc*) + echo adding this line to inittab + echo "$my_DEVICE:12345:respawn:/sbin/agetty -L $my_SPEED $my_REDIRECT vt320" + echo "$my_DEVICE:12345:respawn:/sbin/agetty -L $my_SPEED $my_REDIRECT vt320" >> /etc/inittab + echo $my_REDIRECT >> /etc/securetty + ;; + + *) + echo "no modification in inittab needed for: $my_REDIRECT" + ;; +esac + +telinit q + +# Changes for Xen +test -f /lib/modules/`uname -r`/modules.dep || depmod -ae + +CMDLINE=`cat /proc/cmdline | grep 'ip='` +if test ! -z "$CMDLINE"; then + OLDIFS=$IFS + IFS=":" + read ip oth mask gw hostname dev dhcp rest < /proc/cmdline + IFS=$OLDIFS + hostname $hostname + ip=`echo $ip | sed 's/ip= *//'` + if test ! -z "$ip"; then + if test -z "$mask"; then + if [ ${ip%/*} = $ip ]; then + ip="$ip/27" + fi + echo "ip addr add $ip dev $dev" + ip addr add $ip dev $dev + ip link set $dev up + else + ifconfig add $ip netmask $mask $dev + fi + fi + if test "${dhcp#dhcp}" != "$dhcp"; then + ifup-dhcp $dev + fi +fi + diff --git a/boot.xen b/boot.xen new file mode 100644 index 0000000..1aa22ea --- /dev/null +++ b/boot.xen @@ -0,0 +1,101 @@ +#! /bin/sh +# Copyright (c) 2005-2006 SUSE Linux AG, Nuernberg, Germany. +# All rights reserved. +# +# /etc/init.d/boot.xen +# +# LSB compatible service control script; see http://www.linuxbase.org/spec/ +# +### BEGIN INIT INFO +# Provides: Xen +# Required-Start: boot.localfs +# Should-Start: boot.localnet +# Required-Stop: boot.localfs +# Should-Stop: +# Default-Start: B +# Default-Stop: +# Short-Description: Switch on and off TLS depending on whether Xen is running +# Description: Xen gets a major performance hit by the way +# recent glibc (& gcc) set up the TLS offset, as it needs to +# play segmentation tricks. This can be avoided by moving away +# the tls libs. +### END INIT INFO + +. /etc/rc.status + +# Reset status of this service +rc_reset + +case "$1" in + start) + echo -n "Starting Xen setup " + if test -d /proc/xen; then + export LD_ASSUME_KERNEL=2.4.21 + echo -n "Xen running " + fi + if test -d /proc/xen -a -d /lib/tls; then + echo -n "move /lib/tls away " + mv /lib/tls /lib/tls.save + elif test ! -d /proc/xen -a -d /lib/tls.save; then + echo -n "move back /lib/tls " + mv /lib/tls.save /lib/tls + fi + rc_status -v + ;; + stop) + # rc_status -v + ;; + try-restart|condrestart) + $0 restart + # Remember status and be quiet + rc_status + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 start + # Remember status and be quiet + rc_status + ;; + force-reload) + $0 try-restart + rc_status + ;; + reload) + rc_failed 3 + rc_status -v + ;; + status) + echo -n "Checking for Xen " + # Return value is slightly different for the status command: + # 0 - service up and running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running (unused) + # 4 - service status unknown :-( + # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) + + if test -d /proc/xen; then + if test -d /lib/tls; then + echo -n "Xen running, /lib/tls existing " + rc_failed 1 + else + echo -n "Xen running, /lib/tls not existing " + fi + else + if test -d /lib/tls.save; then + echo -n "Xen not running, /lib/tls existing " + rc_failed 2 + else + echo -n "Xen not running, /lib/tls not existing " + rc_failed 3 + fi + fi + rc_status -v + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" + exit 1 + ;; +esac +rc_exit diff --git a/build-python3-conversion.patch b/build-python3-conversion.patch new file mode 100644 index 0000000..4ac9ed6 --- /dev/null +++ b/build-python3-conversion.patch @@ -0,0 +1,598 @@ +Index: xen-4.13.0-testing/Config.mk +=================================================================== +--- xen-4.13.0-testing.orig/Config.mk ++++ xen-4.13.0-testing/Config.mk +@@ -82,7 +82,7 @@ EXTRA_INCLUDES += $(EXTRA_PREFIX)/includ + EXTRA_LIB += $(EXTRA_PREFIX)/lib + endif + +-PYTHON ?= python ++PYTHON ?= python3 + PYTHON_PREFIX_ARG ?= --prefix="$(prefix)" + # The above requires that prefix contains *no spaces*. This variable is here + # to permit the user to set PYTHON_PREFIX_ARG to '' to workaround this bug: +Index: xen-4.13.0-testing/tools/configure +=================================================================== +--- xen-4.13.0-testing.orig/tools/configure ++++ xen-4.13.0-testing/tools/configure +@@ -6926,7 +6926,7 @@ then + fi;; + esac + if test -z "$PYTHON"; then : +- for ac_prog in python python3 python2 ++ for ac_prog in python3 python python2 + do + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 +@@ -7065,15 +7065,15 @@ if test x"${PYTHONPATH}" = x"no" + then + as_fn_error $? "Unable to find $PYTHON, please install $PYTHON" "$LINENO" 5 + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for python version >= 2.6 " >&5 +-$as_echo_n "checking for python version >= 2.6 ... " >&6; } +-`$PYTHON -c 'import sys; sys.exit(eval("sys.version_info < (2, 6)"))'` ++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for python3 version >= 3.0 " >&5 ++$as_echo_n "checking for python3 version >= 3.0 ... " >&6; } ++`$PYTHON -c 'import sys; sys.exit(eval("sys.version_info < (3, 0)"))'` + if test "$?" != "0" + then + python_version=`$PYTHON -V 2>&1` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + $as_echo "no" >&6; } +- as_fn_error $? "$python_version is too old, minimum required version is 2.6" "$LINENO" 5 ++ as_fn_error $? "$python_version is too old, minimum required version is 3.0" "$LINENO" 5 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } +Index: xen-4.13.0-testing/tools/python/test.py +=================================================================== +--- xen-4.13.0-testing.orig/tools/python/test.py ++++ xen-4.13.0-testing/tools/python/test.py +@@ -1,4 +1,4 @@ +-#! /usr/bin/env python2.3 ++#!/usr/bin/python3 + ############################################################################## + # + # Copyright (c) 2001, 2002 Zope Corporation and Contributors. +@@ -289,9 +289,9 @@ class ImmediateTestResult(unittest._Text + def stopTest(self, test): + self._testtimes[test] = time.time() - self._testtimes[test] + if gc.garbage: +- print "The following test left garbage:" +- print test +- print gc.garbage ++ print("The following test left garbage:") ++ print(test) ++ print(gc.garbage) + # XXX Perhaps eat the garbage here, so that the garbage isn't + # printed for every subsequent test. + +@@ -301,23 +301,23 @@ class ImmediateTestResult(unittest._Text + and + t not in self._threads)] + if new_threads: +- print "The following test left new threads behind:" +- print test +- print "New thread(s):", new_threads ++ print("The following test left new threads behind:") ++ print(test) ++ print("New thread(s):", new_threads) + + def print_times(self, stream, count=None): +- results = self._testtimes.items() ++ results = list(self._testtimes.items()) + results.sort(lambda x, y: cmp(y[1], x[1])) + if count: + n = min(count, len(results)) + if n: +- print >>stream, "Top %d longest tests:" % n ++ print("Top %d longest tests:" % n, file=stream) + else: + n = len(results) + if not n: + return + for i in range(n): +- print >>stream, "%6dms" % int(results[i][1] * 1000), results[i][0] ++ print("%6dms" % int(results[i][1] * 1000), results[i][0], file=stream) + + def _print_traceback(self, msg, err, test, errlist): + if self.showAll or self.dots or self._progress: +@@ -369,7 +369,7 @@ class ImmediateTestResult(unittest._Text + if self._progress: + self.stream.write("\r") + if self._debug: +- raise err[0], err[1], err[2] ++ raise err[0](err[1]).with_traceback(err[2]) + self._print_traceback("Error in test %s" % test, err, + test, self.errors) + +@@ -377,7 +377,7 @@ class ImmediateTestResult(unittest._Text + if self._progress: + self.stream.write("\r") + if self._debug: +- raise err[0], err[1], err[2] ++ raise err[0](err[1]).with_traceback(err[2]) + self._print_traceback("Failure in test %s" % test, err, + test, self.failures) + +@@ -480,11 +480,11 @@ class PathInit: + kind = functional and "FUNCTIONAL" or "UNIT" + if libdir: + extra = os.path.join(self.org_cwd, libdir) +- print "Running %s tests from %s" % (kind, extra) ++ print("Running %s tests from %s" % (kind, extra)) + self.libdir = extra + sys.path.insert(0, extra) + else: +- print "Running %s tests from %s" % (kind, self.cwd) ++ print("Running %s tests from %s" % (kind, self.cwd)) + # Make sure functional tests find ftesting.zcml + if functional: + config_file = 'ftesting.zcml' +@@ -492,7 +492,7 @@ class PathInit: + # We chdired into build, so ftesting.zcml is in the + # parent directory + config_file = os.path.join('..', 'ftesting.zcml') +- print "Parsing %s" % config_file ++ print("Parsing %s" % config_file) + from zope.app.tests.functional import FunctionalTestSetup + FunctionalTestSetup(config_file) + +@@ -530,7 +530,7 @@ class TestFileFinder: + if not "__init__.py" in files: + if not files or files == ["CVS"]: + return +- print "not a package", dir ++ print("not a package", dir) + return + + # Put matching files in matches. If matches is non-empty, +@@ -549,9 +549,9 @@ class TestFileFinder: + __import__(pkg) + # We specifically do not want to catch ImportError since that's useful + # information to know when running the tests. +- except RuntimeError, e: ++ except RuntimeError as e: + if VERBOSE: +- print "skipping %s because: %s" % (pkg, e) ++ print("skipping %s because: %s" % (pkg, e)) + return + else: + self.files.extend(matches) +@@ -698,16 +698,16 @@ class TrackRefs: + ct = [(type2count[t] - self.type2count.get(t, 0), + type2all[t] - self.type2all.get(t, 0), + t) +- for t in type2count.iterkeys()] ++ for t in type2count.keys()] + ct.sort() + ct.reverse() + printed = False + for delta1, delta2, t in ct: + if delta1 or delta2: + if not printed: +- print "%-55s %8s %8s" % ('', 'insts', 'refs') ++ print("%-55s %8s %8s" % ('', 'insts', 'refs')) + printed = True +- print "%-55s %8d %8d" % (t, delta1, delta2) ++ print("%-55s %8d %8d" % (t, delta1, delta2)) + + self.type2count = type2count + self.type2all = type2all +@@ -729,25 +729,25 @@ def runner(files, test_filter, debug): + if TIMESFN: + r.print_times(open(TIMESFN, "w")) + if VERBOSE: +- print "Wrote timing data to", TIMESFN ++ print("Wrote timing data to", TIMESFN) + if TIMETESTS: + r.print_times(sys.stdout, TIMETESTS) + except: + if DEBUGGER: +- print "%s:" % (sys.exc_info()[0], ) +- print sys.exc_info()[1] ++ print("%s:" % (sys.exc_info()[0], )) ++ print(sys.exc_info()[1]) + pdb.post_mortem(sys.exc_info()[2]) + else: + raise + + def remove_stale_bytecode(arg, dirname, names): +- names = map(os.path.normcase, names) ++ names = list(map(os.path.normcase, names)) + for name in names: + if name.endswith(".pyc") or name.endswith(".pyo"): + srcname = name[:-1] + if srcname not in names: + fullname = os.path.join(dirname, name) +- print "Removing stale bytecode file", fullname ++ print("Removing stale bytecode file", fullname) + os.unlink(fullname) + + def main(module_filter, test_filter, libdir): +@@ -773,12 +773,12 @@ def main(module_filter, test_filter, lib + runner(files, test_filter, DEBUG) + gc.collect() + if gc.garbage: +- print "GARBAGE:", len(gc.garbage), gc.garbage ++ print("GARBAGE:", len(gc.garbage), gc.garbage) + return + if REFCOUNT: + prev = rc + rc = sys.gettotalrefcount() +- print "totalrefcount=%-8d change=%-6d" % (rc, rc - prev) ++ print("totalrefcount=%-8d change=%-6d" % (rc, rc - prev)) + track.update() + else: + runner(files, test_filter, DEBUG) +@@ -801,7 +801,7 @@ def configure_logging(): + else: + logging.basicConfig() + +- if os.environ.has_key("LOGGING"): ++ if "LOGGING" in os.environ: + level = int(os.environ["LOGGING"]) + logging.getLogger().setLevel(level) + +@@ -865,8 +865,8 @@ def process_args(argv=None): + + # import the config file + if os.path.isfile(config_filename): +- print 'Configuration file found.' +- execfile(config_filename, globals()) ++ print('Configuration file found.') ++ exec(compile(open(config_filename).read(), config_filename, 'exec'), globals()) + + + try: +@@ -884,9 +884,9 @@ def process_args(argv=None): + # fixme: add the long names + # fixme: add the extra documentation + # fixme: test for functional first! +- except getopt.error, msg: +- print msg +- print "Try `python %s -h' for more information." % argv[0] ++ except getopt.error as msg: ++ print(msg) ++ print("Try `python %s -h' for more information." % argv[0]) + sys.exit(2) + + for k, v in opts: +@@ -916,13 +916,13 @@ def process_args(argv=None): + RUN_UNIT = True + RUN_FUNCTIONAL = True + elif k in ("-h", "--help"): +- print __doc__ ++ print(__doc__) + sys.exit(0) + elif k in ("-g", "--gc-threshold"): + GC_THRESHOLD = int(v) + elif k in ("-G", "--gc-option"): + if not v.startswith("DEBUG_"): +- print "-G argument must be DEBUG_ flag, not", repr(v) ++ print("-G argument must be DEBUG_ flag, not", repr(v)) + sys.exit(1) + GC_FLAGS.append(v) + elif k in ('-k', '--keepbytecode'): +@@ -968,30 +968,30 @@ def process_args(argv=None): + import pychecker.checker + + if REFCOUNT and not hasattr(sys, "gettotalrefcount"): +- print "-r ignored, because it needs a debug build of Python" ++ print("-r ignored, because it needs a debug build of Python") + REFCOUNT = False + + if sys.version_info < ( 2,3,2 ): +- print """\ ++ print("""\ + ERROR: Your python version is not supported by Zope3. +- Zope3 needs Python 2.3.2 or greater. You are running:""" + sys.version ++ Zope3 needs Python 2.3.2 or greater. You are running:""" + sys.version) + sys.exit(1) + + if GC_THRESHOLD is not None: + if GC_THRESHOLD == 0: + gc.disable() +- print "gc disabled" ++ print("gc disabled") + else: + gc.set_threshold(GC_THRESHOLD) +- print "gc threshold:", gc.get_threshold() ++ print("gc threshold:", gc.get_threshold()) + + if GC_FLAGS: + val = 0 + for flag in GC_FLAGS: + v = getattr(gc, flag, None) + if v is None: +- print "Unknown gc flag", repr(flag) +- print gc.set_debug.__doc__ ++ print("Unknown gc flag", repr(flag)) ++ print(gc.set_debug.__doc__) + sys.exit(1) + val |= v + gcdebug |= v +@@ -1009,10 +1009,10 @@ def process_args(argv=None): + if BUILD_INPLACE: + cmd += "_ext -i" + if VERBOSE: +- print cmd ++ print(cmd) + sts = os.system(cmd) + if sts: +- print "Build failed", hex(sts) ++ print("Build failed", hex(sts)) + sys.exit(1) + + k = [] +@@ -1027,9 +1027,9 @@ def process_args(argv=None): + if VERBOSE: + kind = functional and "FUNCTIONAL" or "UNIT" + if LEVEL == 0: +- print "Running %s tests at all levels" % kind ++ print("Running %s tests at all levels" % kind) + else: +- print "Running %s tests at level %d" % (kind, LEVEL) ++ print("Running %s tests at level %d" % (kind, LEVEL)) + + # This was to avoid functional tests outside of z3, but this doesn't really + # work right. +@@ -1073,20 +1073,20 @@ def process_args(argv=None): + globals=globals(), locals=vars()) + r = tracer.results() + path = "/tmp/trace.%s" % os.getpid() +- import cPickle ++ import pickle + f = open(path, "wb") +- cPickle.dump(r, f) ++ pickle.dump(r, f) + f.close() +- print path ++ print(path) + r.write_results(show_missing=True, + summary=True, coverdir=coverdir) + else: + bad = main(MODULE_FILTER, TEST_FILTER, LIBDIR) + if bad: + sys.exit(1) +- except ImportError, err: +- print err +- print sys.path ++ except ImportError as err: ++ print(err) ++ print(sys.path) + raise + + +Index: xen-4.13.0-testing/tools/configure.ac +=================================================================== +--- xen-4.13.0-testing.orig/tools/configure.ac ++++ xen-4.13.0-testing/tools/configure.ac +@@ -337,14 +337,14 @@ case "$host_os" in + freebsd*) ;; + *) AX_PATH_PROG_OR_FAIL([BASH], [bash]);; + esac +-AS_IF([test -z "$PYTHON"], [AC_CHECK_PROGS([PYTHON], [python python3 python2], err)]) ++AS_IF([test -z "$PYTHON"], [AC_CHECK_PROGS([PYTHON], [python3 python python2], err)]) + AS_IF([test "$PYTHON" = "err"], [AC_MSG_ERROR([No python interpreter found])]) + AS_IF([echo "$PYTHON" | grep -q "^/"], [], [AC_PATH_PROG([PYTHON], [$PYTHON])]) + PYTHONPATH=$PYTHON + PYTHON=`basename $PYTHONPATH` + + AX_PATH_PROG_OR_FAIL([PYTHONPATH], [$PYTHON]) +-AX_CHECK_PYTHON_VERSION([2], [6]) ++AX_CHECK_PYTHON_VERSION([3], [0]) + + AS_IF([test "$cross_compiling" != yes], [ + AX_CHECK_PYTHON_DEVEL() +Index: xen-4.13.0-testing/tools/libxl/idl.py +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/idl.py ++++ xen-4.13.0-testing/tools/libxl/idl.py +@@ -271,7 +271,7 @@ class KeyedUnion(Aggregate): + if not isinstance(keyvar_type, Enumeration): + raise ValueError + +- kv_kwargs = dict([(x.lstrip('keyvar_'),y) for (x,y) in kwargs.items() if x.startswith('keyvar_')]) ++ kv_kwargs = dict([(x.lstrip('keyvar_'),y) for (x,y) in list(kwargs.items()) if x.startswith('keyvar_')]) + + self.keyvar = Field(keyvar_type, keyvar_name, **kv_kwargs) + +@@ -317,7 +317,7 @@ class Array(Type): + kwargs.setdefault('json_parse_type', 'JSON_ARRAY') + Type.__init__(self, namespace=elem_type.namespace, typename=elem_type.rawname + " *", **kwargs) + +- lv_kwargs = dict([(x.lstrip('lenvar_'),y) for (x,y) in kwargs.items() if x.startswith('lenvar_')]) ++ lv_kwargs = dict([(x.lstrip('lenvar_'),y) for (x,y) in list(kwargs.items()) if x.startswith('lenvar_')]) + + self.lenvar = Field(integer, lenvar_name, **lv_kwargs) + self.elem_type = elem_type +@@ -353,7 +353,7 @@ def parse(f): + globs = {} + locs = OrderedDict() + +- for n,t in globals().items(): ++ for n,t in list(globals().items()): + if isinstance(t, Type): + globs[n] = t + elif isinstance(t,type(object)) and issubclass(t, Type): +Index: xen-4.13.0-testing/tools/libxl/gentest.py +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/gentest.py ++++ xen-4.13.0-testing/tools/libxl/gentest.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/python3 + + from __future__ import print_function + +Index: xen-4.13.0-testing/tools/libxl/gentypes.py +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/gentypes.py ++++ xen-4.13.0-testing/tools/libxl/gentypes.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/python3 + + from __future__ import print_function + +Index: xen-4.13.0-testing/tools/ocaml/libs/xentoollog/genlevels.py +=================================================================== +--- xen-4.13.0-testing.orig/tools/ocaml/libs/xentoollog/genlevels.py ++++ xen-4.13.0-testing/tools/ocaml/libs/xentoollog/genlevels.py +@@ -89,7 +89,7 @@ def gen_c(level): + def autogen_header(open_comment, close_comment): + s = open_comment + " AUTO-GENERATED FILE DO NOT EDIT " + close_comment + "\n" + s += open_comment + " autogenerated by \n" +- s += reduce(lambda x,y: x + " ", range(len(open_comment + " ")), "") ++ s += reduce(lambda x,y: x + " ", list(range(len(open_comment + " "))), "") + s += "%s" % " ".join(sys.argv) + s += "\n " + close_comment + "\n\n" + return s +Index: xen-4.13.0-testing/tools/include/xen-foreign/mkheader.py +=================================================================== +--- xen-4.13.0-testing.orig/tools/include/xen-foreign/mkheader.py ++++ xen-4.13.0-testing/tools/include/xen-foreign/mkheader.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/python3 + + import sys, re; + from structs import unions, structs, defines; +Index: xen-4.13.0-testing/tools/include/xen-foreign/mkchecker.py +=================================================================== +--- xen-4.13.0-testing.orig/tools/include/xen-foreign/mkchecker.py ++++ xen-4.13.0-testing/tools/include/xen-foreign/mkchecker.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/python3 + + import sys; + from structs import structs, compat_arches; +Index: xen-4.13.0-testing/xen/tools/gen-cpuid.py +=================================================================== +--- xen-4.13.0-testing.orig/xen/tools/gen-cpuid.py ++++ xen-4.13.0-testing/xen/tools/gen-cpuid.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + # -*- coding: utf-8 -*- + + import sys, os, re +@@ -135,7 +135,7 @@ def crunch_numbers(state): + common_1d = (FPU, VME, DE, PSE, TSC, MSR, PAE, MCE, CX8, APIC, + MTRR, PGE, MCA, CMOV, PAT, PSE36, MMX, FXSR) + +- state.known = featureset_to_uint32s(state.names.keys(), nr_entries) ++ state.known = featureset_to_uint32s(list(state.names.keys()), nr_entries) + state.common_1d = featureset_to_uint32s(common_1d, 1)[0] + state.special = featureset_to_uint32s(state.raw_special, nr_entries) + state.pv = featureset_to_uint32s(state.raw_pv, nr_entries) +@@ -317,11 +317,11 @@ def crunch_numbers(state): + + state.deep_deps[feat] = seen[1:] + +- state.deep_features = featureset_to_uint32s(deps.keys(), nr_entries) +- state.nr_deep_deps = len(state.deep_deps.keys()) ++ state.deep_features = featureset_to_uint32s(list(deps.keys()), nr_entries) ++ state.nr_deep_deps = len(list(state.deep_deps.keys())) + + try: +- _tmp = state.deep_deps.iteritems() ++ _tmp = state.deep_deps.items() + except AttributeError: + _tmp = state.deep_deps.items() + +@@ -329,10 +329,10 @@ def crunch_numbers(state): + state.deep_deps[k] = featureset_to_uint32s(v, nr_entries) + + # Calculate the bitfield name declarations +- for word in xrange(nr_entries): ++ for word in range(nr_entries): + + names = [] +- for bit in xrange(32): ++ for bit in range(32): + + name = state.names.get(word * 32 + bit, "") + +Index: xen-4.13.0-testing/xen/tools/compat-build-source.py +=================================================================== +--- xen-4.13.0-testing.orig/xen/tools/compat-build-source.py ++++ xen-4.13.0-testing/xen/tools/compat-build-source.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + + import re,sys + +Index: xen-4.13.0-testing/xen/tools/compat-build-header.py +=================================================================== +--- xen-4.13.0-testing.orig/xen/tools/compat-build-header.py ++++ xen-4.13.0-testing/xen/tools/compat-build-header.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + + import re,sys + +Index: xen-4.13.0-testing/xen/tools/fig-to-oct.py +=================================================================== +--- xen-4.13.0-testing.orig/xen/tools/fig-to-oct.py ++++ xen-4.13.0-testing/xen/tools/fig-to-oct.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + import sys + + chars_per_line = 18 +Index: xen-4.13.0-testing/tools/misc/xensymoops +=================================================================== +--- xen-4.13.0-testing.orig/tools/misc/xensymoops ++++ xen-4.13.0-testing/tools/misc/xensymoops +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + + # An oops analyser for Xen + # Usage: xensymoops path-to-xen.s < oops-message +@@ -43,12 +43,12 @@ def read_oops(): + return (eip_addr, stack_addresses) + + def usage(): +- print >> sys.stderr, """Usage: %s path-to-asm < oops-msg ++ print("""Usage: %s path-to-asm < oops-msg + The oops message should be fed to the standard input. The + command-line argument specifies the path to the Xen assembly dump + produced by \"make debug\". The location of EIP and the backtrace + will be output to standard output. +- """ % sys.argv[0] ++ """ % sys.argv[0], file=sys.stderr) + sys.exit() + + ##### main +@@ -99,7 +99,7 @@ while True: + + # if this address was seen as a potential code address in the backtrace then + # record it in the backtrace list +- if stk_addrs.has_key(address): ++ if address in stk_addrs: + backtrace.append((stk_addrs[address], address, func)) + + # if this was the address that EIP... +@@ -107,12 +107,12 @@ while True: + eip_func = func + + +-print "EIP %s in function %s" % (eip_addr, eip_func) +-print "Backtrace:" ++print("EIP %s in function %s" % (eip_addr, eip_func)) ++print("Backtrace:") + + # sorting will order primarily by the first element of each tuple, + # i.e. the order in the original oops + backtrace.sort() + + for (i, a, f) in backtrace: +- print "%s in function %s" % ( a, f ) ++ print("%s in function %s" % ( a, f )) diff --git a/disable-building-pv-shim.patch b/disable-building-pv-shim.patch new file mode 100644 index 0000000..91714af --- /dev/null +++ b/disable-building-pv-shim.patch @@ -0,0 +1,13 @@ +--- xen-4.13.0-testing/xen/arch/x86/configs/pvshim_defconfig.orig 2019-10-14 09:46:44.567846243 -0600 ++++ xen-4.13.0-testing/xen/arch/x86/configs/pvshim_defconfig 2019-10-14 09:47:17.722552005 -0600 +@@ -2,8 +2,8 @@ + CONFIG_PV=y + CONFIG_XEN_GUEST=y + CONFIG_PVH_GUEST=y +-CONFIG_PV_SHIM=y +-CONFIG_PV_SHIM_EXCLUSIVE=y ++CONFIG_PV_SHIM=n ++CONFIG_PV_SHIM_EXCLUSIVE=n + CONFIG_NR_CPUS=32 + # Disable features not used by the PV shim + # CONFIG_SHADOW_PAGING is not set diff --git a/etc_pam.d_xen-api b/etc_pam.d_xen-api new file mode 100644 index 0000000..b8a194d --- /dev/null +++ b/etc_pam.d_xen-api @@ -0,0 +1,7 @@ +#%PAM-1.0 +auth required pam_listfile.so onerr=fail item=user \ + sense=allow file=/etc/xen/xenapiusers +auth include common-auth +account include common-account +password include common-password +session include common-session diff --git a/gcc10-fixes.patch b/gcc10-fixes.patch new file mode 100644 index 0000000..409fb74 --- /dev/null +++ b/gcc10-fixes.patch @@ -0,0 +1,202 @@ +References: bsc#1158414 + +For libxlu_pci.c +libxlu_pci.c: In function 'xlu_pci_parse_bdf': +libxlu_pci.c:32:18: error: 'func' may be used uninitialized in this function [-Werror=maybe-uninitialized] + 32 | pcidev->func = func; + | ~~~~~~~~~~~~~^~~~~~ +libxlu_pci.c:51:29: note: 'func' was declared here + 51 | unsigned dom, bus, dev, func, vslot = 0; + | ^~~~ +libxlu_pci.c:31:17: error: 'dev' may be used uninitialized in this function [-Werror=maybe-uninitialized] + 31 | pcidev->dev = dev; + | ~~~~~~~~~~~~^~~~~ +libxlu_pci.c:51:24: note: 'dev' was declared here + 51 | unsigned dom, bus, dev, func, vslot = 0; + | ^~~ +libxlu_pci.c:30:17: error: 'bus' may be used uninitialized in this function [-Werror=maybe-uninitialized] + 30 | pcidev->bus = bus; + | ~~~~~~~~~~~~^~~~~ +libxlu_pci.c:51:19: note: 'bus' was declared here + 51 | unsigned dom, bus, dev, func, vslot = 0; + | ^~~ +libxlu_pci.c:29:20: error: 'dom' may be used uninitialized in this function [-Werror=maybe-uninitialized] + 29 | pcidev->domain = domain; + | ~~~~~~~~~~~~~~~^~~~~~~~ +libxlu_pci.c:51:14: note: 'dom' was declared here + 51 | unsigned dom, bus, dev, func, vslot = 0; + | ^~~ + + +For kdd.c +kdd.c: In function 'kdd_tx': +kdd.c:408:30: error: array subscript 65534 is outside the bounds of an interior zero-length array 'uint8_t[0]' {aka 'unsigned char[0]'} [-Werror=zero-length-bounds] + 408 | sum += s->txp.payload[i]; + | ~~~~~~~~~~~~~~^~~ +In file included from kdd.c:52: +kdd.h:326:17: note: while referencing 'payload' + 326 | uint8_t payload[0]; + | ^~~~~~~ +cc1: all warnings being treated as errors + + +For ssl_tls.c +ssl_tls.c: In function 'ssl_session_reset': +ssl_tls.c:1778:5: warning: 'memset' used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size] + 1778 | memset( ssl->ctx_enc, 0, 128 ); + | ^~~~~~ +ssl_tls.c:1779:5: warning: 'memset' used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size] + 1779 | memset( ssl->ctx_dec, 0, 128 ); + | ^~~~~~ +ssl_tls.c: In function 'ssl_encrypt_buf': +ssl_tls.c:633:68: warning: this statement may fall through [-Wimplicit-fallthrough=] + 633 | ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA || +ssl_tls.c:643:13: note: here + 643 | default: + | ^~~~~~~ +ssl_tls.c: In function 'ssl_decrypt_buf': +ssl_tls.c:738:68: warning: this statement may fall through [-Wimplicit-fallthrough=] + 738 | ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA || +ssl_tls.c:748:13: note: here + 748 | default: + | ^~~~~~~ + +For xenstored_core.h +ld: /home/abuild/rpmbuild/BUILD/xen-4.13.0-testing/stubdom/xenstore/xenstored.a(xenstored_watch.o):/home/abuild/rpmbuild/BUILD/xen-4.13.0-testing/stubdom/xenstore/xenstored_core.h:207: multiple definition of `xgt_handle'; /home/abuild/rpmbuild/BUILD/xen-4.13.0-testing/stubdom/xenstore/xenstored.a(xenstored_core.o):/home/abuild/rpmbuild/BUILD/xen-4.13.0-testing/stubdom/xenstore/xenstored_core.h:207: first defined here + + +For utils.h +ld: /home/abuild/rpmbuild/BUILD/xen-4.13.0-testing/stubdom/xenstore/xenstored.a(xenstored_watch.o):/home/abuild/rpmbuild/BUILD/xen-4.13.0-testing/stubdom/xenstore/utils.h:27: multiple definition of `xprintf'; /home/abuild/rpmbuild/BUILD/xen-4.13.0-testing/stubdom/xenstore/xenstored.a(xenstored_core.o):/home/abuild/rpmbuild/BUILD/xen-4.13.0-testing/stubdom/xenstore/utils.h:27: first defined here + + +for libxl_utils.h +specified bound 108 equals destination size [-Werror=stringop-truncation] + + +xenpmd.c: In function 'get_next_battery_file': +xenpmd.c:92:37: error: '%s' directive output may be truncated writing between 4 and 2147483645 bytes into a region of size 271 [-Werror=format-truncation=] + 92 | #define BATTERY_STATE_FILE_PATH "/tmp/battery/%s/state" + | ^~~~~~~~~~~~~~~~~~~~~~~ +xenpmd.c:117:52: note: in expansion of macro 'BATTERY_STATE_FILE_PATH' + 117 | snprintf(file_name, sizeof(file_name), BATTERY_STATE_FILE_PATH, + | ^~~~~~~~~~~~~~~~~~~~~~~ + + +Index: xen-4.13.0-testing/tools/libxl/libxlu_pci.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxlu_pci.c ++++ xen-4.13.0-testing/tools/libxl/libxlu_pci.c +@@ -22,6 +22,9 @@ static int hex_convert(const char *str, + return 0; + } + ++#if __GNUC__ >= 10 ++#pragma GCC diagnostic ignored "-Wmaybe-uninitialized" ++#endif + static int pcidev_struct_fill(libxl_device_pci *pcidev, unsigned int domain, + unsigned int bus, unsigned int dev, + unsigned int func, unsigned int vdevfn) +Index: xen-4.13.0-testing/tools/debugger/kdd/kdd.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/debugger/kdd/kdd.c ++++ xen-4.13.0-testing/tools/debugger/kdd/kdd.c +@@ -396,6 +396,9 @@ static void find_os(kdd_state *s) + */ + + ++#if __GNUC__ >= 10 ++#pragma GCC diagnostic ignored "-Wzero-length-bounds" ++#endif + /* Send a serial packet */ + static void kdd_tx(kdd_state *s) + { +Index: xen-4.13.0-testing/stubdom/polarssl.patch +=================================================================== +--- xen-4.13.0-testing.orig/stubdom/polarssl.patch ++++ xen-4.13.0-testing/stubdom/polarssl.patch +@@ -62,3 +62,25 @@ diff -Naur polarssl-1.1.4/library/bignum + t_udbl r; + + r = (t_udbl) X.p[i] << biL; ++--- polarssl-1.1.4/library/ssl_tls.c.orig 2012-05-30 01:39:36.000000000 -0600 +++++ polarssl-1.1.4/library/ssl_tls.c 2020-03-10 10:17:26.270755351 -0600 ++@@ -487,6 +487,9 @@ static void ssl_mac_sha1( unsigned char ++ sha1_finish( &sha1, buf + len ); ++ } ++ +++#if __GNUC__ >= 10 +++#pragma GCC diagnostic ignored "-Wimplicit-fallthrough=" +++#endif ++ /* ++ * Encryption/decryption functions ++ */ ++@@ -1739,6 +1742,9 @@ int ssl_init( ssl_context *ssl ) ++ return( 0 ); ++ } ++ +++#if __GNUC__ >= 10 +++#pragma GCC diagnostic ignored "-Wmemset-elt-size" +++#endif ++ /* ++ * Reset an initialized and used SSL context for re-use while retaining ++ * all application-set variables, function pointers and data. +Index: xen-4.13.0-testing/tools/xenstore/xenstored_core.h +=================================================================== +--- xen-4.13.0-testing.orig/tools/xenstore/xenstored_core.h ++++ xen-4.13.0-testing/tools/xenstore/xenstored_core.h +@@ -204,7 +204,11 @@ void finish_daemonize(void); + /* Open a pipe for signal handling */ + void init_pipe(int reopen_log_pipe[2]); + ++#if __GNUC__ >= 10 ++extern xengnttab_handle **xgt_handle; ++#else + xengnttab_handle **xgt_handle; ++#endif + + int remember_string(struct hashtable *hash, const char *str); + +Index: xen-4.13.0-testing/tools/xenstore/utils.h +=================================================================== +--- xen-4.13.0-testing.orig/tools/xenstore/utils.h ++++ xen-4.13.0-testing/tools/xenstore/utils.h +@@ -24,7 +24,11 @@ static inline bool strends(const char *a + void barf(const char *fmt, ...) __attribute__((noreturn)); + void barf_perror(const char *fmt, ...) __attribute__((noreturn)); + ++#if __GNUC__ >= 10 ++extern void (*xprintf)(const char *fmt, ...); ++#else + void (*xprintf)(const char *fmt, ...); ++#endif + + #define eprintf(_fmt, _args...) xprintf("[ERR] %s" _fmt, __FUNCTION__, ##_args) + +Index: xen-4.13.0-testing/tools/libxl/libxl_utils.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_utils.c ++++ xen-4.13.0-testing/tools/libxl/libxl_utils.c +@@ -1248,6 +1248,9 @@ int libxl__random_bytes(libxl__gc *gc, u + return ret; + } + ++#if __GNUC__ >= 10 ++#pragma GCC diagnostic ignored "-Wstringop-truncation" ++#endif + int libxl__prepare_sockaddr_un(libxl__gc *gc, + struct sockaddr_un *un, const char *path, + const char *what) +Index: xen-4.13.0-testing/tools/xenpmd/xenpmd.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/xenpmd/xenpmd.c ++++ xen-4.13.0-testing/tools/xenpmd/xenpmd.c +@@ -86,6 +86,9 @@ struct battery_status { + + static struct xs_handle *xs; + ++#if __GNUC__ >= 10 ++#pragma GCC diagnostic ignored "-Wformat-truncation" ++#endif + #ifdef RUN_IN_SIMULATE_MODE + #define BATTERY_DIR_PATH "/tmp/battery" + #define BATTERY_INFO_FILE_PATH "/tmp/battery/%s/info" diff --git a/hibernate.patch b/hibernate.patch new file mode 100644 index 0000000..d3b1bb7 --- /dev/null +++ b/hibernate.patch @@ -0,0 +1,44 @@ +Index: xen-4.8.0-testing/tools/libacpi/ssdt_s3.asl +=================================================================== +--- xen-4.8.0-testing.orig/tools/libacpi/ssdt_s3.asl ++++ xen-4.8.0-testing/tools/libacpi/ssdt_s3.asl +@@ -16,13 +16,9 @@ + + DefinitionBlock ("SSDT_S3.aml", "SSDT", 2, "Xen", "HVM", 0) + { +- /* Must match piix emulation */ +- Name (\_S3, Package (0x04) +- { +- 0x01, /* PM1a_CNT.SLP_TYP */ +- 0x01, /* PM1b_CNT.SLP_TYP */ +- 0x0, /* reserved */ +- 0x0 /* reserved */ +- }) ++ /* ++ * Turn off support for s3 sleep state to deal with SVVP tests. ++ * This is what MSFT does on HyperV. ++ */ + } + +Index: xen-4.8.0-testing/tools/libacpi/ssdt_s4.asl +=================================================================== +--- xen-4.8.0-testing.orig/tools/libacpi/ssdt_s4.asl ++++ xen-4.8.0-testing/tools/libacpi/ssdt_s4.asl +@@ -16,13 +16,9 @@ + + DefinitionBlock ("SSDT_S4.aml", "SSDT", 2, "Xen", "HVM", 0) + { +- /* Must match piix emulation */ +- Name (\_S4, Package (0x04) +- { +- 0x00, /* PM1a_CNT.SLP_TYP */ +- 0x00, /* PM1b_CNT.SLP_TYP */ +- 0x00, /* reserved */ +- 0x00 /* reserved */ +- }) ++ /* ++ * Turn off support for s4 sleep state to deal with SVVP tests. ++ * This is what MSFT does on HyperV. ++ */ + } + diff --git a/ignore-ip-command-script-errors.patch b/ignore-ip-command-script-errors.patch new file mode 100644 index 0000000..7457873 --- /dev/null +++ b/ignore-ip-command-script-errors.patch @@ -0,0 +1,48 @@ +References: bsc#1172356 +The bug is that virt-manager reports a failure when in fact +the host and guest have added the network interface. The Xen +scripts are failing with an error when in fact that command +is succeeding. + +The 'ip' commands seem to abort the script due to a 'set -e' in +xen-script-common.sh with what appears to be an error condition. +However, the command actually succeeds when checked from the +host console or also by inserting a sleep before each ip command +and executing it manually at the command line. This seems to be +an artifact of using 'set -e' everywhere. + +--- xen-4.13.1-testing.orig/tools/hotplug/Linux/xen-network-common.sh ++++ xen-4.13.1-testing/tools/hotplug/Linux/xen-network-common.sh +@@ -90,7 +90,7 @@ _setup_bridge_port() { + local virtual="$2" + + # take interface down ... +- ip link set dev ${dev} down ++ (ip link set dev ${dev} down || true) + + if [ $virtual -ne 0 ] ; then + # Initialise a dummy MAC address. We choose the numerically +@@ -101,7 +101,7 @@ _setup_bridge_port() { + fi + + # ... and configure it +- ip address flush dev ${dev} ++ (ip address flush dev ${dev} || true) + } + + setup_physical_bridge_port() { +@@ -138,11 +138,11 @@ add_to_bridge () { + return + fi + if [ "$legacy_tools" ]; then +- brctl addif ${bridge} ${dev} ++ (brctl addif ${bridge} ${dev} || true) + else +- ip link set "$dev" master "$bridge" ++ (ip link set "$dev" master "$bridge" || true) + fi +- ip link set dev ${dev} up ++ (ip link set dev ${dev} up || true) + } + + # Usage: set_mtu bridge dev diff --git a/init.pciback b/init.pciback new file mode 100644 index 0000000..db0d79d --- /dev/null +++ b/init.pciback @@ -0,0 +1,119 @@ +#!/bin/bash +# +# Copyright (c) 2014 SUSE GmbH Nuernberg, Germany. All rights reserved. +# +# /etc/init.d/pciback +# +### BEGIN INIT INFO +# Provides: pciback +# Required-Start: $syslog $network +# Should-Start: $null +# Required-Stop: $syslog $network +# Should-Stop: $null +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Description: bind PCI devices to pciback +### END INIT INFO + +. /etc/rc.status +. /etc/sysconfig/pciback + +rc_reset + +load_pciback() { + if ! lsmod | grep -qi "pciback" + then + echo "Loading pciback ..." + modprobe pciback + fi +} + +unload_pciback() { + if lsmod | grep -qi "pciback" + then + echo "Unloading pciback ..." + modprobe -r pciback + fi +} + +bind_dev_to_pciback() { + for DEVICE in ${XEN_PCI_HIDE_LIST} + do + local DRV=`echo ${DEVICE} | /usr/bin/cut -d "," -f 1` + local PCIID=`echo ${DEVICE} | /usr/bin/cut -d "," -f 2` + + if ! ls /sys/bus/pci/drivers/pciback/${PCIID} > /dev/null 2>&1 + then + echo "Binding ${PCIID} ..." + if ls /sys/bus/pci/drivers/${DRV}/${PCIID} > /dev/null 2>&1 + then + echo -n ${PCIID} > /sys/bus/pci/drivers/${DRV}/unbind + fi + echo -n ${PCIID} > /sys/bus/pci/drivers/pciback/new_slot + echo -n ${PCIID} > /sys/bus/pci/drivers/pciback/bind + fi + done +} + +unbind_dev_from_pciback() { + for DEVICE in ${XEN_PCI_HIDE_LIST} + do + local DRV=`echo ${DEVICE} | /usr/bin/cut -d "," -f 1` + local PCIID=`echo ${DEVICE} | /usr/bin/cut -d "," -f 2` + + if ls /sys/bus/pci/drivers/pciback/${PCIID} > /dev/null + then + echo "Unbinding ${PCIID} ..." + echo -n ${PCIID} > /sys/bus/pci/drivers/pciback/unbind + fi + done +} + +test "uname -r" | grep xen && exit 0 + +case $1 in + start) + echo "Starting pciback ..." + echo + load_pciback + bind_dev_to_pciback + + rc_status -v -r + ;; + stop) + echo "Stopping pciback ..." + echo + unbind_dev_from_pciback + unload_pciback + + rc_status -v + ;; + reload|restart) + echo "Stopping pciback ..." + echo + unbind_dev_from_pciback + unload_pciback + echo "Starting pciback ..." + echo + load_pciback + bind_dev_to_pciback + ;; + status) + if lsmod | grep -qi pciback + then + echo + echo "pciback: loaded" + echo + echo "Currently bound devices ..." + echo "-----------------------------" + ls /sys/bus/pci/drivers/pciback | grep ^0000 + echo + else + echo "pciback: not loaded" + fi + ;; + *) + echo "Usage: $0 [start|stop|restart|reload|status]" + exit 1 + ;; +esac diff --git a/init.xen_loop b/init.xen_loop new file mode 100644 index 0000000..a60fc11 --- /dev/null +++ b/init.xen_loop @@ -0,0 +1,2 @@ +# Increase the number of loopback devices available for vm creation +options loop max_loop=64 diff --git a/ipxe-enable-nics.patch b/ipxe-enable-nics.patch new file mode 100644 index 0000000..2379374 --- /dev/null +++ b/ipxe-enable-nics.patch @@ -0,0 +1,9 @@ +Index: xen-4.2.0-testing/tools/firmware/etherboot/Config +=================================================================== +--- xen-4.2.0-testing.orig/tools/firmware/etherboot/Config ++++ xen-4.2.0-testing/tools/firmware/etherboot/Config +@@ -1,3 +1,4 @@ ++NICS = rtl8139 8086100e eepro100 e1000 pcnet32 10ec8029 + + CFLAGS += -UPXE_DHCP_STRICT + CFLAGS += -DPXE_DHCP_STRICT diff --git a/ipxe-no-error-logical-not-parentheses.patch b/ipxe-no-error-logical-not-parentheses.patch new file mode 100644 index 0000000..92a0562 --- /dev/null +++ b/ipxe-no-error-logical-not-parentheses.patch @@ -0,0 +1,23 @@ +Index: xen-4.8.0-testing/tools/firmware/etherboot/patches/ipxe-no-error-logical-not-parentheses.patch +=================================================================== +--- /dev/null ++++ xen-4.8.0-testing/tools/firmware/etherboot/patches/ipxe-no-error-logical-not-parentheses.patch +@@ -0,0 +1,11 @@ ++--- ipxe/src/Makefile.housekeeping.orig 2015-03-12 12:15:50.054891858 +0000 +++++ ipxe/src/Makefile.housekeeping 2015-03-12 12:16:05.978071221 +0000 ++@@ -415,7 +415,7 @@ ++ # Inhibit -Werror if NO_WERROR is specified on make command line ++ # ++ ifneq ($(NO_WERROR),1) ++-CFLAGS += -Werror +++CFLAGS += -Werror -Wno-logical-not-parentheses ++ ASFLAGS += --fatal-warnings ++ endif ++ +Index: xen-4.8.0-testing/tools/firmware/etherboot/patches/series +=================================================================== +--- xen-4.8.0-testing.orig/tools/firmware/etherboot/patches/series ++++ xen-4.8.0-testing/tools/firmware/etherboot/patches/series +@@ -1 +1,2 @@ + boot_prompt_option.patch ++ipxe-no-error-logical-not-parentheses.patch diff --git a/ipxe-use-rpm-opt-flags.patch b/ipxe-use-rpm-opt-flags.patch new file mode 100644 index 0000000..a96c5d6 --- /dev/null +++ b/ipxe-use-rpm-opt-flags.patch @@ -0,0 +1,26 @@ +References: bsc#969377 - xen does not build with GCC 6 + +Index: xen-4.8.0-testing/tools/firmware/etherboot/patches/ipxe-use-rpm-opt-flags.patch +=================================================================== +--- /dev/null ++++ xen-4.8.0-testing/tools/firmware/etherboot/patches/ipxe-use-rpm-opt-flags.patch +@@ -0,0 +1,11 @@ ++--- ipxe/src/Makefile.orig 2016-03-04 15:48:15.000000000 -0700 +++++ ipxe/src/Makefile 2016-03-04 15:48:40.000000000 -0700 ++@@ -4,7 +4,7 @@ ++ # ++ ++ CLEANUP := ++-CFLAGS := +++CFLAGS := $(RPM_OPT_FLAGS) -Wno-error=array-bounds -Wno-nonnull-compare -Wno-unused-const-variable -Wno-misleading-indentation -Wno-shift-negative-value -Wno-implicit-fallthrough -Wno-nonnull ++ ASFLAGS := ++ LDFLAGS := ++ MAKEDEPS := Makefile +Index: xen-4.8.0-testing/tools/firmware/etherboot/patches/series +=================================================================== +--- xen-4.8.0-testing.orig/tools/firmware/etherboot/patches/series ++++ xen-4.8.0-testing/tools/firmware/etherboot/patches/series +@@ -1,2 +1,3 @@ + boot_prompt_option.patch + ipxe-no-error-logical-not-parentheses.patch ++ipxe-use-rpm-opt-flags.patch diff --git a/libxc.migrate_tracking.patch b/libxc.migrate_tracking.patch new file mode 100644 index 0000000..14d1624 --- /dev/null +++ b/libxc.migrate_tracking.patch @@ -0,0 +1,220 @@ +Track live migration state unconditionally in logfiles to see how long a domU was suspended. +Depends on libxc.sr.superpage.patch + +--- a/tools/libxc/xc_domain.c ++++ b/tools/libxc/xc_domain.c +@@ -69,20 +69,26 @@ int xc_domain_cacheflush(xc_interface *x + int xc_domain_pause(xc_interface *xch, + uint32_t domid) + { ++ int ret; + DECLARE_DOMCTL; + domctl.cmd = XEN_DOMCTL_pausedomain; + domctl.domain = domid; +- return do_domctl(xch, &domctl); ++ ret = do_domctl(xch, &domctl); ++ SUSEINFO("domid %u: %s returned %d", domid, __func__, ret); ++ return ret; + } + + + int xc_domain_unpause(xc_interface *xch, + uint32_t domid) + { ++ int ret; + DECLARE_DOMCTL; + domctl.cmd = XEN_DOMCTL_unpausedomain; + domctl.domain = domid; +- return do_domctl(xch, &domctl); ++ ret = do_domctl(xch, &domctl); ++ SUSEINFO("domid %u: %s returned %d", domid, __func__, ret); ++ return ret; + } + + +--- a/tools/libxc/xc_private.h ++++ b/tools/libxc/xc_private.h +@@ -42,6 +42,11 @@ + + #include <xen-tools/libs.h> + ++#define SUSEINFO(_m, _a...) do { int ERROR_errno = errno; \ ++ xc_report(xch, xch->error_handler, XTL_ERROR, XC_ERROR_NONE, "SUSEINFO: " _m , ## _a ); \ ++ errno = ERROR_errno; \ ++ } while (0) ++ + #if defined(HAVE_VALGRIND_MEMCHECK_H) && !defined(NDEBUG) && !defined(__MINIOS__) + /* Compile in Valgrind client requests? */ + #include <valgrind/memcheck.h> +--- a/tools/libxc/xc_resume.c ++++ b/tools/libxc/xc_resume.c +@@ -284,7 +284,9 @@ out: + */ + int xc_domain_resume(xc_interface *xch, uint32_t domid, int fast) + { +- return (fast ++ int ret = (fast + ? xc_domain_resume_cooperative(xch, domid) + : xc_domain_resume_any(xch, domid)); ++ SUSEINFO("domid %u: %s%s returned %d", domid, __func__, fast ? " fast" : "", ret); ++ return ret; + } +--- a/tools/libxc/xc_sr_common.c ++++ b/tools/libxc/xc_sr_common.c +@@ -196,6 +196,65 @@ bool _xc_sr_bitmap_resize(struct xc_sr_b + return true; + } + ++/* Write a two-character hex representation of 'byte' to digits[]. ++ Pre-condition: sizeof(digits) >= 2 */ ++static void byte_to_hex(char *digits, const uint8_t byte) ++{ ++ uint8_t nybbel = byte >> 4; ++ ++ if ( nybbel > 9 ) ++ digits[0] = 'a' + nybbel-10; ++ else ++ digits[0] = '0' + nybbel; ++ ++ nybbel = byte & 0x0f; ++ if ( nybbel > 9 ) ++ digits[1] = 'a' + nybbel-10; ++ else ++ digits[1] = '0' + nybbel; ++} ++ ++/* Convert an array of 16 unsigned bytes to a DCE/OSF formatted UUID ++ string. ++ ++ Pre-condition: sizeof(dest) >= 37 */ ++void sr_uuid_to_string(char *dest, const uint8_t *uuid) ++{ ++ int i = 0; ++ char *p = dest; ++ ++ for (; i < 4; i++ ) ++ { ++ byte_to_hex(p, uuid[i]); ++ p += 2; ++ } ++ *p++ = '-'; ++ for (; i < 6; i++ ) ++ { ++ byte_to_hex(p, uuid[i]); ++ p += 2; ++ } ++ *p++ = '-'; ++ for (; i < 8; i++ ) ++ { ++ byte_to_hex(p, uuid[i]); ++ p += 2; ++ } ++ *p++ = '-'; ++ for (; i < 10; i++ ) ++ { ++ byte_to_hex(p, uuid[i]); ++ p += 2; ++ } ++ *p++ = '-'; ++ for (; i < 16; i++ ) ++ { ++ byte_to_hex(p, uuid[i]); ++ p += 2; ++ } ++ *p = '\0'; ++} ++ + /* + * Local variables: + * mode: C +--- a/tools/libxc/xc_sr_common.h ++++ b/tools/libxc/xc_sr_common.h +@@ -195,6 +195,7 @@ struct xc_sr_context + int fd; + + xc_dominfo_t dominfo; ++ char uuid[16*2+4+1]; + + union /* Common save or restore data. */ + { +@@ -427,6 +428,8 @@ static inline int pfn_set_populated(stru + return 0; + } + ++extern void sr_uuid_to_string(char *dest, const uint8_t *uuid); ++ + struct xc_sr_record + { + uint32_t type; +--- a/tools/libxc/xc_sr_restore.c ++++ b/tools/libxc/xc_sr_restore.c +@@ -608,6 +608,7 @@ static int restore(struct xc_sr_context + struct xc_sr_record rec; + int rc, saved_rc = 0, saved_errno = 0; + ++ SUSEINFO("domid %u: %s %s start", ctx->domid, ctx->uuid, __func__); + IPRINTF("Restoring domain"); + + rc = setup(ctx); +@@ -684,6 +685,7 @@ static int restore(struct xc_sr_context + PERROR("Restore failed"); + + done: ++ SUSEINFO("domid %u: %s done", ctx->domid, __func__); + cleanup(ctx); + + if ( saved_rc ) +@@ -748,6 +750,7 @@ int xc_domain_restore(xc_interface *xch, + } + + ctx.domid = dom; ++ sr_uuid_to_string(ctx.uuid, ctx.dominfo.handle); + + if ( read_headers(&ctx) ) + return -1; +--- a/tools/libxc/xc_sr_save.c ++++ b/tools/libxc/xc_sr_save.c +@@ -852,6 +852,7 @@ static int save(struct xc_sr_context *ct + xc_interface *xch = ctx->xch; + int rc, saved_rc = 0, saved_errno = 0; + ++ SUSEINFO("domid %u: %s %s start, %lu pages allocated", ctx->domid, ctx->uuid, __func__, ctx->dominfo.nr_pages); + IPRINTF("Saving domain %d, type %s", + ctx->domid, dhdr_type_to_str(guest_type)); + +@@ -964,6 +965,7 @@ static int save(struct xc_sr_context *ct + PERROR("Save failed"); + + done: ++ SUSEINFO("domid %u: %s done", ctx->domid, __func__); + cleanup(ctx); + + if ( saved_rc ) +@@ -1019,6 +1021,10 @@ static int suse_precopy_policy(struct pr + goto out; + } + /* Keep going */ ++ if ( stats.dirty_count >= 0 ) ++ SUSEINFO("domid %u: dirty pages %ld after iteration %u/%u", ++ suse_flags.ctx->domid, ++ suse_flags.dirty_count, stats.iteration, suse_flags.max_iters); + return XGS_POLICY_CONTINUE_PRECOPY; + + out: +@@ -1032,6 +1038,8 @@ out: + return XGS_POLICY_ABORT; + } + suspend: ++ SUSEINFO("domid %u: suspending, remaining dirty pages %ld prior final transit", ++ suse_flags.ctx->domid, suse_flags.dirty_count); + return XGS_POLICY_STOP_AND_COPY; + } + +@@ -1095,6 +1103,7 @@ int xc_domain_save_suse(xc_interface *xc + } + + ctx.domid = dom; ++ sr_uuid_to_string(ctx.uuid, ctx.dominfo.handle); + + if ( ctx.dominfo.hvm ) + { diff --git a/libxc.sr.superpage.patch b/libxc.sr.superpage.patch new file mode 100644 index 0000000..ccb66bc --- /dev/null +++ b/libxc.sr.superpage.patch @@ -0,0 +1,905 @@ +tools/libxc: use superpages during restore of HVM guest +bsc#1035231 - migration of HVM domU does not use superpages on destination dom0 +bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored + +During creating of a HVM domU meminit_hvm() tries to map superpages. +After save/restore or migration this mapping is lost, everything is +allocated in single pages. This causes a performance degradition after +migration. + +Add neccessary code to preallocate a superpage for the chunk of pfns +that is received. In case a pfn was not populated on the sending side it +must be freed on the receiving side to avoid over-allocation. + +The existing code for x86_pv is moved unmodified into its own file. +Index: xen-4.13.1-testing/tools/libxc/xc_dom_x86.c +=================================================================== +--- xen-4.13.1-testing.orig/tools/libxc/xc_dom_x86.c ++++ xen-4.13.1-testing/tools/libxc/xc_dom_x86.c +@@ -45,11 +45,6 @@ + + #define SUPERPAGE_BATCH_SIZE 512 + +-#define SUPERPAGE_2MB_SHIFT 9 +-#define SUPERPAGE_2MB_NR_PFNS (1UL << SUPERPAGE_2MB_SHIFT) +-#define SUPERPAGE_1GB_SHIFT 18 +-#define SUPERPAGE_1GB_NR_PFNS (1UL << SUPERPAGE_1GB_SHIFT) +- + #define X86_CR0_PE 0x01 + #define X86_CR0_ET 0x10 + +Index: xen-4.13.1-testing/tools/libxc/xc_private.h +=================================================================== +--- xen-4.13.1-testing.orig/tools/libxc/xc_private.h ++++ xen-4.13.1-testing/tools/libxc/xc_private.h +@@ -71,6 +71,11 @@ struct iovec { + #define DECLARE_FLASK_OP struct xen_flask_op op + #define DECLARE_PLATFORM_OP struct xen_platform_op platform_op + ++#define SUPERPAGE_2MB_SHIFT 9 ++#define SUPERPAGE_2MB_NR_PFNS (1UL << SUPERPAGE_2MB_SHIFT) ++#define SUPERPAGE_1GB_SHIFT 18 ++#define SUPERPAGE_1GB_NR_PFNS (1UL << SUPERPAGE_1GB_SHIFT) ++ + #undef PAGE_SHIFT + #undef PAGE_SIZE + #undef PAGE_MASK +Index: xen-4.13.1-testing/tools/libxc/xc_sr_common.c +=================================================================== +--- xen-4.13.1-testing.orig/tools/libxc/xc_sr_common.c ++++ xen-4.13.1-testing/tools/libxc/xc_sr_common.c +@@ -156,6 +156,47 @@ static void __attribute__((unused)) buil + } + + /* ++ * Expand the tracking structures as needed. ++ * To avoid realloc()ing too excessively, the size increased to the nearest power ++ * of two large enough to contain the required number of bits. ++ */ ++bool _xc_sr_bitmap_resize(struct xc_sr_bitmap *bm, unsigned long bits) ++{ ++ if (bits > bm->bits) ++ { ++ size_t new_max; ++ size_t old_sz, new_sz; ++ void *p; ++ ++ /* Round up to the nearest power of two larger than bit, less 1. */ ++ new_max = bits; ++ new_max |= new_max >> 1; ++ new_max |= new_max >> 2; ++ new_max |= new_max >> 4; ++ new_max |= new_max >> 8; ++ new_max |= new_max >> 16; ++#ifdef __x86_64__ ++ new_max |= new_max >> 32; ++#endif ++ ++ old_sz = bitmap_size(bm->bits + 1); ++ new_sz = bitmap_size(new_max + 1); ++ p = realloc(bm->p, new_sz); ++ if (!p) ++ return false; ++ ++ if (bm->p) ++ memset(p + old_sz, 0, new_sz - old_sz); ++ else ++ memset(p, 0, new_sz); ++ ++ bm->p = p; ++ bm->bits = new_max; ++ } ++ return true; ++} ++ ++/* + * Local variables: + * mode: C + * c-file-style: "BSD" +Index: xen-4.13.1-testing/tools/libxc/xc_sr_common.h +=================================================================== +--- xen-4.13.1-testing.orig/tools/libxc/xc_sr_common.h ++++ xen-4.13.1-testing/tools/libxc/xc_sr_common.h +@@ -140,6 +140,16 @@ struct xc_sr_restore_ops + int (*setup)(struct xc_sr_context *ctx); + + /** ++ * Populate PFNs ++ * ++ * Given a set of pfns, obtain memory from Xen to fill the physmap for the ++ * unpopulated subset. ++ */ ++ int (*populate_pfns)(struct xc_sr_context *ctx, unsigned count, ++ const xen_pfn_t *original_pfns, const uint32_t *types); ++ ++ ++ /** + * Process an individual record from the stream. The caller shall take + * care of processing common records (e.g. END, PAGE_DATA). + * +@@ -172,6 +182,12 @@ struct xc_sr_x86_pv_restore_vcpu + size_t basicsz, extdsz, xsavesz, msrsz; + }; + ++struct xc_sr_bitmap ++{ ++ void *p; ++ unsigned long bits; ++}; ++ + struct xc_sr_context + { + xc_interface *xch; +@@ -216,6 +232,8 @@ struct xc_sr_context + + int send_back_fd; + unsigned long p2m_size; ++ unsigned long max_pages; ++ unsigned long tot_pages; + xc_hypercall_buffer_t dirty_bitmap_hbuf; + + /* From Image Header. */ +@@ -253,8 +271,7 @@ struct xc_sr_context + uint32_t xenstore_domid, console_domid; + + /* Bitmap of currently populated PFNs during restore. */ +- unsigned long *populated_pfns; +- xen_pfn_t max_populated_pfn; ++ struct xc_sr_bitmap populated_pfns; + + /* Sender has invoked verify mode on the stream. */ + bool verify; +@@ -329,6 +346,12 @@ struct xc_sr_context + /* HVM context blob. */ + void *context; + size_t contextsz; ++ ++ /* Bitmap of currently allocated PFNs during restore. */ ++ struct xc_sr_bitmap attempted_1g; ++ struct xc_sr_bitmap attempted_2m; ++ struct xc_sr_bitmap allocated_pfns; ++ xen_pfn_t idx1G_prev, idx2M_prev; + } restore; + }; + } x86_hvm; +@@ -341,6 +364,69 @@ extern struct xc_sr_save_ops save_ops_x8 + extern struct xc_sr_restore_ops restore_ops_x86_pv; + extern struct xc_sr_restore_ops restore_ops_x86_hvm; + ++extern bool _xc_sr_bitmap_resize(struct xc_sr_bitmap *bm, unsigned long bits); ++ ++static inline bool xc_sr_bitmap_resize(struct xc_sr_bitmap *bm, unsigned long bits) ++{ ++ if (bits > bm->bits) ++ return _xc_sr_bitmap_resize(bm, bits); ++ return true; ++} ++ ++static inline void xc_sr_bitmap_free(struct xc_sr_bitmap *bm) ++{ ++ free(bm->p); ++ bm->p = NULL; ++} ++ ++static inline bool xc_sr_set_bit(unsigned long bit, struct xc_sr_bitmap *bm) ++{ ++ if (!xc_sr_bitmap_resize(bm, bit)) ++ return false; ++ ++ set_bit(bit, bm->p); ++ return true; ++} ++ ++static inline bool xc_sr_test_bit(unsigned long bit, struct xc_sr_bitmap *bm) ++{ ++ if (bit > bm->bits) ++ return false; ++ return !!test_bit(bit, bm->p); ++} ++ ++static inline bool xc_sr_test_and_clear_bit(unsigned long bit, struct xc_sr_bitmap *bm) ++{ ++ if (bit > bm->bits) ++ return false; ++ return !!test_and_clear_bit(bit, bm->p); ++} ++ ++static inline bool xc_sr_test_and_set_bit(unsigned long bit, struct xc_sr_bitmap *bm) ++{ ++ if (bit > bm->bits) ++ return false; ++ return !!test_and_set_bit(bit, bm->p); ++} ++ ++static inline bool pfn_is_populated(struct xc_sr_context *ctx, xen_pfn_t pfn) ++{ ++ return xc_sr_test_bit(pfn, &ctx->restore.populated_pfns); ++} ++ ++static inline int pfn_set_populated(struct xc_sr_context *ctx, xen_pfn_t pfn) ++{ ++ xc_interface *xch = ctx->xch; ++ ++ if ( !xc_sr_set_bit(pfn, &ctx->restore.populated_pfns) ) ++ { ++ ERROR("Failed to realloc populated_pfns bitmap"); ++ errno = ENOMEM; ++ return -1; ++ } ++ return 0; ++} ++ + struct xc_sr_record + { + uint32_t type; +@@ -389,14 +475,6 @@ static inline int write_record(struct xc + */ + int read_record(struct xc_sr_context *ctx, int fd, struct xc_sr_record *rec); + +-/* +- * This would ideally be private in restore.c, but is needed by +- * x86_pv_localise_page() if we receive pagetables frames ahead of the +- * contents of the frames they point at. +- */ +-int populate_pfns(struct xc_sr_context *ctx, unsigned count, +- const xen_pfn_t *original_pfns, const uint32_t *types); +- + #endif + /* + * Local variables: +Index: xen-4.13.1-testing/tools/libxc/xc_sr_restore.c +=================================================================== +--- xen-4.13.1-testing.orig/tools/libxc/xc_sr_restore.c ++++ xen-4.13.1-testing/tools/libxc/xc_sr_restore.c +@@ -69,132 +69,6 @@ static int read_headers(struct xc_sr_con + } + + /* +- * Is a pfn populated? +- */ +-static bool pfn_is_populated(const struct xc_sr_context *ctx, xen_pfn_t pfn) +-{ +- if ( pfn > ctx->restore.max_populated_pfn ) +- return false; +- return test_bit(pfn, ctx->restore.populated_pfns); +-} +- +-/* +- * Set a pfn as populated, expanding the tracking structures if needed. To +- * avoid realloc()ing too excessively, the size increased to the nearest power +- * of two large enough to contain the required pfn. +- */ +-static int pfn_set_populated(struct xc_sr_context *ctx, xen_pfn_t pfn) +-{ +- xc_interface *xch = ctx->xch; +- +- if ( pfn > ctx->restore.max_populated_pfn ) +- { +- xen_pfn_t new_max; +- size_t old_sz, new_sz; +- unsigned long *p; +- +- /* Round up to the nearest power of two larger than pfn, less 1. */ +- new_max = pfn; +- new_max |= new_max >> 1; +- new_max |= new_max >> 2; +- new_max |= new_max >> 4; +- new_max |= new_max >> 8; +- new_max |= new_max >> 16; +-#ifdef __x86_64__ +- new_max |= new_max >> 32; +-#endif +- +- old_sz = bitmap_size(ctx->restore.max_populated_pfn + 1); +- new_sz = bitmap_size(new_max + 1); +- p = realloc(ctx->restore.populated_pfns, new_sz); +- if ( !p ) +- { +- ERROR("Failed to realloc populated bitmap"); +- errno = ENOMEM; +- return -1; +- } +- +- memset((uint8_t *)p + old_sz, 0x00, new_sz - old_sz); +- +- ctx->restore.populated_pfns = p; +- ctx->restore.max_populated_pfn = new_max; +- } +- +- assert(!test_bit(pfn, ctx->restore.populated_pfns)); +- set_bit(pfn, ctx->restore.populated_pfns); +- +- return 0; +-} +- +-/* +- * Given a set of pfns, obtain memory from Xen to fill the physmap for the +- * unpopulated subset. If types is NULL, no page type checking is performed +- * and all unpopulated pfns are populated. +- */ +-int populate_pfns(struct xc_sr_context *ctx, unsigned count, +- const xen_pfn_t *original_pfns, const uint32_t *types) +-{ +- xc_interface *xch = ctx->xch; +- xen_pfn_t *mfns = malloc(count * sizeof(*mfns)), +- *pfns = malloc(count * sizeof(*pfns)); +- unsigned i, nr_pfns = 0; +- int rc = -1; +- +- if ( !mfns || !pfns ) +- { +- ERROR("Failed to allocate %zu bytes for populating the physmap", +- 2 * count * sizeof(*mfns)); +- goto err; +- } +- +- for ( i = 0; i < count; ++i ) +- { +- if ( (!types || (types && +- (types[i] != XEN_DOMCTL_PFINFO_XTAB && +- types[i] != XEN_DOMCTL_PFINFO_BROKEN))) && +- !pfn_is_populated(ctx, original_pfns[i]) ) +- { +- rc = pfn_set_populated(ctx, original_pfns[i]); +- if ( rc ) +- goto err; +- pfns[nr_pfns] = mfns[nr_pfns] = original_pfns[i]; +- ++nr_pfns; +- } +- } +- +- if ( nr_pfns ) +- { +- rc = xc_domain_populate_physmap_exact( +- xch, ctx->domid, nr_pfns, 0, 0, mfns); +- if ( rc ) +- { +- PERROR("Failed to populate physmap"); +- goto err; +- } +- +- for ( i = 0; i < nr_pfns; ++i ) +- { +- if ( mfns[i] == INVALID_MFN ) +- { +- ERROR("Populate physmap failed for pfn %u", i); +- rc = -1; +- goto err; +- } +- +- ctx->restore.ops.set_gfn(ctx, pfns[i], mfns[i]); +- } +- } +- +- rc = 0; +- +- err: +- free(pfns); +- free(mfns); +- +- return rc; +-} +- +-/* + * Given a list of pfns, their types, and a block of page data from the + * stream, populate and record their types, map the relevant subset and copy + * the data into the guest. +@@ -219,7 +93,7 @@ static int process_page_data(struct xc_s + goto err; + } + +- rc = populate_pfns(ctx, count, pfns, types); ++ rc = ctx->restore.ops.populate_pfns(ctx, count, pfns, types); + if ( rc ) + { + ERROR("Failed to populate pfns for batch of %u pages", count); +@@ -684,10 +558,8 @@ static int setup(struct xc_sr_context *c + if ( rc ) + goto err; + +- ctx->restore.max_populated_pfn = (32 * 1024 / 4) - 1; +- ctx->restore.populated_pfns = bitmap_alloc( +- ctx->restore.max_populated_pfn + 1); +- if ( !ctx->restore.populated_pfns ) ++ rc = !xc_sr_bitmap_resize(&ctx->restore.populated_pfns, 32 * 1024 / 4); ++ if ( rc ) + { + ERROR("Unable to allocate memory for populated_pfns bitmap"); + rc = -1; +@@ -722,7 +594,7 @@ static void cleanup(struct xc_sr_context + xc_hypercall_buffer_free_pages(xch, dirty_bitmap, + NRPAGES(bitmap_size(ctx->restore.p2m_size))); + free(ctx->restore.buffered_records); +- free(ctx->restore.populated_pfns); ++ xc_sr_bitmap_free(&ctx->restore.populated_pfns); + if ( ctx->restore.ops.cleanup(ctx) ) + PERROR("Failed to clean up"); + } +@@ -886,7 +758,12 @@ int xc_domain_restore(xc_interface *xch, + return -1; + } + ++ /* See xc_domain_getinfo */ ++ ctx.restore.max_pages = ctx.dominfo.max_memkb >> (PAGE_SHIFT-10); ++ ctx.restore.tot_pages = ctx.dominfo.nr_pages; + ctx.restore.p2m_size = nr_pfns; ++ DPRINTF("dom %u p2m_size %lx max_pages %lx", ++ ctx.domid, ctx.restore.p2m_size, ctx.restore.max_pages); + + if ( ctx.dominfo.hvm ) + { +Index: xen-4.13.1-testing/tools/libxc/xc_sr_restore_x86_hvm.c +=================================================================== +--- xen-4.13.1-testing.orig/tools/libxc/xc_sr_restore_x86_hvm.c ++++ xen-4.13.1-testing/tools/libxc/xc_sr_restore_x86_hvm.c +@@ -135,6 +135,8 @@ static int x86_hvm_localise_page(struct + static int x86_hvm_setup(struct xc_sr_context *ctx) + { + xc_interface *xch = ctx->xch; ++ struct xc_sr_bitmap *bm; ++ unsigned long bits; + + if ( ctx->restore.guest_type != DHDR_TYPE_X86_HVM ) + { +@@ -158,7 +160,30 @@ static int x86_hvm_setup(struct xc_sr_co + } + #endif + ++ bm = &ctx->x86_hvm.restore.attempted_1g; ++ bits = (ctx->restore.p2m_size >> SUPERPAGE_1GB_SHIFT) + 1; ++ if ( xc_sr_bitmap_resize(bm, bits) == false ) ++ goto out; ++ ++ bm = &ctx->x86_hvm.restore.attempted_2m; ++ bits = (ctx->restore.p2m_size >> SUPERPAGE_2MB_SHIFT) + 1; ++ if ( xc_sr_bitmap_resize(bm, bits) == false ) ++ goto out; ++ ++ bm = &ctx->x86_hvm.restore.allocated_pfns; ++ bits = ctx->restore.p2m_size + 1; ++ if ( xc_sr_bitmap_resize(bm, bits) == false ) ++ goto out; ++ ++ /* No superpage in 1st 2MB due to VGA hole */ ++ xc_sr_set_bit(0, &ctx->x86_hvm.restore.attempted_1g); ++ xc_sr_set_bit(0, &ctx->x86_hvm.restore.attempted_2m); ++ + return 0; ++ ++out: ++ ERROR("Unable to allocate memory for pfn bitmaps"); ++ return -1; + } + + /* +@@ -233,10 +258,325 @@ static int x86_hvm_stream_complete(struc + static int x86_hvm_cleanup(struct xc_sr_context *ctx) + { + free(ctx->x86_hvm.restore.context); ++ xc_sr_bitmap_free(&ctx->x86_hvm.restore.attempted_1g); ++ xc_sr_bitmap_free(&ctx->x86_hvm.restore.attempted_2m); ++ xc_sr_bitmap_free(&ctx->x86_hvm.restore.allocated_pfns); ++ ++ return 0; ++} ++ ++/* ++ * Set a pfn as allocated, expanding the tracking structures if needed. ++ */ ++static int pfn_set_allocated(struct xc_sr_context *ctx, xen_pfn_t pfn) ++{ ++ xc_interface *xch = ctx->xch; + ++ if ( !xc_sr_set_bit(pfn, &ctx->x86_hvm.restore.allocated_pfns) ) ++ { ++ ERROR("Failed to realloc allocated_pfns bitmap"); ++ errno = ENOMEM; ++ return -1; ++ } + return 0; + } + ++struct x86_hvm_sp { ++ xen_pfn_t pfn; ++ xen_pfn_t base_pfn; ++ unsigned long index; ++ unsigned long count; ++}; ++ ++/* ++ * Try to allocate a 1GB page for this pfn, but avoid Over-allocation. ++ * If this succeeds, mark the range of 2MB pages as busy. ++ */ ++static bool x86_hvm_alloc_1g(struct xc_sr_context *ctx, struct x86_hvm_sp *sp) ++{ ++ xc_interface *xch = ctx->xch; ++ struct xc_sr_bitmap *bm; ++ unsigned int order, shift; ++ int i, done; ++ xen_pfn_t extent; ++ ++ bm = &ctx->x86_hvm.restore.attempted_1g; ++ ++ /* Only one attempt to avoid overlapping allocation */ ++ if ( xc_sr_test_and_set_bit(sp->index, bm) ) ++ return false; ++ ++ order = SUPERPAGE_1GB_SHIFT; ++ sp->count = 1ULL << order; ++ ++ /* Allocate only if there is room for another superpage */ ++ if ( ctx->restore.tot_pages + sp->count > ctx->restore.max_pages ) ++ return false; ++ ++ extent = sp->base_pfn = (sp->pfn >> order) << order; ++ done = xc_domain_populate_physmap(xch, ctx->domid, 1, order, 0, &extent); ++ if ( done < 0 ) { ++ PERROR("populate_physmap failed."); ++ return false; ++ } ++ if ( done == 0 ) ++ return false; ++ ++ DPRINTF("1G base_pfn %" PRI_xen_pfn "\n", sp->base_pfn); ++ ++ /* Mark all 2MB pages as done to avoid overlapping allocation */ ++ bm = &ctx->x86_hvm.restore.attempted_2m; ++ shift = SUPERPAGE_1GB_SHIFT - SUPERPAGE_2MB_SHIFT; ++ for ( i = 0; i < (sp->count >> shift); i++ ) ++ xc_sr_set_bit((sp->base_pfn >> SUPERPAGE_2MB_SHIFT) + i, bm); ++ ++ return true; ++} ++ ++/* Allocate a 2MB page if x86_hvm_alloc_1g failed, avoid Over-allocation. */ ++static bool x86_hvm_alloc_2m(struct xc_sr_context *ctx, struct x86_hvm_sp *sp) ++{ ++ xc_interface *xch = ctx->xch; ++ struct xc_sr_bitmap *bm; ++ unsigned int order; ++ int done; ++ xen_pfn_t extent; ++ ++ bm = &ctx->x86_hvm.restore.attempted_2m; ++ ++ /* Only one attempt to avoid overlapping allocation */ ++ if ( xc_sr_test_and_set_bit(sp->index, bm) ) ++ return false; ++ ++ order = SUPERPAGE_2MB_SHIFT; ++ sp->count = 1ULL << order; ++ ++ /* Allocate only if there is room for another superpage */ ++ if ( ctx->restore.tot_pages + sp->count > ctx->restore.max_pages ) ++ return false; ++ ++ extent = sp->base_pfn = (sp->pfn >> order) << order; ++ done = xc_domain_populate_physmap(xch, ctx->domid, 1, order, 0, &extent); ++ if ( done < 0 ) { ++ PERROR("populate_physmap failed."); ++ return false; ++ } ++ if ( done == 0 ) ++ return false; ++ ++ DPRINTF("2M base_pfn %" PRI_xen_pfn "\n", sp->base_pfn); ++ return true; ++} ++ ++/* Allocate a single page if x86_hvm_alloc_2m failed. */ ++static bool x86_hvm_alloc_4k(struct xc_sr_context *ctx, struct x86_hvm_sp *sp) ++{ ++ xc_interface *xch = ctx->xch; ++ unsigned int order; ++ int done; ++ xen_pfn_t extent; ++ ++ order = 0; ++ sp->count = 1ULL << order; ++ ++ /* Allocate only if there is room for another page */ ++ if ( ctx->restore.tot_pages + sp->count > ctx->restore.max_pages ) ++ return false; ++ ++ extent = sp->base_pfn = (sp->pfn >> order) << order; ++ done = xc_domain_populate_physmap(xch, ctx->domid, 1, order, 0, &extent); ++ if ( done < 0 ) { ++ PERROR("populate_physmap failed."); ++ return false; ++ } ++ if ( done == 0 ) ++ return false; ++ ++ DPRINTF("4K base_pfn %" PRI_xen_pfn "\n", sp->base_pfn); ++ return true; ++} ++/* ++ * Attempt to allocate a superpage where the pfn resides. ++ */ ++static int x86_hvm_allocate_pfn(struct xc_sr_context *ctx, xen_pfn_t pfn) ++{ ++ xc_interface *xch = ctx->xch; ++ bool success; ++ int rc = -1; ++ unsigned long idx_1g, idx_2m; ++ struct x86_hvm_sp sp = { ++ .pfn = pfn ++ }; ++ ++ if ( xc_sr_test_bit(pfn, &ctx->x86_hvm.restore.allocated_pfns) ) ++ return 0; ++ ++ idx_1g = pfn >> SUPERPAGE_1GB_SHIFT; ++ idx_2m = pfn >> SUPERPAGE_2MB_SHIFT; ++ if ( !xc_sr_bitmap_resize(&ctx->x86_hvm.restore.attempted_1g, idx_1g) ) ++ { ++ PERROR("Failed to realloc attempted_1g"); ++ return -1; ++ } ++ if ( !xc_sr_bitmap_resize(&ctx->x86_hvm.restore.attempted_2m, idx_2m) ) ++ { ++ PERROR("Failed to realloc attempted_2m"); ++ return -1; ++ } ++ ++ sp.index = idx_1g; ++ success = x86_hvm_alloc_1g(ctx, &sp); ++ ++ if ( success == false ) { ++ sp.index = idx_2m; ++ success = x86_hvm_alloc_2m(ctx, &sp); ++ } ++ ++ if ( success == false ) { ++ sp.index = 0; ++ success = x86_hvm_alloc_4k(ctx, &sp); ++ } ++ ++ if ( success == true ) { ++ do { ++ sp.count--; ++ ctx->restore.tot_pages++; ++ rc = pfn_set_allocated(ctx, sp.base_pfn + sp.count); ++ if ( rc ) ++ break; ++ } while ( sp.count ); ++ } ++ return rc; ++} ++ ++static bool x86_hvm_punch_hole(struct xc_sr_context *ctx, xen_pfn_t max_pfn) ++{ ++ xc_interface *xch = ctx->xch; ++ struct xc_sr_bitmap *bm; ++ xen_pfn_t _pfn, pfn, min_pfn; ++ uint32_t domid, freed = 0, order; ++ int rc = -1; ++ ++ /* ++ * Scan the entire superpage because several batches will fit into ++ * a superpage, and it is unknown which pfn triggered the allocation. ++ */ ++ order = SUPERPAGE_1GB_SHIFT; ++ pfn = min_pfn = (max_pfn >> order) << order; ++ ++ while ( pfn <= max_pfn ) ++ { ++ bm = &ctx->x86_hvm.restore.allocated_pfns; ++ if ( !xc_sr_bitmap_resize(bm, pfn) ) ++ { ++ PERROR("Failed to realloc allocated_pfns %" PRI_xen_pfn, pfn); ++ return false; ++ } ++ if ( !pfn_is_populated(ctx, pfn) && ++ xc_sr_test_and_clear_bit(pfn, bm) ) { ++ domid = ctx->domid; ++ _pfn = pfn; ++ rc = xc_domain_decrease_reservation_exact(xch, domid, 1, 0, &_pfn); ++ if ( rc ) ++ { ++ PERROR("Failed to release pfn %" PRI_xen_pfn, pfn); ++ return false; ++ } ++ ctx->restore.tot_pages--; ++ freed++; ++ } ++ pfn++; ++ } ++ if ( freed ) ++ DPRINTF("freed %u between %" PRI_xen_pfn " %" PRI_xen_pfn "\n", ++ freed, min_pfn, max_pfn); ++ return true; ++} ++ ++/* ++ * Try to allocate superpages. ++ * This works without memory map only if the pfns arrive in incremental order. ++ */ ++static int x86_hvm_populate_pfns(struct xc_sr_context *ctx, unsigned count, ++ const xen_pfn_t *original_pfns, ++ const uint32_t *types) ++{ ++ xc_interface *xch = ctx->xch; ++ xen_pfn_t pfn, min_pfn = original_pfns[0], max_pfn = original_pfns[0]; ++ xen_pfn_t idx1G, idx2M; ++ unsigned i, order; ++ int rc = -1; ++ ++ /* Loop once over the array to show statistics */ ++ for ( i = 0; i < count; ++i ) ++ { ++ if ( original_pfns[i] < min_pfn ) ++ min_pfn = original_pfns[i]; ++ if ( original_pfns[i] > max_pfn ) ++ max_pfn = original_pfns[i]; ++ } ++ DPRINTF("batch of %u pfns between %" PRI_xen_pfn " %" PRI_xen_pfn "\n", ++ count, min_pfn, max_pfn); ++ ++ for ( i = 0; i < count; ++i ) ++ { ++ pfn = original_pfns[i]; ++ idx1G = pfn >> SUPERPAGE_1GB_SHIFT; ++ idx2M = pfn >> SUPERPAGE_2MB_SHIFT; ++ ++ /* ++ * If this pfn is in another 2MB superpage it is required to punch holes ++ * to release memory, starting from the 1GB boundary up to the highest ++ * pfn within the previous 2MB superpage. ++ */ ++ if ( ctx->x86_hvm.restore.idx1G_prev == idx1G && ++ ctx->x86_hvm.restore.idx2M_prev == idx2M ) ++ { ++ /* Same 2MB superpage, nothing to do */ ++ ; ++ } else { ++ /* ++ * If this next pfn is within another 1GB or 2MB superpage it is ++ * required to scan the entire previous superpage because there ++ * might be holes between the last pfn and the end of the superpage. ++ */ ++ if ( ctx->x86_hvm.restore.idx1G_prev != idx1G ) ++ { ++ order = SUPERPAGE_1GB_SHIFT; ++ max_pfn = ((ctx->x86_hvm.restore.idx1G_prev + 1) << order) - 1; ++ } ++ else ++ { ++ order = SUPERPAGE_2MB_SHIFT; ++ max_pfn = ((ctx->x86_hvm.restore.idx2M_prev + 1) << order) - 1; ++ } ++ ++ if ( x86_hvm_punch_hole(ctx, max_pfn) == false ) ++ goto err; ++ } ++ ++ if ( (types[i] != XEN_DOMCTL_PFINFO_XTAB && ++ types[i] != XEN_DOMCTL_PFINFO_BROKEN) && ++ !pfn_is_populated(ctx, pfn) ) ++ { ++ rc = x86_hvm_allocate_pfn(ctx, pfn); ++ if ( rc ) ++ goto err; ++ rc = pfn_set_populated(ctx, pfn); ++ if ( rc ) ++ goto err; ++ } ++ ctx->x86_hvm.restore.idx1G_prev = idx1G; ++ ctx->x86_hvm.restore.idx2M_prev = idx2M; ++ } ++ ++ rc = 0; ++ ++ err: ++ return rc; ++} ++ ++ + struct xc_sr_restore_ops restore_ops_x86_hvm = + { + .pfn_is_valid = x86_hvm_pfn_is_valid, +@@ -245,6 +585,7 @@ struct xc_sr_restore_ops restore_ops_x86 + .set_page_type = x86_hvm_set_page_type, + .localise_page = x86_hvm_localise_page, + .setup = x86_hvm_setup, ++ .populate_pfns = x86_hvm_populate_pfns, + .process_record = x86_hvm_process_record, + .stream_complete = x86_hvm_stream_complete, + .cleanup = x86_hvm_cleanup, +Index: xen-4.13.1-testing/tools/libxc/xc_sr_restore_x86_pv.c +=================================================================== +--- xen-4.13.1-testing.orig/tools/libxc/xc_sr_restore_x86_pv.c ++++ xen-4.13.1-testing/tools/libxc/xc_sr_restore_x86_pv.c +@@ -960,6 +960,75 @@ static void x86_pv_set_gfn(struct xc_sr_ + } + + /* ++ * Given a set of pfns, obtain memory from Xen to fill the physmap for the ++ * unpopulated subset. If types is NULL, no page type checking is performed ++ * and all unpopulated pfns are populated. ++ */ ++static int x86_pv_populate_pfns(struct xc_sr_context *ctx, unsigned count, ++ const xen_pfn_t *original_pfns, ++ const uint32_t *types) ++{ ++ xc_interface *xch = ctx->xch; ++ xen_pfn_t *mfns = malloc(count * sizeof(*mfns)), ++ *pfns = malloc(count * sizeof(*pfns)); ++ unsigned i, nr_pfns = 0; ++ int rc = -1; ++ ++ if ( !mfns || !pfns ) ++ { ++ ERROR("Failed to allocate %zu bytes for populating the physmap", ++ 2 * count * sizeof(*mfns)); ++ goto err; ++ } ++ ++ for ( i = 0; i < count; ++i ) ++ { ++ if ( (!types || (types && ++ (types[i] != XEN_DOMCTL_PFINFO_XTAB && ++ types[i] != XEN_DOMCTL_PFINFO_BROKEN))) && ++ !pfn_is_populated(ctx, original_pfns[i]) ) ++ { ++ rc = pfn_set_populated(ctx, original_pfns[i]); ++ if ( rc ) ++ goto err; ++ pfns[nr_pfns] = mfns[nr_pfns] = original_pfns[i]; ++ ++nr_pfns; ++ } ++ } ++ ++ if ( nr_pfns ) ++ { ++ rc = xc_domain_populate_physmap_exact( ++ xch, ctx->domid, nr_pfns, 0, 0, mfns); ++ if ( rc ) ++ { ++ PERROR("Failed to populate physmap"); ++ goto err; ++ } ++ ++ for ( i = 0; i < nr_pfns; ++i ) ++ { ++ if ( mfns[i] == INVALID_MFN ) ++ { ++ ERROR("Populate physmap failed for pfn %u", i); ++ rc = -1; ++ goto err; ++ } ++ ++ ctx->restore.ops.set_gfn(ctx, pfns[i], mfns[i]); ++ } ++ } ++ ++ rc = 0; ++ ++ err: ++ free(pfns); ++ free(mfns); ++ ++ return rc; ++} ++ ++/* + * restore_ops function. Convert pfns back to mfns in pagetables. Possibly + * needs to populate new frames if a PTE is found referring to a frame which + * hasn't yet been seen from PAGE_DATA records. +@@ -1003,7 +1072,7 @@ static int x86_pv_localise_page(struct x + } + } + +- if ( to_populate && populate_pfns(ctx, to_populate, pfns, NULL) ) ++ if ( to_populate && x86_pv_populate_pfns(ctx, to_populate, pfns, NULL) ) + return -1; + + for ( i = 0; i < (PAGE_SIZE / sizeof(uint64_t)); ++i ) +@@ -1183,6 +1252,7 @@ struct xc_sr_restore_ops restore_ops_x86 + .set_gfn = x86_pv_set_gfn, + .localise_page = x86_pv_localise_page, + .setup = x86_pv_setup, ++ .populate_pfns = x86_pv_populate_pfns, + .process_record = x86_pv_process_record, + .stream_complete = x86_pv_stream_complete, + .cleanup = x86_pv_cleanup, diff --git a/libxl.LIBXL_HOTPLUG_TIMEOUT.patch b/libxl.LIBXL_HOTPLUG_TIMEOUT.patch new file mode 100644 index 0000000..b08d4e8 --- /dev/null +++ b/libxl.LIBXL_HOTPLUG_TIMEOUT.patch @@ -0,0 +1,318 @@ +References: bsc#1120095 + +A domU with a large amount of disks may run into the hardcoded +LIBXL_HOTPLUG_TIMEOUT limit, which is 40 seconds. This happens if the +preparation for each disk takes an unexpected large amount of time. Then +the sum of all configured disks and the individual preparation time will +be larger than 40 seconds. The hotplug script which does the preparation +takes a lock before doing the actual preparation. Since the hotplug +scripts for each disk are spawned at nearly the same time, each one has +to wait for the lock. Due to this contention, the total execution time +of a script can easily exceed the timeout. In this case libxl will +terminate the script because it has to assume an error condition. + +Example: +10 configured disks, each one takes 3 seconds within the critital +section. The total execution time will be 30 seconds, which is still +within the limit. With 5 additional configured disks, the total +execution time will be 45 seconds, which would trigger the timeout. + +To handle such setup without a recompile of libxl, a special key/value +has to be created in xenstore prior domain creation. This can be done +either manually, or at system startup. + +If this systemd service file is placed in /etc/systemd/system/, and +activated, it will create the required entry in xenstore: + +/etc/systemd/system # cat xen-LIBXL_HOTPLUG_TIMEOUT.service +[Unit] +Description=set global LIBXL_HOTPLUG_TIMEOUT +ConditionPathExists=/proc/xen/capabilities + +Requires=xenstored.service +After=xenstored.service +Requires=xen-init-dom0.service +After=xen-init-dom0.service +Before=xencommons.service + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStartPre=/bin/grep -q control_d /proc/xen/capabilities +ExecStart=/usr/bin/xenstore-write /libxl/suse/per-device-LIBXL_HOTPLUG_TIMEOUT 5 + +[Install] +WantedBy=multi-user.target + +/etc/systemd/system # systemctl enable xen-LIBXL_HOTPLUG_TIMEOUT.service +/etc/systemd/system # systemctl start xen-LIBXL_HOTPLUG_TIMEOUT.service + +In this example the per-device value will be set to 5 seconds. + +The change for libxl which handles this xenstore value will enable +additional logging if the key is found. That extra logging will show how +the execution time of each script. +Index: xen-4.13.0-testing/tools/libxl/libxl_aoutils.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_aoutils.c ++++ xen-4.13.0-testing/tools/libxl/libxl_aoutils.c +@@ -529,6 +529,8 @@ static void async_exec_timeout(libxl__eg + { + libxl__async_exec_state *aes = CONTAINER_OF(ev, *aes, time); + STATE_AO_GC(aes->ao); ++ char b[64]; ++ libxl__suse_diff_timespec(&aes->start, b, sizeof(b)); + + if (!aes->rc) + aes->rc = rc; +@@ -536,7 +538,7 @@ static void async_exec_timeout(libxl__eg + libxl__ev_time_deregister(gc, &aes->time); + + assert(libxl__ev_child_inuse(&aes->child)); +- LOG(ERROR, "killing execution of %s because of timeout", aes->what); ++ LOG(ERROR, "killing execution of %s because of timeout%s", aes->what, b); + + if (kill(aes->child.pid, SIGKILL)) { + LOGEV(ERROR, errno, "unable to kill %s [%ld]", +@@ -552,6 +554,10 @@ static void async_exec_done(libxl__egc * + { + libxl__async_exec_state *aes = CONTAINER_OF(child, *aes, child); + STATE_AO_GC(aes->ao); ++ char b[64]; ++ libxl__suse_diff_timespec(&aes->start, b, sizeof(b)); ++ if (b[0]) ++ LOG(NOTICE, "finished execution of '%s'%s", aes->what, b); + + libxl__ev_time_deregister(gc, &aes->time); + +Index: xen-4.13.0-testing/tools/libxl/libxl_create.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_create.c ++++ xen-4.13.0-testing/tools/libxl/libxl_create.c +@@ -1116,6 +1116,7 @@ static void initiate_domain_create(libxl + * build info around just to know if the domain has a device model or not. + */ + store_libxl_entry(gc, domid, &d_config->b_info); ++ libxl__suse_domain_set_hotplug_timeout(gc, domid, d_config->num_disks, d_config->num_nics); + + for (i = 0; i < d_config->num_disks; i++) { + ret = libxl__disk_devtype.set_default(gc, domid, &d_config->disks[i], +Index: xen-4.13.0-testing/tools/libxl/libxl_device.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_device.c ++++ xen-4.13.0-testing/tools/libxl/libxl_device.c +@@ -1212,7 +1212,7 @@ static void device_hotplug(libxl__egc *e + } + + aes->ao = ao; +- aes->what = GCSPRINTF("%s %s", args[0], args[1]); ++ aes->what = GCSPRINTF("%s %s for %s", args[0], args[1], be_path); + aes->env = env; + aes->args = args; + aes->callback = device_hotplug_child_death_cb; +@@ -1221,6 +1221,15 @@ static void device_hotplug(libxl__egc *e + aes->stdfds[1] = 2; + aes->stdfds[2] = -1; + ++ switch (aodev->dev->backend_kind) { ++ case LIBXL__DEVICE_KIND_VBD: ++ case LIBXL__DEVICE_KIND_VIF: ++ if (aodev->num_exec == 0) ++ libxl__suse_domain_get_hotplug_timeout(gc, aodev->dev->domid, aodev->dev->backend_kind, &aes->start, &aes->timeout_ms, be_path); ++ default: ++ break; ++ } ++ + rc = libxl__async_exec_start(aes); + if (rc) + goto out; +Index: xen-4.13.0-testing/tools/libxl/libxl_event.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_event.c ++++ xen-4.13.0-testing/tools/libxl/libxl_event.c +@@ -858,27 +858,29 @@ static void devstate_callback(libxl__egc + { + EGC_GC; + libxl__ev_devstate *ds = CONTAINER_OF(xsw, *ds, w); ++ char b[64]; ++ libxl__suse_diff_timespec(&ds->w.start, b, sizeof(b)); + + if (rc) { + if (rc == ERROR_TIMEDOUT) +- LOG(DEBUG, "backend %s wanted state %d "" timed out", ds->w.path, +- ds->wanted); ++ LOG(DEBUG, "backend %s wanted state %d "" timed out%s", ds->w.path, ++ ds->wanted, b); + goto out; + } + if (!sstate) { +- LOG(DEBUG, "backend %s wanted state %d"" but it was removed", +- ds->w.path, ds->wanted); ++ LOG(DEBUG, "backend %s wanted state %d"" but it was removed%s", ++ ds->w.path, ds->wanted, b); + rc = ERROR_INVAL; + goto out; + } + + int got = atoi(sstate); + if (got == ds->wanted) { +- LOG(DEBUG, "backend %s wanted state %d ok", ds->w.path, ds->wanted); ++ LOG(DEBUG, "backend %s wanted state %d ok%s", ds->w.path, ds->wanted, b); + rc = 0; + } else { +- LOG(DEBUG, "backend %s wanted state %d"" still waiting state %d", +- ds->w.path, ds->wanted, got); ++ LOG(DEBUG, "backend %s wanted state %d"" still waiting state %d%s", ++ ds->w.path, ds->wanted, got, b); + return; + } + +@@ -904,6 +906,8 @@ int libxl__ev_devstate_wait(libxl__ao *a + ds->w.path = state_path; + ds->w.timeout_ms = milliseconds; + ds->w.callback = devstate_callback; ++ rc = clock_gettime(CLOCK_MONOTONIC, &ds->w.start); ++ if (rc) goto out; + rc = libxl__xswait_start(gc, &ds->w); + if (rc) goto out; + +Index: xen-4.13.0-testing/tools/libxl/libxl_internal.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_internal.c ++++ xen-4.13.0-testing/tools/libxl/libxl_internal.c +@@ -17,6 +17,97 @@ + + #include "libxl_internal.h" + ++#define LIBXL_SUSE_PATH_TIMEOUT "/libxl/suse/per-device-LIBXL_HOTPLUG_TIMEOUT" ++#define LIBXL_SUSE_PATH_DISK_TIMEOUT "suse/disks-LIBXL_HOTPLUG_TIMEOUT" ++#define LIBXL_SUSE_PATH_NIC_TIMEOUT "suse/nics-LIBXL_HOTPLUG_TIMEOUT" ++ ++void libxl__suse_domain_set_hotplug_timeout(libxl__gc *gc, uint32_t domid, long d, long n) ++{ ++ char *path; ++ char *val, *p; ++ long v; ++ ++ val = libxl__xs_read(gc, XBT_NULL, LIBXL_SUSE_PATH_TIMEOUT); ++ if (!val) ++ return; ++ ++ v = strtol(val, NULL, 0); ++ if (v <= 0) ++ return; ++ ++ path = libxl__xs_libxl_path(gc, domid); ++ if (d > 0) { ++ p = GCSPRINTF("%s/" LIBXL_SUSE_PATH_DISK_TIMEOUT, path); ++ LOGD(NOTICE, domid, "Setting %s to %ld*%ld=%ld", p, d, v, d*v); ++ libxl__xs_printf(gc, XBT_NULL, p, "%ld", d*v); ++ } ++ if (n > 0) { ++ p = GCSPRINTF("%s/" LIBXL_SUSE_PATH_NIC_TIMEOUT, path); ++ LOGD(NOTICE, domid, "Setting %s to %ld*%ld=%ld", p, n, v, n*v); ++ libxl__xs_printf(gc, XBT_NULL, p, "%ld", n*v); ++ } ++} ++ ++void libxl__suse_domain_get_hotplug_timeout(libxl__gc *gc, uint32_t domid, libxl__device_kind kind, struct timespec *ts, int *timeout_ms, const char *be_path) ++{ ++ char *path; ++ char *val, *p; ++ long v = 0; ++ ++ path = libxl__xs_libxl_path(gc, domid); ++ if (!path) ++ return; ++ ++ switch (kind) { ++ case LIBXL__DEVICE_KIND_VBD: ++ p = GCSPRINTF("%s/" LIBXL_SUSE_PATH_DISK_TIMEOUT, path); ++ break; ++ case LIBXL__DEVICE_KIND_VIF: ++ p = GCSPRINTF("%s/" LIBXL_SUSE_PATH_NIC_TIMEOUT, path); ++ break; ++ default: ++ return; ++ } ++ errno = 0; ++ val = libxl__xs_read(gc, XBT_NULL, p); ++ if (val) ++ v = strtol(val, NULL, 0); ++ LOGED(DEBUG, domid, "Got from '%s' = %ld from %s for %s", val?:"", v, p, be_path); ++ if (!val || v <= 0) ++ return; ++ ++ if (v > (INT_MAX/1000)) ++ v = (INT_MAX/1000); ++ v *= 1000; ++ LOGD(NOTICE, domid, "Replacing timeout %d with %ld for %s", *timeout_ms, v, be_path); ++ *timeout_ms = v; ++ if (clock_gettime(CLOCK_MONOTONIC, ts) < 0) { ++ LOGED(ERROR, domid, "clock_gettime failed for %s", be_path); ++ ts->tv_sec = ts->tv_nsec = 0; ++ } ++ ++} ++ ++void libxl__suse_diff_timespec(const struct timespec *old, char *b, size_t s) ++{ ++ struct timespec new, diff; ++ ++ if (old->tv_sec == 0 && old->tv_nsec == 0) { ++ *b = '\0'; ++ return; ++ } ++ if (clock_gettime(CLOCK_MONOTONIC, &new)) ++ new = *old; ++ if ((new.tv_nsec - old->tv_nsec) < 0) { ++ diff.tv_sec = new.tv_sec - old->tv_sec - 1; ++ diff.tv_nsec = new.tv_nsec - old->tv_nsec + (1000*1000*1000); ++ } else { ++ diff.tv_sec = new.tv_sec - old->tv_sec; ++ diff.tv_nsec = new.tv_nsec - old->tv_nsec; ++ } ++ snprintf(b, s, " (%ld.%09lds)", (long)diff.tv_sec, diff.tv_nsec); ++} ++ + void libxl__alloc_failed(libxl_ctx *ctx, const char *func, + size_t nmemb, size_t size) { + #define M "libxl: FATAL ERROR: memory allocation failure" +Index: xen-4.13.0-testing/tools/libxl/libxl_internal.h +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_internal.h ++++ xen-4.13.0-testing/tools/libxl/libxl_internal.h +@@ -50,6 +50,7 @@ + #include <sys/un.h> + #include <sys/file.h> + #include <sys/ioctl.h> ++#include <time.h> + + #include <xenevtchn.h> + #include <xenstore.h> +@@ -1593,6 +1594,7 @@ struct libxl__xswait_state { + const char *what; /* for error msgs: noun phrase, what we're waiting for */ + const char *path; + int timeout_ms; /* as for poll(2) */ ++ struct timespec start; + libxl__xswait_callback *callback; + /* remaining fields are private to xswait */ + libxl__ev_time time_ev; +@@ -2652,6 +2654,7 @@ struct libxl__async_exec_state { + char **args; /* execution arguments */ + char **env; /* execution environment */ + ++ struct timespec start; + /* private */ + libxl__ev_time time; + libxl__ev_child child; +@@ -4783,6 +4786,9 @@ _hidden int libxl__domain_pvcontrol(libx + + #endif + ++_hidden void libxl__suse_domain_set_hotplug_timeout(libxl__gc *gc, uint32_t domid, long d, long n); ++_hidden void libxl__suse_domain_get_hotplug_timeout(libxl__gc *gc, uint32_t domid, libxl__device_kind kind, struct timespec *ts, int *timeout_ms, const char *be_path); ++_hidden void libxl__suse_diff_timespec(const struct timespec *old, char *b, size_t s); + /* + * Local variables: + * mode: C diff --git a/libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch b/libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch new file mode 100644 index 0000000..bdd553d --- /dev/null +++ b/libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch @@ -0,0 +1,215 @@ +https://bugzilla.novell.com/show_bug.cgi?id=879425 +--- + tools/libxl/libxl.c | 2 ++ + tools/libxl/libxl.h | 12 ++++++++++++ + tools/libxl/libxlu_disk.c | 2 ++ + tools/libxl/libxlu_disk_i.h | 2 +- + tools/libxl/libxlu_disk_l.l | 1 + + 5 files changed, 18 insertions(+), 1 deletion(-) + +Index: xen-4.13.0-testing/docs/man/xl-disk-configuration.5.pod +=================================================================== +--- xen-4.13.0-testing.orig/docs/man/xl-disk-configuration.5.pod ++++ xen-4.13.0-testing/docs/man/xl-disk-configuration.5.pod +@@ -344,6 +344,32 @@ can be used to disable "hole punching" f + were intentionally created non-sparse to avoid fragmentation of the + file. + ++=item B<suse-diskcache-disable-flush> ++ ++=over 4 ++ ++=item Description ++ ++Request that the qemu block driver does not automatically flush written data to the backend storage. ++ ++=item Supported values ++ ++absent, present ++ ++=item Mandatory ++ ++No ++ ++=item Default value ++ ++absent ++ ++=back ++ ++This enables the '-disk cache=unsafe' mode inside qemu. ++In this mode writes to the underlying blockdevice are delayed. ++While using this option in production is dangerous, it improves performance during installation of a domU. ++ + =back + + +Index: xen-4.13.0-testing/tools/libxl/libxl.h +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl.h ++++ xen-4.13.0-testing/tools/libxl/libxl.h +@@ -439,6 +439,21 @@ + #define LIBXL_HAVE_CREATEINFO_PASSTHROUGH 1 + + /* ++ * The libxl_device_disk has no way to indicate that cache=unsafe is ++ * supposed to be used. Provide this knob without breaking the ABI. ++ * This is done by overloading struct libxl_device_disk->readwrite: ++ * readwrite == 0: disk is readonly, cache= does not matter ++ * readwrite == 1: disk is readwrite, backend driver may tweak cache= ++ * readwrite == MAGIC: disk is readwrite, backend driver should ignore ++ * flush requests from the frontend driver. ++ * Note: the macro with MAGIC is used by libvirt to decide if this patch is applied ++ */ ++#define LIBXL_HAVE_LIBXL_DEVICE_DISK_DISABLE_FLUSH_MAGIC 0x00006000U ++#define LIBXL_HAVE_LIBXL_DEVICE_DISK_DISABLE_FLUSH_MASK 0xffff0fffU ++#define LIBXL_SUSE_IS_CACHE_UNSAFE(rw) (((rw) & ~LIBXL_HAVE_LIBXL_DEVICE_DISK_DISABLE_FLUSH_MASK) == LIBXL_HAVE_LIBXL_DEVICE_DISK_DISABLE_FLUSH_MAGIC) ++#define LIBXL_SUSE_SET_CACHE_UNSAFE(rw) (((rw) & LIBXL_HAVE_LIBXL_DEVICE_DISK_DISABLE_FLUSH_MASK) | LIBXL_HAVE_LIBXL_DEVICE_DISK_DISABLE_FLUSH_MAGIC) ++ ++/* + * libxl ABI compatibility + * + * The only guarantee which libxl makes regarding ABI compatibility +Index: xen-4.13.0-testing/tools/libxl/libxl_disk.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_disk.c ++++ xen-4.13.0-testing/tools/libxl/libxl_disk.c +@@ -386,6 +386,8 @@ static void device_disk_add(libxl__egc * + flexarray_append_pair(back, "discard-enable", + libxl_defbool_val(disk->discard_enable) ? + "1" : "0"); ++ if (LIBXL_SUSE_IS_CACHE_UNSAFE(disk->readwrite)) ++ flexarray_append_pair(back, "suse-diskcache-disable-flush", "1"); + + flexarray_append(front, "backend-id"); + flexarray_append(front, GCSPRINTF("%d", disk->backend_domid)); +Index: xen-4.13.0-testing/tools/libxl/libxl_dm.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_dm.c ++++ xen-4.13.0-testing/tools/libxl/libxl_dm.c +@@ -984,14 +984,27 @@ enum { + LIBXL__COLO_SECONDARY, + }; + ++static const char *qemu_cache_mode(const libxl_device_disk *disk) ++{ ++ static const char cache_directsync[] = "directsync"; ++ static const char cache_writeback[] = "writeback"; ++ static const char cache_unsafe[] = "unsafe"; ++ ++ if (LIBXL_SUSE_IS_CACHE_UNSAFE(disk->readwrite)) ++ return cache_unsafe; ++ if (disk->direct_io_safe) ++ return cache_directsync; ++ return cache_writeback; ++} ++ + static char *qemu_disk_scsi_drive_string(libxl__gc *gc, const char *target_path, + int unit, const char *format, + const libxl_device_disk *disk, + int colo_mode, const char **id_ptr) + { + char *drive = NULL; +- char *common = GCSPRINTF("if=none,readonly=%s,cache=writeback", +- disk->readwrite ? "off" : "on"); ++ char *common = GCSPRINTF("if=none,readonly=%s,cache=%s", ++ disk->readwrite ? "off" : "on", qemu_cache_mode(disk)); + const char *exportname = disk->colo_export; + const char *active_disk = disk->active_disk; + const char *hidden_disk = disk->hidden_disk; +@@ -1050,8 +1063,8 @@ static char *qemu_disk_ide_drive_string( + switch (colo_mode) { + case LIBXL__COLO_NONE: + drive = GCSPRINTF +- ("file=%s,if=ide,index=%d,media=disk,format=%s,cache=writeback", +- target_path, unit, format); ++ ("file=%s,if=ide,index=%d,media=disk,format=%s,cache=%s", ++ target_path, unit, format, qemu_cache_mode(disk)); + break; + case LIBXL__COLO_PRIMARY: + /* +@@ -1064,13 +1077,14 @@ static char *qemu_disk_ide_drive_string( + * vote-threshold=1 + */ + drive = GCSPRINTF( +- "if=ide,index=%d,media=disk,cache=writeback,driver=quorum," ++ "if=ide,index=%d,media=disk,cache=%s,driver=quorum," + "id=%s," + "children.0.file.filename=%s," + "children.0.driver=%s," + "read-pattern=fifo," + "vote-threshold=1", +- unit, exportname, target_path, format); ++ unit, qemu_cache_mode(disk), ++ exportname, target_path, format); + break; + case LIBXL__COLO_SECONDARY: + /* +@@ -1084,7 +1098,7 @@ static char *qemu_disk_ide_drive_string( + * file.backing.backing=exportname, + */ + drive = GCSPRINTF( +- "if=ide,index=%d,id=top-colo,media=disk,cache=writeback," ++ "if=ide,index=%d,id=top-colo,media=disk,cache=%s," + "driver=replication," + "mode=secondary," + "top-id=top-colo," +@@ -1093,7 +1107,8 @@ static char *qemu_disk_ide_drive_string( + "file.backing.driver=qcow2," + "file.backing.file.filename=%s," + "file.backing.backing=%s", +- unit, active_disk, hidden_disk, exportname); ++ unit, qemu_cache_mode(disk), ++ active_disk, hidden_disk, exportname); + break; + default: + abort(); +@@ -1881,8 +1896,8 @@ static int libxl__build_device_model_arg + return ERROR_INVAL; + } + flexarray_vappend(dm_args, "-drive", +- GCSPRINTF("file=%s,if=none,id=ahcidisk-%d,format=%s,cache=writeback", +- target_path, disk, format), ++ GCSPRINTF("file=%s,if=none,id=ahcidisk-%d,format=%s,cache=%s", ++ target_path, disk, format, qemu_cache_mode(&disks[i])), + "-device", GCSPRINTF("ide-hd,bus=ahci0.%d,unit=0,drive=ahcidisk-%d", + disk, disk), NULL); + continue; +Index: xen-4.13.0-testing/tools/libxl/libxlu_disk.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxlu_disk.c ++++ xen-4.13.0-testing/tools/libxl/libxlu_disk.c +@@ -79,6 +79,8 @@ int xlu_disk_parse(XLU_Config *cfg, + if (!disk->pdev_path || !strcmp(disk->pdev_path, "")) + disk->format = LIBXL_DISK_FORMAT_EMPTY; + } ++ if (disk->readwrite && dpc.suse_diskcache_disable_flush) ++ disk->readwrite = LIBXL_SUSE_SET_CACHE_UNSAFE(disk->readwrite); + + if (!disk->vdev) { + xlu__disk_err(&dpc,0, "no vdev specified"); +Index: xen-4.13.0-testing/tools/libxl/libxlu_disk_i.h +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxlu_disk_i.h ++++ xen-4.13.0-testing/tools/libxl/libxlu_disk_i.h +@@ -10,7 +10,7 @@ typedef struct { + void *scanner; + YY_BUFFER_STATE buf; + libxl_device_disk *disk; +- int access_set, had_depr_prefix; ++ int access_set, suse_diskcache_disable_flush, had_depr_prefix; + const char *spec; + } DiskParseContext; + +Index: xen-4.13.0-testing/tools/libxl/libxlu_disk_l.l +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxlu_disk_l.l ++++ xen-4.13.0-testing/tools/libxl/libxlu_disk_l.l +@@ -196,6 +196,7 @@ colo-port=[^,]*,? { STRIP(','); setcolop + colo-export=[^,]*,? { STRIP(','); SAVESTRING("colo-export", colo_export, FROMEQUALS); } + active-disk=[^,]*,? { STRIP(','); SAVESTRING("active-disk", active_disk, FROMEQUALS); } + hidden-disk=[^,]*,? { STRIP(','); SAVESTRING("hidden-disk", hidden_disk, FROMEQUALS); } ++suse-diskcache-disable-flush,? { DPC->suse_diskcache_disable_flush = 1; } + + /* the target magic parameter, eats the rest of the string */ + diff --git a/libxl.helper_done-crash.patch b/libxl.helper_done-crash.patch new file mode 100644 index 0000000..d45d14d --- /dev/null +++ b/libxl.helper_done-crash.patch @@ -0,0 +1,53 @@ +From fb0f946726ff8aaa15b76bc3ec3b18878851a447 Mon Sep 17 00:00:00 2001 +From: Olaf Hering <olaf@aepfle.de> +Date: Fri, 27 Sep 2019 18:06:12 +0200 +Subject: libxl: fix crash in helper_done due to uninitialized data + +A crash in helper_done, called from libxl_domain_suspend, was reported, +triggered by 'virsh migrate --live xen+ssh://host': + + #1 helper_done (...) at libxl_save_callout.c:371 + helper_failed + helper_stop + libxl__save_helper_abort + #2 check_all_finished (..., rc=-3) at libxl_stream_write.c:671 + stream_done + stream_complete + write_done + dc->callback == write_done + efd->func == datacopier_writable + #3 afterpoll_internal (...) at libxl_event.c:1269 + +This is triggered by a failed poll, the actual error was: + +libxl_aoutils.c:328:datacopier_writable: unexpected poll event 0x1c on fd 37 (should be POLLOUT) writing libxc header during copy of save v2 stream + +In this case revents in datacopier_writable is POLLHUP|POLLERR|POLLOUT, +which triggers datacopier_callback. In helper_done, +shs->completion_callback is still zero. libxl__xc_domain_save fills +dss.sws.shs. But that function is only called after stream_header_done. +Any error before that will leave dss partly uninitialized. + +Fix this crash by checking if ->completion_callback is valid. + +Signed-off-by: Olaf Hering <olaf@aepfle.de> +--- + tools/libxl/libxl_save_callout.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/tools/libxl/libxl_save_callout.c b/tools/libxl/libxl_save_callout.c +index 6452d70036..89a2f6ecf0 100644 +--- a/tools/libxl/libxl_save_callout.c ++++ b/tools/libxl/libxl_save_callout.c +@@ -368,8 +368,9 @@ static void helper_done(libxl__egc *egc, libxl__save_helper_state *shs) + assert(!libxl__save_helper_inuse(shs)); + + shs->egc = egc; +- shs->completion_callback(egc, shs->caller_state, +- shs->rc, shs->retval, shs->errnoval); ++ if (shs->completion_callback) ++ shs->completion_callback(egc, shs->caller_state, ++ shs->rc, shs->retval, shs->errnoval); + shs->egc = 0; + } + diff --git a/libxl.libxl__domain_pvcontrol.patch b/libxl.libxl__domain_pvcontrol.patch new file mode 100644 index 0000000..178e004 --- /dev/null +++ b/libxl.libxl__domain_pvcontrol.patch @@ -0,0 +1,27 @@ +References: bsc#1161480 + +Fix xl shutdown for HVM without PV drivers + +A return value of zero means no PV drivers. Restore the hunk which was removed. + +Fixes commit b183e180bce93037d3ef385a8c2338bbfb7f23d9 + +Signed-off-by: Olaf Hering <olaf@aepfle.de> +--- + tools/libxl/libxl_domain.c | 3 +++ + 1 file changed, 3 insertions(+) + +Index: xen-4.13.1-testing/tools/libxl/libxl_domain.c +=================================================================== +--- xen-4.13.1-testing.orig/tools/libxl/libxl_domain.c ++++ xen-4.13.1-testing/tools/libxl/libxl_domain.c +@@ -795,6 +795,9 @@ int libxl__domain_pvcontrol(libxl__egc * + if (rc < 0) + return rc; + ++ if (!rc) ++ return ERROR_NOPARAVIRT; ++ + shutdown_path = libxl__domain_pvcontrol_xspath(gc, domid); + if (!shutdown_path) + return ERROR_FAIL; diff --git a/libxl.max_event_channels.patch b/libxl.max_event_channels.patch new file mode 100644 index 0000000..6c7cffc --- /dev/null +++ b/libxl.max_event_channels.patch @@ -0,0 +1,16 @@ +References: bsc#1167608 +unbound limits for max_event_channels +1023 is too low for a three digit value of vcpus +it is difficult to make the value depend on the number of vcpus +adding devices at runtime also needs event channels +--- a/tools/libxl/libxl_create.c ++++ b/tools/libxl/libxl_create.c +@@ -224,7 +224,7 @@ int libxl__domain_build_info_setdefault( + b_info->iomem[i].gfn = b_info->iomem[i].start; + + if (!b_info->event_channels) +- b_info->event_channels = 1023; ++ b_info->event_channels = -1U; + + libxl__arch_domain_build_info_setdefault(gc, b_info); + libxl_defbool_setdefault(&b_info->dm_restrict, false); diff --git a/libxl.pvscsi.patch b/libxl.pvscsi.patch new file mode 100644 index 0000000..4b868ca --- /dev/null +++ b/libxl.pvscsi.patch @@ -0,0 +1,2538 @@ +Subject: [PATCH v12 1/2] libxl: add support for vscsi +Date: Wed, 13 Apr 2016 08:56:59 +0000 +Message-Id: <1460537820-15398-2-git-send-email-olaf@aepfle.de> +fate#316613 , https://fate.suse.com/316613 + +Port pvscsi support from xend to libxl: + + vscsi=['pdev,vdev{,options}'] + xl scsi-attach + xl scsi-detach + xl scsi-list + +Signed-off-by: Olaf Hering <olaf@aepfle.de> +Cc: Ian Jackson <ian.jackson@eu.citrix.com> +Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> +Cc: Ian Campbell <ian.campbell@citrix.com> +Cc: Wei Liu <wei.liu2@citrix.com> +--- + docs/man/xl.cfg.pod.5 | 56 + + docs/man/xl.pod.1 | 18 + tools/libxl/Makefile | 2 + tools/libxl/libxl.c | 9 + tools/libxl/libxl.h | 42 + + tools/libxl/libxl_create.c | 41 + + tools/libxl/libxl_device.c | 2 + tools/libxl/libxl_internal.h | 8 + tools/libxl/libxl_types.idl | 53 + + tools/libxl/libxl_types_internal.idl | 1 + tools/libxl/libxl_vscsi.c | 1169 +++++++++++++++++++++++++++++++++++ + tools/libxl/libxlu_vscsi.c | 667 +++++++++++++++++++ + tools/libxl/libxlutil.h | 19 + tools/libxl/xl.h | 3 + tools/libxl/xl_cmdimpl.c | 225 ++++++ + tools/libxl/xl_cmdtable.c | 15 + 16 files changed, 2326 insertions(+), 4 deletions(-) + +Index: xen-4.13.0-testing/docs/man/xl.cfg.5.pod.in +=================================================================== +--- xen-4.13.0-testing.orig/docs/man/xl.cfg.5.pod.in ++++ xen-4.13.0-testing/docs/man/xl.cfg.5.pod.in +@@ -756,6 +756,62 @@ frontend to backend. It can be used as a + For more information about the protocol, see + https://xenbits.xenproject.org/docs/unstable/misc/pvcalls.html. + ++=item B<vscsi=[ "VSCSI_SPEC_STRING", "VSCSI_SPEC_STRING", ...]> ++ ++Specifies the PVSCSI devices to be provided to the guest. PVSCSI passes ++SCSI devices from the backend domain to the guest. ++ ++Each VSCSI_SPEC_STRING consists of "pdev,vdev[,options]". ++'pdev' describes the physical device, preferable in a persistent format ++such as /dev/disk/by-*/*. ++'vdev' is the domU device in vHOST:CHANNEL:TARGET:LUN notation, all integers. ++'options' lists additional flags which a backend may recognize. ++ ++The supported values for "pdev" and "options" depends on the backend driver used: ++ ++=over 4 ++ ++=item B<Linux> ++ ++=over 4 ++ ++=item C<pdev> ++ ++The backend driver in the pvops kernel is part of the Linux-IO Target framework ++(LIO). As such the SCSI devices have to be configured first with the tools ++provided by this framework, such as a xen-scsiback aware targetcli. The "pdev" ++in domU.cfg has to refer to a config item in that framework instead of the raw ++device. Usually this is a WWN in the form of "naa.WWN:LUN". ++ ++=item C<options> ++ ++No options recognized. ++ ++=back ++ ++=item B<Linux based on classic Xen kernel> ++ ++=over 4 ++ ++=item C<pdev> ++ ++The dom0 device in either /dev/scsidev or pHOST:CHANNEL:TARGET:LUN notation. ++ ++It's recommended to use persistent names "/dev/disk/by-*/*" to refer to a "pdev". ++The toolstack will translate this internally to "h:c:t:l" notation, which is how ++the backend driver will access the device. Using the "h:c:t:l" notation for ++"pdev" in domU.cfg is discouraged because this value will change across reboots, ++depending on the detection order in the OS. ++ ++=item C<options> ++ ++Currently only the option value "feature-host" is recognized. SCSI command ++emulation in backend driver is bypassed when "feature-host" is specified. ++ ++=back ++ ++=back ++ + =item B<vfb=[ "VFB_SPEC_STRING", "VFB_SPEC_STRING", ...]> + + Specifies the paravirtual framebuffer devices which should be supplied +Index: xen-4.13.0-testing/docs/man/xl.1.pod.in +=================================================================== +--- xen-4.13.0-testing.orig/docs/man/xl.1.pod.in ++++ xen-4.13.0-testing/docs/man/xl.1.pod.in +@@ -1575,6 +1575,24 @@ List virtual network interfaces for a do + + =back + ++=head2 PVSCSI DEVICES ++ ++=over 4 ++ ++=item B<scsi-attach> I<domain-id> I<pdev> I<vdev>,I<[feature-host]> ++ ++Creates a new vscsi device in the domain specified by I<domain-id>. ++ ++=item B<scsi-detach> I<domain-id> I<vdev> ++ ++Removes the vscsi device from domain specified by I<domain-id>. ++ ++=item B<scsi-list> I<domain-id> I<[domain-id] ...> ++ ++List vscsi devices for the domain specified by I<domain-id>. ++ ++=back ++ + =head1 PCI PASS-THROUGH + + =over 4 +Index: xen-4.13.0-testing/tools/libxl/Makefile +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/Makefile ++++ xen-4.13.0-testing/tools/libxl/Makefile +@@ -127,6 +127,7 @@ endif + LIBXL_LIBS += -lyajl + + LIBXL_OBJS = flexarray.o libxl.o libxl_create.o libxl_dm.o libxl_pci.o \ ++ libxl_vscsi.o \ + libxl_dom.o libxl_exec.o libxl_xshelp.o libxl_device.o \ + libxl_internal.o libxl_utils.o libxl_uuid.o \ + libxl_json.o libxl_aoutils.o libxl_numa.o libxl_vnuma.o \ +@@ -173,6 +174,7 @@ AUTOINCS= libxlu_cfg_y.h libxlu_cfg_l.h + AUTOSRCS= libxlu_cfg_y.c libxlu_cfg_l.c + AUTOSRCS += _libxl_save_msgs_callout.c _libxl_save_msgs_helper.c + LIBXLU_OBJS = libxlu_cfg_y.o libxlu_cfg_l.o libxlu_cfg.o \ ++ libxlu_vscsi.o \ + libxlu_disk_l.o libxlu_disk.o libxlu_vif.o libxlu_pci.o + $(LIBXLU_OBJS): CFLAGS += $(CFLAGS_libxenctrl) # For xentoollog.h + +Index: xen-4.13.0-testing/tools/libxl/libxl.h +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl.h ++++ xen-4.13.0-testing/tools/libxl/libxl.h +@@ -1134,6 +1134,13 @@ void libxl_mac_copy(libxl_ctx *ctx, libx + #define LIBXL_HAVE_PCITOPOLOGY 1 + + /* ++ * LIBXL_HAVE_VSCSI ++ * ++ * If this is defined, the PV SCSI feature is supported. ++ */ ++#define LIBXL_HAVE_VSCSI 1 ++ ++/* + * LIBXL_HAVE_SOCKET_BITMAP + * + * If this is defined, then libxl_socket_bitmap_alloc and +@@ -2150,6 +2157,41 @@ int libxl_device_channel_getinfo(libxl_c + const libxl_device_channel *channel, + libxl_channelinfo *channelinfo); + ++/* Virtual SCSI */ ++int libxl_device_vscsictrl_add(libxl_ctx *ctx, uint32_t domid, ++ libxl_device_vscsictrl *vscsi, ++ const libxl_asyncop_how *ao_how) ++ LIBXL_EXTERNAL_CALLERS_ONLY; ++int libxl_device_vscsictrl_remove(libxl_ctx *ctx, uint32_t domid, ++ libxl_device_vscsictrl *vscsi, ++ const libxl_asyncop_how *ao_how) ++ LIBXL_EXTERNAL_CALLERS_ONLY; ++int libxl_device_vscsictrl_destroy(libxl_ctx *ctx, uint32_t domid, ++ libxl_device_vscsictrl *vscsi, ++ const libxl_asyncop_how *ao_how) ++ LIBXL_EXTERNAL_CALLERS_ONLY; ++ ++libxl_device_vscsictrl *libxl_device_vscsictrl_list(libxl_ctx *ctx, uint32_t domid, int *num); ++int libxl_device_vscsictrl_getinfo(libxl_ctx *ctx, uint32_t domid, ++ libxl_device_vscsictrl *vscsictrl, ++ libxl_device_vscsidev *vscsidev, ++ libxl_vscsiinfo *vscsiinfo); ++int libxl_device_vscsidev_add(libxl_ctx *ctx, uint32_t domid, ++ libxl_device_vscsidev *dev, ++ const libxl_asyncop_how *ao_how) ++ LIBXL_EXTERNAL_CALLERS_ONLY; ++/* Remove vscsidev connected to vscsictrl */ ++int libxl_device_vscsidev_remove(libxl_ctx *ctx, uint32_t domid, ++ libxl_device_vscsidev *dev, ++ const libxl_asyncop_how *ao_how) ++ LIBXL_EXTERNAL_CALLERS_ONLY; ++void libxl_device_vscsictrl_append_vscsidev(libxl_ctx *ctx, ++ libxl_device_vscsictrl *ctrl, ++ libxl_device_vscsidev *dev); ++void libxl_device_vscsictrl_remove_vscsidev(libxl_ctx *ctx, ++ libxl_device_vscsictrl *ctrl, ++ unsigned int idx); ++ + /* Virtual TPMs */ + int libxl_device_vtpm_add(libxl_ctx *ctx, uint32_t domid, libxl_device_vtpm *vtpm, + const libxl_asyncop_how *ao_how) +Index: xen-4.13.0-testing/tools/libxl/libxl_create.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_create.c ++++ xen-4.13.0-testing/tools/libxl/libxl_create.c +@@ -1655,6 +1655,7 @@ const libxl__device_type *device_type_tb + &libxl__disk_devtype, + &libxl__nic_devtype, + &libxl__vtpm_devtype, ++ &libxl__vscsictrl_devtype, + &libxl__usbctrl_devtype, + &libxl__usbdev_devtype, + &libxl__pcidev_devtype, +Index: xen-4.13.0-testing/tools/libxl/libxl_internal.h +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_internal.h ++++ xen-4.13.0-testing/tools/libxl/libxl_internal.h +@@ -3936,6 +3936,7 @@ extern const libxl__device_type libxl__v + extern const libxl__device_type libxl__disk_devtype; + extern const libxl__device_type libxl__nic_devtype; + extern const libxl__device_type libxl__vtpm_devtype; ++extern const libxl__device_type libxl__vscsictrl_devtype; + extern const libxl__device_type libxl__usbctrl_devtype; + extern const libxl__device_type libxl__usbdev_devtype; + extern const libxl__device_type libxl__pcidev_devtype; +Index: xen-4.13.0-testing/tools/libxl/libxl_types.idl +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_types.idl ++++ xen-4.13.0-testing/tools/libxl/libxl_types.idl +@@ -929,6 +929,43 @@ libxl_device_vsnd = Struct("device_vsnd" + ("pcms", Array(libxl_vsnd_pcm, "num_vsnd_pcms")) + ]) + ++libxl_vscsi_pdev_type = Enumeration("vscsi_pdev_type", [ ++ (0, "INVALID"), ++ (1, "HCTL"), ++ (2, "WWN"), ++ ]) ++ ++libxl_vscsi_hctl = Struct("vscsi_hctl", [ ++ ("hst", uint32), ++ ("chn", uint32), ++ ("tgt", uint32), ++ ("lun", uint64), ++ ]) ++ ++libxl_vscsi_pdev = Struct("vscsi_pdev", [ ++ ("p_devname", string), ++ ("u", KeyedUnion(None, libxl_vscsi_pdev_type, "type", ++ [ ++ ("invalid", None), ++ ("hctl", Struct(None, [("m", libxl_vscsi_hctl)])), ++ ("wwn", Struct(None, [("m", string)])), ++ ])), ++ ]) ++ ++libxl_device_vscsidev = Struct("device_vscsidev", [ ++ ("vscsidev_id", libxl_devid), ++ ("pdev", libxl_vscsi_pdev), ++ ("vdev", libxl_vscsi_hctl), ++ ]) ++ ++libxl_device_vscsictrl = Struct("device_vscsictrl", [ ++ ("backend_domid", libxl_domid), ++ ("devid", libxl_devid), ++ ("idx", libxl_devid), ++ ("vscsidevs", Array(libxl_device_vscsidev, "num_vscsidevs")), ++ ("scsi_raw_cmds", libxl_defbool), ++ ]) ++ + libxl_domain_config = Struct("domain_config", [ + ("c_info", libxl_domain_create_info), + ("b_info", libxl_domain_build_info), +@@ -940,6 +977,7 @@ libxl_domain_config = Struct("domain_con + ("dtdevs", Array(libxl_device_dtdev, "num_dtdevs")), + ("vfbs", Array(libxl_device_vfb, "num_vfbs")), + ("vkbs", Array(libxl_device_vkb, "num_vkbs")), ++ ("vscsictrls", Array(libxl_device_vscsictrl, "num_vscsictrls")), + ("vtpms", Array(libxl_device_vtpm, "num_vtpms")), + ("p9s", Array(libxl_device_p9, "num_p9s")), + ("pvcallsifs", Array(libxl_device_pvcallsif, "num_pvcallsifs")), +@@ -981,6 +1019,21 @@ libxl_nicinfo = Struct("nicinfo", [ + ("rref_rx", integer), + ], dir=DIR_OUT) + ++libxl_vscsiinfo = Struct("vscsiinfo", [ ++ ("backend", string), ++ ("backend_id", uint32), ++ ("frontend", string), ++ ("frontend_id", uint32), ++ ("devid", libxl_devid), ++ ("pdev", libxl_vscsi_pdev), ++ ("vdev", libxl_vscsi_hctl), ++ ("idx", libxl_devid), ++ ("vscsidev_id", libxl_devid), ++ ("scsi_raw_cmds", bool), ++ ("vscsictrl_state", integer), ++ ("vscsidev_state", integer), ++ ], dir=DIR_OUT) ++ + libxl_vtpminfo = Struct("vtpminfo", [ + ("backend", string), + ("backend_id", uint32), +Index: xen-4.13.0-testing/tools/libxl/libxl_types_internal.idl +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_types_internal.idl ++++ xen-4.13.0-testing/tools/libxl/libxl_types_internal.idl +@@ -32,6 +32,7 @@ libxl__device_kind = Enumeration("device + (14, "PVCALLS"), + (15, "VSND"), + (16, "VINPUT"), ++ (17, "VSCSI"), + ]) + + libxl__console_backend = Enumeration("console_backend", [ +Index: xen-4.13.0-testing/tools/libxl/libxl_vscsi.c +=================================================================== +--- /dev/null ++++ xen-4.13.0-testing/tools/libxl/libxl_vscsi.c +@@ -0,0 +1,1185 @@ ++/* ++ * Copyright (C) 2016 SUSE Linux GmbH ++ * Author Olaf Hering <olaf@aepfle.de> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU Lesser General Public License as published ++ * by the Free Software Foundation; version 2.1 only. with the special ++ * exception on linking described in file LICENSE. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU Lesser General Public License for more details. ++ */ ++#include "libxl_osdeps.h" /* must come before any other headers */ ++#include "libxl_internal.h" ++ ++typedef struct vscsidev_rm { ++ libxl_device_vscsictrl *ctrl; ++ char *be_path; ++ int dev_wait; ++ libxl__device dev; ++} vscsidev_rm_t; ++ ++typedef void (*vscsictrl_add)(libxl__egc *egc, ++ libxl__ao_device *aodev, ++ libxl_device_vscsictrl *vscsictrl, ++ libxl_domain_config *d_config); ++ ++#define LIBXL_CTRL_INDEX "libxl_ctrl_index" ++ ++#define XLU_WWN_LEN 16 ++ ++static int vscsi_parse_hctl(char *str, libxl_vscsi_hctl *hctl) ++{ ++ unsigned int hst, chn, tgt; ++ unsigned long long lun; ++ ++ if (sscanf(str, "%u:%u:%u:%llu", &hst, &chn, &tgt, &lun) != 4) ++ return ERROR_INVAL; ++ ++ hctl->hst = hst; ++ hctl->chn = chn; ++ hctl->tgt = tgt; ++ hctl->lun = lun; ++ return 0; ++} ++ ++/* Translate p-dev back into pdev.type */ ++static bool vscsi_parse_pdev(libxl__gc *gc, libxl_device_vscsidev *dev, ++ char *c, char *p, char *v) ++{ ++ libxl_vscsi_hctl hctl; ++ unsigned long long lun; ++ char wwn[XLU_WWN_LEN + 1]; ++ bool parsed_ok = false; ++ ++ libxl_vscsi_hctl_init(&hctl); ++ ++ dev->pdev.p_devname = libxl__strdup(NOGC, c); ++ ++ if (strncmp(p, "naa.", 4) == 0) { ++ /* WWN as understood by pvops */ ++ memset(wwn, 0, sizeof(wwn)); ++ if (sscanf(p, "naa.%16[0-9a-fA-F]:%llu", wwn, &lun) == 2) { ++ libxl_vscsi_pdev_init_type(&dev->pdev, LIBXL_VSCSI_PDEV_TYPE_WWN); ++ dev->pdev.u.wwn.m = libxl__strdup(NOGC, p); ++ parsed_ok = true; ++ } ++ } else if (vscsi_parse_hctl(p, &hctl) == 0) { ++ /* Either xenlinux, or pvops with properly configured alias in sysfs */ ++ libxl_vscsi_pdev_init_type(&dev->pdev, LIBXL_VSCSI_PDEV_TYPE_HCTL); ++ libxl_vscsi_hctl_copy(CTX, &dev->pdev.u.hctl.m, &hctl); ++ parsed_ok = true; ++ } ++ ++ if (parsed_ok && vscsi_parse_hctl(v, &dev->vdev) != 0) ++ parsed_ok = false; ++ ++ libxl_vscsi_hctl_dispose(&hctl); ++ ++ return parsed_ok; ++} ++ ++static bool vscsi_fill_dev(libxl__gc *gc, ++ xs_transaction_t t, ++ const char *devs_path, ++ const char *dev_dir, ++ libxl_device_vscsidev *dev) ++{ ++ char *path, *c, *p, *v, *s; ++ unsigned int devid; ++ int r; ++ ++ r = sscanf(dev_dir, "dev-%u", &devid); ++ if (r != 1) { ++ LOG(ERROR, "expected dev-N, got '%s'", dev_dir); ++ return false; ++ } ++ dev->vscsidev_id = devid; ++ ++ path = GCSPRINTF("%s/%s", devs_path, dev_dir); ++ c = libxl__xs_read(gc, t, GCSPRINTF("%s/p-devname", path)); ++ p = libxl__xs_read(gc, t, GCSPRINTF("%s/p-dev", path)); ++ v = libxl__xs_read(gc, t, GCSPRINTF("%s/v-dev", path)); ++ s = libxl__xs_read(gc, t, GCSPRINTF("%s/state", path)); ++ LOG(DEBUG, "%s/state is %s", path, s); ++ if (!(c && p && v && s)) { ++ LOG(ERROR, "p-devname '%s' p-dev '%s' v-dev '%s'", c, p, v); ++ return false; ++ } ++ ++ if (!vscsi_parse_pdev(gc, dev, c, p, v)) { ++ LOG(ERROR, "failed to parse %s: %s %s %s %s", path, c, p, v, s); ++ return false; ++ } ++ ++ return true; ++} ++ ++static bool vscsi_fill_ctrl(libxl__gc *gc, ++ uint32_t tgt_domid, ++ xs_transaction_t t, ++ const char *fe_path, ++ const char *dir, ++ libxl_device_vscsictrl *ctrl) ++{ ++ libxl_device_vscsidev dev; ++ char *tmp, *devs_path; ++ const char *be_path; ++ char **dev_dirs; ++ unsigned int ndev_dirs, dev_dir; ++ uint32_t be_domid, fe_domid; ++ char be_type[16]; ++ int r; ++ bool ok; ++ ++ ctrl->devid = atoi(dir); ++ ++ tmp = GCSPRINTF("%s/%s/backend", fe_path, dir); ++ r = libxl__xs_read_checked(gc, t, tmp, &be_path); ++ if (r || !be_path) ++ goto out; ++ ++ r = sscanf(be_path, "/local/domain/%u/backend/%15[^/]/%u", ++ &be_domid, be_type, &fe_domid); ++ if (r != 3 || fe_domid != tgt_domid) ++ goto out; ++ ctrl->backend_domid = be_domid; ++ ++ tmp = libxl__xs_read(gc, t, GCSPRINTF("%s/" LIBXL_CTRL_INDEX, be_path)); ++ if (!tmp) ++ goto out; ++ ctrl->idx = atoi(tmp); ++ ++ tmp = libxl__xs_read(gc, t, GCSPRINTF("%s/feature-host", be_path)); ++ if (!tmp) ++ goto out; ++ ok = atoi(tmp) != 0; ++ libxl_defbool_set(&ctrl->scsi_raw_cmds, ok); ++ ++ ok = true; ++ devs_path = GCSPRINTF("%s/vscsi-devs", be_path); ++ dev_dirs = libxl__xs_directory(gc, t, devs_path, &ndev_dirs); ++ for (dev_dir = 0; dev_dirs && dev_dir < ndev_dirs; dev_dir++) { ++ libxl_device_vscsidev_init(&dev); ++ ok = vscsi_fill_dev(gc, t, devs_path, dev_dirs[dev_dir], &dev); ++ if (ok == true) ++ ok = ctrl->idx == dev.vdev.hst; ++ if (ok == true) ++ libxl_device_vscsictrl_append_vscsidev(CTX, ctrl, &dev); ++ libxl_device_vscsidev_dispose(&dev); ++ if (ok == false) ++ break; ++ } ++ ++ return ok; ++ ++out: ++ libxl_defbool_set(&ctrl->scsi_raw_cmds, false); ++ return false; ++} ++ ++/* return an array of vscsictrls with num elements */ ++static int vscsi_collect_ctrls(libxl__gc *gc, ++ uint32_t domid, ++ libxl_device_vscsictrl **ctrls, ++ int *num) ++{ ++ xs_transaction_t t = XBT_NULL; ++ libxl_device_vscsictrl ctrl; ++ char *fe_path; ++ char **dirs; ++ unsigned int ndirs = 0, dir; ++ int rc; ++ ++ fe_path = GCSPRINTF("%s/device/vscsi", libxl__xs_get_dompath(gc, domid)); ++ ++ for (;;) { ++ *num = 0; ++ ++ rc = libxl__xs_transaction_start(gc, &t); ++ if (rc) goto out; ++ ++ dirs = libxl__xs_directory(gc, t, fe_path, &ndirs); ++ /* Nothing to do */ ++ if (!(dirs && ndirs)) ++ break; ++ ++ /* List of ctrls to be returned to the caller */ ++ *ctrls = libxl__malloc(NOGC, ndirs * sizeof(**ctrls)); ++ ++ for (dir = 0; dir < ndirs; dir++) { ++ libxl_device_vscsictrl_init(*ctrls + dir); ++ ++ libxl_device_vscsictrl_init(&ctrl); ++ if (vscsi_fill_ctrl(gc, domid, t, fe_path, dirs[dir], &ctrl)) { ++ libxl_device_vscsictrl_copy(CTX, *ctrls + *num, &ctrl); ++ (*num)++; ++ } ++ libxl_device_vscsictrl_dispose(&ctrl); ++ } ++ ++ rc = libxl__xs_transaction_commit(gc, &t); ++ if (!rc) break; ++ ++ if (rc < 0) { ++ for (dir = 0; dir < ndirs; dir++) ++ libxl_device_vscsictrl_dispose(*ctrls + dir); ++ free(*ctrls); ++ *ctrls = NULL; ++ *num = 0; ++ goto out; ++ } ++ } ++ ++out: ++ libxl__xs_transaction_abort(gc, &t); ++ return rc; ++} ++ ++/* Simplified variant of device_addrm_aocomplete */ ++static void vscsi_aodev_complete(libxl__egc *egc, libxl__ao_device *aodev) ++{ ++ STATE_AO_GC(aodev->ao); ++ libxl__ao_complete(egc, ao, aodev->rc); ++} ++ ++static int libxl__device_from_vscsictrl(libxl__gc *gc, uint32_t domid, ++ libxl_device_vscsictrl *vscsictrl, ++ libxl__device *device) ++{ ++ device->backend_devid = vscsictrl->devid; ++ device->backend_domid = vscsictrl->backend_domid; ++ device->devid = vscsictrl->devid; ++ device->domid = domid; ++ device->backend_kind = LIBXL__DEVICE_KIND_VSCSI; ++ device->kind = LIBXL__DEVICE_KIND_VSCSI; ++ ++ return 0; ++} ++ ++static int vscsictrl_remove(libxl_ctx *ctx, ++ uint32_t domid, ++ libxl_device_vscsictrl *vscsictrl, ++ const libxl_asyncop_how *ao_how, ++ int force) ++{ ++ AO_CREATE(ctx, domid, ao_how); ++ libxl__device *device; ++ libxl__ao_device *aodev; ++ int rc; ++ ++ GCNEW(device); ++ rc = libxl__device_from_vscsictrl(gc, domid, vscsictrl, device); ++ if (rc != 0) goto out; ++ ++ GCNEW(aodev); ++ libxl__prepare_ao_device(ao, aodev); ++ aodev->action = LIBXL__DEVICE_ACTION_REMOVE; ++ aodev->dev = device; ++ aodev->callback = vscsi_aodev_complete; ++ aodev->force = force; ++ libxl__initiate_device_generic_remove(egc, aodev); ++ ++out: ++ if (rc) return AO_CREATE_FAIL(rc); ++ return AO_INPROGRESS; ++} ++ ++static int vscsidev_be_set_rm(libxl__gc *gc, ++ libxl_device_vscsidev *v, ++ flexarray_t *back) ++{ ++ int rc; ++ char *dir; ++ ++ dir = GCSPRINTF("vscsi-devs/dev-%u", v->vscsidev_id); ++ rc = flexarray_append_pair(back, ++ GCSPRINTF("%s/state", dir), ++ GCSPRINTF("%d", XenbusStateClosing)); ++ return rc; ++} ++ ++static int vscsictrl_reconfigure_rm(libxl__ao_device *aodev, ++ const char *state_path, ++ int *be_wait) ++ ++{ ++ STATE_AO_GC(aodev->ao); ++ vscsidev_rm_t *vscsidev_rm = CONTAINER_OF(aodev->dev, *vscsidev_rm, dev); ++ libxl_device_vscsictrl *ctrl = vscsidev_rm->ctrl; ++ const char *be_path = vscsidev_rm->be_path; ++ int rc, i, be_state; ++ char *dev_path, *state_val; ++ flexarray_t *back; ++ libxl_device_vscsidev *v; ++ xs_transaction_t t = XBT_NULL; ++ ++ /* Prealloc key+value: 1 toplevel + 1 per device */ ++ i = 2 * (1 + 1); ++ back = flexarray_make(gc, i, 1); ++ ++ for (;;) { ++ rc = libxl__xs_transaction_start(gc, &t); ++ if (rc) goto out; ++ ++ state_val = libxl__xs_read(gc, t, state_path); ++ LOG(DEBUG, "%s is %s", state_path, state_val); ++ if (!state_val) { ++ rc = ERROR_NOTFOUND; ++ goto out; ++ } ++ ++ be_state = atoi(state_val); ++ switch (be_state) { ++ case XenbusStateUnknown: ++ case XenbusStateInitialising: ++ case XenbusStateClosing: ++ case XenbusStateClosed: ++ default: ++ /* The backend is in a bad state */ ++ rc = ERROR_FAIL; ++ goto out; ++ case XenbusStateInitialised: ++ case XenbusStateReconfiguring: ++ case XenbusStateReconfigured: ++ /* Backend is still busy, caller has to retry */ ++ rc = ERROR_NOT_READY; ++ goto out; ++ case XenbusStateInitWait: ++ /* The frontend did not connect yet */ ++ *be_wait = XenbusStateInitWait; ++ vscsidev_rm->dev_wait = XenbusStateClosing; ++ break; ++ case XenbusStateConnected: ++ /* The backend can handle reconfigure */ ++ *be_wait = XenbusStateConnected; ++ vscsidev_rm->dev_wait = XenbusStateClosed; ++ flexarray_append_pair(back, "state", ++ GCSPRINTF("%d", XenbusStateReconfiguring)); ++ break; ++ } ++ ++ /* Append new vscsidev or skip existing */ ++ for (i = 0; i < ctrl->num_vscsidevs; i++) { ++ unsigned int nb = 0; ++ v = ctrl->vscsidevs + i; ++ dev_path = GCSPRINTF("%s/vscsi-devs/dev-%u", be_path, v->vscsidev_id); ++ if (!libxl__xs_directory(gc, XBT_NULL, dev_path, &nb)) { ++ /* FIXME Sanity check */ ++ LOG(DEBUG, "%s does not exist anymore", dev_path); ++ continue; ++ } ++ rc = vscsidev_be_set_rm(gc, v, back); ++ if (rc) goto out; ++ } ++ ++ libxl__xs_writev(gc, t, be_path, libxl__xs_kvs_of_flexarray(gc, back)); ++ ++ rc = libxl__xs_transaction_commit(gc, &t); ++ if (!rc) break; ++ if (rc < 0) goto out; ++ } ++ ++ rc = 0; ++ ++out: ++ libxl__xs_transaction_abort(gc, &t); ++ return rc; ++} ++ ++static void vscsictrl_remove_be_dev(libxl__gc *gc, ++ libxl_device_vscsidev *v, ++ xs_transaction_t t, ++ const char *be_path, ++ int dev_wait) ++{ ++ char *dir, *path, *val; ++ ++ dir = GCSPRINTF("%s/vscsi-devs/dev-%u", be_path, v->vscsidev_id); ++ path = GCSPRINTF("%s/state", dir); ++ val = libxl__xs_read(gc, t, path); ++ LOG(DEBUG, "%s is %s", path, val); ++ if (val && strcmp(val, GCSPRINTF("%d", dev_wait)) == 0) { ++ xs_rm(CTX->xsh, t, GCSPRINTF("%s/state", dir)); ++ xs_rm(CTX->xsh, t, GCSPRINTF("%s/p-devname", dir)); ++ xs_rm(CTX->xsh, t, GCSPRINTF("%s/p-dev", dir)); ++ xs_rm(CTX->xsh, t, GCSPRINTF("%s/v-dev", dir)); ++ xs_rm(CTX->xsh, t, dir); ++ } else { ++ LOG(ERROR, "%s has %s, expected %d", path, val, dev_wait); ++ } ++} ++ ++static void vscsictrl_remove_be_cb(libxl__egc *egc, ++ libxl__ev_devstate *ds, ++ int rc) ++{ ++ libxl__ao_device *aodev = CONTAINER_OF(ds, *aodev, backend_ds); ++ STATE_AO_GC(aodev->ao); ++ vscsidev_rm_t *vscsidev_rm = CONTAINER_OF(aodev->dev, *vscsidev_rm, dev); ++ libxl_device_vscsictrl *ctrl = vscsidev_rm->ctrl; ++ xs_transaction_t t = XBT_NULL; ++ int i; ++ ++ for (;;) { ++ rc = libxl__xs_transaction_start(gc, &t); ++ if (rc) goto out; ++ ++ for (i = 0; i < ctrl->num_vscsidevs; i++) ++ vscsictrl_remove_be_dev(gc, ctrl->vscsidevs + i, t, ++ vscsidev_rm->be_path, ++ vscsidev_rm->dev_wait); ++ ++ rc = libxl__xs_transaction_commit(gc, &t); ++ if (!rc) break; ++ if (rc < 0) goto out; ++ } ++ ++out: ++ aodev->rc = rc; ++ aodev->callback(egc, aodev); ++} ++ ++static void vscsidev__remove(libxl__egc *egc, libxl__ao_device *aodev) ++{ ++ STATE_AO_GC(aodev->ao); ++ vscsidev_rm_t *vscsidev_rm = CONTAINER_OF(aodev->dev, *vscsidev_rm, dev); ++ char *state_path; ++ int rc, be_wait; ++ ++ vscsidev_rm->be_path = libxl__device_backend_path(gc, aodev->dev); ++ state_path = GCSPRINTF("%s/state", vscsidev_rm->be_path); ++ ++ rc = vscsictrl_reconfigure_rm(aodev, state_path, &be_wait); ++ if (rc) goto out; ++ ++ rc = libxl__ev_devstate_wait(ao, &aodev->backend_ds, ++ vscsictrl_remove_be_cb, ++ state_path, be_wait, ++ LIBXL_DESTROY_TIMEOUT * 1000); ++ if (rc) { ++ LOG(ERROR, "unable to wait for %s", state_path); ++ goto out; ++ } ++ ++ return; ++ ++out: ++ aodev->rc = rc; ++ /* Notify that this is done */ ++ aodev->callback(egc, aodev); ++} ++ ++static int vscsidev_remove(libxl_ctx *ctx, ++ uint32_t domid, ++ libxl_device_vscsictrl *vscsictrl, ++ const libxl_asyncop_how *ao_how) ++{ ++ AO_CREATE(ctx, domid, ao_how); ++ libxl__ao_device *aodev; ++ vscsidev_rm_t *vscsidev_rm; ++ libxl__device *device; ++ int rc; ++ ++ GCNEW(aodev); ++ ++ GCNEW(vscsidev_rm); ++ vscsidev_rm->ctrl = vscsictrl; ++ device = &vscsidev_rm->dev; ++ ++ rc = libxl__device_from_vscsictrl(gc, domid, vscsictrl, device); ++ if (rc) goto out; ++ ++ libxl__prepare_ao_device(ao, aodev); ++ aodev->dev = device; ++ aodev->action = LIBXL__DEVICE_ACTION_REMOVE; ++ aodev->callback = vscsi_aodev_complete; ++ ++ vscsidev__remove(egc, aodev); ++ ++out: ++ if (rc) AO_CREATE_FAIL(rc); ++ return AO_INPROGRESS; ++} ++ ++static int vscsidev_backend_add(libxl__gc *gc, ++ libxl_device_vscsidev *v, ++ flexarray_t *back) ++{ ++ int rc; ++ char *dir; ++ unsigned int hst, chn, tgt; ++ unsigned long long lun; ++ ++ ++ dir = GCSPRINTF("vscsi-devs/dev-%u", v->vscsidev_id); ++ switch (v->pdev.type) { ++ case LIBXL_VSCSI_PDEV_TYPE_WWN: ++ flexarray_append_pair(back, ++ GCSPRINTF("%s/p-dev", dir), ++ v->pdev.u.wwn.m); ++ break; ++ case LIBXL_VSCSI_PDEV_TYPE_HCTL: ++ hst = v->pdev.u.hctl.m.hst; ++ chn = v->pdev.u.hctl.m.chn; ++ tgt = v->pdev.u.hctl.m.tgt; ++ lun = v->pdev.u.hctl.m.lun; ++ flexarray_append_pair(back, ++ GCSPRINTF("%s/p-dev", dir), ++ GCSPRINTF("%u:%u:%u:%llu", hst, chn, tgt, lun)); ++ break; ++ case LIBXL_VSCSI_PDEV_TYPE_INVALID: ++ /* fallthrough */ ++ default: ++ rc = ERROR_FAIL; ++ goto out; ++ } ++ flexarray_append_pair(back, ++ GCSPRINTF("%s/p-devname", dir), ++ v->pdev.p_devname); ++ hst = v->vdev.hst; ++ chn = v->vdev.chn; ++ tgt = v->vdev.tgt; ++ lun = v->vdev.lun; ++ flexarray_append_pair(back, ++ GCSPRINTF("%s/v-dev", dir), ++ GCSPRINTF("%u:%u:%u:%llu", hst, chn, tgt, lun)); ++ flexarray_append_pair(back, ++ GCSPRINTF("%s/state", dir), ++ GCSPRINTF("%d", XenbusStateInitialising)); ++ rc = 0; ++out: ++ return rc; ++} ++ ++static void vscsictrl_new_backend(libxl__egc *egc, ++ libxl__ao_device *aodev, ++ libxl_device_vscsictrl *vscsictrl, ++ libxl_domain_config *d_config) ++{ ++ STATE_AO_GC(aodev->ao); ++ int rc, i; ++ flexarray_t *back; ++ flexarray_t *front; ++ libxl_device_vscsidev *v; ++ xs_transaction_t t = XBT_NULL; ++ ++ /* Prealloc key+value: 4 toplevel + 4 per device */ ++ i = 2 * (4 + (4 * vscsictrl->num_vscsidevs)); ++ back = flexarray_make(gc, i, 1); ++ front = flexarray_make(gc, 2 * 2, 1); ++ ++ flexarray_append_pair(back, ++ "frontend-id", ++ GCSPRINTF("%d", aodev->dev->domid)); ++ flexarray_append_pair(back, "online", "1"); ++ flexarray_append_pair(back, ++ "state", ++ GCSPRINTF("%d", XenbusStateInitialising)); ++ flexarray_append_pair(back, ++ LIBXL_CTRL_INDEX, ++ GCSPRINTF("%d", vscsictrl->idx)); ++ flexarray_append_pair(back, "feature-host", ++ libxl_defbool_val(vscsictrl->scsi_raw_cmds) ? ++ "1" : "0"); ++ ++ flexarray_append_pair(front, ++ "backend-id", ++ GCSPRINTF("%d", vscsictrl->backend_domid)); ++ flexarray_append_pair(front, ++ "state", ++ GCSPRINTF("%d", XenbusStateInitialising)); ++ ++ for (i = 0; i < vscsictrl->num_vscsidevs; i++) { ++ v = vscsictrl->vscsidevs + i; ++ rc = vscsidev_backend_add(gc, v, back); ++ if (rc) goto out; ++ } ++ ++ for (;;) { ++ rc = libxl__xs_transaction_start(gc, &t); ++ if (rc) goto out; ++ ++ rc = libxl__device_exists(gc, t, aodev->dev); ++ if (rc < 0) goto out; ++ if (rc == 1) { /* already exists in xenstore */ ++ LOG(ERROR, "device already exists in xenstore"); ++ rc = ERROR_DEVICE_EXISTS; ++ goto out; ++ } ++ ++ if (aodev->update_json) { ++ rc = libxl__set_domain_configuration(gc, aodev->dev->domid, d_config); ++ if (rc) goto out; ++ } ++ ++ libxl__device_generic_add(gc, t, aodev->dev, ++ libxl__xs_kvs_of_flexarray(gc, back), ++ libxl__xs_kvs_of_flexarray(gc, front), ++ NULL); ++ ++ rc = libxl__xs_transaction_commit(gc, &t); ++ if (!rc) break; ++ if (rc < 0) goto out; ++ } ++ ++ libxl__wait_device_connection(egc, aodev); ++ return; ++ ++out: ++ libxl__xs_transaction_abort(gc, &t); ++ aodev->rc = rc; ++ aodev->callback(egc, aodev); ++} ++ ++static void vscsictrl_do_reconfigure_add_cb(libxl__egc *egc, ++ libxl__ev_devstate *ds, ++ int rc) ++{ ++ libxl__ao_device *aodev = CONTAINER_OF(ds, *aodev, backend_ds); ++ STATE_AO_GC(aodev->ao); ++ aodev->rc = rc; ++ aodev->callback(egc, aodev); ++} ++ ++static void vscsictrl_do_reconfigure_add(libxl__egc *egc, ++ libxl__ao_device *aodev, ++ libxl_device_vscsictrl *vscsictrl, ++ libxl_domain_config *d_config) ++{ ++ STATE_AO_GC(aodev->ao); ++ int rc, i, be_state, be_wait; ++ const char *be_path; ++ char *dev_path, *state_path, *state_val; ++ flexarray_t *back; ++ libxl_device_vscsidev *v; ++ xs_transaction_t t = XBT_NULL; ++ bool do_reconfigure = false; ++ ++ /* Prealloc key+value: 1 toplevel + 4 per device */ ++ i = 2 * (1 + (4 * vscsictrl->num_vscsidevs)); ++ back = flexarray_make(gc, i, 1); ++ ++ be_path = libxl__device_backend_path(gc, aodev->dev); ++ state_path = GCSPRINTF("%s/state", be_path); ++ ++ for (;;) { ++ rc = libxl__xs_transaction_start(gc, &t); ++ if (rc) goto out; ++ ++ state_val = libxl__xs_read(gc, t, state_path); ++ LOG(DEBUG, "%s is %s", state_path, state_val); ++ if (!state_val) { ++ rc = ERROR_FAIL; ++ goto out; ++ } ++ ++ be_state = atoi(state_val); ++ switch (be_state) { ++ case XenbusStateUnknown: ++ case XenbusStateInitialising: ++ case XenbusStateClosing: ++ case XenbusStateClosed: ++ default: ++ /* The backend is in a bad state */ ++ rc = ERROR_FAIL; ++ goto out; ++ case XenbusStateInitialised: ++ case XenbusStateReconfiguring: ++ case XenbusStateReconfigured: ++ /* Backend is still busy, caller has to retry */ ++ rc = ERROR_NOT_READY; ++ goto out; ++ case XenbusStateInitWait: ++ /* The frontend did not connect yet */ ++ be_wait = XenbusStateInitWait; ++ do_reconfigure = false; ++ break; ++ case XenbusStateConnected: ++ /* The backend can handle reconfigure */ ++ be_wait = XenbusStateConnected; ++ flexarray_append_pair(back, "state", GCSPRINTF("%d", XenbusStateReconfiguring)); ++ do_reconfigure = true; ++ break; ++ } ++ ++ /* Append new vscsidev or skip existing */ ++ for (i = 0; i < vscsictrl->num_vscsidevs; i++) { ++ unsigned int nb = 0; ++ v = vscsictrl->vscsidevs + i; ++ dev_path = GCSPRINTF("%s/vscsi-devs/dev-%u", be_path, v->vscsidev_id); ++ if (libxl__xs_directory(gc, XBT_NULL, dev_path, &nb)) { ++ /* FIXME Sanity check */ ++ LOG(DEBUG, "%s exists already with %u entries", dev_path, nb); ++ continue; ++ } ++ rc = vscsidev_backend_add(gc, v, back); ++ if (rc) goto out; ++ } ++ ++ if (aodev->update_json) { ++ rc = libxl__set_domain_configuration(gc, aodev->dev->domid, d_config); ++ if (rc) goto out; ++ } ++ ++ libxl__xs_writev(gc, t, be_path, libxl__xs_kvs_of_flexarray(gc, back)); ++ ++ rc = libxl__xs_transaction_commit(gc, &t); ++ if (!rc) break; ++ if (rc < 0) goto out; ++ } ++ ++ if (do_reconfigure) { ++ rc = libxl__ev_devstate_wait(ao, &aodev->backend_ds, ++ vscsictrl_do_reconfigure_add_cb, ++ state_path, be_wait, ++ LIBXL_INIT_TIMEOUT * 1000); ++ if (rc) goto out; ++ } ++ return; ++ ++out: ++ libxl__xs_transaction_abort(gc, &t); ++ aodev->rc = rc; ++ aodev->callback(egc, aodev); ++} ++ ++static int vscsictrl_next_vscsidev_id(libxl__gc *gc, ++ const char *libxl_path, ++ libxl_devid *vscsidev_id) ++{ ++ const char *val; ++ xs_transaction_t t = XBT_NULL; ++ unsigned int id; ++ int rc; ++ ++ for (;;) { ++ rc = libxl__xs_transaction_start(gc, &t); ++ if (rc) goto out; ++ ++ val = libxl__xs_read(gc, t, libxl_path); ++ id = val ? strtoul(val, NULL, 10) : 0; ++ ++ LOG(DEBUG, "%s = %s vscsidev_id %u", libxl_path, val, id); ++ ++ val = GCSPRINTF("%u", id + 1); ++ rc = libxl__xs_write_checked(gc, t, libxl_path, val); ++ if (rc) goto out; ++ ++ rc = libxl__xs_transaction_commit(gc, &t); ++ if (!rc) break; ++ if (rc < 0) goto out; ++ } ++ ++ *vscsidev_id = id; ++ rc = 0; ++ ++out: ++ libxl__xs_transaction_abort(gc, &t); ++ return rc; ++} ++ ++static int vscsictrl_assign_vscsidev_ids(libxl__gc *gc, ++ uint32_t domid, ++ libxl_device_vscsictrl *vscsictrl) ++{ ++ libxl_device_vscsidev *dev; ++ libxl_devid vscsidev_id; ++ const char *libxl_path; ++ int rc, i; ++ ++ libxl_path = GCSPRINTF("%s/vscsi/%u/next_vscsidev_id", ++ libxl__xs_libxl_path(gc, domid), ++ vscsictrl->devid); ++ for (i = 0; i < vscsictrl->num_vscsidevs; i++) { ++ dev = &vscsictrl->vscsidevs[i]; ++ if (dev->vscsidev_id >= 0) ++ continue; ++ rc = vscsictrl_next_vscsidev_id(gc, libxl_path, &vscsidev_id); ++ if (rc) { ++ LOG(ERROR, "failed to assign vscsidev_id to %s for %s", ++ libxl_path, dev->pdev.p_devname); ++ goto out; ++ } ++ dev->vscsidev_id = vscsidev_id; ++ } ++ ++ rc = 0; ++out: ++ return rc; ++} ++ ++static void vscsictrl_update_json(libxl__egc *egc, ++ libxl__ao_device *aodev, ++ libxl_device_vscsictrl *vscsictrl, ++ vscsictrl_add fn) ++{ ++ STATE_AO_GC(aodev->ao); ++ int rc; ++ uint32_t domid = aodev->dev->domid; ++ libxl_device_vscsictrl vscsictrl_saved; ++ libxl_domain_config d_config; ++ libxl__domain_userdata_lock *lock = NULL; ++ ++ libxl_domain_config_init(&d_config); ++ libxl_device_vscsictrl_init(&vscsictrl_saved); ++ ++ libxl_device_vscsictrl_copy(CTX, &vscsictrl_saved, vscsictrl); ++ ++ rc = vscsictrl_assign_vscsidev_ids(gc, domid, &vscsictrl_saved); ++ if (rc) goto out; ++ ++ if (aodev->update_json) { ++ lock = libxl__lock_domain_userdata(gc, domid); ++ if (!lock) { ++ rc = ERROR_LOCK_FAIL; ++ goto out; ++ } ++ ++ rc = libxl__get_domain_configuration(gc, domid, &d_config); ++ if (rc) goto out; ++ ++ /* Replace or append the copy to the domain config */ ++ device_add_domain_config(gc, &d_config, &libxl__vscsictrl_devtype, ++ &vscsictrl_saved); ++ } ++ ++ fn(egc, aodev, &vscsictrl_saved, &d_config); ++ ++out: ++ if (lock) libxl__unlock_domain_userdata(lock); ++ libxl_device_vscsictrl_dispose(&vscsictrl_saved); ++ libxl_domain_config_dispose(&d_config); ++ if (rc) { ++ aodev->rc = rc; ++ aodev->callback(egc, aodev); ++ } ++} ++ ++static void vscsictrl__reconfigure_add(libxl__egc *egc, ++ uint32_t domid, ++ libxl_device_vscsictrl *vscsictrl, ++ libxl__ao_device *aodev) ++{ ++ STATE_AO_GC(aodev->ao); ++ libxl__device *device; ++ vscsictrl_add fn; ++ int rc; ++ ++ GCNEW(device); ++ rc = libxl__device_from_vscsictrl(gc, domid, vscsictrl, device); ++ if (rc) goto out; ++ aodev->dev = device; ++ ++ fn = vscsictrl_do_reconfigure_add; ++ vscsictrl_update_json(egc, aodev, vscsictrl, fn); ++ return; ++ ++out: ++ aodev->rc = rc; ++ aodev->callback(egc, aodev); ++} ++ ++static int vscsictrl_reconfigure_add(libxl_ctx *ctx, ++ uint32_t domid, ++ libxl_device_vscsictrl *vscsictrl, ++ const libxl_asyncop_how *ao_how) ++{ ++ AO_CREATE(ctx, domid, ao_how); ++ libxl__ao_device *aodev; ++ ++ GCNEW(aodev); ++ libxl__prepare_ao_device(ao, aodev); ++ aodev->action = LIBXL__DEVICE_ACTION_ADD; ++ aodev->callback = vscsi_aodev_complete; ++ aodev->update_json = true; ++ vscsictrl__reconfigure_add(egc, domid, vscsictrl, aodev); ++ ++ return AO_INPROGRESS; ++} ++ ++static LIBXL_DEFINE_UPDATE_DEVID(vscsictrl) ++ ++static int libxl__device_vscsictrl_setdefault(libxl__gc *gc, uint32_t domid, ++ libxl_device_vscsictrl *vscsictrl, bool hotplug) ++{ ++ return 0; ++} ++ ++static void libxl__device_vscsictrl_add(libxl__egc *egc, uint32_t domid, ++ libxl_device_vscsictrl *vscsictrl, ++ libxl__ao_device *aodev) ++{ ++ STATE_AO_GC(aodev->ao); ++ libxl__device *device; ++ vscsictrl_add fn; ++ int rc; ++ ++ if (vscsictrl->devid == -1) { ++ if ((vscsictrl->devid = libxl__device_nextid(gc, domid, LIBXL__DEVICE_KIND_VSCSI)) < 0) { ++ rc = ERROR_FAIL; ++ goto out; ++ } ++ } ++ ++ GCNEW(device); ++ rc = libxl__device_from_vscsictrl(gc, domid, vscsictrl, device); ++ if (rc) goto out; ++ aodev->dev = device; ++ ++ fn = vscsictrl_new_backend; ++ vscsictrl_update_json(egc, aodev, vscsictrl, fn); ++ return; ++ ++out: ++ aodev->rc = rc; ++ aodev->callback(egc, aodev); ++} ++ ++int libxl_device_vscsictrl_remove(libxl_ctx *ctx, uint32_t domid, ++ libxl_device_vscsictrl *vscsictrl, ++ const libxl_asyncop_how *ao_how) ++{ ++ return vscsictrl_remove(ctx, domid, vscsictrl, ao_how, 0); ++} ++ ++int libxl_device_vscsictrl_destroy(libxl_ctx *ctx, uint32_t domid, ++ libxl_device_vscsictrl *vscsictrl, ++ const libxl_asyncop_how *ao_how) ++{ ++ return vscsictrl_remove(ctx, domid, vscsictrl, ao_how, 1); ++} ++ ++libxl_device_vscsictrl *libxl_device_vscsictrl_list(libxl_ctx *ctx, ++ uint32_t domid, ++ int *num) ++{ ++ GC_INIT(ctx); ++ libxl_device_vscsictrl *ctrls = NULL; ++ int rc, num_ctrls = 0; ++ ++ *num = 0; ++ ++ rc = vscsi_collect_ctrls(gc, domid, &ctrls, &num_ctrls); ++ if (rc == 0) ++ *num = num_ctrls; ++ ++ GC_FREE; ++ return ctrls; ++} ++ ++int libxl_device_vscsictrl_getinfo(libxl_ctx *ctx, uint32_t domid, ++ libxl_device_vscsictrl *vscsictrl, ++ libxl_device_vscsidev *vscsidev, ++ libxl_vscsiinfo *vscsiinfo) ++{ ++ GC_INIT(ctx); ++ char *dompath, *vscsipath; ++ char *val; ++ int rc = ERROR_FAIL; ++ ++ libxl_vscsiinfo_init(vscsiinfo); ++ dompath = libxl__xs_get_dompath(gc, domid); ++ vscsiinfo->devid = vscsictrl->devid; ++ vscsiinfo->vscsidev_id = vscsidev->vscsidev_id; ++ libxl_vscsi_pdev_copy(ctx, &vscsiinfo->pdev, &vscsidev->pdev); ++ libxl_vscsi_hctl_copy(ctx, &vscsiinfo->vdev, &vscsidev->vdev); ++ ++ vscsipath = GCSPRINTF("%s/device/vscsi/%d", dompath, vscsiinfo->devid); ++ vscsiinfo->backend = xs_read(ctx->xsh, XBT_NULL, ++ GCSPRINTF("%s/backend", vscsipath), NULL); ++ if (!vscsiinfo->backend) ++ goto out; ++ if(!libxl__xs_read(gc, XBT_NULL, vscsiinfo->backend)) ++ goto out; ++ ++ val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/backend-id", vscsipath)); ++ vscsiinfo->backend_id = val ? strtoul(val, NULL, 10) : -1; ++ ++ val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/state", vscsipath)); ++ vscsiinfo->vscsictrl_state = val ? strtoul(val, NULL, 10) : -1; ++ ++ val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/" LIBXL_CTRL_INDEX, vscsipath)); ++ vscsiinfo->idx = val ? strtoul(val, NULL, 10) : -1; ++ ++ vscsiinfo->frontend = xs_read(ctx->xsh, XBT_NULL, ++ GCSPRINTF("%s/frontend", vscsiinfo->backend), NULL); ++ ++ val = libxl__xs_read(gc, XBT_NULL, ++ GCSPRINTF("%s/frontend-id", vscsiinfo->backend)); ++ vscsiinfo->frontend_id = val ? strtoul(val, NULL, 10) : -1; ++ ++ val = libxl__xs_read(gc, XBT_NULL, ++ GCSPRINTF("%s/vscsi-devs/dev-%u/state", ++ vscsiinfo->backend, vscsidev->vscsidev_id)); ++ vscsiinfo->vscsidev_state = val ? strtoul(val, NULL, 10) : -1; ++ ++ rc = 0; ++out: ++ GC_FREE; ++ return rc; ++} ++ ++int libxl_device_vscsidev_add(libxl_ctx *ctx, uint32_t domid, ++ libxl_device_vscsidev *vscsidev, ++ const libxl_asyncop_how *ao_how) ++{ ++ GC_INIT(ctx); ++ libxl_device_vscsictrl *vc, *ctrls = NULL; ++ libxl_device_vscsidev *vd; ++ int c, d, rc, num_ctrls = 0; ++ int duplicate = 0; ++ ++ rc = vscsi_collect_ctrls(gc, domid, &ctrls, &num_ctrls); ++ if (rc != 0) goto out; ++ ++ ++ for (c = 0; c < num_ctrls; ++c) { ++ vc = ctrls + c; ++ if (vc->idx != vscsidev->vdev.hst) ++ continue; ++ ++ for (d = 0; d < vc->num_vscsidevs; d++) { ++ vd = vc->vscsidevs + d; ++ if (vd->vdev.hst == vscsidev->vdev.hst && ++ vd->vdev.chn == vscsidev->vdev.chn && ++ vd->vdev.tgt == vscsidev->vdev.tgt && ++ vd->vdev.lun == vscsidev->vdev.lun) { ++ unsigned long long lun = vd->vdev.lun; ++ LOG(ERROR, "vdev '%u:%u:%u:%llu' is already used.\n", ++ vd->vdev.hst, vd->vdev.chn, vd->vdev.tgt, lun); ++ rc = ERROR_DEVICE_EXISTS; ++ duplicate = 1; ++ break; ++ } ++ } ++ ++ if (!duplicate) { ++ /* Append vscsidev to this vscsictrl, trigger reconfigure */ ++ libxl_device_vscsictrl_append_vscsidev(ctx, vc, vscsidev); ++ rc = vscsictrl_reconfigure_add(ctx, domid, vc, ao_how); ++ } ++ break; ++ } ++ ++ for (c = 0; c < num_ctrls; ++c) ++ libxl_device_vscsictrl_dispose(ctrls + c); ++ free(ctrls); ++ ++out: ++ GC_FREE; ++ return rc; ++} ++ ++int libxl_device_vscsidev_remove(libxl_ctx *ctx, uint32_t domid, ++ libxl_device_vscsidev *vscsidev, ++ const libxl_asyncop_how *ao_how) ++{ ++ GC_INIT(ctx); ++ libxl_device_vscsictrl *vc, *ctrls = NULL; ++ libxl_device_vscsidev *vd; ++ int c, d, rc, num_ctrls = 0; ++ int found = 0, idx; ++ int head, tail, i; ++ ++ rc = vscsi_collect_ctrls(gc, domid, &ctrls, &num_ctrls); ++ if (rc != 0) goto out; ++ ++ ++ for (c = 0; c < num_ctrls; ++c) { ++ vc = ctrls + c; ++ ++ for (d = 0; d < vc->num_vscsidevs; d++) { ++ vd = vc->vscsidevs + d; ++ if (vd->vdev.hst == vscsidev->vdev.hst && ++ vd->vdev.chn == vscsidev->vdev.chn && ++ vd->vdev.tgt == vscsidev->vdev.tgt && ++ vd->vdev.lun == vscsidev->vdev.lun) { ++ found = 1; ++ idx = d; ++ break; ++ } ++ } ++ ++ if (found) { ++ if (vc->num_vscsidevs > 1) { ++ /* Prepare vscsictrl, leave only desired vscsidev */ ++ head = idx; ++ tail = vc->num_vscsidevs - idx - 1; ++ for (i = 0; i < head; i++) ++ libxl_device_vscsictrl_remove_vscsidev(ctx, vc, 0); ++ for (i = 0; i < tail; i++) ++ libxl_device_vscsictrl_remove_vscsidev(ctx, vc, 1); ++ ++ /* Remove single vscsidev connected to this vscsictrl */ ++ rc = vscsidev_remove(ctx, domid, vc, ao_how); ++ } else { ++ /* Wipe entire vscsictrl */; ++ rc = vscsictrl_remove(ctx, domid, vc, ao_how, 0); ++ } ++ break; ++ } ++ } ++ ++ for (c = 0; c < num_ctrls; ++c) ++ libxl_device_vscsictrl_dispose(ctrls + c); ++ free(ctrls); ++ ++ if (!found) ++ rc = ERROR_NOTFOUND; ++ ++out: ++ GC_FREE; ++ return rc; ++} ++ ++void libxl_device_vscsictrl_append_vscsidev(libxl_ctx *ctx, ++ libxl_device_vscsictrl *ctrl, ++ libxl_device_vscsidev *dev) ++{ ++ GC_INIT(ctx); ++ ctrl->vscsidevs = libxl__realloc(NOGC, ctrl->vscsidevs, sizeof(*dev) * (ctrl->num_vscsidevs + 1)); ++ libxl_device_vscsidev_init(ctrl->vscsidevs + ctrl->num_vscsidevs); ++ libxl_device_vscsidev_copy(CTX, ctrl->vscsidevs + ctrl->num_vscsidevs, dev); ++ ctrl->num_vscsidevs++; ++ GC_FREE; ++} ++ ++void libxl_device_vscsictrl_remove_vscsidev(libxl_ctx *ctx, ++ libxl_device_vscsictrl *ctrl, ++ unsigned int idx) ++{ ++ GC_INIT(ctx); ++ if (idx >= ctrl->num_vscsidevs) ++ return; ++ libxl_device_vscsidev_dispose(&ctrl->vscsidevs[idx]); ++ if (ctrl->num_vscsidevs > idx + 1) ++ memmove(&ctrl->vscsidevs[idx], ++ &ctrl->vscsidevs[idx + 1], ++ (ctrl->num_vscsidevs - idx - 1) * sizeof(*ctrl->vscsidevs)); ++ ctrl->vscsidevs = libxl__realloc(NOGC, ctrl->vscsidevs, sizeof(*ctrl->vscsidevs) * (ctrl->num_vscsidevs - 1)); ++ ctrl->num_vscsidevs--; ++ GC_FREE; ++} ++ ++static int libxl_device_vscsictrl_compare(libxl_device_vscsictrl *d1, ++ libxl_device_vscsictrl *d2) ++{ ++ return COMPARE_DEVID(d1, d2); ++} ++ ++LIBXL_DEFINE_DEVICE_ADD(vscsictrl) ++static LIBXL_DEFINE_DEVICES_ADD(vscsictrl) ++//LIBXL_DEFINE_DEVICE_REMOVE(vscsictrl) ++DEFINE_DEVICE_TYPE_STRUCT(vscsictrl, VSCSI, ); ++ ++/* ++ * Local variables: ++ * mode: C ++ * c-basic-offset: 4 ++ * indent-tabs-mode: nil ++ * End: ++ */ +Index: xen-4.13.0-testing/tools/libxl/libxlu_vscsi.c +=================================================================== +--- /dev/null ++++ xen-4.13.0-testing/tools/libxl/libxlu_vscsi.c +@@ -0,0 +1,668 @@ ++/* ++ * libxlu_vscsi.c - xl configuration file parsing: setup and helper functions ++ * ++ * Copyright (C) 2016 SUSE Linux GmbH ++ * Author Olaf Hering <olaf@aepfle.de> ++ * Author Ondřej Holeček <aaannz@gmail.com> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU Lesser General Public License as published ++ * by the Free Software Foundation; version 2.1 only. with the special ++ * exception on linking described in file LICENSE. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU Lesser General Public License for more details. ++ */ ++#include "libxl_osdeps.h" /* must come before any other headers */ ++#include <unistd.h> ++#include <ctype.h> ++#include <dirent.h> ++#include <sys/stat.h> ++#include <sys/sysmacros.h> ++#include <fcntl.h> ++#include "libxlu_internal.h" ++ ++#ifdef __linux__ ++#define LOG(_c, _x, _a...) \ ++ if((_c) && (_c)->report) fprintf((_c)->report, "%s(%u): " _x "\n", __func__, __LINE__, ##_a) ++ ++#define XLU_SYSFS_TARGET_PVSCSI "/sys/kernel/config/target/xen-pvscsi" ++#define XLU_WWN_LEN 16 ++struct xlu__vscsi_target { ++ XLU_Config *cfg; ++ libxl_vscsi_hctl *pdev_hctl; ++ libxl_vscsi_pdev *pdev; ++ char path[PATH_MAX]; ++ char udev_path[PATH_MAX]; ++ char wwn[XLU_WWN_LEN + 1]; ++ unsigned long long lun; ++}; ++ ++static int xlu__vscsi_parse_hctl(char *str, libxl_vscsi_hctl *hctl) ++{ ++ unsigned int hst, chn, tgt; ++ unsigned long long lun; ++ ++ if (sscanf(str, "%u:%u:%u:%llu", &hst, &chn, &tgt, &lun) != 4) ++ return ERROR_INVAL; ++ ++ hctl->hst = hst; ++ hctl->chn = chn; ++ hctl->tgt = tgt; ++ hctl->lun = lun; ++ return 0; ++} ++ ++static char *xlu__vscsi_trim_string(char *s) ++{ ++ size_t len; ++ ++ while (isspace(*s)) ++ s++; ++ len = strlen(s); ++ while (len-- > 1 && isspace(s[len])) ++ s[len] = '\0'; ++ return s; ++} ++ ++ ++static int xlu__vscsi_parse_dev(XLU_Config *cfg, char *pdev, libxl_vscsi_hctl *hctl) ++{ ++ struct stat dentry; ++ char *sysfs = NULL; ++ const char *type; ++ int rc, found = 0; ++ DIR *dirp; ++ struct dirent *de; ++ ++ /* stat pdev to get device's sysfs entry */ ++ if (stat (pdev, &dentry) < 0) { ++ LOG(cfg, "%s, device node not found", pdev); ++ rc = ERROR_INVAL; ++ goto out; ++ } ++ ++ if (S_ISBLK (dentry.st_mode)) { ++ type = "block"; ++ } else if (S_ISCHR (dentry.st_mode)) { ++ type = "char"; ++ } else { ++ LOG(cfg, "%s, device node not a block or char device", pdev); ++ rc = ERROR_INVAL; ++ goto out; ++ } ++ ++ /* /sys/dev/type/major:minor symlink added in 2.6.27 */ ++ if (asprintf(&sysfs, "/sys/dev/%s/%u:%u/device/scsi_device", type, ++ major(dentry.st_rdev), minor(dentry.st_rdev)) < 0) { ++ sysfs = NULL; ++ rc = ERROR_NOMEM; ++ goto out; ++ } ++ ++ dirp = opendir(sysfs); ++ if (!dirp) { ++ LOG(cfg, "%s, no major:minor link in sysfs", pdev); ++ rc = ERROR_INVAL; ++ goto out; ++ } ++ ++ while ((de = readdir(dirp))) { ++ if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) ++ continue; ++ ++ if (xlu__vscsi_parse_hctl(de->d_name, hctl)) ++ continue; ++ ++ found = 1; ++ break; ++ } ++ closedir(dirp); ++ ++ if (!found) { ++ LOG(cfg, "%s, no h:c:t:l link in sysfs", pdev); ++ rc = ERROR_INVAL; ++ goto out; ++ } ++ ++ rc = 0; ++out: ++ free(sysfs); ++ return rc; ++} ++ ++static bool xlu__vscsi_compare_hctl(libxl_vscsi_hctl *a, libxl_vscsi_hctl *b) ++{ ++ if (a->hst == b->hst && ++ a->chn == b->chn && ++ a->tgt == b->tgt && ++ a->lun == b->lun) ++ return true; ++ return false; ++} ++ ++/* Finally at ++ * /sys/kernel/config/target/xen-pvscsi/naa.<wwn>/tpgt_1/lun/lun_0/<X>/udev_path ++ */ ++static bool xlu__vscsi_compare_udev(struct xlu__vscsi_target *tgt) ++{ ++ bool ret; ++ int fd; ++ ssize_t read_sz; ++ libxl_vscsi_hctl udev_hctl; ++ ++ libxl_vscsi_hctl_init(&udev_hctl); ++ ++ fd = open(tgt->path, O_RDONLY); ++ if (fd < 0){ ++ ret = false; ++ goto out; ++ } ++ read_sz = read(fd, &tgt->udev_path, sizeof(tgt->udev_path) - 1); ++ close(fd); ++ ++ if (read_sz <= 0 || read_sz > sizeof(tgt->udev_path) - 1) { ++ ret = false; ++ goto out; ++ } ++ tgt->udev_path[read_sz] = '\0'; ++ read_sz--; ++ if (tgt->udev_path[read_sz] == '\n') ++ tgt->udev_path[read_sz] = '\0'; ++ ++ if (xlu__vscsi_parse_dev(tgt->cfg, tgt->udev_path, &udev_hctl)) { ++ ret = false; ++ goto out; ++ } ++ ret = xlu__vscsi_compare_hctl(tgt->pdev_hctl, &udev_hctl); ++ ++out: ++ libxl_vscsi_hctl_dispose(&udev_hctl); ++ return ret; ++} ++ ++/* /sys/kernel/config/target/xen-pvscsi/naa.<wwn>/tpgt_1/lun/lun_0/<X>/udev_path */ ++static bool xlu__vscsi_walk_dir_lun(struct xlu__vscsi_target *tgt) ++{ ++ bool found; ++ DIR *dirp; ++ struct dirent *de; ++ size_t path_len = strlen(tgt->path); ++ char *subdir = &tgt->path[path_len]; ++ ++ dirp = opendir(tgt->path); ++ if (!dirp) ++ return false; ++ ++ found = false; ++ while ((de = readdir(dirp))) { ++ if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) ++ continue; ++ ++ snprintf(subdir, sizeof(tgt->path) - path_len, "/%s/udev_path", de->d_name); ++ ++ found = xlu__vscsi_compare_udev(tgt); ++ if (found) ++ break; ++ ++ *subdir = '\0'; ++ } ++ closedir(dirp); ++ return found; ++} ++ ++/* /sys/kernel/config/target/xen-pvscsi/naa.<wwn>/tpgt_1/lun/lun_0 */ ++static bool xlu__vscsi_walk_dir_luns(struct xlu__vscsi_target *tgt) ++{ ++ bool found; ++ DIR *dirp; ++ struct dirent *de; ++ size_t path_len = strlen(tgt->path); ++ char *subdir = &tgt->path[path_len]; ++ ++ dirp = opendir(tgt->path); ++ if (!dirp) ++ return false; ++ ++ found = false; ++ while ((de = readdir(dirp))) { ++ if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) ++ continue; ++ ++ if (sscanf(de->d_name, "lun_%llu", &tgt->lun) != 1) ++ continue; ++ ++ ++ snprintf(subdir, sizeof(tgt->path) - path_len, "/%s", de->d_name); ++ ++ found = xlu__vscsi_walk_dir_lun(tgt); ++ if (found) ++ break; ++ ++ *subdir = '\0'; ++ } ++ closedir(dirp); ++ return found; ++} ++ ++/* /sys/kernel/config/target/xen-pvscsi/naa.<wwn>/tpgt_1 */ ++static bool xlu__vscsi_walk_dir_naa(struct xlu__vscsi_target *tgt) ++{ ++ bool found; ++ DIR *dirp; ++ struct dirent *de; ++ size_t path_len = strlen(tgt->path); ++ char *subdir = &tgt->path[path_len]; ++ unsigned int tpgt; ++ ++ dirp = opendir(tgt->path); ++ if (!dirp) ++ return false; ++ ++ found = false; ++ while ((de = readdir(dirp))) { ++ if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) ++ continue; ++ ++ if (sscanf(de->d_name, "tpgt_%u", &tpgt) != 1) ++ continue; ++ ++ snprintf(subdir, sizeof(tgt->path) - path_len, "/%s/lun", de->d_name); ++ ++ found = xlu__vscsi_walk_dir_luns(tgt); ++ if (found) ++ break; ++ ++ *subdir = '\0'; ++ } ++ closedir(dirp); ++ return found; ++} ++ ++/* /sys/kernel/config/target/xen-pvscsi/naa.<wwn> */ ++static bool xlu__vscsi_find_target_wwn(struct xlu__vscsi_target *tgt) ++{ ++ bool found; ++ DIR *dirp; ++ struct dirent *de; ++ size_t path_len = strlen(tgt->path); ++ char *subdir = &tgt->path[path_len]; ++ ++ dirp = opendir(tgt->path); ++ if (!dirp) ++ return false; ++ ++ found = false; ++ while ((de = readdir(dirp))) { ++ if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) ++ continue; ++ ++ if (sscanf(de->d_name, "naa.%16[0-9a-fA-F]", tgt->wwn) != 1) ++ continue; ++ ++ snprintf(subdir, sizeof(tgt->path) - path_len, "/%s", de->d_name); ++ ++ found = xlu__vscsi_walk_dir_naa(tgt); ++ if (found) ++ break; ++ ++ *subdir = '\0'; ++ } ++ closedir(dirp); ++ return found; ++} ++ ++/* ++ * Convert pdev from config string into pdev property for backend, ++ * which is either h:c:t:l for xenlinux or naa.wwn:lun for pvops ++ */ ++static int xlu__vscsi_dev_to_pdev(XLU_Config *cfg, libxl_ctx *ctx, char *str, ++ libxl_vscsi_hctl *pdev_hctl, ++ libxl_vscsi_pdev *pdev) ++{ ++ int rc = ERROR_INVAL; ++ struct xlu__vscsi_target *tgt; ++ static const char xen_pvscsi[] = XLU_SYSFS_TARGET_PVSCSI; ++ ++ /* First get hctl representation of config item */ ++ if (xlu__vscsi_parse_dev(cfg, str, pdev_hctl)) ++ goto out; ++ ++ /* Check if a SCSI target item exists for the config item */ ++ if (access(xen_pvscsi, F_OK) == 0) { ++ tgt = calloc(1, sizeof(*tgt)); ++ if (!tgt) { ++ rc = ERROR_NOMEM; ++ goto out; ++ } ++ tgt->cfg = cfg; ++ tgt->pdev_hctl = pdev_hctl; ++ tgt->pdev = pdev; ++ snprintf(tgt->path, sizeof(tgt->path), "%s", xen_pvscsi); ++ if (xlu__vscsi_find_target_wwn(tgt) == true) { ++ LOG(cfg, "'%s' maps to '%s(%s)'", str, tgt->path, tgt->udev_path); ++ libxl_vscsi_pdev_init_type(pdev, LIBXL_VSCSI_PDEV_TYPE_WWN); ++ if (asprintf(&pdev->u.wwn.m, "naa.%s:%llu", tgt->wwn, tgt->lun) < 0) { ++ rc = ERROR_NOMEM; ++ goto out; ++ } ++ } ++ free(tgt); ++ } else { ++ /* Assume xenlinux backend */ ++ libxl_vscsi_pdev_init_type(pdev, LIBXL_VSCSI_PDEV_TYPE_HCTL); ++ libxl_vscsi_hctl_copy(ctx, &pdev->u.hctl.m, pdev_hctl); ++ } ++ rc = 0; ++ ++out: ++ return rc; ++} ++ ++/* WWN as understood by pvops */ ++static int xlu__vscsi_wwn_to_pdev(XLU_Config *cfg, char *str, libxl_vscsi_pdev *pdev) ++{ ++ int rc = ERROR_INVAL; ++ unsigned long long lun; ++ char wwn[XLU_WWN_LEN + 1]; ++ ++ memset(wwn, 0, sizeof(wwn)); ++ if (sscanf(str, "naa.%16[0-9a-fA-F]:%llu", wwn, &lun) == 2) { ++ libxl_vscsi_pdev_init_type(pdev, LIBXL_VSCSI_PDEV_TYPE_WWN); ++ pdev->u.wwn.m = strdup(str); ++ rc = pdev->u.wwn.m ? 0 : ERROR_NOMEM; ++ } ++ return rc; ++} ++ ++static int xlu__vscsi_parse_pdev(XLU_Config *cfg, libxl_ctx *ctx, char *str, ++ libxl_vscsi_pdev *pdev) ++{ ++ int rc = ERROR_INVAL; ++ libxl_vscsi_hctl pdev_hctl; ++ ++ libxl_vscsi_hctl_init(&pdev_hctl); ++ if (strncmp(str, "/dev/", 5) == 0) { ++ rc = xlu__vscsi_dev_to_pdev(cfg, ctx, str, &pdev_hctl, pdev); ++ } else if (strncmp(str, "naa.", 4) == 0) { ++ rc = xlu__vscsi_wwn_to_pdev(cfg, str, pdev); ++ } else if (xlu__vscsi_parse_hctl(str, &pdev_hctl) == 0) { ++ /* Either xenlinux, or pvops with properly configured alias in sysfs */ ++ libxl_vscsi_pdev_init_type(pdev, LIBXL_VSCSI_PDEV_TYPE_HCTL); ++ libxl_vscsi_hctl_copy(ctx, &pdev->u.hctl.m, &pdev_hctl); ++ rc = 0; ++ } ++ ++ if (rc == 0) { ++ pdev->p_devname = strdup(str); ++ if (!pdev->p_devname) ++ rc = ERROR_NOMEM; ++ } ++ ++ libxl_vscsi_hctl_dispose(&pdev_hctl); ++ return rc; ++} ++ ++int xlu_vscsi_parse(XLU_Config *cfg, libxl_ctx *ctx, const char *str, ++ libxl_device_vscsictrl *new_ctrl, ++ libxl_device_vscsidev *new_dev) ++{ ++ int rc; ++ char *tmp, *pdev, *vdev, *fhost; ++ ++ tmp = strdup(str); ++ if (!tmp) { ++ rc = ERROR_NOMEM; ++ goto out; ++ } ++ ++ pdev = strtok(tmp, ","); ++ vdev = strtok(NULL, ","); ++ fhost = strtok(NULL, ","); ++ if (!(pdev && vdev)) { ++ LOG(cfg, "invalid devspec: '%s'\n", str); ++ rc = ERROR_INVAL; ++ goto out; ++ } ++ ++ pdev = xlu__vscsi_trim_string(pdev); ++ vdev = xlu__vscsi_trim_string(vdev); ++ ++ rc = xlu__vscsi_parse_pdev(cfg, ctx, pdev, &new_dev->pdev); ++ if (rc) { ++ LOG(cfg, "failed to parse %s, rc == %d", pdev, rc); ++ goto out; ++ } ++ ++ if (xlu__vscsi_parse_hctl(vdev, &new_dev->vdev)) { ++ LOG(cfg, "invalid '%s', expecting hst:chn:tgt:lun", vdev); ++ rc = ERROR_INVAL; ++ goto out; ++ } ++ ++ new_ctrl->idx = new_dev->vdev.hst; ++ ++ if (fhost) { ++ fhost = xlu__vscsi_trim_string(fhost); ++ if (strcmp(fhost, "feature-host") == 0) { ++ libxl_defbool_set(&new_ctrl->scsi_raw_cmds, true); ++ } else { ++ LOG(cfg, "invalid option '%s', expecting %s", fhost, "feature-host"); ++ rc = ERROR_INVAL; ++ goto out; ++ } ++ } else ++ libxl_defbool_set(&new_ctrl->scsi_raw_cmds, false); ++ rc = 0; ++ ++out: ++ free(tmp); ++ return rc; ++} ++ ++int xlu_vscsi_get_ctrl(XLU_Config *cfg, libxl_ctx *ctx, uint32_t domid, ++ const char *str, ++ libxl_device_vscsictrl *ctrl, ++ libxl_device_vscsidev *dev, ++ libxl_device_vscsictrl *existing, ++ bool *found_existing) ++{ ++ libxl_device_vscsictrl *vscsictrls = NULL, *tmp; ++ int rc, found_ctrl = -1, i; ++ int num_ctrls; ++ ++ ++ rc = xlu_vscsi_parse(cfg, ctx, str, ctrl, dev); ++ if (rc) ++ goto out; ++ ++ /* Look for existing vscsictrl for given domain */ ++ vscsictrls = libxl_device_vscsictrl_list(ctx, domid, &num_ctrls); ++ if (vscsictrls) { ++ for (i = 0; i < num_ctrls; ++i) { ++ if (vscsictrls[i].idx == dev->vdev.hst) { ++ found_ctrl = i; ++ break; ++ } ++ } ++ } ++ ++ if (found_ctrl == -1) { ++ *found_existing = false; ++ } else { ++ *found_existing = true; ++ tmp = vscsictrls + found_ctrl; ++ ++ /* Check if the vdev address is already taken */ ++ for (i = 0; i < tmp->num_vscsidevs; ++i) { ++ if (tmp->vscsidevs[i].vdev.chn == dev->vdev.chn && ++ tmp->vscsidevs[i].vdev.tgt == dev->vdev.tgt && ++ tmp->vscsidevs[i].vdev.lun == dev->vdev.lun) { ++ unsigned long long lun = dev->vdev.lun; ++ LOG(cfg, "vdev '%u:%u:%u:%llu' is already used.\n", ++ dev->vdev.hst, dev->vdev.chn, dev->vdev.tgt, lun); ++ rc = ERROR_INVAL; ++ goto out; ++ } ++ } ++ ++ if (libxl_defbool_val(ctrl->scsi_raw_cmds) != ++ libxl_defbool_val(tmp->scsi_raw_cmds)) { ++ LOG(cfg, "different feature-host setting: " ++ "existing ctrl has it %s, new ctrl has it %s\n", ++ libxl_defbool_val(ctrl->scsi_raw_cmds) ? "set" : "unset", ++ libxl_defbool_val(tmp->scsi_raw_cmds) ? "set" : "unset"); ++ rc = ERROR_INVAL; ++ goto out; ++ } ++ ++ libxl_device_vscsictrl_copy(ctx, existing, tmp); ++ } ++ ++ rc = 0; ++ ++out: ++ if (vscsictrls) { ++ for (i = 0; i < num_ctrls; ++i) ++ libxl_device_vscsictrl_dispose(vscsictrls + i); ++ free(vscsictrls); ++ } ++ return rc; ++} ++ ++int xlu_vscsi_detach(XLU_Config *cfg, libxl_ctx *ctx, uint32_t domid, char *str) ++{ ++ libxl_device_vscsidev dev = { }; ++ libxl_device_vscsictrl ctrl = { }; ++ int rc; ++ char *tmp = NULL; ++ ++ libxl_device_vscsictrl_init(&ctrl); ++ libxl_device_vscsidev_init(&dev); ++ ++ /* Create a dummy cfg */ ++ if (asprintf(&tmp, "0:0:0:0,%s", str) < 0) { ++ LOG(cfg, "asprintf failed while removing %s from domid %u", str, domid); ++ rc = ERROR_FAIL; ++ goto out; ++ } ++ ++ rc = xlu_vscsi_parse(cfg, ctx, tmp, &ctrl, &dev); ++ if (rc) goto out; ++ ++ rc = libxl_device_vscsidev_remove(ctx, domid, &dev, NULL); ++ switch (rc) { ++ case ERROR_NOTFOUND: ++ LOG(cfg, "detach failed: %s does not exist in domid %u", str, domid); ++ break; ++ default: ++ break; ++ } ++ ++out: ++ free(tmp); ++ libxl_device_vscsidev_dispose(&dev); ++ libxl_device_vscsictrl_dispose(&ctrl); ++ return rc; ++} ++ ++int xlu_vscsi_config_add(XLU_Config *cfg, ++ libxl_ctx *ctx, ++ const char *str, ++ int *num_vscsis, ++ libxl_device_vscsictrl **vscsis) ++{ ++ int rc, i; ++ libxl_device_vscsidev dev = { }; ++ libxl_device_vscsictrl *tmp_ctrl, ctrl = { }; ++ bool ctrl_found = false; ++ ++ /* ++ * #1: parse the devspec and place it in temporary ctrl+dev part ++ * #2: find existing vscsictrl with number vdev.hst ++ * if found, append the vscsidev to this vscsictrl ++ * #3: otherwise, create new vscsictrl and append vscsidev ++ * Note: vdev.hst does not represent the index named "num_vscsis", ++ * it is a private index used just in the config file ++ */ ++ libxl_device_vscsictrl_init(&ctrl); ++ libxl_device_vscsidev_init(&dev); ++ ++ rc = xlu_vscsi_parse(cfg, ctx, str, &ctrl, &dev); ++ if (rc) ++ goto out; ++ ++ if (*num_vscsis) { ++ for (i = 0; i < *num_vscsis; i++) { ++ tmp_ctrl = *vscsis + i; ++ if (tmp_ctrl->idx == dev.vdev.hst) { ++ libxl_device_vscsictrl_append_vscsidev(ctx, tmp_ctrl, &dev); ++ ctrl_found = true; ++ break; ++ } ++ } ++ } ++ ++ if (!ctrl_found || !*num_vscsis) { ++ tmp_ctrl = realloc(*vscsis, sizeof(ctrl) * (*num_vscsis + 1)); ++ if (!tmp_ctrl) { ++ LOG(cfg, "realloc #%d failed", *num_vscsis + 1); ++ rc = ERROR_NOMEM; ++ goto out; ++ } ++ *vscsis = tmp_ctrl; ++ tmp_ctrl = *vscsis + *num_vscsis; ++ libxl_device_vscsictrl_init(tmp_ctrl); ++ ++ libxl_device_vscsictrl_copy(ctx, tmp_ctrl, &ctrl); ++ ++ libxl_device_vscsictrl_append_vscsidev(ctx, tmp_ctrl, &dev); ++ ++ (*num_vscsis)++; ++ } ++ ++ rc = 0; ++out: ++ libxl_device_vscsidev_dispose(&dev); ++ libxl_device_vscsictrl_dispose(&ctrl); ++ return rc; ++} ++#else /* ! __linux__ */ ++int xlu_vscsi_get_ctrl(XLU_Config *cfg, libxl_ctx *ctx, uint32_t domid, ++ const char *str, ++ libxl_device_vscsictrl *ctrl, ++ libxl_device_vscsidev *dev, ++ libxl_device_vscsictrl *existing, ++ bool *found_existing) ++{ ++ return ERROR_INVAL; ++} ++ ++int xlu_vscsi_parse(XLU_Config *cfg, ++ libxl_ctx *ctx, ++ const char *str, ++ libxl_device_vscsictrl *new_ctrl, ++ libxl_device_vscsidev *new_dev) ++{ ++ return ERROR_INVAL; ++} ++ ++int xlu_vscsi_detach(XLU_Config *cfg, ++ libxl_ctx *ctx, ++ uint32_t domid, ++ char *str) ++{ ++ return ERROR_INVAL; ++} ++ ++int xlu_vscsi_config_add(XLU_Config *cfg, ++ libxl_ctx *ctx, ++ const char *str, ++ int *num_vscsis, ++ libxl_device_vscsictrl **vscsis) ++{ ++ return ERROR_INVAL; ++} ++#endif +Index: xen-4.13.0-testing/tools/libxl/libxlutil.h +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxlutil.h ++++ xen-4.13.0-testing/tools/libxl/libxlutil.h +@@ -125,6 +125,25 @@ int xlu_rdm_parse(XLU_Config *cfg, libxl + int xlu_vif_parse_rate(XLU_Config *cfg, const char *rate, + libxl_device_nic *nic); + ++/* Fill ctrl/dev with device described in str (pdev,vdev[,options]) */ ++int xlu_vscsi_get_ctrl(XLU_Config *cfg, libxl_ctx *ctx, uint32_t domid, ++ const char *str, ++ libxl_device_vscsictrl *ctrl, ++ libxl_device_vscsidev *dev, ++ libxl_device_vscsictrl *existing, ++ bool *found_existing); ++/* Parse config string and fill provided vscsi ctrl and vscsi device */ ++int xlu_vscsi_parse(XLU_Config *cfg, libxl_ctx *ctx, const char *str, ++ libxl_device_vscsictrl *new_ctrl, ++ libxl_device_vscsidev *new_dev); ++/* Detach vscsi device described in config string (pdev,vdev[,options]) */ ++int xlu_vscsi_detach(XLU_Config *cfg, libxl_ctx *ctx, uint32_t domid, char *str); ++/* Add vscsi device described in config string (pdev,vdev[,options]) to d_config */ ++int xlu_vscsi_config_add(XLU_Config *cfg, ++ libxl_ctx *ctx, ++ const char *str, ++ int *num_vscsis, ++ libxl_device_vscsictrl **vscsis); + #endif /* LIBXLUTIL_H */ + + /* +Index: xen-4.13.0-testing/tools/xl/Makefile +=================================================================== +--- xen-4.13.0-testing.orig/tools/xl/Makefile ++++ xen-4.13.0-testing/tools/xl/Makefile +@@ -18,7 +18,7 @@ CFLAGS_XL += -Wshadow + XL_OBJS-$(CONFIG_X86) = xl_psr.o + XL_OBJS = xl.o xl_cmdtable.o xl_sxp.o xl_utils.o $(XL_OBJS-y) + XL_OBJS += xl_parse.o xl_cpupool.o xl_flask.o +-XL_OBJS += xl_vtpm.o xl_block.o xl_nic.o xl_usb.o ++XL_OBJS += xl_vtpm.o xl_vscsi.o xl_block.o xl_nic.o xl_usb.o + XL_OBJS += xl_sched.o xl_pci.o xl_vcpu.o xl_cdrom.o xl_mem.o + XL_OBJS += xl_info.o xl_console.o xl_misc.o + XL_OBJS += xl_vmcontrol.o xl_saverestore.o xl_migrate.o +Index: xen-4.13.0-testing/tools/xl/xl.h +=================================================================== +--- xen-4.13.0-testing.orig/tools/xl/xl.h ++++ xen-4.13.0-testing/tools/xl/xl.h +@@ -165,6 +165,9 @@ int main_channellist(int argc, char **ar + int main_blockattach(int argc, char **argv); + int main_blocklist(int argc, char **argv); + int main_blockdetach(int argc, char **argv); ++int main_vscsiattach(int argc, char **argv); ++int main_vscsilist(int argc, char **argv); ++int main_vscsidetach(int argc, char **argv); + int main_vtpmattach(int argc, char **argv); + int main_vtpmlist(int argc, char **argv); + int main_vtpmdetach(int argc, char **argv); +Index: xen-4.13.0-testing/tools/xl/xl_parse.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/xl/xl_parse.c ++++ xen-4.13.0-testing/tools/xl/xl_parse.c +@@ -1212,7 +1212,8 @@ void parse_config_data(const char *confi + long l, vcpus = 0; + XLU_Config *config; + XLU_ConfigList *cpus, *vbds, *nics, *pcis, *cvfbs, *cpuids, *vtpms, +- *usbctrls, *usbdevs, *p9devs, *vdispls, *pvcallsifs_devs; ++ *usbctrls, *usbdevs, *p9devs, *vdispls, *pvcallsifs_devs, ++ *vscsictrls; + XLU_ConfigList *channels, *ioports, *irqs, *iomem, *viridian, *dtdevs, + *mca_caps; + int num_ioports, num_irqs, num_iomem, num_cpus, num_viridian, num_mca_caps; +@@ -2045,6 +2046,17 @@ void parse_config_data(const char *confi + } + } + ++ if (!xlu_cfg_get_list(config, "vscsi", &vscsictrls, 0, 0)) { ++ int num_vscsi_items = 0; ++ d_config->num_vscsictrls = 0; ++ d_config->vscsictrls = NULL; ++ while ((buf = xlu_cfg_get_listitem (vscsictrls, num_vscsi_items)) != NULL) { ++ if (xlu_vscsi_config_add(config, ctx, buf, &d_config->num_vscsictrls, &d_config->vscsictrls)) ++ exit(1); ++ num_vscsi_items++; ++ } ++ } ++ + if (!xlu_cfg_get_list(config, "vtpm", &vtpms, 0, 0)) { + d_config->num_vtpms = 0; + d_config->vtpms = NULL; +Index: xen-4.13.0-testing/tools/xl/xl_vscsi.c +=================================================================== +--- /dev/null ++++ xen-4.13.0-testing/tools/xl/xl_vscsi.c +@@ -0,0 +1,229 @@ ++/* ++ * Copyright 2009-2017 Citrix Ltd and other contributors ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU Lesser General Public License as published ++ * by the Free Software Foundation; version 2.1 only. with the special ++ * exception on linking described in file LICENSE. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU Lesser General Public License for more details. ++ */ ++ ++#include <stdlib.h> ++#include <stdio.h> ++ ++#include <libxl.h> ++#include <libxl_utils.h> ++#include <libxlutil.h> ++ ++#include "xl.h" ++#include "xl_utils.h" ++#include "xl_parse.h" ++ ++int main_vscsiattach(int argc, char **argv) ++{ ++ uint32_t domid; ++ int opt, rc; ++ XLU_Config *config = NULL; ++ libxl_device_vscsictrl ctrl, existing; ++ libxl_device_vscsidev dev; ++ bool found_existing = false; ++ char *str = NULL, *feat_buf = NULL; ++ char *json; ++ ++ SWITCH_FOREACH_OPT(opt, "", NULL, "scsi-attach", 1) { ++ /* No options */ ++ } ++ ++ if (argc < 4 || argc > 5) { ++ help("scsi-attach"); ++ return 1; ++ } ++ ++ if (libxl_domain_qualifier_to_domid(ctx, argv[optind], &domid) < 0) { ++ fprintf(stderr, "%s is an invalid domain identifier\n", argv[optind]); ++ return 1; ++ } ++ ++ optind++; ++ ++ if (argc == 5) ++ xasprintf(&feat_buf, ",%s", argv[4]); ++ ++ xasprintf(&str, "%s,%s%s", argv[2], argv[3], feat_buf ?: ""); ++ ++ libxl_device_vscsictrl_init(&existing); ++ libxl_device_vscsictrl_init(&ctrl); ++ libxl_device_vscsidev_init(&dev); ++ ++ config = xlu_cfg_init(stderr, "command line"); ++ if (!config) { ++ fprintf(stderr, "Failed to allocate for configuration\n"); ++ rc = 1; ++ goto out; ++ } ++ ++ /* Parse config string and store result */ ++ rc = xlu_vscsi_get_ctrl(config, ctx, domid, str, &ctrl, &dev, &existing, &found_existing); ++ if (rc < 0) ++ goto out; ++ ++ if (dryrun_only) { ++ libxl_device_vscsictrl *tmp = found_existing ? &existing : &ctrl; ++ libxl_device_vscsictrl_append_vscsidev(ctx, tmp , &dev); ++ json = libxl_device_vscsictrl_to_json(ctx, tmp); ++ printf("vscsi: %s\n", json); ++ free(json); ++ if (ferror(stdout) || fflush(stdout)) { perror("stdout"); exit(-1); } ++ rc = 0; ++ goto out; ++ } ++ ++ /* Finally add the device */ ++ if (found_existing) { ++ if (libxl_device_vscsidev_add(ctx, domid, &dev, NULL)) { ++ fprintf(stderr, "libxl_device_vscsidev_add failed\n"); ++ rc = 1; ++ goto out; ++ } ++ } else { ++ libxl_device_vscsictrl_append_vscsidev(ctx, &ctrl, &dev); ++ if (libxl_device_vscsictrl_add(ctx, domid, &ctrl, NULL)) { ++ fprintf(stderr, "libxl_device_vscsictrl_add failed.\n"); ++ rc = 1; ++ goto out; ++ } ++ } ++ ++ rc = 0; ++out: ++ if (config) ++ xlu_cfg_destroy(config); ++ libxl_device_vscsictrl_dispose(&existing); ++ libxl_device_vscsictrl_dispose(&ctrl); ++ libxl_device_vscsidev_dispose(&dev); ++ free(str); ++ free(feat_buf); ++ return rc; ++} ++ ++int main_vscsilist(int argc, char **argv) ++{ ++ int opt; ++ uint32_t domid; ++ libxl_device_vscsictrl *vscsictrls; ++ libxl_vscsiinfo vscsiinfo; ++ int num_ctrls, h, d; ++ ++ SWITCH_FOREACH_OPT(opt, "", NULL, "scsi-list", 1) { ++ /* No options */ ++ } ++ if (argc < 2) { ++ help("scsi-list"); ++ return 1; ++ } ++ ++ /* Idx BE state ctrl p_hst v_hst state */ ++ printf("%-3s %-3s %-5s %-5s %-10s %-10s %-5s\n", ++ "Idx", "BE", "state", "ctrl", "phy-hctl", "vir-hctl", "devstate"); ++ for (argv += optind, argc -= optind; argc > 0; --argc, ++argv) { ++ if (libxl_domain_qualifier_to_domid(ctx, *argv, &domid) < 0) { ++ fprintf(stderr, "%s is an invalid domain identifier\n", *argv); ++ continue; ++ } ++ vscsictrls = libxl_device_vscsictrl_list(ctx, domid, &num_ctrls); ++ if (!vscsictrls) ++ continue; ++ ++ for (h = 0; h < num_ctrls; ++h) { ++ for (d = 0; d < vscsictrls[h].num_vscsidevs; d++) { ++ if (!libxl_device_vscsictrl_getinfo(ctx, domid, &vscsictrls[h], ++ &vscsictrls[h].vscsidevs[d], ++ &vscsiinfo)) { ++ char pdev[64], vdev[64]; ++ unsigned long long lun; ++ switch (vscsiinfo.pdev.type) { ++ case LIBXL_VSCSI_PDEV_TYPE_HCTL: ++ lun = vscsiinfo.pdev.u.hctl.m.lun; ++ snprintf(pdev, sizeof(pdev), "%u:%u:%u:%llu", ++ vscsiinfo.pdev.u.hctl.m.hst, ++ vscsiinfo.pdev.u.hctl.m.chn, ++ vscsiinfo.pdev.u.hctl.m.tgt, ++ lun); ++ break; ++ case LIBXL_VSCSI_PDEV_TYPE_WWN: ++ snprintf(pdev, sizeof(pdev), "%s", ++ vscsiinfo.pdev.u.wwn.m); ++ break; ++ default: ++ pdev[0] = '\0'; ++ break; ++ } ++ lun = vscsiinfo.vdev.lun; ++ snprintf(vdev, sizeof(vdev), "%u:%u:%u:%llu", ++ vscsiinfo.vdev.hst, ++ vscsiinfo.vdev.chn, ++ vscsiinfo.vdev.tgt, ++ lun); ++ /* Idx BE state Sta */ ++ printf("%-3d %-3d %-5d %-5d %-10s %-10s %d\n", ++ vscsiinfo.devid, ++ vscsiinfo.backend_id, ++ vscsiinfo.vscsictrl_state, ++ vscsiinfo.backend_id, ++ pdev, vdev, ++ vscsiinfo.vscsidev_state); ++ ++ } ++ libxl_vscsiinfo_dispose(&vscsiinfo); ++ } ++ libxl_device_vscsictrl_dispose(&vscsictrls[h]); ++ } ++ free(vscsictrls); ++ ++ } ++ ++ return 0; ++} ++ ++int main_vscsidetach(int argc, char **argv) ++{ ++ int opt; ++ char *dom = argv[1], *str = argv[2]; ++ uint32_t domid; ++ XLU_Config *config = NULL; ++ int rc = 0; ++ ++ SWITCH_FOREACH_OPT(opt, "", NULL, "scsi-detach", 1) { ++ /* No options */ ++ } ++ ++ if (argc < 3) { ++ help("scsi-detach"); ++ return 1; ++ } ++ ++ if (libxl_domain_qualifier_to_domid(ctx, dom, &domid) < 0) { ++ fprintf(stderr, "%s is an invalid domain identifier\n", dom); ++ return 1; ++ } ++ ++ config = xlu_cfg_init(stderr, "command line"); ++ if (!config) { ++ fprintf(stderr, "Failed to allocate for configuration\n"); ++ goto out; ++ } ++ ++ rc = xlu_vscsi_detach(config, ctx, domid, str); ++ if (rc) ++ fprintf(stderr, "scsi-detach %s %s failed: %d\n", dom, str, rc); ++ ++out: ++ if (config) ++ xlu_cfg_destroy(config); ++ return !!rc; ++} ++ +Index: xen-4.13.0-testing/tools/xl/xl_cmdtable.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/xl/xl_cmdtable.c ++++ xen-4.13.0-testing/tools/xl/xl_cmdtable.c +@@ -368,6 +368,21 @@ struct cmd_spec cmd_table[] = { + "Destroy a domain's virtual block device", + "<Domain> <DevId>", + }, ++ { "scsi-attach", ++ &main_vscsiattach, 1, 1, ++ "Attach a dom0 SCSI device to a domain.", ++ "<Domain> <PhysDevice> <VirtDevice>", ++ }, ++ { "scsi-list", ++ &main_vscsilist, 0, 0, ++ "List all dom0 SCSI devices currently attached to a domain.", ++ "<Domain(s)>", ++ }, ++ { "scsi-detach", ++ &main_vscsidetach, 0, 1, ++ "Detach a specified SCSI device from a domain.", ++ "<Domain> <VirtDevice>", ++ }, + { "vtpm-attach", + &main_vtpmattach, 1, 1, + "Create a new virtual TPM device", diff --git a/libxl.set-migration-constraints-from-cmdline.patch b/libxl.set-migration-constraints-from-cmdline.patch new file mode 100644 index 0000000..8c3343a --- /dev/null +++ b/libxl.set-migration-constraints-from-cmdline.patch @@ -0,0 +1,579 @@ +From 77deb80879859ed279e24a790ec08e9c5d37dd0e Mon Sep 17 00:00:00 2001 +From: Olaf Hering <olaf@aepfle.de> +Date: Wed, 5 Feb 2014 14:37:53 +0100 +Subject: libxl: set migration constraints from cmdline + +Add new options to xl migrate to control the process of migration. +The intention is to optionally abort the migration if it takes too long +to migrate a busy guest due to the high number of new dirty pages. +Currently the guest is suspended to transfer the remaining dirty pages. +The suspend/resume cycle will cause a time jump. This transfer can take +a long time, which can confuse the guest if the time jump is too far. +The new options allow to override the built-in default values, which are +not changed by this patch. + +--max_iters <number> Number of iterations before final suspend (default: 30) + +--max_factor <factor> Max amount of memory to transfer before final suspend (default: 3*RAM) + +--min_remaing <pages> Number of dirty pages before stop© (default: 50) + +--abort_if_busy Abort migration instead of doing final suspend. + +The changes to libxl change the API, handle LIBXL_API_VERSION == 0x040200. + +v8: + - merge --min_remaing changes + - tools/libxc: print stats if migration is aborted + - use special _suse version of lib calls to preserve ABI + +v7: + - remove short options + - update description of --abort_if_busy in xl.1 + - extend description of --abort_if_busy in xl help + - add comment to libxl_domain_suspend declaration, props is optional + +v6: + - update the LIBXL_API_VERSION handling for libxl_domain_suspend + change it to an inline function if LIBXL_API_VERSION is defined to 4.2.0 + - rename libxl_save_properties to libxl_domain_suspend_properties + - rename ->xlflags to ->flags within that struct + +v5: + - adjust libxl_domain_suspend prototype, move flags, max_iters, + max_factor into a new, optional struct libxl_save_properties + - rename XCFLAGS_DOMSAVE_NOSUSPEND to XCFLAGS_DOMSAVE_ABORT_IF_BUSY + - rename LIBXL_SUSPEND_NO_FINAL_SUSPEND to LIBXL_SUSPEND_ABORT_IF_BUSY + - rename variables no_suspend to abort_if_busy + - rename option -N/--no_suspend to -A/--abort_if_busy + - update xl.1, extend description of -A option + +v4: + - update default for no_suspend from None to 0 in XendCheckpoint.py:save + - update logoutput in setMigrateConstraints + - change xm migrate defaults from None to 0 + - add new options to xl.1 + - fix syntax error in XendDomain.py:domain_migrate_constraints_set + - fix xm migrate -N option name to match xl migrate + +v3: + - move logic errors in libxl__domain_suspend and fixed help text in + cmd_table to separate patches + - fix syntax error in XendCheckpoint.py + - really pass max_iters and max_factor in libxl__xc_domain_save + - make libxl_domain_suspend_0x040200 declaration globally visible + - bump libxenlight.so SONAME from 2.0 to 2.1 due to changed + libxl_domain_suspend + +v2: + - use LIBXL_API_VERSION and define libxl_domain_suspend_0x040200 + - fix logic error in min_reached check in xc_domain_save + - add longopts + - update --help text + - correct description of migrate --help text + +Signed-off-by: Olaf Hering <olaf@aepfle.de> +--- + docs/man/xl.pod.1 | 20 +++++++++++++++++++ + tools/libxc/include/xenguest.h | 7 ++++++ + tools/libxc/xc_nomigrate.c | 10 +++++++++ + tools/libxc/xc_sr_common.h | 1 + tools/libxc/xc_sr_save.c | 22 +++++++++++++++------ + tools/libxl/libxl.c | 29 ++++++++++++++++++++++++---- + tools/libxl/libxl.h | 15 ++++++++++++++ + tools/libxl/libxl_dom_save.c | 1 + tools/libxl/libxl_internal.h | 4 +++ + tools/libxl/libxl_save_callout.c | 4 ++- + tools/libxl/libxl_save_helper.c | 8 ++++--- + tools/libxl/xl_cmdimpl.c | 40 +++++++++++++++++++++++++++++++++------ + tools/libxl/xl_cmdtable.c | 23 ++++++++++++++-------- + 13 files changed, 156 insertions(+), 28 deletions(-) + +Index: xen-4.13.0-testing/docs/man/xl.1.pod.in +=================================================================== +--- xen-4.13.0-testing.orig/docs/man/xl.1.pod.in ++++ xen-4.13.0-testing/docs/man/xl.1.pod.in +@@ -490,6 +490,26 @@ Display huge (!) amount of debug informa + + Leave the domain on the receive side paused after migration. + ++=item B<--max_iters> I<number> ++ ++Number of iterations before final suspend (default: 30) ++ ++=item B<--max_factor> I<factor> ++ ++Max amount of memory to transfer before final suspend (default: 3*RAM) ++ ++=item B<--min_remaining> ++ ++Number of remaining dirty pages. If the number of dirty pages drops that ++low the guest is suspended and the remaing pages are transfered to <host>. ++ ++=item B<--abort_if_busy> ++ ++Abort migration instead of doing final suspend/transfer/resume if the ++guest has still dirty pages after the number of iterations and/or the ++amount of RAM transferred. This avoids long periods of time where the ++guest is suspended. ++ + =back + + =item B<remus> [I<OPTIONS>] I<domain-id> I<host> +Index: xen-4.13.0-testing/tools/libxc/include/xenguest.h +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxc/include/xenguest.h ++++ xen-4.13.0-testing/tools/libxc/include/xenguest.h +@@ -29,6 +29,7 @@ + #define XCFLAGS_HVM (1 << 2) + #define XCFLAGS_STDVGA (1 << 3) + #define XCFLAGS_CHECKPOINT_COMPRESS (1 << 4) ++#define XCFLAGS_DOMSAVE_ABORT_IF_BUSY (1 << 5) + + #define X86_64_B_SIZE 64 + #define X86_32_B_SIZE 32 +@@ -131,10 +132,20 @@ typedef enum { + * doesn't use checkpointing + * @return 0 on success, -1 on failure + */ ++int xc_domain_save_suse(xc_interface *xch, int io_fd, uint32_t dom, uint32_t max_iters, ++ uint32_t max_factor, uint32_t flags /* XCFLAGS_xxx */, ++ uint32_t min_remaining, ++ struct save_callbacks* callbacks, int hvm, ++ xc_migration_stream_t stream_type, int recv_fd); ++static inline + int xc_domain_save(xc_interface *xch, int io_fd, uint32_t dom, + uint32_t flags /* XCFLAGS_xxx */, + struct save_callbacks* callbacks, int hvm, +- xc_migration_stream_t stream_type, int recv_fd); ++ xc_migration_stream_t stream_type, int recv_fd) ++{ ++ return xc_domain_save_suse(xch,io_fd,dom,0,0,flags,0,callbacks,hvm,stream_type,recv_fd); ++} ++ + + /* callbacks provided by xc_domain_restore */ + struct restore_callbacks { +Index: xen-4.13.0-testing/tools/libxc/xc_nomigrate.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxc/xc_nomigrate.c ++++ xen-4.13.0-testing/tools/libxc/xc_nomigrate.c +@@ -20,9 +20,11 @@ + #include <xenctrl.h> + #include <xenguest.h> + +-int xc_domain_save(xc_interface *xch, int io_fd, uint32_t dom, uint32_t flags, +- struct save_callbacks* callbacks, int hvm, +- xc_migration_stream_t stream_type, int recv_fd) ++int xc_domain_save_suse(xc_interface *xch, int io_fd, uint32_t dom, uint32_t max_iters, ++ uint32_t max_factor, uint32_t flags, ++ uint32_t min_remaining, ++ struct save_callbacks* callbacks, int hvm, ++ xc_migration_stream_t stream_type, int recv_fd) + { + errno = ENOSYS; + return -1; +Index: xen-4.13.0-testing/tools/libxc/xc_sr_save.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxc/xc_sr_save.c ++++ xen-4.13.0-testing/tools/libxc/xc_sr_save.c +@@ -525,6 +525,11 @@ static int send_memory_live(struct xc_sr + policy_decision = precopy_policy(*policy_stats, data); + x++; + ++ if ( policy_decision == XGS_POLICY_ABORT ) ++ { ++ rc = -1; ++ break; ++ } + if ( stats.dirty_count > 0 && policy_decision != XGS_POLICY_ABORT ) + { + rc = update_progress_string(ctx, &progress_str); +@@ -545,6 +550,11 @@ static int send_memory_live(struct xc_sr + + policy_decision = precopy_policy(*policy_stats, data); + ++ if ( policy_decision == XGS_POLICY_ABORT ) ++ { ++ rc = -1; ++ break; ++ } + if ( policy_decision != XGS_POLICY_CONTINUE_PRECOPY ) + break; + +@@ -965,9 +975,71 @@ static int save(struct xc_sr_context *ct + return rc; + }; + +-int xc_domain_save(xc_interface *xch, int io_fd, uint32_t dom, +- uint32_t flags, struct save_callbacks* callbacks, +- int hvm, xc_migration_stream_t stream_type, int recv_fd) ++static struct suse_flags { ++ struct xc_sr_context *ctx; ++ unsigned long cnt; ++ uint32_t max_iters; ++ unsigned long max_factor; ++ long min_remaining; ++ long dirty_count; ++ uint32_t abort_if_busy; ++} suse_flags; ++ ++static int suse_precopy_policy(struct precopy_stats stats, void *user) ++{ ++ xc_interface *xch = suse_flags.ctx->xch; ++ ++ suse_flags.cnt++; ++ errno = 0; ++ DBGPRINTF("%s: domU %u: #%lu iteration %u total_written %u dirty_count %ld", ++ __func__, suse_flags.ctx->domid, suse_flags.cnt, stats.iteration, stats.total_written, stats.dirty_count); ++ ++ if ( stats.dirty_count >= 0 ) ++ suse_flags.dirty_count = stats.dirty_count; ++ ++ /* Stop loop after N iterations */ ++ if ( stats.iteration > suse_flags.max_iters ) ++ { ++ IPRINTF("%s: domU %u, too many iterations (%u/%u)", ++ __func__, suse_flags.ctx->domid, stats.iteration, suse_flags.max_iters); ++ goto out; ++ } ++ /* Suspend domU in case only few dirty pages remain */ ++ if ( stats.dirty_count >= 0 && stats.dirty_count < suse_flags.min_remaining ) ++ { ++ IPRINTF("%s: domU %u, dirty_count reached (%ld/%ld)", ++ __func__, suse_flags.ctx->domid, stats.dirty_count, suse_flags.min_remaining); ++ goto suspend; ++ } ++ /* Stop loop if too much memory was transfered (formula incorrect for ballooned domU) */ ++ if ( stats.total_written > suse_flags.max_factor * suse_flags.ctx->save.p2m_size ) ++ { ++ IPRINTF("%s: domU %u, too much memory transfered (%u/%lu)", ++ __func__, suse_flags.ctx->domid, stats.total_written, suse_flags.max_factor * suse_flags.ctx->save.p2m_size); ++ goto out; ++ } ++ /* Keep going */ ++ return XGS_POLICY_CONTINUE_PRECOPY; ++ ++out: ++ if ( suse_flags.abort_if_busy ) ++ { ++ errno = EBUSY; ++ PERROR("%s: domU %u busy, dirty pages %ld/%lu after %u iterations, %u pages transfered", ++ __func__, suse_flags.ctx->domid, ++ suse_flags.dirty_count, suse_flags.ctx->save.p2m_size, ++ stats.iteration, stats.total_written); ++ return XGS_POLICY_ABORT; ++ } ++suspend: ++ return XGS_POLICY_STOP_AND_COPY; ++} ++ ++int xc_domain_save_suse(xc_interface *xch, int io_fd, uint32_t dom, ++ uint32_t max_iters, uint32_t max_factor, uint32_t flags, ++ uint32_t min_remaining, ++ struct save_callbacks* callbacks, int hvm, ++ xc_migration_stream_t stream_type, int recv_fd) + { + struct xc_sr_context ctx = + { +@@ -982,6 +1054,19 @@ int xc_domain_save(xc_interface *xch, in + ctx.save.checkpointed = stream_type; + ctx.save.recv_fd = recv_fd; + ++ if ( callbacks->precopy_policy ) ++ { ++ errno = EBUSY; ++ PERROR("%s: precopy_policy already set (%p)", __func__, callbacks->precopy_policy); ++ return -1; ++ } ++ callbacks->precopy_policy = suse_precopy_policy; ++ suse_flags.ctx = &ctx; ++ suse_flags.max_iters = max_iters ? : 5; ++ suse_flags.max_factor = max_factor ? : 3; ++ suse_flags.min_remaining = min_remaining ? : 50; ++ suse_flags.abort_if_busy = !!(flags & XCFLAGS_DOMSAVE_ABORT_IF_BUSY); ++ + /* If altering migration_stream update this assert too. */ + assert(stream_type == XC_MIG_STREAM_NONE || + stream_type == XC_MIG_STREAM_REMUS || +Index: xen-4.13.0-testing/tools/libxl/libxl.h +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl.h ++++ xen-4.13.0-testing/tools/libxl/libxl.h +@@ -1647,8 +1647,23 @@ int libxl_domain_suspend(libxl_ctx *ctx, + int flags, /* LIBXL_SUSPEND_* */ + const libxl_asyncop_how *ao_how) + LIBXL_EXTERNAL_CALLERS_ONLY; ++ ++typedef struct { ++ int flags; /* LIBXL_SUSPEND_* */ ++ int max_iters; ++ int max_factor; ++ int min_remaining; ++} libxl_domain_suspend_suse_properties; ++ ++#define LIBXL_HAVE_DOMAIN_SUSPEND_SUSE ++int libxl_domain_suspend_suse(libxl_ctx *ctx, uint32_t domid, int fd, ++ const libxl_domain_suspend_suse_properties *props, /* optional */ ++ const libxl_asyncop_how *ao_how) ++ LIBXL_EXTERNAL_CALLERS_ONLY; ++ + #define LIBXL_SUSPEND_DEBUG 1 + #define LIBXL_SUSPEND_LIVE 2 ++#define LIBXL_SUSPEND_ABORT_IF_BUSY 4 + + /* + * Only suspend domain, do not save its state to file, do not destroy it. +Index: xen-4.13.0-testing/tools/libxl/libxl_dom_save.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_dom_save.c ++++ xen-4.13.0-testing/tools/libxl/libxl_dom_save.c +@@ -423,6 +423,7 @@ void libxl__domain_save(libxl__egc *egc, + + dss->xcflags = (live ? XCFLAGS_LIVE : 0) + | (debug ? XCFLAGS_DEBUG : 0) ++ | (dss->xlflags & LIBXL_SUSPEND_ABORT_IF_BUSY ? XCFLAGS_DOMSAVE_ABORT_IF_BUSY : 0) + | (dss->hvm ? XCFLAGS_HVM : 0); + + /* Disallow saving a guest with vNUMA configured because migration +Index: xen-4.13.0-testing/tools/libxl/libxl_domain.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_domain.c ++++ xen-4.13.0-testing/tools/libxl/libxl_domain.c +@@ -503,8 +503,9 @@ static void domain_suspend_cb(libxl__egc + + } + +-int libxl_domain_suspend(libxl_ctx *ctx, uint32_t domid, int fd, int flags, +- const libxl_asyncop_how *ao_how) ++static int do_libxl_domain_suspend(libxl_ctx *ctx, uint32_t domid, int fd, ++ const libxl_domain_suspend_suse_properties *props, ++ const libxl_asyncop_how *ao_how) + { + AO_CREATE(ctx, domid, ao_how); + int rc; +@@ -524,9 +525,15 @@ int libxl_domain_suspend(libxl_ctx *ctx, + dss->domid = domid; + dss->fd = fd; + dss->type = type; +- dss->live = flags & LIBXL_SUSPEND_LIVE; +- dss->debug = flags & LIBXL_SUSPEND_DEBUG; + dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE; ++ if (props) { ++ dss->live = props->flags & LIBXL_SUSPEND_LIVE; ++ dss->debug = props->flags & LIBXL_SUSPEND_DEBUG; ++ dss->max_iters = props->max_iters; ++ dss->max_factor = props->max_factor; ++ dss->min_remaining = props->min_remaining; ++ dss->xlflags = props->flags; ++ } + + rc = libxl__fd_flags_modify_save(gc, dss->fd, + ~(O_NONBLOCK|O_NDELAY), 0, +@@ -574,6 +581,20 @@ int libxl_domain_suspend_only(libxl_ctx + return AO_CREATE_FAIL(rc); + } + ++int libxl_domain_suspend_suse(libxl_ctx *ctx, uint32_t domid, int fd, ++ const libxl_domain_suspend_suse_properties *props, ++ const libxl_asyncop_how *ao_how) ++{ ++ return do_libxl_domain_suspend(ctx, domid, fd, props, ao_how); ++} ++ ++int libxl_domain_suspend(libxl_ctx *ctx, uint32_t domid, int fd, int flags, ++ const libxl_asyncop_how *ao_how) ++{ ++ libxl_domain_suspend_suse_properties props = { .flags = flags }; ++ return do_libxl_domain_suspend(ctx, domid, fd, &props, ao_how); ++} ++ + int libxl_domain_pause(libxl_ctx *ctx, uint32_t domid, + const libxl_asyncop_how *ao_how) + { +Index: xen-4.13.0-testing/tools/libxl/libxl_internal.h +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_internal.h ++++ xen-4.13.0-testing/tools/libxl/libxl_internal.h +@@ -3596,6 +3596,10 @@ struct libxl__domain_save_state { + /* private */ + int rc; + int hvm; ++ int max_iters; ++ int max_factor; ++ int min_remaining; ++ int xlflags; + int xcflags; + libxl__domain_suspend_state dsps; + union { +Index: xen-4.13.0-testing/tools/libxl/libxl_save_callout.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_save_callout.c ++++ xen-4.13.0-testing/tools/libxl/libxl_save_callout.c +@@ -89,7 +89,9 @@ void libxl__xc_domain_save(libxl__egc *e + libxl__srm_callout_enumcallbacks_save(&shs->callbacks.save.a); + + const unsigned long argnums[] = { +- dss->domid, dss->xcflags, dss->hvm, cbflags, ++ dss->domid, ++ dss->max_iters, dss->max_factor, dss->min_remaining, ++ dss->xcflags, dss->hvm, cbflags, + dss->checkpointed_stream, + }; + +Index: xen-4.13.0-testing/tools/libxl/libxl_save_helper.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_save_helper.c ++++ xen-4.13.0-testing/tools/libxl/libxl_save_helper.c +@@ -251,6 +251,9 @@ int main(int argc, char **argv) + io_fd = atoi(NEXTARG); + recv_fd = atoi(NEXTARG); + uint32_t dom = strtoul(NEXTARG,0,10); ++ uint32_t max_iters = strtoul(NEXTARG,0,10); ++ uint32_t max_factor = strtoul(NEXTARG,0,10); ++ uint32_t min_remaining = strtoul(NEXTARG,0,10); + uint32_t flags = strtoul(NEXTARG,0,10); + int hvm = atoi(NEXTARG); + unsigned cbflags = strtoul(NEXTARG,0,10); +@@ -262,8 +265,10 @@ int main(int argc, char **argv) + startup("save"); + setup_signals(save_signal_handler); + +- r = xc_domain_save(xch, io_fd, dom, flags, &helper_save_callbacks, +- hvm, stream_type, recv_fd); ++ r = xc_domain_save_suse(xch, io_fd, dom, max_iters, max_factor, flags, ++ min_remaining, ++ &helper_save_callbacks, hvm, stream_type, ++ recv_fd); + complete(r); + + } else if (!strcmp(mode,"--restore-domain")) { +Index: xen-4.13.0-testing/tools/xl/xl_cmdtable.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/xl/xl_cmdtable.c ++++ xen-4.13.0-testing/tools/xl/xl_cmdtable.c +@@ -159,15 +159,22 @@ struct cmd_spec cmd_table[] = { + &main_migrate, 0, 1, + "Migrate a domain to another host", + "[options] <Domain> <host>", +- "-h Print this help.\n" +- "-C <config> Send <config> instead of config file from creation.\n" +- "-s <sshcommand> Use <sshcommand> instead of ssh. String will be passed\n" +- " to sh. If empty, run <host> instead of ssh <host> xl\n" +- " migrate-receive [-d -e]\n" +- "-e Do not wait in the background (on <host>) for the death\n" +- " of the domain.\n" +- "--debug Print huge (!) amount of debug during the migration process.\n" +- "-p Do not unpause domain after migrating it." ++ "-h Print this help.\n" ++ "-C <config> Send <config> instead of config file from creation.\n" ++ "-s <sshcommand> Use <sshcommand> instead of ssh. String will be passed\n" ++ " to sh. If empty, run <host> instead of ssh <host> xl\n" ++ " migrate-receive [-d -e]\n" ++ "-e Do not wait in the background (on <host>) for the death\n" ++ " of the domain.\n" ++ "--debug Print huge (!) amount of debug during the migration process.\n" ++ "-p Do not unpause domain after migrating it.\n" ++ "\n" ++ "SUSE Linux specific options:\n" ++ "--max_iters <number> Number of iterations before final suspend (default: 30)\n" ++ "--max_factor <factor> Max amount of memory to transfer before final suspend (default: 3*RAM).\n" ++ "--min_remaining <pages> Number of remaining dirty pages before final suspend (default: 50).\n" ++ "--abort_if_busy Abort migration instead of doing final suspend, if number\n" ++ " of iterations or amount of transfered memory is exceeded." + }, + { "restore", + &main_restore, 0, 1, +Index: xen-4.13.0-testing/tools/xl/xl_migrate.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/xl/xl_migrate.c ++++ xen-4.13.0-testing/tools/xl/xl_migrate.c +@@ -177,6 +177,8 @@ static void migrate_do_preamble(int send + } + + static void migrate_domain(uint32_t domid, const char *rune, int debug, ++ int max_iters, int max_factor, ++ int min_remaining, int abort_if_busy, + const char *override_config_file) + { + pid_t child = -1; +@@ -185,7 +187,13 @@ static void migrate_domain(uint32_t domi + char *away_domname; + char rc_buf; + uint8_t *config_data; +- int config_len, flags = LIBXL_SUSPEND_LIVE; ++ int config_len; ++ libxl_domain_suspend_suse_properties props = { ++ .flags = LIBXL_SUSPEND_LIVE, ++ .max_iters = max_iters, ++ .max_factor = max_factor, ++ .min_remaining = min_remaining, ++ }; + + save_domain_core_begin(domid, override_config_file, + &config_data, &config_len); +@@ -204,10 +212,12 @@ static void migrate_domain(uint32_t domi + xtl_stdiostream_adjust_flags(logger, XTL_STDIOSTREAM_HIDE_PROGRESS, 0); + + if (debug) +- flags |= LIBXL_SUSPEND_DEBUG; +- rc = libxl_domain_suspend(ctx, domid, send_fd, flags, NULL); ++ props.flags |= LIBXL_SUSPEND_DEBUG; ++ if (abort_if_busy) ++ props.flags |= LIBXL_SUSPEND_ABORT_IF_BUSY; ++ rc = libxl_domain_suspend_suse(ctx, domid, send_fd, &props, NULL); + if (rc) { +- fprintf(stderr, "migration sender: libxl_domain_suspend failed" ++ fprintf(stderr, "migration sender: libxl_domain_suspend_suse failed" + " (rc=%d)\n", rc); + if (rc == ERROR_GUEST_TIMEDOUT) + goto failed_suspend; +@@ -537,13 +547,18 @@ int main_migrate(int argc, char **argv) + char *rune = NULL; + char *host; + int opt, daemonize = 1, monitor = 1, debug = 0, pause_after_migration = 0; ++ int max_iters = 0, max_factor = 0, min_remaining = 0, abort_if_busy = 0; + static struct option opts[] = { + {"debug", 0, 0, 0x100}, ++ {"max_iters", 1, 0, 0x101}, ++ {"max_factor", 1, 0, 0x102}, ++ {"min_remaining", 1, 0, 0x103}, ++ {"abort_if_busy", 0, 0, 0x104}, + {"live", 0, 0, 0x200}, + COMMON_LONG_OPTS + }; + +- SWITCH_FOREACH_OPT(opt, "FC:s:ep", opts, "migrate", 2) { ++ SWITCH_FOREACH_OPT(opt, "FC:s:epM:m:A", opts, "migrate", 2) { + case 'C': + config_filename = optarg; + break; +@@ -563,6 +578,18 @@ int main_migrate(int argc, char **argv) + case 0x100: /* --debug */ + debug = 1; + break; ++ case 0x101: ++ max_iters = atoi(optarg); ++ break; ++ case 0x102: ++ max_factor = atoi(optarg); ++ break; ++ case 0x103: ++ min_remaining = atoi(optarg); ++ break; ++ case 0x104: ++ abort_if_busy = 1; ++ break; + case 0x200: /* --live */ + /* ignored for compatibility with xm */ + break; +@@ -596,7 +623,8 @@ int main_migrate(int argc, char **argv) + pause_after_migration ? " -p" : ""); + } + +- migrate_domain(domid, rune, debug, config_filename); ++ migrate_domain(domid, rune, debug, max_iters, max_factor, min_remaining, ++ abort_if_busy, config_filename); + return EXIT_SUCCESS; + } + diff --git a/logrotate.conf b/logrotate.conf new file mode 100644 index 0000000..4b0bfe7 --- /dev/null +++ b/logrotate.conf @@ -0,0 +1,17 @@ +compress +missingok +notifempty + +/var/log/xen/xen-hotplug.log { + rotate 2 + size 100k + copytruncate +} + +/var/log/xen/xl-*.log /var/log/xen/qemu-dm-*.log /var/log/xen/console/*.log { + rotate 4 + dateext + dateformat -%Y%m%d-%H%M + size 2M + copytruncate +} diff --git a/migration-python3-conversion.patch b/migration-python3-conversion.patch new file mode 100644 index 0000000..948b725 --- /dev/null +++ b/migration-python3-conversion.patch @@ -0,0 +1,122 @@ +Index: xen-4.10.0-testing/tools/python/xen/migration/legacy.py +=================================================================== +--- xen-4.10.0-testing.orig/tools/python/xen/migration/legacy.py ++++ xen-4.10.0-testing/tools/python/xen/migration/legacy.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + # -*- coding: utf-8 -*- + + """ +Index: xen-4.10.0-testing/tools/python/xen/migration/libxc.py +=================================================================== +--- xen-4.10.0-testing.orig/tools/python/xen/migration/libxc.py ++++ xen-4.10.0-testing/tools/python/xen/migration/libxc.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + # -*- coding: utf-8 -*- + + """ +@@ -87,23 +87,23 @@ rec_type_to_str = { + + # page_data + PAGE_DATA_FORMAT = "II" +-PAGE_DATA_PFN_MASK = (long(1) << 52) - 1 +-PAGE_DATA_PFN_RESZ_MASK = ((long(1) << 60) - 1) & ~((long(1) << 52) - 1) ++PAGE_DATA_PFN_MASK = (int(1) << 52) - 1 ++PAGE_DATA_PFN_RESZ_MASK = ((int(1) << 60) - 1) & ~((int(1) << 52) - 1) + + # flags from xen/public/domctl.h: XEN_DOMCTL_PFINFO_* shifted by 32 bits + PAGE_DATA_TYPE_SHIFT = 60 +-PAGE_DATA_TYPE_LTABTYPE_MASK = (long(0x7) << PAGE_DATA_TYPE_SHIFT) +-PAGE_DATA_TYPE_LTAB_MASK = (long(0xf) << PAGE_DATA_TYPE_SHIFT) +-PAGE_DATA_TYPE_LPINTAB = (long(0x8) << PAGE_DATA_TYPE_SHIFT) # Pinned pagetable +- +-PAGE_DATA_TYPE_NOTAB = (long(0x0) << PAGE_DATA_TYPE_SHIFT) # Regular page +-PAGE_DATA_TYPE_L1TAB = (long(0x1) << PAGE_DATA_TYPE_SHIFT) # L1 pagetable +-PAGE_DATA_TYPE_L2TAB = (long(0x2) << PAGE_DATA_TYPE_SHIFT) # L2 pagetable +-PAGE_DATA_TYPE_L3TAB = (long(0x3) << PAGE_DATA_TYPE_SHIFT) # L3 pagetable +-PAGE_DATA_TYPE_L4TAB = (long(0x4) << PAGE_DATA_TYPE_SHIFT) # L4 pagetable +-PAGE_DATA_TYPE_BROKEN = (long(0xd) << PAGE_DATA_TYPE_SHIFT) # Broken +-PAGE_DATA_TYPE_XALLOC = (long(0xe) << PAGE_DATA_TYPE_SHIFT) # Allocate-only +-PAGE_DATA_TYPE_XTAB = (long(0xf) << PAGE_DATA_TYPE_SHIFT) # Invalid ++PAGE_DATA_TYPE_LTABTYPE_MASK = (int(0x7) << PAGE_DATA_TYPE_SHIFT) ++PAGE_DATA_TYPE_LTAB_MASK = (int(0xf) << PAGE_DATA_TYPE_SHIFT) ++PAGE_DATA_TYPE_LPINTAB = (int(0x8) << PAGE_DATA_TYPE_SHIFT) # Pinned pagetable ++ ++PAGE_DATA_TYPE_NOTAB = (int(0x0) << PAGE_DATA_TYPE_SHIFT) # Regular page ++PAGE_DATA_TYPE_L1TAB = (int(0x1) << PAGE_DATA_TYPE_SHIFT) # L1 pagetable ++PAGE_DATA_TYPE_L2TAB = (int(0x2) << PAGE_DATA_TYPE_SHIFT) # L2 pagetable ++PAGE_DATA_TYPE_L3TAB = (int(0x3) << PAGE_DATA_TYPE_SHIFT) # L3 pagetable ++PAGE_DATA_TYPE_L4TAB = (int(0x4) << PAGE_DATA_TYPE_SHIFT) # L4 pagetable ++PAGE_DATA_TYPE_BROKEN = (int(0xd) << PAGE_DATA_TYPE_SHIFT) # Broken ++PAGE_DATA_TYPE_XALLOC = (int(0xe) << PAGE_DATA_TYPE_SHIFT) # Allocate-only ++PAGE_DATA_TYPE_XTAB = (int(0xf) << PAGE_DATA_TYPE_SHIFT) # Invalid + + # x86_pv_info + X86_PV_INFO_FORMAT = "BBHI" +Index: xen-4.10.0-testing/tools/python/xen/migration/libxl.py +=================================================================== +--- xen-4.10.0-testing.orig/tools/python/xen/migration/libxl.py ++++ xen-4.10.0-testing/tools/python/xen/migration/libxl.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + # -*- coding: utf-8 -*- + + """ +Index: xen-4.10.0-testing/tools/python/xen/migration/public.py +=================================================================== +--- xen-4.10.0-testing.orig/tools/python/xen/migration/public.py ++++ xen-4.10.0-testing/tools/python/xen/migration/public.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + # -*- coding: utf-8 -*- + + """ +Index: xen-4.10.0-testing/tools/python/xen/migration/tests.py +=================================================================== +--- xen-4.10.0-testing.orig/tools/python/xen/migration/tests.py ++++ xen-4.10.0-testing/tools/python/xen/migration/tests.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + # -*- coding: utf-8 -*- + + """ +Index: xen-4.10.0-testing/tools/python/xen/migration/verify.py +=================================================================== +--- xen-4.10.0-testing.orig/tools/python/xen/migration/verify.py ++++ xen-4.10.0-testing/tools/python/xen/migration/verify.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + # -*- coding: utf-8 -*- + + """ +@@ -7,11 +7,11 @@ Common verification infrastructure for v + + from struct import calcsize, unpack + +-class StreamError(StandardError): ++class StreamError(Exception): + """Error with the stream""" + pass + +-class RecordError(StandardError): ++class RecordError(Exception): + """Error with a record in the stream""" + pass + +Index: xen-4.10.0-testing/tools/python/xen/migration/xl.py +=================================================================== +--- xen-4.10.0-testing.orig/tools/python/xen/migration/xl.py ++++ xen-4.10.0-testing/tools/python/xen/migration/xl.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + # -*- coding: utf-8 -*- + + """ diff --git a/pygrub-boot-legacy-sles.patch b/pygrub-boot-legacy-sles.patch new file mode 100644 index 0000000..47aed22 --- /dev/null +++ b/pygrub-boot-legacy-sles.patch @@ -0,0 +1,63 @@ +Index: xen-4.13.0-testing/tools/pygrub/src/pygrub +=================================================================== +--- xen-4.13.0-testing.orig/tools/pygrub/src/pygrub ++++ xen-4.13.0-testing/tools/pygrub/src/pygrub +@@ -453,7 +453,7 @@ class Grub: + self.cf.filename = f + break + if self.__dict__.get('cf', None) is None: +- raise RuntimeError("couldn't find bootloader config file in the image provided.") ++ return + f = fs.open_file(self.cf.filename) + # limit read size to avoid pathological cases + buf = f.read(FS_READ_MAX) +@@ -628,6 +628,20 @@ def run_grub(file, entry, fs, cfg_args): + + g = Grub(file, fs) + ++ # If missing config or grub has no menu entries to select, look for ++ # vmlinuz-xen and initrd-xen in /boot ++ if g.__dict__.get('cf', None) is None or len(g.cf.images) == 0 or re.search(r"xen(-pae)?\.gz",g.cf.images[0].kernel[1]): ++ if not list_entries: ++ chosencfg = { "kernel": None, "ramdisk": None, "args": "" } ++ chosencfg = sniff_xen_kernel(fs, incfg) ++ if chosencfg["kernel"] and chosencfg["ramdisk"]: ++ chosencfg["args"] = cfg_args ++ return chosencfg ++ if g.__dict__.get('cf', None) is None: ++ raise RuntimeError("couldn't find bootloader config file in the image provided.") ++ else: ++ return ++ + if list_entries: + for i in range(len(g.cf.images)): + img = g.cf.images[i] +@@ -723,6 +737,19 @@ def sniff_netware(fs, cfg): + + return cfg + ++def sniff_xen_kernel(fs, cfg): ++ if not cfg["kernel"]: ++ if fs.file_exists('/boot/vmlinuz-xen'): ++ cfg["kernel"] = '/boot/vmlinuz-xen' ++ elif fs.file_exists('/boot/vmlinuz-xenpae'): ++ cfg["kernel"] = '/boot/vmlinuz-xenpae' ++ if cfg["kernel"] and not cfg["ramdisk"]: ++ if fs.file_exists('/boot/initrd-xen'): ++ cfg["ramdisk"] = '/boot/initrd-xen' ++ elif fs.file_exists('/boot/initrd-xenpae'): ++ cfg["ramdisk"] = '/boot/initrd-xenpae' ++ return cfg ++ + def format_sxp(kernel, ramdisk, args): + s = "linux (kernel %s)" % repr(kernel) + if ramdisk: +@@ -806,7 +833,7 @@ if __name__ == "__main__": + debug = False + not_really = False + output_format = "sxp" +- output_directory = "/var/run/xen/pygrub" ++ output_directory = "/var/run/xen" + + # what was passed in + incfg = { "kernel": None, "ramdisk": None, "args": "" } diff --git a/pygrub-handle-one-line-menu-entries.patch b/pygrub-handle-one-line-menu-entries.patch new file mode 100644 index 0000000..0abe62d --- /dev/null +++ b/pygrub-handle-one-line-menu-entries.patch @@ -0,0 +1,59 @@ +References: bsc#978413 + +The parsing code can't handle a single line menu entry. +For example: menuentry 'halt' { halt } +Force it to fall through where it will handle the closing brace. +Also change warning to debug to cut down on verbose output. + +Index: xen-4.13.0-testing/tools/pygrub/src/GrubConf.py +=================================================================== +--- xen-4.13.0-testing.orig/tools/pygrub/src/GrubConf.py ++++ xen-4.13.0-testing/tools/pygrub/src/GrubConf.py +@@ -150,7 +150,7 @@ class GrubImage(_GrubImage): + else: + logging.info("Ignored image directive %s" %(com,)) + else: +- logging.warning("Unknown image directive %s" %(com,)) ++ logging.debug("Unknown image directive %s" %(com,)) + + # now put the line in the list of lines + if replace is None: +@@ -309,7 +309,7 @@ class GrubConfigFile(_GrubConfigFile): + else: + logging.info("Ignored directive %s" %(com,)) + else: +- logging.warning("Unknown directive %s" %(com,)) ++ logging.debug("Unknown directive %s" %(com,)) + + if img: + self.add_image(GrubImage(title, img)) +@@ -343,7 +343,7 @@ class Grub2Image(_GrubImage): + elif com.startswith('set:'): + pass + else: +- logging.warning("Unknown image directive %s" %(com,)) ++ logging.debug("Unknown image directive %s" %(com,)) + + # now put the line in the list of lines + if replace is None: +@@ -408,7 +408,10 @@ class Grub2ConfigFile(_GrubConfigFile): + raise RuntimeError("syntax error: cannot nest menuentry (%d %s)" % (len(img),img)) + img = [] + title = title_match.group(1) +- continue ++ if not l.endswith('}'): ++ continue ++ # One line menuentry, Ex. menuentry 'halt' { halt } ++ l = '}' + + if l.startswith("submenu"): + menu_level += 1 +@@ -447,7 +450,7 @@ class Grub2ConfigFile(_GrubConfigFile): + elif com.startswith('set:'): + pass + else: +- logging.warning("Unknown directive %s" %(com,)) ++ logging.debug("Unknown directive %s" %(com,)) + + if img is not None: + raise RuntimeError("syntax error: end of file with open menuentry(%d %s)" % (len(img),img)) diff --git a/pygrub-netware-xnloader.patch b/pygrub-netware-xnloader.patch new file mode 100644 index 0000000..6ebe69a --- /dev/null +++ b/pygrub-netware-xnloader.patch @@ -0,0 +1,21 @@ +Index: xen-4.13.0-testing/tools/pygrub/src/pygrub +=================================================================== +--- xen-4.13.0-testing.orig/tools/pygrub/src/pygrub ++++ xen-4.13.0-testing/tools/pygrub/src/pygrub +@@ -27,6 +27,7 @@ import xenfsimage + import grub.GrubConf + import grub.LiloConf + import grub.ExtLinuxConf ++import xnloader + + PYGRUB_VER = 0.6 + FS_READ_MAX = 1024 * 1024 +@@ -768,6 +769,8 @@ if __name__ == "__main__": + if len(data) == 0: + os.close(tfd) + del datafile ++ if file_to_read == "/nwserver/xnloader.sys": ++ xnloader.patch_netware_loader(ret) + return ret + try: + os.write(tfd, data) diff --git a/replace-obsolete-network-configuration-commands-in-s.patch b/replace-obsolete-network-configuration-commands-in-s.patch new file mode 100644 index 0000000..58e4c5a --- /dev/null +++ b/replace-obsolete-network-configuration-commands-in-s.patch @@ -0,0 +1,268 @@ +From 5e1e18fde92bae1ae87f78d470e80b1ffc9350d1 Mon Sep 17 00:00:00 2001 +From: Michal Kubecek <mkubecek@suse.cz> +Date: Wed, 26 Jul 2017 10:28:54 +0200 +Subject: [PATCH] replace obsolete network configuration commands in scripts + +Some scripts still use obsolete network configuration commands ifconfig and +brctl. Replace them by commands from iproute2 package. +--- + README | 3 +-- + tools/hotplug/Linux/colo-proxy-setup | 14 ++++++-------- + tools/hotplug/Linux/remus-netbuf-setup | 3 ++- + tools/hotplug/Linux/vif-bridge | 7 ++++--- + tools/hotplug/Linux/vif-nat | 2 +- + tools/hotplug/Linux/vif-route | 6 ++++-- + tools/hotplug/Linux/vif2 | 6 +++--- + tools/hotplug/Linux/xen-network-common.sh | 6 ++---- + .../i386-dm/qemu-ifup-Linux | 5 +++-- + 9 files changed, 26 insertions(+), 26 deletions(-) + +Index: xen-4.13.0-testing/README +=================================================================== +--- xen-4.13.0-testing.orig/README ++++ xen-4.13.0-testing/README +@@ -57,8 +57,7 @@ provided by your OS distributor: + * Development install of GLib v2.0 (e.g. libglib2.0-dev) + * Development install of Pixman (e.g. libpixman-1-dev) + * pkg-config +- * bridge-utils package (/sbin/brctl) +- * iproute package (/sbin/ip) ++ * iproute package (/sbin/ip, /sbin/bridge) + * GNU bison and GNU flex + * GNU gettext + * ACPI ASL compiler (iasl) +Index: xen-4.13.0-testing/tools/hotplug/Linux/colo-proxy-setup +=================================================================== +--- xen-4.13.0-testing.orig/tools/hotplug/Linux/colo-proxy-setup ++++ xen-4.13.0-testing/tools/hotplug/Linux/colo-proxy-setup +@@ -76,10 +76,16 @@ function teardown_primary() + + function setup_secondary() + { +- do_without_error brctl delif $bridge $vifname +- do_without_error brctl addbr $forwardbr +- do_without_error brctl addif $forwardbr $vifname +- do_without_error brctl addif $forwardbr $forwarddev ++ if [ "$legacy_tools" ]; then ++ do_without_error brctl delif $bridge $vifname ++ do_without_error brctl addbr $forwardbr ++ do_without_error brctl addif $forwardbr $vifname ++ do_without_error brctl addif $forwardbr $forwarddev ++ else ++ do_without_error ip link add "$forwardbr" type bridge ++ do_without_error ip link set "$vifname" master "$forwardbr" ++ do_without_error ip link set "$forwarddev" master "$forwardbr" ++ fi + do_without_error ip link set dev $forwardbr up + do_without_error modprobe xt_SECCOLO + +@@ -91,10 +97,16 @@ function setup_secondary() + + function teardown_secondary() + { +- do_without_error brctl delif $forwardbr $forwarddev +- do_without_error brctl delif $forwardbr $vifname +- do_without_error brctl delbr $forwardbr +- do_without_error brctl addif $bridge $vifname ++ if [ "$legacy_tools" ]; then ++ do_without_error brctl delif $forwardbr $forwarddev ++ do_without_error brctl delif $forwardbr $vifname ++ do_without_error brctl delbr $forwardbr ++ do_without_error brctl addif $bridge $vifname ++ else ++ do_without_error ip link set "$forwarddev" nomaster ++ do_without_error ip link set "$vifname" master "$bridge" ++ do_without_error ip link del "$forwardbr" ++ fi + + do_without_error iptables -t mangle -D PREROUTING -m physdev --physdev-in \ + $vifname -j SECCOLO --index $index +Index: xen-4.13.0-testing/tools/hotplug/Linux/remus-netbuf-setup +=================================================================== +--- xen-4.13.0-testing.orig/tools/hotplug/Linux/remus-netbuf-setup ++++ xen-4.13.0-testing/tools/hotplug/Linux/remus-netbuf-setup +@@ -76,6 +76,7 @@ + #specific setup code such as renaming. + dir=$(dirname "$0") + . "$dir/xen-hotplug-common.sh" ++. "$dir/xen-network-common.sh" + + findCommand "$@" + +@@ -139,8 +140,16 @@ check_ifb() { + + setup_ifb() { + +- for ifb in `ifconfig -a -s|egrep ^ifb|cut -d ' ' -f1` ++ if [ "$legacy_tools" ]; then ++ ifbs=`ifconfig -a -s|egrep ^ifb|cut -d ' ' -f1` ++ else ++ ifbs=$(ip --oneline link show type ifb | cut -d ' ' -f2) ++ fi ++ for ifb in $ifbs + do ++ if [ ! "$legacy_tools" ]; then ++ ifb="${ifb%:}" ++ fi + check_ifb "$ifb" || continue + REMUS_IFB="$ifb" + break +Index: xen-4.13.0-testing/tools/hotplug/Linux/vif-bridge +=================================================================== +--- xen-4.13.0-testing.orig/tools/hotplug/Linux/vif-bridge ++++ xen-4.13.0-testing/tools/hotplug/Linux/vif-bridge +@@ -40,7 +40,12 @@ bridge=$(xenstore_read_default "$XENBUS_ + + if [ -z "$bridge" ] + then +- bridge=$(brctl show | awk 'NR==2{print$1}') ++ if [ "$legacy_tools" ]; then ++ bridge=$(brctl show | awk 'NR==2{print$1}') ++ else ++ bridge=$(ip --oneline link show type bridge | awk '(NR == 1) { print $2; }') ++ bridge="${bridge%:}" ++ fi + + if [ -z "$bridge" ] + then +@@ -89,8 +94,13 @@ case "$command" in + ;; + + offline) +- do_without_error brctl delif "$bridge" "$dev" +- do_without_error ifconfig "$dev" down ++ if [ "$legacy_tools" ]; then ++ do_without_error brctl delif "$bridge" "$dev" ++ do_without_error ifconfig "$dev" down ++ else ++ do_without_error ip link set "$dev" nomaster ++ do_without_error ip link set "$dev" down ++ fi + ;; + + add) +Index: xen-4.13.0-testing/tools/hotplug/Linux/vif-nat +=================================================================== +--- xen-4.13.0-testing.orig/tools/hotplug/Linux/vif-nat ++++ xen-4.13.0-testing/tools/hotplug/Linux/vif-nat +@@ -174,7 +174,11 @@ case "$command" in + ;; + offline) + [ "$dhcp" != 'no' ] && dhcp_down +- do_without_error ifconfig "${dev}" down ++ if [ "$legacy_tools" ]; then ++ do_without_error ifconfig "${dev}" down ++ else ++ do_without_error ip link set "${dev}" down ++ fi + ;; + esac + +Index: xen-4.13.0-testing/tools/hotplug/Linux/vif-route +=================================================================== +--- xen-4.13.0-testing.orig/tools/hotplug/Linux/vif-route ++++ xen-4.13.0-testing/tools/hotplug/Linux/vif-route +@@ -25,7 +25,12 @@ case "${command}" in + add) + ;& + online) +- ifconfig ${dev} ${main_ip} netmask 255.255.255.255 up ++ if [ "$legacy_tools" ]; then ++ ifconfig ${dev} ${main_ip} netmask 255.255.255.255 up ++ else ++ ip addr add "${main_ip}/32" dev "$dev" ++ fi ++ ip link set "dev" up + echo 1 >/proc/sys/net/ipv4/conf/${dev}/proxy_arp + ipcmd='add' + cmdprefix='' +@@ -33,7 +38,12 @@ case "${command}" in + remove) + ;& + offline) +- do_without_error ifdown ${dev} ++ if [ "$legacy_tools" ]; then ++ do_without_error ifdown ${dev} ++ else ++ do_without_error ip addr flush dev "$dev" ++ do_without_error ip link set "$dev" down ++ fi + ipcmd='del' + cmdprefix='do_without_error' + ;; +Index: xen-4.13.0-testing/tools/hotplug/Linux/vif2 +=================================================================== +--- xen-4.13.0-testing.orig/tools/hotplug/Linux/vif2 ++++ xen-4.13.0-testing/tools/hotplug/Linux/vif2 +@@ -7,13 +7,22 @@ dir=$(dirname "$0") + bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge") + if [ -z "$bridge" ] + then +- nr_bridges=$(($(brctl show | cut -f 1 | grep -v "^$" | wc -l) - 1)) ++ if [ "$legacy_tools" ]; then ++ nr_bridges=$(($(brctl show | cut -f 1 | grep -v "^$" | wc -l) - 1)) ++ else ++ nr_bridges=$(ip --oneline link show type bridge | wc -l) ++ fi + if [ "$nr_bridges" != 1 ] + then + fatal "no bridge specified, and don't know which one to use ($nr_bridges found)" + fi +- bridge=$(brctl show | cut -d " ++ if [ "$legacy_tools" ]; then ++ bridge=$(brctl show | cut -d " + " -f 2 | cut -f 1) ++ else ++ bridge=$(ip --oneline link show type bridge | head -1 | cut -d ' ' -f2) ++ bridge="${bridge%:}" ++ fi + fi + + command="$1" +Index: xen-4.13.0-testing/tools/hotplug/Linux/xen-network-common.sh +=================================================================== +--- xen-4.13.0-testing.orig/tools/hotplug/Linux/xen-network-common.sh ++++ xen-4.13.0-testing/tools/hotplug/Linux/xen-network-common.sh +@@ -15,6 +15,12 @@ + # + + ++# Use brctl and ifconfig on older systems ++legacy_tools= ++if [ -f /sbin/brctl -a -f /sbin/ifconfig ]; then ++ legacy_tools="true" ++fi ++ + # Gentoo doesn't have ifup/ifdown, so we define appropriate alternatives. + + # Other platforms just use ifup / ifdown directly. +@@ -111,9 +117,13 @@ create_bridge () { + + # Don't create the bridge if it already exists. + if [ ! -e "/sys/class/net/${bridge}/bridge" ]; then +- brctl addbr ${bridge} +- brctl stp ${bridge} off +- brctl setfd ${bridge} 0 ++ if [ "$legacy_tools" ]; then ++ brctl addbr ${bridge} ++ brctl stp ${bridge} off ++ brctl setfd ${bridge} 0 ++ else ++ ip link add "$bridge" type bridge stp_state 0 forward_delay 0 ++ fi + fi + } + +@@ -127,7 +137,11 @@ add_to_bridge () { + ip link set dev ${dev} up || true + return + fi +- brctl addif ${bridge} ${dev} ++ if [ "$legacy_tools" ]; then ++ brctl addif ${bridge} ${dev} ++ else ++ ip link set "$dev" master "$bridge" ++ fi + ip link set dev ${dev} up + } + diff --git a/reproducible.patch b/reproducible.patch new file mode 100644 index 0000000..2a8f758 --- /dev/null +++ b/reproducible.patch @@ -0,0 +1,44 @@ +commit e4c8f21e198e739e279b274c17e9246ea9a6d8e5 +Author: Bernhard M. Wiedemann <bwiedemann@suse.de> +Date: Wed Oct 24 09:50:26 2018 +0200 + + x86/efi: Do not insert timestamps in efi files + + in order to make builds reproducible. + See https://reproducible-builds.org/ for why this is good. + + We only add the option, if ld understands it. + + Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de> + +Index: xen-4.13.0-testing/Config.mk +=================================================================== +--- xen-4.13.0-testing.orig/Config.mk ++++ xen-4.13.0-testing/Config.mk +@@ -151,6 +151,14 @@ export XEN_HAS_BUILD_ID=y + build_id_linker := --build-id=sha1 + endif + ++ld-ver-timestamp = $(shell $(1) -mi386pep --no-insert-timestamp 2>&1 | \ ++ grep -q no-insert-timestamp && echo n || echo y) ++ifeq ($(call ld-ver-timestamp,$(LD)),n) ++ld_no_insert_timestamp := ++else ++ld_no_insert_timestamp := --no-insert-timestamp ++endif ++ + ifndef XEN_HAS_CHECKPOLICY + CHECKPOLICY ?= checkpolicy + XEN_HAS_CHECKPOLICY := $(shell $(CHECKPOLICY) -h 2>&1 | grep -q xen && echo y || echo n) +Index: xen-4.13.0-testing/xen/arch/x86/Makefile +=================================================================== +--- xen-4.13.0-testing.orig/xen/arch/x86/Makefile ++++ xen-4.13.0-testing/xen/arch/x86/Makefile +@@ -164,6 +164,7 @@ note.o: $(TARGET)-syms + + EFI_LDFLAGS = $(patsubst -m%,-mi386pep,$(LDFLAGS)) --subsystem=10 + EFI_LDFLAGS += --image-base=$(1) --stack=0,0 --heap=0,0 --strip-debug ++EFI_LDFLAGS += $(ld_no_insert_timestamp) + EFI_LDFLAGS += --section-alignment=0x200000 --file-alignment=0x20 + EFI_LDFLAGS += --major-image-version=$(XEN_VERSION) + EFI_LDFLAGS += --minor-image-version=$(XEN_SUBVERSION) @@ -0,0 +1,5 @@ +1b0d5cb7aba39268a01fd3c41f053cfb ipxe.tar.bz2 +e2ab153686cc35e2ffc1864497039505 mini-os.tar.bz2 +bcccb59d2722b9dde95714847866a1e7 stubdom.tar.bz2 +70b1bb4c4183e30c6b1145feadaf4e3b xen-4.13.1-testing-src.tar.bz2 +0c863543aa9909f5660d63aa7c28efed xen-utils-0.1.tar.bz2 diff --git a/stdvga-cache.patch b/stdvga-cache.patch new file mode 100644 index 0000000..e4a0f1f --- /dev/null +++ b/stdvga-cache.patch @@ -0,0 +1,16 @@ +Index: xen-4.9.0-testing/xen/arch/x86/hvm/stdvga.c +=================================================================== +--- xen-4.9.0-testing.orig/xen/arch/x86/hvm/stdvga.c ++++ xen-4.9.0-testing/xen/arch/x86/hvm/stdvga.c +@@ -166,7 +166,10 @@ static int stdvga_outb(uint64_t addr, ui + + /* When in standard vga mode, emulate here all writes to the vram buffer + * so we can immediately satisfy reads without waiting for qemu. */ +- s->stdvga = (s->sr[7] == 0x00); ++ s->stdvga = ++ (s->sr[7] == 0x00) && /* standard vga mode */ ++ (s->gr[6] == 0x05); /* misc graphics register w/ MemoryMapSelect=1 ++ * 0xa0000-0xaffff (64k region), AlphaDis=1 */ + + if ( !prev_stdvga && s->stdvga ) + { diff --git a/stubdom-have-iovec.patch b/stubdom-have-iovec.patch new file mode 100644 index 0000000..6204a7e --- /dev/null +++ b/stubdom-have-iovec.patch @@ -0,0 +1,26 @@ +Because of commit 76eb7cef6b84ca804f4db340e23ad9c501767c32 +xc_private.h now contains a definition of iovec. This conflicts +when building qemu traditional xen_platform.c which includes +hw.h which includes qemu-common.h which already has a definition +of iovec +Index: xen-4.12.0-testing/tools/libxc/xc_private.h +=================================================================== +--- xen-4.12.0-testing.orig/tools/libxc/xc_private.h ++++ xen-4.12.0-testing/tools/libxc/xc_private.h +@@ -50,6 +50,8 @@ + #endif + + #if defined(__MINIOS__) ++#ifndef HAVE_IOVEC ++#define HAVE_IOVEC + /* + * MiniOS's libc doesn't know about sys/uio.h or writev(). + * Declare enough of sys/uio.h to compile. +@@ -58,6 +60,7 @@ struct iovec { + void *iov_base; + size_t iov_len; + }; ++#endif + #else + #include <sys/uio.h> + #endif diff --git a/suse-xendomains-service.patch b/suse-xendomains-service.patch new file mode 100644 index 0000000..ae8cd82 --- /dev/null +++ b/suse-xendomains-service.patch @@ -0,0 +1,20 @@ +xendomains: remove libvirtd conflict + +Conflicting with libvirtd is fine for upstream, where xl/libxl is king. +But down the SUSE stream, we promote libvirt and all the libvirt-based +tools. If a user installs libvirt on their SUSE Xen host, then libvirt +should be king and override xendomains. + +bsc#1015348 +Index: xen-4.8.0-testing/tools/hotplug/Linux/systemd/xendomains.service.in +=================================================================== +--- xen-4.8.0-testing.orig/tools/hotplug/Linux/systemd/xendomains.service.in ++++ xen-4.8.0-testing/tools/hotplug/Linux/systemd/xendomains.service.in +@@ -5,7 +5,6 @@ After=proc-xen.mount xenstored.service x + After=network-online.target + After=remote-fs.target + ConditionPathExists=/proc/xen/capabilities +-Conflicts=libvirtd.service + + [Service] + Type=oneshot diff --git a/suspend_evtchn_lock.patch b/suspend_evtchn_lock.patch new file mode 100644 index 0000000..e2ed442 --- /dev/null +++ b/suspend_evtchn_lock.patch @@ -0,0 +1,78 @@ +Fix problems that suspend eventchannel lock file might be obselete for some reason +like segment fault or other abnormal exit, and once obselete lock file exists, +it might affact latter save process. +Have discussed with upstream, for some reason not accepted. +http://xen.1045712.n5.nabble.com/Re-PATCH-improve-suspend-evtchn-lock-processing-td3395229.html + +Signed-off-by: Chunyan Liu <cyliu@suse.com> + +Index: xen-4.10.0-testing/tools/libxc/xc_suspend.c +=================================================================== +--- xen-4.10.0-testing.orig/tools/libxc/xc_suspend.c ++++ xen-4.10.0-testing/tools/libxc/xc_suspend.c +@@ -20,6 +20,10 @@ + + #include "xc_private.h" + #include "xenguest.h" ++#include <signal.h> ++#ifdef __MINIOS__ ++extern int kill (__pid_t __pid, int __sig); ++#endif + + #define SUSPEND_LOCK_FILE XEN_RUN_DIR "/suspend-evtchn-%d.lock" + +@@ -35,6 +39,37 @@ + + #define SUSPEND_FILE_BUFLEN (sizeof(SUSPEND_LOCK_FILE) + 10) + ++/* cleanup obsolete suspend lock file which is unlinked for any reason, ++so that current process can get lock */ ++static void clean_obsolete_lock(int domid) ++{ ++ int fd, pid, n; ++ char buf[128]; ++ char suspend_file[256]; ++ ++ snprintf(suspend_file, sizeof(suspend_file), "%s_%d_lock.d", ++ SUSPEND_LOCK_FILE, domid); ++ fd = open(suspend_file, O_RDWR); ++ ++ if (fd < 0) ++ return; ++ ++ n = read(fd, buf, 127); ++ ++ close(fd); ++ ++ if (n > 0) ++ { ++ sscanf(buf, "%d", &pid); ++ /* pid does not exist, this lock file is obsolete, just delete it */ ++ if ( kill(pid,0) ) ++ { ++ unlink(suspend_file); ++ return; ++ } ++ } ++} ++ + static void get_suspend_file(char buf[], uint32_t domid) + { + snprintf(buf, SUSPEND_FILE_BUFLEN, SUSPEND_LOCK_FILE, domid); +@@ -48,6 +83,7 @@ static int lock_suspend_event(xc_interfa + struct flock fl; + + get_suspend_file(suspend_file, domid); ++ clean_obsolete_lock(domid); + + *lockfd = -1; + +@@ -97,6 +133,8 @@ static int lock_suspend_event(xc_interfa + if (fd >= 0) + close(fd); + ++ unlink(suspend_file); ++ + return -1; + } + diff --git a/sysconfig.pciback b/sysconfig.pciback new file mode 100644 index 0000000..90ef943 --- /dev/null +++ b/sysconfig.pciback @@ -0,0 +1,9 @@ +## Path: System/Virtualization +## Type: string +## Default: "" +# +# Space delimited list of PCI devices to late bind to pciback +# Format: <driver>,<PCI ID> +# +#XEN_PCI_HIDE_LIST="e1000,0000:0b:00.0 e1000,0000:0b:00.1" +XEN_PCI_HIDE_LIST="" diff --git a/tmp_build.patch b/tmp_build.patch new file mode 100644 index 0000000..fc2b287 --- /dev/null +++ b/tmp_build.patch @@ -0,0 +1,42 @@ +Note: During the make process we can't have both xenstore and +domu-xenstore linking the sub command files from /usr/bin. + +For example, +xen-tools: /usr/bin/xenstore-ls -> xenstore +xen-tools-domU: /usr/bin/xenstore-ls -> domu-xenstore + +The last thing to create this link overwrites the previous link +and breaks the packaging. For this reason this patch puts domu-xenstore +with its links in /bin so as to not interfere with the regular xenstore +links. + +--- + tools/xenstore/Makefile | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +Index: xen-4.11.1-testing/tools/xenstore/Makefile +=================================================================== +--- xen-4.11.1-testing.orig/tools/xenstore/Makefile ++++ xen-4.11.1-testing/tools/xenstore/Makefile +@@ -93,6 +93,7 @@ $(CLIENTS_DOMU): xenstore + + xenstore: xenstore_client.o $(LIBXENSTORE) + $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS) ++ $(CC) $< $(CFLAGS) $(LDFLAGS) -Wl,--build-id=sha1 -L. -lxenstore $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o domu-$@ + + xenstore-control: xenstore_control.o $(LIBXENSTORE) + $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS) +@@ -172,10 +173,11 @@ endif + $(INSTALL_PROG) xenstore-control $(DESTDIR)$(bindir) + $(INSTALL_PROG) xenstore $(DESTDIR)$(bindir) + set -e ; for c in $(CLIENTS) ; do \ +- ln -f $(DESTDIR)$(bindir)/xenstore $(DESTDIR)$(bindir)/$${c} ; \ ++ ln -fs xenstore $(DESTDIR)$(bindir)/$${c} ; \ + done ++ $(INSTALL_PROG) domu-xenstore $(DESTDIR)/bin + for client in $(CLIENTS_DOMU); do \ +- $(INSTALL_PROG) $$client $(DESTDIR)$(bindir)/$${client/domu-}; \ ++ ln -fs domu-xenstore $(DESTDIR)/bin/$${client/domu-} ; \ + done + $(INSTALL_DIR) $(DESTDIR)$(libdir) + $(INSTALL_SHLIB) libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir) diff --git a/vif-bridge-no-iptables.patch b/vif-bridge-no-iptables.patch new file mode 100644 index 0000000..b3dffc2 --- /dev/null +++ b/vif-bridge-no-iptables.patch @@ -0,0 +1,13 @@ +Index: xen-4.5.0-testing/tools/hotplug/Linux/vif-bridge +=================================================================== +--- xen-4.5.0-testing.orig/tools/hotplug/Linux/vif-bridge ++++ xen-4.5.0-testing/tools/hotplug/Linux/vif-bridge +@@ -93,7 +93,7 @@ case "$command" in + ;; + esac + +-handle_iptable ++#handle_iptable + + call_hooks vif post + diff --git a/vif-bridge-tap-fix.patch b/vif-bridge-tap-fix.patch new file mode 100644 index 0000000..b4ad2ec --- /dev/null +++ b/vif-bridge-tap-fix.patch @@ -0,0 +1,30 @@ +# HG changeset patch +# User Jim Fehlig <jfehlig@suse.com> +# Date 1319581952 21600 +# Node ID 74da2a3a1db1476d627f42e4a99e9e720cc6774d +# Parent 6c583d35d76dda2236c81d9437ff9d57ab02c006 +Prevent vif-bridge from adding user-created tap interfaces to a bridge + +Exit vif-bridge script if there is no device info in xenstore, preventing +it from adding user-created taps to bridges. + + Signed-off-by: Jim Fehlig <jfehlig@suse.com> + +Index: xen-4.5.0-testing/tools/hotplug/Linux/vif-bridge +=================================================================== +--- xen-4.5.0-testing.orig/tools/hotplug/Linux/vif-bridge ++++ xen-4.5.0-testing/tools/hotplug/Linux/vif-bridge +@@ -28,6 +28,13 @@ + dir=$(dirname "$0") + . "$dir/vif-common.sh" + ++mac=$(xenstore_read_default "$XENBUS_PATH/mac" "") ++if [ -z "$mac" ] ++then ++ log debug "No device details in $XENBUS_PATH, exiting." ++ exit 0 ++fi ++ + bridge=${bridge:-} + bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge") + diff --git a/vif-route.patch b/vif-route.patch new file mode 100644 index 0000000..28fda9d --- /dev/null +++ b/vif-route.patch @@ -0,0 +1,25 @@ +References: bsc#985503 + +Index: xen-4.13.0-testing/tools/hotplug/Linux/vif-route +=================================================================== +--- xen-4.13.0-testing.orig/tools/hotplug/Linux/vif-route ++++ xen-4.13.0-testing/tools/hotplug/Linux/vif-route +@@ -61,11 +61,13 @@ case "${type_if}" in + ;; + esac + +-# If we've been given a list of IP addresses, then add routes from dom0 to +-# the guest using those addresses. +-for addr in ${ip} ; do +- ${cmdprefix} ip route ${ipcmd} ${addr} dev ${dev} src ${main_ip} metric ${metric} +-done ++if [ "${ip}" ] && [ "${ipcmd}" ] ; then ++ # If we've been given a list of IP addresses, then add routes from dom0 to ++ # the guest using those addresses. ++ for addr in ${ip} ; do ++ ${cmdprefix} ip route ${ipcmd} ${addr} dev ${dev} src ${main_ip} metric ${metric} ++ done ++fi + + handle_iptable + diff --git a/x86-cpufreq-report.patch b/x86-cpufreq-report.patch new file mode 100644 index 0000000..018e8a0 --- /dev/null +++ b/x86-cpufreq-report.patch @@ -0,0 +1,84 @@ +Index: xen-4.12.0-testing/xen/arch/x86/platform_hypercall.c +=================================================================== +--- xen-4.12.0-testing.orig/xen/arch/x86/platform_hypercall.c ++++ xen-4.12.0-testing/xen/arch/x86/platform_hypercall.c +@@ -25,7 +25,7 @@ + #include <xen/symbols.h> + #include <asm/current.h> + #include <public/platform.h> +-#include <acpi/cpufreq/processor_perf.h> ++#include <acpi/cpufreq/cpufreq.h> + #include <asm/edd.h> + #include <asm/mtrr.h> + #include <asm/io_apic.h> +@@ -807,6 +807,41 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PA + ret = -EFAULT; + } + break; ++ ++ case XENPF_get_cpu_freq: ++ case XENPF_get_cpu_freq_min: ++ case XENPF_get_cpu_freq_max: ++ { ++ struct vcpu *v; ++ const struct cpufreq_policy *policy; ++ ++ if ( op->u.get_cpu_freq.vcpu >= current->domain->max_vcpus || ++ !(v = current->domain->vcpu[op->u.get_cpu_freq.vcpu]) ) ++ { ++ ret = -EINVAL; ++ break; ++ } ++ ++ policy = per_cpu(cpufreq_cpu_policy, v->processor); ++ switch ( op->cmd & -!!policy ) ++ { ++ case XENPF_get_cpu_freq: ++ op->u.get_cpu_freq.freq = policy->cur; ++ break; ++ case XENPF_get_cpu_freq_min: ++ op->u.get_cpu_freq.freq = policy->min; ++ break; ++ case XENPF_get_cpu_freq_max: ++ op->u.get_cpu_freq.freq = policy->max; ++ break; ++ default: ++ op->u.get_cpu_freq.freq = 0; ++ break; ++ } ++ if ( __copy_field_to_guest(u_xenpf_op, op, u.get_cpu_freq.freq) ) ++ ret = -EFAULT; ++ } ++ break; + + default: + ret = -ENOSYS; +Index: xen-4.12.0-testing/xen/include/public/platform.h +=================================================================== +--- xen-4.12.0-testing.orig/xen/include/public/platform.h ++++ xen-4.12.0-testing/xen/include/public/platform.h +@@ -553,6 +553,16 @@ struct xenpf_core_parking { + typedef struct xenpf_core_parking xenpf_core_parking_t; + DEFINE_XEN_GUEST_HANDLE(xenpf_core_parking_t); + ++#define XENPF_get_cpu_freq ('N' << 24) ++#define XENPF_get_cpu_freq_min (XENPF_get_cpu_freq + 1) ++#define XENPF_get_cpu_freq_max (XENPF_get_cpu_freq_min + 1) ++struct xenpf_get_cpu_freq { ++ /* IN variables */ ++ uint32_t vcpu; ++ /* OUT variables */ ++ uint32_t freq; /* in kHz */ ++}; ++ + /* + * Access generic platform resources(e.g., accessing MSR, port I/O, etc) + * in unified way. Batch resource operations in one call are supported and +@@ -644,6 +654,7 @@ struct xen_platform_op { + struct xenpf_core_parking core_parking; + struct xenpf_resource_op resource_op; + struct xenpf_symdata symdata; ++ struct xenpf_get_cpu_freq get_cpu_freq; + uint8_t pad[128]; + } u; + }; diff --git a/x86-ioapic-ack-default.patch b/x86-ioapic-ack-default.patch new file mode 100644 index 0000000..8ae0ac5 --- /dev/null +++ b/x86-ioapic-ack-default.patch @@ -0,0 +1,18 @@ +Change default IO-APIC ack mode for single IO-APIC systems to old-style. + +Index: xen-4.13.0-testing/xen/arch/x86/io_apic.c +=================================================================== +--- xen-4.13.0-testing.orig/xen/arch/x86/io_apic.c ++++ xen-4.13.0-testing/xen/arch/x86/io_apic.c +@@ -2029,7 +2029,10 @@ void __init setup_IO_APIC(void) + io_apic_irqs = ~PIC_IRQS; + + printk("ENABLING IO-APIC IRQs\n"); +- printk(" -> Using %s ACK method\n", ioapic_ack_new ? "new" : "old"); ++ if (!directed_eoi_enabled && !ioapic_ack_forced) { ++ ioapic_ack_new = (nr_ioapics > 1); ++ printk(" -> Using %s ACK method\n", ioapic_ack_new ? "new" : "old"); ++ } + + if (ioapic_ack_new) { + ioapic_level_type.ack = irq_complete_move; diff --git a/xen-arch-kconfig-nr_cpus.patch b/xen-arch-kconfig-nr_cpus.patch new file mode 100644 index 0000000..3f2ed78 --- /dev/null +++ b/xen-arch-kconfig-nr_cpus.patch @@ -0,0 +1,13 @@ +Index: xen-4.12.0-testing/xen/arch/Kconfig +=================================================================== +--- xen-4.12.0-testing.orig/xen/arch/Kconfig ++++ xen-4.12.0-testing/xen/arch/Kconfig +@@ -2,7 +2,7 @@ + config NR_CPUS + int "Maximum number of physical CPUs" + range 1 4095 +- default "256" if X86 ++ default "1024" if X86 + default "8" if ARM && RCAR3 + default "4" if ARM && QEMU + default "4" if ARM && MPSOC diff --git a/xen-destdir.patch b/xen-destdir.patch new file mode 100644 index 0000000..4fb1ed9 --- /dev/null +++ b/xen-destdir.patch @@ -0,0 +1,57 @@ +Index: xen-4.11.0-testing/tools/xenstore/Makefile +=================================================================== +--- xen-4.11.0-testing.orig/tools/xenstore/Makefile ++++ xen-4.11.0-testing/tools/xenstore/Makefile +@@ -20,6 +20,7 @@ LDFLAGS += $(LDFLAGS-y) + + CLIENTS := xenstore-exists xenstore-list xenstore-read xenstore-rm xenstore-chmod + CLIENTS += xenstore-write xenstore-ls xenstore-watch ++CLIENTS_DOMU := $(patsubst xenstore-%,domu-xenstore-%,$(CLIENTS)) + + XENSTORED_OBJS = xenstored_core.o xenstored_watch.o xenstored_domain.o + XENSTORED_OBJS += xenstored_transaction.o xenstored_control.o +@@ -57,7 +58,7 @@ endif + all: $(ALL_TARGETS) + + .PHONY: clients +-clients: xenstore $(CLIENTS) xenstore-control ++clients: xenstore $(CLIENTS) $(CLIENTS_DOMU) xenstore-control + + ifeq ($(CONFIG_SunOS),y) + xenstored_probes.h: xenstored_probes.d +@@ -87,6 +88,9 @@ xenstored.a: $(XENSTORED_OBJS) + $(CLIENTS): xenstore + ln -f xenstore $@ + ++$(CLIENTS_DOMU): xenstore ++ ln -f xenstore $@ ++ + xenstore: xenstore_client.o $(LIBXENSTORE) + $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS) + +@@ -139,7 +143,7 @@ clean: + rm -f *.a *.o *.opic *.so* xenstored_probes.h + rm -f xenstored xs_random xs_stress xs_crashme + rm -f xs_tdb_dump xenstore-control init-xenstore-domain +- rm -f xenstore $(CLIENTS) ++ rm -f xenstore $(CLIENTS) $(CLIENTS_DOMU) + rm -f xenstore.pc + $(RM) $(DEPS_RM) + +@@ -163,12 +167,16 @@ ifeq ($(XENSTORE_XENSTORED),y) + $(INSTALL_DIR) $(DESTDIR)$(sbindir) + $(INSTALL_DIR) $(DESTDIR)$(XEN_LIB_STORED) + $(INSTALL_PROG) xenstored $(DESTDIR)$(sbindir) ++ $(INSTALL_DIR) $(DESTDIR)/bin + endif + $(INSTALL_PROG) xenstore-control $(DESTDIR)$(bindir) + $(INSTALL_PROG) xenstore $(DESTDIR)$(bindir) + set -e ; for c in $(CLIENTS) ; do \ + ln -f $(DESTDIR)$(bindir)/xenstore $(DESTDIR)$(bindir)/$${c} ; \ + done ++ for client in $(CLIENTS_DOMU); do \ ++ $(INSTALL_PROG) $$client $(DESTDIR)$(bindir)/$${client/domu-}; \ ++ done + $(INSTALL_DIR) $(DESTDIR)$(libdir) + $(INSTALL_SHLIB) libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir) + ln -sf libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenstore.so.$(MAJOR) diff --git a/xen-dom0-modules.service b/xen-dom0-modules.service new file mode 100644 index 0000000..aa5002c --- /dev/null +++ b/xen-dom0-modules.service @@ -0,0 +1,16 @@ +[Unit] +Description=Load dom0 backend drivers +ConditionPathExists=/proc/xen +Before=xenstored.service xen-watchdog.service + +[Install] +WantedBy=multi-user.target + +[Service] +Type=oneshot +RemainAfterExit=true +Environment=PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin +# dummy to have always one valid line +ExecStart=-/usr/bin/env uname -a +# modules listed in /usr/lib/modules.d/xen.conf +# load them manually to avoid usage of system-modules-load.service diff --git a/xen-supportconfig b/xen-supportconfig new file mode 100644 index 0000000..4d8c4ec --- /dev/null +++ b/xen-supportconfig @@ -0,0 +1,106 @@ +#!/bin/bash +############################################################# +# Name: Supportconfig Plugin for Xen +# Description: Gathers important troubleshooting information +# about Xen and its tools +# Author: Jim Fehlig <jfehlig@suse.com> +############################################################# + +# TODO: +# - Anything needed for UEFI? +# + +RCFILE="/usr/lib/supportconfig/resources/scplugin.rc" + +GRUB2_CONF_FILES="/etc/default/grub" +XEN_CONF_FILES="/etc/xen/xl.conf /etc/sysconfig/xencommons /etc/sysconfig/xendomains" +XEN_SERVICES="xencommons xendomains xen-watchdog" +VM_CONF_FILES="" +XEN_LOG_FILES="" + +if [ -s $RCFILE ]; then + if ! source $RCFILE; then + echo "ERROR: Initializing resource file: $RCFILE" >&2 + exit 1 + fi +fi + +rpm_verify() { + thisrpm="$1" + local ret=0 + + echo + echo "#==[ Validating RPM ]=================================#" + if rpm -q "$thisrpm" >/dev/null 2>&1; then + echo "# rpm -V $thisrpm" + + if rpm -V "$thisrpm"; then + echo "Status: Passed" + else + echo "Status: WARNING" + fi + else + echo "package $thisrpm is not installed" + ret=1 + fi + echo + return $ret +} + +# if no xen package we are done +if ! rpm_verify xen; then + echo "Skipped" + exit 0 +fi + +# if not a xen host (dom0) we are done +echo "#==[ Checking if booted Xen ]=================================#" +if [ ! -d /proc/xen ] || [ ! -e /proc/xen/capabilities ] || [ `cat /proc/xen/capabilities` != "control_d" ]; then + echo "No" + echo "Skipped" + exit 0 +else + echo "Yes" + echo +fi + +# basic system information: +plugin_command "uname -r" +for service in $XEN_SERVICES; do + plugin_command "systemctl status $service" + plugin_command "systemctl is-enabled $service" +done +plugin_command "lscpu" +plugin_command "xl info --numa" +plugin_command "xl list" +plugin_command "xl pci-assignable-list" +plugin_command "xenstore-ls" +plugin_command "ps -ef | grep xen" +# dump grub2-related conf files +pconf_files "$GRUB2_CONF_FILES" +# dump Xen-related conf files +pconf_files "$XEN_CONF_FILES" + +# detailed system info: +plugin_command "xl list --long" +plugin_command "xl dmesg" +# network-related info often useful for debugging +if [ systemctl is-enabled NetworkManager.service 2>&1 > /dev/null ]; then + echo "NOTE: NetworkManager should not be enabled on a Xen host" +fi +plugin_command "route -n" +plugin_command "arp -v" +plugin_command "ip link show type bridge" +plugin_command "bridge link show" +# list contents of common config and image directories +plugin_command "ls -alR /etc/xen/vm/" +plugin_command "ls -alR /etc/xen/auto/" +plugin_command "ls -alR /var/lib/xen/images/" +# dump VM-related conf files +test -d /etc/xen/vm && VM_CONF_FILES=$(find -L /etc/xen/vm/ -type f | sort) +pconf_files "$VM_CONF_FILES" +# dump log files +test -d /var/log/xen && XEN_LOG_FILES="$(find -L /var/log/xen/ -type f | grep 'log$' | sort)" +plog_files 0 "$XEN_LOG_FILES" + +echo "Done" diff --git a/xen.bug1026236.suse_vtsc_tolerance.patch b/xen.bug1026236.suse_vtsc_tolerance.patch new file mode 100644 index 0000000..17c8b68 --- /dev/null +++ b/xen.bug1026236.suse_vtsc_tolerance.patch @@ -0,0 +1,58 @@ +suse_vtsc_tolerance=<val> +Reference: bsc#1026236 + +To avoid emulation of vTSC after live migration or save/restore allow +different clock frequency up to the specified value. If the frequency +is within the allowed range TSC access by the domU will be performed +at native speed. Otherwise TSC access will be emulated. It is up to +the hostadmin to decide how much tolerance all running domUs can +actually handle. The default is zero tolerance. + +--- a/xen/arch/x86/time.c ++++ b/xen/arch/x86/time.c +@@ -43,6 +43,9 @@ + static char __initdata opt_clocksource[10]; + string_param("clocksource", opt_clocksource); + ++static unsigned int __read_mostly opt_suse_vtsc_tolerance; ++integer_param("suse_vtsc_tolerance", opt_suse_vtsc_tolerance); ++ + unsigned long __read_mostly cpu_khz; /* CPU clock frequency in kHz. */ + DEFINE_SPINLOCK(rtc_lock); + unsigned long pit0_ticks; +@@ -2226,6 +2229,7 @@ int tsc_set_info(struct domain *d, + + switch ( tsc_mode ) + { ++ bool disable_vtsc; + case TSC_MODE_DEFAULT: + case TSC_MODE_ALWAYS_EMULATE: + d->arch.vtsc_offset = get_s_time() - elapsed_nsec; +@@ -2239,8 +2243,26 @@ int tsc_set_info(struct domain *d, + * When a guest is created, gtsc_khz is passed in as zero, making + * d->arch.tsc_khz == cpu_khz. Thus no need to check incarnation. + */ ++ disable_vtsc = d->arch.tsc_khz == cpu_khz; ++ ++ if ( tsc_mode == TSC_MODE_DEFAULT && gtsc_khz && ++ is_hvm_domain(d) && opt_suse_vtsc_tolerance ) ++ { ++ long khz_diff; ++ ++ khz_diff = ABS(((long)cpu_khz - gtsc_khz)); ++ disable_vtsc = khz_diff <= opt_suse_vtsc_tolerance; ++ ++ printk(XENLOG_G_INFO "d%d: host has %lu kHz," ++ " domU expects %u kHz," ++ " difference of %ld is %s tolerance of %u\n", ++ d->domain_id, cpu_khz, gtsc_khz, khz_diff, ++ disable_vtsc ? "within" : "outside", ++ opt_suse_vtsc_tolerance); ++ } ++ + if ( tsc_mode == TSC_MODE_DEFAULT && host_tsc_is_safe() && +- (d->arch.tsc_khz == cpu_khz || ++ (disable_vtsc || + (is_hvm_domain(d) && + hvm_get_tsc_scaling_ratio(d->arch.tsc_khz))) ) + { diff --git a/xen.build-compare.doc_html.patch b/xen.build-compare.doc_html.patch new file mode 100644 index 0000000..1191b2c --- /dev/null +++ b/xen.build-compare.doc_html.patch @@ -0,0 +1,31 @@ +The result of $(wildcard *) is random. +Sort input files to reduce build-compare noise. + +--- + docs/Makefile | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +Index: xen-4.13.1-testing/docs/Makefile +=================================================================== +--- xen-4.13.1-testing.orig/docs/Makefile ++++ xen-4.13.1-testing/docs/Makefile +@@ -191,7 +191,7 @@ uninstall: uninstall-man-pages uninstall + + # Individual file build targets + html/index.html: $(DOC_HTML) $(CURDIR)/gen-html-index INDEX +- $(PERL) -w -- $(CURDIR)/gen-html-index -i INDEX html $(DOC_HTML) ++ $(PERL) -w -- $(CURDIR)/gen-html-index -i INDEX html $(sort $(DOC_HTML)) + + html/%.txt: %.txt + @$(INSTALL_DIR) $(@D) +@@ -206,8 +206,8 @@ html/hypercall/%/index.html: $(CURDIR)/x + $(INSTALL_DIR) $(@D) + $(PERL) -w $(CURDIR)/xen-headers -O $(@D) \ + -T 'arch-$* - Xen public headers' \ +- $(patsubst %,-X arch-%,$(filter-out $*,$(DOC_ARCHES))) \ +- $(patsubst %,-X xen-%,$(filter-out $*,$(DOC_ARCHES))) \ ++ $(sort $(patsubst %,-X arch-%,$(filter-out $*,$(DOC_ARCHES)))) \ ++ $(sort $(patsubst %,-X xen-%,$(filter-out $*,$(DOC_ARCHES)))) \ + $(EXTRA_EXCLUDE) \ + $(XEN_ROOT)/xen include/public include/xen/errno.h + diff --git a/xen.changes b/xen.changes new file mode 100644 index 0000000..76a703f --- /dev/null +++ b/xen.changes @@ -0,0 +1,12678 @@ +------------------------------------------------------------------- +Tue Oct 13 10:48:04 MDT 2020 - carnold@suse.com + +- bsc#1177409 - VUL-0: xen: x86 PV guest INVLPG-like flushes may + leave stale TLB entries (XSA-286) + xsa286-1.patch + xsa286-2.patch + xsa286-3.patch + xsa286-4.patch + xsa286-5.patch + xsa286-6.patch +- bsc#1177412 - VUL-0: xen: Race condition in Xen mapping code + (XSA-345) + xsa345-1.patch + xsa345-2.patch + xsa345-3.patch +- bsc#1177413 - VUL-0: xen: undue deferral of IOMMU TLB flushes + (XSA-346) + xsa346-1.patch + xsa346-2.patch +- bsc#1177414 - VUL-0: xen: unsafe AMD IOMMU page table updates + (XSA-347) + xsa347-1.patch + xsa347-2.patch + xsa347-3.patch + +------------------------------------------------------------------- +Fri Sep 11 11:11:11 UTC 2020 - ohering@suse.de + +- Escape some % chars in xen.spec, they have to appear verbatim + +------------------------------------------------------------------- +Wed Sep 9 10:11:12 UTC 2020 - ohering@suse.de + +- Enhance libxc.migrate_tracking.patch + Print number of allocated pages on sending side, this is more + accurate than p2m_size. + +------------------------------------------------------------------- +Tue Sep 8 11:20:40 MDT 2020 - carnold@suse.com + +- bsc#1176339 - VUL-0: CVE-2020-25602: xen: x86 pv: Crash when + handling guest access to MSR_MISC_ENABLE (XSA-333) + xsa333.patch +- bsc#1176341 - VUL-0: CVE-2020-25598: xen: Missing unlock in + XENMEM_acquire_resource error path (XSA-334) + xsa334.patch +- bsc#1176343 - VUL-0: CVE-2020-25604: xen: race when migrating + timers between x86 HVM vCPU-s (XSA-336) + xsa336.patch +- bsc#1176344 - VUL-0: CVE-2020-25595: xen: PCI passthrough code + reading back hardware registers (XSA-337) + xsa337-1.patch + xsa337-2.patch +- bsc#1176346 - VUL-0: CVE-2020-25597: xen: once valid event + channels may not turn invalid (XSA-338) + xsa338.patch +- bsc#1176345 - VUL-0: CVE-2020-25596: xen: x86 pv guest kernel + DoS via SYSENTER (XSA-339) + xsa339.patch +- bsc#1176347 - VUL-0: CVE-2020-25603: xen: Missing barrier + barriers when accessing/allocating an event channel (XSA-340) + xsa340.patch +- bsc#1176348 - VUL-0: CVE-2020-25600: xen: out of bounds event + channels available to 32-bit x86 domains (XSA-342) + xsa342.patch +- bsc#1176349 - VUL-0: CVE-2020-25599: xen: races with + evtchn_reset() (XSA-343) + xsa343-1.patch + xsa343-2.patch + xsa343-3.patch +- bsc#1176350 - VUL-0: CVE-2020-25601: xen: lack of preemption in + evtchn_reset() / evtchn_destroy() (XSA-344) + xsa344-1.patch + xsa344-2.patch +- Upstream bug fixes (bsc#1027519) + 5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch + 5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch + 5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch + 5f560c42-x86-PV-64bit-segbase-consistency.patch + +------------------------------------------------------------------- +Mon Aug 3 10:21:59 MDT 2020 - carnold@suse.com + +- Upstream bug fixes (bsc#1027519) + 5ef44e0d-x86-PMTMR-use-FADT-flags.patch + 5ef6156a-x86-disallow-access-to-PT-MSRs.patch + 5efcb354-x86-protect-CALL-JMP-straight-line-speculation.patch + 5f046c18-evtchn-dont-ignore-error-in-get_free_port.patch (Replaces xsa317.patch) + 5f046c48-x86-shadow-dirty-VRAM-inverted-conditional.patch (Replaces xsa319.patch) + 5f046c64-EPT-set_middle_entry-adjustments.patch (Replaces xsa328-1.patch) + 5f046c78-EPT-atomically-modify-ents-in-ept_next_level.patch (Replaces xsa328-2.patch) + 5f046c9a-VT-d-improve-IOMMU-TLB-flush.patch (Replaces xsa321-1.patch) + 5f046cb5-VT-d-prune-rename-cache-flush-funcs.patch (Replaces xsa321-2.patch) + 5f046cca-x86-IOMMU-introduce-cache-sync-hook.patch (Replaces xsa321-3.patch) + 5f046ce9-VT-d-sync_cache-misaligned-addresses.patch (Replaces xsa32141.patch) + 5f046cfd-x86-introduce-alternative_2.patch (Replaces xsa321-5.patch) + 5f046d1a-VT-d-optimize-CPU-cache-sync.patch (Replaces xsa321-6.patch) + 5f046d2b-EPT-flush-cache-when-modifying-PTEs.patch (Replaces xsa321-7.patch) + 5f046d5c-check-VCPUOP_register_vcpu_info-alignment.patch (Replaces xsa327.patch) + 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch + 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch + +------------------------------------------------------------------- +Thu Jul 23 11:12:58 MDT 2020 - carnold@suse.com + +- bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to + attach on next reboot while it should be live attached + ignore-ip-command-script-errors.patch + +------------------------------------------------------------------- +Fri Jul 17 14:14:14 UTC 2020 - ohering@suse.de + +- Enhance libxc.migrate_tracking.patch + After transfer of domU memory, the target host has to assemble + the backend devices. Track the time prior xc_domain_unpause. + +------------------------------------------------------------------- +Tue Jun 30 18:03:40 UTC 2020 - ohering@suse.de + +- Add libxc.migrate_tracking.patch to track live migrations + unconditionally in logfiles, especially in libvirt. + This will track how long a domU was suspended during transit. + +------------------------------------------------------------------- +Mon Jun 29 11:28:27 MDT 2020 - carnold@suse.com + +- bsc#1173376 - VUL-0: CVE-2020-15566: xen: XSA-317 - Incorrect + error handling in event channel port allocation + xsa317.patch +- bsc#1173377 - VUL-0: CVE-2020-15563: xen: XSA-319 - inverted code + paths in x86 dirty VRAM tracking + xsa319.patch +- bsc#1173378 - VUL-0: CVE-2020-15565: xen: XSA-321 - insufficient + cache write- back under VT-d + xsa321-1.patch + xsa321-2.patch + xsa321-3.patch + xsa321-4.patch + xsa321-5.patch + xsa321-6.patch + xsa321-7.patch +- bsc#1173380 - VUL-0: CVE-2020-15567: xen: XSA-328 - non-atomic + modification of live EPT PTE + xsa328-1.patch + xsa328-2.patch + +------------------------------------------------------------------- +Mon Jun 22 11:24:48 MDT 2020 - carnold@suse.com + +- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer + Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) + 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch + 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch (Replaces xsa320-1.patch) + 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch (Replaces xsa320-2.patch) +- Upstream bug fixes (bsc#1027519) + 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch + 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch + 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch + 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch + 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch + 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch + 5ed69804-x86-ucode-fix-start-end-update.patch + 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch + 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch + +------------------------------------------------------------------- +Fri Jun 5 16:42:16 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com> + +- Fixes for %_libexecdir changing to /usr/libexec + +------------------------------------------------------------------- +Thu May 28 08:35:20 MDT 2020 - carnold@suse.com + +- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer + Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) + xsa320-1.patch + xsa320-2.patch + +------------------------------------------------------------------- +Mon May 18 10:55:26 MDT 2020 - carnold@suse.com + +- Update to Xen 4.13.1 bug fix release (bsc#1027519) + xen-4.13.1-testing-src.tar.bz2 + 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch + 5eb51caa-sched-vcpu-pause-flags-atomic.patch + 5ec2a760-x86-determine-MXCSR-mask-always.patch +- Drop patches contained in new tarball + 5de65f84-gnttab-map-always-do-IOMMU-part.patch + 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch + 5e15e03d-sched-fix-S3-resume-with-smt=0.patch + 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch + 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch + 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch + 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch + 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch + 5e318cd4-x86-apic-fix-disabling-LVT0.patch + 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch + 5e3bd385-EFI-recheck-variable-name-strings.patch + 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch + 5e3bd3f8-xmalloc-guard-against-overflow.patch + 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch + 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch + 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch + 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch + 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch + 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch + 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch + 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch + 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch + 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch + 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch + 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch + 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch + 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch + 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch + 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch + 5e86f7fd-credit2-fix-credit-too-few-resets.patch + 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch + 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch + 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch + 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch + 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch + 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch + +------------------------------------------------------------------- +Wed May 13 21:07:29 UTC 2020 - James Fehlig <jfehlig@suse.com> + +- spec: Remove invocation of autogen.sh +- spec: Recommend qemu-ovmf-x86_64 to provide UEFI firmwares + +------------------------------------------------------------------- +Wed May 13 09:56:49 MDT 2020 - carnold@suse.com + +- bsc#1170968 - GCC 10: xen build fails on i586 + gcc10-fixes.patch + +------------------------------------------------------------------- +Tue Apr 14 11:06:08 MDT 2020 - carnold@suse.com + +- bsc#1169392 - VUL-0: CVE-2020-11742: xen: Bad continuation + handling in GNTTABOP_copy (XSA-318) + 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch + +------------------------------------------------------------------- +Mon Apr 6 12:01:45 MDT 2020 - carnold@suse.com + +- bsc#1168140 - VUL-0: CVE-2020-11740, CVE-2020-11741: xen: XSA-313 + multiple xenoprof issues + 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch + 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch +- bsc#1168142 - VUL-0: CVE-2020-11739: xen: XSA-314 - Missing + memory barriers in read-write unlock paths + 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch +- bsc#1168143 - VUL-0: CVE-2020-11743: xen: XSA-316 - Bad error + path in GNTTABOP_map_grant + 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch +- bsc#1167152 - L3: Xenstored Crashed during VM install Need Core + analyzed + 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch +- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog + bug soft lockup CPU #0 stuck under high load / upstream with + workaround. See also bsc#1134506 + 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch + 5e86f7fd-credit2-fix-credit-too-few-resets.patch +- Drop for upstream solution (bsc#1165206) + 01-xen-credit2-avoid-vcpus-to.patch + default-to-credit1-scheduler.patch +- Upstream bug fixes (bsc#1027519) + 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch + 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch + 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch + 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch + 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch + 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch + 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch + 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch + 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch + 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch + 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch + +------------------------------------------------------------------- +Wed Mar 25 18:18:18 UTC 2020 - ohering@suse.de + +- bsc#1167608 - unbound limit for max_event_channels + domUs with many vcpus and/or resources fail to start + libxl.max_event_channels.patch + +------------------------------------------------------------------- +Wed Mar 18 17:00:34 UTC 2020 - ohering@suse.de + +- bsc#1161480 - Fix xl shutdown for HVM without PV drivers + add libxl.libxl__domain_pvcontrol.patch + +------------------------------------------------------------------- +Thu Mar 12 07:57:53 MDT 2020 - carnold@suse.com + +- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog + bug soft lockup CPU #0 stuck under high load / upstream with + workaround. See also bsc#1134506 + 01-xen-credit2-avoid-vcpus-to.patch + +------------------------------------------------------------------- +Tue Mar 10 07:41:34 MDT 2020 - carnold@suse.com + +- bsc#1158414 - GCC 10: xen build fails + gcc10-fixes.patch + +------------------------------------------------------------------- +Wed Mar 4 13:28:17 MST 2020 - carnold@suse.com + +- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog + bug soft lockup CPU #0 stuck under high load / upstream with + workaround. See also bsc#1134506 + default-to-credit1-scheduler.patch + +------------------------------------------------------------------- +Thu Feb 20 08:18:37 MST 2020 - carnold@suse.com + +- bsc#1160932 - VUL-0: xen: XSA-312 v1: arm: a CPU may speculate + past the ERET instruction + 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch +- bsc#1164425 - x86: "spec-ctrl=no-xen" should also disable branch + hardening + 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch +- Upstream bug fixes (bsc#1027519) + 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch + 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch + 5e318cd4-x86-apic-fix-disabling-LVT0.patch + 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch + 5e3bd385-EFI-recheck-variable-name-strings.patch + 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch + 5e3bd3f8-xmalloc-guard-against-overflow.patch + 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch + 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch + 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch + +------------------------------------------------------------------- +Tue Feb 18 18:18:18 UTC 2020 - ohering@suse.de + +- bsc#1159755 - use fixed qemu-3.1 machine type for HVM + This must be done in qemu to preserve PCI layout + remove libxl.lock-qemu-machine-for-hvm.patch + +------------------------------------------------------------------- +Fri Feb 7 12:37:35 UTC 2020 - ohering@suse.de + +- jsc#SLE-10183 - script to calculate cpuid= mask + add helper script from https://github.com/twizted/xen_maskcalc + domUs may be migrated between different cpus from the same vendor + if their visible cpuid value has incompatible feature bits masked. + +------------------------------------------------------------------- +Wed Feb 5 15:16:06 UTC 2020 - ohering@suse.de + +- jsc#SLE-10172, bsc#1055731 - handle degraded raid for xendomains + add helper script and systemd service from + https://github.com/luizluca/xen-tools-xendomains-wait-disk + in new sub package xen-tools-xendomains-wait-disk + See included README for usage instructions + xendomains-wait-disks.LICENSE + xendomains-wait-disks.README.md + xendomains-wait-disks.sh + +------------------------------------------------------------------- +Tue Jan 28 14:10:38 UTC 2020 - ohering@suse.de + +- bsc#1159755 - use fixed qemu-3.1 machine type for HVM + qemu4 introduced incompatible changes in pc-i440fx, which revealed + a design bug in 'xenfv'. Live migration from domUs started with + qemu versions prior qemu4 can not be received with qemu4+. + libxl.lock-qemu-machine-for-hvm.patch + +------------------------------------------------------------------- +Tue Jan 14 09:19:31 MST 2020 - carnold@suse.com + +- Upstream bug fixes (bsc#1027519) + 5de65f84-gnttab-map-always-do-IOMMU-part.patch + 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch + 5e15e03d-sched-fix-S3-resume-with-smt=0.patch + 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch + 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch + +------------------------------------------------------------------- +Wed Jan 8 11:43:04 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org> + +- BuildRequire pkgconfig(libsystemd) instead of systemd-devel: + Allow OBS to shortcut through the -mini flavors. + +------------------------------------------------------------------- +Wed Dec 18 10:16:52 MST 2019 - carnold@suse.com + +- bsc#1159320 - Xen logrotate file needs updated + logrotate.conf + +------------------------------------------------------------------- +Wed Dec 18 08:21:17 MST 2019 - carnold@suse.com + +- Update to Xen 4.13.0 FCS release + xen-4.13.0-testing-src.tar.bz2 + * Core Scheduling (contributed by SUSE) + * Branch hardening to mitigate against Spectre v1 (contributed by Citrix) + * Late uCode loading (contributed by Intel) + * Improved live-patching build tools (contributed by AWS) + * OP-TEE support (contributed by EPAM) + * Renesas R-CAR IPMMU-VMSA driver (contributed by EPAM) + * Dom0-less passthrough and ImageBuilder (contributed by XILINX) + * Support for new Hardware + +------------------------------------------------------------------- +Tue Dec 3 08:57:29 MST 2019 - carnold@suse.com + +- Update to Xen 4.13.0 RC4 release + xen-4.13.0-testing-src.tar.bz2 +- Rebase libxl.pvscsi.patch + +------------------------------------------------------------------- +Mon Nov 25 10:49:13 MST 2019 - carnold@suse.com + +- Update to Xen 4.13.0 RC3 release + xen-4.13.0-testing-src.tar.bz2 +- Drop python38-build.patch + +------------------------------------------------------------------- +Tue Nov 12 08:09:27 MST 2019 - carnold@suse.com + +- Update to Xen 4.13.0 RC2 release + xen-4.13.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Tue Oct 29 14:27:13 CET 2019 - Matej Cepl <mcepl@suse.com> + +- Add python38-build.patch fixing build with Python 3.8 (add + --embed to python-config call) + +------------------------------------------------------------------- +Mon Oct 14 09:01:47 MDT 2019 - carnold@suse.com + +- Update to Xen 4.13.0 RC1 release + xen-4.13.0-testing-src.tar.bz2 +- Drop patches contained in new tarball or invalid + 5ca7660f-x86-entry-drop-unused-includes.patch + 5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch + 5cab2ab7-x86-IOMMU-introduce-init-ops.patch + 5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch + 5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch + 5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch + 5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch + 5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch + 5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch + 5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch + 5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch + 5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch + 5d358508-x86-IRQ-desc-affinity-represents-request.patch + 5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch + 5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch + 5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch + 5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch + 5d417813-AMD-IOMMU-bitfield-extended-features.patch + 5d417838-AMD-IOMMU-bitfield-control-reg.patch + 5d41785b-AMD-IOMMU-bitfield-IRTE.patch + 5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch + 5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch + 5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch + 5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch + 5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch + 5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch + 5d417b38-AMD-IOMMU-correct-IRTE-updating.patch + 5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch + 5d419d49-x86-spec-ctrl-report-proper-status.patch + 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch + 5d4a9d25-AMD-IOMMU-drop-not-found-message.patch + 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch + 5d4afa7a-credit2-fix-memory-leak.patch + 5d4d850a-introduce-bss-percpu-page-aligned.patch + 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch + 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch + 5d6524ca-x86-mm-correctly-init-M2P-entries.patch + 5d67ceaf-x86-properly-gate-PKU-clearing.patch + 5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch + 5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch + 5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch + 5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch + 5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch + 5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch + 5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch + 5d80ea13-vpci-honor-read-only-devices.patch + 5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch + 5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch + 5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch + 5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch + 5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch + 5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch + 5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch + 5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch + 5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch + 5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch + CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch + blktap2-no-uninit.patch + libxl.prepare-environment-for-domcreate_stream_done.patch + pygrub-python3-conversion.patch + fix-xenpvnetboot.patch + +------------------------------------------------------------------- +Thu Oct 10 08:39:52 MDT 2019 - carnold@suse.com + +- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines + 5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch + 5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch + 5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch + +------------------------------------------------------------------- +Wed Oct 2 08:37:47 UTC 2019 - ohering@suse.de + +- bsc#1120095 - add code to change LIBXL_HOTPLUG_TIMEOUT at runtime + The included README has details about the impact of this change + libxl.LIBXL_HOTPLUG_TIMEOUT.patch + +------------------------------------------------------------------- +Mon Sep 30 10:43:43 MDT 2019 - carnold@suse.com + +- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines + 5ca7660f-x86-entry-drop-unused-includes.patch + 5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch + 5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch + 5cab2ab7-x86-IOMMU-introduce-init-ops.patch + 5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch + 5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch + 5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch + 5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch + 5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch + 5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch + 5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch + 5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch + 5d358508-x86-IRQ-desc-affinity-represents-request.patch + 5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch + 5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch + 5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch + 5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch + 5d417813-AMD-IOMMU-bitfield-extended-features.patch + 5d417838-AMD-IOMMU-bitfield-control-reg.patch + 5d41785b-AMD-IOMMU-bitfield-IRTE.patch + 5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch + 5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch + 5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch + 5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch + 5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch + 5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch + 5d417b38-AMD-IOMMU-correct-IRTE-updating.patch + 5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch + 5d4a9d25-AMD-IOMMU-drop-not-found-message.patch + 5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch + 5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch + 5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch + 5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch + 5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch + 5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch + 5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch + 5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch + 5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch +- bsc#1145240 - [Migration]Can't pre-allocate 1 shadow pages + 5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch +- bsc#1137717 - [HPS Bug] Unable to install Windows Server 2016 + with 2 CPUs setting (or above) under SLES12 SP4 Xen Server on AMD + ROME platform + 5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch +- Upstream bug fixes (bsc#1027519) + 5d67ceaf-x86-properly-gate-PKU-clearing.patch + 5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch + 5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch + 5d80ea13-vpci-honor-read-only-devices.patch + 5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch + +------------------------------------------------------------------- +Fri Sep 27 16:25:38 UTC 2019 - ohering@suse.de + +- bsc#1145774 - Libivrtd segfaults when trying to live migrate a VM + Fix crash in an error path of libxl_domain_suspend with + libxl.helper_done-crash.patch + +------------------------------------------------------------------- +Wed Aug 28 09:25:30 MDT 2019 - carnold@suse.com + +- Upstream bug fixes (bsc#1027519) + 5d419d49-x86-spec-ctrl-report-proper-status.patch + 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch + 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch + 5d4afa7a-credit2-fix-memory-leak.patch + 5d4d850a-introduce-bss-percpu-page-aligned.patch + 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch + 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch + 5d6524ca-x86-mm-correctly-init-M2P-entries.patch +- Drop 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch + +------------------------------------------------------------------- +Wed Aug 28 11:25:17 UTC 2019 - ohering@suse.de + +- Preserve modified files which used to be marked as %config, + rename file.rpmsave to file + +------------------------------------------------------------------- +Fri Aug 9 10:29:45 MDT 2019 - carnold@suse.com + +- Update to Xen 4.12.1 bug fix release (bsc#1027519) + xen-4.12.1-testing-src.tar.bz2 +- Drop patches contained in new tarball + 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch + 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch + 5c87b6c8-drop-arch_evtchn_inject.patch + 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch + 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch + 5c8f752c-x86-e820-build-with-gcc9.patch + 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch + 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch + 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch + 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch + 5c9e63c5-credit2-SMT-idle-handling.patch + 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch + 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch + 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch + 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch + 5cd921fb-trace-fix-build-with-gcc9.patch + 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch + 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch + 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch + 5cd926d0-bitmap_fill-zero-sized.patch + 5cd92724-drivers-video-drop-constraints.patch + 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch + 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch + 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch + 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch + 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch + 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch + 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch + 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch + 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch + 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch + 5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch + 5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch + 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch + 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch + 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch + 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch + 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch + 5d03a0c4-6-Arm64-cmpxchg-simplify.patch + 5d03a0c4-7-Arm32-cmpxchg-simplify.patch + 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch + 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch + 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch + 5d03a0c4-B-bitops-guest-helpers.patch + 5d03a0c4-C-cmpxchg-guest-helpers.patch + 5d03a0c4-D-use-guest-atomics-helpers.patch + 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch + 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch +- Refreshed patches + libxl.pvscsi.patch + +------------------------------------------------------------------- +Thu Aug 1 13:10:39 MDT 2019 - carnold@suse.com + +- bsc#1143563 - Speculative mitigation facilities report wrong status + 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch + +------------------------------------------------------------------- +Wed Jul 17 13:56:46 UTC 2019 - ohering@suse.de + +- Update xen-dom0-modules.service (bsc#1137251) + Map backend module names from pvops and xenlinux kernels to a + module alias. This avoids errors from modprobe about unknown + modules. Ignore a few xenlinux modules that lack aliases. + +------------------------------------------------------------------- +Mon Jul 15 07:56:56 MDT 2019 - carnold@suse.com + +- Gcc9 warnings seem to be cleared up with upstream fixes. + Drop gcc9-ignore-warnings.patch + +------------------------------------------------------------------- +Tue Jun 25 09:29:05 MDT 2019 - carnold@suse.com + +- bsc#1138563 - L3: xenpvnetboot improperly ported to Python 3 + fix-xenpvnetboot.patch + +------------------------------------------------------------------- +Mon Jun 24 08:02:57 UTC 2019 - ohering@suse.de + +- Move /etc/modprobe.d/xen_loop.conf to /lib/modprobe.d/xen_loop.conf + +------------------------------------------------------------------- +Mon Jun 24 08:00:10 UTC 2019 - ohering@suse.de + +- Remove /etc/xen/xenapiusers and /etc/pam.d/xen-api + +------------------------------------------------------------------- +Fri Jun 21 12:25:55 UTC 2019 - ohering@suse.de + +- Remove all upstream provided files in /etc/xen + They are not required at runtime. The host admin is now + responsible if he really needs anything in this subdirectory. + +------------------------------------------------------------------- +Fri Jun 21 12:07:45 UTC 2019 - ohering@suse.de + +- In our effort to make /etc fully admin controlled, move /etc/xen/scripts + to libexec/xen/scripts with xen-tools.etc_pollution.patch + +------------------------------------------------------------------- +Wed Jun 19 13:20:39 UTC 2019 - ohering@suse.de + +- Move /etc/bash_completion.d/xl.sh to %{_datadir}/bash-completion/completions + +------------------------------------------------------------------- +Mon Jun 17 09:08:33 MDT 2019 - carnold@suse.com + +- bsc#1138294 - VUL-0: CVE-2019-17349: XSA-295: Unlimited Arm + Atomics Operations + 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch + 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch + 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch + 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch + 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch + 5d03a0c4-6-Arm64-cmpxchg-simplify.patch + 5d03a0c4-7-Arm32-cmpxchg-simplify.patch + 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch + 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch + 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch + 5d03a0c4-B-bitops-guest-helpers.patch + 5d03a0c4-C-cmpxchg-guest-helpers.patch + 5d03a0c4-D-use-guest-atomics-helpers.patch + 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch + 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch +- Upstream bug fixes (bsc#1027519) + 5c87b6c8-drop-arch_evtchn_inject.patch + 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch + 5cd921fb-trace-fix-build-with-gcc9.patch + 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch + 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch + 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch + 5cd926d0-bitmap_fill-zero-sized.patch + 5cd92724-drivers-video-drop-constraints.patch + 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch (Replaces xsa297-0a.patch) + 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch (Replaces xsa297-0b.patch) + 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch (Replaces xsa297-0c.patch) + 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch (Replaces xsa297-0d.patch) + 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch (Replaces xsa297-1.patch) + 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch (Replaces xsa297-2.patch) + 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch (Replaces xsa297-3.patch) + 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch + 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch + 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch + 5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch + 5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch + +------------------------------------------------------------------- +Fri Jun 14 15:35:28 MDT 2019 - carnold@suse.com + +- Fix some outdated information in the readme + README.SUSE + +------------------------------------------------------------------- +Tue Jun 11 20:22:47 UTC 2019 - Jim Fehlig <jfehlig@suse.com> + +- spec: xen-tools: require matching version of xen package + bsc#1137471 + +------------------------------------------------------------------- +Fri May 17 08:50:57 UTC 2019 - ohering@suse.de + +- Remove two stale patches + xen.build-compare.man.patch + xenpaging.doc.patch + +------------------------------------------------------------------- +Tue May 14 15:35:17 UTC 2019 - Martin Liška <mliska@suse.cz> + +- Disable LTO (boo#1133296). + +------------------------------------------------------------------- +Mon May 13 20:20:00 UTC 2019 - ohering@suse.de + +- Remove arm32 from ExclusiveArch to fix build + +------------------------------------------------------------------- +Mon Apr 29 08:54:04 MDT 2019 - carnold@suse.com + +- bsc#1111331 - VUL-0: CPU issues Q2 2019 aka "Group 4". + CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + xsa297-0a.patch + xsa297-0b.patch + xsa297-0c.patch + xsa297-0d.patch + xsa297-1.patch + xsa297-2.patch + xsa297-3.patch +- Update 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch and + drop 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch + Refresh 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch + +------------------------------------------------------------------- +Wed Apr 17 08:28:50 MDT 2019 - carnold@suse.com + +- bsc#1131811 - [XEN] internal error: libxenlight failed to create + new domain. This patch is a workaround for a systemd issue. See + patch header for additional comments. + xenstore-launch.patch + +------------------------------------------------------------------- +Thu Apr 11 16:29:39 MDT 2019 - carnold@suse.com + +- bsc#1125378 - [xen][pygrub] Can not restore sle11sp4 pv guest + after upgrading host from sle11sp4 to sle15sp1 + pygrub-python3-conversion.patch +- Fix "TypeError: virDomainDefineXML() argument 2 must be str or + None, not bytes" when converting VMs from using the xm/xend + toolstack to the libxl/libvirt toolstack. (bsc#1123378) + xen2libvirt.py + +------------------------------------------------------------------- +Mon Apr 8 08:13:04 MDT 2019 - carnold@suse.com + +- bsc#1124560 - Fully virtualized guests crash on boot + 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch +- bsc#1121391 - GCC 9: xen build fails + 5c8f752c-x86-e820-build-with-gcc9.patch +- Upstream bug fixes (bsc#1027519) + 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch + 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch + 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch + 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch + 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch + 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch + 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch + 5c9e63c5-credit2-SMT-idle-handling.patch + 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch + 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch + 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch + 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch + +------------------------------------------------------------------- +Thu Apr 4 08:53:02 UTC 2019 - ohering@suse.de + +- Install pkgconfig files into libdir instead of datadir + +------------------------------------------------------------------- +Tue Apr 2 08:03:53 MDT 2019 - carnold@suse.com + +- Update to Xen 4.12.0 FCS release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 + * HVM/PVH and PV only Hypervisor: The Xen 4.12 release separates + the HVM/PVH and PV code paths in Xen and provides KCONFIG + options to build a PV only or HVM/PVH only hypervisor. + * QEMU Deprivilege (DM_RESTRICT): In Xen 4.12, this feature has + been vastly improved. + * Argo - Hypervisor-Mediated data eXchange: Argo is a new inter- + domain communication mechanism. + * Improvements to Virtual Machine Introspection: The VMI subsystem + which allows detection of 0-day vulnerabilities has seen many + functional and performance improvements. + * Credit 2 Scheduler: The Credit2 scheduler is now the Xen Project + default scheduler. + * PVH Support: Grub2 boot support has been added to Xen and Grub2. + * PVH Dom0: PVH Dom0 support has now been upgraded from experimental + to tech preview. + * The Xen 4.12 upgrade also includes improved IOMMU mapping code, + which is designed to significantly improve the startup times of + AMD EPYC based systems. + * The upgrade also features Automatic Dom0 Sizing which allows the + setting of Dom0 memory size as a percentage of host memory (e.g. + 10%) or with an offset (e.g. 1G+10%). + +------------------------------------------------------------------- +Tue Mar 26 10:06:06 MDT 2019 - carnold@suse.com + +- bsc#1130485 - Please drop Requires on multipath-tools in + xen-tools. Now using Recommends multipath-tools. + xen.spec + +------------------------------------------------------------------- +Mon Mar 25 08:17:31 MDT 2019 - carnold@suse.com + +- Update to Xen 4.12.0 RC7 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Wed Mar 20 09:48:26 MDT 2019 - carnold@suse.com + +- Update to Xen 4.12.0 RC6 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Fri Mar 15 13:09:29 UTC 2019 - ohering@suse.de + +- bsc#1026236 - add Xen cmdline option "suse_vtsc_tolerance" to + avoid TSC emulation for HVM domUs if their expected frequency + does not match exactly the frequency of the receiving host + xen.bug1026236.suse_vtsc_tolerance.patch + +------------------------------------------------------------------- +Mon Mar 11 11:24:42 MDT 2019 - carnold@suse.com + +- Update to Xen 4.12.0 RC5 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Mon Mar 11 05:58:59 MDT 2019 - carnold@suse.com + +- jsc#SLE-3059 - Disable Xen auto-ballooning +- Add CONFIG_DOM0_MEM to the spec file for managing dom0 memory. + xen.spec +- Disable autoballooning in xl.con + xl-conf-disable-autoballoon.patch + +------------------------------------------------------------------- +Thu Mar 7 17:55:20 UTC 2019 - ohering@suse.de + +- Update gcc9-ignore-warnings.patch to fix build in SLE12 + +------------------------------------------------------------------- +Thu Mar 7 15:28:02 UTC 2019 - ohering@suse.de + +- bsc#1126325 - fix crash in libxl in error path + Setup of grant_tables and other variables may fail + libxl.prepare-environment-for-domcreate_stream_done.patch + +------------------------------------------------------------------- +Wed Mar 6 11:12:09 MST 2019 - carnold@suse.com + +- bsc#1127620 - Documentation for the xl configuration file allows + for firmware=pvgrub64 but we don't ship pvgrub64. + Create a link from grub.xen to pvgrub64 + xen.spec + +------------------------------------------------------------------- +Mon Mar 4 14:58:18 MST 2019 - carnold@suse.com + +- Update to Xen 4.12.0 RC4 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 +- Tarball also contains additional post RC4 security fixes for + Xen Security Advisories 287, 288, and 290 through 294. + +------------------------------------------------------------------- +Tue Feb 19 08:11:38 MST 2019 - carnold@suse.com + +- Update to Xen 4.12.0 RC3 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Mon Feb 4 12:34:57 MST 2019 - carnold@suse.com + +- Update to Xen 4.12.0 RC2 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Fri Jan 25 12:53:37 MST 2019 - carnold@suse.com + +- bsc#1121391 - GCC 9: xen build fails + gcc9-ignore-warnings.patch + +------------------------------------------------------------------- +Thu Jan 24 09:39:18 MST 2019 - carnold@suse.com + +- bsc#1122563 - Virtualization/xen: Bug no Xen on boot, missing + /proc/xen, after 4.11 -> 4.12 upgrade on X86_64/efi. + Keep xen.efi in /usr/lib64/efi for booting older distros. + xen.spec + +------------------------------------------------------------------- +Fri Jan 18 10:51:12 MST 2019 - carnold@suse.com + +- fate#326960: Package grub2 as noarch. + As part of the effort to have a unified bootloader across + architectures, modify the xen.spec file to move the Xen efi files + to /usr/share/efi/$(uname -m) from /usr/lib64/efi. + +------------------------------------------------------------------- +Wed Jan 16 11:24:49 MST 2019 - carnold@suse.com + +- Update to Xen 4.12.0 RC1 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 +- Drop + 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch + 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch + 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch + 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch + 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch + 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch + 5b9784d2-x86-HVM-add-known_gla-helper.patch + 5b9784f2-x86-HVM-split-page-straddling-accesses.patch + 5bdc31d5-VMX-fix-vmx_handle_eoi.patch + gcc8-fix-array-warning-on-i586.patch + gcc8-fix-format-warning-on-i586.patch + gcc8-inlining-failed.patch + xen.bug1079730.patch + +------------------------------------------------------------------- +Tue Jan 15 13:38:13 MST 2019 - carnold@suse.com + +- bsc#1121960 - xen: sync with Factory + xen.spec + xen.changes + +------------------------------------------------------------------- +Sat Jan 12 14:06:02 UTC 2019 - Jan Engelhardt <jengelh@inai.de> + +- Replace old $RPM_* shell vars. +- Run fdupes for all architectures, and not crossing + subvolume boundaries. + +------------------------------------------------------------------- +Thu Jan 10 10:57:44 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> + +- Do not run %fdupes on aarch64 to avoid the hardlink-across-partition + rpmlint error + +------------------------------------------------------------------- +Tue Jan 8 13:31:30 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> + +- Require qemu-seabios only on x86* as it is not available on non-x86 + systems + +------------------------------------------------------------------- +Thu Dec 27 18:16:54 UTC 2018 - Bernhard Wiedemann <bwiedemann@suse.com> + +- Avoid creating dangling symlinks (bsc#1116524) + This reverts the revert of tmp_build.patch + +------------------------------------------------------------------- +Tue Dec 4 13:19:21 MST 2018 - carnold@suse.com + +- Update to Xen 4.11.1 bug fix release (bsc#1027519) + xen-4.11.1-testing-src.tar.bz2 +- 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch + replaces xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch +- 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch + replaces xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch +- Drop the following patches contained in the new tarball + 5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch + 5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch + 5b3cab8e-2-VMX-improve-MSR-load-save-API.patch + 5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch + 5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch + 5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch + 5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch + 5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch + 5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch + 5b3f8fa5-port-array_index_nospec-from-Linux.patch + 5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch + 5b4488e7-x86-spec-ctrl-cmdline-handling.patch + 5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch + 5b4c9a60-allow-cpu_down-to-be-called-earlier.patch + 5b4db308-SVM-fix-cleanup-svm_inject_event.patch + 5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch + 5b5040f2-x86-AMD-distinguish-CU-from-HT.patch + 5b505fe5-VMX-fix-find-msr-build.patch + 5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch + 5b508775-2-x86-possibly-bring-up-all-CPUs.patch + 5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch + 5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch + 5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch + 5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch + 5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch + 5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch + 5b62ca93-VMX-avoid-hitting-BUG_ON.patch + 5b6d84ac-x86-fix-improve-vlapic-read-write.patch + 5b6d8ce2-x86-XPTI-parsing.patch + 5b72fbbe-ARM-disable-grant-table-v2.patch + 5b72fbbe-oxenstored-eval-order.patch + 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch + 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch + 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch + 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch + 5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch + 5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch + 5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch + 5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch + 5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch + 5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch + 5b72fbbf-xl.conf-Add-global-affinity-masks.patch + 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch + 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch + 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch + 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch + 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch + 5b8d5832-x86-assorted-array_index_nospec-insertions.patch + 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch + 5bacae4b-x86-boot-allocate-extra-module-slot.patch + 5bae44ce-x86-silence-false-log-messages.patch + 5bb60c12-x86-split-opt_xpti.patch + 5bb60c4f-x86-split-opt_pv_l1tf.patch + 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch + 5bcf0722-x86-boot-enable-NMIs.patch + 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch + 5bd076e9-x86-boot-init-debug-regs-correctly.patch + 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch + 5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch + 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch + 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch + 5be2a308-x86-extend-get_platform_badpages.patch + 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch + xsa275-1.patch + xsa275-2.patch + xsa276-1.patch + xsa276-2.patch + xsa277.patch + xsa279.patch + xsa280-1.patch + xsa280-2.patch + +------------------------------------------------------------------- +Wed Nov 21 15:44:39 MST 2018 - carnold@suse.com + +- bsc#1116524 - Package xen-tools-4.11.0_09-2.1.x86_64 broken: + Missing /bin/domu-xenstore. This was broken because "make + package build reproducible" change. (boo#1047218, boo#1062303) + This fix reverses the change to this patch. + tmp_build.patch + +------------------------------------------------------------------- +Mon Nov 12 09:47:39 MST 2018 - carnold@suse.com + +- bsc#1115040 - VUL-0: CVE-2018-19961 CVE-2018-19962: xen: + insufficient TLB flushing / improper large page mappings with AMD + IOMMUs (XSA-275) + xsa275-1.patch + xsa275-2.patch +- bsc#1115043 - VUL-0: CVE-2018-19963: xen: resource accounting + issues in x86 IOREQ server handling (XSA-276) + xsa276-1.patch + xsa276-2.patch +- bsc#1115044 - VUL-0: CVE-2018-19964: xen: x86: incorrect error + handling for guest p2m page removals (XSA-277) + xsa277.patch +- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even + when disabled (XSA-278) + 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch +- bsc#1115045 - VUL-0: xen: CVE-2018-19965: x86: DoS from attempting + to use INVPCID with a non-canonical addresses (XSA-279) + xsa279.patch +- bsc#1115047 - VUL-0: CVE-2018-19966: xen: Fix for XSA-240 + conflicts with shadow paging (XSA-280) + xsa280-1.patch + xsa280-2.patch +- bsc#1114988 - VUL-0: CVE-2018-19967: xen: guest use of HLE + constructs may lock up host (XSA-282) + 5be2a308-x86-extend-get_platform_badpages.patch + 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch +- bsc#1108940 - L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV + 5bdc31d5-VMX-fix-vmx_handle_eoi.patch +- Upstream bug fixes (bsc#1027519) + 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch + 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch + 5bacae4b-x86-boot-allocate-extra-module-slot.patch + 5bae44ce-x86-silence-false-log-messages.patch + 5bb60c12-x86-split-opt_xpti.patch + 5bb60c4f-x86-split-opt_pv_l1tf.patch + 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch + 5bcf0722-x86-boot-enable-NMIs.patch + 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch + 5bd076e9-x86-boot-init-debug-regs-correctly.patch + 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch + 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch + +------------------------------------------------------------------- +Tue Nov 6 08:33:59 MST 2018 - carnold@suse.com + +- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even + when disabled (XSA-278) + 5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch + +------------------------------------------------------------------- +Wed Oct 24 20:08:24 UTC 2018 - ohering@suse.de + +- Use SMBIOS_REL_DATE instead of SMBIOS_DATE for reproducible binaries + +------------------------------------------------------------------- +Wed Oct 24 08:21:01 UTC 2018 - Bernhard Wiedemann <bwiedemann@suse.com> + +- make package build reproducible (boo#1047218, boo#1062303) + * Set SMBIOS_REL_DATE + * Update tmp_build.patch to use SHA instead of random build-id + * Add reproducible.patch to use --no-insert-timestamp + +------------------------------------------------------------------- +Mon Oct 15 06:55:47 UTC 2018 - ohering@suse.de + +- Building with ncurses 6.1 will fail without + xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch +- Building libxl acpi support on aarch64 with gcc 8.2 will fail without + xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch + +------------------------------------------------------------------- +Tue Sep 11 13:29:58 MDT 2018 - carnold@suse.com + +- bsc#1106263 - L3: The affinity reporting via 'xl vcpu-list' is + apparently broken + 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch + 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch + 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch + +------------------------------------------------------------------- +Tue Sep 11 07:47:57 MDT 2018 - carnold@suse.com + +- bsc#1094508 - L3: Kernel oops in fs/dcache.c called by + d_materialise_unique() + 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch + 5b9784d2-x86-HVM-add-known_gla-helper.patch + 5b9784f2-x86-HVM-split-page-straddling-accesses.patch +- bsc#1103279 - (CVE-2018-15470) VUL-0: CVE-2018-15470: xen: + oxenstored does not apply quota-maxentity (XSA-272) + 5b72fbbe-oxenstored-eval-order.patch +- bsc#1103275 - (CVE-2018-15469) VUL-0: CVE-2018-15469: xen: Use of + v2 grant tables may cause crash on ARM (XSA-268) + 5b72fbbe-ARM-disable-grant-table-v2.patch +- Upstream patches from Jan (bsc#1027519) + 5b6d84ac-x86-fix-improve-vlapic-read-write.patch + 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch + 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch + 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch + 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch + 5b8d5832-x86-assorted-array_index_nospec-insertions.patch +- Drop 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch + +------------------------------------------------------------------- +Tue Aug 28 16:07:52 MDT 2018 - carnold@suse.com + +- bsc#1078292 - rpmbuild -ba SPECS/xen.spec with xen-4.9.1 failed + xen.spec + +------------------------------------------------------------------- +Fri Aug 17 13:01:36 MDT 2018 - carnold@suse.com + +- bsc#1091107 - VUL-0: CVE-2018-3646: xen: L1 Terminal Fault -VMM + (XSA-273) + 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch + 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch + 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch + 5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch + 5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch + 5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch + 5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch + 5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch +- bsc#1103276 - VUL-0: CVE-2018-15468: xen: x86: Incorrect + MSR_DEBUGCTL handling lets guests enable BTS (XSA-269) + 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch +- Upstream prereq patches for XSA-273 and other upstream fixes + (bsc#1027519) + 5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch + 5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch + 5b3cab8e-2-VMX-improve-MSR-load-save-API.patch + 5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch + 5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch + 5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch + 5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch + 5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch + 5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch + 5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch + 5b505fe5-VMX-fix-find-msr-build.patch + 5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch + 5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch + 5b62ca93-VMX-avoid-hitting-BUG_ON.patch + 5b6d8ce2-x86-XPTI-parsing.patch + 5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch + 5b72fbbf-xl.conf-Add-global-affinity-masks.patch + 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch + +------------------------------------------------------------------- +Tue Jul 24 09:17:09 MDT 2018 - carnold@suse.com + +- Upstream patches from Jan (bsc#1027519) + 5b3f8fa5-port-array_index_nospec-from-Linux.patch + 5b4488e7-x86-spec-ctrl-cmdline-handling.patch + 5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch + 5b4c9a60-allow-cpu_down-to-be-called-earlier.patch + 5b4db308-SVM-fix-cleanup-svm_inject_event.patch + 5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch + 5b5040f2-x86-AMD-distinguish-CU-from-HT.patch + 5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch + 5b508775-2-x86-possibly-bring-up-all-CPUs.patch + 5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch + 5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch + 5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch + 5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch + gcc8-fix-format-warning-on-i586.patch + gcc8-fix-array-warning-on-i586.patch +- Drop xen.fuzz-_FORTIFY_SOURCE.patch + gcc8-fix-warning-on-i586.patch + +------------------------------------------------------------------- +Mon Jul 9 10:53:15 MDT 2018 - carnold@suse.com + +- Update to Xen 4.11.0 FCS (fate#325202, fate#325123) + xen-4.11.0-testing-src.tar.bz2 + disable-building-pv-shim.patch +- Dropped patches + 5a33a12f-domctl-improve-locking-during-domain-destruction.patch + 5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch + 5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch + 5a9985bd-x86-invpcid-support.patch + 5ac72a48-gcc8.patch + 5ac72a5f-gcc8.patch + 5ac72a64-gcc8.patch + 5ac72a69-gcc8.patch + 5ac72a6e-gcc8.patch + 5ac72a74-gcc8.patch + 5ac72a7b-gcc8.patch + 5ad4923e-x86-correct-S3-resume-ordering.patch + 5ad49293-x86-suppress-BTI-mitigations-around-S3.patch + 5ad600d4-x86-pv-introduce-x86emul_read_dr.patch + 5ad600d4-x86-pv-introduce-x86emul_write_dr.patch + 5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch + 5adda097-x86-HPET-fix-race-triggering-ASSERT.patch + 5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch + 5adde9ed-xpti-fix-double-fault-handling.patch + 5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch + 5ae31917-x86-cpuidle-init-stats-lock-once.patch + 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch + 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch + 5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch + 5aec7393-1-x86-xpti-avoid-copy.patch + 5aec7393-2-x86-xpti-write-cr3.patch + 5aec744a-3-x86-xpti-per-domain-flag.patch + 5aec744a-4-x86-xpti-use-invpcid.patch + 5aec744a-5-x86-xpti-no-global-pages.patch + 5aec744a-6-x86-xpti-cr3-valid-flag.patch + 5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch + 5aec744b-8-x86-xpti-cr3-helpers.patch + 5aec74a8-9-x86-xpti-use-pcid.patch + 5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch + 5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch + 5af1daa9-3-x86-traps-use-IST-for-DB.patch + 5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch + 5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch + 5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch + 5af97999-viridian-cpuid-leaf-40000003.patch + 5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch + 5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch + 5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch + 5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch + 5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch + 5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch + 5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch + 5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch + 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch + 5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch + 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch + 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch + 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch + 5b0bc9da-x86-XPTI-fix-S3-resume.patch + 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch + 5b0d2d91-x86-suppress-sync-when-XPTI-off.patch + 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch + 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch + 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch + 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch + 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch + 5b238b92-x86-HVM-account-for-fully-eager-FPU.patch + 5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch + 5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch + 5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch + 5b34882d-x86-mm-dont-bypass-preemption-checks.patch + 5b348874-x86-refine-checks-in-DB-handler.patch + 5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch + 5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch + 5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch + 5b348954-x86-guard-against-NM.patch + libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch + libxl.LIBXL_DESTROY_TIMEOUT.patch + libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch + xen_fix_build_with_acpica_20180427_and_new_packages.patch + +------------------------------------------------------------------- +Wed Jul 4 15:46:01 UTC 2018 - trenn@suse.de + +- Submit upstream patch libacpi: fixes for iasl >= 20180427 + git commit 858dbaaeda33b05c1ac80aea0ba9a03924e09005 + xen_fix_build_with_acpica_20180427_and_new_packages.patch + This is needed for acpica package to get updated in our build service + +------------------------------------------------------------------- +Fri Jun 29 08:35:34 MDT 2018 - carnold@suse.com + +- Upstream patches from Jan (bsc#1027519) + 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-1.patch) + 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-2.patch) + 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch (Replaces Spectre-v4-3.patch) + 5b0bc9da-x86-XPTI-fix-S3-resume.patch + 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch + 5b0d2d91-x86-suppress-sync-when-XPTI-off.patch + 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch + 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch + 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch + 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch (Replaces xsa267-1.patch) + 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch (Replaces xsa267-2.patch) + 5b238b92-x86-HVM-account-for-fully-eager-FPU.patch + 5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch + 5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch + 5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch + 5b34882d-x86-mm-dont-bypass-preemption-checks.patch (Replaces xsa264.patch) + 5b348874-x86-refine-checks-in-DB-handler.patch (Replaces xsa265.patch) + 5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch (Replaces xsa266-1-<>.patch) + 5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch (Replaces xsa266-2-<>.patch) + 5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch + 5b348954-x86-guard-against-NM.patch + +------------------------------------------------------------------- +Mon Jun 25 09:50:31 UTC 2018 - ohering@suse.de + +- Fix more build gcc8 related failures with xen.fuzz-_FORTIFY_SOURCE.patch + +------------------------------------------------------------------- +Mon Jun 25 09:44:25 UTC 2018 - ohering@suse.de + +- bsc#1098403 - fix regression introduced by changes for bsc#1079730 + a PV domU without qcow2 and/or vfb has no qemu attached. + Ignore QMP errors for PV domUs to handle PV domUs with and without + an attached qemu-xen. + xen.bug1079730.patch + +------------------------------------------------------------------- +Mon Jun 18 14:57:06 MDT 2018 - carnold@suse.com + +- bsc#1097521 - VUL-0: CVE-2018-12891: xen: preemption checks + bypassed in x86 PV MM handling (XSA-264) + xsa264.patch +- bsc#1097522 - VUL-0: CVE-2018-12893: xen: x86: #DB exception + safety check can be triggered by a guest (XSA-265) + xsa265.patch +- bsc#1097523 - VUL-0: CVE-2018-12892: xen: libxl fails to honour + readonly flag on HVM emulated SCSI disks (XSA-266) + xsa266-1-libxl-qemu_disk_scsi_drive_string-Break-out-common-p.patch + xsa266-2-libxl-restore-passing-readonly-to-qemu-for-SCSI-disk.patch + +------------------------------------------------------------------- +Wed Jun 13 14:20:14 MDT 2018 - carnold@suse.com + +- bsc#1095242 - VUL-0: CVE-2018-3665: xen: Lazy FP Save/Restore + (XSA-267) + xsa267-1.patch + xsa267-2.patch + +------------------------------------------------------------------- +Fri Jun 1 10:27:44 MDT 2018 - carnold@suse.com + +- bsc#1092543 - GCC 8: xen build fails + gcc8-fix-warning-on-i586.patch + +------------------------------------------------------------------- +Fri May 18 08:03:46 MDT 2018 - carnold@suse.com + +- bsc#1092631 - VUL-0: CVE-2018-3639: xen: V4 – Speculative Store + Bypass aka "Memory Disambiguation" (XSA-263) + 5ad4923e-x86-correct-S3-resume-ordering.patch + 5ad49293-x86-suppress-BTI-mitigations-around-S3.patch + 5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch + 5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch + 5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch + 5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch + 5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch + 5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch + 5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch + 5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch + 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch + 5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch + Spectre-v4-1.patch + Spectre-v4-2.patch + Spectre-v4-3.patch + +------------------------------------------------------------------- +Thu May 17 20:29:37 UTC 2018 - ohering@suse.de + +- Always call qemus xen-save-devices-state in suspend/resume to + fix migration with qcow2 images (bsc#1079730) + libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch + libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch + xen.bug1079730.patch + +------------------------------------------------------------------- +Wed May 16 08:45:24 MDT 2018 - carnold@suse.com + +- bsc#1087289 - L3: Xen BUG at sched_credit.c:1663 + 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch + 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch +- Upstream patches from Jan (bsc#1027519) + 5ad600d4-x86-pv-introduce-x86emul_read_dr.patch + 5ad600d4-x86-pv-introduce-x86emul_write_dr.patch + 5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch + 5adda097-x86-HPET-fix-race-triggering-ASSERT.patch + 5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch + 5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch + 5ae31917-x86-cpuidle-init-stats-lock-once.patch + 5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch + 5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch (Replaces xsa260-1.patch) + 5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch (Replaces xsa260-2.patch) + 5af1daa9-3-x86-traps-use-IST-for-DB.patch (Replaces xsa260-3.patch) + 5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch (Replaces xsa260-4.patch) + 5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch (Replaces xsa262.patch) + 5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch (Replaces xsa261.patch) + 5af97999-viridian-cpuid-leaf-40000003.patch + +------------------------------------------------------------------- +Fri May 11 08:36:45 MDT 2018 - carnold@suse.com + +- Fixes related to Page Table Isolation (XPTI). bsc#1074562 XSA-254 + 5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch + 5a9985bd-x86-invpcid-support.patch + 5adde9ed-xpti-fix-double-fault-handling.patch + 5aec7393-1-x86-xpti-avoid-copy.patch + 5aec7393-2-x86-xpti-write-cr3.patch + 5aec744a-3-x86-xpti-per-domain-flag.patch + 5aec744a-4-x86-xpti-use-invpcid.patch + 5aec744a-5-x86-xpti-no-global-pages.patch + 5aec744a-6-x86-xpti-cr3-valid-flag.patch + 5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch + 5aec744b-8-x86-xpti-cr3-helpers.patch + 5aec74a8-9-x86-xpti-use-pcid.patch + +------------------------------------------------------------------- +Wed May 9 08:32:42 MDT 2018 - carnold@suse.com + +- bsc#1092543 - GCC 8: xen build fails + 5ac72a48-gcc8.patch + 5ac72a5f-gcc8.patch + 5ac72a64-gcc8.patch + 5ac72a69-gcc8.patch + 5ac72a6e-gcc8.patch + 5ac72a74-gcc8.patch + 5ac72a7b-gcc8.patch + gcc8-inlining-failed.patch + +------------------------------------------------------------------- +Tue May 8 12:51:26 MDT 2018 - carnold@suse.com + +- Update to Xen 4.10.1 bug fix release (bsc#1027519) + xen-4.10.1-testing-src.tar.bz2 + disable-building-pv-shim.patch +- Drop the following patches contained in the new tarball + 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch + 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch + 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch + 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch + 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch + 5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch + 5a4caa8c-x86-E820-don-t-overrun-array.patch + 5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch + 5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch + 5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch + 5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch + 5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch + 5a4fd893-4-x86-introduce-cpuid_policy_updated.patch + 5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch + 5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch + 5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch + 5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch + 5a4fd894-4-clarifications-to-wait-infrastructure.patch + 5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch + 5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch + 5a5e2cff-x86-Meltdown-band-aid.patch + 5a5e2d73-x86-Meltdown-band-aid-conditional.patch + 5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch + 5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch + 5a5e3a4e-3-x86-report-speculative-mitigation-details.patch + 5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch + 5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch + 5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch + 5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch + 5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch + 5a5e459c-2-x86-report-domain-id-on-CPUID.patch + 5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch + 5a69c0b9-x86-fix-GET_STACK_END.patch + 5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch + 5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch + 5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch + 5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch + 5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch + 5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch + 5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch + 5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch + 5a6b36cd-9-x86-issue-speculation-barrier.patch + 5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch + 5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch + 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch + 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch + 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch + 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch + 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch + 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch + 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch + 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch + 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch + 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch + 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch + 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch + 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch + 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch + 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch + 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch + 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch + xsa258.patch + xsa259.patch + +------------------------------------------------------------------- +Wed Apr 25 09:45:03 MDT 2018 - carnold@suse.com + +- bsc#1090820 - VUL-0: CVE-2018-8897: xen: x86: mishandling of + debug exceptions (XSA-260) + xsa260-1.patch + xsa260-2.patch + xsa260-3.patch + xsa260-4.patch +- bsc#1090822 - VUL-0: CVE-2018-10982: xen: x86 vHPET interrupt + injection errors (XSA-261) + xsa261.patch +- bsc#1090823 - VUL-0: CVE-2018-10981: xen: qemu may drive Xen into + unbounded loop (XSA-262) + xsa262.patch + +------------------------------------------------------------------- +Mon Apr 16 14:03:24 MDT 2018 - carnold@suse.com + +- bsc#1089152 - VUL-0: CVE-2018-10472: xen: Information leak via + crafted user-supplied CDROM (XSA-258) + xsa258.patch +- bsc#1089635 - VUL-0: CVE-2018-10471: xen: x86: PV guest may crash + Xen with XPTI (XSA-259) + xsa259.patch + +------------------------------------------------------------------- +Wed Mar 28 08:28:59 UTC 2018 - ohering@suse.de + +- Preserve xen-syms from xen-dbg.gz to allow processing vmcores + with crash(1) (bsc#1087251) + +------------------------------------------------------------------- +Mon Mar 26 08:20:45 MDT 2018 - carnold@suse.com + +- Upstream patches from Jan (bsc#1027519) and fixes related to + Page Table Isolation (XPTI). See also bsc#1074562 XSA-254 + 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch + 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch + 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch + 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch + 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch + 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch + +------------------------------------------------------------------- +Thu Mar 1 09:36:03 MST 2018 - carnold@suse.com + +- bsc#1072834 - Xen HVM: unchecked MSR access error: RDMSR from + 0xc90 at rIP: 0xffffffff93061456 (native_read_msr+0x6/0x30) + 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch +- Upstream patches from Jan (bsc#1027519) + 5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch + 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch + 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch + 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch + 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch + 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch + 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch + 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch (Replaces xsa252.patch) + 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch (Replaces xsa255-1.patch) + 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch (Replaces xsa255-2.patch) + 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch (Replaces xsa256.patch) +- Drop + xsa252.patch + xsa255-1.patch + xsa255-2.patch + xsa256.patch + +------------------------------------------------------------------- +Mon Feb 12 13:26:38 MST 2018 - carnold@suse.com + +- bsc#1080635 - VUL-0: CVE-2018-7540: xen: DoS via non-preemptable + L3/L4 pagetable freeing (XSA-252) + xsa252.patch +- bsc#1080662 - VUL-0: CVE-2018-7541: xen: grant table v2 -> v1 + transition may crash Xen (XSA-255) + xsa255-1.patch + xsa255-2.patch +- bsc#1080634 - VUL-0: CVE-2018-7542: xen: x86 PVH guest without + LAPIC may DoS the host (XSA-256) + xsa256.patch + +------------------------------------------------------------------- +Fri Feb 9 12:59:12 UTC 2018 - ohering@suse.de + +- Remove stale systemd presets code for 13.2 and older + +------------------------------------------------------------------- +Fri Feb 9 12:31:33 UTC 2018 - ohering@suse.de + +- fate#324965 - add script, udev rule and systemd service to watch + for vcpu online/offline events in a HVM domU + They are triggered via xl vcpu-set domU N + +------------------------------------------------------------------- +Fri Feb 9 10:23:15 UTC 2018 - ohering@suse.de + +- Replace hardcoded xen with Name tag when refering to subpkgs + +------------------------------------------------------------------- +Fri Feb 9 10:19:49 UTC 2018 - ohering@suse.de + +- Make sure tools and tools-domU require libs from the very same build + +------------------------------------------------------------------- +Wed Feb 7 22:47:44 UTC 2018 - jfehlig@suse.com + +- tools-domU: Add support for qemu guest agent. New files + 80-xen-channel-setup.rules and xen-channel-setup.sh configure a + xen-pv-channel for use by the guest agent + FATE#324963 + +------------------------------------------------------------------- +Wed Feb 7 15:01:10 UTC 2018 - ohering@suse.de + +- Remove outdated /etc/xen/README* + +------------------------------------------------------------------- +Mon Jan 29 10:11:05 MST 2018 - carnold@suse.com + +- bsc#1073961 - VUL-0: CVE-2018-5244: xen: x86: memory leak with + MSR emulation (XSA-253) + 5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch +- bsc#1074562 - VUL-0: CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 + xen: Information leak via side effects of speculative execution + (XSA-254). Includes Spectre v2 mitigation. + 5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch + 5a4caa8c-x86-E820-don-t-overrun-array.patch + 5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch + 5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch + 5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch + 5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch + 5a4fd893-4-x86-introduce-cpuid_policy_updated.patch + 5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch + 5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch + 5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch + 5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch + 5a4fd894-4-clarifications-to-wait-infrastructure.patch + 5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch + 5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch + 5a5e2cff-x86-Meltdown-band-aid.patch + 5a5e2d73-x86-Meltdown-band-aid-conditional.patch + 5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch + 5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch + 5a5e3a4e-3-x86-report-speculative-mitigation-details.patch + 5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch + 5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch + 5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch + 5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch + 5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch + 5a5e459c-2-x86-report-domain-id-on-CPUID.patch + 5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch + 5a69c0b9-x86-fix-GET_STACK_END.patch + 5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch + 5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch + 5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch + 5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch + 5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch + 5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch + 5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch + 5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch + 5a6b36cd-9-x86-issue-speculation-barrier.patch + 5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch + 5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch + +------------------------------------------------------------------- +Fri Jan 26 14:40:14 MST 2018 - carnold@suse.com + +- Fix python3 deprecated atoi call (bsc#1067224) + pygrub-python3-conversion.patch +- Drop xenmon-python3-conversion.patch + +------------------------------------------------------------------- +Wed Jan 10 11:12:07 UTC 2018 - ohering@suse.de + +- bsc#1067317 - pass cache=writeback|unsafe|directsync to qemu, + depending on the libxl disk settings + libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch + +------------------------------------------------------------------- +Mon Jan 8 08:15:11 UTC 2018 - ohering@suse.de + +- Remove libxl.LIBXL_DESTROY_TIMEOUT.debug.patch + +------------------------------------------------------------------- +Fri Jan 5 13:45:40 MST 2018 - carnold@suse.com + +- bsc#1067224 - xen-tools have hard dependency on Python 2 + build-python3-conversion.patch + bin-python3-conversion.patch + +------------------------------------------------------------------- +Wed Dec 20 09:57:09 MST 2017 - carnold@suse.com + +- bsc#1070165 - xen crashes after aborted localhost migration + 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch +- bsc#1035442 - L3: libxl: error: libxl.c:1676:devices_destroy_cb: + libxl__devices_destroy failed + 5a33a12f-domctl-improve-locking-during-domain-destruction.patch +- Upstream patches from Jan (bsc#1027519) + 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch + 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch + 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch + 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch + +------------------------------------------------------------------- +Wed Dec 13 08:43:00 MST 2017 - carnold@suse.com + +- Update to Xen 4.10.0 FCS (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Mon Dec 11 12:07:30 UTC 2017 - ohering@suse.de + +- Rebuild initrd if xen-tools-domU is updated + +------------------------------------------------------------------- +Tue Dec 5 08:38:58 MST 2017 - carnold@suse.com + +- Update to Xen 4.10.0-rc8 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Tue Nov 28 10:14:56 UTC 2017 - ohering@suse.de + +- Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds + If many domUs shutdown in parallel the backends can not keep up + Add some debug output to track how long backend shutdown takes (bsc#1035442) + libxl.LIBXL_DESTROY_TIMEOUT.patch + libxl.LIBXL_DESTROY_TIMEOUT.debug.patch + +------------------------------------------------------------------- +Tue Nov 28 10:06:03 UTC 2017 - ohering@suse.de + +- Adjust xenstore-run-in-studomain.patch to change the defaults + in the code instead of changing the sysconfig template, to also + cover the upgrade case + +------------------------------------------------------------------- +Fri Nov 24 17:28:59 UTC 2017 - carnold@suse.com + +- Update to Xen 4.10.0-rc6 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Fri Nov 24 13:25:07 UTC 2017 - ohering@suse.de + +- Since xen switched to Kconfig, building a debug hypervisor + was done by default. Adjust make logic to build a non-debug + hypervisor by default, and continue to provide one as xen-dbg.gz + +------------------------------------------------------------------- +Fri Nov 24 11:26:45 UTC 2017 - ohering@suse.de + +- fate#316614: set migration constraints from cmdline + fix libxl.set-migration-constraints-from-cmdline.patch for xen-4.10 + +------------------------------------------------------------------- +Thu Nov 23 15:06:44 UTC 2017 - ohering@suse.de + +- Document the suse-diskcache-disable-flush option in + xl-disk-configuration(5) (bsc#879425,bsc#1067317) + +------------------------------------------------------------------- +Thu Nov 23 13:47:42 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Thu Nov 16 08:48:07 MST 2017 - carnold@suse.com + +- Update to Xen 4.10.0-rc5 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +- fate#323663 - Run Xenstore in stubdomain + xenstore-run-in-studomain.patch + +------------------------------------------------------------------- +Thu Nov 9 15:11:57 MST 2017 - carnold@suse.com + +- bsc#1067224 - xen-tools have hard dependency on Python 2 + pygrub-python3-conversion.patch + xenmon-python3-conversion.patch + migration-python3-conversion.patch + xnloader.py + xen2libvirt.py + +------------------------------------------------------------------- +Wed Nov 8 10:47:24 UTC 2017 - ohering@suse.de + +- Remove xendriverdomain.service (bsc#1065185) + Driver domains must be configured manually with custom .service file + +------------------------------------------------------------------- +Thu Nov 2 14:14:02 MDT 2017 - carnold@suse.com + +- Update to Xen 4.10.0-rc3 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +- Drop 59f31268-libxc-remove-stale-error-check-for-domain-size.patch + +------------------------------------------------------------------- +Thu Nov 2 11:36:27 UTC 2017 - ohering@suse.de + +- Adjust xen-dom0-modules.service to ignore errors (bsc#1065187) + +------------------------------------------------------------------- +Fri Oct 27 07:48:55 MDT 2017 - carnold@suse.com + +- fate#324052 Support migration of Xen HVM domains larger than 1TB + 59f31268-libxc-remove-stale-error-check-for-domain-size.patch + +------------------------------------------------------------------- +Wed Oct 25 16:26:33 MDT 2017 - carnold@suse.com + +- Update to Xen 4.10.0-rc2 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Mon Oct 16 09:34:23 MDT 2017 - carnold@suse.com + +- Update to Xen 4.10.0-rc1 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +- Drop patches included in new tarball + 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch + 596f257e-x86-fix-hvmemul_insn_fetch.patch + 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch + 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch + 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch + 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch + 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch + 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch + 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch + 59958ebf-gnttab-fix-transitive-grant-handling.patch + 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch + 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch + 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch + 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch + 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch + 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch + 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch + 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch + 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch + 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch + 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch + 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch + 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch + 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch + gcc7-arm.patch + gcc7-mini-os.patch + +------------------------------------------------------------------- +Tue Oct 3 09:03:57 MDT 2017 - carnold@suse.com + +- bsc#1061084 - VUL-0: xen: page type reference leak on x86 + (XSA-242) + xsa242.patch +- bsc#1061086 - VUL-0: xen: x86: Incorrect handling of self-linear + shadow mappings with translated guests (XSA-243) + xsa243.patch +- bsc#1061087 - VUL-0: xen: x86: Incorrect handling of IST settings + during CPU hotplug (XSA-244) + xsa244.patch + +------------------------------------------------------------------- +Mon Oct 2 13:26:08 MDT 2017 - carnold@suse.com + +- bsc#1061077 - VUL-0: xen: DMOP map/unmap missing argument checks + (XSA-238) + xsa238.patch +- bsc#1061080 - VUL-0: xen: hypervisor stack leak in x86 I/O + intercept code (XSA-239) + xsa239.patch +- bsc#1061081 - VUL-0: xen: Unlimited recursion in linear pagetable + de-typing (XSA-240) + xsa240-1.patch + xsa240-2.patch +- bsc#1061082 - VUL-0: xen: Stale TLB entry due to page type + release race (XSA-241) + xsa241.patch + +------------------------------------------------------------------- +Fri Sep 29 10:57:35 MDT 2017 - carnold@suse.com + +- bsc#1061075 - VUL-0: xen: pin count / page reference race in + grant table code (XSA-236) + xsa236.patch +- bsc#1061076 - VUL-0: xen: multiple MSI mapping issues on x86 + (XSA-237) + xsa237-1.patch + xsa237-2.patch + xsa237-3.patch + xsa237-4.patch + xsa237-5.patch + +------------------------------------------------------------------- +Tue Sep 26 08:44:03 MDT 2017 - carnold@suse.com + +- bsc#1056278 - VUL-0: xen: Missing NUMA node parameter + verification (XSA-231) + 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch +- bsc#1056280 - VUL-0: xen: Missing check for grant table (XSA-232) + 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch +- bsc#1056281 - VUL-0: xen: cxenstored: Race in domain cleanup + (XSA-233) + 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch +- bsc#1056282 - VUL-0: xen: insufficient grant unmapping checks for + x86 PV guests (XSA-234) + 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch +- bsc#1055321 - VUL-0: xen: add-to-physmap error paths fail to + release lock on ARM (XSA-235) + 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch +- Upstream patches from Jan (bsc#1027519) + 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch + 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch + 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch + 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch + 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch + 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch + 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch + 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch +- Dropped gcc7-xen.patch + +------------------------------------------------------------------- +Thu Sep 7 04:58:12 MDT 2017 - carnold@suse.com + +- bsc#1057358 - Cannot Boot into SLES12.3 with Xen hypervisor when + Secure Boot is Enabled + xen.spec + +------------------------------------------------------------------- +Tue Sep 5 12:00:59 UTC 2017 - ohering@suse.de + +- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored + update from v6 to v9 to cover more cases for ballooned domUs + libxc.sr.superpage.patch + +------------------------------------------------------------------- +Mon Aug 28 14:51:54 UTC 2017 - ohering@suse.de + +- bsc#1026236 - remove suse_vtsc_tolerance= cmdline option for Xen + drop the patch because it is not upstream acceptable + remove xen.suse_vtsc_tolerance.patch + +------------------------------------------------------------------- +Sat Aug 26 10:52:46 UTC 2017 - ohering@suse.de + +- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored + after the save using xl stack + libxc.sr.superpage.patch + +------------------------------------------------------------------- +Tue Aug 22 13:25:33 UTC 2017 - ohering@suse.de + +- Unignore gcc-PIE + the toolstack disables PIE for firmware builds as needed + +------------------------------------------------------------------- +Mon Aug 21 10:42:46 MDT 2017 - carnold@suse.com + +- Upstream patches from Jan (bsc#1027519) + 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch + 596f257e-x86-fix-hvmemul_insn_fetch.patch + 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch + 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch + 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch + 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch (Replaces xsa227.patch) + 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch (Replaces xsa228.patch) + 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch (Replaces xsa230.patch) + 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch (Replaces xsa226-1.patch) + 59958ebf-gnttab-fix-transitive-grant-handling.patch (Replaces xsa226-2.patch) + 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch + +------------------------------------------------------------------- +Wed Aug 16 15:03:46 MDT 2017 - carnold@suse.com + +- bsc#1044974 - xen-tools require python-pam + xen.spec + +------------------------------------------------------------------- +Fri Aug 11 16:37:44 MDT 2017 - carnold@suse.com + +- Clean up spec file errors and a few warnings. (bsc#1027519) +- Removed conditional 'with_systemd' and some old deprecated + 'sles_version' checks. + xen.spec + +------------------------------------------------------------------- +Thu Aug 10 19:45:31 UTC 2017 - jfehlig@suse.com + +- Remove use of brctl utiltiy from supportconfig plugin + FATE#323639 + +------------------------------------------------------------------- +Thu Aug 10 07:50:47 UTC 2017 - ohering@suse.de + +- Use upstream variant of mini-os __udivmoddi4 change + gcc7-mini-os.patch + +------------------------------------------------------------------- +Wed Aug 9 13:14:56 MDT 2017 - carnold@suse.com + +- fate#323639 Move bridge-utils to legacy + replace-obsolete-network-configuration-commands-in-s.patch + +------------------------------------------------------------------- +Tue Aug 8 08:20:41 MDT 2017 - carnold@suse.com + +- bsc#1052686 - VUL-0: xen: grant_table: possibly premature + clearing of GTF_writing / GTF_reading (XSA-230) + xsa230.patch + +------------------------------------------------------------------- +Mon Aug 7 12:53:44 UTC 2017 - ohering@suse.de + +- bsc#1035231 - migration of HVM domU does not use superpages + on destination dom0 + libxc.sr.superpage.patch + +------------------------------------------------------------------- +Thu Aug 3 11:51:11 MDT 2017 - carnold@suse.com + +- bsc#1051787 - VUL-0: CVE-2017-12135: xen: possibly unbounded + recursion in grant table code (XSA-226) + xsa226-1.patch + xsa226-2.patch +- bsc#1051788 - VUL-0: CVE-2017-12137: xen: x86: PV privilege + escalation via map_grant_ref (XSA-227) + xsa227.patch +- bsc#1051789 - VUL-0: CVE-2017-12136: xen: grant_table: Race + conditions with maptrack free list handling (XSA-228) + xsa228.patch + +------------------------------------------------------------------- +Tue Aug 1 20:02:58 UTC 2017 - jfehlig@suse.com + +- Add a supportconfig plugin + xen-supportconfig + FATE#323661 + +------------------------------------------------------------------- +Tue Jul 25 14:48:02 UTC 2017 - ohering@suse.de + +- bsc#1026236 - add suse_vtsc_tolerance= cmdline option for Xen + To avoid emulation of TSC access from a domU after live migration + add a global tolerance for the measured host kHz + xen.suse_vtsc_tolerance.patch + +------------------------------------------------------------------- +Thu Jul 20 10:46:43 MDT 2017 - carnold@suse.com + +- fate#323662 Drop qemu-dm from xen-tools package + The following tarball and patches have been removed + qemu-xen-traditional-dir-remote.tar.bz2 + VNC-Support-for-ExtendedKeyEvent-client-message.patch + 0001-net-move-the-tap-buffer-into-TAPState.patch + 0002-net-increase-tap-buffer-size.patch + 0003-e1000-fix-access-4-bytes-beyond-buffer-end.patch + 0004-e1000-secrc-support.patch + 0005-e1000-multi-buffer-packet-support.patch + 0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch + 0007-e1000-verify-we-have-buffers-upfront.patch + 0008-e1000-check-buffer-availability.patch + CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch + CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch + CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch + CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch + CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch + CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch + CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch + CVE-2015-4037-qemut-smb-config-dir-name.patch + CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch + CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch + CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch + CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch + CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch + CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch + CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch + CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch + CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch + CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch + CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch + CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch + CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch + CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch + CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch + CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch + CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch + CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch + CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch + CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch + CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch + CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch + CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch + CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch + blktap.patch + cdrom-removable.patch + xen-qemu-iscsi-fix.patch + qemu-security-etch1.patch + xen-disable-qemu-monitor.patch + xen-hvm-default-bridge.patch + qemu-ifup-set-mtu.patch + ioemu-vnc-resize.patch + capslock_enable.patch + altgr_2.patch + log-guest-console.patch + bdrv_open2_fix_flags.patch + bdrv_open2_flags_2.patch + ioemu-7615-qcow2-fix-alloc_cluster_link_l2.patch + qemu-dm-segfault.patch + bdrv_default_rwflag.patch + kernel-boot-hvm.patch + ioemu-watchdog-support.patch + ioemu-watchdog-linkage.patch + ioemu-watchdog-ib700-timer.patch + ioemu-hvm-pv-support.patch + pvdrv_emulation_control.patch + ioemu-disable-scsi.patch + ioemu-disable-emulated-ide-if-pv.patch + xenpaging.qemu.flush-cache.patch + ioemu-devicemodel-include.patch +- Cleanup spec file and remove unused KMP patches + kmp_filelist + supported_module.patch + xen_pvonhvm.xen_emul_unplug.patch + +------------------------------------------------------------------- +Mon Jul 17 15:19:50 MDT 2017 - carnold@suse.com + +- bsc#1002573 - Optimize LVM functions in block-dmmd + block-dmmd + +------------------------------------------------------------------- +Fri Jul 14 18:05:12 UTC 2017 - ohering@suse.de + +- Record initial Xen dmesg in /var/log/xen/xen-boot.log for + supportconfig. Keep previous log in /var/log/xen/xen-boot.prev.log + +------------------------------------------------------------------- +Fri Jul 14 10:41:34 UTC 2017 - ohering@suse.de + +- Remove storytelling from description in xen.rpm + +------------------------------------------------------------------- +Wed Jun 28 01:40:43 MDT 2017 - carnold@suse.com + +- Update to Xen 4.9.0 FCS (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Wed Jun 21 14:03:40 MDT 2017 - carnold@suse.com + +- Update block-dmmd script (bsc#1002573) + block-dmmd + +------------------------------------------------------------------- +Tue Jun 20 15:18:25 MDT 2017 - carnold@suse.com + +- Update to Xen 4.9.0-rc8+ (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + gcc7-arm.patch +- Drop gcc7-error-xenpmd.patch + +------------------------------------------------------------------- +Mon Jun 5 10:49:34 MDT 2017 - carnold@suse.com + +- Update to Xen 4.9.0-rc8 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Thu Jun 1 13:24:26 MDT 2017 - carnold@suse.com + +- bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop + due to incorrect return value + CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch + +------------------------------------------------------------------- +Tue May 30 11:24:41 MDT 2017 - carnold@suse.com + +- bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory + leakage via capture buffer + CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch + +------------------------------------------------------------------- +Fri May 26 12:58:06 MDT 2017 - carnold@suse.com + +- Update to Xen 4.9.0-rc7 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Mon May 22 14:43:01 MDT 2017 - carnold@suse.com + +- Update to Xen 4.9.0-rc6 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Thu May 18 16:22:53 MDT 2017 - carnold@suse.com + +- bsc#1031343 - xen fails to build with GCC 7 + gcc7-mini-os.patch + gcc7-xen.patch + +------------------------------------------------------------------- +Wed May 17 08:28:37 MDT 2017 - carnold@suse.com + +- bsc#1031343 - xen fails to build with GCC 7 + gcc7-error-xenpmd.patch + +------------------------------------------------------------------- +Tue May 16 09:04:19 MDT 2017 - carnold@suse.com + +- Update to Xen 4.9.0-rc5 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 +- Drop xen-tools-pkgconfig-xenlight.patch + +------------------------------------------------------------------- +Wed May 10 15:26:38 MDT 2017 - carnold@suse.com + +- bsc#1037779 - xen breaks kexec-tools build + xen-tools-pkgconfig-xenlight.patch + +------------------------------------------------------------------- +Tue May 9 08:40:58 MDT 2017 - carnold@suse.com + +- Update to Xen 4.9.0-rc4 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Tue May 2 09:18:24 MDT 2017 - carnold@suse.com + +- bsc#1036146 - sles12sp2 xen VM dumps core to wrong path + xen.spec + +------------------------------------------------------------------- +Fri Apr 28 09:03:56 MDT 2017 - carnold@suse.com + +- Update to Xen 4.9.0-rc3 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + aarch64-maybe-uninitialized.patch + +------------------------------------------------------------------- +Fri Apr 21 16:26:31 MDT 2017 - carnold@suse.com + +- Update to Xen 4.9.0-rc2 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Wed Apr 19 07:54:58 MDT 2017 - carnold@suse.com + +- Update to Xen 4.9.0-rc1 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + ioemu-devicemodel-include.patch +- Dropped patches contained in new tarball + xen-4.8.0-testing-src.tar.bz2 + 0001-xenstore-let-write_node-and-some-callers-return-errn.patch + 0002-xenstore-undo-function-rename.patch + 0003-xenstore-rework-of-transaction-handling.patch + 584806ce-x86emul-correct-PUSHF-POPF.patch + 584fc649-fix-determining-when-domain-creation-is-complete.patch + 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch + 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch + 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch + 5853ed37-VT-d-correct-dma_msi_set_affinity.patch + 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch + 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch + 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch + 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch + 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch + 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch + 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch + 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch + 5882129d-x86emul-LOCK-check-adjustments.patch + 58821300-x86-segment-attribute-handling.patch + 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch + 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch + 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch + 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch + 5887888f-credit2-use-the-correct-scratch-cpumask.patch + 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch + 5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch + 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch + 58a44771-IOMMU-always-call-teardown-callback.patch + 58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch + 58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch + 58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch + 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch + 58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch + 58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch + 58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch + 58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch + 58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch + 58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch + 58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch + 58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch + 58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch + CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch + CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch + glibc-2.25-compatibility-fix.patch + xs-09-add_change_node-params.patch + xs-10-call-add_change_node.patch + xs-11-tdb-record-header.patch + xs-12-node-gen-count.patch + xs-13-read-directory-part-support.patch + xs-14-command-array.patch + xs-15-command-return-val.patch + xs-16-function-static.patch + xs-17-arg-parsing.patch + xs-18-default-buffer.patch + xs-19-handle-alloc-failures.patch + xs-20-tdb-version.patch + xs-21-empty-tdb-database.patch + xs-22-reopen_log-fix.patch + xs-23-XS_DEBUG-rename.patch + xs-24-xenstored_control.patch + xs-25-control-enhance.patch + xs-26-log-control.patch + xs-27-memory-report.patch + xs-28-remove-talloc-report.patch + xs-29-define-off_t.patch + xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch + xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch + +------------------------------------------------------------------- +Wed Apr 5 11:41:52 MDT 2017 - carnold@suse.com + +- bsc#1022703 - Xen HVM guest with OVMF hangs with unattached CDRom + 58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch + +------------------------------------------------------------------- +Wed Mar 29 16:18:26 UTC 2017 - jfehlig@suse.com + +- bsc#1015348 - L3: libvirtd does not start during boot + suse-xendomains-service.patch + +------------------------------------------------------------------- +Wed Mar 22 08:54:15 MDT 2017 - carnold@suse.com + +- bsc#1014136 - Partner-L3: kdump can't dump a kernel on SLES12-SP2 + with Xen hypervisor. + 58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch +- bsc#1026236 - L3: Paravirtualized vs. fully virtualized migration + - latter one much faster + 58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch +- Upstream patch from Jan + 58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch + 58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch + 58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch + +------------------------------------------------------------------- +Mon Mar 20 09:46:02 MDT 2017 - carnold@suse.com + +- bsc#1022555 - L3: Timeout in "execution of /etc/xen/scripts/block + add" + 58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch + 0001-xenstore-let-write_node-and-some-callers-return-errn.patch + 0002-xenstore-undo-function-rename.patch + 0003-xenstore-rework-of-transaction-handling.patch +- bsc#1030144 - VUL-0: xen: xenstore denial of service via repeated + update (XSA-206) + xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch + xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch +- bsc#1029827 - Forward port xenstored + xs-09-add_change_node-params.patch + xs-10-call-add_change_node.patch + xs-11-tdb-record-header.patch + xs-12-node-gen-count.patch + xs-13-read-directory-part-support.patch + xs-14-command-array.patch + xs-15-command-return-val.patch + xs-16-function-static.patch + xs-17-arg-parsing.patch + xs-18-default-buffer.patch + xs-19-handle-alloc-failures.patch + xs-20-tdb-version.patch + xs-21-empty-tdb-database.patch + xs-22-reopen_log-fix.patch + xs-23-XS_DEBUG-rename.patch + xs-24-xenstored_control.patch + xs-25-control-enhance.patch + xs-26-log-control.patch + xs-27-memory-report.patch + xs-28-remove-talloc-report.patch + xs-29-define-off_t.patch + +------------------------------------------------------------------- +Tue Mar 14 06:59:46 UTC 2017 - ohering@suse.de + +- bsc#1029128 - fix make xen to really produce xen.efi with gcc48 + +------------------------------------------------------------------- +Wed Mar 8 07:51:35 MST 2017 - carnold@suse.com + +- bsc#1028235 - VUL-0: CVE-2017-6505: xen: qemu: usb: an infinite + loop issue in ohci_service_ed_list + CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch +- Upstream patches from Jan (bsc#1027519) + 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch + 5887888f-credit2-use-the-correct-scratch-cpumask.patch + 5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch + 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch + 58a44771-IOMMU-always-call-teardown-callback.patch + 58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch + 58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch + 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch + 58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch + 58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch + 58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch + +------------------------------------------------------------------- +Thu Mar 2 15:21:25 MST 2017 - carnold@suse.com + +- bsc#1027654 - XEN fails to build against glibc 2.25 + glibc-2.25-compatibility-fix.patch + libxl.pvscsi.patch + +------------------------------------------------------------------- +Thu Feb 16 11:42:23 UTC 2017 - ohering@suse.de + +- fate#316613: Refresh and enable libxl.pvscsi.patch + +------------------------------------------------------------------- +Fri Feb 10 11:22:01 MST 2017 - carnold@suse.com + +- bsc#1024834 - VUL-0: CVE-2017-2620: xen: cirrus_bitblt_cputovideo + does not check if memory region is safe (XSA-209) + CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch + +------------------------------------------------------------------- +Wed Feb 8 10:19:24 MST 2017 - carnold@suse.com + +- bsc#1023948 - [pvusb][sles12sp3][openqa] Segmentation fault + happened when adding usbctrl devices via xl + 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch + +------------------------------------------------------------------- +Thu Feb 2 09:57:01 MST 2017 - carnold@suse.com + +- Upstream patches from Jan (bsc#1027519) + 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch + 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch + 5882129d-x86emul-LOCK-check-adjustments.patch + 58821300-x86-segment-attribute-handling.patch + 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch + 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch + 5887888f-credit2-use-the-correct-scratch-cpumask.patch + 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch + 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch + 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch + +------------------------------------------------------------------- +Wed Feb 1 09:36:25 MST 2017 - carnold@suse.com + +- bsc#1023004 - VUL-0: CVE-2017-2615: qemu: display: cirrus: oob + access while doing bitblt copy backward mode + CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch + +------------------------------------------------------------------- +Thu Jan 26 10:30:19 MST 2017 - carnold@suse.com + +- fate#322313 and fate#322150 require the acpica package ported to + aarch64 which Xen 4.8 needs to build. Temporarily disable aarch64 + until these fates are complete. + xen.spec + +------------------------------------------------------------------- +Wed Jan 25 15:39:26 MST 2017 - carnold@suse.com + +- bsc#1021952 - Virutalization/xen: Bug xen-tools missing + /usr/bin/domu-xenstore; guests fail to launch + tmp_build.patch + xen.spec + +------------------------------------------------------------------- +Wed Jan 18 10:50:52 UTC 2017 - ohering@suse.de + +- No systemd presets for 42.3+ and SLE12SP3+ (bsc#1012842) + +------------------------------------------------------------------- +Thu Jan 12 11:34:06 MST 2017 - carnold@suse.com + +- bsc#1007224 - broken symlinks in /usr/share/doc/packages/xen/misc/ + xen.spec + +------------------------------------------------------------------- +Mon Jan 9 10:54:19 MST 2017 - carnold@suse.com + +- 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch + Replaces xsa202.patch (bsc#1014298) +- 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch + Replaces xsa203.patch (bsc#1014300) +- 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch + Replaces xsa204.patch (bsc#1016340) +- Upstream patches from Jan + 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch + 5853ed37-VT-d-correct-dma_msi_set_affinity.patch + 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch + 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch + 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch + +------------------------------------------------------------------- +Wed Jan 4 14:59:04 MST 2017 - carnold@suse.com + +- bsc#1015169 - VUL-0: CVE-2016-9921, CVE-2016-9922: xen: qemu: + display: cirrus_vga: a divide by zero in cirrus_do_copy + CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch + +------------------------------------------------------------------- +Mon Dec 19 10:32:51 MST 2016 - carnold@suse.com + +- bsc#1016340 - VUL-0: CVE-2016-10013: xen: x86: Mishandling of + SYSCALL singlestep during emulation (XSA-204) + xsa204.patch + +------------------------------------------------------------------- +Thu Dec 15 09:08:18 MST 2016 - carnold@suse.com + +- bsc#1012651 - VUL-0: CVE-2016-9932: xen: x86 CMPXCHG8B emulation + fails to ignore operand size override (XSA-200) + 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch + +------------------------------------------------------------------- +Wed Dec 14 08:24:41 MST 2016 - carnold@suse.com + +- bsc#1014298 - VUL-0: CVE-2016-10024: xen: x86 PV guests may be + able to mask interrupts (XSA-202) + xsa202.patch +- bsc#1014300 - VUL-0: CVE-2016-10025: xen: x86: missing NULL + pointer check in VMFUNC emulation (XSA-203) + xsa203.patch +- Upstream patches from Jan + 584806ce-x86emul-correct-PUSHF-POPF.patch + 584fc649-fix-determining-when-domain-creation-is-complete.patch + 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch + 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch + +------------------------------------------------------------------- +Mon Dec 5 15:32:00 MST 2016 - carnold@suse.com + +- Update to Xen 4.8 FCS + xen-4.8.0-testing-src.tar.bz2 +- Dropped + xen-4.7.1-testing-src.tar.bz2 + 0001-libxc-Rework-extra-module-initialisation.patch + 0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch + 0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch + 0004-firmware-makefile-install-BIOS-blob.patch + 0005-libxl-Load-guest-BIOS-from-file.patch + 0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch + 0007-hvmloader-Grab-the-hvm_start_info-pointer.patch + 0008-hvmloader-Locate-the-BIOS-blob.patch + 0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch + 0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch + 0011-hvmloader-Load-OVMF-from-modules.patch + 0012-hvmloader-Specific-bios_load-function-required.patch + 0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch + 0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch + 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch + 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch + 5769106e-x86-generate-assembler-equates-for-synthesized.patch + 57a1e603-x86-time-adjust-local-system-time-initialization.patch + 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch + 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch + 57a30261-x86-support-newer-Intel-CPU-models.patch + 5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch + 581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch + 581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch + 58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch + 582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch + 582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch + 58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch + 58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch + 58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch + 58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch + 58343ec2-x86emul-fix-huge-bit-offset-handling.patch + 58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch + 58343f44-x86-svm-fix-injection-of-software-interrupts.patch + 58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch + CVE-2016-9381-xsa197-qemut.patch + CVE-2016-9637-xsa199-qemut.patch + +------------------------------------------------------------------- +Tue Nov 22 10:49:36 MST 2016 - carnold@suse.com + +- bsc#1011652 - VUL-0: xen: qemu ioport array overflow + CVE-2016-9637-xsa199-qemut.patch + +------------------------------------------------------------------- +Fri Nov 18 11:30:20 MST 2016 - carnold@suse.com + +- bsc#1009100 - VUL-0: CVE-2016-9386: XSA-191: xen: x86 null + segments not always treated as unusable + 58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch +- bsc#1009103 - VUL-0: CVE-2016-9382: XSA-192: xen: x86 task switch + to VM86 mode mis-handled + 58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch +- bsc#1009104 - VUL-0: CVE-2016-9385: XSA-193: xen: x86 segment base + write emulation lacking canonical address checks + 58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch +- bsc#1009105 - VUL-0: CVE-2016-9384: XSA-194: xen: guest 32-bit + ELF symbol table load leaking host data + 58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch +- bsc#1009107 - VUL-0: CVE-2016-9383: XSA-195: xen: x86 64-bit bit + test instruction emulation broken + 58343ec2-x86emul-fix-huge-bit-offset-handling.patch +- bsc#1009108 - VUL-0: CVE-2016-9377,CVE-2016-9378: XSA-196: xen: + x86 software interrupt injection mis-handled + 58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch + 58343f44-x86-svm-fix-injection-of-software-interrupts.patch +- bsc#1009109 - VUL-0: CVE-2016-9381: XSA-197: xen: qemu incautious + about shared ring processing + CVE-2016-9381-xsa197-qemut.patch +- bsc#1009111 - VUL-0: CVE-2016-9379,CVE-2016-9380: XSA-198: xen: + delimiter injection vulnerabilities in pygrub + 58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch +- Upstream patches from Jan + 581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch + 581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch + 58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch + 582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch + 582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch + +------------------------------------------------------------------- +Tue Nov 15 13:12:40 MST 2016 - carnold@suse.com + +- Update to Xen Version 4.7.1 + xen-4.7.1-testing-src.tar.bz2 +- Dropped patches contained in new tarball + xen-4.7.0-testing-src.tar.bz2 + 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch + 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch + 57973099-have-schedulers-revise-initial-placement.patch + 579730e6-remove-buggy-initial-placement-algorithm.patch + 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch + 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch + 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch + 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch + 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch + 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch + 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch + 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch + 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch + 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch + 57c82be2-x86-32on64-adjust-call-gate-emulation.patch + 57c93e52-fix-error-in-libxl_device_usbdev_list.patch + 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch + 57c96e2c-x86-correct-PT_NOTE-file-position.patch + 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch + 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch + 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch + 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch + 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch + 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch + 57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch + 57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch + 57da8883-credit1-fix-mask-to-be-used-for-tickling.patch + 57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch + 57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch + 57e93e1d-x86emul-correct-loading-of-ss.patch + 57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch + 57e93e89-x86-AMD-apply-erratum-665-workaround.patch + 57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch + 57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch + 57fb6a91-x86-defer-not-present-segment-checks.patch + 5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch + 5800caec-x86emul-fix-pushing-of-selector-registers.patch + 5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch + 580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch + 57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch + +------------------------------------------------------------------- +Mon Nov 7 15:08:58 MST 2016 - carnold@suse.com + +- bsc#1004981 - Xen RPM doesn't contain debug hypervisor for EFI + systems + xen.spec + +------------------------------------------------------------------- +Thu Nov 3 09:30:24 MDT 2016 - carnold@suse.com + +- bsc#1000106 - VUL-0: CVE-2016-7777: xen: CR0.TS and CR0.EM not + always honored for x86 HVM guests (XSA-190) + 57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch +- bsc#996191 - [XEN][acpi]residency -n 88 -c will cause xen panic + on broadwell-ep + 57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch +- Upstream patches from Jan + 57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch + 57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch + 57da8883-credit1-fix-mask-to-be-used-for-tickling.patch + 57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch + 57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch + 57e93e1d-x86emul-correct-loading-of-ss.patch + 57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch + 57e93e89-x86-AMD-apply-erratum-665-workaround.patch + 57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch + 57fb6a91-x86-defer-not-present-segment-checks.patch + 5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch + 5800caec-x86emul-fix-pushing-of-selector-registers.patch + 5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch + 580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch + 5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch + +------------------------------------------------------------------- +Wed Nov 2 10:30:58 MDT 2016 - carnold@suse.com + +- bsc#1007941 - Xen tools limit the number of vcpus to 256 when the + system has 384 + xen-arch-kconfig-nr_cpus.patch + +------------------------------------------------------------------- +Tue Nov 1 09:37:08 MDT 2016 - carnold@suse.com + +- bsc#1007157 - VUL-0: CVE-2016-8910: xen: net: rtl8139: infinite + loop while transmit in C+ mode + CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch + +------------------------------------------------------------------- +Mon Oct 17 10:00:19 MDT 2016 - carnold@suse.com + +- bsc#1005004 - CVE-2016-8667: xen: dma: rc4030 divide by zero + error in set_next_tick + CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch +- bsc#1005005 - VUL-0: CVE-2016-8669: xen: char: divide by zero + error in serial_update_parameters + CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch + +------------------------------------------------------------------- +Wed Oct 5 10:55:45 MDT 2016 - carnold@suse.com + +- bsc#1003030 - VUL-0: CVE-2016-7908: xen: net: Infinite loop in + mcf_fec_do_tx + CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch +- bsc#1003032 - VUL-0: CVE-2016-7909: xen: net: pcnet: infinite + loop in pcnet_rdra_addr + CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch + +------------------------------------------------------------------- +Mon Sep 12 08:44:11 MDT 2016 - carnold@suse.com + +- bsc#995785 - VUL-0: CVE-2016-7092: xen: x86: Disallow L3 + recursive pagetable for 32-bit PV guests (XSA-185) + 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch +- bsc#995789 - VUL-0: CVE-2016-7093: xen: x86: Mishandling of + instruction pointer truncation during emulation (XSA-186) + 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch + 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch +- bsc#995792 - VUL-0: CVE-2016-7094: xen: x86 HVM: Overflow of + sh_ctxt->seg_reg[] (XSA-187) + 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch + 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch +- bsc#991934 - xen hypervisor crash in csched_acct + 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch +- Upstream patches from Jan + 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch + 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch + 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch + 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch + 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch + 57c82be2-x86-32on64-adjust-call-gate-emulation.patch + 57c96e2c-x86-correct-PT_NOTE-file-position.patch + 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch + +------------------------------------------------------------------- +Mon Sep 12 13:10:21 UTC 2016 - ohering@suse.de + +- bsc#979002 - add 60-persistent-xvd.rules and helper script + also to initrd, add the relevant dracut helper + +------------------------------------------------------------------- +Mon Sep 5 11:39:21 UTC 2016 - ohering@suse.de + +- bnc#953518 - unplug also SCSI disks in qemu-xen-traditional for + upstream unplug protocol + +------------------------------------------------------------------- +Fri Sep 2 08:32:44 MDT 2016 - carnold@suse.com + +- bsc#989679 - [pvusb feature] USB device not found when + 'virsh detach-device guest usb.xml' + 57c93e52-fix-error-in-libxl_device_usbdev_list.patch + +------------------------------------------------------------------- +Tue Aug 23 08:07:46 MDT 2016 - carnold@suse.com + +- bsc#992224 - [HPS Bug] During boot of Xen Hypervisor, Failed to + get contiguous memory for DMA from Xen + 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch +- bsc#978755 - xen uefi systems fail to boot +- bsc#983697 - SLES12 SP2 Xen UEFI mode cannot boot + 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch +- Upstream patch from Jan + 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch + +------------------------------------------------------------------- +Mon Aug 8 18:27:23 UTC 2016 - jfehlig@suse.com + +- spec: to stay compatible with the in-tree qemu-xen binary, use + /usr/bin/qemu-system-i386 instead of /usr/bin/qemu-system-x86_64 + bsc#986164 + +------------------------------------------------------------------- +Thu Aug 4 09:12:34 MDT 2016 - carnold@suse.com + +- bsc#970135 - new virtualization project clock test randomly fails + on Xen + 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch + 5769106e-x86-generate-assembler-equates-for-synthesized.patch + 57a1e603-x86-time-adjust-local-system-time-initialization.patch + 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch + 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch +- bsc#991934 - xen hypervisor crash in csched_acct + 57973099-have-schedulers-revise-initial-placement.patch + 579730e6-remove-buggy-initial-placement-algorithm.patch +- bsc#988675 - VUL-0: CVE-2016-6258: xen: x86: Privilege escalation + in PV guests (XSA-182) + 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch +- bsc#988676 - VUL-0: CVE-2016-6259: xen: x86: Missing SMAP + whitelisting in 32-bit exception / event delivery (XSA-183) + 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch +- Upstream patches from Jan + 57a30261-x86-support-newer-Intel-CPU-models.patch + +------------------------------------------------------------------- +Mon Aug 1 11:46:22 MDT 2016 - carnold@suse.com + +- bsc#985503 - vif-route broken + vif-route.patch + +------------------------------------------------------------------- +Thu Jul 28 05:23:12 MDT 2016 - carnold@suse.com + +- bsc#978413 - PV guest upgrade from sles11sp4 to sles12sp2 alpha3 + failed on sles11sp4 xen host. + pygrub-handle-one-line-menu-entries.patch + +------------------------------------------------------------------- +Wed Jul 27 14:09:06 MDT 2016 - carnold@suse.com + +- bsc#990843 - VUL-1: CVE-2016-6351: xen: qemu: scsi: esp: OOB + write access in esp_do_dma + CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch + +------------------------------------------------------------------- +Thu Jun 23 09:45:38 MDT 2016 - carnold@suse.com + +- bsc#900418 - Dump cannot be performed on SLES12 XEN + 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch +- Upstream patches from Jan + 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch + 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch + +------------------------------------------------------------------- +Tue Jun 21 08:26:51 MDT 2016 - carnold@suse.com + +- fate#319989 - Update to Xen 4.7 FCS + xen-4.7.0-testing-src.tar.bz2 +- Drop CVE-2014-3672-qemut-xsa180.patch + +------------------------------------------------------------------- +Thu Jun 16 16:27:25 MDT 2016 - carnold@suse.com + +- bsc#954872 - script block-dmmd not working as expected - libxl: + error: libxl_dm.c (Additional fixes) + block-dmmd + +------------------------------------------------------------------- +Fri Jun 10 14:23:51 UTC 2016 - ohering@suse.de + +- Convert with_stubdom into build_conditional to allow adjusting + via prjconf +- Convert with_debug into build_conditional to allow adjusting + via prjconf + +------------------------------------------------------------------- +Fri Jun 10 13:36:32 UTC 2016 - ohering@suse.de + +- bsc#979002 - add 60-persistent-xvd.rules and helper script to + xen-tools-domU to simplify transition to pvops based kernels + +------------------------------------------------------------------- +Fri Jun 10 13:18:13 UTC 2016 - ohering@suse.de + +- Convert with_oxenstored into build_conditional to allow + adjusting via prjconf (fate#320836) + +------------------------------------------------------------------- +Thu Jun 9 11:10:33 MDT 2016 - carnold@suse.com + +- bsc#983984 - VUL-0: CVE-2016-5338: xen: qemu: scsi: esp: OOB r/w + access while processing ESP_FIFO + CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch +- bsc#982960 - VUL-0: CVE-2016-5238: xen: qemu: scsi: esp: OOB + write when using non-DMA mode in get_cmd + CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch + +------------------------------------------------------------------- +Tue Jun 7 08:05:09 MDT 2016 - carnold@suse.com + +- fate#319989 - Update to Xen 4.7 RC5 + xen-4.7.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Tue May 25 08:54:54 MDT 2016 - carnold@suse.com + +- fate#319989 - Update to Xen 4.7 RC4 + xen-4.7.0-testing-src.tar.bz2 +- Dropped + xen.pkgconfig-4.7.patch + xsa164.patch + +------------------------------------------------------------------- +Mon May 23 15:24:35 MDT 2016 - carnold@suse.com + +- bsc#981264 - VUL-0: CVE-2014-3672: xen: Unrestricted qemu logging + (XSA-180) + CVE-2014-3672-qemut-xsa180.patch + +------------------------------------------------------------------- +Thu May 19 10:46:53 MDT 2016 - carnold@suse.com + +- bsc#980724 - VUL-0: CVE-2016-4441: Qemu: scsi: esp: OOB write + while writing to 's->cmdbuf' in get_cmd + CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch +- bsc#980716 - VUL-0: CVE-2016-4439: xen: scsi: esp: OOB write + while writing to 's->cmdbuf' in esp_reg_write + CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch + +------------------------------------------------------------------- +Tue May 17 10:16:47 MDT 2016 - carnold@suse.com + +- fate#319989 - Update to Xen 4.7 RC3 + xen-4.7.0-testing-src.tar.bz2 +- Dropped + libxl-remove-cdrom-cachemode.patch + x86-PoD-only-reclaim-if-needed.patch + gcc6-warnings-as-errors.patch + +------------------------------------------------------------------- +Wed May 11 16:55:23 MDT 2016 - carnold@suse.com + +- bsc#954872 - script block-dmmd not working as expected - libxl: + error: libxl_dm.c (another modification) + block-dmmd + +------------------------------------------------------------------- +Tue May 10 14:39:00 MDT 2016 - carnold@suse.com + +- fate#319989 - Update to Xen 4.7 RC2 + xen-4.7.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Tue May 10 11:06:56 MDT 2016 - carnold@suse.com + +- bsc#961600 - L3: poor performance when Xen HVM domU configured + with max memory > current memory + x86-PoD-only-reclaim-if-needed.patch + +------------------------------------------------------------------- +Fri May 6 11:47:24 UTC 2016 - ohering@suse.de + +- Mark SONAMEs and pkgconfig as xen 4.7 + xen.pkgconfig-4.7.patch + +------------------------------------------------------------------- +Tue May 3 17:25:08 UTC 2016 - jfehlig@suse.com + +- bsc#977329 - Xen: Cannot boot HVM guests with empty cdrom + libxl-remove-cdrom-cachemode.patch + +------------------------------------------------------------------- +Tue May 3 08:25:27 MDT 2016 - carnold@suse.com + +- fate#319989 - Update to Xen 4.7 RC1 + xen-4.7.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Tue May 3 13:48:59 UTC 2016 - ohering@suse.de + +- fate#316614: set migration constraints from cmdline + restore libxl.set-migration-constraints-from-cmdline.patch + +------------------------------------------------------------------- +Tue May 3 11:49:31 UTC 2016 - ohering@suse.de + +- Remove obsolete patch for xen-kmp + magic_ioport_compat.patch + +------------------------------------------------------------------- +Tue May 3 07:31:28 UTC 2016 - ohering@suse.de + +- fate#316613: update to v12 + libxl.pvscsi.patch + +------------------------------------------------------------------- +Fri Apr 29 16:50:33 MDT 2016 - carnold@suse.com + +- Update to the latest Xen 4.7 pre-release c2994f86 + Drop libxl.migrate-legacy-stream-read.patch + +------------------------------------------------------------------- +Fri Apr 15 09:22:31 UTC 2016 - ohering@suse.de + +- bnc#972756 - Can't migrate HVM guest from SLES12SP1 Xen host + to SLES12SP2 Alpha 1 host using xl migrate + libxl.migrate-legacy-stream-read.patch + +------------------------------------------------------------------- +Fri Apr 1 20:14:38 UTC 2016 - jfehlig@suse.com + +- Add patches from proposed upstream series to load BIOS's from + the toolstack instead of embedding in hvmloader + http://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01626.html + 0001-libxc-Rework-extra-module-initialisation.patch, + 0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch, + 0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch, + 0004-firmware-makefile-install-BIOS-blob.patch, + 0005-libxl-Load-guest-BIOS-from-file.patch, + 0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch, + 0007-hvmloader-Grab-the-hvm_start_info-pointer.patch, + 0008-hvmloader-Locate-the-BIOS-blob.patch, + 0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch, + 0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch, + 0011-hvmloader-Load-OVMF-from-modules.patch, + 0012-hvmloader-Specific-bios_load-function-required.patch, + 0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch, + 0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch +- Enable support for UEFI on x86_64 using the ovmf-x86_64-ms.bin + firmware from qemu-ovmf-x86_64. The firmware is preloaded with + Microsoft keys to more closely resemble firmware on real hardware + FATE#320490 + +------------------------------------------------------------------- +Fri Mar 25 14:46:11 MDT 2016 - carnold@suse.com + +- fate#319989: Update to Xen 4.7 (pre-release) + xen-4.7.0-testing-src.tar.bz2 +- Dropped: + xen-4.6.1-testing-src.tar.bz2 + 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch + 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch + 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch + 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch + hotplug-Linux-block-performance-fix.patch + set-mtu-from-bridge-for-tap-interface.patch + xendomains-libvirtd-conflict.patch + xsa154.patch + xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch + xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch + xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch + xsa170.patch + +------------------------------------------------------------------- +Tue Mar 22 21:48:06 UTC 2016 - jfehlig@suse.com + +- Use system SeaBIOS instead of building/installing another one + FATE#320638 + Dropped files: + seabios-dir-remote.tar.bz2 + xen-c99-fix.patch + xen.build-compare.seabios.patch + +------------------------------------------------------------------- +Wed Mar 16 23:33:01 UTC 2016 - jfehlig@suse.com + +- spec: drop BuildRequires that were only needed for qemu-xen + +------------------------------------------------------------------- +Fri Mar 4 16:11:02 MST 2016 - carnold@suse.com + +- bsc#969377 - xen does not build with GCC 6 + ipxe-use-rpm-opt-flags.patch + gcc6-warnings-as-errors.patch + +------------------------------------------------------------------- +Thu Mar 3 10:27:55 MST 2016 - carnold@suse.com + +- bsc#969351 - VUL-0: CVE-2016-2841: xen: net: ne2000: infinite + loop in ne2000_receive + CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch +- Drop xsa154-fix.patch + +------------------------------------------------------------------- +Wed Mar 2 16:53:51 UTC 2016 - jfehlig@suse.com + +- Use system qemu instead of building/installing yet another qemu + FATE#320638 +- Dropped files + qemu-xen-dir-remote.tar.bz2 + CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch + CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch + CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch + CVE-2015-4037-qemuu-smb-config-dir-name.patch + CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch + CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch + CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch + CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch + CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch + CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch + CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch + CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch + CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch + CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch + CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch + CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch + CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch + CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch + CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch + CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch + qemu-xen-enable-spice-support.patch + qemu-xen-upstream-qdisk-cache-unsafe.patch + tigervnc-long-press.patch + xsa162-qemuu.patch + +------------------------------------------------------------------- +Mon Feb 29 09:40:43 MST 2016 - carnold@suse.com + +- bsc#962321 - VUL-0: CVE-2016-1922: xen: i386: null pointer + dereference in vapic_write() + CVE-2016-1922-qemuu-i386-null-pointer-dereference-in-vapic_write.patch + +------------------------------------------------------------------- +Wed Feb 24 08:05:02 MST 2016 - carnold@suse.com + +- bsc#968004 - VUL-0: CVE-2016-2538: xen: usb: integer overflow in + remote NDIS control message handling + CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch + +------------------------------------------------------------------- +Thu Feb 18 10:39:00 MST 2016 - carnold@suse.com + +- bsc#954872 - L3: script block-dmmd not working as expected - + libxl: error: libxl_dm.c + block-dmmd +- Update libxl to recognize dmmd and npiv prefix in disk spec + xen.libxl.dmmd.patch + +------------------------------------------------------------------- +Wed Feb 17 08:30:35 MST 2016 - carnold@suse.com + +- bsc#967101 - VUL-0: CVE-2016-2391: xen: usb: multiple eof_timers + in ohci module leads to null pointer dereference + CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch + CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch +- bsc#967090 - VUL-0: CVE-2016-2392: xen: usb: null pointer + dereference in remote NDIS control message handling + CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch + +------------------------------------------------------------------- +Thu Feb 11 09:29:01 MST 2016 - carnold@suse.com + +- Update to Xen Version 4.6.1 + xen-4.6.1-testing-src.tar.bz2 +- Dropped patches now contained in tarball or unnecessary + xen-4.6.0-testing-src.tar.bz2 + 5604f239-x86-PV-properly-populate-descriptor-tables.patch + 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch + 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch + 561d20a0-x86-hide-MWAITX-from-PV-domains.patch + 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch + 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch + 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch + 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch + 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch + 5632129c-free-domain-s-vcpu-array.patch + 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch + 563212e4-xenoprof-free-domain-s-vcpu-array.patch + 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch + 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch + 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch + 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch + 56549f24-x86-vPMU-document-as-unsupported.patch + 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch + xsa155-qemut-qdisk-double-access.patch + xsa155-qemut-xenfb.patch + xsa155-qemuu-qdisk-double-access.patch + xsa155-qemuu-xenfb.patch + xsa159.patch + xsa160.patch + xsa162-qemut.patch + xsa165.patch + xsa166.patch + xsa167.patch + xsa168.patch + +------------------------------------------------------------------- +Fri Feb 5 13:07:53 MST 2016 - carnold@suse.com + +- bsc#965315 - VUL-0: CVE-2016-2270: xen: x86: inconsistent + cachability flags on guest mappings (XSA-154) + xsa154.patch +- bsc#965317 - VUL-0: CVE-2016-2271: xen: VMX: guest user mode may + crash guest with non-canonical RIP (XSA-170) + xsa170.patch + +------------------------------------------------------------------- +Fri Feb 5 08:51:16 MST 2016 - carnold@suse.com + +- bsc#965269 - VUL-1: CVE-2015-8619: xen: stack based OOB write in + hmp_sendkey routine + CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch + +------------------------------------------------------------------- +Thu Feb 4 09:26:34 MST 2016 - carnold@suse.com + +- bsc#965156 - VUL-0: CVE-2015-6855: xen: ide: divide by zero issue + CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch +- bsc#965112 - VUL-0: CVE-2014-3640: xen: slirp: NULL pointer deref + in sosendto() + CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch + +------------------------------------------------------------------- +Wed Feb 3 10:47:41 MST 2016 - carnold@suse.com + +- bsc#964947 - VUL-0: CVE-2015-5278: xen: Infinite loop in + ne2000_receive() function + CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch +- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: + infinite loop in processing command block list + CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch + CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch + +------------------------------------------------------------------- +Tue Feb 2 08:45:07 MST 2016 - carnold@suse.com + +- bsc#964644 - VUL-0: CVE-2013-4533: xen pxa2xx: buffer overrun on + incoming migration + CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch +- bsc#964925 - VUL-0: CVE-2014-0222: xen: qcow1: validate L2 table + size to avoid integer overflows + CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch +- Dropped CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch + +------------------------------------------------------------------- +Mon Feb 1 13:29:55 MST 2016 - carnold@suse.com + +- bsc#964415 - VUL-1: CVE-2016-2198: xen: usb: ehci null pointer + dereference in ehci_caps_write + CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch +- bsc#964452 - VUL-0: CVE-2013-4534: xen: openpic: buffer overrun + on incoming migration + CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch + +------------------------------------------------------------------- +Wed Jan 27 08:23:26 MST 2016 - carnold@suse.com + +- bsc#963783 - VUL-1: CVE-2016-1981: xen: net: e1000 infinite loop + in start_xmit and e1000_receive_iov routines + CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch + CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch + +------------------------------------------------------------------- +Wed Jan 20 08:21:42 MST 2016 - carnold@suse.com + +- bsc#962758 - VUL-0: CVE-2013-4539: xen: tsc210x: buffer overrun + on invalid state load + CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch + +------------------------------------------------------------------- +Tue Jan 19 09:23:56 MST 2016 - carnold@suse.com + +- bsc#962632 - VUL-0: CVE-2015-1779: xen: vnc: insufficient + resource limiting in VNC websockets decoder + CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch + CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch +- bsc#962642 - VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on + invalid state load + CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch +- bsc#962627 - VUL-0: CVE-2014-7815: xen: vnc: insufficient + bits_per_pixel from the client sanitization + CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch + +------------------------------------------------------------------- +Mon Jan 18 09:04:10 MST 2016 - carnold@suse.com + +- bsc#962335 - VUL-0: CVE-2013-4538: xen: ssd0323: fix buffer + overun on invalid state + CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch +- bsc#962360 - VUL-0: CVE-2015-7512: xen: net: pcnet: buffer + overflow in non-loopback mode + CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch + CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch + +------------------------------------------------------------------- +Wed Jan 13 09:56:52 MST 2016 - carnold@suse.com + +- bsc#961692 - VUL-0: CVE-2016-1714: xen: nvram: OOB r/w access in + processing firmware configurations + CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch + CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch + +------------------------------------------------------------------- +Mon Jan 11 11:51:45 MST 2016 - carnold@suse.com + +- bsc#961358 - VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based + buffer overflow in megasas_ctrl_get_info + CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch +- bsc#961332 - VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci + use-after-free vulnerability in aio port commands + CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch + +------------------------------------------------------------------- +Thu Jan 7 10:38:20 MST 2016 - carnold@suse.com + +- bsc#959695 - missing docs for xen + xen.spec + +------------------------------------------------------------------- +Wed Jan 6 10:38:36 MST 2016 - carnold@suse.com + +- bsc#960862 - VUL-0: CVE-2016-1571: xen: VMX: intercept issue with + INVLPG on non-canonical address (XSA-168) + xsa168.patch +- bsc#960861 - VUL-0: CVE-2016-1570: xen: PV superpage + functionality missing sanity checks (XSA-167) + xsa167.patch +- bsc#960836 - VUL-0: CVE-2015-8744: xen: net: vmxnet3: incorrect + l2 header validation leads to a crash via assert(2) call + CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch + +------------------------------------------------------------------- +Tue Jan 5 13:56:08 MST 2016 - carnold@suse.com + +- bsc#960707 - VUL-0: CVE-2015-8745: xen: reading IMR registers + leads to a crash via assert(2) call + CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch +- bsc#960726 - VUL-0: CVE-2015-8743: xen: ne2000: OOB memory access + in ioport r/w functions + CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch + +------------------------------------------------------------------- +Mon Jan 4 11:32:10 MST 2016 - carnold@suse.com + +- bsc#960093 - VUL-0: CVE-2015-8615: xen: x86: unintentional + logging upon guest changing callback method (XSA-169) + 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch + +------------------------------------------------------------------- +Mon Dec 21 09:09:55 UTC 2015 - ohering@suse.de + +- Adjust xen-dom0-modules.service to run Before xenstored.service + instead of proc-xen.mount to workaround a bug in systemd "design" + (bnc#959845) + +------------------------------------------------------------------- +Wed Dec 16 12:16:21 MST 2015 - carnold@suse.com + +- bsc#959387 - VUL-0: CVE-2015-8568 CVE-2015-8567: xen: qemu: net: + vmxnet3: host memory leakage + CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch + +------------------------------------------------------------------- +Mon Dec 14 10:12:05 MST 2015 - carnold@suse.com + +- bsc#957988 - VUL-0: CVE-2015-8550: xen: paravirtualized drivers + incautious about shared memory contents (XSA-155) + xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch + xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch + xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch + xsa155-qemuu-qdisk-double-access.patch + xsa155-qemut-qdisk-double-access.patch + xsa155-qemuu-xenfb.patch + xsa155-qemut-xenfb.patch +- bsc#959006 - VUL-0: CVE-2015-8558: xen: qemu: usb: infinite loop + in ehci_advance_state results in DoS + CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch +- bsc#958918 - VUL-0: CVE-2015-7549: xen: qemu pci: null pointer + dereference issue + CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch +- bsc#958493 - VUL-0: CVE-2015-8504: xen: qemu: ui: vnc: avoid + floating point exception + CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch + CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch +- bsc#958007 - VUL-0: CVE-2015-8554: xen: qemu-dm buffer overrun in + MSI-X handling (XSA-164) + xsa164.patch +- bsc#958009 - VUL-0: CVE-2015-8555: xen: information leak in + legacy x86 FPU/XMM initialization (XSA-165) + xsa165.patch +- bsc#958523 - VUL-0: xen: ioreq handling possibly susceptible to + multiple read issue (XSA-166) + xsa166.patch + +------------------------------------------------------------------- +Fri Nov 27 10:39:38 MST 2015 - carnold@suse.com + +- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: + infinite loop in processing command block list + CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch + CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch +- Upstream patches from Jan + 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch + 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) + 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch + 56544a57-VMX-fix-adjust-trap-injection.patch + 56546ab2-sched-fix-insert_vcpu-locking.patch + +------------------------------------------------------------------- +Wed Nov 25 10:06:30 MST 2015 - carnold@suse.com + +- bsc#956592 - VUL-0: xen: virtual PMU is unsupported (XSA-163) + 56549f24-x86-vPMU-document-as-unsupported.patch +- bsc#956408 - VUL-0: CVE-2015-8339, CVE-2015-8340: xen: + XENMEM_exchange error handling issues (XSA-159) + xsa159.patch +- bsc#956409 - VUL-0: CVE-2015-8341: xen: libxl leak of pv kernel + and initrd on error (XSA-160) + xsa160.patch +- bsc#956411 - VUL-0: CVE-2015-7504: xen: heap buffer overflow + vulnerability in pcnet emulator (XSA-162) + xsa162-qemuu.patch + xsa162-qemut.patch +- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour + readonly flag on disks with qemu-xen (xsa-142) + 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch + 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch + +------------------------------------------------------------------- +Tue Nov 24 08:44:57 MST 2015 - carnold@suse.com + +- fate#315712: XEN: Use the PVOPS kernel + Turn off building the KMPs now that we are using the pvops kernel + xen.spec + +------------------------------------------------------------------- +Thu Nov 19 11:18:03 MST 2015 - carnold@suse.com + +- Upstream patches from Jan + 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch + 561d20a0-x86-hide-MWAITX-from-PV-domains.patch + 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch + 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch + 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch + 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch + 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch + 5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch) + 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch + 563212e4-xenoprof-free-domain-s-vcpu-array.patch + 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch + 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch + 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch + 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) + 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch +- Dropped 55b0a2db-x86-MSI-track-guest-masking.patch + +------------------------------------------------------------------- +Thu Nov 19 07:47:47 UTC 2015 - ohering@suse.de + +- Use upstream variants of block-iscsi and block-nbd + +------------------------------------------------------------------- +Thu Nov 19 07:38:06 UTC 2015 - ohering@suse.de + +- Remove xenalyze.hg, its part of xen-4.6 + +------------------------------------------------------------------- +Wed Nov 10 16:16:24 MDT 2015 - carnold@suse.com + +- Update to Xen Version 4.6.0 + xen-4.6.0-testing-src.tar.bz2 + mini-os.tar.bz2 + blktap2-no-uninit.patch + stubdom-have-iovec.patch +- Renamed + xsa149.patch to CVE-2015-7969-xsa149.patch +- Dropped patches now contained in tarball or unnecessary + xen-4.5.2-testing-src.tar.bz2 + 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch + 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch + 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch + 54f4985f-libxl-fix-libvirtd-double-free.patch + 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch + 551ac326-xentop-add-support-for-qdisk.patch + 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch + 552d0fe8-x86-mtrr-include-asm-atomic.h.patch + 552d293b-x86-vMSI-X-honor-all-mask-requests.patch + 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch + 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch + 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch + 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch + 554c7aee-x86-provide-arch_fetch_and_add.patch + 554c7b00-arm-provide-arch_fetch_and_add.patch + 554cc211-libxl-add-qxl.patch 55534b0a-x86-provide-add_sized.patch + 55534b25-arm-provide-add_sized.patch + 5555a4f8-use-ticket-locks-for-spin-locks.patch + 5555a5b9-x86-arm-remove-asm-spinlock-h.patch + 5555a8ec-introduce-non-contiguous-allocation.patch + 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch + 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch + 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch + 557eb55f-gnttab-per-active-entry-locking.patch + 557eb5b6-gnttab-introduce-maptrack-lock.patch + 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch + 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch + 5582bf43-evtchn-simplify-port_is_valid.patch + 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch + 5583d9c5-x86-MSI-X-cleanup.patch + 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch + 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch + 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch + 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch + 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch + 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch + 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch + 55b0a218-x86-PCI-CFG-write-intercept.patch + 55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch + 55b0a2ab-x86-MSI-X-enable.patch blktapctrl-close-fifos.patch + blktapctrl-default-to-ioemu.patch blktapctrl-disable-debug-printf.patch + blktap-no-uninit.patch blktap-pv-cdrom.patch build-tapdisk-ioemu.patch + ioemu-bdrv-open-CACHE_WB.patch ioemu-blktap-barriers.patch + ioemu-blktap-fv-init.patch ioemu-blktap-image-format.patch + ioemu-blktap-zero-size.patch libxl.set-migration-constraints-from-cmdline.patch + local_attach_support_for_phy.patch pci-attach-fix.patch + qemu-xen-upstream-megasas-buildtime.patch tapdisk-ioemu-logfile.patch + tapdisk-ioemu-shutdown-fix.patch udev-rules.patch xen.build-compare.ipxe.patch + xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch + xen.build-compare.vgabios.patch xen.build-compare.xen_compile_h.patch + xl-coredump-file-location.patch + +------------------------------------------------------------------- +Thu Nov 5 07:42:08 MST 2015 - carnold@suse.com + +- bsc#954405 - VUL-0: CVE-2015-8104: Xen: guest to host DoS by + triggering an infinite loop in microcode via #DB exception +- bsc#954018 - VUL-0: CVE-2015-5307: xen: x86: CPU lockup during + fault delivery (XSA-156) + CVE-2015-5307-xsa156.patch + +------------------------------------------------------------------- +Wed Nov 4 10:33:59 MST 2015 - carnold@suse.com + +- Update to Xen 4.5.2 + xen-4.5.2-testing-src.tar.bz2 +- Drop the following + xen-4.5.1-testing-src.tar.bz2 + 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch + 5576f178-kexec-add-more-pages-to-v1-environment.patch + 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch + 558bfaa0-x86-traps-avoid-using-current-too-early.patch + 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch + 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch + 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch + 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch + 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch + 559bdde5-pull-in-latest-linux-earlycpio.patch + 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch + 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch + 55a77e4f-dmar-device-scope-mem-leak-fix.patch + 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch + 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch + 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch + 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch + 55e43fd8-x86-NUMA-fix-setup_node.patch + 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch + 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch + 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch + 55f9345b-x86-MSI-fail-if-no-hardware-support.patch + 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch + 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch + 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch + 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch + 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch + 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch + 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch + 561d20a0-x86-hide-MWAITX-from-PV-domains.patch + 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch + 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch + CVE-2015-4106-xsa131-9.patch CVE-2015-3259-xsa137.patch + CVE-2015-7311-xsa142.patch CVE-2015-7835-xsa148.patch + xsa139-qemuu.patch xsa140-qemuu-1.patch xsa140-qemuu-2.patch + xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch + xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch + xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch + xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch + xsa151.patch xsa152.patch xsa153-libxl.patch + CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch + CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch + CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch + CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch + CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch + CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch + CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch + CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch" + +------------------------------------------------------------------- +Mon Nov 2 11:21:15 MST 2015 - carnold@suse.com + +- bsc#950704 - CVE-2015-7970 VUL-1: xen: x86: Long latency + populate-on-demand operation is not preemptible (XSA-150) + 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch + +------------------------------------------------------------------- +Wed Oct 28 09:47:38 MDT 2015 - carnold@suse.com + +- Upstream patches from Jan + 5604f239-x86-PV-properly-populate-descriptor-tables.patch + 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch + 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch + 561d20a0-x86-hide-MWAITX-from-PV-domains.patch + 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch + +------------------------------------------------------------------- +Fri Oct 23 13:35:59 MDT 2015 - carnold@suse.com + +- bsc#951845 - VUL-0: CVE-2015-7972: xen: x86: populate-on-demand + balloon size inaccuracy can crash guests (XSA-153) + xsa153-libxl.patch + +------------------------------------------------------------------- +Fri Oct 16 08:40:31 MDT 2015 - carnold@suse.com + +- bsc#950703 - VUL-1: CVE-2015-7969: xen: leak of main per-domain + vcpu pointer array (DoS) (XSA-149) + xsa149.patch +- bsc#950705 - VUL-1: CVE-2015-7969: xen: x86: leak of per-domain + profiling-related vcpu pointer array (DoS) (XSA-151) + xsa151.patch +- bsc#950706 - VUL-0: CVE-2015-7971: xen: x86: some pmu and + profiling hypercalls log without rate limiting (XSA-152) + xsa152.patch +- Dropped + 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch + 5604f239-x86-PV-properly-populate-descriptor-tables.patch + +------------------------------------------------------------------- +Thu Oct 15 11:43:23 MDT 2015 - carnold@suse.com + +- bsc#932267 - VUL-1: CVE-2015-4037: qemu,kvm,xen: insecure + temporary file use in /net/slirp.c + CVE-2015-4037-qemuu-smb-config-dir-name.patch + CVE-2015-4037-qemut-smb-config-dir-name.patch +- bsc#877642 - VUL-0: CVE-2014-0222: qemu: qcow1: validate L2 table + size to avoid integer overflows + CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch + CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch + +------------------------------------------------------------------- +Wed Oct 14 10:24:15 MDT 2015 - carnold@suse.com + +- bsc#950367 - VUL-0: CVE-2015-7835: xen: x86: Uncontrolled + creation of large page mappings by PV guests (XSA-148) + CVE-2015-7835-xsa148.patch + +------------------------------------------------------------------- +Tue Oct 6 14:52:30 MDT 2015 - jfehlig@suse.com + +- bsc#949138 - Setting vcpu affinity under Xen causes libvirtd + abort + 54f4985f-libxl-fix-libvirtd-double-free.patch + +------------------------------------------------------------------- +Tue Oct 6 09:04:17 MDT 2015 - carnold@suse.com + +- bsc#949046 - Increase %suse_version in SP1 to 1316 + xen.spec +- Update README.SUSE detailing dom0 ballooning recommendations + +------------------------------------------------------------------- +Mon Oct 5 09:12:45 MDT 2015 - carnold@suse.com + +- bsc#945167 - Running command ’ xl pci-assignable-add 03:10.1’ + secondly show errors + 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch +- Upstream patches from Jan + 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch + 55f9345b-x86-MSI-fail-if-no-hardware-support.patch + 5604f239-x86-PV-properly-populate-descriptor-tables.patch + 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch + 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch + 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch + 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch + 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch + 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch + +------------------------------------------------------------------- +Fri Oct 2 11:31:34 MDT 2015 - mlatimer@suse.com + +- bsc#941074 - VmError: Device 51728 (vbd) could not be connected. + Hotplug scripts not working. + hotplug-Linux-block-performance-fix.patch + +------------------------------------------------------------------- +Wed Sep 23 14:56:47 MDT 2015 - carnold@suse.com + +- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour + readonly flag on disks with qemu-xen (xsa-142) + CVE-2015-7311-xsa142.patch + +------------------------------------------------------------------- +Mon Sep 16 07:17:00 UTC 2015 - cyliu@suse.com + +- bsc#945165 - Xl pci-attach show error with kernel of SLES 12 sp1 + pci-attach-fix.patch + +------------------------------------------------------------------- +Tue Sep 15 14:48:27 MDT 2015 - jfehlig@suse.com + +- bsc#945164 - Xl destroy show error with kernel of SLES 12 sp1 + 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch + +------------------------------------------------------------------- +Wed Sep 9 08:55:29 MDT 2015 - carnold@suse.com + +- Upstream patches from Jan + 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch + 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch + 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch + 55e43fd8-x86-NUMA-fix-setup_node.patch + 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch + 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch + 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch + 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch + 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch + +------------------------------------------------------------------- +Tue Sep 8 11:26:45 MDT 2015 - carnold@suse.com + +- bsc#944463 - VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in + vnc_client_read() and protocol_client_msg() + CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch + CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch +- bsc#944697 - VUL-1: CVE-2015-6815: qemu: net: e1000: infinite + loop issue + CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch + CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch + +------------------------------------------------------------------- +Wed Aug 26 16:18:58 MDT 2015 - carnold@suse.com + +- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line + config handling stack overflow + 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch + +------------------------------------------------------------------- +Tue Aug 18 10:18:20 MDT 2015 - carnold@suse.com + +- bsc#907514 - Bus fatal error & sles12 sudden reboot has been + observed +- bsc#910258 - SLES12 Xen host crashes with FATAL NMI after + shutdown of guest with VT-d NIC +- bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been + observed +- bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden + reboot has been observed + 552d293b-x86-vMSI-X-honor-all-mask-requests.patch + 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch + 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch + 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch + 5583d9c5-x86-MSI-X-cleanup.patch + 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch + 55b0a218-x86-PCI-CFG-write-intercept.patch + 55b0a255-x86-MSI-X-maskall.patch + 55b0a283-x86-MSI-X-teardown.patch + 55b0a2ab-x86-MSI-X-enable.patch + 55b0a2db-x86-MSI-track-guest-masking.patch +- Upstream patches from Jan + 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch + 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch + 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch + 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch + 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch + 55a77e4f-dmar-device-scope-mem-leak-fix.patch + 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch + 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch +- Dropped for upstream version + x86-MSI-mask.patch + x86-MSI-pv-unmask.patch + x86-MSI-X-enable.patch + x86-MSI-X-maskall.patch + x86-MSI-X-teardown.patch + x86-pci_cfg_okay.patch + x86-PCI-CFG-write-intercept.patch + +------------------------------------------------------------------- +Tue Jul 28 09:04:13 MDT 2015 - carnold@suse.com + +- bsc#939712 - VUL-0: XSA-140: QEMU leak of uninitialized heap + memory in rtl8139 device model + xsa140-qemuu-1.patch + xsa140-qemuu-2.patch + xsa140-qemuu-3.patch + xsa140-qemuu-4.patch + xsa140-qemuu-5.patch + xsa140-qemuu-6.patch + xsa140-qemuu-7.patch + xsa140-qemut-1.patch + xsa140-qemut-2.patch + xsa140-qemut-3.patch + xsa140-qemut-4.patch + xsa140-qemut-5.patch + xsa140-qemut-6.patch + xsa140-qemut-7.patch +- bsc#939709 - VUL-0: XSA-139: xen: Use after free in QEMU/Xen + block unplug protocol + xsa139-qemuu.patch + +------------------------------------------------------------------- +Tue Jul 21 10:03:24 UTC 2015 - ohering@suse.de + +- bsc#937371 - xen vm's running after reboot + xendomains-libvirtd-conflict.patch + +------------------------------------------------------------------- +Thu Jul 16 10:14:12 MDT 2015 - carnold@suse.com + +- bsc#938344 - VUL-0: CVE-2015-5154: qemu,kvm,xen: host code + execution via IDE subsystem CD-ROM + CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch + CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch + CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch + CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch + CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch + CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch + +------------------------------------------------------------------- +Wed Jul 15 08:28:23 UTC 2015 - ohering@suse.de + +- Remove xendomains.service from systemd preset file because it + conflicts with libvirt-guests.service (bnc#937371) + Its up to the admin to run systemctl enable xendomains.service + +------------------------------------------------------------------- +Wed Jul 8 11:38:26 MDT 2015 - carnold@suse.com + +- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line + config handling stack overflow + CVE-2015-3259-xsa137.patch +- Upstream patches from Jan + 558bfaa0-x86-traps-avoid-using-current-too-early.patch + 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch + 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch + 559bdde5-pull-in-latest-linux-earlycpio.patch +- Upstream patches from Jan pending review + 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch + 552d0fe8-x86-mtrr-include-asm-atomic.h.patch + 552d293b-x86-vMSI-X-honor-all-mask-requests.patch + 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch + 554c7aee-x86-provide-arch_fetch_and_add.patch + 554c7b00-arm-provide-arch_fetch_and_add.patch + 55534b0a-x86-provide-add_sized.patch + 55534b25-arm-provide-add_sized.patch + 5555a4f8-use-ticket-locks-for-spin-locks.patch + 5555a5b9-x86-arm-remove-asm-spinlock-h.patch + 5555a8ec-introduce-non-contiguous-allocation.patch + 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch + 557eb55f-gnttab-per-active-entry-locking.patch + 557eb5b6-gnttab-introduce-maptrack-lock.patch + 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch + 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch + 5582bf43-evtchn-simplify-port_is_valid.patch + 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch + 5583d9c5-x86-MSI-X-cleanup.patch + 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch + 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch + 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch + 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch + 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch + 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch + 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch + x86-MSI-pv-unmask.patch + x86-pci_cfg_okay.patch + x86-PCI-CFG-write-intercept.patch + x86-MSI-X-maskall.patch + x86-MSI-X-teardown.patch + x86-MSI-X-enable.patch + x86-MSI-mask.patch + +------------------------------------------------------------------- +Tue Jul 7 13:35:34 UTC 2015 - ohering@suse.de + +- Adjust more places to use br0 instead of xenbr0 + +------------------------------------------------------------------- +Tue Jun 30 08:25:35 MDT 2015 - carnold@suse.com + +- bnc#936516 - xen fails to build with kernel update(4.1.0 from + stable) + 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch + +------------------------------------------------------------------- +Fri Jun 26 09:22:28 MDT 2015 - carnold@suse.com + +- Update to Xen Version 4.5.1 FCS (fate#315675) + xen-4.5.1-testing-src.tar.bz2 +- Dropped patches now contained in tarball + 556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch + 556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch + 556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch + 556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch + 55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch + 55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch + 55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch + 55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch + 5513b458-allow-reboot-overrides-when-running-under-EFI.patch + 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch + 5576f178-kexec-add-more-pages-to-v1-environment.patch + 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch + CVE-2015-3456-xsa133-qemuu.patch + CVE-2015-3456-xsa133-qemut.patch + qemu-MSI-X-enable-maskall.patch + qemu-MSI-X-latch-writes.patch + x86-MSI-X-guest-mask.patch + +------------------------------------------------------------------- +Thu Jun 25 17:19:35 MDT 2015 - jfehlig@suse.com + +- Replace 5124efbe-add-qxl-support.patch with the variant that + finally made it upstream, 554cc211-libxl-add-qxl.patch + +------------------------------------------------------------------- +Wed Jun 10 09:06:36 MDT 2015 - carnold@suse.com + +- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable + qemu MSI-X pass-through error messages + qemu-MSI-X-latch-writes.patch +- bsc#907514 - Bus fatal error & sles12 sudden reboot has been observed +- bsc#910258 - SLES12 Xen host crashes with FATAL NMI after shutdown + of guest with VT-d NIC +- bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been + observed +- bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden reboot + has been observed + x86-MSI-X-teardown.patch + x86-MSI-X-enable.patch + x86-MSI-X-guest-mask.patch + x86-MSI-X-maskall.patch + qemu-MSI-X-enable-maskall.patch +- Upstream patches from Jan + 55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch + 55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch + 55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch + 55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch + 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch + 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch + 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch +- Dropped the following patches now contained in the tarball + xen-no-array-bounds.patch CVE-2015-4103-xsa128.patch + CVE-2015-4104-xsa129.patch CVE-2015-4105-xsa130.patch + CVE-2015-4106-xsa131-1.patch CVE-2015-4106-xsa131-2.patch + CVE-2015-4106-xsa131-3.patch CVE-2015-4106-xsa131-4.patch + CVE-2015-4106-xsa131-5.patch CVE-2015-4106-xsa131-6.patch + CVE-2015-4106-xsa131-7.patch CVE-2015-4106-xsa131-8.patch + +------------------------------------------------------------------- +Wed Jun 3 08:57:26 MDT 2015 - carnold@suse.com + +- Update to Xen 4.5.1 RC2 +- bsc#931628 - VUL-0: CVE-2015-4106: XSA-131: xen: Unmediated PCI + register access in qemu + CVE-2015-4106-xsa131-1.patch + CVE-2015-4106-xsa131-2.patch + CVE-2015-4106-xsa131-3.patch + CVE-2015-4106-xsa131-4.patch + CVE-2015-4106-xsa131-5.patch + CVE-2015-4106-xsa131-6.patch + CVE-2015-4106-xsa131-7.patch + CVE-2015-4106-xsa131-8.patch + CVE-2015-4106-xsa131-9.patch +- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable + qemu MSI-X pass-through error messages + CVE-2015-4105-xsa130.patch +- bsc#931626 - VUL-0: CVE-2015-4104: XSA-129: xen: PCI MSI mask + bits inadvertently exposed to guests + CVE-2015-4104-xsa129.patch +- bsc#931625 - VUL-0: CVE-2015-4103: XSA-128: xen: Potential + unintended writes to host MSI message data field via qemu + CVE-2015-4103-xsa128.patch +- Upstream patches from Jan + 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch + 556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch + 556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch + 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch + 556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch + 556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch + +------------------------------------------------------------------- +Wed May 20 12:13:25 UTC 2015 - ohering@suse.de + +- Add DefaultDependencies=no to xen-dom0-modules.service because + it has to run before proc-xen.mount + +------------------------------------------------------------------- +Tue May 19 11:05:31 MDT 2015 - carnold@suse.com + +- Update to Xen 4.5.1 RC1 + +------------------------------------------------------------------- +Fri May 15 16:34:08 UTC 2015 - ohering@suse.de + +- Update blktap-no-uninit.patch to work with gcc-4.5 + +------------------------------------------------------------------- +Mon May 11 15:07:30 MDT 2015 - carnold@suse.com + +- bsc#927967 - VUL-0: CVE-2015-3340: xen: Information leak through + XEN_DOMCTL_gettscinfo (XSA-132) + 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch + +------------------------------------------------------------------- +Thu May 7 06:53:15 MDT 2015 - carnold@suse.com + +- bnc#929339 - VUL-0: CVE-2015-3456: qemu kvm xen: VENOM qemu + floppy driver host code execution + CVE-2015-3456-xsa133-qemuu.patch + CVE-2015-3456-xsa133-qemut.patch + +------------------------------------------------------------------- +Mon Apr 27 09:55:01 MDT 2015 - carnold@suse.com + +- bsc#928783 - Reboot failure; Request backport of upstream Xen + patch to 4.5.0, or update pkgs to 4.5.1 + 5513b458-allow-reboot-overrides-when-running-under-EFI.patch + 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch + +------------------------------------------------------------------- +Tue Apr 21 12:21:05 UTC 2015 - ohering@suse.de + +- bnc#927750 - Avoid errors reported by system-modules-load.service + +------------------------------------------------------------------- +Wed Apr 8 10:17:41 UTC 2015 - rguenther@suse.com + +- Add xen-no-array-bounds.patch and blktap-no-uninit.patch to selectively + turn errors back to warnings to fix build with GCC 5. +- Amend xen.stubdom.newlib.patch to pull in declaration of strcmp to + avoid implicit-fortify-decl rpmlint error. +- Fix quoting of __SMBIOS_DATE__ in xen.build-compare.smbiosdate.patch. + +------------------------------------------------------------------- +Fri Apr 3 10:54:05 MDT 2015 - carnold@suse.com + +- xentop: Fix memory leak on read failure + 551ac326-xentop-add-support-for-qdisk.patch + +------------------------------------------------------------------- +Tue Mar 31 16:03:54 MDT 2015 - carnold@suse.com + +- Dropped xentop-add-support-for-qdisk.patch in favor of upstream + version + 551ac326-xentop-add-support-for-qdisk.patch + +------------------------------------------------------------------- +Mon Mar 16 10:14:15 MDT 2015 - carnold@suse.com + +- Enable spice support in qemu for x86_64 + 5124efbe-add-qxl-support.patch + qemu-xen-enable-spice-support.patch + +------------------------------------------------------------------- +Thu Mar 12 12:33:45 UTC 2015 - rguenther@suse.com + +- Add xen-c99-fix.patch to remove pointless inline specifier on + function declarations which break build with a C99 compiler which + GCC 5 is by default. (bsc#921994) +- Add ipxe-no-error-logical-not-parentheses.patch to supply + -Wno-logical-not-parentheses to the ipxe build to fix + breakage with GCC 5. (bsc#921994) + +------------------------------------------------------------------- +Wed Mar 11 13:15:07 MDT 2015 - carnold@suse.com + +- bnc#921842 - Xentop doesn't display disk statistics for VMs using + qdisks + xentop-add-support-for-qdisk.patch + +------------------------------------------------------------------- +Tue Feb 24 16:22:45 UTC 2015 - meissner@suse.com + +- Disable the PIE enablement done for Factory, as the XEN code + is not buildable with PIE and it does not make much sense + to build the hypervisor code with it. + +------------------------------------------------------------------- +Tue Feb 17 10:48:56 MST 2015 - carnold@suse.com + +- bnc#918169 - XEN fixes required to work with Kernel 3.19.0 + xen.spec + +------------------------------------------------------------------- +Tue Feb 10 16:06:40 UTC 2015 - ohering@suse.de + +- Package xen.changes because its referenced in xen.spec + +------------------------------------------------------------------- +Wed Jan 28 08:44:32 MST 2015 - carnold@suse.com + +- Update seabios to rel-1.7.5 which is the correct version for + Xen 4.5 + +------------------------------------------------------------------- +Wed Jan 14 10:47:43 MST 2015 - carnold@suse.com + +- Update to Xen 4.5.0 FCS + +------------------------------------------------------------------- +Wed Jan 14 16:54:24 UTC 2015 - ohering@suse.de + +- Include systemd presets in 13.2 and older + +------------------------------------------------------------------- +Mon Jan 12 14:49:23 UTC 2015 - ohering@suse.de + +- bnc#897352 - Enable xencommons/xendomains only during fresh install +- disable restart on upgrade because the toolstack is not restartable + +------------------------------------------------------------------- +Tue Dec 16 11:42:30 UTC 2014 - ohering@suse.de + +- adjust seabios, vgabios, stubdom and hvmloader build to reduce + build-compare noise + xen.build-compare.mini-os.patch + xen.build-compare.smbiosdate.patch + xen.build-compare.ipxe.patch + xen.build-compare.vgabios.patch + xen.build-compare.seabios.patch + xen.build-compare.man.patch + +------------------------------------------------------------------- +Mon Dec 15 11:36:42 MST 2014 - carnold@suse.com + +- Update to Xen 4.5.0 RC4 + +------------------------------------------------------------------- +Wed Dec 10 08:54:22 UTC 2014 - ohering@suse.de + +- Remove xend specific if-up scripts + Recording bridge slaves is a generic task which should be handled + by generic network code + +------------------------------------------------------------------- +Tue Dec 9 18:33:51 UTC 2014 - ohering@suse.de + +- Use systemd features from upstream + requires updated systemd-presets-branding package + +------------------------------------------------------------------- +Thu Dec 4 11:59:29 MST 2014 - carnold@suse.com + +- Update to Xen 4.5.0 RC3 + +------------------------------------------------------------------- +Thu Dec 4 11:44:24 UTC 2014 - ohering@suse.de + +- Set GIT, WGET and FTP to /bin/false + +------------------------------------------------------------------- +Wed Dec 3 12:14:27 UTC 2014 - ohering@suse.de + +- Use new configure features instead of make variables + xen.stubdom.newlib.patch + +------------------------------------------------------------------- +Wed Nov 19 17:10:51 UTC 2014 - ohering@suse.de + +- adjust docs and xen build to reduce build-compare noise + xen.build-compare.doc_html.patch + xen.build-compare.xen_compile_h.patch + +------------------------------------------------------------------- +Mon Nov 17 16:28:13 UTC 2014 - ohering@suse.de + +- Drop trailing B_CNT from XEN_EXTRAVERSION to reduce build-compare noise + +------------------------------------------------------------------- +Tue Nov 11 11:15:30 MST 2014 - carnold@suse.com + +- Update to Xen 4.5.0 RC2 + +------------------------------------------------------------------- +Thu Oct 23 18:34:55 MDT 2014 - carnold@suse.com + +- Update to Xen 4.5.0 RC1 + xen-4.5.0-testing-src.tar.bz2 +- Remove all patches now contained in the new tarball + xen-4.4.1-testing-src.tar.bz2 + 5315a3bb-x86-don-t-propagate-acpi_skip_timer_override-do-Dom0.patch + 5315a43a-x86-ACPI-also-print-address-space-for-PM1x-fields.patch + 53299d8f-xenconsole-reset-tty-on-failure.patch + 53299d8f-xenconsole-tolerate-tty-errors.patch + 5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch + 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch + 537c9c77-libxc-check-return-values-on-mmap-and-madvise.patch + 537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch + 537cd0cc-hvmloader-PA-range-0xfc000000-0xffffffff-should-be-UC.patch + 539ebe62-x86-EFI-improve-boot-time-diagnostics.patch + 53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch + 53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch + 53d124e7-fix-list_domain_details-check-config-data-length-0.patch + 53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch + 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch + 53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch + 53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch + 53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch + 53fcebab-xen-pass-kernel-initrd-to-qemu.patch + 53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch + 53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch + 53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch + 53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch + 53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch + 54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch + 540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch + 540f2624-x86-idle-add-barriers-to-CLFLUSH-workaround.patch + 541825dc-VMX-don-t-leave-x2APIC-MSR-intercepts-disabled.patch + 541ad385-x86-suppress-event-check-IPI-to-MWAITing-CPUs.patch + 541ad3ca-x86-HVM-batch-vCPU-wakeups.patch + 541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch + 54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch + 54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch + 542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch + 54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch + 5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch + 5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch + 542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch + 542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch + 54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch + 54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch + 54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch + 54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch + 54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch + 54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch + CVE-2013-4540-qemu.patch qemu-support-xen-hvm-direct-kernel-boot.patch + qemu-xen-upstream-blkif-discard.patch change-vnc-passwd.patch + libxc-pass-errno-to-callers-of-xc_domain_save.patch + libxl.honor-more-top-level-vfb-options.patch + libxl.add-option-for-discard-support-to-xl-disk-conf.patch + libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch + x86-dom-print.patch x86-extra-trap-info.patch tmp_build.patch + xl-check-for-libvirt-managed-domain.patch disable-wget-check.patch +- Xend/xm is no longer supported and is not part of the upstream code. Remove + all xend/xm specific patches, configs, and scripts + xen-xmexample.patch bridge-opensuse.patch xmexample.disks xmclone.sh + init.xend xend-relocation.sh xend.service xend-relocation-server.fw + domUloader.py xmexample.domUloader xmexample.disks + bridge-vlan.patch bridge-bonding.patch bridge-record-creation.patch + network-nat-open-SuSEfirewall2-FORWARD.patch + xend-set-migration-constraints-from-cmdline.patch + xen.migrate.tools-xend_move_assert_to_exception_block.patch + xend-pvscsi-recognize-also-SCSI-CDROM-devices.patch + xend-config.patch xend-max-free-mem.patch xend-hvm-default-pae.patch + xend-vif-route-ifup.patch xend-xenapi-console-protocol.patch xend-core-dump-loc.patch + xend-xen-api-auth.patch xend-checkpoint-rename.patch xend-xm-save-check-file.patch + xend-xm-create-xflag.patch xend-domu-usb-controller.patch xend-devid-or-name.patch + xend-migration-domname-fix.patch xend-del_usb_xend_entry.patch xend-xen-domUloader.patch + xend-multi-xvdp.patch xend-check_device_status.patch xend-change_home_server.patch + xend-minimum-restart-time.patch xend-disable-internal-logrotate.patch xend-config-enable-dump-comment.patch + xend-tools-watchdog-support.patch xend-console-port-restore.patch xend-vcpu-affinity-fix.patch + xend-migration-bridge-check.patch xend-managed-pci-device.patch xend-hvm-firmware-passthrough.patch + xend-cpuinfo-model-name.patch xend-xm-reboot-fix.patch xend-domain-lock.patch + xend-domain-lock-sfex.patch xend-32on64-extra-mem.patch xend-hv_extid_compatibility.patch + xend-xenpaging.autostart.patch xend-remove-xm-deprecation-warning.patch libxen_permissive.patch + tmp-initscript-modprobe.patch init.xendomains xendomains.service + xen-watchdog.service xen-updown.sh + +------------------------------------------------------------------- +Thu Oct 16 14:17:37 MDT 2014 - carnold@suse.com + +- bnc#901317 - L3: increase limit domUloader to 32MB + domUloader.py + +------------------------------------------------------------------- +Tue Oct 14 09:16:37 MDT 2014 - carnold@suse.com + +- bnc#898772 - SLES 12 RC3 - XEN Host crashes when assigning non-VF + device (SR-IOV) to guest + 54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch +- bnc#882089 - Windows 2012 R2 fails to boot up with greater than + 60 vcpus + 54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch +- bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d + Interrupt Remapping engines can be evaded by native NMI interrupts + 541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch +- Upstream patches from Jan + 540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch (Replaces xsa107.patch) + 54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch (Replaces xsa104.patch) + 54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch (Replaces xsa105.patch) + 542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch (Replaces xsa106.patch) + 54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch + 5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch + 5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch + 542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch + 542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch (Replaces xsa108.patch) + 54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch + 54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch + 54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch (Replaces xsa97.patch) + 54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch + +------------------------------------------------------------------- +Sat Oct 11 08:38:36 UTC 2014 - dmueller@suse.com + +- restrict requires on grub2-x86_64-xen to x86_64 hosts + +------------------------------------------------------------------- +Wed Oct 8 15:25:34 MDT 2014 - jfehlig@suse.com + +- bsc#900292 - xl: change default dump directory + xl-coredump-file-location.patch + +------------------------------------------------------------------- +Tue Oct 03 15:42:36 MDT 2014 - mlatimer@suse.com + +- Update xen2libvirt.py to better detect and handle file formats + +------------------------------------------------------------------- +Tue Sep 30 12:11:36 MDT 2014 - carnold@suse.com + +- bnc#889526 - VUL-0: CVE-2014-5146, CVE-2014-5149: xen: XSA-97 + Long latency virtual-mmu operations are not preemptible + xsa97.patch +- bnc#882089 - Windows 2012 R2 fails to boot up with greater than + 60 vcpus + 541ad385-x86-suppress-event-check-IPI-to-MWAITing-CPUs.patch + 541ad3ca-x86-HVM-batch-vCPU-wakeups.patch +- Upstream patches from Jan + 540f2624-x86-idle-add-barriers-to-CLFLUSH-workaround.patch + 541825dc-VMX-don-t-leave-x2APIC-MSR-intercepts-disabled.patch + +------------------------------------------------------------------- +Tue Sep 30 09:01:16 MDT 2014 - carnold@suse.com + +- bnc#897657 - VUL-0: CVE-2014-7188: xen: XSA-108 Improper MSR + range used for x2APIC emulation + xsa108.patch + +------------------------------------------------------------------- +Mon Sep 29 14:20:15 MDT 2014 - carnold@suse.com + +- bnc#897906 - libxc: check return values on mmap() and madvise() + on xc_alloc_hypercall_buffer() + 537c9c77-libxc-check-return-values-on-mmap-and-madvise.patch + +------------------------------------------------------------------- +Mon Sep 22 09:55:35 MDT 2014 - carnold@suse.com + +- bnc#897614 - Virtualization/xen: Bug `xen-tools` uninstallable; + grub2-x86_64-xen dependency not available + xen.spec + +------------------------------------------------------------------- +Wed Sep 17 16:21:22 MDT 2014 - jfehlig@suse.com + +- More cleanup of README.SUSE + +------------------------------------------------------------------- +Fri Sep 15 09:37:10 CST 2014 - cyliu@suse.com + +- Update xen patch with upstream patch so that latest libvirt + patch can work. (bnc#896044) + + 53fcebab-xen-pass-kernel-initrd-to-qemu.patch + - xen-pass-kernel-initrd-to-qemu.patch + +------------------------------------------------------------------- +Wed Sep 10 09:15:39 MDT 2014 - carnold@suse.com + +- bnc#895804 - VUL-0: CVE-2014-6268: xen: XSA-107: Mishandling of + uninitialised FIFO-based event channel control blocks + xsa107.patch +- bnc#895802 - VUL-0: CVE-2014-7156: xen: XSA-106: Missing + privilege level checks in x86 emulation of software interrupts + xsa106.patch +- bnc#895799 - VUL-0: CVE-2014-7155: xen: XSA-105: Missing + privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation + xsa105.patch +- bnc#895798 - VUL-0: CVE-2014-7154: xen: XSA-104: Race condition + in HVMOP_track_dirty_vram + xsa104.patch + +------------------------------------------------------------------- +Thu Sep 4 17:01:24 CST 2014 - cyliu@suse.com + +- bnc#882405 - Only one key-press event was generated while holding + a key before key-release in pv guests through xl vncviewer + tigervnc-long-press.patch + +------------------------------------------------------------------- +Tue Sep 2 09:01:24 MDT 2014 - carnold@suse.com + +- Update to Xen Version 4.4.1 FCS + xen-4.4.1-testing-src.tar.bz2 +- Dropped patches now contained in tarball + 53d7b781-x86-cpu-undo-BIOS-CPUID-max_leaf-limit-earlier.patch + 53df71c7-lz4-check-for-underruns.patch + 53e47d6b-x86_emulate-properly-do-IP-updates-and-other-side-effects.patch + +------------------------------------------------------------------- +Mon Sep 1 15:20:20 MDT 2014 - carnold@suse.com + +- bnc#882089 - Windows 2012 R2 fails to boot up with greater than + 60 vcpus + 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch + 53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch + 53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch + 53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch + 53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch + 54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch +- Upstream patches from Jan + 53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch + 53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch + 53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch + 53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch + +------------------------------------------------------------------- +Fri Aug 29 09:25:47 MDT 2014 - carnold@suse.com + +- bnc#864801 - VUL-0: CVE-2013-4540: qemu: zaurus: buffer overrun + on invalid state load + CVE-2013-4540-qemu.patch + +------------------------------------------------------------------- +Fri Aug 15 15:09:27 MDT 2014 - carnold@suse.com + +- Update README.SUSE with additional debug help + +------------------------------------------------------------------- +Fri Aug 8 07:34:38 MDT 2014 - carnold@suse.com + +- bnc#883112 - Xen Panic during boot "System without CMOS RTC must + be booted from EFI" + 53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch +- Upstream patches from Jan + 53d7b781-x86-cpu-undo-BIOS-CPUID-max_leaf-limit-earlier.patch + 53df71c7-lz4-check-for-underruns.patch + 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch + 53e47d6b-x86_emulate-properly-do-IP-updates-and-other-side-effects.patch + +------------------------------------------------------------------- +Thu Aug 7 11:26:15 UTC 2014 - carnold@suse.com + +- Update to Xen Version 4.4.1-rc2 + xen-4.4.1-testing-src.tar.bz2 +- Dropped the following upstream patches and xen-4.4.0-testing-src.tar.bz2 + 537b5ede-move-domain-to-cpupool0-before-destroying-it.patch + 5327190a-x86-Intel-work-around-Xeon-7400-series-erratum-AAI65.patch + 534bdf47-x86-HAP-also-flush-TLB-when-altering-a-present-1G-or-intermediate-entry.patch + 535a354b-passthrough-allow-to-suppress-SERR-and-PERR-signaling.patch + 53636ebf-x86-fix-guest-CPUID-handling.patch + 5347b524-evtchn-eliminate-64k-ports-limitation.patch + 53a040c6-page-alloc-scrub-pages-used-by-hypervisor-upon-freeing.patch + 53a1990a-IOMMU-prevent-VT-d-device-IOTLB-operations-on-wrong-IOMMU.patch + 53732f4f-x86-MCE-bypass-uninitialized-vcpu-in-vMCE-injection.patch + 531dc0e2-xmalloc-handle-correctly-page-allocation-when-align-size.patch + 5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch + 531d8e09-x86-HVM-fix-memory-type-merging-in-epte_get_entry_emt.patch + 538ee637-ACPI-Prevent-acpi_table_entries-from-falling-into-a-infinite-loop.patch + 535a34eb-VT-d-suppress-UR-signaling-for-server-chipsets.patch + 535e31bc-x86-HVM-correct-the-SMEP-logic-for-HVM_CR0_GUEST_RESERVED_BITS.patch + 53859956-timers-set-the-deadline-more-accurately.patch + 53636978-hvm_set_ioreq_page-releases-wrong-page-in-error-path.patch + 535a3516-VT-d-suppress-UR-signaling-for-desktop-chipsets.patch + 53cfdcc7-avoid-crash-when-doing-shutdown-with-active-cpupools.patch + 5383175e-VT-d-fix-mask-applied-to-DMIBAR-in-desktop-chipset-XSA-59-workaround.patch + 531d8e34-x86-HVM-consolidate-passthrough-handling-in-epte_get_entry_emt.patch + 532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch + 5357baff-x86-add-missing-break-in-dom0_pit_access.patch + 530c54c3-x86-mce-Reduce-boot-time-logspam.patch + 5383167d-ACPI-ERST-fix-table-mapping.patch + 5390927f-x86-fix-reboot-shutdown-with-running-HVM-guests.patch + 530b27fd-x86-MCE-Fix-race-condition-in-mctelem_reserve.patch + 53709b77-Nested-VMX-load-current_vmcs-only-when-it-exists.patch + 5396d818-avoid-crash-on-HVM-domain-destroy-with-PCI-passthrough.patch + 531d8fd0-kexec-identify-which-cpu-the-kexec-image-is-being-executed-on.patch + 5385956b-x86-don-t-use-VA-for-cache-flush-when-also-flushing-TLB.patch + 539ec004-x86-mce-don-t-spam-the-console-with-CPUx-Temperature-z.patch + 53909259-x86-domctl-two-functional-fixes-to-XEN_DOMCTL_-gs-etvcpuextstate.patch + 53859549-AMD-IOMMU-don-t-free-page-table-prematurely.patch + 533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch + 535fa503-x86-HVM-restrict-HVMOP_set_mem_type.patch + 53271880-VT-d-fix-RMRR-handling.patch + 5390917a-VT-d-honor-APEI-firmware-first-mode-in-XSA-59-workaround-code.patch + 538dcada-x86-HVM-eliminate-vulnerabilities-from-hvm_inject_msi.patch + 53455585-x86-AMD-feature-masking-is-unavailable-on-Fam11.patch + 537b5e50-VT-d-apply-quirks-at-device-setup-time-rather-than-only-at-boot.patch + 53a199d7-x86-EFI-allow-FPU-XMM-use-in-runtime-service-functions.patch + 53cfddaf-x86-mem_event-validate-the-response-vcpu_id-before-acting-on-it.patch + 53b16cd4-VT-d-ATS-correct-and-clean-up-dev_invalidate_iotlb.patch + 53cfdde4-x86-mem_event-prevent-underflow-of-vcpu-pause-counts.patch + 53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch + 534bbd90-x86-nested-HAP-don-t-BUG-on-legitimate-error.patch + 530b28c5-x86-MSI-don-t-risk-division-by-zero.patch + 5396e805-x86-HVM-refine-SMEP-test-in-HVM_CR4_GUEST_RESERVED_BITS.patch + 5370e03b-pygrub-fix-error-handling-if-no-valid-partitions-are-found.patch + 5321b257-x86-make-hypercall-preemption-checks-consistent.patch + 5321b20b-common-make-hypercall-preemption-checks-consistent.patch + 538c338f-x86-amd_ucode-flip-revision-numbers-in-printk.patch + 537b5e79-VT-d-extend-error-report-masking-workaround-to-newer-chipsets.patch + 531d8db1-x86-hvm-refine-the-judgment-on-IDENT_PT-for-EMT.patch + 53b56de1-properly-reference-count-DOMCTL_-un-pausedomain-hypercalls.patch + 530b2880-Nested-VMX-update-nested-paging-mode-on-vmexit.patch + 533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch + 53206661-pygrub-support-linux16-and-initrd16.patch + 5315a254-IOMMU-generalize-and-correct-softirq-processing.patch + +------------------------------------------------------------------- +Fri Aug 1 08:25:12 UTC 2014 - cyliu@suse.com + +- bnc#820873 - The "long" option doesn't work with "xl list" + 53d124e7-fix-list_domain_details-check-config-data-length-0.patch + +------------------------------------------------------------------- +Thu Jul 30 09:31:52 MDT 2014 - carnold@suse.com + +- bnc#888996 - Package 'xen-tool' contains 'SuSE' spelling in a + filename and/or SPEC file + Renamed README.SuSE -> README.SUSE + Modified files: xen.spec, boot.local.xenU, init.pciback + xend-config.patch, xend-vif-route-ifup.patch + +------------------------------------------------------------------- +Wed Jul 29 16:44:48 MDT 2014 - carnold@suse.com + +- bnc#882673 - Dom0 memory should enforce a minimum memory size + (e.g. dom0_mem=min:512M) + xen.spec (Mike Latimer) + +------------------------------------------------------------------- +Thu Jul 24 07:54:34 MDT 2014 - carnold@suse.com + +- Upstream patches from Jan + 5347b524-evtchn-eliminate-64k-ports-limitation.patch + 53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch + 53b16cd4-VT-d-ATS-correct-and-clean-up-dev_invalidate_iotlb.patch + 53b56de1-properly-reference-count-DOMCTL_-un-pausedomain-hypercalls.patch + 53cfdcc7-avoid-crash-when-doing-shutdown-with-active-cpupools.patch + 53cfddaf-x86-mem_event-validate-the-response-vcpu_id-before-acting-on-it.patch + 53cfdde4-x86-mem_event-prevent-underflow-of-vcpu-pause-counts.patch + +------------------------------------------------------------------- +Mon Jul 21 03:05:48 UTC 2014 - cyliu@suse.com + +- bnc#886801 - xl vncviewer: The first domu can be accessed by any id + 53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch + +------------------------------------------------------------------- +Mon Jul 14 11:14:38 MDT 2014 - carnold@suse.com + +- Upstream pygrub bug fix + 5370e03b-pygrub-fix-error-handling-if-no-valid-partitions-are-found.patch + +------------------------------------------------------------------- +Wed Jul 9 16:45:58 MDT 2014 - carnold@suse.com + +- Fix pygrub to handle old 32 bit VMs + pygrub-boot-legacy-sles.patch (Mike Latimer) + +------------------------------------------------------------------- +Mon Jul 7 17:54:58 MDT 2014 - jfehlig@suse.com + +- Remove xen-vmresync utility. It is an old Platespin Orchestrate + utility that should have never been included in the Xen package. + Updated xen.spec + +------------------------------------------------------------------- +Mon Jul 7 17:01:59 MDT 2014 - jfehlig@suse.com + +- Rework xen-destroy utility included in xen-utils + bnc#885292 and bnc#886063 + Updated xen-utils-0.1.tar.bz2 + +------------------------------------------------------------------- +Mon Jul 07 11:40:32 MDT 2014 - carnold@suse.com + +- bnc#886063 - Xen monitor fails (xl list --long output different + from xm list --long output) +- bnc#885292 - VirtualDomain: pid_status does not know how to check + status on SLE12 + Re-enable building xen-utils for sle12 and include xen-list and + xen-destroy in the xen-tools package for HA. + xen.spec + +------------------------------------------------------------------- +Fri Jun 27 12:21:47 MDT 2014 - carnold@suse.com + +- bnc#882127 - Xen kernel panics on booting SLES12 Beta 8 + 53a199d7-x86-EFI-allow-FPU-XMM-use-in-runtime-service-functions.patch +- Upstream patches from Jan + 538c338f-x86-amd_ucode-flip-revision-numbers-in-printk.patch + 538ee637-ACPI-Prevent-acpi_table_entries-from-falling-into-a-infinite-loop.patch + 5390917a-VT-d-honor-APEI-firmware-first-mode-in-XSA-59-workaround-code.patch + 53909259-x86-domctl-two-functional-fixes-to-XEN_DOMCTL_-gs-etvcpuextstate.patch + 5390927f-x86-fix-reboot-shutdown-with-running-HVM-guests.patch + 5396d818-avoid-crash-on-HVM-domain-destroy-with-PCI-passthrough.patch + 5396e805-x86-HVM-refine-SMEP-test-in-HVM_CR4_GUEST_RESERVED_BITS.patch + 539ebe62-x86-EFI-improve-boot-time-diagnostics.patch + 539ec004-x86-mce-don-t-spam-the-console-with-CPUx-Temperature-z.patch + 53a040c6-page-alloc-scrub-pages-used-by-hypervisor-upon-freeing.patch (replaces xsa100.patch) + 53a1990a-IOMMU-prevent-VT-d-device-IOTLB-operations-on-wrong-IOMMU.patch + +------------------------------------------------------------------- +Tue Jun 24 16:11:08 MDT 2014 - jfehlig@suse.com + +- Replace 'domUloader' with 'pygrub' when converting or importing + Xen domains into libvirt with xen2libvirt. domUloader is no + longer provided in xen-tools. + Modified: xen2libvirt.py + +------------------------------------------------------------------- +Thu Jun 13 15:50:19 MDT 2014 - cyliu@suse.com + +- fate#310956: Support Direct Kernel Boot for FV guests + patches would go to upstream: + qemu side: qemu-support-xen-hvm-direct-kernel-boot.patch + xen side: xen-pass-kernel-initrd-to-qemu.patch + +------------------------------------------------------------------- +Thu Jun 6 15:50:19 MDT 2014 - carnold@suse.com + +- Modify how we check for libvirt managed domains + xl-check-for-libvirt-managed-domain.patch + +------------------------------------------------------------------- +Thu Jun 5 08:56:13 MDT 2014 - carnold@suse.com + +- bnc#880751 - VUL-0: xen: Hypervisor heap contents leaked to + guests + xsa100.patch +- bnc#878841 - VUL-0: XSA-96: Xen: Vulnerabilities in HVM MSI + injection + 538dcada-x86-HVM-eliminate-vulnerabilities-from-hvm_inject_msi.patch +- Upstream patches from Jan + 537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch + 537cd0cc-hvmloader-PA-range-0xfc000000-0xffffffff-should-be-UC.patch + 5383167d-ACPI-ERST-fix-table-mapping.patch + 5383175e-VT-d-fix-mask-applied-to-DMIBAR-in-desktop-chipset-XSA-59-workaround.patch + 53859549-AMD-IOMMU-don-t-free-page-table-prematurely.patch + 5385956b-x86-don-t-use-VA-for-cache-flush-when-also-flushing-TLB.patch + 53859956-timers-set-the-deadline-more-accurately.patch + +------------------------------------------------------------------- +Tue May 27 16:54:13 CEST 2014 - ohering@suse.de + +- bnc#879425: handle cache=unsafe from libvirt to disable flush in qdisk + libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch + qemu-xen-upstream-qdisk-cache-unsafe.patch + +------------------------------------------------------------------- +Tue May 27 16:50:22 CEST 2014 - ohering@suse.de + +- libxl: introduce an option for disabling the non-O_DIRECT workaround + recognize direct-io-safe in domU.cfg diskspec + libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch + +------------------------------------------------------------------- +Tue May 27 16:44:06 CEST 2014 - ohering@suse.de + +- fate#316071: add discard support for file backed storage (qdisk) + update patch to allow more values in overloaded ->readwrite member + +------------------------------------------------------------------- +Tue May 27 08:03:51 MDT 2014 - carnold@suse.com + +- bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d + Interrupt Remapping engines can be evaded by native NMI interrupts + 537b5e50-VT-d-apply-quirks-at-device-setup-time-rather-than-only-at-boot.patch + 537b5e79-VT-d-extend-error-report-masking-workaround-to-newer-chipsets.patch +- Upstream patches from Jan + 53709b77-Nested-VMX-load-current_vmcs-only-when-it-exists.patch + 53732f4f-x86-MCE-bypass-uninitialized-vcpu-in-vMCE-injection.patch + 537b5ede-move-domain-to-cpupool0-before-destroying-it.patch + +------------------------------------------------------------------- +Tue May 20 16:34:37 MDT 2014 - carnold@suse.com + +- Update README.SuSE with information on the toolstack change + +------------------------------------------------------------------- +Fri May 16 10:27:04 CEST 2014 - ohering@suse.de + +- fate#316071: add discard support for file backed storage (qdisk) + update to recognize option discard/no-discard instead of discard=0,1 + to match upstream change + +------------------------------------------------------------------- +Mon May 12 18:00:14 CEST 2014 - ohering@suse.de + +- fate#316613: Implement pvscsi in xl/libxl + libxl.pvscsi.patch + +------------------------------------------------------------------- +Fri May 9 08:07:34 MDT 2014 - carnold@suse.com + +- bnc#875668 - VUL-0: CVE-2014-3124: xen: XSA-92: + HVMOP_set_mem_type allows invalid P2M entries to be created + 535fa503-x86-HVM-restrict-HVMOP_set_mem_type.patch (replaces xsa92.patch) +- bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d + Interrupt Remapping engines can be evaded by native NMI interrupts + 535a34eb-VT-d-suppress-UR-signaling-for-server-chipsets.patch + 535a3516-VT-d-suppress-UR-signaling-for-desktop-chipsets.patch +- Upstream patches from Jan + 535a354b-passthrough-allow-to-suppress-SERR-and-PERR-signaling.patch + 535e31bc-x86-HVM-correct-the-SMEP-logic-for-HVM_CR0_GUEST_RESERVED_BITS.patch + 53636978-hvm_set_ioreq_page-releases-wrong-page-in-error-path.patch + 53636ebf-x86-fix-guest-CPUID-handling.patch + +------------------------------------------------------------------- +Tue May 6 13:24:14 MDT 2014 - carnold@suse.com + +- Fix pygrub to handle VM with no grub/menu.lst file. +- Don't use /var/run/xend/boot for temporary boot directory + pygrub-boot-legacy-sles.patch + +------------------------------------------------------------------- +Sat Apr 26 09:56:36 MDT 2014 - carnold@suse.com + +- When the xl command is used, check to see if the domain being + modified is managed by libvirt and print warning if it is. + xl-check-for-libvirt-managed-domain.patch + +------------------------------------------------------------------- +Thu Apr 24 08:17:36 MDT 2014 - carnold@suse.com + +- Upstream patches from Jan + 53455585-x86-AMD-feature-masking-is-unavailable-on-Fam11.patch + 5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch + 534bbd90-x86-nested-HAP-don-t-BUG-on-legitimate-error.patch + 534bdf47-x86-HAP-also-flush-TLB-when-altering-a-present-1G-or-intermediate-entry.patch + 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch + 5357baff-x86-add-missing-break-in-dom0_pit_access.patch +- XSA-92 + xsa92.patch + +------------------------------------------------------------------- +Sat Apr 12 20:48:21 UTC 2014 - mmarek@suse.cz + +- Add # needssslcertforbuild to use the project's certificate when + building in a home project. (bnc#872354) + +------------------------------------------------------------------- +Wed Apr 9 08:07:03 MDT 2014 - carnold@suse.com + +- Upstream patches from Jan + 53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch + 533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch + 533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch + +------------------------------------------------------------------- +Thu Apr 3 16:21:03 UTC 2014 - carnold@suse.com + +- bnc#862608 - SLES 11 SP3 vm-install should get RHEL 7 support + when released + 53206661-pygrub-support-linux16-and-initrd16.patch +- Upstream bug fixes + 53299d8f-xenconsole-reset-tty-on-failure.patch + 53299d8f-xenconsole-tolerate-tty-errors.patch + +------------------------------------------------------------------- +Thu Apr 3 16:21:03 UTC 2014 - dmueller@suse.com + +- fix build for armv7l and aarch64 + +------------------------------------------------------------------- +Thu Apr 3 15:40:31 CEST 2014 - ohering@suse.de + +- Remove compiletime strings from qemu-upstream + qemu-xen-upstream-megasas-buildtime.patch + +------------------------------------------------------------------- +Wed Apr 2 08:47:27 MDT 2014 - carnold@suse.com + +- bnc#871546 - KMPs are not signed in SUSE:SLE-12:GA? + xen.spec + +------------------------------------------------------------------- +Tue Apr 1 08:14:29 MDT 2014 - carnold@suse.com + +- Upstream patches from Jan + 532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch + 5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch +- Drop xsa89.patch for upstream version (see bnc#867910, 5331917d-x86-enforce...) + +------------------------------------------------------------------- +Fri Mar 28 11:00:07 MDT 2014 - carnold@suse.com + +- bnc#863821 - Xen unable to boot paravirtualized VMs installed + with btrfs. Add 'Requires: grub2-x86_64-xen' to xen-tools. +- Restore soft links for qemu-system-i386 and qemu-dm +- Cleanup inconsistency in which version of qemu-system-i386 is + being used (Xen vs qemu-x86). Use only Xen's version. + xen.spec + +------------------------------------------------------------------- +Wed Mar 27 14:18:06 MDT 2014 - carnold@suse.com + +- Add conditionals for SLE12 when defining xend and max_cpus + xen.spec + +------------------------------------------------------------------- +Wed Mar 19 14:18:06 MDT 2014 - carnold@suse.com + +- Upstream patches from Jan + 5321b20b-common-make-hypercall-preemption-checks-consistent.patch + 5321b257-x86-make-hypercall-preemption-checks-consistent.patch + 53271880-VT-d-fix-RMRR-handling.patch + 5327190a-x86-Intel-work-around-Xeon-7400-series-erratum-AAI65.patch +- Dropped the following as now part of 5321b257 + 5310bac3-mm-ensure-useful-progress-in-decrease_reservation.patch + +------------------------------------------------------------------- +Wed Mar 12 08:20:42 MDT 2014 - carnold@suse.com + +- bnc#867910 - VUL-0: EMBARGOED: xen: XSA-89: HVMOP_set_mem_access + is not preemptible + xsa89.patch +- Upstream patches from Jan + 530b27fd-x86-MCE-Fix-race-condition-in-mctelem_reserve.patch + 530b2880-Nested-VMX-update-nested-paging-mode-on-vmexit.patch + 530b28c5-x86-MSI-don-t-risk-division-by-zero.patch + 530c54c3-x86-mce-Reduce-boot-time-logspam.patch + 5310bac3-mm-ensure-useful-progress-in-decrease_reservation.patch + 5315a254-IOMMU-generalize-and-correct-softirq-processing.patch + 5315a3bb-x86-don-t-propagate-acpi_skip_timer_override-do-Dom0.patch + 5315a43a-x86-ACPI-also-print-address-space-for-PM1x-fields.patch + 531d8db1-x86-hvm-refine-the-judgment-on-IDENT_PT-for-EMT.patch + 531d8e09-x86-HVM-fix-memory-type-merging-in-epte_get_entry_emt.patch + 531d8e34-x86-HVM-consolidate-passthrough-handling-in-epte_get_entry_emt.patch + 531d8fd0-kexec-identify-which-cpu-the-kexec-image-is-being-executed-on.patch + 531dc0e2-xmalloc-handle-correctly-page-allocation-when-align-size.patch + +------------------------------------------------------------------- +Tue Mar 11 16:21:11 MDT 2014 - carnold@suse.com + +- Add conversion tool for migrating xend/xm managed VMs to libvirt + xen2libvirt.py (Jim Fehlig) + +------------------------------------------------------------------- +Mon Mar 10 07:17:17 MDT 2014 - carnold@suse.com + +- Update to Xen 4.4.0 FCS + +------------------------------------------------------------------- +Thu Mar 06 13:46:24 MST 2014 - mlatimer@suse.com + +- bnc#865682 - Local attach support for PHY backends using scripts + local_attach_support_for_phy.patch + +------------------------------------------------------------------- +Wed Feb 26 00:36:24 UTC 2014 - mlatimer@suse.com + +- bnc#798770 - Improve multipath support for npiv devices + block-npiv + block-npiv-common.sh + +------------------------------------------------------------------- +Wed Feb 19 19:56:31 CET 2014 - ohering@suse.de + +- honor global keymap= option in libxl + libxl.honor-more-top-level-vfb-options.patch + +------------------------------------------------------------------- +Tue Feb 11 13:27:42 MST 2014 - carnold@suse.com + +- Update to c/s 28381 to include libxl fork and event fixes for + libvirt + xen-4.4.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Tue Feb 11 16:14:08 CET 2014 - ohering@suse.de + +- bnc#863297: xend/pvscsi: recognize also SCSI CDROM devices + xend-pvscsi-recognize-also-SCSI-CDROM-devices.patch + +------------------------------------------------------------------- +Tue Feb 11 09:24:23 CET 2014 - ohering@suse.de + +- fate#316614: set migration constraints from cmdline + fix xl migrate to print the actual error string + libxc-pass-errno-to-callers-of-xc_domain_save.patch + +------------------------------------------------------------------- +Mon Feb 10 10:01:54 MST 2014 - carnold@suse.com + +- Include additional help docs for xl in xen-tools +- Apply all patches including those for unpackaged xend + xen.spec + +------------------------------------------------------------------- +Mon Feb 10 10:28:18 CET 2014 - ohering@suse.de + +- fate#316614: set migration constraints from cmdline + split existing changes into libxl and xend part + added libxl.set-migration-constraints-from-cmdline.patch + added xend-set-migration-constraints-from-cmdline.patch + removed xen.migrate.tools_add_xm_migrate_--log_progress_option.patch + removed xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch + removed xen.migrate.tools_set_migration_constraints_from_cmdline.patch + +------------------------------------------------------------------- +Tue Feb 4 11:20:12 MST 2014 - carnold@suse.com + +- Enable ix86 32bit build for xen-libs to be built to support + xen-tools-domU on 32bit VMs and also vhostmd running in 32bit VMs + +------------------------------------------------------------------- +Sun Feb 3 16:38:34 MST 2014 - carnold@suse.de + +- Enable blktapctrl when qemu-traditional is required to satisfy + build dependencies. Remove binaries after build if xend is + disabled + +------------------------------------------------------------------- +Sun Feb 2 22:47:34 CET 2014 - ohering@suse.de + +- update ifarch usage in xen.spec to cover also arm +- blktapctrl is used only by xend +- fix xend-tools-xend sub pkg handling +- default to gcc47 for sles11sp3 builds +- remove all latex packages from BuildRequires +- aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch + +------------------------------------------------------------------- +Sun Feb 2 19:43:05 CET 2014 - ohering@suse.de + +- add arch dependent install suffix for /boot/xen files + +------------------------------------------------------------------- +Sat Feb 1 13:39:03 CET 2014 - ohering@suse.de + +- Set max_cpus==4 for non-x86_64 builds + +------------------------------------------------------------------- +Fri Jan 31 08:41:15 MST 2014 - carnold@suse.com + +- Update to Xen 4.4.0 RC3 c/s 28321 + +------------------------------------------------------------------- +Thu Jan 30 23:10:22 CET 2014 - ohering@suse.de + +- Add flex and bison to BuildRequires, needed by previous patch + +------------------------------------------------------------------- +Thu Jan 30 17:19:10 CET 2014 - ohering@suse.de + +- fate#316071: add discard support for file backed storage (qdisk) + libxl.add-option-for-discard-support-to-xl-disk-conf.patch + +------------------------------------------------------------------- +Thu Jan 27 19:53:39 MST 2014 - carnold@suse.com + +- On platforms where xend is still supported don't output a + deprecation warning when using xm. + xend-remove-xm-deprecation-warning.patch + +------------------------------------------------------------------- +Thu Jan 23 16:11:39 MST 2014 - carnold@suse.com + +- Changed License to GPL-2.0 (from GPL-2.0+) + +------------------------------------------------------------------- +Thu Jan 23 16:11:39 MST 2014 - carnold@suse.com + +- Dropped xen-changeset.patch. It is no longer needed. + +------------------------------------------------------------------- +Sun Jan 19 00:13:06 CET 2014 - ohering@suse.de + +- BuildRequire libfdt1-devel on ARM + +------------------------------------------------------------------- +Sat Jan 18 00:35:46 CET 2014 - ohering@suse.de + +- fate#311487: remove modprobe.conf files for autoloading of + pv-on-hvm files. + Rely on core kernel to skip initialization of emulated hardware + Handle xen_emul_unplug= from xenlinux based core kernel-default + xen_pvonhvm.xen_emul_unplug.patch + Dropped xen_pvdrivers.conf + +------------------------------------------------------------------- +Wed Jan 16 13:11:32 MST 2014 - carnold@suse.com + +- Fix the spec file to build for old distros + The xm/xend toolstack will continue to be contained in xen-tools + for older openSUSE and sles distros but it will be contained in + xend-tools for os13.x + +------------------------------------------------------------------- +Wed Jan 15 19:55:32 CET 2014 - ohering@suse.de + +- fate#316071: add discard support for file backed storage (qdisk) + to qemu-upstream, enabled unconditionally + qemu-xen-upstream-blkif-discard.patch + +------------------------------------------------------------------- +Tue Jan 14 12:13:45 MST 2014 - carnold@suse.com + +- Update to Xen 4.4.0 RC2 c/s 28287 + +------------------------------------------------------------------- +Tue Jan 9 11:44:11 MST 2014 - carnold@suse.com + +- Restore 32bit ix86 support in spec file for kmps and domU tools +- Restore a few missing xend patches + xend-config-enable-dump-comment.patch + xend-tools-watchdog-support.patch + xend-vif-route-ifup.patch + +------------------------------------------------------------------- +Tue Jan 2 11:52:11 MST 2014 - carnold@suse.com + +- fate#315692: XEN: Include Xen version 4.4 in SLES-12 + Update to Xen 4.4.0 RC1 c/s 28233 +- Drop 32bit support from spec file +- Dropped numerous patches now included in the tarball + +------------------------------------------------------------------- +Wed Jan 1 10:28:10 UTC 2014 - coolo@suse.com + +- gcc-32bit pulls in the right gcc bits, so better buildrequire that + +------------------------------------------------------------------- +Tue Nov 26 08:26:07 MST 2013 - carnold@suse.com + +- Upstream patches from Jan + 5281fad4-numa-sched-leave-node-affinity-alone-if-not-in-auto-mode.patch + 52820823-nested-SVM-adjust-guest-handling-of-structure-mappings.patch + 52820863-VMX-don-t-crash-processing-d-debug-key.patch + 5282492f-x86-eliminate-has_arch_mmios.patch + 52864df2-credit-Update-other-parameters-when-setting-tslice_ms.patch + 52864f30-fix-leaking-of-v-cpu_affinity_saved-on-domain-destruction.patch + 5289d225-nested-VMX-don-t-ignore-mapping-errors.patch + 528a0eb0-x86-consider-modules-when-cutting-off-memory.patch + 528f606c-x86-hvm-reset-TSC-to-0-after-domain-resume-from-S3.patch + 528f609c-x86-crash-disable-the-watchdog-NMIs-on-the-crashing-cpu.patch + 52932418-x86-xsave-fix-nonlazy-state-handling.patch + +------------------------------------------------------------------- +Fri Nov 22 14:36:12 MST 2013 - carnold@suse.com + +- bnc#851749 - Xen service file does not call xend properly + xend.service + +------------------------------------------------------------------- +Fri Nov 22 08:15:04 UTC 2013 - adrian@suse.de + +- Add missing requires to pciutils package for xend-tools + +------------------------------------------------------------------- +Tue Nov 19 11:52:31 MST 2013 - carnold@suse.com + +- bnc#851386 - VUL-0: xen: XSA-78: Insufficient TLB flushing in + VT-d (iommu) code + 528a0e5b-TLB-flushing-in-dma_pte_clear_one.patch + +------------------------------------------------------------------- +Tue Nov 19 10:42:54 CET 2013 - tbehrens@suse.com + +- Make -devel package depend on libuuid-devel, since libxl.h + includes uuid.h + +------------------------------------------------------------------- +Mon Nov 11 10:22:20 MST 2013 - carnold@suse.com + +- bnc#849667 - VUL-0: xen: XSA-74: Lock order reversal between + page_alloc_lock and mm_rwlock + CVE-2013-4553-xsa74.patch +- bnc#849665 - VUL-0: CVE-2013-4551: xen: XSA-75: Host crash due to + guest VMX instruction execution + 52809208-nested-VMX-VMLANUCH-VMRESUME-emulation-must-check-permission-1st.patch +- bnc#849668 - VUL-0: xen: XSA-76: Hypercalls exposed to privilege + rings 1 and 2 of HVM guests + CVE-2013-4554-xsa76.patch +- Upstream patches from Jan + 52654798-x86-xsave-also-save-restore-XCR0-across-suspend-ACPI-S3.patch + 526e43d4-x86-refine-address-validity-checks-before-accessing-page-tables.patch + 526f786a-fix-locking-in-cpu_disable_scheduler.patch + 5277646c-x86-ACPI-x2APIC-guard-against-out-of-range-ACPI-or-APIC-IDs.patch + 5277a134-x86-make-sure-memory-block-is-RAM-before-passing-to-the-allocator.patch + 5278f7f9-x86-HVM-32-bit-IN-result-must-be-zero-extended-to-64-bits.patch + 527a0a05-call-sched_destroy_domain-before-cpupool_rm_domain.patch + 527cb7d2-x86-hvm-fix-restart-of-RTC-periodic-timer-with-vpt_align-1.patch + 527cb820-x86-EFI-make-trampoline-allocation-more-flexible.patch + 5280aae0-x86-idle-reduce-contention-on-ACPI-register-accesses.patch + +------------------------------------------------------------------- +Wed Nov 4 09:42:36 MDT 2013 - carnold@suse.com + +- bnc#848657 - VUL-0: xen: CVE-2013-4494: XSA-73: Lock order + reversal between page allocation and grant table locks + 5277639c-gnttab-correct-locking-order-reversal.patch + +------------------------------------------------------------------- +Thu Oct 31 17:07:49 MDT 2013 - carnold@suse.com + +- Update to Xen 4.3.1 + +------------------------------------------------------------------- +Tue Oct 22 13:42:54 MDT 2013 - carnold@suse.com + +- domUloader can no longer be used with the xl toolstack to boot + sles10. Patch pygrub to get the kernel and initrd from the image. + pygrub-boot-legacy-sles.patch + +------------------------------------------------------------------- +Mon Oct 21 09:57:54 MDT 2013 - carnold@suse.com + +- bnc#842515 - VUL-0: CVE-2013-4375: XSA-71: xen: qemu disk backend + (qdisk) resource leak + CVE-2013-4375-xsa71.patch +- bnc#845520 - VUL-0: CVE-2013-4416: xen: ocaml xenstored + mishandles oversized message replies + CVE-2013-4416-xsa72.patch +- Upstream patches from Jan + 52496bea-x86-properly-handle-hvm_copy_from_guest_-phys-virt-errors.patch (Replaces CVE-2013-4355-xsa63.patch) + 52496c11-x86-mm-shadow-Fix-initialization-of-PV-shadow-L4-tables.patch (Replaces CVE-2013-4356-xsa64.patch) + 52496c32-x86-properly-set-up-fbld-emulation-operand-address.patch (Replaces CVE-2013-4361-xsa66.patch) + 52497c6c-x86-don-t-blindly-create-L3-tables-for-the-direct-map.patch + 524e971b-x86-idle-Fix-get_cpu_idle_time-s-interaction-with-offline-pcpus.patch + 524e9762-x86-percpu-Force-INVALID_PERCPU_AREA-to-non-canonical.patch + 524e983e-Nested-VMX-check-VMX-capability-before-read-VMX-related-MSRs.patch + 524e98b1-Nested-VMX-fix-IA32_VMX_CR4_FIXED1-msr-emulation.patch + 524e9dc0-xsm-forbid-PV-guest-console-reads.patch + 5256a979-x86-check-segment-descriptor-read-result-in-64-bit-OUTS-emulation.patch + 5256be57-libxl-fix-vif-rate-parsing.patch + 5256be84-tools-ocaml-fix-erroneous-free-of-cpumap-in-stub_xc_vcpu_getaffinity.patch + 5256be92-libxl-fix-out-of-memory-error-handling-in-libxl_list_cpupool.patch + 5257a89a-x86-correct-LDT-checks.patch + 5257a8e7-x86-add-address-validity-check-to-guest_map_l1e.patch + 5257a944-x86-check-for-canonical-address-before-doing-page-walks.patch + 525b95f4-scheduler-adjust-internal-locking-interface.patch + 525b9617-sched-fix-race-between-sched_move_domain-and-vcpu_wake.patch + 525e69e8-credit-unpause-parked-vcpu-before-destroying-it.patch + 525faf5e-x86-print-relevant-tail-part-of-filename-for-warnings-and-crashes.patch + +------------------------------------------------------------------- +Wed Oct 2 15:58:47 MDT 2013 - jfehlig@suse.com + +- Improvements to block-dmmd script + bnc#828623 + +------------------------------------------------------------------- +Tue Oct 1 15:28:25 MDT 2013 - carnold@suse.com + +- bnc#840196 - L3: MTU size on Dom0 gets reset when booting DomU + with e1000 device + set-mtu-from-bridge-for-tap-interface.patch + +------------------------------------------------------------------- +Mon Sep 30 10:48:29 MDT 2013 - carnold@suse.com + +- bnc#839596 - VUL-0: CVE-2013-1442: XSA-62: xen: Information leak + on AVX and/or LWP capable CPUs + 5242a1b5-x86-xsave-initialize-extended-register-state-when-guests-enable-it.patch +- bnc#840592 - VUL-0: CVE-2013-4355: XSA-63: xen: Information leaks + through I/O instruction emulation + CVE-2013-4355-xsa63.patch +- bnc#840593 - VUL-0: CVE-2013-4356: XSA-64: xen: Memory accessible + by 64-bit PV guests under live migration + CVE-2013-4356-xsa64.patch +- bnc#841766 - VUL-1: CVE-2013-4361: XSA-66: xen: Information leak + through fbld instruction emulation + CVE-2013-4361-xsa66.patch +- bnc#833796 - L3: Xen: migration broken from xsave-capable to + xsave-incapable host + 52205e27-x86-xsave-initialization-improvements.patch + 522dc0e6-x86-xsave-fix-migration-from-xsave-capable-to-xsave-incapable-host.patch +- bnc#839600 - [HP BCS SLES11 Bug]: In HP’s UEFI x86_64 platform and + sles11sp3 with xen environment, xen hypervisor will panic on + multiple blades nPar. + 523172d5-x86-fix-memory-cut-off-when-using-PFN-compression.patch +- bnc#833251 - [HP BCS SLES11 Bug]: In HP’s UEFI x86_64 platform + and with xen environment, in booting stage ,xen hypervisor will + panic. + 522d896b-x86-EFI-properly-handle-run-time-memory-regions-outside-the-1-1-map.patch +- bnc#834751 - [HP BCS SLES11 Bug]: In xen, “shutdown –y 0 –h” + cannot power off system + 522d896b-x86-EFI-properly-handle-run-time-memory-regions-outside-the-1-1-map.patch +- Upstream patches from Jan + 520119fc-xen-conring-Write-to-console-ring-even-if-console-lock-is-busted.patch + 520a2705-watchdog-crash-Always-disable-watchdog-in-console_force_unlock.patch + 522d8a1f-x86-allow-guest-to-set-clear-MSI-X-mask-bit-try-2.patch + 522dc044-xmalloc-make-whole-pages-xfree-clear-the-order-field-ab-used-by-xmalloc.patch + 522f2f9f-Nested-VMX-Clear-bit-31-of-IA32_VMX_BASIC-MSR.patch + 522f37b2-sched-arinc653-check-for-guest-data-transfer-failures.patch + 5231e090-libxc-x86-fix-page-table-creation-for-huge-guests.patch + 5231f00c-cpufreq-missing-check-of-copy_from_guest.patch + 523304b6-x86-machine_restart-must-not-call-acpi_dmar_reinstate-twice.patch + 5239a064-x86-HVM-fix-failure-path-in-hvm_vcpu_initialise.patch + 5239a076-VMX-fix-failure-path-in-construct_vmcs.patch + 523c0ed4-x86-HVM-properly-handle-wide-MMIO.patch + 523c1758-sched_credit-filter-node-affinity-mask-against-online-cpus.patch + 523ff393-x86-HVM-linear-address-must-be-canonical-for-the-whole-accessed-range.patch + 523ff3e2-x86-HVM-refuse-doing-string-operations-in-certain-situations.patch + +------------------------------------------------------------------- +Wed Sep 25 18:54:24 CEST 2013 - ohering@suse.de + +- Use upstream version of unplugging in PVonHVM guests + add 523c1834-unmodified_drivers-enable-unplug-per-default.patch + remove disable_emulated_device.patch + +------------------------------------------------------------------- +Wed Sep 25 16:17:37 CEST 2013 - ohering@suse.de + +- fate#315714 - Support pvUSB in Xen HVM guests, add xen-usb.ko + +------------------------------------------------------------------- +Mon Sep 9 09:26:18 MDT 2013 - carnold@suse.com + +- Upstream patches from Jan + 521c6d4a-x86-don-t-allow-Dom0-access-to-the-MSI-address-range.patch + 521c6d6c-x86-don-t-allow-Dom0-access-to-the-HT-address-range.patch + 521c6e23-x86-Intel-add-support-for-Haswell-CPU-models.patch + 521db25f-Fix-inactive-timer-list-corruption-on-second-S3-resume.patch + 521e1156-x86-AVX-instruction-emulation-fixes.patch + 521ef8d9-AMD-IOMMU-add-missing-checks.patch + 52205a7d-hvmloader-smbios-Correctly-count-the-number-of-tables-written.patch + 52205a90-public-hvm_xs_strings.h-Fix-ABI-regression-for-OEM-SMBios-strings.patch + 52205e27-x86-xsave-initialization-improvements.patch + 5226020f-xend-handle-extended-PCI-configuration-space-when-saving-state.patch + 52260214-xend-fix-file-descriptor-leak-in-pci-utilities.patch + 52285317-hvmloader-fix-SeaBIOS-interface.patch + +------------------------------------------------------------------- +Tue Sep 3 16:23:16 MDT 2013 - carnold@suse.com + +- bnc#837585 - xen* pkg update DISables `xencommons` and + `xendomains` systemd services + xen.spec + +------------------------------------------------------------------- +Fri Aug 30 20:11:46 CEST 2013 - ohering@suse.de + +- remove unneeded patch, autoload is handled by PCI device, without + PCI device xen_platform_pci would not work anyway + xen.sles11sp1.fate311487.xen_platform_pci.dmistring.patch + +------------------------------------------------------------------- +Fri Aug 30 20:07:41 CEST 2013 - ohering@suse.de + +- Update our xen-3.0.4 version of unplug code in qemu-trad + add comments about the usage of the code + rename handler function + reenable handlers for writing/reading from emulated PCI device + +------------------------------------------------------------------- +Fri Aug 30 19:51:03 CEST 2013 - ohering@suse.de + +- Change unplugging of emulated devices in PVonHVM guests + Since 3.0.4 xen-platform-pci.ko triggerd the unplug by writing + to the PCI space of the emulated PCI device. 3.3 introduced an + official unplug protocol. The option to unplug wit the official + protocol is disabled per default. + Remove our version and enable the unplug via official protocol + +------------------------------------------------------------------- +Fri Aug 30 08:11:55 MDT 2013 - carnold@suse.com + +- Upstream patches from Jan + 51e517e6-AMD-IOMMU-allocate-IRTEs.patch + 51e5183f-AMD-IOMMU-untie-remap-and-vector-maps.patch + 51e63df6-VMX-fix-interaction-of-APIC-V-and-Viridian-emulation.patch + 52146070-ACPI-fix-acpi_os_map_memory.patch + 5214d26a-VT-d-warn-about-CFI-being-enabled-by-firmware.patch + 5215d094-Nested-VMX-Check-whether-interrupt-is-blocked-by-TPR.patch + 5215d0c5-Nested-VMX-Force-check-ISR-when-L2-is-running.patch + 5215d135-Nested-VMX-Clear-APIC-v-control-bit-in-vmcs02.patch + 5215d2d5-Nested-VMX-Update-APIC-v-RVI-SVI-when-vmexit-to-L1.patch + 5215d8b0-Correct-X2-APIC-HVM-emulation.patch +- Dropped 520d417d-xen-Add-stdbool.h-workaround-for-BSD.patch + +------------------------------------------------------------------- +Mon Aug 26 15:48:57 MDT 2013 - carnold@suse.com + +- bnc#836239 - SLES 11 SP3 Xen security patch does not + automatically update UEFI boot binary + xen.spec + +------------------------------------------------------------------- +Tue Aug 20 07:56:13 MDT 2013 - carnold@suse.com + +- Upstream patches from Jan + 51d5334e-x86-mm-Ensure-useful-progress-in-alloc_l2_table.patch + 51dd155c-adjust-x86-EFI-build.patch + 51e63d80-x86-cpuidle-Change-logging-for-unknown-APIC-IDs.patch + 51e6540d-x86-don-t-use-destroy_xen_mappings-for-vunmap.patch + 51e7963f-x86-time-Update-wallclock-in-shared-info-when-altering-domain-time-offset.patch + 51ffd577-fix-off-by-one-mistakes-in-vm_alloc.patch + 51ffd5fd-x86-refine-FPU-selector-handling-code-for-XSAVEOPT.patch + 520114bb-Nested-VMX-Flush-TLBs-and-Caches-if-paging-mode-changed.patch + 520a5504-VMX-add-boot-parameter-to-enable-disable-APIC-v-dynamically.patch + 520a24f6-x86-AMD-Fix-nested-svm-crash-due-to-assertion-in-__virt_to_maddr.patch + 520a2570-x86-AMD-Inject-GP-instead-of-UD-when-unable-to-map-vmcb.patch + 520b4b60-VT-d-protect-against-bogus-information-coming-from-BIOS.patch + 520b4bda-x86-MTRR-fix-range-check-in-mtrr_add_page.patch + 520cb8b6-x86-time-fix-check-for-negative-time-in-__update_vcpu_system_time.patch + 520d417d-xen-Add-stdbool.h-workaround-for-BSD.patch + +------------------------------------------------------------------- +Fri Aug 16 14:54:53 MDT 2013 - carnold@suse.com + +- The xencommons.service file handles the starting of xenstored + and xenconsoled. Drop the following services files as + unecessary. Update xendomains.service to reflect these changes. + xenstored.service + xenconsoled.service + blktapctrl.service + +------------------------------------------------------------------- +Thu Aug 16 08:54:04 MDT 2013 - carnold@suse.com + +- Add xencommons.service to xendomains.service 'After' tag + xendomains.service + +------------------------------------------------------------------- +Thu Aug 15 14:54:04 MDT 2013 - carnold@suse.com + +- Change the default bridge in xl.conf from xenbr0 to just br0 + xl-conf-default-bridge.patch +- Add network.target to xendomains.service 'After' tag + xendomains.service + +------------------------------------------------------------------- +Wed Jul 31 11:34:14 MDT 2013 - carnold@suse.com + +- Spec file cleanups + xen.spec +- Renamed xend-sysconfig.patch to xencommons-sysconfig.patch + +------------------------------------------------------------------- +Mon Jul 29 16:46:33 MDT 2013 - carnold@suse.com + +- Added support for systemd with the following service files + xenstored.service + blktapctrl.service + xend.service + xenconsoled.service + xen-watchdog.service + xendomains.service + xencommons.service + +------------------------------------------------------------------- +Fri Jul 12 11:05:11 MDT 2013 - carnold@suse.com + +- Upstream patches from Jan + 51d277a3-x86-don-t-pass-negative-time-to-gtime_to_gtsc-try-2.patch + 51d27807-iommu-amd-Fix-logic-for-clearing-the-IOMMU-interrupt-bits.patch + 51d27841-iommu-amd-Workaround-for-erratum-787.patch + 51daa074-Revert-hvmloader-always-include-HPET-table.patch + +------------------------------------------------------------------- +Fri Jul 12 09:31:01 MDT 2013 - carnold@suse.com + +- Dropped deprecated or unnecessary patches + pvdrv-import-shared-info.patch + minios-fixups.patch + +------------------------------------------------------------------- +Tue Jul 9 13:06:27 MDT 2013 - carnold@suse.com + +- Update to Xen 4.3.0 FCS + +------------------------------------------------------------------- +Fri Jul 5 14:31:51 UTC 2013 - agraf@suse.com + +- Enable ARM targets for Xen + +------------------------------------------------------------------- +Thu Jun 27 16:57:08 MDT 2013 - carnold@suse.com + +- Update to Xen 4.3.0-rc6 + +------------------------------------------------------------------- +Wed Jun 19 14:34:20 MDT 2013 - carnold@suse.com + +- Update to Xen 4.3.0-rc5 + +------------------------------------------------------------------- +Wed Jun 14 11:06:23 MDT 2013 - carnold@suse.com + +- Update to Xen 4.3.0-rc4 + +------------------------------------------------------------------- +Mon Jun 10 18:36:38 MDT 2013 - carnold@suse.com + +- Fix xen-utils compiler time warnings + xen-utils-0.1.tar.bz2 + +------------------------------------------------------------------- +Fri Jun 7 08:45:56 MDT 2013 - carnold@suse.com + +- Enable building the KMPs + xen.spec + +------------------------------------------------------------------- +Wed Jun 5 11:02:23 MDT 2013 - carnold@suse.com + +- Update to Xen 4.3.0-rc3 + +------------------------------------------------------------------- +Fri May 31 09:40:59 MDT 2013 - carnold@suse.com + +- bnc#801663 - performance of mirror lvm unsuitable for production + block-dmmd + +------------------------------------------------------------------- +Thu May 30 18:45:40 MDT 2013 - carnold@suse.com + +- Update to Xen 4.3.0-rc2 + +------------------------------------------------------------------- +Wed May 15 13:45:50 MDT 2013 - carnold@suse.com + +- The xend toolstack is now deprecated and unsupported. Consolidate + all xend and traditional qemu patches into one patch file. + Rename '.diff' patches to '.patch' and reoder others. + xend-traditional-qemu.patch + +------------------------------------------------------------------- +Tue May 14 15:36:04 MDT 2013 - carnold@suse.com + +- Create a xend-tools package for the legacy xend toolstack and + traditional qemu files. + +------------------------------------------------------------------- +Mon May 13 16:02:52 MDT 2013 - carnold@suse.com + +- Update to Xen 4.3.0-rc1 c/s 27068 + Drop all upstream changeset patches now included in 4.3 tarball +- Removed the doc-pdf RPM as there are no more PDFs to include + since the docs/xen-api sources were dropped. + +------------------------------------------------------------------- +Tue May 7 11:46:29 MDT 2013 - carnold@suse.com + +- bnc#818183 - VUL-0: xen: CVE-2013-2007: XSA-51: qga set umask + 0077 when daemonizing + CVE-2013-2007-xsa51-1.patch + CVE-2013-2007-xsa51-2.patch + +------------------------------------------------------------------- +Mon May 6 15:52:03 CEST 2013 - ohering@suse.de + +- add lndir to BuildRequires + +------------------------------------------------------------------- +Mon May 6 11:45:03 CEST 2013 - ohering@suse.de + +- remove xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch + It changed migration protocol and upstream wants a different solution + +------------------------------------------------------------------- +Sun May 5 16:20:30 CEST 2013 - ohering@suse.de + +- bnc#802221 - fix xenpaging + readd xenpaging.qemu.flush-cache.patch + +------------------------------------------------------------------- +Thu May 2 09:11:33 MDT 2013 - carnold@suse.com + +- bnc#808269 - Fully Virtualized Windows VM install is failed on + Ivy Bridge platforms with Xen kernel + 26754-hvm-Improve-APIC-INIT-SIPI-emulation.patch + +------------------------------------------------------------------- +Tue Apr 30 09:15:26 MDT 2013 - carnold@suse.com + +- Upstream patches from Jan + 26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch + 26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch +- Additional fix for bnc#816159 + CVE-2013-1918-xsa45-followup.patch + +------------------------------------------------------------------- +Mon Apr 29 15:40:35 MDT 2013 - cyliu@suse.com + +- bnc#817068 - Xen guest with >1 sr-iov vf won't start + xen-managed-pci-device.patch + +------------------------------------------------------------------- +Mon Apr 29 11:21:54 MDT 2013 - carnold@suse.com + +- Update to Xen 4.2.2 c/s 26064 + The following recent security patches are included in the tarball + CVE-2013-0151-xsa34.patch (bnc#797285) + CVE-2012-6075-xsa41.patch (bnc#797523) + CVE-2013-1917-xsa44.patch (bnc#813673) + CVE-2013-1919-xsa46.patch (bnc#813675) + +------------------------------------------------------------------- +Wed Apr 24 08:07:07 MDT 2013 - carnold@suse.com + +- Upstream patch from Jan + 26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch + +------------------------------------------------------------------- +Fri Apr 19 14:22:43 MDT 2013 - carnold@suse.com + +- bnc#816159 - VUL-0: xen: CVE-2013-1918: XSA-45: Several long + latency operations are not preemptible + CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch + CVE-2013-1918-xsa45-2-new-guest-cr3-preemptible.patch + CVE-2013-1918-xsa45-3-new-user-base-preemptible.patch + CVE-2013-1918-xsa45-4-vcpu-reset-preemptible.patch + CVE-2013-1918-xsa45-5-set-info-guest-preemptible.patch + CVE-2013-1918-xsa45-6-unpin-preemptible.patch + CVE-2013-1918-xsa45-7-mm-error-paths-preemptible.patch +- bnc#816163 - VUL-0: xen: CVE-2013-1952: XSA-49: VT-d interrupt + remapping source validation flaw for bridges + CVE-2013-1952-xsa49.patch + +------------------------------------------------------------------- +Thu Apr 18 10:17:08 MDT 2013 - cyliu@suse.com + +- bnc#809662 - can't use pv-grub to start domU (pygrub does work) + xen.spec + +------------------------------------------------------------------- +Mon Apr 15 14:47:41 MDT 2013 - carnold@suse.com + +- bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 + on Kyoto + xend-cpuinfo-model-name.patch + +------------------------------------------------------------------- +Mon Apr 15 10:55:17 MDT 2013 - carnold@suse.com + +- bnc#813673 - VUL-0: CVE-2013-1917: xen: Xen PV DoS vulnerability with + SYSENTER + CVE-2013-1917-xsa44.patch +- bnc#813675 - VUL-0: CVE-2013-1919: xen: Several access permission + issues with IRQs for unprivileged guests + CVE-2013-1919-xsa46.patch +- bnc#814059 - VUL-1: xen: qemu-nbd format-guessing due to missing + format specification + CVE-2013-1922-xsa48.patch +- Upstream patches from Jan + 26749-x86-reserve-pages-when-SandyBridge-integrated-graphics.patch + 26751-x86-EFI-permit-setting-variable-with-non-zero-attributes.patch + 26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch + 26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vectors.patch + 26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch + 26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mode.patch + 26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap-pages.patch + 26774-defer-event-channel-bucket-pointer-store-until-after-XSM-checks.patch + 26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch + +------------------------------------------------------------------- +Thu Apr 4 11:17:43 MDT 2013 - carnold@suse.com + +- bnc#813156 - IndentationError in XendCheckpoint.py + xend-domain-lock.patch + +------------------------------------------------------------------- +Tue Apr 2 15:41:19 CEST 2013 - ohering@suse.de + +- bnc#797014 - no way to control live migrations +- bnc#803712 - after live migration rcu_sched_state detected stalls + xen.migrate.tools-xend_move_assert_to_exception_block.patch + xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch + xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch + xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch + +------------------------------------------------------------------- +Tue Mar 26 10:37:43 MDT 2013 - carnold@suse.com + +- bnc#811764 - XEN (hypervisor or kernel) has a problem with EFI + variable services + x86-EFI-set-variable-permit-attrs.patch +- Upstream patches from Jan + 26060-ACPI-ERST-table-size-checks.patch + 26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch + 26702-powernow-add-fixups-for-AMD-P-state-figures.patch + 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch (bnc#805579) + 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch + 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch + 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch + 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch + 26737-ACPI-APEI-Add-apei_exec_run_optional.patch + 26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch + 26743-VT-d-deal-with-5500-5520-X58-errata.patch (bnc#801910) + 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch + +------------------------------------------------------------------- +Thu Mar 14 09:58:38 MDT 2013 - jfehlig@suse.com + +- Load blktap module in xencommons init script. blktap2 doesn't + support qcow2, so blktap is needed to support domains with + 'tap:qcow2' disk configurations. + modified tmp-initscript-modprobe.patch + +------------------------------------------------------------------- +Thu Mar 14 07:32:17 MDT 2013 - carnold@suse.com + +- bnc#809203 - xen.efi isn't signed with SUSE Secure Boot key + xen.spec + +------------------------------------------------------------------- +Mon Mar 11 21:07:21 MDT 2013 - jfehlig@suse.com + +- Fix adding managed PCI device to an inactive domain + modified xen-managed-pci-device.patch + +------------------------------------------------------------------- +Mon Mar 11 11:45:22 MDT 2013 - jfehlig@suse.com + +- bnc#805094 - xen hot plug attach/detach fails + modified blktap-pv-cdrom.patch + +------------------------------------------------------------------- +Mon Mar 11 11:17:57 MDT 2013 - jfehlig@suse.com + +- bnc# 802690 - domain locking can prevent a live migration from + completing + modified xend-domain-lock.patch + +------------------------------------------------------------------- +Fri Mar 8 15:01:15 CET 2013 - ohering@suse.de + +- bnc#797014 - no way to control live migrations + 26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch + xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch + xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch + xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch + xen.migrate.tools_set_migration_constraints_from_cmdline.patch + xen.migrate.tools_add_xm_migrate_--log_progress_option.patch + +------------------------------------------------------------------- +Thu Mar 7 14:39:57 MST 2013 - carnold@suse.com + +- Upstream patches from Jan + 26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch + 26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch + 26601-honor-ACPI-v4-FADT-flags.patch + 26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch + 26659-AMD-IOMMU-erratum-746-workaround.patch + 26660-x86-fix-CMCI-injection.patch + 26672-vmx-fix-handling-of-NMI-VMEXIT.patch + 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch + 26676-fix-compat-memory-exchange-op-splitting.patch + 26677-x86-make-certain-memory-sub-ops-return-valid-values.patch + 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch + 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch + 26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch + 26689-fix-domain-unlocking-in-some-xsm-error-paths.patch + +------------------------------------------------------------------- +Tue Mar 5 13:35:40 MST 2013 - carnold@suse.com + +- fate#313584: pass bios information to XEN HVM guest + xend-hvm-firmware-passthrough.patch + +------------------------------------------------------------------- +Mon Mar 4 20:28:29 CET 2013 - ohering@suse.de + +- bnc#806736: enabling xentrace crashes hypervisor + 26686-xentrace_fix_off-by-one_in_calculate_tbuf_size.patch + +------------------------------------------------------------------- +Thu Feb 28 11:12:04 CET 2013 - ohering@suse.de + +- update xenalyze to revision 149 + Make eip_list output more useful + Use correct length when copying record into buffer + decode PV_HYPERCALL_SUBCALL events + decode PV_HYPERCALL_V2 records + Analyze populate-on-demand reclamation patterns + Handle 64-bit MMIO + Also strip write bit when processing a generic event + Make the warnigns in hvm_generic_postprocess more informative + Don't warn about switching paging levels unless verbosity>=6 + Process NPFs as generic for summary purposes + Add HVM_EVENT_VLAPIC + +------------------------------------------------------------------- +Wed Feb 20 15:00:13 MST 2013 - jfehlig@suse.com + +- Add upstream patch to fix vfb/vkb initialization in libxl + 26369-libxl-devid.patch + +------------------------------------------------------------------- +Tue Feb 19 14:35:07 MST 2013 - carnold@suse.com + +- fate##313584: pass bios information to XEN HVM guest + 26554-hvm-firmware-passthrough.patch + 26555-hvm-firmware-passthrough.patch + 26556-hvm-firmware-passthrough.patch + +------------------------------------------------------------------- +Tue Feb 19 10:46:46 MST 2013 - carnold@suse.com + +- Upstream patches from Jan + 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) + 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) + 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) + 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) + 26526-pvdrv-no-devinit.patch + 26529-gcc48-build-fix.patch + 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) + 26532-AMD-IOMMU-phantom-MSI.patch + 26536-xenoprof-div-by-0.patch + 26576-x86-APICV-migration.patch + 26577-x86-APICV-x2APIC.patch + 26578-AMD-IOMMU-replace-BUG_ON.patch + +------------------------------------------------------------------- +Mon Feb 18 17:28:00 CET 2013 - ohering@suse.de + +- bnc#797014 - no way to control live migrations + 26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch + 26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch + 26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch + 26550-tools-xc_restore_logging_in_xc_save.patch + 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch + +------------------------------------------------------------------- +Mon Feb 11 14:35:06 UTC 2013 - mmarek@suse.cz + +- Set $BRP_PESIGN_FILES in the %install section so that modules + are signed in the buildservice (fate#314552). + +------------------------------------------------------------------- +Mon Feb 11 15:33:24 CET 2013 - ohering@suse.de + +- PVonHVM: __devinit was removed in linux-3.8 + +------------------------------------------------------------------- +Wed Feb 6 09:01:29 MST 2013 - jfehlig@suse.com + +- Add 'managed' PCI passthrough support to xend, allowing support + for the same through libvirt + xen-managed-pci-device.patch + FATE#313570 + +------------------------------------------------------------------- +Tue Feb 5 11:50:14 MST 2013 - carnold@suse.com + +- Upstream patches from Jan + 26287-sched-credit-pick-idle.patch + 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) + 26370-libxc-x86-initial-mapping-fit.patch + 26395-x86-FPU-context-conditional.patch + 26404-x86-forward-both-NMI-kinds.patch + 26418-x86-trampoline-consider-multiboot.patch + 26427-x86-AMD-enable-WC+.patch + 26428-x86-HVM-RTC-update.patch + 26440-x86-forward-SERR.patch + 26443-ACPI-zap-DMAR.patch + 26444-x86-nHVM-no-self-enable.patch (Replaces CVE-2013-0152-xsa35.patch) + 26501-VMX-simplify-CR0-update.patch + 26502-VMX-disable-SMEP-when-not-paging.patch + +------------------------------------------------------------------- +Fri Feb 1 08:30:28 MST 2013 - carnold@suse.com + +- bnc#800275 - VUL-0: XSA-36: CVE-2013-0153: xen: interrupt remap + entries shared and old ones not cleared on AMD IOMMUs + CVE-2013-0153-xsa36.patch + +------------------------------------------------------------------- +Wed Jan 30 15:14:41 UTC 2013 - mmarek@suse.cz + +- Add # needssslcertforbuild to the specfile, to make the UEFI + signing certificate available during build (fate#314511, fate#314552). + +------------------------------------------------------------------- +Fri Jan 25 14:57:30 MST 2013 - jfehlig@suse.com + +- bnc#798188 - Add $network to xend initscript dependencies + +------------------------------------------------------------------- +Thu Jan 24 15:57:12 MST 2013 - jfehlig@suse.com + +- Add upstream patches to fix libxl bugs. These patches have + already been posted for inclusion in xen-4.2-testing. + 25912-partial-libxl.patch + 26372-tools-paths.patch + 26468-libxl-race.patch + 26469-libxl-race.patch + +------------------------------------------------------------------- +Tue Jan 22 08:12:39 MST 2013 - carnold@novell.com + +- bnc#797285 - VUL-0: Xen: XSA-34 (CVE-2013-0151) - nested + virtualization on 32-bit exposes host crash + CVE-2013-0151-xsa34.patch +- bnc#797287 - VUL-0: Xen: XSA-35 (CVE-2013-0152) - Nested HVM + exposes host to being driven out of memory by guest + CVE-2013-0152-xsa35.patch + +------------------------------------------------------------------- +Thu Jan 17 14:13:52 MST 2013 - carnold@novell.com + +- bnc#793717 - NetWare will not boot on Xen 4.2 + xnloader.py + domUloader.py + pygrub-netware-xnloader.patch + Removed reverse-24757-use-grant-references.patch + +------------------------------------------------------------------- +Wed Jan 16 11:26:29 MST 2013 - carnold@novell.com + +- bnc#797523 - VUL-1: CVE-2012-6075: qemu / kvm-qemu: e1000 + overflows under some conditions + CVE-2012-6075-xsa41.patch + +------------------------------------------------------------------- +Tue Jan 15 13:19:36 MST 2013 - carnold@novell.com + +- Mask the floating point exceptions for guests like NetWare on + machines that support XSAVE. + x86-fpu-context-conditional.patch + +------------------------------------------------------------------- +Mon Jan 14 12:01:33 MST 2013 - carnold@novell.com + +- fate##313584: pass bios information to XEN HVM guest + 26341-hvm-firmware-passthrough.patch + 26342-hvm-firmware-passthrough.patch + 26343-hvm-firmware-passthrough.patch + 26344-hvm-firmware-passthrough.patch + +------------------------------------------------------------------- +Tue Jan 8 11:06:04 MST 2013 - carnold@novell.com + +- bnc#787169 - L3: Marvell 88SE9125 disk controller not detecting + disk in Xen kernel + 26133-IOMMU-defer-BM-disable.patch + 26324-IOMMU-assign-params.patch + 26325-IOMMU-add-remove-params.patch + 26326-VT-d-context-map-params.patch + 26327-AMD-IOMMU-flush-params.patch + 26328-IOMMU-pdev-type.patch + 26329-IOMMU-phantom-dev.patch + 26330-VT-d-phantom-MSI.patch + 26331-IOMMU-phantom-dev-quirk.patch +- Upstream patches from Jan + 26294-x86-AMD-Fam15-way-access-filter.patch + 26320-IOMMU-domctl-assign-seg.patch + 26332-x86-compat-show-guest-stack-mfn.patch + 26333-x86-get_page_type-assert.patch + +------------------------------------------------------------------- +Mon Dec 17 11:20:47 MST 2012 - carnold@novell.com + +- bnc#794316 - VUL-0: CVE-2012-5634: xen: VT-d interrupt remapping + source validation flaw (XSA-33) + CVE-2012-5634-xsa33.patch + +------------------------------------------------------------------- +Mon Dec 17 11:15:17 MST 2012 - carnold@novell.com + +- Update to Xen 4.2.1 c/s 25952 + +------------------------------------------------------------------- +Tue Dec 11 10:14:11 MST 2012 - carnold@novell.com + +- Upstream patches from Jan + 26195-x86-compat-atp-gmfn-range-cont.patch + 26196-ACPI-set-PDC-bits-rc.patch + 26200-IOMMU-debug-verbose.patch + 26203-x86-HAP-dirty-vram-leak.patch + 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) + 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) + 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) + 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) + 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) + 26234-x86-page-from-gfn-pv.patch (Replaces CVE-2012-5525-xsa32.patch) + 26235-IOMMU-ATS-max-queue-depth.patch + 26252-VMX-nested-rflags.patch + 26253-VMX-nested-rdtsc.patch + 26254-VMX-nested-dr.patch + 26255-VMX-nested-ia32e-mode.patch + 26258-VMX-nested-intr-delivery.patch + 26260-x86-mmuext-errors.patch + 26262-x86-EFI-secure-shim.patch + 26266-sched-ratelimit-check.patch + 26272-x86-EFI-makefile-cflags-filter.patch + +------------------------------------------------------------------- +Mon Dec 10 14:21:14 MST 2012 - carnold@novell.com + +- bnc#757525 - domain destroyed on live migration with missing vif + on target machine + xen-migration-bridge-check.patch + +------------------------------------------------------------------- +Thu Dec 6 10:56:26 MST 2012 - carnold@novell.com + +- NetWare will not boot or install on Xen 4.2 + reverse-24757-use-grant-references.patch + +------------------------------------------------------------------- +Fri Nov 30 10:30:10 CST 2012 - cyliu@suse.com + +- fate#313222 - xenstore-chmod should support 256 permissions + 26189-xenstore-chmod.patch + +------------------------------------------------------------------- +Tue Nov 27 09:17:17 MST 2012 - carnold@novell.com + +- bnc#789945 - VUL-0: CVE-2012-5510: xen: Grant table version + switch list corruption vulnerability (XSA-26) + CVE-2012-5510-xsa26.patch +- bnc#789944 - VUL-0: CVE-2012-5511: xen: Several HVM operations do + not validate the range of their inputs (XSA-27) + CVE-2012-5511-xsa27.patch +- bnc#789951 - VUL-0: CVE-2012-5513: xen: XENMEM_exchange may + overwrite hypervisor memory (XSA-29) + CVE-2012-5513-xsa29.patch +- bnc#789948 - VUL-0: CVE-2012-5514: xen: Missing unlock in + guest_physmap_mark_populate_on_demand() (XSA-30) + CVE-2012-5514-xsa30.patch +- bnc#789950 - VUL-0: CVE-2012-5515: xen: Several memory hypercall + operations allow invalid extent order values (XSA-31) + CVE-2012-5515-xsa31.patch +- bnc#789952 - VUL-0: CVE-2012-5525: xen: Several hypercalls do not + validate input GFNs (XSA-32) + CVE-2012-5525-xsa32.patch +- Upstream patches from Jan + 26129-ACPI-BGRT-invalidate.patch + 26132-tmem-save-NULL-check.patch + 26134-x86-shadow-invlpg-check.patch + 26139-cpumap-masking.patch + 26148-vcpu-timer-overflow.patch (Replaces CVE-2012-4535-xsa20.patch) + 26149-x86-p2m-physmap-error-path.patch (Replaces CVE-2012-4537-xsa22.patch) + 26150-x86-shadow-unhook-toplevel-check.patch (Replaces CVE-2012-4538-xsa23.patch) + 26151-gnttab-compat-get-status-frames.patch (Replaces CVE-2012-4539-xsa24.patch) + 26179-PCI-find-next-cap.patch + 26183-x86-HPET-masking.patch + 26188-x86-time-scale-asm.patch + +------------------------------------------------------------------- +Wed Nov 21 20:57:56 CET 2012 - ohering@suse.de + +- remove obsolete pv-driver-build.patch to fix build + +------------------------------------------------------------------- +Sat Nov 17 10:51:05 UTC 2012 - aj@suse.de + +- Fix build with glibc 2.17: add patch xen-glibc217.patch, fix + configure for librt. + +------------------------------------------------------------------- +Tue Nov 13 16:35:55 MST 2012 - jfehlig@suse.com + +- bnc#777628 - guest "disappears" after live migration + Updated block-dmmd script + +------------------------------------------------------------------- +Fri Nov 9 10:29:51 MST 2012 - carnold@novell.com + +- Fix exception in balloon.py and osdep.py + xen-max-free-mem.diff + +------------------------------------------------------------------- +Tue Nov 6 17:41:34 MDT 2012 - carnold@novell.com + +- fate#311966: Fix XEN VNC implementation to correctly map keyboard + layouts + VNC-Support-for-ExtendedKeyEvent-client-message.patch + +------------------------------------------------------------------- +Tue Oct 30 15:28:27 CET 2012 - ohering@suse.de + +- fate#310510 - fix xenpaging + restore changes to integrate paging into xm/xend + xenpaging.autostart.patch + xenpaging.doc.patch + +------------------------------------------------------------------- +Mon Oct 29 10:46:50 MDT 2012 - carnold@novell.com + +- bnc#787163 - VUL-0: CVE-2012-4544: xen: Domain builder Out-of- + memory due to malicious kernel/ramdisk (XSA 25) + CVE-2012-4544-xsa25.patch +- bnc#779212 - VUL-0: CVE-2012-4411: XEN / qemu: guest + administrator can access qemu monitor console (XSA-19) + CVE-2012-4411-xsa19.patch + +------------------------------------------------------------------- +Thu Oct 25 07:02:45 MDT 2012 - carnold@novell.com + +- bnc#786516 - VUL-0: CVE-2012-4535: xen: Timer overflow DoS + vulnerability + CVE-2012-4535-xsa20.patch +- bnc#786518 - VUL-0: CVE-2012-4536: xen: pirq range check DoS + vulnerability + CVE-2012-4536-xsa21.patch +- bnc#786517 - VUL-0: CVE-2012-4537: xen: Memory mapping failure + DoS vulnerability + CVE-2012-4537-xsa22.patch +- bnc#786519 - VUL-0: CVE-2012-4538: xen: Unhooking empty PAE + entries DoS vulnerability + CVE-2012-4538-xsa23.patch +- bnc#786520 - VUL-0: CVE-2012-4539: xen: Grant table hypercall + infinite loop DoS vulnerability + CVE-2012-4539-xsa24.patch +- bnc#784087 - L3: Xen BUG at io_apic.c:129 + 26102-x86-IOAPIC-legacy-not-first.patch + +------------------------------------------------------------------- +Wed Oct 24 06:15:58 MDT 2012 - carnold@novell.com + +- Upstream patches from Jan + 25920-x86-APICV-enable.patch + 25921-x86-APICV-delivery.patch + 25922-x86-APICV-x2APIC.patch + 25957-x86-TSC-adjust-HVM.patch + 25958-x86-TSC-adjust-sr.patch + 25959-x86-TSC-adjust-expose.patch + 25975-x86-IvyBridge.patch + 25984-SVM-nested-paging-mode.patch + 26054-x86-AMD-perf-ctr-init.patch + 26055-x86-oprof-hvm-mode.patch + 26056-page-alloc-flush-filter.patch + 26061-x86-oprof-counter-range.patch + 26062-ACPI-ERST-move-data.patch + 26063-x86-HPET-affinity-lock.patch + 26095-SVM-nested-leak.patch + 26096-SVM-nested-vmexit-emul.patch + 26098-perfc-build.patch + +------------------------------------------------------------------- +Mon Oct 22 21:21:28 CEST 2012 - ohering@suse.de + +- handle possible asprintf failures in log-guest-console.patch + +------------------------------------------------------------------- +Mon Oct 22 20:19:09 CEST 2012 - ohering@suse.de + +- bnc#694863 - kexec fails in xen + 26093-hvm_handle_PoD_and_grant_pages_in_HVMOP_get_mem_type.patch + +------------------------------------------------------------------- +Thu Oct 18 16:25:53 MDT 2012 - carnold@novell.com + +- fate#312709: Pygrub needs to know which entry to select + 26114-pygrub-list-entries.patch + +------------------------------------------------------------------- +Thu Oct 18 11:13:32 CEST 2012 - ohering@suse.de + +- merge changes fron xen-unstable, obsolete our changes + 26077-stubdom_fix_compile_errors_in_grub.patch + 26078-hotplug-Linux_remove_hotplug_support_rely_on_udev_instead.patch + 26079-hotplug-Linux_close_lockfd_after_lock_attempt.patch + 26081-stubdom_fix_rpmlint_warning_spurious-executable-perm.patch + 26082-blktap2-libvhd_fix_rpmlint_warning_spurious-executable-perm.patch + 26083-blktap_fix_rpmlint_warning_spurious-executable-perm.patch + 26084-hotplug_install_hotplugpath.sh_as_data_file.patch + 26085-stubdom_install_stubdompath.sh_as_data_file.patch + 26086-hotplug-Linux_correct_sysconfig_tag_in_xendomains.patch + 26087-hotplug-Linux_install_sysconfig_files_as_data_files.patch + 26088-tools_xend_fix_wrong_condition_check_for_xml_file.patch + +------------------------------------------------------------------- +Tue Oct 16 15:38:34 MDT 2012 - carnold@novell.com + +- fate#311966: Fix XEN VNC implementation to correctly map keyboard + layouts + VNC-Support-for-ExtendedKeyEvent-client-message.patch + +------------------------------------------------------------------- +Mon Oct 15 17:45:52 CEST 2012 - ohering@suse.de + +- workaround bash bug in locking.sh:claim_lock, close fd + +------------------------------------------------------------------- +Sat Oct 13 15:25:08 CEST 2012 - ohering@suse.de + +- fix incorrect self-provides/obsoletes of xen-tools-ioemu + +------------------------------------------------------------------- +Tue Oct 9 06:19:55 MDT 2012 - carnold@novell.com + +- bnc#783847 - Virtualization/xen: Bug Xen 4.2 'xendomins' init + script incorrectly Requires 'xend' service when using 'xl' + toolstack + init.xendomains + +------------------------------------------------------------------- +Mon Oct 8 07:53:24 MDT 2012 - carnold@novell.com + +- bnc#782835 - Xen HVM Guest fails (errors) to launch on Opensuse + 12.2 + Xen 4.2 + 'xl' toolstack + xen-pygrub-grub-args.patch + +------------------------------------------------------------------- +Mon Oct 8 14:21:59 CEST 2012 - ohering@suse.de + +- backport parallel build support for stubdom +- rename 5 patches which were merged upstream + +------------------------------------------------------------------- +Fri Oct 5 21:58:46 CEST 2012 - ohering@suse.de + +- remove more obsolete changes: + CFLAGS passing to qemu-traditional, PYTHON_PREFIX_ARG handling + and pygrub installation + +------------------------------------------------------------------- +Fri Oct 5 20:39:23 CEST 2012 - ohering@suse.de + +- update blktap-pv-cdrom.patch + handle allocation errors in asprintf to fix compile errors + handle value returned from xs_read properly + remove casts from void pointers + +------------------------------------------------------------------- +Fri Oct 5 20:06:09 CEST 2012 - ohering@suse.de + +- update xenalyze to revision 138 + Fix dump time calculation overflow + move struct record_info into a header + correctly display of count of HW events + update trace.h to match xen-unstable + Remove vestigal HW_IRQ trace records + Remove decode of PV_UPDATE_VA_MAPPING + automatically generate dependencies + Get rid of redundant hvm dump_header + Introduce more efficient read mechanism + Eliminate unnecessary cycles_to_time calculation + Rework math to remove two 64-bit divisions + Enable -O2 optimization level + Remove --dump-cooked + Remove spurious dump_header construction + Improve record-sorting algorithm + Use long to cast into and out of pointers + Make max_active_pcpu calculation smarter + Optimize pcpu_string + Enable more cr3 output + Sort cr3 enumerated values by start time + Add option to skip vga range in MMIO enumeration + Handle MMIO records from different vmexits + Relocate pio and mmio enumaration structs to their own sub-struct + Handle new hvm_event traces + Introduce generic summary functionality + Function-ize setting of h->post_process + Reorganize cr trace handling + Allow several summary handlers to register on a single vmexit + Get rid of all tabs in xenalyze.c + Handle new IRQ tracing + Decrease verbosity + Print exit reason number if no string is available + Fix minor summary issue + Add string for TPR_BELOW_THRESHOLD + Raise MAX_CPUS to 256 cpus. + Add --report-pcpu option to report physical cpu utilization. + increase MAX_CPUS + Handle RUNSTATE_INIT in domain_runstate calculation + +------------------------------------------------------------------- +Fri Oct 5 19:58:57 CEST 2012 - ohering@suse.de + +- update RPM_OPT_FLAGS handling in spec file + pass EXTRA_CFLAGS via environment + +------------------------------------------------------------------- +Fri Oct 5 19:53:38 CEST 2012 - ohering@suse.de + +- remove obsolete xencommons-proc-xen.patch + +------------------------------------------------------------------- +Mon Oct 1 10:09:24 MDT 2012 - carnold@novell.com + +- Upstream patches from Jan + 25927-x86-domctl-ioport-mapping-range.patch + 25929-tmem-restore-pool-version.patch + 25931-x86-domctl-iomem-mapping-checks.patch + 25940-x86-S3-flush-cache.patch + 25952-x86-MMIO-remap-permissions.patch + 25961-x86-HPET-interrupts.patch + 25962-x86-assign-irq-vector-old.patch + 25965-x86-ucode-Intel-resume.patch + +------------------------------------------------------------------- +Tue Sep 25 14:24:29 CEST 2012 - ohering@suse.de + +- pygrub: always append --args + 25941-pygrub_always_append_--args.patch + +------------------------------------------------------------------- +Mon Sep 24 16:41:58 CEST 2012 - ohering@suse.de + +- use BuildRequires: gcc46 only in sles11sp2 or 12.1 to fix build + in 11.4 + +------------------------------------------------------------------- +Wed Sep 19 09:43:42 MDT 2012 - carnold@novell.com + +- Upstream patches from Jan + 25833-32on64-bogus-pt_base-adjust.patch + 25835-adjust-rcu-lock-domain.patch + 25836-VT-d-S3-MSI-resume.patch + 25850-tmem-xsa-15-1.patch + 25851-tmem-xsa-15-2.patch + 25852-tmem-xsa-15-3.patch + 25853-tmem-xsa-15-4.patch + 25854-tmem-xsa-15-5.patch + 25855-tmem-xsa-15-6.patch + 25856-tmem-xsa-15-7.patch + 25857-tmem-xsa-15-8.patch + 25858-tmem-xsa-15-9.patch + 25859-tmem-missing-break.patch + 25860-tmem-cleanup.patch + 25861-x86-early-fixmap.patch + 25862-sercon-non-com.patch + 25863-sercon-ehci-dbgp.patch + 25864-sercon-unused.patch + 25866-sercon-ns16550-pci-irq.patch + 25867-sercon-ns16550-parse.patch + 25874-x86-EFI-chain-cfg.patch + 25909-xenpm-consistent.patch + +------------------------------------------------------------------- +Tue Sep 18 16:16:04 MDT 2012 - carnold@novell.com + +- Fixed the 32bit build. + +------------------------------------------------------------------- +Mon Sep 17 09:02:37 MDT 2012 - carnold@novell.com + +- Update to Xen 4.2.0 FCS c/s 25844 + +------------------------------------------------------------------- +Fri Sep 7 19:23:15 CEST 2012 - ohering@suse.de + +- unmodified_drivers: handle IRQF_SAMPLE_RANDOM, it was removed + in 3.6-rc1 + +------------------------------------------------------------------- +Wed Sep 5 11:36:24 MDT 2012 - jfehlig@suse.com + +- bnc#778105 - first XEN-PV VM fails to spawn + xend: Increase wait time for disk to appear in host bootloader + Modified existing xen-domUloader.diff + +------------------------------------------------------------------- +Thu Aug 30 14:08:45 MDT 2012 - carnold@novell.com + +- Disable the snapshot patches. Snapshot only supported the qcow2 + image format which was poorly implemented qemu 0.10.2. Snapshot + support may be restored in the future when the newer upstream + qemu is used by Xen. + +------------------------------------------------------------------- +Tue Aug 28 16:31:18 CEST 2012 - ohering@suse.de + +- bnc#776995 - attaching scsi control luns with pvscsi + - xend/pvscsi: fix passing of SCSI control LUNs + xen-bug776995-pvscsi-no-devname.patch + - xend/pvscsi: fix usage of persistant device names for SCSI devices + xen-bug776995-pvscsi-persistent-names.patch + - xend/pvscsi: update sysfs parser for Linux 3.0 + xen-bug776995-pvscsi-sysfs-parser.patch + +------------------------------------------------------------------- +Thu Aug 23 15:47:24 MDT 2012 - carnold@novell.com + +- Update to Xen 4.2.0 RC3+ c/s 25779 + +------------------------------------------------------------------- +Tue Aug 21 13:54:45 MDT 2012 - carnold@novell.com + +- Update to Xen 4.2.0 RC2+ c/s 25765 + +------------------------------------------------------------------- +Mon Aug 20 18:32:15 CEST 2012 - ohering@suse.de + +-bnc#766284 - compiled-in ata_piix driver issues with PVonHVM guests + Update xen_pvdrivers.conf to match not only libata but also ata_piix + This avoids IO errors in the piix driver caused by unplugged hardware + +------------------------------------------------------------------- +Fri Aug 10 10:07:27 MDT 2012 - carnold@novell.com + +- Update to Xen 4.1.3 c/s 23336 + +------------------------------------------------------------------- +Mon Jul 30 09:39:35 MDT 2012 - carnold@novell.com + +- Upstream or pending upstream patches from Jan + 25587-fix-off-by-one-parsing-error.patch + 25616-x86-MCi_CTL-default.patch + 25617-vtd-qinval-addr.patch + 25688-x86-nr_irqs_gsi.patch + +------------------------------------------------------------------- +Sun Jul 29 11:19:53 UTC 2012 - aj@suse.de + +- Build all files with optimization (fortify source does not work + with -O0). + +------------------------------------------------------------------- +Fri Jul 27 09:29:37 MDT 2012 - carnold@novell.com + +- bnc#773393 - VUL-0: CVE-2012-3433: xen: HVM guest destroy p2m + teardown host DoS vulnerability + CVE-2012-3433-xsa11.patch +- bnc#773401 - VUL-1: CVE-2012-3432: xen: HVM guest user mode MMIO + emulation DoS + 25682-x86-inconsistent-io-state.patch + +------------------------------------------------------------------- +Wed Jul 18 10:22:33 MDT 2012 - carnold@novell.com + +- bnc#762484 - VUL-1: CVE-2012-2625: xen: pv bootloader doesn't + check the size of the bzip2 or lzma compressed kernel, leading to + denial of service + 25589-pygrub-size-limits.patch + +------------------------------------------------------------------- +Tue Jul 10 10:16:42 UTC 2012 - werner@suse.de + +- Make it build with latest TeXLive 2012 with new package layout + +------------------------------------------------------------------- +Fri Jun 15 08:45:50 MDT 2012 - carnold@novell.com + +- bnc#767273 - unsupported /var/lock/subsys is still used by xendomains + init.xendomains + +------------------------------------------------------------------- +Tue Jun 12 14:37:00 MDT 2012 - carnold@novell.com + +- bnc#766283 - opensuse 12.2 pv guests can not start after + installation due to lack of grub2 support in the host + 24000-pygrub-grub2.patch + 24001-pygrub-grub2.patch + 24002-pygrub-grub2.patch + +------------------------------------------------------------------- +Mon Jun 11 10:32:42 MDT 2012 - carnold@novell.com + +- Upstream pygrub patches for grub2 support and fixes + 23686-pygrub-solaris.patch + 23697-pygrub-grub2.patch + 23944-pygrub-debug.patch + 23998-pygrub-GPT.patch + 23999-pygrub-grub2.patch + 24064-pygrub-HybridISO.patch + 24401-pygrub-scrolling.patch + 24402-pygrub-edit-fix.patch + 24460-pygrub-extlinux.patch + 24706-pygrub-extlinux.patch + +------------------------------------------------------------------- +Wed Jun 6 08:14:38 MDT 2012 - carnold@novell.com + +- Revised version of security patch and an additional patch for + bnc#764077 + x86_64-AMD-erratum-121.patch + x86_64-allow-unsafe-adjust.patch + +------------------------------------------------------------------- +Wed Jun 6 10:21:03 CEST 2012 - ohering@suse.de + +- remove dummy asm/smp-processor-id.h + +------------------------------------------------------------------- +Tue May 29 11:59:28 CEST 2012 - jsmeix@suse.de + +- removed dummy xenapi.tex which was added because of bnc#750679 + (see the below entry dated "Mon Apr 2 13:07:20 CEST 2012") + because "ps2pdf xenapi.ps xenapi.pdf" failed only for + Ghostscript version 9.04 (now we have Ghostscript 9.05). + +------------------------------------------------------------------- +Mon May 25 08:02:13 MDT 2012 - carnold@novell.com + +- bnc#764077 - VUL-0: EMBARGOED: xen: XSA-9: denial of service on + older AMD systems + x86_64-AMD-erratum-121.patch +- Revised version of security patch for bnc#757537 + x86_64-sysret-canonical.patch + +------------------------------------------------------------------- +Tue May 15 06:45:59 MDT 2012 - carnold@novell.com + +- Upstream patches from Jan + 25242-x86_64-hotplug-compat-m2p.patch + 25247-SVM-no-rdtsc-intercept.patch + 25267-x86-text-unlikely.patch + 25269-x86-vMCE-addr-misc-write.patch + 25271-x86_64-IST-index.patch + 25327-pvdrv-no-asm-system-h.patch + +------------------------------------------------------------------- +Mon May 14 08:32:45 CEST 2012 - ohering@suse.de + +- add dummy asm/smp-processor-id.h for kernel-source 3.4-rcX + +------------------------------------------------------------------- +Mon May 14 07:43:33 CEST 2012 - ohering@suse.de + +- remove inclusion of asm/system.h from platform-pci.c + +------------------------------------------------------------------- +Tue Apr 24 08:22:16 MDT 2012 - carnold@novell.com + +- Upstream patches from Jan + 25168-x86-memset-size.patch + 25191-x86-tdt-delta-calculation.patch + 25195-x86-cpuidle-C2-no-flush-or-bm-check.patch + 25196-x86-HAP-PAT-sr.patch + 25200-x86_64-trap-bounce-flags.patch + +------------------------------------------------------------------- +Thu Apr 19 07:33:00 MDT 2012 - carnold@novell.com + +- bnc#757537 - VUL-0: xen: CVE-2012-0217 PV guest escalation + x86_64-sysret-canonical.patch +- bnc#757970 - VUL-1: xen: guest denial of service on syscall GPF + generation + x86_64-trap-bounce-flags.patch + +------------------------------------------------------------------- +Tue Apr 3 08:33:36 MDT 2012 - carnold@novell.com + +- Upstream patches from Jan + 25098-x86-emul-lock-UD.patch + 25101-x86-hpet-disable.patch + ioemu-9877-MSI-X-device-cleanup.patch + +------------------------------------------------------------------- +Mon Apr 2 13:07:20 CEST 2012 - ohering@suse.de + +- bnc#750679 - "ps2pdf xenapi.ps xenapi.pdf" fails for user abuild in Factory + add dummy xenapi.tex until ghostscript is fixed + +------------------------------------------------------------------- +Wed Mar 28 11:29:50 CEST 2012 - ohering@suse.de + +- remove vcd.o rule from PVonHVM Makefile, not needed anymore + +------------------------------------------------------------------- +Tue Mar 20 14:14:09 MDT 2012 - carnold@novell.com + +- bnc#753165 - xen/scripts/network-bridge wont create bridge + bridge-bonding.diff + +------------------------------------------------------------------- +Mon Mar 19 11:23:09 MDT 2012 - carnold@novell.com + +- Upstream patches from Jan + 24950-gnttab-copy-mapped.patch + 24970-x86-cpuidle-deny-port-access.patch + 24996-x86-cpuidle-array-overrun.patch + 25041-tapdisk2-create-init-name.patch + +------------------------------------------------------------------- +Wed Mar 14 12:53:53 CET 2012 - ohering@suse.de + +- use BuildRequires: gcc46 only in sles11sp2 to avoid issues + when gcc47 and newer is the distro default + +------------------------------------------------------------------- +Mon Feb 27 16:05:19 MST 2012 - jfehlig@suse.com + +- bnc#745880 - cpuid setting is not preserved across xend restarts + xend-cpuid.patch + +------------------------------------------------------------------- +Mon Feb 27 15:40:02 MST 2012 - jfehlig@suse.com + +- Rename 2XXXX-vif-bridge.patch -> vif-bridge-tap-fix.patch + +------------------------------------------------------------------- +Mon Feb 27 08:16:43 MST 2012 - carnold@novell.com + +- bnc#747331 - XEN: standard "newburn" kernel QA stress test on guest + (+ smartd on Dom0?) freezes the guest + 24883-x86-guest-walk-not-present.patch +- bnc#745367 - MCE bank handling during migration + 24781-x86-vmce-mcg_ctl.patch + 24886-x86-vmce-mcg_ctl-default.patch + 24887-x86-vmce-sr.patch +- bnc#744771 - L3: VM with passed through PCI card fails to reboot + under dom0 load + 24888-pci-release-devices.patch +- Upstream patches from Jan + 24517-VT-d-fault-softirq.patch + 24527-AMD-Vi-fault-softirq.patch + 24535-x86-vMSI-misc.patch + 24615-VESA-lfb-flush.patch + 24690-x86-PCI-SERR-no-deadlock.patch + 24701-gnttab-map-grant-ref-recovery.patch + 24742-gnttab-misc.patch + 24780-x86-paging-use-clear_guest.patch + 24805-x86-MSI-X-dom0-ro.patch + ioemu-9869-MSI-X-init.patch + ioemu-9873-MSI-X-fix-unregister_iomem.patch + +------------------------------------------------------------------- +Sat Feb 25 21:55:42 CET 2012 - ohering@suse.de + +- add BuildRequires: libuuid-devel + +------------------------------------------------------------------- +Tue Feb 14 09:23:35 MST 2012 - carnold@novell.com + +- bnc#746702 - Xen HVM DomU crash during Windows Server 2008 R2 + install, when maxmem > memory + README.SuSE + +------------------------------------------------------------------- +Wed Feb 8 10:16:59 MST 2012 - jfehlig@suse.com + +- bnc#745005 - Update vif configuration examples in xmexample* + Updated xen-xmexample.diff + +------------------------------------------------------------------- +Thu Feb 2 17:11:28 MST 2012 - jfehlig@suse.com + +- bnc#743414 - using vifname is ignored when defining a xen virtual + interface with xl/libxl + 24459-libxl-vifname.patch + +------------------------------------------------------------------- +Thu Feb 2 09:21:01 MST 2012 - carnold@novell.com + +- bnc#740165 - VUL-0: kvm: qemu heap overflow in e1000 device + emulation (applicable to Xen qemu - CVE-2012-0029) + cve-2012-0029-qemu-xen-unstable.patch + +------------------------------------------------------------------- +Wed Feb 1 08:26:58 MST 2012 - carnold@novell.com + +- bnc#744014 - blank screen in SLES11 SP2 guest with a VF statically + assigned + ioemu-MSI-X-fix-unregister_iomem.patch +- Upstream patches from Jan + 24453-x86-vIRQ-IRR-TMR-race.patch + 24456-x86-emul-lea.patch + +------------------------------------------------------------------- +Thu Jan 26 15:18:54 CET 2012 - ohering@suse.de + +- fate#310510 - fix xenpaging + 24586-x86-mm_Properly_account_for_paged_out_pages.patch + 24609-tools-libxc_handle_fallback_in_linux_privcmd_map_foreign_bulk_properly.patch + 24610-xenpaging_make_file_op_largefile_aware.patch + xen-unstable.misc.linux_privcmd_map_foreign_bulk.retry_paged.patch + xenpaging.speedup-page-out.resume_pages.find_next_bit_set.patch + xenpaging.speedup-page-out.evict_pages.free_slot_stack.patch + xenpaging.speedup-page-out.policy_choose_victim.patch + update xenpaging.error-handling.patch, flush qemu cache not so often + +------------------------------------------------------------------- +Thu Jan 26 13:24:22 CET 2012 - ohering@suse.de + +- fate#310510 - fix xenpaging + 24566-tools-libxc_fix_error_handling_in_xc_mem_paging_load.patch + +------------------------------------------------------------------- +Tue Jan 24 15:43:27 CET 2012 - ohering@suse.de + +- fate#310510 - fix xenpaging + 24466-libxc_Only_retry_mapping_pages_when_ENOENT_is_returned.patch + +------------------------------------------------------------------- +Mon Jan 23 13:41:42 MST 2012 - carnold@novell.com + +- The xen kmp packages fail on the 09-check-packaged-twice script. + Rename xen_pvdrivers.conf to xen_pvdrivers-<kernel flavor>.conf + +------------------------------------------------------------------- +Fri Jan 20 21:28:42 CET 2012 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.speedup-page-in.gfn_to_slot.patch + +------------------------------------------------------------------- +Wed Jan 18 09:42:54 MST 2012 - carnold@novell.com + +- bnc#739585 - L3: Xen block-attach fails after repeated attach/detach + blktap-close-fifos.patch + blktap-disable-debug-printf.patch + +------------------------------------------------------------------- +Fri Jan 13 10:37:53 MST 2012 - jfehlig@suse.com + +- bnc#741159 - Fix default setting of XENSTORED_ROOTDIR in + xencommons init script + xencommons-xenstored-root.patch + +------------------------------------------------------------------- +Thu Jan 12 06:49:57 MST 2012 - carnold@novell.com + +- bnc#740625 - xen: cannot interact with xend after upgrade (SLES) +- bnc#738694 - xen: cannot interact with xend after upgrade (os12.1) +- Other README changes included. + README.SuSE + +------------------------------------------------------------------- +Tue Jan 10 17:30:20 CET 2012 - ohering@suse.de + +- bnc#694863 - kexec fails in xen + 24478-libxl_add_feature_flag_to_xenstore_for_XS_RESET_WATCHES.patch + +------------------------------------------------------------------- +Mon Jan 9 16:10:19 CET 2012 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.speedup-page-out.patch + +------------------------------------------------------------------- +Tue Jan 3 08:26:42 MST 2012 - carnold@novell.com + +- bnc#735806 - VF doesn't work after hot-plug for many times + 24448-x86-pt-irq-leak.patch +- Upstream patches from Jan + 24261-x86-cpuidle-Westmere-EX.patch + 24417-amd-erratum-573.patch + 24429-mceinj-tool.patch + 24447-x86-TXT-INIT-SIPI-delay.patch + ioemu-9868-MSI-X.patch + +------------------------------------------------------------------- +Mon Jan 2 10:05:57 CET 2012 - ohering@suse.de + +- bnc#732884 - remove private runlevel 4 from init scripts + xen.no-default-runlevel-4.patch + +------------------------------------------------------------------- +Mon Dec 19 15:22:13 MST 2011 - carnold@novell.com + +- bnc#727515 - Fragmented packets hang network boot of HVM guest + ipxe-gcc45-warnings.patch + ipxe-ipv4-fragment.patch + ipxe-enable-nics.patch + +------------------------------------------------------------------- +Mon Dec 19 12:43:11 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + update xenpaging.autostart.patch, make changes with mem-swap-target + permanent + update xenpaging.doc.patch, mention issues with live migration + +------------------------------------------------------------------- +Thu Dec 15 17:53:51 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + add xenpaging.evict_mmap_readonly.patch + update xenpaging.error-handling.patch, reduce debug output + +------------------------------------------------------------------- +Thu Dec 15 08:35:27 MST 2011 - carnold@novell.com + +- bnc#736824 - Microcode patches for AMD's 15h processors panic the + system + 24189-x86-p2m-pod-locking.patch + 24412-x86-AMD-errata-model-shift.patch + 24411-x86-ucode-AMD-Fam15.patch + +------------------------------------------------------------------- +Wed Dec 14 10:08:24 MST 2011 - carnold@novell.com + +- bnc#711219 - SR-IOV VF doesn't work in SLES11 sp2 guest + 24357-firmware-no-_PS0-_PS3.patch +- Upstream patches from Jan + 24153-x86-emul-feature-checks.patch + 24275-x86-emul-lzcnt.patch + 24277-x86-dom0-features.patch + 24278-x86-dom0-no-PCID.patch + 24282-x86-log-dirty-bitmap-leak.patch + 24359-x86-domU-features.patch + 24360-x86-pv-domU-no-PCID.patch + 24389-amd-fam10-gart-tlb-walk-err.patch + 24391-x86-pcpu-version.patch + +------------------------------------------------------------------- +Thu Dec 8 14:19:49 CET 2011 - ohering@suse.de + +- bnc#729208 - xenpaging=-1 doesn't work + xenpaging.doc.patch + +------------------------------------------------------------------- +Thu Dec 8 08:41:36 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + readd xenpaging.qemu.flush-cache.patch + +------------------------------------------------------------------- +Wed Dec 7 11:01:43 MST 2011 - jfehlig@suse.com + +- bnc#732782 - L3: xm create hangs when maxmen value is enclosed + in "quotes" + xm-create-maxmem.patch + +------------------------------------------------------------------- +Wed Dec 7 10:44:06 MST 2011 - carnold@novell.com + +- Upstream patches / changes from Jan + Added 24358-kexec-compat-overflow.patch + Removed 24341-x86-64-mmcfg_remove___initdata_annotation_overlooked_in_23749e8d1c8f074ba.patch + Removed 24345-tools-libxc_Fix_x86_32_build_breakage_in_previous_changeset..patch + +------------------------------------------------------------------- +Wed Dec 7 16:42:44 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + 24178-debug_Add_domain-vcpu_pause_count_info_to_d_key..patch + Use wait queues for paging, improve foreign mappings. + xenpaging.versioned-interface.patch + xenpaging.mmap-before-nominate.patch + xenpaging.p2m_is_paged.patch + xenpaging.evict_fail_fast_forward.patch + xenpaging.error-handling.patch + xenpaging.mem_event-use-wait_queue.patch + xenpaging.waitqueue-paging.patch + Remove obsolete patch, not needed with wait queue usage + xenpaging.HVMCOPY_gfn_paged_out.patch + +------------------------------------------------------------------- +Wed Dec 7 16:23:49 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + Fix incorrect backport, remove double memset, use xzalloc + 24171-x86waitqueue_Allocate_whole_page_for_shadow_stack..patch + +------------------------------------------------------------------- +Wed Dec 7 12:08:31 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + fix typo in nominate, use lock instead of double unlock + 23905-xenpaging_fix_locking_in_p2m_mem_paging_functions.patch + +------------------------------------------------------------------- +Wed Dec 7 11:07:23 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + 24327-After_preparing_a_page_for_page-in_allow_immediate_fill-in_of_the_page_contents.patch + 24328-Tools_Libxc_wrappers_to_automatically_fill_in_page_oud_page_contents_on_prepare.patch + 24329-Teach_xenpaging_to_use_the_new_and_non-racy_xc_mem_paging_load_interface.patch + +------------------------------------------------------------------- +Tue Dec 6 11:14:51 MST 2011 - jfehlig@suse.com + +- bnc#734826 - xm rename doesn't work anymore + Updated xend-migration-domname-fix.patch + +------------------------------------------------------------------- +Fri Dec 2 20:35:29 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + 24269-mem_event_move_mem_event_domain_out_of_struct_domain.patch + 24270-Free_d-mem_event_on_domain_destruction..patch + +------------------------------------------------------------------- +Fri Dec 2 20:25:24 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + 24318-x86-mm_Fix_checks_during_foreign_mapping_of_paged_pages.patch + +------------------------------------------------------------------- +Fri Dec 2 20:21:48 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + 23949-constify_vcpu_set_affinitys_second_parameter.patch + +------------------------------------------------------------------- +Fri Dec 2 19:36:33 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + 24105-xenpaging_compare_domain_pointer_in_p2m_mem_paging_populate.patch + 24106-mem_event_check_capabilities_only_once.patch + +------------------------------------------------------------------- +Fri Dec 2 19:02:05 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + 24272-xenpaging_Fix_c-s_235070a29c8c3ddf7_update_machine_to_phys_mapping_during_page_deallocation.patch + +------------------------------------------------------------------- +Fri Dec 2 18:46:14 CET 2011 - ohering@suse.de + +- bnc#727081 - xend domains don't work anymore since update from 12.1 beta to 12.1 RC 1 + 24344-tools-x86_64_Fix_cpuid_inline_asm_to_not_clobber_stacks_red_zone.patch + 24345-tools-libxc_Fix_x86_32_build_breakage_in_previous_changeset..patch + +------------------------------------------------------------------- +Fri Dec 2 18:42:16 CET 2011 - ohering@suse.de + +- bnc#733449 - Panic in mcfg_ioremap when booting xen-dbg.gz on Xeon E3-1230 + 24341-x86-64-mmcfg_remove___initdata_annotation_overlooked_in_23749e8d1c8f074ba.patch + +------------------------------------------------------------------- +Fri Dec 2 18:21:46 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + backport waitqueue changes from xen-unstable + 24104-waitqueue_Double_size_of_x86_shadow_stack..patch + 24171-x86waitqueue_Allocate_whole_page_for_shadow_stack..patch + 24195-waitqueue_Detect_saved-stack_overflow_and_crash_the_guest..patch + 24196-waitqueue_Reorder_prepare_to_wait_so_that_vcpu_is_definitely_on_the.patch + 24197-x86-waitqueue_Because_we_have_per-cpu_stacks_we_must_wake_up_on_teh.patch + 24231-waitqueue_Implement_wake_up_nroneall..patch + 24232-waitqueue_Hold_a_reference_to_a_domain_on_a_waitqueue..patch + +------------------------------------------------------------------- +Fri Dec 2 17:32:34 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + 24227-xenpaging_restrict_pagefile_permissions.patch + +------------------------------------------------------------------- +Fri Dec 2 17:29:35 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + merge upstream version of our existing patches: + 24218-libxc_add_bitmap_clear_function.patch + remove old versions: + xenpaging.bitmap_clear.patch + +------------------------------------------------------------------- +Fri Dec 2 17:04:56 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + merge upstream version of our existing patches: + 24138-xenpaging_munmap_all_pages_after_page-in.patch + 24208-xenpaging_remove_filename_from_comment.patch + 24209-xenpaging_remove_obsolete_comment_in_resume_path.patch + 24210-xenpaging_use_PERROR_to_print_errno.patch + 24211-xenpaging_simplify_file_op.patch + 24212-xenpaging_print_gfn_in_failure_case.patch + 24213-xenpaging_update_xenpaging_init.patch + 24214-xenpaging_remove_xc_dominfo_t_from_paging_t.patch + 24215-xenpaging_track_the_number_of_paged-out_pages.patch + 24216-xenpaging_move_page_add-resume_loops_into_its_own_function..patch + 24217-xenpaging_improve_mainloop_exit_handling.patch + 24219-xenpaging_retry_unpageable_gfns.patch + 24220-xenpaging_install_into_LIBEXEC_dir.patch + 24221-xenpaging_add_XEN_PAGING_DIR_-_libxl_xenpaging_dir_path.patch + 24222-xenpaging_use_guests_tot_pages_as_working_target.patch + 24223-xenpaging_watch_the_guests_memory-target-tot_pages_xenstore_value.patch + 24224-xenpaging_add_cmdline_interface_for_pager.patch + 24225-xenpaging_improve_policy_mru_list_handling.patch + 24226-xenpaging_add_debug_to_show_received_watch_event..patch + remove old versions: + xenpaging.XEN_PAGING_DIR.patch + xenpaging.add_evict_pages.patch + xenpaging.cmdline-interface.patch + xenpaging.encapsulate_domain_info.patch + xenpaging.file_op-return-code.patch + xenpaging.install-to-libexec.patch + xenpaging.low_target_policy_nomru.patch + xenpaging.main-loop-exit-handling.patch + xenpaging.misleading-comment.patch + xenpaging.page_in-munmap-size.patch + xenpaging.print-gfn.patch + xenpaging.record-numer-paged-out-pages.patch + xenpaging.reset-uncomsumed.patch + xenpaging.stale-comments.patch + xenpaging.target-tot_pages.patch + xenpaging.use-PERROR.patch + xenpaging.watch-target-tot_pages.patch + xenpaging.watch_event-DPRINTF.patch + xenpaging.xc_interface_open-comment.patch + +------------------------------------------------------------------- +Wed Nov 30 10:48:50 MST 2011 - jfehlig@suse.com + +- bnc#733348 - Use 'xm' in various scripts if xend is running. + Modified xmclone.sh and xen-updown.sh +- Only emit xl warning when xend is running and -f (force) flag + is not specified. + Modified disable-xl-when-using-xend.patch + +------------------------------------------------------------------- +Wed Nov 30 09:43:34 MST 2011 - carnold@novell.com + +- Upstream patches from Jan + 24190-hap-log-dirty-disable-rc.patch + 24193-hap-track-dirty-vram-rc.patch + 24201-x86-pcpu-platform-op.patch + +------------------------------------------------------------------- +Tue Nov 22 17:57:07 MST 2011 - carnold@novell.com + +- Upstream patches from Jan + 23900-xzalloc.patch + 24144-cpufreq-turbo-crash.patch + 24148-shadow-pgt-dying-op-performance.patch + 24155-x86-ioapic-EOI-after-migration.patch + 24156-x86-ioapic-shared-vectors.patch + 24157-x86-xstate-init.patch + 24168-x86-vioapic-clear-remote_irr.patch + +------------------------------------------------------------------- +Sun Nov 22 12:45:13 CST 2011 - cyliu@suse.com +- submit fixes for bnc#649209 and bnc#711892 + xl-create-pv-with-qcow2-img.patch + update suspend_evtchn_lock.patch + +------------------------------------------------------------------- +Sun Nov 20 20:45:13 CET 2011 - ohering@suse.de + +- Update trace.c, merge patches from upstream + 23050-xentrace_dynamic_tracebuffer_allocation.patch + 23091-xentrace_fix_t_info_pages_calculation..patch + 23092-xentrace_print_calculated_numbers_in_calculate_tbuf_size.patch + 23093-xentrace_remove_gdprintk_usage_since_they_are_not_in_guest_context.patch + 23094-xentrace_update_comments.patch + 23095-xentrace_use_consistent_printk_prefix.patch + 23128-xentrace_correct_formula_to_calculate_t_info_pages.patch + 23129-xentrace_remove_unneeded_debug_printk.patch + 23173-xentrace_Move_register_cpu_notifier_call_into_boot-time_init..patch + 23239-xentrace_correct_overflow_check_for_number_of_per-cpu_trace_pages.patch + 23308-xentrace_Move_the_global_variable_t_info_first_offset_into_calculate_tbuf_size.patch + 23309-xentrace_Mark_data_size___read_mostly_because_its_only_written_once.patch + 23310-xentrace_Remove_unneeded_cast_when_assigning_pointer_value_to_dst.patch + 23404-xentrace_reduce_trace_buffer_size_to_something_mfn_offset_can_reach.patch + 23405-xentrace_fix_type_of_offset_to_avoid_ouf-of-bounds_access.patch + 23406-xentrace_update___insert_record_to_copy_the_trace_record_to_individual_mfns.patch + 23407-xentrace_allocate_non-contiguous_per-cpu_trace_buffers.patch + 23643-xentrace_Allow_tracing_to_be_enabled_at_boot.patch + 23719-xentrace_update___trace_var_comment.patch + Remove old patches: + xen-unstable.xentrace.dynamic_tbuf.patch + xen-unstable.xentrace.empty_t_info_pages.patch + xen-unstable.xentrace.verbose.patch + xen-unstable.xentrace.no_gdprintk.patch + xen-unstable.xentrace.comments.patch + xen-unstable.xentrace.printk_prefix.patch + xen-unstable.xentrace.remove_debug_printk.patch + xen-unstable.xentrace.t_info_pages-formula.patch + xen-unstable.xentrace.register_cpu_notifier-boot_time.patch + xen-unstable.xentrace.t_info_page-overflow.patch + xen-unstable.xentrace.t_info_first_offset.patch + xen-unstable.xentrace.data_size__read_mostly.patch + xen-unstable.xentrace.__insert_record-dst-type.patch + +------------------------------------------------------------------- +Mon Nov 14 09:41:46 MST 2011 - carnold@novell.com + +- Upstream patches from Jan + 24116-x86-continuation-cancel.patch + 24123-x86-cpuidle-quiesce.patch + 24124-x86-microcode-amd-quiesce.patch + 24137-revert-23666.patch + 24xxx-shadow-pgt-dying-op-performance.patch + +------------------------------------------------------------------- +Thu Nov 10 17:03:18 MST 2011 - carnold@novell.com + +- bnc#722738 - xm cpupool-create errors out + xen-cpupool-xl-config-format.patch + +------------------------------------------------------------------- +Fri Nov 4 15:14:09 MDT 2011 - carnold@novell.com + +- Fix broken build when building docs + 23819-make-docs.patch + +------------------------------------------------------------------- +Fri Nov 4 11:52:22 MDT 2011 - jfehlig@suse.com + +- bnc#720054 - Prevent vif-bridge from adding user-created tap + interfaces to a bridge + 2XXXX-vif-bridge.patch + +------------------------------------------------------------------- +Fri Nov 4 10:11:04 MDT 2011 - carnold@novell.com + +- bnc#713503 - DOM0 filesystem commit + 23752-x86-shared-IRQ-vector-maps.patch + 23754-AMD-perdev-vector-map.patch + +------------------------------------------------------------------- +Thu Nov 3 23:50:31 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + This change reverses the task of xenpaging. Before this change a + fixed number of pages was paged out. With this change the guest + will not have access to more than the given number of pages at + the same time. + The xenpaging= config option is replaced by actmem= + A new xm mem-swap-target is added. + The xenpaging binary is moved to /usr/lib/xen/bin/ + xenpaging.HVMCOPY_gfn_paged_out.patch + xenpaging.XEN_PAGING_DIR.patch + xenpaging.add_evict_pages.patch + xenpaging.bitmap_clear.patch + xenpaging.cmdline-interface.patch + xenpaging.encapsulate_domain_info.patch + xenpaging.file_op-return-code.patch + xenpaging.guest-memusage.patch + xenpaging.install-to-libexec.patch + xenpaging.low_target_policy_nomru.patch + xenpaging.main-loop-exit-handling.patch + xenpaging.misleading-comment.patch + xenpaging.page_in-munmap-size.patch + xenpaging.print-gfn.patch + xenpaging.record-numer-paged-out-pages.patch + xenpaging.reset-uncomsumed.patch + xenpaging.stale-comments.patch + xenpaging.target-tot_pages.patch + xenpaging.use-PERROR.patch + xenpaging.watch-target-tot_pages.patch + xenpaging.watch_event-DPRINTF.patch + xenpaging.xc_interface_open-comment.patch + +------------------------------------------------------------------- +Thu Nov 3 23:32:12 CET 2011 - ohering@suse.de + +- xen.spec: update filelist + package /usr/lib*/xen with wildcard to pickup new files + remove duplicate /usr/sbin/xen-list from filelist + +------------------------------------------------------------------- +Wed Oct 26 10:13:04 MDT 2011 - carnold@novell.com + +- bnc#725169 - xen-4.0.2_21511_03-0.5.3: bootup hangs + 23993-x86-microcode-amd-fix-23871.patch + +------------------------------------------------------------------- +Wed Oct 26 09:48:14 MDT 2011 - carnold@novell.com + +- Update to Xen 4.1.2 FCS c/s 23174 + +------------------------------------------------------------------- +Mon Oct 24 09:26:24 MDT 2011 - jfehlig@suse.com + +- bnc#720054 - Fix syntax error introduced during recent adjustment + of Xen's tap udev rule. + Updated udev-rules.patch + +------------------------------------------------------------------- +Thu Oct 20 21:39:08 CEST 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + Merge paging related fixes from xen-unstable: + 23506-x86_Disable_set_gpfn_from_mfn_until_m2p_table_is_allocated..patch + 23507-xenpaging_update_machine_to_phys_mapping_during_page_deallocation.patch + 23509-x86_32_Fix_build_Define_machine_to_phys_mapping_valid.patch + 23562-xenpaging_remove_unused_spinlock_in_pager.patch + 23576-x86_show_page_walk_also_for_early_page_faults.patch + 23577-tools_merge_several_bitop_functions_into_xc_bitops.h.patch + 23578-xenpaging_add_xs_handle_to_struct_xenpaging.patch + 23579-xenpaging_drop_xc.c_remove_ASSERT.patch + 23580-xenpaging_drop_xc.c_remove_xc_platform_info_t.patch + 23581-xenpaging_drop_xc.c_remove_xc_wait_for_event.patch + 23582-xenpaging_drop_xc.c_move_xc_mem_paging_flush_ioemu_cache.patch + 23583-xenpaging_drop_xc.c_move_xc_wait_for_event_or_timeout.patch + 23584-xenpaging_drop_xc.c_remove_xc_files.patch + 23585-xenpaging_correct_dropping_of_pages_to_avoid_full_ring_buffer.patch + 23586-xenpaging_do_not_bounce_p2mt_back_to_the_hypervisor.patch + 23587-xenpaging_remove_srand_call.patch + 23588-xenpaging_remove_return_values_from_functions_that_can_not_fail.patch + 23589-xenpaging_catch_xc_mem_paging_resume_errors.patch + 23590-xenpaging_remove_local_domain_id_variable.patch + 23591-xenpaging_move_num_pages_into_xenpaging_struct.patch + 23592-xenpaging_start_paging_in_the_middle_of_gfn_range.patch + 23593-xenpaging_pass_integer_to_xenpaging_populate_page.patch + 23594-xenpaging_add_helper_function_for_unlinking_pagefile.patch + 23595-xenpaging_add_watch_thread_to_catch_guest_shutdown.patch + 23596-xenpaging_implement_stopping_of_pager_by_sending_SIGTERM-SIGINT.patch + 23597-xenpaging_remove_private_mem_event.h.patch + 23599-tools_fix_build_after_recent_xenpaging_changes.patch + 23817-mem_event_add_ref_counting_for_free_requestslots.patch + 23818-mem_event_use_mem_event_mark_and_pause_in_mem_event_check_ring.patch + 23827-xenpaging_use_batch_of_pages_during_final_page-in.patch + 23841-mem_event_pass_mem_event_domain_pointer_to_mem_event_functions.patch + 23842-mem_event_use_different_ringbuffers_for_share_paging_and_access.patch + 23874-xenpaging_track_number_of_paged_pages_in_struct_domain.patch + 23904-xenpaging_use_p2m-get_entry_in_p2m_mem_paging_functions.patch + 23905-xenpaging_fix_locking_in_p2m_mem_paging_functions.patch + 23906-xenpaging_remove_confusing_comment_from_p2m_mem_paging_populate.patch + 23908-p2m_query-modify_p2mt_with_p2m_lock_held.patch + 23943-xenpaging_clear_page_content_after_evict.patch + 23953-xenpaging_handle_evict_failures.patch + 23978-xenpaging_check_p2mt_in_p2m_mem_paging_functions.patch + 23979-xenpaging_document_p2m_mem_paging_functions.patch + 23980-xenpaging_disallow_paging_in_a_PoD_guest.patch + Remove obsolete patches: + x86-show-page-walk-early.patch + xenpaging.23817-mem_event_check_ring.patch + xenpaging.catch-xc_mem_paging_resume-error.patch + xenpaging.guest_remove_page.slow_path.patch + xenpaging.mem_event-no-p2mt.patch + xenpaging.no-srand.patch + xenpaging.return-void.patch + xenpaging.xenpaging_populate_page-gfn.patch + +------------------------------------------------------------------- +Thu Oct 20 20:57:11 CEST 2011 - ohering@suse.de + +- xen.spec: use changeset number as patch number for upstream patches + +------------------------------------------------------------------- +Wed Oct 19 11:37:36 UTC 2011 - adrian@suse.de + +- do not use runlevel 4 in init scripts, it makes it impossible + to "insserv xend" on 12.1 + +------------------------------------------------------------------- +Mon Oct 17 11:27:51 MDT 2011 - carnold@novell.com + +- Upstream patches from Jan + 23955-x86-pv-cpuid-xsave.patch + 23957-cpufreq-error-paths.patch + +------------------------------------------------------------------- +Tue Oct 11 09:38:59 MDT 2011 - carnold@novell.com + +- Upstream patches from Jan + 23933-pt-bus2bridge-update.patch + 23726-x86-intel-flexmigration-v2.patch + 23925-x86-AMD-ARAT-Fam12.patch + 23246-x86-xsave-enable.patch + 23897-x86-mce-offline-again.patch + +------------------------------------------------------------------- +Mon Oct 10 09:53:42 MDT 2011 - carnold@novell.com + +- Update to Xen 4.1.2_rc3 c/s 23171 + +------------------------------------------------------------------- +Thu Oct 6 17:57:56 MDT 2011 - jfehlig@suse.com + +- bnc#720054 - Changed /etc/udev/rules.d/40-xen.rules to not run + Xen's vif-bridge script when not running Xen. This is not a + solution to the bug but an improvement in the rules regardless. + Updated udev-rules.patch + +------------------------------------------------------------------- +Tue Oct 4 11:00:56 MDT 2011 - carnold@novell.com + +- Upstream patches from Jan + 23868-vtd-RMRR-validation.patch + 23871-x86-microcode-amd-silent.patch + 23898-cc-option-grep.patch + +------------------------------------------------------------------- +Fri Sep 30 12:47:59 MDT 2011 - jfehlig@suse.com + +- Add pciback init script and sysconf file, giving users a simple + mechanism to configure pciback. + init.pciback sysconfig.pciback + +------------------------------------------------------------------- +Fri Sep 23 12:11:23 CEST 2011 - ohering@suse.de + +- update scripts to use xl -f, or xm if xend is running: + xen-updown.sh, init.xendomains, xmclone.sh + +------------------------------------------------------------------- +Fri Sep 23 11:28:36 CEST 2011 - ohering@suse.de + +- bnc#694863 - kexec fails in xen + xenstored: allow guest to shutdown all its watches/transactions + xenstored.XS_RESET_WATCHES.patch + +------------------------------------------------------------------- +Thu Sep 22 09:33:28 MDT 2011 - carnold@novell.com + +- Upstream patches from Jan + 23843-scheduler-switch.patch + 23846-x86-TSC-check.patch + 23848-vmx-conditional-off.patch + 23853-x86-pv-cpuid-xsave.patch + +------------------------------------------------------------------- +Fri Sep 16 11:40:28 CEST 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + mem_event: add ref counting for free requestslots + xenpaging.23817-mem_event_check_ring.patch + +------------------------------------------------------------------- +Wed Sep 14 13:54:21 MDT 2011 - carnold@novell.com + +- bnc#717650 - Unable to start VM +- Update to Xen 4.1.2_rc2 c/s 23152 + +------------------------------------------------------------------- +Fri Sep 9 10:44:23 MDT 2011 - jfehlig@suse.com + +- bnc#716695 - domUs using tap devices will not start + updated multi-xvdp.patch + +------------------------------------------------------------------- +Tue Sep 6 13:11:51 MDT 2011 - carnold@novell.com + +- Upstream patches from Jan + 23803-intel-pmu-models.patch + 23800-x86_64-guest-addr-range.patch + 23795-intel-ich10-quirk.patch + 23804-x86-IPI-counts.patch + +------------------------------------------------------------------- +Wed Aug 31 09:31:27 MDT 2011 - jfehlig@suse.com + +- bnc#706106 - Inconsistent reporting of VM names during migration + xend-migration-domname-fix.patch + +------------------------------------------------------------------- +Tue Aug 30 08:50:40 MDT 2011 - carnold@novell.com + +- bnc#712823 - L3:Xen guest does not start reliable when rebooted + xend-vcpu-affinity-fix.patch + +------------------------------------------------------------------- +Tue Aug 23 08:53:20 MDT 2011 - carnold@novell.com + +- Upstream patches from Jan + 23725-pci-add-device.patch + 23762-iommu-fault-bm-off.patch + 23763-pci-multi-seg-x2apic-vtd-no-crash.patch + 23765-x86-irq-vector-leak.patch + 23766-x86-msi-vf-bars.patch + 23771-x86-ioapic-clear-pin.patch + 23772-x86-trampoline.patch + 23774-x86_64-EFI-EDD.patch + 23776-x86-kexec-hpet-legacy-bcast-disable.patch + 23781-pm-wide-ACPI-ids.patch + 23782-x86-ioapic-clear-irr.patch + 23783-ACPI-set-_PDC-bits.patch + +------------------------------------------------------------------- +Mon Aug 15 11:54:08 CEST 2011 - ohering@suse.de + +- Include gcc46 only when its available (>11.4 && >sles11sp1) + +------------------------------------------------------------------- +Fri Aug 12 09:43:23 MDT 2011 - carnold@novell.com + +- bnc#711943 - [xl] Fail to create multi-guests with NIC assigned + 23685-libxl-segfault-fix.patch + +------------------------------------------------------------------- +Thu Aug 11 00:36:17 MDT 2011 - jfehlig@suse.com + +- libxenlight and legacy xend toolstack should not be used + together. If xend is running, print a warning and exit + xl. Add a '-f' (force) option to xl to override this + behavior. + disable-xl-when-using-xend.patch + bnc#707664 + +------------------------------------------------------------------- +Wed Aug 10 09:08:28 MDT 2011 - carnold@novell.com + +- Upstream patches from Jan + 23732-sedf.patch + 23735-guest-dom0-cap.patch + 23746-vtd-cleanup-timers.patch + 23747-mmcfg-base-address.patch + 23749-mmcfg-reservation.patch + +------------------------------------------------------------------- +Tue Aug 9 13:38:09 CST 2011 - cyliu@novell.com + +- bnc#704160 - crm resource migrate fails with xen machines + update snapshot-xend.patch +- bnc#706574 - xm console DomUName hang after "xm save/restore" of + PVM on the latest Xen + xend-console-port-restore.patch + +------------------------------------------------------------------- +Tue Aug 9 16:42:23 CEST 2011 - ohering@suse.de + +- update xencommons script to run only when needed + xencommons-proc-xen.patch + +------------------------------------------------------------------- +Fri Jul 22 09:34:34 MDT 2011 - carnold@novell.com + +- Upstream patches from Jan + 23726-x86-intel-flexmigration.patch + 23706-fix-20892.patch + 23723-x86-CMOS-lock.patch + 23676-x86_64-image-map-bounds.patch + 23724-x86-smpboot-x2apic.patch + +------------------------------------------------------------------- +Mon Jul 11 17:19:53 CEST 2011 - ohering@suse.de + +- hotplug.losetup.patch + correct dev:inode detection, stat returns major:minor without + leading zeros, while losetup -a includes trailing zeros + +------------------------------------------------------------------- +Fri Jul 8 19:13:30 CST 2011 - cyliu@novell.com + +- fate#310635: xen npiv multipath support + update block-npiv* scripts for testing + +------------------------------------------------------------------- +Thu Jul 7 10:17:08 MDT 2011 - carnold@novell.com + +- Fixes for EFI support + x86-EFI-discard-comment.patch + +------------------------------------------------------------------- +Wed Jun 29 09:37:05 MDT 2011 - carnold@novell.com + +- fate#309894: Xen needs to correctly understand family 15h CPU + topology +- fate#311376: EFI support in SP2 +- fate#311529: Native UEFI booting under Xen (installation) + 23074-pfn.h.patch + 23571-vtd-fault-verbosity.patch + 23574-x86-dom0-compressed-ELF.patch + 23575-x86-DMI.patch + 23610-x86-topology-info.patch + 23611-amd-fam15-topology.patch + 23613-EFI-headers.patch + 23614-x86_64-EFI-boot.patch + 23615-x86_64-EFI-runtime.patch + 23616-x86_64-EFI-MPS.patch + +------------------------------------------------------------------- +Wed Jun 29 15:01:54 CEST 2011 - jbeulich@novell.com + +- Mark xen-scsi.ko supported (bnc#582265, fate#309459). + +------------------------------------------------------------------- +Tue Jun 28 11:07:10 MDT 2011 - carnold@novell.com + +- fate#310308: Hypervisor assisted watchdog driver + ioemu-watchdog-support.patch + ioemu-watchdog-linkage.patch + ioemu-watchdog-ib700-timer.patch + tools-watchdog-support.patch + +------------------------------------------------------------------- +Mon Jun 27 09:03:17 MDT 2011 - carnold@novell.com + +- bnc#702025 - VUL-0: xen: VT-d (PCI passthrough) MSI trap + injection (CVE-2011-1898) + Fixed in Xen version 4.1.1 + +------------------------------------------------------------------- +Wed Jun 22 18:11:18 CST 2011 - cyliu@novell.com + +- fate#310956: Support Direct Kernel Boot for FV guests + kernel-boot-hvm.patch + +------------------------------------------------------------------- +Wed Jun 22 13:49:22 CST 2011 - cyliu@novell.com + +- fate#310316: Support change vnc password while vm is running + change-vnc-passwd.patch +- fate#310325: Support get domU console log from Dom0 + log-guest-console.patch + +------------------------------------------------------------------- +Wed Jun 22 11:29:47 CEST 2011 - ohering@suse.de + +- fate#311487: remove modprobe.conf files for autoloading of Xen + and Hyper-V drivers + xen.sles11sp1.fate311487.xen_platform_pci.dmistring.patch + add dmi modalias to xen-platform-pci.ko + +------------------------------------------------------------------- +Tue Jun 21 14:21:42 MDT 2011 - carnold@novell.com + +- fate#308532: [NONCODE] Remove XEN 32-bit Hypervisor + Modify ExclusiveArch in xen.spec to build only x86_64 + +------------------------------------------------------------------- +Tue Jun 21 08:03:59 MDT 2011 - carnold@novell.com + +- fate#309900 - Add Xen support for SVM Decode Assist in AMD family + 15h +- fate#309902 - Add Xen support for AMD family 12h processors +- fate#309903 - Add Xen support for AMD family 14h processors +- fate#309906 - Add Xen support for performance event counters in + AMD family 15h + +------------------------------------------------------------------- +Fri Jun 17 06:37:36 MDT 2011 - carnold@novell.com + +- fate#309893: Add Xen support for AMD family 15h processors +- fate#309901: Add Xen support for SVM TSC scaling in AMD family + 15h +- fate#311951: Ivy Bridge: XEN support for Supervisor Mode + Execution Protection (SMEP) + 23437-amd-fam15-TSC-scaling.patch + 23462-libxc-cpu-feature.patch + 23481-x86-SMEP.patch + 23504-x86-SMEP-hvm.patch + 23505-x86-cpu-add-arg-check.patch + 23508-vmx-proc-based-ctls-probe.patch + 23510-hvm-cpuid-DRNG.patch + 23511-amd-fam15-no-flush-for-C3.patch + 23516-cpuid-ERMS.patch + 23538-hvm-pio-emul-no-host-crash.patch + 23539-hvm-cpuid-FSGSBASE.patch + 23543-x86_64-maddr_to_virt-assertion.patch + 23546-fucomip.patch + +------------------------------------------------------------------- +Wed Jun 15 15:31:17 MDT 2011 - jfehlig@novell.com + +- Fix libxc reentrancy issues + 23383-libxc-rm-static-vars.patch + +------------------------------------------------------------------- +Wed Jun 15 08:09:53 MDT 2011 - carnold@novell.com + +- fate#310957 - Update to Xen 4.1.1 FCS c/s 23079 + +------------------------------------------------------------------- +Tue Jun 14 11:26:30 CST 2011 - lidongyang@novell.com + +- fate#311000 - Extend Xen domain lock framework to support + more alternative + xend-domain-lock-sfex.patch + +------------------------------------------------------------------- +Mon Jun 13 14:50:32 CST 2011 - lidongyang@novell.com + +- fate#311371 - Enhance yast to configure live migration for + Xen and KVM + add firewall service file for xen-tools + +------------------------------------------------------------------- +Fri Jun 10 09:14:07 MDT 2011 - jfehlig@novell.com + +- Add man page for xen-list utility + updated xen-utils-0.1.tar.bz2 + +------------------------------------------------------------------- +Thu May 26 06:36:49 MDT 2011 - carnold@novell.com + +- Upstream patches from Jan + 23233-hvm-cr-access.patch + 23234-svm-decode-assist-base.patch + 23235-svm-decode-assist-crs.patch + 23236-svm-decode-assist-invlpg.patch + 23238-svm-decode-assist-insn-fetch.patch + 23303-cpufreq-misc.patch + 23304-amd-oprofile-strings.patch + 23305-amd-fam15-xenoprof.patch + 23306-amd-fam15-vpmu.patch + 23334-amd-fam12+14-vpmu.patch + 23338-vtd-force-intremap.patch + +------------------------------------------------------------------- +Thu May 26 06:27:56 MDT 2011 - carnold@novell.com + +- fate#310957 - Update to Xen 4.1.1-rc1 c/s 23064 + +------------------------------------------------------------------- +Tue May 24 18:19:04 CEST 2011 - ohering@suse.de + +- xentrace: dynamic tracebuffer allocation + xen-unstable.xentrace.dynamic_tbuf.patch + xen-unstable.xentrace.empty_t_info_pages.patch + xen-unstable.xentrace.verbose.patch + xen-unstable.xentrace.no_gdprintk.patch + xen-unstable.xentrace.comments.patch + xen-unstable.xentrace.printk_prefix.patch + xen-unstable.xentrace.remove_debug_printk.patch + xen-unstable.xentrace.t_info_pages-formula.patch + xen-unstable.xentrace.register_cpu_notifier-boot_time.patch + xen-unstable.xentrace.t_info_page-overflow.patch + xen-unstable.xentrace.t_info_first_offset.patch + xen-unstable.xentrace.data_size__read_mostly.patch + xen-unstable.xentrace.__insert_record-dst-type.patch + +------------------------------------------------------------------- +Tue May 24 13:51:14 CEST 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + update xenpaging patches for xen 4.1 + xenpaging.guest_remove_page.slow_path.patch + xenpaging.mem_event-no-p2mt.patch + xenpaging.no-srand.patch + xenpaging.return-void.patch + xenpaging.catch-xc_mem_paging_resume-error.patch + xenpaging.xenpaging_populate_page-gfn.patch + xenpaging.autostart.patch + +------------------------------------------------------------------- +Fri May 20 10:48:54 MDT 2011 - carnold@novell.com + +- bnc#670465 - When connecting to Xen guest through vncviewer mouse + tracking is off. +- Upstream patch 23298-hvmop-get-mem-type.patch replaces + xen.sles11sp1.bug684297.HVMOP_get_mem_type.patch +- Upstream patches from Jan + 23333-hvm-32bit-compat-hypercalls.patch + 23337-vtd-malicious-msi-filter.patch + 23338-vtd-force-intremap.patch (CVE-2011-1898) + 23341-x86-ioapic-write-entry.patch + 23343-vtd-error-path-leaks.patch + +------------------------------------------------------------------- +Thu May 19 11:22:51 CEST 2011 - ohering@suse.de + +- bnc#684305 - on_crash is being ignored with kdump now working in HVM + xend-config-enable-dump-comment.patch + +------------------------------------------------------------------- +Thu May 19 11:19:37 CEST 2011 - ohering@suse.de + +- disable xend's logrotation for xend.log, use included logrotate.conf + +------------------------------------------------------------------- +Wed May 18 17:00:16 CEST 2011 - ohering@suse.de + +- bnc#684297 - HVM taking too long to dump vmcore + xen.sles11sp1.bug684297.HVMOP_get_mem_type.patch + new hvm_op hyper call option + xen.sles11sp1.bug684297.xen_oldmem_pfn_is_ram.patch + Use new Xen HVMOP_get_mem_type hvmop hypercall option and new Linux + kernel register_oldmem_pfn_is_ram interface. + (depends on two kernel-source changes) + +------------------------------------------------------------------- +Tue May 17 11:31:49 MDT 2011 - carnold@novell.com + +- Update to Xen 4.1.1-rc1-pre c/s 23051 + +------------------------------------------------------------------- +Thu May 12 21:10:21 MDT 2011 - carnold@novell.com + +- Numerous cleanups when compiling with the unused-but-set-variable + flag enabled and warnings equal to errors. + xen-warnings-unused.diff + +------------------------------------------------------------------- +Thu May 12 08:30:48 MDT 2011 - jfehlig@novell.com + +- Add a 'long' option to xen-list utility + Updated xen-utils-0.1.tar.bz2 + +------------------------------------------------------------------- +Tue May 10 08:53:27 MDT 2011 - jfehlig@novell.com + +- bnc#691256 - move modprobe of xen backend modules from xend to + xencommons initscript + tmp-initscript-modprobe.patch + +------------------------------------------------------------------- +Mon May 9 16:26:06 MDT 2011 - jfehlig@novell.com + +- bnc#691738 - Xen does not find device create with npiv block + xen-qemu-iscsi-fix.patch + +------------------------------------------------------------------- +Tue May 3 11:11:05 MDT 2011 - carnold@novell.com + +- Upstream patches from Jan + 22998-x86-get_page_from_l1e-retcode.patch + 22999-x86-mod_l1_entry-retcode.patch + 23000-x86-mod_l2_entry-retcode.patch + 23096-x86-hpet-no-cpumask_lock.patch + 23099-x86-rwlock-scalability.patch + 23103-x86-pirq-guest-eoi-check.patch + 23127-vtd-bios-settings.patch + 23153-x86-amd-clear-DramModEn.patch + 23154-x86-amd-iorr-no-rdwr.patch + 23199-amd-iommu-unmapped-intr-fault.patch + 23200-amd-iommu-intremap-sync.patch + 23228-x86-conditional-write_tsc.patch + +------------------------------------------------------------------- +Tue May 3 08:54:51 MDT 2011 - carnold@novell.com + +- bnc#691238 - L3: question on behaviour change xm list + snapshot-xend.patch + +------------------------------------------------------------------- +Mon May 2 12:42:16 CEST 2011 - ohering@suse.de + +- update xenalyze to revision 98 + * Unify setting of vcpu data type + * Unify record size checks + * Fix cr3_switch not to access hvm struct before it's initialized +- add xenalyze.gcc46.patch to fix unused-but-set-variable errors + +------------------------------------------------------------------- +Thu Apr 28 10:24:46 MDT 2011 - jfehlig@novell.com + +- bnc#688473 - VUL-0: potential buffer overflow in tools + cve-2011-1583-4.0.patch + +------------------------------------------------------------------- +Thu Apr 28 17:18:57 CEST 2011 - ohering@suse.de + +- hotplug.losetup.patch + correct dev:inode detection and use variable expansion + +------------------------------------------------------------------- +Tue Apr 26 11:30:39 MDT 2011 - carnold@novell.com + +- bnc#623680 - xen kernel freezes during boot when processor module + is loaded + 23228-x86-conditional-write_tsc.patch +- bnc#680824 - dom0 can't recognize boot disk when IOMMU is enabled + 23200-amd-iommu-intremap-sync.patch +- Upstream patches from Jan + 23127-vtd-bios-settings.patch + 23153-x86-amd-clear-DramModEn.patch + 23154-x86-amd-iorr-no-rdwr.patch + 23199-amd-iommu-unmapped-intr-fault.patch + +------------------------------------------------------------------- +Thu Apr 21 16:30:30 CEST 2011 - ohering@suse.de + +- bnc#685189: update vif-route-ifup.patch to use correct variable + after upstream commit 22910:d4bc41a8cecb + +------------------------------------------------------------------- +Wed Apr 20 17:50:04 CEST 2011 - ohering@suse.de + +- bnc#688519: correct indention in xend-domain-lock.patch + +------------------------------------------------------------------- +Thu Apr 19 06:43:19 MST 2011 - jfehlig@novell.com + +- bnc#687981 - L3: mistyping model type when defining VIF crashes + VM + xend-validate-nic-model.patch + +------------------------------------------------------------------- +Mon Apr 11 15:55:04 MDT 2011 - jfehlig@suse.de + +- bnc#685338: Fix porting of xend-domain-lock.patch + +------------------------------------------------------------------- +Mon Apr 11 19:33:34 CEST 2011 - ohering@suse.de + +- update scripts to use xl instead of xm: + xen-updown.sh, init.xendomains, xmclone.sh + +------------------------------------------------------------------- +Mon Apr 11 17:34:46 CEST 2011 - ohering@suse.de + +- disable xend in openSuSE > 11.4 + the xl command is the replacement for the xm command + +------------------------------------------------------------------- +Thu Apr 7 18:16:45 CEST 2011 - ohering@suse.de + +- mark runlevel scripts as config to preserve local changes by + admin or dev during package update + +------------------------------------------------------------------- +Thu Apr 7 18:11:14 CEST 2011 - ohering@suse.de + +- enable xencommons runlevel script during upgrade if xend was + already enabled + +------------------------------------------------------------------- +Thu Apr 7 17:50:23 CEST 2011 - ohering@suse.de + +- call /sbin/ldconfig directly in xen-libs post install scripts + +------------------------------------------------------------------- +Tue Apr 5 10:57:20 MDT 2011 - carnold@novell.com + +- Upstream patches from Jan + 23103-x86-pirq-guest-eoi-check.patch + 23030-x86-hpet-init.patch + 23061-amd-iommu-resume.patch + 23127-vtd-bios-settings.patch + +------------------------------------------------------------------- +Thu Mar 31 12:41:24 UTC 2011 - coolo@novell.com + +- add baselibs.conf as libvirt uses 32bit libraries + +------------------------------------------------------------------- +Tue Mar 29 10:18:09 MDT 2011 - carnold@novell.com + +- Remus support is enabled for now. + +------------------------------------------------------------------- +Mon Mar 28 09:28:49 MDT 2011 - carnold@novell.com + +- Enable support for kernel decompression for gzip, bzip2, and LZMA + so that kernels compressed with any of these methods can be + launched + +------------------------------------------------------------------- +Fri Mar 25 09:48:04 MDT 2011 - carnold@novell.com + +- Update to Xen 4.1 FCS + +------------------------------------------------------------------- +Thu Mar 24 11:44:17 CET 2011 - ohering@suse.de + +- fix xentrace.dynamic_sized_tbuf.patch + the default case did not work, correct size calculation + +------------------------------------------------------------------- +Tue Mar 22 15:13:08 MDT 2011 - carnold@novell.com + +- Update to c/s 23010 Xen 4.1 rc8 + +------------------------------------------------------------------- +Tue Mar 22 10:53:00 CET 2011 - ohering@suse.de + +- use _smp_mflags instead of jobs, jobs is not expanded everywhere + +------------------------------------------------------------------- +Mon Mar 21 10:09:50 MDT 2011 - carnold@novell.com + +- bnc#681302 - xm create -x <guest> returns "ImportError: No module + named ext" + xm-create-xflag.patch + +------------------------------------------------------------------- +Thu Mar 17 06:22:30 MDT 2011 - carnold@novell.com + +- bnc#675817 - Kernel panic when creating HVM guests on AMD + platforms with XSAVE + 22462-x86-xsave-init-common.patch + +------------------------------------------------------------------- +Tue Mar 15 09:22:24 MDT 2011 - carnold@novell.com + +- bnc#679344 - Xen: multi-vCPU pv guest may crash host + 23034-x86-arch_set_info_guest-DoS.patch +- bnc#678871 - dom0 hangs long time when starting hvm guests with + memory >= 64GB + 22780-pod-preempt.patch +- bnc#675363 - Random lockups with kernel-xen. Possibly graphics + related + 22997-x86-map_pages_to_xen-check.patch +- Upstream patches from Jan + 22949-x86-nmi-pci-serr.patch + 22992-x86-fiop-m32i.patch + 22996-x86-alloc_xen_pagetable-no-BUG.patch + 23020-x86-cpuidle-ordering.patch + 23039-csched-constrain-cpu.patch + +------------------------------------------------------------------- +Mon Mar 14 22:20:39 MDT 2011 - jfehlig@novell.com + +- Fix xen-utils to cope with xen-unstable c/s 21483 + +------------------------------------------------------------------- +Mon Mar 14 10:11:19 MDT 2011 - carnold@novell.com + +- bnc#678229 - restore of sles HVM fails + 22873-svm-sr-32bit-sysenter-msrs.patch + +------------------------------------------------------------------- +Fri Mar 11 22:28:37 CET 2011 - ohering@suse.de + +- xz-devel is available since 11.2, make it optional for SLES11SP1 + +------------------------------------------------------------------- +Mon Feb 28 14:07:01 CST 2011 - cyliu@novell.com + +- Fix /vm/uuid xenstore leak on tapdisk2 device cleanup + 22499-xen-hotplug-cleanup.patch + +------------------------------------------------------------------- +Fri Feb 25 14:07:01 MST 2011 - carnold@novell.com + +- Upstream patches from Jan + 22872-amd-iommu-pci-reattach.patch + 22879-hvm-no-self-set-mem-type.patch + 22899-x86-tighten-msr-permissions.patch + 22915-x86-hpet-msi-s3.patch + 22947-amd-k8-mce-init-all-msrs.patch + +------------------------------------------------------------------- +Thu Feb 17 21:18:19 MST 2011 - jfehlig@novell.com + +- bnc#672833 - xen-tools bug causing problems with Ubuntu 10.10 + under Xen 4. + 22238-pygrub-grub2-fix.patch + +------------------------------------------------------------------- +Thu Feb 17 20:06:07 CST 2011 - lidongyang@novell.com + +- bnc#665610 - xm console > 1 to same VM messes up both consoles + Upstream rejected due to portability concern, see + http://lists.xensource.com/archives/html/xen-devel/2011-02/msg00942.html + xenconsole-no-multiple-connections.patch + +------------------------------------------------------------------- +Fri Feb 11 11:50:20 MST 2011 - carnold@novell.com + +- Enable support for kernel decompression for gzip, bzip2, and LZMA + so that kernels compressed with any of these methods can be + launched. + +------------------------------------------------------------------- +Tue Feb 10 14:12:46 CST 2011 - lidongyang@novell.com + +- bnc#651822 - xm snapshot-xxx scripts lead to an XP SP3 HVM domU + to chkdsk + Make sure we only apply the snapshot once, and the changes made + after snapshot-apply hit the disk. + +------------------------------------------------------------------- +Wed Feb 9 16:38:12 MST 2011 - carnold@novell.com + +- Update to Xen 4.1.0 c/s 22861 + +------------------------------------------------------------------- +Tue Feb 8 16:02:46 MST 2011 - jfehlig@novell.com + +- bnc#658569 - SLES 11 SP1 dom0 iptables gives lots of physdev + messages + 22385-vif-common.patch + +------------------------------------------------------------------- +Mon Feb 7 13:25:04 CET 2011 - ohering@suse.de + +- update xenalyze, more 64bit fixes + +------------------------------------------------------------------- +Mon Feb 7 13:17:12 CET 2011 - ohering@suse.de + +- allocate xentrace buffer metadata based on requested tbuf_size + xentrace.dynamic_sized_tbuf.patch + +------------------------------------------------------------------- +Mon Feb 7 13:07:43 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.runtime_mru_size.patch + - specify policy mru size at runtime + xenpaging.no_domain_id.patch + - reduce memory usage in pager + +------------------------------------------------------------------- +Mon Feb 7 13:01:03 CET 2011 - ohering@suse.de + +- bnc#625394 - set vif mtu from bridge mtu if kernel supports it + vif-bridge.mtu.patch + +------------------------------------------------------------------- +Sun Feb 6 15:46:43 CET 2011 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.autostart_delay.patch + - decouple create/destroycreateXenPaging from _create/_removeDevices + - change xenpaging variable from int to str + - init xenpaging variable to 0 if xenpaging is not in config file + to avoid string None coming from sxp file + +------------------------------------------------------------------- +Tue Feb 1 16:01:45 MST 2011 - carnold@novell.com + +- Update to Xen 4.0.2 rc2-pre, changeset 21443 + +------------------------------------------------------------------- +Mon Jan 31 10:45:21 MST 2011 - carnold@novell.com + +- bnc#633573 - System fail to boot after running several warm + reboot tests + 22749-vtd-workarounds.patch +- Upstream patches from Jan + 22744-ept-pod-locking.patch + 22777-vtd-ats-fixes.patch + 22781-pod-hap-logdirty.patch + 22782-x86-emul-smsw.patch + 22789-i386-no-x2apic.patch + 22790-svm-resume-migrate-pirqs.patch + 22816-x86-pirq-drop-priv-check.patch + +------------------------------------------------------------------- +Thu Jan 27 06:23:35 MST 2011 - carnold@novell.com + +- Don't pass the deprecataed extid parameter to xc.hvm_build + +------------------------------------------------------------------- +Fri Jan 14 08:29:15 MST 2011 - carnold@novell.com + +- bnc#658704 - SLES11 SP1 Xen boot panic in x2apic mode + 22707-x2apic-preenabled-check.patch +- bnc#641419 - L3: Xen: qemu-dm reports "xc_map_foreign_batch: mmap failed: + Cannot allocate memory" + 7434-qemu-rlimit-as.patch +- Additional or upstream patches from Jan + 22693-fam10-mmio-conf-base-protect.patch + 22694-x86_64-no-weak.patch + 22708-xenctx-misc.patch + 21432-4.0-cpu-boot-failure.patch + 22645-amd-flush-filter.patch + qemu-fix-7433.patch + +------------------------------------------------------------------- +Wed Jan 12 21:28:18 MST 2011 - carnold@novell.com + +- Maintain compatibility with the extid flag even though it is + deprecated for both legacy and sxp config files. + hv_extid_compatibility.patch + +------------------------------------------------------------------- +Wed Jan 12 16:08:10 CST 2011 - cyliu@novell.com + +- bnc#649209-improve suspend eventchn lock + suspend_evtchn_lock.patch + +------------------------------------------------------------------- +Tue Jan 11 11:48:10 MST 2011 - carnold@novell.com + +- Removed the hyper-v shim patches in favor of using the upstream + version. + +------------------------------------------------------------------- +Mon Jan 10 21:15:43 MST 2011 - carnold@novell.com + +- bnc#641419 - L3: Xen: qemu-dm reports "xc_map_foreign_batch: mmap + failed: Cannot allocate memory" + qemu-rlimit-as.patch + +------------------------------------------------------------------- +Mon Jan 10 15:23:18 CST 2011 - cyliu@novell.com + +- Upstream c/s 7433 to replace qemu_altgr_more.patch + 7433-qemu-altgr.patch + +------------------------------------------------------------------- +Fri Jan 7 16:13:24 MST 2011 - jfehlig@novell.com + +- bnc#661931 - Fix fd leak in xenstore library + 21344-4.0-testing-xenstore-fd-leak.patch + +------------------------------------------------------------------- +Tue Jan 4 18:06:31 MST 2011 - carnold@novell.com + +- bnc#656369 - g5plus: sles11sp1 xen crash with 8 socket x2apic + preenabled + 21989-x2apic-resume.patch + 22475-x2apic-cleanup.patch + 22535-x2apic-preenabled.patch +- bnc#658163 - maintenance release - Nehalem system cannot boot + into xen with maintenance release installed + 22504-iommu-dom0-holes.patch + 22506-x86-iommu-dom0-estimate.patch +- bnc#658704 - SLES11 SP1 Xen boot panic in x2apic mode + 21810-x2apic-acpi.patch +- Upstream patches from Jan + 22470-vlapic-tick-loss.patch + 22484-vlapic-tmcct-periodic.patch + 22526-ept-access-once.patch + 22533-x86-32bit-apicid.patch + 22534-x86-max-local-apic.patch + 22538-keyhandler-relax.patch + 22540-32on64-hypercall-debug.patch + 22549-vtd-map-page-leak.patch + 22574-ept-skip-validation.patch + 22632-vtd-print-entries.patch + +------------------------------------------------------------------- +Tue Jan 4 16:53:54 MST 2011 - carnold@novell.com + +- bnc#661298 - maintenance release candidate - Windows VMs reboot + too fast, triggering failsafe + xen-minimum-restart-time.patch + +------------------------------------------------------------------- +Tue Jan 4 10:23:18 CST 2011 - cyliu@novell.com + +- bnc#659070 - Fail to input '|' in en-us keyboard + qemu_altgr_more.patch + +------------------------------------------------------------------- +Tue Dec 28 11:23:18 MST 2010 - jfehlig@novell.com + +- bnc#659466 - XEN drbd block device type not working on SLES 11 SP1 + 20158-revert.patch + +------------------------------------------------------------------- +Mon Dec 27 15:35:04 MST 2010 - jfehlig@novell.com + +- Revert changes made to snapshot-xend.patch and + snapshot-ioemu-restore.patch made on 2010-11-19. The changes + were intended to fix bnc#651822, but testing revealed additional + changes were needed to completely resolve the bug. bnc#651822 + will be fixed in a subsequent maintenance release. + +------------------------------------------------------------------- +Mon Dec 27 14:43:13 CST 2010 - lidongyang@novell.com + +- bnc#654543 - PV guest won't unplug the IDE disk created by + qemu-dm + a dirty hack, only add the device to drives_table[] if we are FV + domU, that will be unplugged anyway if a PV driver is loaded + later. + ioemu-disable-emulated-ide-if-pv.patch + +------------------------------------------------------------------- +Wed Dec 22 11:31:52 CST 2010 - cyliu@novell.com + +- Upstream patch to replace xenfb_32bpp.patch + 7426-xenfb-depth.patch + +------------------------------------------------------------------- +Tue Dec 21 11:31:52 CST 2010 - lidongyang@novell.com + +- bnc#651822 make sure we only apply the snapshot once, and the + changes made after snapshot-apply hit the disk. + snapshot-xend.patch + snapshot-without-pv-fix.patch + +------------------------------------------------------------------- +Fri Dec 17 14:34:18 CET 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.HVMCOPY_gfn_paged_out.patch + - remove incorrect and unneeded cleanup from do_memory_op + subfunctions + add mainline tag to merged patches + +------------------------------------------------------------------- +Thu Dec 16 17:29:11 MST 2010 - jfehlig@novell.com + +- bnc#613584 - If available, use kpartx '-f' option in domUloader + +------------------------------------------------------------------- +Thu Dec 16 10:14:47 MST 2010 - jfehlig@novell.com + +- bnc#659872 - xend: Do no release domain lock on checkpoint + operation. + +------------------------------------------------------------------- +Tue Dec 14 11:59:26 MST 2010 - carnold@novell.com + +- Upstream patches from Jan + 22431-p2m-remove-bug-check.patch + 22448-x86_64-gdt-ldt-fault-filter.patch + 22466-x86-sis-apic-bug.patch + 22451-hvm-cap-clobber.patch + 22388-x2apic-panic.patch + 22452-x86-irq-migrate-directed-eoi.patch + +------------------------------------------------------------------- +Tue Dec 14 10:39:56 MST 2010 - carnold@novell.com + +- bnc#658163 - maintenance release - Nehalem system cannot boot + into xen with maintenance release installed + iommu-dom0-holes.patch + x86-iommu-dom0-estimate.patch + +------------------------------------------------------------------- +Tue Dec 14 10:35:52 MST 2010 - carnold@novell.com + +- bnc#659085 - physical host is rebooted with unknown reason + Regression: Remove the patch 22071-ept-get-entry-lock.patch + +------------------------------------------------------------------- +Tue Dec 13 10:27:04 MST 2010 - carnold@novell.com + +- Removed 7410-qemu-alt-gr.patch and altgr_2.patch. It causes a + regression (see bnc#659070) + +------------------------------------------------------------------- +Tue Dec 7 15:38:58 CET 2010 - ohering@suse.de + +- make stubdom build optional + +------------------------------------------------------------------- +Tue Dec 7 15:14:12 CET 2010 - ohering@suse.de + +- pass -j N to stubdom build + +------------------------------------------------------------------- +Tue Dec 7 14:56:31 CET 2010 - ohering@suse.de + +- add xenalzye from http://xenbits.xensource.com/ext/xenalyze.hg + +------------------------------------------------------------------- +Tue Dec 7 14:25:54 CET 2010 - ohering@suse.de + +- hotplug-block-losetup-a.patch + allow hardlinked blockdevices +- fate#310510 - fix xenpaging + xenpaging.paging_prep_enomem.patch + - retry page-in if guest is temporary out-of-memory + xenpaging.print-arguments.patch + - print arguments passed to xenpaging + xenpaging.machine_to_phys_mapping.patch + - invalidate array during page deallocation + xenpaging.autostart_delay.patch + - fold xenpaging.enabled.patch into this patch + - set xenpaging_delay to 0.0 to start xenpaging right away + +------------------------------------------------------------------- +Fri Dec 3 15:57:58 MST 2010 - carnold@novell.com + +- bnc#654591 - SLES11 SP0->Sp1 regression? (Xen, HVMs, NPIV) + Fixed xen-qemu-iscsi-fix.patch + +------------------------------------------------------------------- +Fri Dec 3 14:50:01 CST 2010 - cyliu@novell.com + +- blktap2 patch - fix problem that blktap2 device info not cleared + when block-attach fail. + blktap2.patch + +------------------------------------------------------------------- +Tue Nov 30 13:44:35 MST 2010 - carnold@novell.com + +- bnc#655438 - Using performance counter in domU on Nehalem cpus + 22417-vpmu-nehalem.patch +- Upstream patches from Jan + 22389-amd-iommu-decls.patch + 22416-acpi-check-mwait.patch + 22431-p2m-remove-bug-check.patch + +------------------------------------------------------------------- +Tue Nov 30 06:46:28 MST 2010 - carnold@novell.com + +- bnc#656245 - VUL-1: hypervisor: application or kernel in any pv + Xen domain can crash Xen + x86_64-gdt-ldt-fault-filter.patch + +------------------------------------------------------------------- +Mon Nov 29 10:06:49 MST 2010 - carnold@novell.com + +- bnc#654050 - Python: a crasher bug in pyexpat - upstream patch + needs backporting + 22235-lxml-validator.patch + +------------------------------------------------------------------- +Tue Nov 23 15:46:09 MST 2010 - jfehlig@novell.com + +- bnc#628729 - Add a small, fast alternative to 'xm list' for + enumerating active domains. xen-list is a C program that uses + libxenstore and libxenctl directly, bypassing the python + toolstack. + xen-utils-0.1.tar.bz2 + +------------------------------------------------------------------- +Mon Nov 22 11:51:30 MST 2010 - jfehlig@novell.com + +- bnc#628729 - Add a small, fast alternative to 'xm list' for + enumerating active domains. xen-list is a C program that uses + libxenstore and libxenctl directly, bypassing the python + toolstack. + xen-utils-0.1.tar.bz2 + +------------------------------------------------------------------- +Fri Nov 19 11:48:43 CST 2010 - lidongyang@novell.com + +- bnc#651822 - xm snapshot-xxx scripts lead to an XP SP3 HVM domU + to chkdsk + snapshot-xend.patch + snapshot-ioemu-restore.patch + +------------------------------------------------------------------- +Wed Nov 17 15:20:02 MST 2010 - carnold@novell.com + +- bnc#651957 - Xen: vm-install failed to start + xenpaging.enabled.patch + +------------------------------------------------------------------- +Wed Nov 17 10:35:52 CET 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.signal_handling.patch + - unlink pagefile in signal handler + +------------------------------------------------------------------- +Fri Nov 12 09:48:14 MST 2010 - carnold@novell.com + +- Upstream patch for python 2.7 compatibility + 22045-python27-compat.patch + +------------------------------------------------------------------- +Thu Nov 11 18:44:48 CST 2010 - cyliu@novell.com + +- bnc#641144 - FV Xen VM running windows or linux cannot write to + virtual floppy drive + bdrv_default_rwflag.patch + +------------------------------------------------------------------- +Thu Nov 11 21:01:12 CET 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.optimize_p2m_mem_paging_populate.patch + xenpaging.HVMCOPY_gfn_paged_out.patch + +------------------------------------------------------------------- +Thu Nov 11 10:11:35 MST 2010 - carnold@novell.com + +- bnc#649864 - automatic numa cpu placement of xen conflicts with + cpupools + 22326-cpu-pools-numa-placement.patch + +------------------------------------------------------------------- +Wed Nov 10 17:38:39 CET 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.populate_only_if_paged.patch + - revert logic, populate needs to happen unconditionally + xenpaging.p2m_mem_paging_populate_if_p2m_ram_paged.patch + - invalidate current mfn only if gfn is not in flight or done + xenpaging.mem_event_check_ring-free_requests.patch + - print info only if 1 instead of 2 slots are free + xenpaging.guest_remove_page.patch + - check mfn before usage in resume function + xenpaging.machine_to_phys_mapping.patch + - check mfn before usage in resume function + +------------------------------------------------------------------- +Tue Nov 9 10:00:48 MST 2010 - jfehlig@novell.com + +- bnc#552115 - Remove target discovery in block-iscsi + modified block-iscsi script + +------------------------------------------------------------------- +Mon Nov 8 13:11:02 MDT 2010 - jfehlig@novell.com + +- bnc#649277 - Fix pci passthru in xend interface used by libvirt + 22369-xend-pci-passthru-fix.patch + +------------------------------------------------------------------- +Mon Nov 8 02:49:00 UTC 2010 - lidongyang@novell.com + +- bnc#642078 - xm snapshot-create causes qemu-dm to SEGV + snapshot-without-pv-fix.patch + +------------------------------------------------------------------- +Fri Nov 5 16:22:15 CET 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.num_pages_equal_max_pages.patch + +------------------------------------------------------------------- +Fri Nov 5 09:13:38 MDT 2010 - carnold@novell.com + +- bnc#647681 - L3: Passthrough of certain PCI device broken after + SLES 11 to SP1 upgrade +- bnc#650871 - Regression in Xen PCI Passthrough + 22348-vtd-check-secbus-devfn.patch +- Upstream patches from Jan + 22223-vtd-workarounds.patch (bnc#652935) + 22231-x86-pv-ucode-msr-intel.patch + 22232-x86-64-lahf-lm-bios-workaround.patch + 22280-kexec.patch + 22337-vtd-scan-single-func.patch + +------------------------------------------------------------------- +Wed Nov 3 16:26:10 MDT 2010 - carnold@novell.com + +- bnc#497149 - SLES11 64bit Xen - SLES11 64bit HVM guest has + corrupt text console + stdvga-cache.patch + +------------------------------------------------------------------- +Wed Nov 3 17:52:14 CET 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.page_already_populated.patch + xenpaging.notify_policy_only_once.patch + xenpaging.guest_remove_page.patch + xenpaging.machine_to_phys_mapping.patch + remove xenpaging.memory_op.patch, retry loops are not needed + +------------------------------------------------------------------- +Tue Nov 2 14:10:34 MDT 2010 - carnold@novell.com + +- bnc#474789 - xen-tools 3.3 rpm misses pv-grub +- PV-GRUB replaces PyGrub to boot domU images safely: it runs the + regular grub inside the created domain itself and uses regular + domU facilities to read the disk / fetch files from network etc.; + it eventually loads the PV kernel and chain-boots it. + +------------------------------------------------------------------- +Wed Oct 27 20:08:51 CEST 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.doc.patch +- add /var/lib/xen/xenpaging directory + +------------------------------------------------------------------- +Wed Oct 27 11:50:17 MDT 2010 - ksrinivasan@novell.com + +- Some cleanup in the APIC handling code in the HyperV shim. + hv_apic.patch + +------------------------------------------------------------------- +Wed Oct 27 18:04:30 CEST 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.memory_op.patch, correct delay handling in retry loop + +------------------------------------------------------------------- +Wed Oct 27 03:56:38 EDT 2010 - cyliu@novell.com + +- bnc#640370 - VM graphic console in VNC is corrupted + xenfb_32bpp.patch + +------------------------------------------------------------------- +Fri Oct 22 13:34:54 CEST 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.autostart_delay.patch + delay start of xenpaging 7 seconds for smooth BIOS startup + +------------------------------------------------------------------- +Wed Oct 20 15:50:01 CEST 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.tools_xenpaging_cleanup.patch + +------------------------------------------------------------------- +Wed Oct 20 15:31:47 CEST 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.mem_event_check_ring-free_requests.patch + +------------------------------------------------------------------- +Wed Oct 20 15:29:40 CEST 2010 - ohering@suse.de + +- install /etc/xen/examples/xentrace_formats.txt to get human readable + tracedata if xenalyze is not used + +------------------------------------------------------------------- +Sun Oct 17 11:14:33 CEST 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.autostart_delay.patch + xenpaging.blacklist.patch + xenpaging.MRU_SIZE.patch + remove xenpaging.hacks.patch, realmode works + +------------------------------------------------------------------- +Mon Oct 11 08:59:35 MDT 2010 - carnold@novell.com + +- Upstream patches from Jan including fixes for the following bugs + bnc#583568 - Xen kernel is not booting + bnc#615206 - Xen kernel fails to boot with IO-APIC problem + bnc#640773 - Xen kernel crashing right after grub + bnc#643477 - issues with PCI hotplug/hotunplug to Xen driver domain + 22222-x86-timer-extint.patch + 22214-x86-msr-misc-enable.patch + 22213-x86-xsave-cpuid-check.patch + 22194-tmem-check-pv-mfn.patch + 22177-i386-irq-safe-map_domain_page.patch + 22175-x86-irq-enter-exit.patch + 22174-x86-pmtimer-accuracy.patch + 22160-Intel-C6-EOI.patch + 22159-notify-evtchn-dying.patch + 22157-x86-debug-key-i.patch + +------------------------------------------------------------------- +Mon Oct 11 16:03:23 CEST 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.signal_handling.patch + xenpaging.autostart.patch + xenpaging.hacks.patch + +------------------------------------------------------------------- +Mon Oct 11 15:42:02 CEST 2010 - ohering@suse.de + +- rename xenpaging.XENMEM_decrease_reservation.patch + to xenpaging.memory_op.patch + +------------------------------------------------------------------- +Tue Oct 8 14:11:31 CST 2010 - cyliu@novell.com + +- bnc#632956 - fix VNC altgr-insert behavior + 7410-qemu-alt-gr.patch + altgr_2.patch + +------------------------------------------------------------------- +Thu Oct 7 10:58:39 MDT 2010 - jfehlig@novell.com + +- bnc#618087 - VNC view won't stay connected to fully virtualized + Linux Xen VMs + modified ioemu-vnc-resize.patch + +------------------------------------------------------------------- +Tue Oct 5 09:34:20 MDT 2010 - carnold@novell.com + +- bnc#639546 - Dom-U deleted after introduction of the parameter + "change_home_server False" in the VM configuration + change_home_server.patch + +------------------------------------------------------------------- +Mon Oct 4 09:06:41 MDT 2010 - jfehlig@novell.com + +- bnc#641859 - block-dmmd script does not handle the configuration + when only MD is used + modified block-dmmd script + +------------------------------------------------------------------- +Thu Sep 30 17:52:55 CEST 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.populate_only_if_paged.patch + +------------------------------------------------------------------- +Mon Sep 27 09:59:37 MDT 2010 - carnold@novell.com + +- bnc#640773 - Xen kernel crashing right after grub + 21894-intel-unmask-cpuid.patch +- Upstream patch from Jan + 22148-serial-irq-dest.patch + +------------------------------------------------------------------- +Tue Sep 23 16:45:11 CST 2010 - cyliu@novell.com + +- bnc#628719 - improve check_device_status to handle HA cases + check_device_status.patch + +------------------------------------------------------------------- +Tue Sep 23 16:43:11 CST 2010 - cyliu@novell.com + +- bnc#628719 - multi-xvdp + mutli-xvdp.patch + +------------------------------------------------------------------- +Wed Sep 22 10:50:20 CEST 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.XENMEM_decrease_reservation.patch + xenpaging.xenpaging_init.patch + xenpaging.policy_linear.patch + +------------------------------------------------------------------- +Tue Sep 20 14:11:31 CST 2010 - cyliu@novell.com + +- bnc#632956 - fix VNC altgr-insert behavior + 7410-qemu-alt-gr.patch + altgr_2.patch + +------------------------------------------------------------------- +Fri Sep 17 15:59:45 CEST 2010 - ohering@suse.de + +- fate#310510 - fix xenpaging + xenpaging.pageout_policy.patch + xenpaging.xs_daemon_close.patch + xenpaging.pagefile.patch + xenpaging.mem_paging_tool_qemu_flush_cache.patch + xenpaging.get_paged_frame.patch + xenpaging.notify_via_xen_event_channel.patch + +------------------------------------------------------------------- +Mon Sep 13 16:24:31 MDT 2010 - carnold@novell.com + +- bnc#636231 - XEN: Unable to disconnect/remove CDROM drive from VM + xend-devid-or-name.patch + +------------------------------------------------------------------- +Mon Sep 13 10:50:56 MDT 2010 - carnold@novell.com + +- Upstream patches from Jan + 22019-x86-cpuidle-online-check.patch + 22051-x86-forced-EOI.patch + 22067-x86-irq-domain.patch + 22068-vtd-irte-RH-bit.patch + 22071-ept-get-entry-lock.patch + 22084-x86-xsave-off.patch + +------------------------------------------------------------------- +Mon Sep 13 10:47:09 MDT 2010 - carnold@novell.com + +- bnc#638465 - hypervisor panic in memory handling + 22135-heap-lock.patch + +------------------------------------------------------------------- +Thu Sep 10 14:14:50 MDT 2010 - carnold@novell.com + +- Update to Xen 4.0.1. This is a bug fix release. + +------------------------------------------------------------------- +Thu Sep 9 16:42:43 MDT 2010 - jfehlig@novell.com + +- bnc#635380 - Fix pygrub Grub2 support + See update to Xen 4.0.1 for fixes + +------------------------------------------------------------------- +Fri Aug 27 16:22:48 CST 2010 - cyliu@novell.com + +- bnc#628701 - Improve performance when activate/deactivate dmmd + devices + modified block-dmmd script + +------------------------------------------------------------------- +Wed Aug 25 16:18:39 MDT 2010 - jfehlig@novell.com + +- bnc#628701 - Fix qemu-dm handling of dmmd devices + modified xen-qemu-iscsi-fix.patch + +------------------------------------------------------------------- +Mon Aug 16 18:35:11 MDT 2010 - carnold@novell.com + +- bnc#626262 - Populate-on-demand memory problem on xen with hvm + guest + 21971-pod-accounting.patch + +------------------------------------------------------------------- +Mon Aug 16 17:03:58 CST 2010 - cyliu@novell.com + +- bnc#584204 - xm usb-list broken + usb-list.patch + +------------------------------------------------------------------- +Thu Aug 12 06:13:44 MDT 2010 - carnold@novell.com + +- bnc#625520 - TP-L3: NMI cannot be triggered for xen kernel + 21926-x86-pv-NMI-inject.patch + +------------------------------------------------------------------- +Mon Aug 9 09:47:09 MDT 2010 - carnold@novell.com + +- bnc#613529 - TP-L3: kdump kernel hangs when crash was initiated + from xen kernel + 21886-kexec-shutdown.patch + +------------------------------------------------------------------- +Mon Aug 2 16:42:41 MDT 2010 - carnold@novell.com + +- Upstream Intel patches to improve X2APIC handling. + 21716-iommu-alloc.patch + 21717-ir-qi.patch + 21718-x2apic-logic.patch + +------------------------------------------------------------------- +Tue Jul 27 16:23:09 MDT 2010 - jfehlig@novell.com + +- bnc#623833 - Error in Xend-API method VM_set_actions_after_crash + 21866-xenapi.patch + +------------------------------------------------------------------- +Tue Jul 27 15:37:51 MDT 2010 - jfehlig@novell.com + +- bnc#625003 - Fix vm config options coredump-{restart,destroy} + Added hunk to xm-create-xflag.patch + +------------------------------------------------------------------- +Mon Jul 26 16:53:02 MDT 2010 - jfehlig@novell.com + +- bnc#605186 - Squelch harmless error messages in block-iscsi + +------------------------------------------------------------------- +Mon Jul 26 16:22:56 MDT 2010 - jfehlig@novell.com + +- bnc#623438 - Add ability to control SCSI device path scanning + in xend + 21847-pscsi.patch + +------------------------------------------------------------------- +Mon Jul 26 16:01:07 MDT 2010 - carnold@novell.com + +- Enable the packaging of create.dtd. This is needed for when xm + is configured to use xenapi. + +------------------------------------------------------------------- +Wed Jul 21 11:46:41 MDT 2010 - carnold@novell.com + +- bnc#624285 - TP-L3: xen rdtsc emulation reports wrong frequency + 21445-x86-tsc-handling-cleanups-v2.patch + +------------------------------------------------------------------- +Thu Jul 20 13:23:14 MDT 2010 - carnold@novell.com + +- bnc#623201 - drbd xvd will fail in new xen4 packages due to wrong + popen2 arguments in blkif.py + popen2-argument-fix.patch + +------------------------------------------------------------------- +Thu Jul 8 15:27:14 MDT 2010 - carnold@novell.com + +- bnc#620694 - Xen yast vm-install for existing paravirtualized + disk fails with UnboundLocalError: local variable 'dev_type' + referenced before assignment + 21678-xend-mac-fix.patch + +------------------------------------------------------------------- +Wed Jul 7 11:20:30 MDT 2010 - carnold@novell.com + +- bnc#586221 - cannot add DomU with USB host controller defined + domu-usb-controller.patch (Chun Yan Liu) + +------------------------------------------------------------------- +Tue Jul 6 11:31:33 MDT 2010 - carnold@novell.com + +- Upstream patches from Jan + 21151-trace-bounds-check.patch + 21627-cpuidle-wrap.patch + 21643-vmx-vpmu-pmc-offset.patch + 21682-trace-buffer-range.patch + 21683-vtd-kill-timer-conditional.patch + 21693-memevent-64bit-only.patch + 21695-trace-t_info-readonly.patch + 21698-x86-pirq-range-check.patch + 21699-p2m-query-for-type-change.patch + 21700-32on64-vm86-gpf.patch + 21705-trace-printk.patch + 21706-trace-security.patch + 21712-amd-osvw.patch + 21744-x86-cpufreq-range-check.patch + 21933-vtd-ioapic-write.patch + 21953-msi-enable.patch + +------------------------------------------------------------------- +Fri Jun 25 15:43:35 CST 2010 - jsong@novell.com + +- bnc#599550 - Xen cannot distinguish the status of 'pause' + 21723-get-domu-state.patch + +------------------------------------------------------------------- +Tue Jun 22 11:50:35 MDT 2010 - jfehlig@novell.com + +- bnc#604611 - Do not store vif device details when vif config + contains invalid mac address. + 21653-xend-mac-addr.patch + +------------------------------------------------------------------- +Wed Jun 16 08:36:44 MDT 2010 - carnold@novell.com + +- linux pvdrv: generalize location of autoconf.h + Fixes error because of missing autoconf.h when building os11.2 + Factory. + +------------------------------------------------------------------- +Mon Jun 14 10:00:07 MDT 2010 - carnold@novell.com + +- bnc#609153 - xm migrate <domain_name> localhost -l fails on + Windows VMs + 21615-dont-save-xen-heap-pages.patch +- Upstream fixes from Jan + 21446-iommu-graceful-generic-fail.patch + 21453-shadow-avoid-remove-all-after-teardown.patch + 21456-compat-hvm-addr-check.patch + 21492-x86-pirq-unbind.patch + 21526-x86-nehalem-cpuid-mask.patch + 21620-x86-signed-domain-irq.patch + +------------------------------------------------------------------- +Mon Jun 7 10:55:20 MDT 2010 - carnold@novell.com + +- bnc#612189 - Clear APIC Timer Initial Count Register when masking + timer interrupt + 21542-amd-erratum-411.patch + +------------------------------------------------------------------- +Fri Jun 4 10:48:30 MDT 2010 - carnold@novell.com + +- bnc#610658 - XEN: PXE boot fails for fully virtualized guests - + e1000 virtual nic. (see also bnc#484778) + enable_more_nic_pxe.patch + +------------------------------------------------------------------- +Tue May 25 15:17:38 MDT 2010 - carnold@novell.com + +- bnc#608191 - /var/adm/fillup-templates/sysconfig.xend from + package xen-tools is no valid sysconfig file + xend-sysconfig.patch + +------------------------------------------------------------------- +Tue May 25 14:32:57 MDT 2010 - carnold@novell.com + +- bnc#608194 - /etc/xen/* config files are not packaged with + noreplace + +------------------------------------------------------------------- +Tue May 25 13:19:17 MDT 2010 - carnold@novell.com + +- bnc#569744 - SLE HVM guest clock/timezone is incorrect after + reboot + 21460-xend-timeoffset.patch + +------------------------------------------------------------------- +Tue May 25 11:20:30 MDT 2010 - jfehlig@novell.com + +- bnc#606882 - Allow spaces in vbd path names + 21459-block-script.patch + +------------------------------------------------------------------- +Mon May 24 15:10:12 CST 2010 - jsong@novell.com +- bnc#591799 - The status of Caps Lock is incorrect in domU + capslock_enable.patch + +------------------------------------------------------------------- +Thu May 20 09:56:07 MDT 2010 - carnold@novell.com + +- Upstream fixes from Jan including a fix for Intel's ATS issue + 21435-vmx-retain-global-controls.patch + 21406-x86-microcode-quiet.patch + 21421-vts-ats-enabling.patch + +------------------------------------------------------------------- +Wed May 19 13:23:36 MDT 2010 - carnold@novell.com + +- bnc#607219 - AMD Erratum 383 workaround for Xen + 21408-amd-erratum-383.patch + +------------------------------------------------------------------- +Wed May 19 08:09:41 MDT 2010 - carnold@novell.com + +- Added modprobe of evtchn to init.xend. The kernel will also need + to build evtchn as a module for this to be meaningful. + +------------------------------------------------------------------- +Mon May 17 08:31:24 MDT 2010 - carnold@novell.com + +- bnc#603008 - On an 8 Socket Nehalem-EX system, the fix for 593536 + causes a hang during network setup. +- Upstream patches from Jan. + 21360-x86-mce-polling-disabled-init.patch + 21372-x86-cross-cpu-wait.patch + 21331-svm-vintr-during-nmi.patch + 21333-xentrace-t_info-size.patch + 21340-vtd-dom0-mapping-latency.patch + 21346-x86-platform-timer-wrap.patch + 21373-dummy-domain-io-caps.patch + +------------------------------------------------------------------- +Wed May 12 08:42:20 MDT 2010 - carnold@novell.com + +- bnc#605182 - /etc/xen/scripts/xen-hotplug-cleanup: line 24: [: + !=: unary operator expected + 21129-xen-hotplug-cleanup.patch + +------------------------------------------------------------------- +Mon May 10 10:26:07 MDT 2010 - carnold@novell.com + +- bnc#599929 - Hot add/remove Kawela NIC device over 500 times will + cause guest domain crash + passthrough-hotplug-segfault.patch + +------------------------------------------------------------------- +Fri May 7 09:00:12 MDT 2010 - jfehlig@novell.com + +- bnc#603583 - Fix migration of domUs using tapdisk devices + 21317-xend-blkif-util-tap2.patch + suse-disable-tap2-default.patch + +------------------------------------------------------------------- +Thu May 6 08:33:22 MDT 2010 - carnold@novell.com + +- Match upstreams cpu pools switch from domctl to sysctl +- Upstream replacements for two of our custom patches (to ease + applying further backports) +- Fixed dump-exec-state.patch (could previously hang the system, as + could - with lower probability - the un-patched implementation) + +------------------------------------------------------------------- +Wed May 5 08:20:45 MDT 2010 - carnold@novell.com + +- bnc#593536 - xen hypervisor takes very long to initialize Dom0 on + 128 CPUs and 256Gb + 21272-x86-dom0-alloc-performance.patch + 21266-vmx-disabled-check.patch + 21271-x86-cache-flush-global.patch + +------------------------------------------------------------------- +Tue May 4 09:46:22 MDT 2010 - carnold@novell.com + +- bnc#558815 - using multiple npiv luns with same wwpn/wwnn broken +- bnc#601104 - Xen /etc/xen/scripts/block-npiv script fails when + accessing multiple disks using NPIV + block-npiv + +------------------------------------------------------------------- +Fri Apr 30 08:10:52 MDT 2010 - carnold@novell.com + +- bnc#595124 - VT-d can not be enabled on 32PAE Xen on Nehalem-EX + platform + 21234-x86-bad-srat-clear-pxm2node.patch + bnc#585371 - kdump fails to load with xen: locate_hole failed + 21235-crashkernel-advanced.patch + +------------------------------------------------------------------- +Thu Apr 29 08:02:49 MDT 2010 - carnold@novell.com + +- bnc#588918 - Attaching a U-disk to domain's failed by + "xm usb-attach" + init.xend + +------------------------------------------------------------------- +Wed Apr 21 21:15:04 MDT 2010 - jfehlig@novell.com + +- bnc#596442 - Preserve device config on domain start failure + xend-preserve-devs.patch + +------------------------------------------------------------------- +Tue Apr 20 15:18:31 MDT 2010 - jfehlig@novell.com + +- bnc#597770 - insserv reports a loop between xendomains and + openais. Remove openais from Should-Start in xendomains script. + +------------------------------------------------------------------- +Fri Apr 16 15:00:52 MDT 2010 - jfehlig@novell.com + +- bnc#569194 - Tools-side fixes for tapdisk protocol specification + blktap-script.patch + ioemu-subtype.patch + Modified xen-domUloader.diff + +------------------------------------------------------------------- +Wed Apr 14 08:14:31 MDT 2010 - carnold@novell.com + +- Upstream bug fixes from Jan + 21089-x86-startup-irq-from-setup-gsi.patch + 21109-x86-cpu-hotplug.patch + 21150-shadow-race.patch + 21160-sysctl-debug-keys.patch + +------------------------------------------------------------------- +Fri Apr 9 12:38:47 MDT 2010 - jfehlig@novell.com + +- Updated to Xen 4.0.0 FCS, changeset 21091 + +------------------------------------------------------------------- +Tue Apr 6 18:18:36 MDT 2010 - jfehlig@novell.com + +- Change default lock dir (when domain locking is enabled) to + /var/lib/xen/images/vm_locks +- Support SXP config files in xendomains script + +------------------------------------------------------------------- +Tue Mar 31 08:09:49 MDT 2010 - carnold@novell.com + +- Update to changeset 21087 Xen 4.0.0 RC9. + +------------------------------------------------------------------- +Fri Mar 26 07:57:33 MDT 2010 - carnold@novell.com + +- Update to changeset 21075 Xen 4.0.0 RC8. + +------------------------------------------------------------------- +Thu Mar 25 15:59:28 CST 2010 - jsong@novell.com + +- bnc#584210 - xm usb-hc-destroy does not remove entry from xend + del_usb_xend_entry.patch + +------------------------------------------------------------------- +Tue Mar 23 09:55:52 MDT 2010 - carnold@novell.com + +- Update to changeset 21057 Xen 4.0.0 RC7. + +------------------------------------------------------------------- +Wed Mar 17 16:42:20 CST 2010 - jsong@novell.com + +-Fix bnc#466899 - numa enabled xen fails to start/create vms + adjust_vcpuaffinity_more_cpu.patch + +------------------------------------------------------------------- +Tue Mar 9 16:28:59 MST 2010 - carnold@novell.com + +- Update to changeset 21022 Xen 4.0.0 RC6. + +------------------------------------------------------------------- +Tue Mar 9 10:43:27 MST 2010 - carnold@novell.com + +- bnc#586510 - cpupool fixes + cpu-pools-update.patch + +------------------------------------------------------------------- +Fri Mar 5 09:04:18 MST 2010 - carnold@novell.com + +- bnc#582645 - Xen stuck, mptbase driver attempting to reset config + request + +------------------------------------------------------------------- +Mon Mar 1 10:05:07 MST 2010 - carnold@novell.com + +- Update to changeset 20990 Xen 4.0.0 RC5. + +------------------------------------------------------------------- +Mon Feb 22 08:26:01 MST 2010 - jfehlig@novell.com + +- bnc#556939 - Improve device map cleanup code in domUloader + +------------------------------------------------------------------- +Sun Feb 21 21:34:23 MST 2010 - jfehlig@novell.com + +- bnc# 578910 - xm block-detach does not cleanup xenstore + hotplug-cleanup-fix.patch + +------------------------------------------------------------------- +Fri Feb 19 11:56:57 MST 2010 - carnold@novell.com + +- bnc#579361 - Windows Server 2003 cannot wake up from stand by in + sp1 + hibernate.patch + +------------------------------------------------------------------- +Fri Feb 19 09:49:56 MST 2010 - carnold@novell.com + +- fate#308852: XEN CPU Pools + cpupools-core.patch + cpupools-core-fixup.patch + keyhandler-alternative.patch + cpu-pools-libxc.patch + cpu-pools-python.patch + cpu-pools-libxen.patch + cpu-pools-xmtest.patch + cpu-pools-docs.patch + +------------------------------------------------------------------- +Thu Feb 18 15:18:59 MST 2010 - ksrinivasan@novell.com + +- bnc#558760: Disable scsi devices when PV drivers are loaded. + +------------------------------------------------------------------- +Tue Feb 16 08:35:08 MST 2010 - carnold@novell.com + +- Update to changeset 20951 Xen 4.0.0 RC4 for sle11-sp1 beta5. + +------------------------------------------------------------------- +Mon Feb 8 08:08:01 MST 2010 - carnold@novell.com + +- bnc#572146 - SLES11 SP1 beta 2 Xen - BUG: soft lockup - CPU#31 + stuck for 61s! [kstop/31:4512] + cpuidle-hint-v3.patch + +------------------------------------------------------------------- +Fri Feb 5 08:16:39 MST 2010 - carnold@novell.com + +- Update to changeset 20900 RC2+ for sle11-sp1 beta4. + +------------------------------------------------------------------- +Fri Jan 29 09:22:46 MST 2010 - carnold@novell.com + +- bnc#573376 - OS reboot while create DomU with Windows CD + +------------------------------------------------------------------- +Wed Jan 27 11:45:27 MST 2010 - carnold@novell.com + +- bnc#573881 - /usr/lib64/xen/bin/qemu-dm is a broken link + +------------------------------------------------------------------- +Thu Jan 21 18:50:36 MST 2010 - carnold@novell.com + +- Update to changeset 20840 RC1+ for sle11-sp1 beta3. + +------------------------------------------------------------------- +Thu Jan 21 10:41:59 MST 2010 - jfehlig@novell.com + +- bnc#569581 - SuSEfirewall2 should handle rules. Disable + handle_iptable in vif-bridge script + vif-bridge-no-iptables.patch + +------------------------------------------------------------------- +Wed Jan 20 09:12:00 MST 2010 - carnold@novell.com + +- bnc#569577 - /etc/modprove.d/xen_pvdrivers, installed by + xen-kmp-default, to ../xen_pvdrivers.conf + +------------------------------------------------------------------- +Wed Jan 6 16:50:16 EST 2010 - ksrinivasan@novell.com + +- bnc#564406 - Make the new PV drivers work with older hosts that + do not understand the new PV driver protocol. + +------------------------------------------------------------------- +Fri Dec 11 08:28:16 MST 2009 - carnold@novell.com + +- Upstream Xen version renamed to 4.0.0 in changeset 20624 & 20625. + +------------------------------------------------------------------- +Wed Dec 9 10:37:12 MST 2009 - carnold@novell.com + +- fate#307594: HP-MCBS: XEN: support NR_CPUS=256 + This is a spec file change (xen.spec) + +------------------------------------------------------------------- +Thu Dec 3 06:55:00 MST 2009 - carnold@novell.com + +- bnc#555152 - "NAME" column in xentop (SLES11) output limited to + 10 characters unlike SLES10 + The update to c/s 20572 includes this fix (at c/s 20567). + +------------------------------------------------------------------- +Tue Dec 1 17:46:20 CST 2009 - wkong@novell.com + +- Modify xen-paths.diff + +------------------------------------------------------------------- +Tue Dec 1 16:39:26 CST 2009 - wkong@novell.com + +- Merge xend-tap-fix.patch to xen-domUloader.diff + remove part of it which accepted by upstream + +------------------------------------------------------------------- +Tue Dec 1 11:08:10 MST 2009 - jfehlig@novell.com + +- Load gntdev module in xend init script similar to blkbk, + netbk, etc. + +------------------------------------------------------------------- +Thu Nov 26 11:29:51 CST 2009 - wkong@novell.com + +- Backport dmmd from sles11/xen + block-dmmd + xen-qemu-iscsi-fix.patch + xen.spec + +------------------------------------------------------------------- +Thu Nov 26 10:53:16 CST 2009 - wkong@novell.com + +- Fix regression when create_vbd for tap + xend-tap-fix.patch + +------------------------------------------------------------------- +Tue Nov 24 11:01:22 MST 2009 - carnold@novell.com + +- Temporarily disable libxl because of libconfig dependency. + +------------------------------------------------------------------- +Thu Nov 19 11:32:12 CST 2009 - wkong@novell.com + +- fate#302864 domUloader support lvm in disk + domUloader.py + Note: for test in Beta1, if not good, remove it + +------------------------------------------------------------------- +Thu Nov 19 11:23:22 CST 2009 - wkong@novell.com + +- fate#302864 domUloader support fs on whole disk + domUloader.py + +------------------------------------------------------------------- +Fri Nov 6 16:51:31 CET 2009 - carnold@suse.de + +- Turn KMPs back on now that kernel side fix is checked in. + +------------------------------------------------------------------- +Tue Oct 20 15:09:14 MDT 2009 - jfehlig@novell.com + +- fate#304415 VMM: ability to switch networking mode + Add vif-route-ifup to handle routed configurations using + sysconfig scripts. + vif-route-ifup.patch + +------------------------------------------------------------------- +Mon Oct 19 17:21:25 CST 2009 - jsong@novell.com + +- fate#307540 USB for Xen VMs + usb-add.patch + +------------------------------------------------------------------- +Mon Oct 19 17:21:00 CST 2009 - jsong@novell.com + +- fate#305545 XEN extra descriptive field within xenstore + add_des.patch + +------------------------------------------------------------------- +Mon Oct 12 12:51:50 MDT 2009 - carnold@novell.com + +- Update to Xen version 3.5.0 for the following features. + fate#304226 XEN: FlexMigration feature of VT-x2 support + fate#305004 Add SR-IOV PF and VF drivers to Vt-d enabled Xen + fate#306830 T states in Xen controlling by MSR + fate#306832 Fix for xen panic on new processors + fate#306833 Westmere and Nehalem-EX: Add support for Pause Loop exiting feature for Xen + fate#306835 Xen: server virtual power management enhacement + fate#306837 VT-d2 - PCI SIG ATS support + fate#306872 Xen: Node manager support P/T-states change when Vt-d enable + fate#306873 Xen: SMP guest live migration may fail with hap=1 on NHM + fate#306875 Westmere: LT-SX (Xen) + fate#306891 RAS features for Xen: Add support for Machine Check and CPU/Memory online/offline features + fate#307322 1GB page support in Xen + fate#307324 Xen IOMMU support + +------------------------------------------------------------------- +Fri Oct 9 09:24:29 MDT 2009 - carnold@novell.com + +- bnc#541945 - xm create -x command does not work in SLES 10 SP2 or + SLES 11 + xm-create-xflag.patch + +------------------------------------------------------------------- +Thu Oct 8 22:44:04 MDT 2009 - jfehlig@novell.com + +- Minor enhancement to xen-updown.sh sysconfig hook + +------------------------------------------------------------------- +Mon Sep 28 16:34:19 CST 2009 - wkong@novell.com + +- Add patch ioemu-bdrv-open-CACHE_WB.patch + for install guest on tapdisk very very slow. + +------------------------------------------------------------------- +Fri Sep 25 15:08:12 MDT 2009 - jfehlig@novell.com + +- Add temporary workaround for race between xend writing and + qemu-dm reading from xenstore. The issue is preventing PV + domUs from booting as they have no backend console. + qemu-retry-be-status.patch +- bnc#520234 - npiv does not work with XEN + Update block-npiv +- bnc#496033 - Support for creating NPIV ports without starting vm + block-npiv-common.sh + block-npiv-vport + Update block-npiv +- bnc#500043 - Fix access to NPIV disk from HVM vm + Update xen-qemu-iscsi-fix.patch + +------------------------------------------------------------------- +Tue Sep 15 09:32:59 MDT 2009 - jfehlig@novell.com + +- bnc#513921 - Xen doesn't work get an eror when starting the + install processes or starting a pervious installed DomU + 20125-xc-parse-tuple-fix.patch + +------------------------------------------------------------------- +Wed Sep 2 10:12:18 MDT 2009 - carnold@novell.com + +- bnc#536176 - Xen panic when using iommu after updating hypervisor + 19380-vtd-feature-check.patch + +------------------------------------------------------------------- +Fri Aug 28 09:54:08 MDT 2009 - jfehlig@novell.com + +- bnc#530959 - virsh autostart doesn't work + Fixing this libvirt bug also required fixing xend's op_pincpu + method with upstream c/s 19580 + 19580-xend-pincpu.patch + +------------------------------------------------------------------- +Fri Aug 28 08:05:17 MDT 2009 - jbeulich@novell.com + +- bnc#534146 - Xen: Fix SRAT check for discontig memory + 20120-x86-srat-check-discontig.patch + +------------------------------------------------------------------- +Mon Aug 24 07:59:14 MDT 2009 - carnold@novell.com + +- bnc#491081 - Xen time goes backwards x3950M2 + 20112-x86-dom0-boot-run-timers.patch + +------------------------------------------------------------------- +Tue Aug 11 01:08:51 CEST 2009 - ro@suse.de + +- disable module build for ec2 correctly to fix build + (at the suse_kernel_module_package macro) + +------------------------------------------------------------------- +Mon Aug 10 16:21:00 EDT 2009 - ksrinivasan@novell.com + +- bnc#524071 - implemented workaround for a windows7 bug. + hv_win7_eoi_bug.patch + +------------------------------------------------------------------- +Mon Aug 3 11:53:37 MDT 2009 - jfehlig@novell.com + +- bnc#524180 - xend memory leak resulting in long garbage collector + runs + 20013-xend-memleak.patch + +------------------------------------------------------------------- +Fri Jul 31 13:22:09 MDT 2009 - carnold@novell.com + +- Upstream bugfixes from Jan. + 19896-32on64-arg-xlat.patch + 19960-show-page-walk.patch + 19945-pae-xen-l2-entries.patch + 19953-x86-fsgs-base.patch + 19931-gnttblop-preempt.patch + 19885-kexec-gdt-switch.patch + 19894-shadow-resync-fastpath-race.patch +- hvperv shim patches no longer require being applied conditionally + +------------------------------------------------------------------- +Wed Jul 29 08:47:50 MDT 2009 - jfehlig@novell.com + +- bnc#520234 - npiv does not work with XEN in SLE11 + Update block-npiv +- bnc#496033 - Support for creating NPIV ports without starting vm + block-npiv-common.sh + block-npiv-vport + Update block-npiv +- bnc#500043 - Fix access to NPIV disk from HVM vm + Update xen-qemu-iscsi-fix.patch + +------------------------------------------------------------------- +Wed Jul 15 11:52:31 MDT 2009 - carnold@novell.com + +- Don't build the KMPs for the ec2 kernel. + +------------------------------------------------------------------- +Thu Jul 2 12:45:32 MDT 2009 - jfehlig@novell.com + +- Upstream fixes from Jan Beulich + 19606-hvm-x2apic-cpuid.patch + 19734-vtd-gcmd-submit.patch + 19752-vtd-srtp-sirtp-flush.patch + 19753-vtd-reg-write-lock.patch + 19764-hvm-domain-lock-leak.patch + 19765-hvm-post-restore-vcpu-state.patch + 19767-hvm-port80-inhibit.patch + 19768-x86-dom0-stack-dump.patch + 19770-x86-amd-s3-resume.patch + 19801-x86-p2m-2mb-hap-only.patch + 19815-vtd-kill-correct-timer.patch +- Patch from Jan Beulich to aid in debugging bnc#509911 + gnttblop-preempt.patch + +------------------------------------------------------------------- +Tue Jun 23 15:32:14 CST 2009 - wkong@novell.com + +- bnc#515220 - qemu-img-xen snapshot Segmentation fault + qemu-img-snapshot.patch update + +------------------------------------------------------------------- +Tue Jun 9 13:52:07 CST 2009 - wkong@novell.com + +- bnc#504491 - drop write data when set read only disk in xen config + bdrv_open2_fix_flags.patch + bdrv_open2_flags_2.patch + +------------------------------------------------------------------- +Fri Jun 5 13:19:04 MDT 2009 - carnold@novell.com + +- Upstream fixes from Jan Beulich. + 19474-32on64-S3.patch + 19490-log-dirty.patch + 19492-sched-timer-non-idle.patch + 19493-hvm-io-intercept-count.patch + 19505-x86_64-clear-cr1.patch + 19519-domctl-deadlock.patch + 19523-32on64-restore-p2m.patch + 19555-ept-live-migration.patch + 19557-amd-iommu-ioapic-remap.patch + 19560-x86-flush-tlb-empty-mask.patch + 19571-x86-numa-shift.patch + 19578-hvm-load-ldt-first.patch + 19592-vmx-exit-reason-perfc-size.patch + 19595-hvm-set-callback-irq-level.patch + 19597-x86-ioport-quirks-BL2xx.patch + 19602-vtd-multi-ioapic-remap.patch + 19631-x86-frametable-map.patch + 19653-hvm-vcpuid-range-checks.patch + +------------------------------------------------------------------- +Wed Jun 05 10:35:18 MDT 2009 - jsong@novell.com + +- bnc#382112 - Caps lock not being passed to vm correctly. + capslock_enable.patch + +------------------------------------------------------------------- +Wed May 27 10:35:18 MDT 2009 - jfehlig@novell.com + +- bnc#506833 - Use pidof in xend and xendomains init scripts + +------------------------------------------------------------------- +Wed May 27 09:39:25 MDT 2009 - jsong@novell.com +- bnc#484778 - XEN: PXE boot of FV domU using non-Realtek NIC fails + enable_more_nic_pxe.patch + +------------------------------------------------------------------- +Wed May 27 09:38:40 MDT 2009 - jsong@novell.com +cross-migrate.patch +- bnc#390961 - cross-migration of a VM causes it to become + unresponsive (remains paused after migration) + +------------------------------------------------------------------- +Tue May 19 10:58:40 MDT 2009 - carnold@novell.com + +- Patches taken to fix the xenctx tool. The fixed version of this + tool is needed to debug bnc#502735. + 18962-xc_translate_foreign_address.patch + 18963-xenctx.patch + 19168-hvm-domctl.patch + 19169-remove-declare-bitmap.patch + 19170-libxc.patch + 19171-xenctx.patch + 19450-xc_translate_foreign_address.patch + +------------------------------------------------------------------- +Mon May 18 16:15:57 CST 2009 - wkong@novell.com +-bnc#485770 - check exsit file for save and snapshot-create + xm-save-check-file.patch + snapshot-xend.patch + +------------------------------------------------------------------- +Mon May 18 15:06:41 CST 2009 - wkong@novell.com +-bnc#503782 - Using converted vmdk image does not work + ioemu-tapdisk-compat-QEMU_IMG.patch + +------------------------------------------------------------------- +Thu May 14 10:54:03 MDT 2009 - jfehlig@novell.com + +- bnc#503332 - Remove useless qcow tools + /usr/sbin/{qcow-create,img2qcow,qcow2raw} from xen-tools package. + +------------------------------------------------------------------- +Wed May 13 09:59:50 CST 2009 - jsong@novell.com +- bnc#474738 - adding CD drive to VM guest makes it unbootable. + parse_boot_disk.patch + +------------------------------------------------------------------- +Mon May 11 18:49:50 CST 2009 - wkong@novell.com +- bnc#477892 - snapshot windows can't accomplish. + snapshot-xend.patch + +------------------------------------------------------------------- +Tue Apr 28 11:57:00 MDT 2009 - carnold@novell.com + +- bnc#495300 - L3: Xen unable to PXE boot Windows based DomU's + 18545-hvm-gpxe-rom.patch, 18548-hvm-gpxe-rom.patch + +------------------------------------------------------------------- +Mon Apr 27 10:42:17 MDT 2009 - jfehlig@novell.com + +- bnc#459836 - Fix rtc_timeoffset when localtime=0 + xend-timeoffset.patch + +------------------------------------------------------------------- +Wed Apr 22 14:50:35 MDT 2009 - carnold@novell.com + +- bnc#497440 - xmclone.sh script incorrectly handles networking for + SLE11. + +------------------------------------------------------------------- +Fri Apr 17 16:21:36 MDT 2009 - wkong@novell.com +- bnc#477890 - VM becomes unresponsive after applying snapshot + +------------------------------------------------------------------- +Wed Apr 15 16:34:08 MDT 2009 - jfehlig@novell.com + +- bnc#494892 - Update xend-domain-lock.patch to flock the lock + file. + +------------------------------------------------------------------- +Wed Apr 8 16:30:14 EDT 2009 - ksrinivasan@novell.com + +- bnc#439639 - SVVP Test 273 System - Sleep Stress With IO" fails + +Turned off s3/s4 sleep states for HVM guests. + +------------------------------------------------------------------- +Tue Apr 7 21:55:14 MDT 2009 - jsong@novell.com + +- bnc#468169 - fix domUloader to umount the mounted device mapper target in dom0 + when install a sles10 guest with disk = /dev/disk/by_path + +------------------------------------------------------------------- +Thu Apr 2 16:03:25 MDT 2009 - jfehlig@novell.com + +- bnc#488490 - domUloader can't handle block device names with ':' +- bnc#486244 - vms fail to start after reboot when using qcow2 + +------------------------------------------------------------------- +Tue Mar 31 15:00:50 MDT 2009 - carnold@novell.com + +- bnc#490835 - VTd errata on Cantiga chipset + 19230-vtd-mobile-series4-chipset.patch + +------------------------------------------------------------------- +Mon Mar 30 15:03:16 MDT 2009 - carnold@novell.com + +- bnc#482515 - Missing dependency in xen.spec + +------------------------------------------------------------------- +Thu Mar 26 09:17:00 MDT 2009 - carnold@novell.com + +- Additional upstream bug fix patches from Jan Beulich. + 19132-page-list-mfn-links.patch + 19134-fold-shadow-page-info.patch + 19135-next-shadow-mfn.patch + 19136-page-info-rearrange.patch + 19156-page-list-simplify.patch + 19161-pv-ldt-handling.patch + 19162-page-info-no-cpumask.patch + 19216-msix-fixmap.patch + 19268-page-get-owner.patch + 19293-vcpu-migration-delay.patch + 19391-vpmu-double-free.patch + 19415-vtd-dom0-s3.patch + +------------------------------------------------------------------- +Wed Mar 25 13:55:25 MDT 2009 - carnold@novell.com + +- Imported numerous upstream bug fix patches. + 19083-memory-is-conventional-fix.patch + 19097-M2P-table-1G-page-mappings.patch + 19137-lock-domain-page-list.patch + 19140-init-heap-pages-max-order.patch + 19167-recover-pat-value-s3-resume.patch + 19172-irq-to-vector.patch + 19173-pci-passthrough-fix.patch + 19176-free-irq-shutdown-fix.patch + 19190-pciif-typo-fix.patch + 19204-allow-old-images-restore.patch + 19232-xend-exception-fix.patch + 19239-ioapic-s3-suspend-fix.patch + 19240-ioapic-s3-suspend-fix.patch + 19242-xenstored-use-after-free-fix.patch + 19259-ignore-shutdown-deferrals.patch + 19266-19365-event-channel-access-fix.patch + 19275-19296-schedular-deadlock-fixes.patch + 19276-cpu-selection-allocation-fix.patch + 19302-passthrough-pt-irq-time-out.patch + 19313-hvmemul-read-msr-fix.patch + 19317-vram-tracking-fix.patch + 19335-apic-s3-resume-error-fix.patch + 19353-amd-migration-fix.patch + 19354-amd-migration-fix.patch + 19371-in-sync-L1s-writable.patch + 19372-2-on-3-shadow-mode-fix.patch + 19377-xend-vnclisten.patch + 19400-ensure-ltr-execute.patch + 19410-virt-to-maddr-fix.patch + +------------------------------------------------------------------- +Mon Mar 9 16:28:27 MDT 2009 - jfehlig@novell.com + +- bnc#483565 - Fix block-iscsi script. + Updated block-iscsi and xen-domUloader.diff + +------------------------------------------------------------------- +Mon Mar 9 16:06:03 MDT 2009 - carnold@novell.com + +- bnc#465814 - Mouse stops responding when wheel is used in Windows + VM. + mouse-wheel-roll.patch (James Song) +- bnc#470704 - save/restore of windows VM throws off the mouse + tracking. + usb-save-restore.patch (James Song) + +------------------------------------------------------------------- +Thu Mar 5 15:35:30 MST 2009 - jfehlig@novell.com + +- bnc#436629 - Use global vnc-listen setting specified in xend + configuration file. + xend-vnclisten.patch +- bnc#482623 - Fix pygrub to append user-supplied 'extra' args + to kernel args. + 19234_pygrub.patch + +------------------------------------------------------------------- +Thu Mar 5 13:52:48 MST 2009 - carnold@novell.com + +- bnc#481161 upgrade - sles10sp2 to sles11 upgrade keeps + xen-tools-ioemu + +------------------------------------------------------------------- +Tue Mar 3 16:11:39 CET 2009 - kukuk@suse.de + +- Don't load 8139* driver if xen-vnif works [bnc#480164] + +------------------------------------------------------------------- +Fri Feb 27 18:32:01 MST 2009 - carnold@novell.com + +- bnc#480164 - Default network proposal in fully virtualized + SLES 11 VM is invalid. + xen_pvdrivers + +------------------------------------------------------------------- +Thu Feb 26 15:05:38 MST 2009 - carnold@novell.com + +- bnc#474822 - L3: Win2003 i386 XEN VM can see only 2 TB with a + 4TB LUN. + int13_hardisk-64bit-lba.patch + +------------------------------------------------------------------- +Wed Feb 25 11:52:16 MST 2009 - jfehlig@novell.com + +- bnc#477890 - Destroy domain if snapshot restore fails. + Updated snapshot-xend.patch + +------------------------------------------------------------------- +Tue Feb 24 14:13:35 EST 2009 - ksrinivasan@novell.com + +- bnc#470238 - SLE11 32FV guest is hanging during certification + tests. + bnc#468265 - Xen guest shows duplicate drives + bnc#469598 - SLES11 RC2 64bit Xen - SLES11 full virt guests + hanging under load. + disable_emulated_device.diff + +------------------------------------------------------------------- +Tue Feb 24 16:03:35 CET 2009 - kwolf@suse.de + +- bnc#477892 - Disable xend timeout for snapshots + Updated snapshot-xend.patch + +------------------------------------------------------------------- +Tue Feb 24 14:28:52 CET 2009 - kwolf@suse.de + +- bnc#477895 - Fix detaching blktap disks from domains without + device model + Updated blktap-ioemu-close-fix.patch + +------------------------------------------------------------------- +Fri Feb 20 11:46:12 CET 2009 - kwolf@suse.de + +- bnc#472390 - Enable debuginfo for ioemu + ioemu-debuginfo.patch + +------------------------------------------------------------------- +Thu Feb 19 08:40:07 MST 2009 - carnold@novell.com + +- bnc#473883 - Xen: 64 bit guest crashes with qemu-dm segfault + qemu-dm-segfault.patch + +------------------------------------------------------------------- +Wed Feb 18 15:33:17 MST 2009 - jfehlig@novell.com + +- bnc#437776 - Remove tracing (bash -x) from network-nat script + network-nat.patch + +------------------------------------------------------------------- +Wed Feb 18 15:19:21 MST 2009 - jfehlig@novell.com + +- bnc#473815 - Handle NULL return when reading a xenstore path. + Updated blktap-error-handling.patch + +------------------------------------------------------------------- +Wed Feb 18 20:52:23 CET 2009 - kwolf@suse.de + +- Fix VHD image support for > 4 GB (offsets truncated to 32 bits) + ioemu-vpc-4gb-fix.patch + +------------------------------------------------------------------- +Thu Feb 12 12:03:44 EST 2009 - ksrinivasan@novell.com + +- bnc#468660 - Fix migration from sles10 to sles11 on Intel. + old-arbytes.patch + +------------------------------------------------------------------- +Thu Feb 12 08:17:31 MST 2009 - carnold@novell.com + +- bnc#473800 - If VT-d is enabled, Dom0 fails to boot up on + Nehalem-HEDT platform. + 19198-fix-snoop.patch + 19154-snoop-control.patch + +------------------------------------------------------------------- +Thu Feb 5 12:03:44 MST 2009 - jfehlig@novell.com + +- bnc#470133 - Better error handling in xm when not booted Xen + 19153-xm-noxen-error.patch + +------------------------------------------------------------------- +Wed Feb 4 20:35:41 CET 2009 - kwolf@suse.de + +- bnc#472075 - Fix ioemu to initialize its blktap backend also for + fully virtualized guests + ioemu-blktap-fv-init.patch + +------------------------------------------------------------------- +Tue Feb 3 13:35:28 MST 2009 - jfehlig@novell.com + +- bnc#470855 - Add note to xm man page on how to detach domain + console + 19152-xm-man-page.patch + +------------------------------------------------------------------- +Mon Feb 2 14:15:55 MST 2009 - jfehlig@novell.com + +- bnc#471090 - XendAPIStore: Do not remove non-existent item + class list + 19151-xend-class-dereg.patch + +------------------------------------------------------------------- +Mon Feb 2 10:41:05 MST 2009 - carnold@novell.com + +- bnc#470949 - user mode application may crash kernel + 19088-x86-page-non-atomic-owner.patch (Jan Beulich) + 19089-x86_64-widen-page-refcounts.patch + 19103-x86_64-fold-page-lock.patch + x86_64-page-info-pack.patch + x86_64-sh-next-shadow.patch + +------------------------------------------------------------------- +Fri Jan 23 11:47:31 MST 2009 - carnold@novell.com + +- Intel - Remove improper operating condition that results in a + machine check. + 19072-vmx-pat.patch + 19079-snp_ctl-1.patch + +------------------------------------------------------------------- +Fri Jan 23 11:45:16 CET 2009 - kwolf@suse.de + +- bnc#465379 - Fix blktap error handling + blktap-error-handling.patch + +------------------------------------------------------------------- +Thu Jan 22 08:36:40 MST 2009 - carnold@novell.com + +- bnc#435219 - XEN pv-driver doesn't work + +------------------------------------------------------------------- +Thu Jan 22 14:17:00 CET 2009 - jbeulich@novell.com + +- Fix unmaskable MSI handling. + 18778-msi-irq-fix.patch + +------------------------------------------------------------------- +Wed Jan 21 16:33:16 MST 2009 - jfehlig@novell.com + +- bnc#467883 - Squelch output of xen-updown.sh sysconfig hook + script and don't save state of tap devices not belonging to Xen. + +------------------------------------------------------------------- +Wed Jan 21 08:15:31 MST 2009 - carnold@novell.com + +- bnc#467807 - Xen: IRQs stop working + xen-ioapic-ack-default.diff + +------------------------------------------------------------------- +Fri Jan 16 14:20:08 MST 2009 - carnold@novell.com + +- bnc#447178 - xm dump-core does not work for cross-bitness guest. + 19046-cross-bit-coredumping.patch + 19048-cross-bit-coredumping.patch + 19051-cross-bit-coredumping.patch + +------------------------------------------------------------------- +Thu Jan 15 10:26:13 MST 2009 - brieske@novell.com + +- bnc#429637 - SSVP SMBIOS HCT Test failing + 19027-hvmloader-SMBIOS-dev-mem-boundary.patch + +------------------------------------------------------------------- +Wed Jan 14 08:22:08 MST 2009 - carnold@novell.com + +- bnc#460805 - Unable to boot with Xen kernel with IBM T42p / T41p + 19039-x86-propagate-nolapic.patch + 19038-x86-no-apic.patch + +------------------------------------------------------------------- +Mon Jan 5 10:14:41 MST 2009 - carnold@novell.com + +- bnc#435596 - dom0 S3 resume fails if disk drive is set as AHCI + mode. + 18937-S3-MSI.patch +- Final Xen 3.3.1 FCS changeset 18546 + +------------------------------------------------------------------- +Mon Dec 29 09:16:20 MST 2008 - carnold@novell.com + +- bnc#436021 - On PAE host with EPT enabled, booting a HVM guest + with 4G memory will cause Xen hang. + 18943-amd-32bit-paging-limit.patch + +------------------------------------------------------------------- +Mon Dec 22 14:18:15 MST 2008 - carnold@novell.com + +- bnc#461596 - Failue to load 64-bit HVM Solaris 10U6 DomU with 2 + vcpus. Update to RC4 contains fix in c/s 18538. + +------------------------------------------------------------------- +Mon Dec 22 11:27:38 MST 2008 - jfehlig@novell.com + +- bnc#379032 and bnc#404014 - Fix loop device leak in domUloader + +------------------------------------------------------------------- +Wed Dec 17 16:32:12 CET 2008 - kwolf@suse.de + +- bnc#456758 - Allow all block device types for which a script + exists in /etc/xen/scripts besides file, tap and phy. + reenable-block-protocols.patch + +------------------------------------------------------------------- +Mon Dec 15 10:30:25 MST 2008 - carnold@novell.com + +- Patch cleanup. Updated tarball with several of our stand-alone + but now upstream patches (c/s 18536). + +------------------------------------------------------------------- +Fri Dec 5 15:47:31 CET 2008 - kwolf@suse.de + +- bnc#404014 - Fix memory leak in libxenguest during domain + creation + libxc-zlib-memleak.patch + +------------------------------------------------------------------- +Thu Dec 4 11:45:55 MST 2008 - jfehlig@novell.com + +- bnc#456511 - Fix domain name change after checkpoint/shutdown + events. + +------------------------------------------------------------------- +Tue Dec 2 15:57:03 MST 2008 - carnold@novell.com + +- Fixed xmclone.sh. It calls lomount which no longer exists in the + distro. + +------------------------------------------------------------------- +Tue Nov 25 15:09:12 CET 2008 - kwolf@suse.de + +- Fix the build. Build system seems to be unhappy about having two + copies of the xenstore binary (this is not a proper fix in fact + as the build error says the two files are not identical - they + are hardlinks, so this seems unlikely to be the real cause). + + tmp_build.patch + +------------------------------------------------------------------- +Mon Nov 24 14:24:06 MST 2008 - jfehlig@novell.com + +- bnc#448364 - Fix cpu affinity on save/restore/migrate + +------------------------------------------------------------------- +Thu Nov 20 19:57:19 CET 2008 - kwolf@suse.de + +- bnc#444731 - Fix data corruption bug (caused by broken x86 + emulation for movnti instruction) + + xen-x86-emulate-movnti.patch + +------------------------------------------------------------------- +Wed Nov 19 20:14:54 CET 2008 - kwolf@suse.de + +- Report device model errors during the creation of snapshots + to xend instead of failing silently + +------------------------------------------------------------------- +Wed Nov 19 16:27:01 CET 2008 - kwolf@suse.de + +- bnc#445659 - ioemu: Workaround for VNC client initialization + race with xenfb changing the resolution (caused VNC connection + to be closed, vm-install recognized this as failed installation) + + ioemu-vnc-resize.patch + +------------------------------------------------------------------- +Tue Nov 18 08:11:34 MST 2008 - carnold@novell.com + +- bnc#444203 - With EPT mode4, HVM S3 causes Xen HV crash. + 18783-hvm-vcpu-reset-state-fix.patch + +------------------------------------------------------------------- +Mon Nov 17 09:14:12 MST 2008 - carnold@novell.com + +- bnc#444731 - Blackscreen instead of second stage during + installation + 18766-realmode-stack-size-fix.patch + +------------------------------------------------------------------- +Thu Nov 13 09:22:54 MST 2008 - carnold@novell.com + +- bnc#429739 - Network failure with bnx2 when booted to XEN + 18778-msi-irq-fix.patch + +------------------------------------------------------------------- +Wed Nov 12 19:07:11 CET 2008 - kwolf@suse.de + +- bnc#444197 - Add udev rule to fix domUloader race with + automounter (udev-rules.patch) + +------------------------------------------------------------------- +Sun Nov 9 23:54:34 CET 2008 - ro@suse.de + +- disable kmp to fix build again + +------------------------------------------------------------------- +Fri Nov 7 13:49:09 CET 2008 - kwolf@suse.de + +- Fix merge damage which prevented disks to be snapshotted when + not in disk-only snapshot mode + +------------------------------------------------------------------- +Wed Nov 5 17:22:30 CET 2008 - kwolf@suse.de + +- bnc#435195 - Fix error handling for blktap devices and ioemu; + check for images smaller than a sector and abort (causes hangs + of the complete blktap stack otherwise) + + ioemu-blktap-zero-size.patch + +------------------------------------------------------------------- +Mon Nov 3 10:30:49 MST 2008 - plc@novell.com + +- bnc#436572 - L3: vm serial port configuration and access is not + persistent across dom0 reboot + +------------------------------------------------------------------- +Wed Oct 29 11:50:45 MDT 2008 - carnold@novell.com + +- bnc#436926 - Xen hypervisor crash + +------------------------------------------------------------------- +Tue Oct 28 21:17:12 MDT 2008 - jfehlig@novell.com + +- bnc#438927 - Fix migration bug in xend + +------------------------------------------------------------------- +Tue Oct 28 18:19:52 CET 2008 - carnold@suse.de + +- disable KMP, does not build with current kernel + +------------------------------------------------------------------- +Fri Oct 24 13:01:41 MDT 2008 - jfehlig@novell.com + +- bnc#437756 - Fix default netdev device in network-route + +------------------------------------------------------------------- +Wed Oct 22 10:38:58 MDT 2008 - jfehlig@novell.com + +- bnc#434560 - Remove local patch that prevents creating PV vif + when "type=ioemu" is specified in guest vif config. This patch + is causing several problems with recent changes to xenstore + layout. + +------------------------------------------------------------------- +Wed Oct 22 09:10:45 MDT 2008 - jfehlig@novell.com + +- bnc#431758 - Added upstream changeset 18654 to prevent setting + vcpus > VCPUs_max on running domain. + +------------------------------------------------------------------- +Tue Oct 21 10:28:55 MDT 2008 - carnold@novell.com + +- Update to changeset 18455. + +------------------------------------------------------------------- +Fri Oct 17 08:52:44 CEST 2008 - olh@suse.de + +- add ExclusiveArch x86 x86_64 + +------------------------------------------------------------------- +Wed Oct 15 01:32:18 MDT 2008 - jfehlig@novell.com + +- bnc#433722 - Fix handling of default bridge in qemu-ifup. + +------------------------------------------------------------------- +Mon Oct 13 10:51:51 MDT 2008 - carnold@novell.com + +- bnc#431324 - Cannot boot from XEN kernel + +------------------------------------------------------------------- +Mon Oct 13 14:27:35 CEST 2008 - kwolf@suse.de + +- blktapctrl: Close connection to tapdisk-ioemu only if there are + no more attached disks + blktap-ioemu-close-fix.patch +- blktapctrl: If tapdisk-ioemu has been shut down and a new + instance is needed, fix saving the PID of the new instance + +------------------------------------------------------------------- +Thu Oct 2 16:23:15 MDT 2008 - jfehlig@novell.com + +- bnc#431737 - Fix use of deprecated python constructs in xend + +------------------------------------------------------------------- +Mon Sep 29 10:36:07 MDT 2008 - carnold@novell.com + +- Update to c/s 18430, remove our versions of upstream patches. +- fate#303867 - minimum HVM domain limits. Pulled upstream + patches for supporting up to 255 cpus. + +------------------------------------------------------------------- +Fri Sep 26 18:09:13 CEST 2008 - kwolf@suse.de + +- bnc#430222 - Fixed block-attach for tap:aio images + +------------------------------------------------------------------- +Thu Sep 25 13:30:33 CEST 2008 - kwolf@suse.de + +- bnc#429801 - Fixed xm start -c / --vncviewer + xm-start-fix.patch + +------------------------------------------------------------------- +Wed Sep 24 15:44:43 MDT 2008 - carnold@novell.com + +- bnc#382401 - xm man page missing information for commands. + +------------------------------------------------------------------- +Wed Sep 17 14:57:29 MDT 2008 - carnold@novell.com + +- Pulled some upstream patches for Intel and AMD microcode fixes. + +------------------------------------------------------------------- +Tue Sep 16 10:51:44 MDT 2008 - carnold@novell.com + +- Update to changeset 18412. Contains several bug fixes including + a crash fix in qemu-dm and also various memory leaks fixes. + +------------------------------------------------------------------- +Mon Sep 15 10:48:35 MDT 2008 - carnold@novell.com + +- Fix parameters in call to kill_proc_info (pv drivers). +- Add conditional for use of smp_call_function so the pv drivers + can be built on older kernel versions. + +------------------------------------------------------------------- +Thu Sep 11 12:42:05 MDT 2008 - brogers@novell.com + +- Added gdbserver-xen to the set of tools we build. + fate#302942 + +------------------------------------------------------------------- +Thu Sep 11 10:32:17 MDT 2008 - jfehlig@novell.com + +- Added ocfs2 to Should-Start in xendomains init script + +------------------------------------------------------------------- +Wed Sep 10 20:47:45 MDT 2008 - plc@novell.com + +- Added pv cdrom support to blktap + fate#300964 + +------------------------------------------------------------------- +Wed Sep 10 14:06:51 MDT 2008 - jfehlig@novell.com + +- Removed invocation of network-bridge script from xend-config.sxp. + Networks are now created through yast2-network package. +- Added sysconfig hook script for Xen to cope with ifup/ifdown + events on network devices (e.g. bridges) in use by virtual + machines. + fate#303386 + +------------------------------------------------------------------- +Mon Sep 8 08:53:25 MDT 2008 - carnold@novell.com + +- Updated to xen version 3.3.1 RC changeset 18390. + +------------------------------------------------------------------- +Wed Sep 3 21:07:56 CEST 2008 - kwolf@suse.de + +- Snapshots: Fix xend API functions for libvirt usage + +------------------------------------------------------------------- +Mon Sep 1 08:56:32 MDT 2008 - carnold@novell.com + +- Fix problems building KMPs against the 2.6.27 kernel. + +------------------------------------------------------------------- +Fri Aug 29 06:39:21 MDT 2008 - plc@novell.com + +- Added 'tap' to the type of devices for HalDaemon.py to + scan for change of xenstore attribute media-present. + +------------------------------------------------------------------- +Wed Aug 27 12:21:19 MDT 2008 - jfehlig@novell.com + +- Don't create pv vif device if emulated network device is + explicitly specified in guest config. + +------------------------------------------------------------------- +Fri Aug 22 08:37:49 MDT 2008 - carnold@novell.com + +- Updated to xen-unstable changeset 18358 Xen 3.3.0 FCS. + +------------------------------------------------------------------- +Wed Aug 20 13:59:45 MDT 2008 - carnold@novell.com + +- Updated to xen-unstable changeset 18353 RC7. + +------------------------------------------------------------------- +Wed Aug 20 15:08:19 CEST 2008 - kwolf@suse.de + +- Implementation of xm snapshot-delete + snapshot-ioemu-delete.patch, snapshot-xend.patch +- Add snapshot options to qemu-img-xen + qemu-img-snapshot.patch + +------------------------------------------------------------------- +Tue Aug 19 10:27:05 MDT 2008 - carnold@novell.com + +- Enable kboot and kexec patches. + +------------------------------------------------------------------- +Mon Aug 18 11:13:55 MDT 2008 - carnold@novell.com + +- Updated to xen-unstable changeset 18335 RC5. + +------------------------------------------------------------------- +Mon Aug 18 17:17:25 CEST 2008 - carnold@suse.de + +- Removed git dependency. Instead use a static version of + ioemu-remote. + +------------------------------------------------------------------- +Thu Aug 14 17:58:06 MDT 2008 - jfehlig@novell.com + +- Added patch to prevent starting same domU from multiple hosts. + Feature is disabled by default - see /etc/xen/xend-config.sxp. + fate#305062 + +------------------------------------------------------------------- +Mon Aug 11 16:42:18 MDT 2008 - jfehlig@novell.com + +- Added python-openssl to Requires list for xen-tools. This + package is required if SSL relocation is enabled by user. + +------------------------------------------------------------------- +Mon Aug 11 14:44:03 MDT 2008 - carnold@novell.com + +- Updated to xen-unstable changeset 18309. Pre 3.3.0-rc4. + +------------------------------------------------------------------- +Sat Aug 9 13:22:37 MDT 2008 - jfehlig@novell.com + +- Disabled xend-relocation-ssl-server for now. Certificates must + be created and feature needs testing. + +------------------------------------------------------------------- +Fri Aug 8 15:34:04 MDT 2008 - carnold@novell.com + +- Update to xen-unstable changeset 18269 post RC3. Reverse + version back to 3.3.0 from 4.0.0. + +------------------------------------------------------------------- +Wed Aug 6 10:30:51 MDT 2008 - carnold@novell.com + +- Updated to xen-unstable changeset 18242. Version changes from + 3.3.0 to 4.0.0 + +------------------------------------------------------------------- +Thu Aug 4 10:25:01 MDT 2008 - carnold@novell.com + +- Updated to xen-unstable changeset 18210. Post 3.3.0-rc2. + +------------------------------------------------------------------- +Tue Jul 8 16:39:42 MDT 2008 - carnold@novell.com + +- Updated to xen-unstable changeset 17990. + +------------------------------------------------------------------- +Tue Jul 8 15:09:51 MDT 2008 - kwolf@suse.de + +- ioemu: Write barriers for blktap devices + ioemu-blktap-barriers.patch + +------------------------------------------------------------------- +Thu Jul 3 13:28:35 MDT 2008 - kwolf@suse.de + +- blktapctrl defaults to using ioemu instead of tapdisk now + blktapctrl-default-to-ioemu.patch +- Now that ioemu is default, it can be called with image paths + starting e.g. with tap:qcow2. If the image format is specified, + it has to be respected and no guessing on the image file must + happen. + ioemu-blktap-image-format.patch +- qcow2: Read/Write multiple sectors at once if possible to + improve performance. + ioemu-qcow2-multiblock-aio.patch + +------------------------------------------------------------------- +Thu Jun 12 14:12:05 MDT 2008 - kwolf@novell.com + +- Add snapshot support to ioemu and blktapctrl + snapshot-ioemu-save.patch + snapshot-ioemu-restore.patch + +------------------------------------------------------------------- +Fri Jun 6 08:56:56 MDT 2008 - jfehlig@novell.com + +- bnc#397890 - Create and own /var/lib/xen/dump + +------------------------------------------------------------------- +Thu Jun 5 11:02:32 MDT 2008 - kwolf@novell.com + +- Fix tapdisk for qcow2 images > 2 GB + 1xxxx-qcow2-2gb-bug.patch + +------------------------------------------------------------------- +Thu Jun 5 10:34:29 MDT 2008 - jfehlig@novell.com + +- Updated to xen-unstable changeset 17772. + +------------------------------------------------------------------- +Tue May 27 13:29:22 MDT 2008 - plc@novell.com + +- bnc#381368 - boot qcow image fix. + +------------------------------------------------------------------- +Fri May 23 09:13:59 MDT 2008 - jfehlig@novell.com + +- bnc#378595 - Revert patch that disables use of ifup/ifdown. + ifup-bridge in sysconfig has been fixed so patch is no longer + needed. Calling ifdown on bridge now removes ports and deletes + bridge, so network-bridge no longer needs to do these tasks. + +------------------------------------------------------------------- +Fri May 16 15:29:26 MDT 2008 - carnold@novell.com + +- bnc#390985 - xm man page needs FIXME sections to be fixed + xen-fixme-doc.diff + +------------------------------------------------------------------- +Wed May 14 11:00:42 MDT 2008 - carnold@novell.com + +- bnc#375322 - L3:timer went backwards + x86-domain-shutdown-latency.patch + +------------------------------------------------------------------- +Sat May 10 12:56:24 MDT 2008 - plc@novell.com + +- bnc#388969 - Shift tab traversal does not work + xen-shift-key.patch +- bnc#384277 - PVFB security hole + xen-pvfb-security.patch +- bnc#385586 - VNC windows size too small + xen-vnc-resize.patch + +------------------------------------------------------------------- +Fri Apr 25 13:24:39 MDT 2008 - carnold@novell.com + +- bnc#383513 - Unknown unit 'K' in Xen's logrotate config file. + +------------------------------------------------------------------- +Tue Apr 25 08:23:37 MDT 2008 - carnold@novell.com + +- Update to Xen 3.2.1 FCS changeset 16881. + +------------------------------------------------------------------- +Fri Apr 11 08:38:21 MDT 2008 - carnold@novell.com + +- Update to Xen 3.2.1 RC5 changeset 16864. + +------------------------------------------------------------------- +Thu Apr 10 17:32:15 MDT 2008 - jfehlig@novell.com + +- bnc#378595 - Do not use ifup/ifdown in network-bridge for now. + +------------------------------------------------------------------- +Mon Mar 24 16:47:56 MDT 2008 - carnold@novell.com + +- bnc#373194 - The xen module and the kernel for Dom0 don't match. +- Add ncurses-devel build dependency + +------------------------------------------------------------------- +Mon Mar 24 10:56:35 MDT 2008 - carnold@novell.com + +- Update to Xen 3.2.1 RC1 changeset 16820. + +------------------------------------------------------------------- +Thu Mar 20 09:38:03 CET 2008 - coolo@suse.de + +- 3.1.0 is unfortunately not enough to obsolete 3.1.0_<something> + in rpm terms + +------------------------------------------------------------------- +Fri Mar 14 16:58:04 CET 2008 - carnold@novell.com + +- Update to Xen 3.2.1 changeset 16805. + +------------------------------------------------------------------- +Fri Mar 14 11:20:22 CET 2008 - coolo@suse.de + +- ipcalc does not exist - and breaks pattern + +------------------------------------------------------------------- +Wed Mar 12 12:28:34 MDT 2008 - jfehlig@novell.com + +- Increased dom0-min-mem value to 512Mb in xend-config.sxp + bnc#370007 + +------------------------------------------------------------------- +Mon Mar 10 16:38:47 MDT 2008 - jfehlig@novell.com + +- Fixed initialization of default VM config values when creating + VMs through Xen API. bnc#368273 + +------------------------------------------------------------------- +Mon Mar 10 14:11:52 MDT 2008 - jfehlig@novell.com + +- Removed unused/untested xend-relocation script. + +------------------------------------------------------------------- +Fri Mar 7 15:44:36 MST 2008 - jfehlig@novell.com + +- Set device model when creating pvfb consoles via XenAPI. + bnc#367851 + +------------------------------------------------------------------- +Fri Mar 7 09:28:58 MST 2008 - jfehlig@novell.com + +- Ensure dhcpcd is activated, if appropriate, on bridges created + by network-multinet. bnc#364633 + +------------------------------------------------------------------- +Fri Feb 29 09:58:06 MST 2008 - carnold@novell.com + +- bnc#357966 - VT-D dosen't work for HVM guest. + +------------------------------------------------------------------- +Fri Feb 29 08:35:11 MST 2008 - plc@novell.com + +- Send UNIT_ATTENTION when CD drive has newly inserted media and + becomes ready. bnc#365386 + +------------------------------------------------------------------- +Thu Feb 28 16:42:16 MST 2008 - jfehlig@novell.com + +- Updated block-iscsi script and xen-domUloader patch, bnc #365385 + +------------------------------------------------------------------- +Thu Feb 28 11:34:52 MST 2008 - carnold@novell.com + +- Add support for Intel EPT / VPID. + +------------------------------------------------------------------- +Tue Feb 26 14:12:17 MST 2008 - carnold@novell.com + +- bnc#362415 - SLE-based installs 32-bit fully-virtualized have + network problems during installs. +- bnc#358244 - Time remaining does not change properly for FV SLES10 + SP2 guest. +- bnc#363053 - Install remaining time always shows 2:00:00 + +------------------------------------------------------------------- +Tue Feb 26 10:37:11 MST 2008 - carnold@novell.com + +- bnc#359457 - Xen full virt has data integrity issue. + +------------------------------------------------------------------- +Tue Feb 26 08:34:17 MST 2008 - plc@novell.com + +- Tranlate colors from 32 bit to 16 bit when viewing a 32 bit PV + VM from a 16 bit client. bnc#351470 + Also includes upstream mouse queue patch. + +------------------------------------------------------------------- +Fri Feb 22 17:57:38 MST 2008 - jfehlig@novell.com + +- Added PAM configuration files for remote authentication via + Xen API. bnc #353464 + +------------------------------------------------------------------- +Tue Feb 19 13:22:32 MST 2008 - carnold@novell.com + +- Fix PV drivers for HVM guests. + +------------------------------------------------------------------- +Fri Feb 15 14:08:35 MST 2008 - carnold@novell.com + +- Support for pxe booting fully virtualized guests in vm-install is + complete. + +------------------------------------------------------------------- +Thu Feb 14 11:47:50 MST 2008 - carnold@novell.com + +- Added upstream changesets that fix various bugs. + 16859 16929 16930 16945 16947 16962 16976 16980 16995 16998 17036 + +------------------------------------------------------------------- +Wed Feb 13 17:42:17 MST 2008 - jfehlig@novell.com + +- Updated network-multinet + - Simplify bridge creation + - Create traditional bridge and hostonly networks by default + +------------------------------------------------------------------- +Fri Feb 8 11:01:49 MST 2008 - jfehlig@novell.com + +- Added upstream changesets 16932, 16965, 16977, and 16988 to fix + various bugs in tool stack +- Also added upstream changeset 16989 to complete fate #302941. + +------------------------------------------------------------------- +Mon Feb 4 14:01:56 MST 2008 - plc@novell.com + +- Replaced xen-blktab-subtype-strip.patch with official upstream + changeset for bnc#353065. + +------------------------------------------------------------------- +Fri Feb 1 16:11:59 MST 2008 - carnold@novell.com + +- Update to xen 3.2 FCS. Changeset 16718 +- Merge xen-tools and xen-tools-ioemu into xen-tools. + +------------------------------------------------------------------- +Wed Dec 19 16:16:36 MST 2007 - carnold@novell.com + +- Update to xen 3.2 RC2. Changeset 16646 + +------------------------------------------------------------------- +Thu Dec 13 15:37:09 MST 2007 - carnold@novell.com + +- Added agent support for HP Proliant hardware. + +------------------------------------------------------------------- +Wed Dec 5 13:04:17 MST 2007 - carnold@novell.com + +- #338108 - VUL-0: Xen security issues in SLE10 +- #279062 - Timer ISR/1: Time went backwards + +------------------------------------------------------------------- +Thu Nov 29 13:44:29 MST 2007 - carnold@novell.com + +- Added part of upstream c/s 15211. Fixed open call with O_CREAT + because it had no mode flags (15211-fix-open-mode.patch). + +------------------------------------------------------------------- +Mon Nov 5 09:38:14 MST 2007 - jfehlig@novell.com + +- Added upstream c/s 15434 to allow access to serial devices. + Bug #338486. + +------------------------------------------------------------------- +Thu Nov 1 13:17:46 MDT 2007 - carnold@novell.com + +- #334445: xenbaked: Fix security vulnerability CVE-2007-3919. + +------------------------------------------------------------------- +Thu Nov 1 11:30:35 MDT 2007 - carnold@novell.com + +- #310279: Kernel Panic while booting Xen + +------------------------------------------------------------------- +Tue Oct 2 17:05:28 MDT 2007 - ccoffing@novell.com + +- #286859: Fix booting from SAN + +------------------------------------------------------------------- +Thu Sep 13 11:26:33 MDT 2007 - ccoffing@novell.com + +- #310338: Fix "No such file or directory" in network-multinet + +------------------------------------------------------------------- +Wed Sep 12 18:04:33 MDT 2007 - jfehlig@novell.com + +- #309940: Fix 'xm reboot' +- Moved hvm_vnc.diff and xend_mem_leak.diff to 'Upstream patches' + section of spec file since both have been accepted upstream now. + +------------------------------------------------------------------- +Mon Sep 10 10:02:36 MDT 2007 - jfehlig@novell.com + +- #289283: Fix memory leak in xend + +------------------------------------------------------------------- +Fri Sep 7 14:17:11 MDT 2007 - jfehlig@novell.com + +- #297125: Expose 'type vnc' in vfb device sexp for HVM guests. + +------------------------------------------------------------------- +Thu Sep 6 14:42:19 MDT 2007 - ccoffing@novell.com + +- #302106: Update network-multinet + +------------------------------------------------------------------- +Wed Sep 5 09:12:31 MDT 2007 - carnold@novell.com + +- #307458: AMD-V CR8 intercept reduction for HVM windows 64b guests + +------------------------------------------------------------------- +Wed Aug 29 16:20:48 MDT 2007 - ccoffing@novell.com + +- Update block-iscsi to match changes to open-iscsi. + +------------------------------------------------------------------- +Mon Aug 27 16:49:48 MDT 2007 - carnold@novell.com + +- #289275 - domu will not reboot if pci= is passed in at boot time. + +------------------------------------------------------------------- +Fri Aug 24 11:30:49 MDT 2007 - carnold@novell.com + +- #297345: Added several upstream patches for hvm migration. + +------------------------------------------------------------------- +Fri Aug 17 18:28:34 MDT 2007 - jfehlig@novell.com + +- Added upstream c/s 15128, 15153, 15477, and 15716. These patches + provide foundation for bug #238986 +- Renamed xend_dev_destroy_cleanup.patch to reflect the upstream + c/s number and moved it to "upstream patches" section of spec + file. + +------------------------------------------------------------------- +Mon Aug 13 10:25:32 MDT 2007 - carnold@novell.com + +- hvm svm: Log into 'xm dmesg' that SVM NPT is enabled. + +------------------------------------------------------------------- +Fri Aug 10 16:43:31 MDT 2007 - ccoffing@novell.com + +- Honor RPM_OPT_FLAGS better + +------------------------------------------------------------------- +Thu Aug 9 10:29:08 MDT 2007 - ccoffing@novell.com + +- #298176: Do not enable NX if CPU/BIOS does not support it +- #289569: Modify network-bridge to handle vlan +- #297295: Fix bridge setup: stop using getcfg + +------------------------------------------------------------------- +Tue Aug 7 08:47:11 CEST 2007 - olh@suse.de + +- remove inclusion of linux/compiler.h and linux/string.h + remove ExclusiveArch and fix prep section for quilt setup *.spec + +------------------------------------------------------------------- +Thu Aug 2 13:10:36 MDT 2007 - jfehlig@novell.com + +- Added patch to fix/cleanup destoryDevice code path in xend. + Patch was submitted upstream. Aids in fixing several bugs, e.g. + #217211 and #242953. + +------------------------------------------------------------------- +Tue Jul 31 13:12:40 MDT 2007 - ccoffing@novell.com + +- Update Ron Terry's network-multi script +- Fix insserv + +------------------------------------------------------------------- +Tue Jul 31 11:41:13 MDT 2007 - jfehlig@novell.com + +- Added following upstream patches: + + 15642 - Fixes bug 289421 found in SLES10 SP1 but applies to + Xen 3.1.0 as well. + + 15649, 15650, 15651 - Fixes/enhancements to Xen API required + by Xen CIM providers + +------------------------------------------------------------------- +Fri Jul 27 10:50:58 MDT 2007 - ccoffing@novell.com + +- #242953: Allow HVM to use blktap +- #239173: block-attach as RW for domUloader to avoid failures with + reiserfs (since blktap does not yet correctly communicate RO to + the kernel) + +------------------------------------------------------------------- +Mon Jul 23 12:57:45 MDT 2007 - ccoffing@novell.com + +- Drop xen-bootloader-dryrun.diff; not needed for xen 3.1 +- rpmlint: Actually apply patch for #280637 +- rpmlint: Rename logrotate config from xend to xen +- Don't package xenperf twice +- xen-detect is a domU tool + +------------------------------------------------------------------- +Mon Jul 23 12:06:55 MDT 2007 - jfehlig@novell.com + +- Added upstream patches that fix various bugs + + 15168 fixes check for duplicate domains + + 15587 resets domain ID and fixes problems with domain state + via Xen API + + 15609 stores memory values changed via Xen API + +------------------------------------------------------------------- +Thu Jul 19 13:41:15 MDT 2007 - ccoffing@novell.com + +- BuildRequires LibVNCServer-devel +- Rotate all logs. +- Fix network data corruption on Win2003 with rtl8139. (#254646) +- Xen fails to create VM due to "out of memory" errors. (#280637) + +------------------------------------------------------------------- +Tue Jul 17 08:23:18 MDT 2007 - plc@novell.com + +- Added CDROM removable media patch from 3.0.4 + +------------------------------------------------------------------- +Fri Jul 6 14:34:20 MDT 2007 - ccoffing@novell.com + +- xensource bug #858: Disable strict aliasing for xenstore, to + avoid domU hangs. + +------------------------------------------------------------------- +Tue Jul 3 15:15:28 MDT 2007 - ccoffing@novell.com + +- #285929: Bad "xendomains status" output w/ empty XENDOMAINS_SAVE + +------------------------------------------------------------------- +Tue Jul 3 13:39:35 MDT 2007 - carnold@novell.com + +- Changes necessary to support EDD and EDID from Jan. + +------------------------------------------------------------------- +Wed Jun 20 17:48:18 MDT 2007 - jfehlig@novell.com + +- Added upstream changesets 15273, 15274, and 15275. +- Removed the modified 15157 patch. This patch was actually a + consolidation of changesets 15157 and 15250. These changesets + are now discrete patches to ease subsequent updates of Xen. + +------------------------------------------------------------------- +Wed Jun 20 15:41:21 MDT 2007 - ccoffing@novell.com + +- Split vm-install off as a separate package. +- Update man page. +- Update Ron Terry's network-multi script. + +------------------------------------------------------------------- +Mon Jun 18 14:23:38 MDT 2007 - ccoffing@novell.com + +- Fix compiler warnings. +- Update block-npiv. + +------------------------------------------------------------------- +Mon Jun 11 10:11:00 MDT 2007 - ccoffing@novell.com + +- Fix more warn_unused_value compiler warnings. + +------------------------------------------------------------------- +Fri Jun 8 12:11:42 MDT 2007 - ccoffing@novell.com + +- Update to official rc10 (changeset 15042). +- Updated vm-install: + + easier to exit with Ctrl-C + + drop "TERM=xterm" for Linux (breaks PVFB text install) + + use "TERM=vt100" when calling "xm" to suppress terminal codes + + command-line support for VNC password + + fixed disk groups (e.g., 2 disks on command line w/o PDEV) + + fixed regression: Don't let user close progress window + + failure to open a device should not completely fail search for + bootsector (consider: no media in /dev/cdrom) + + always remove PV kernel and initrd from /tmp + + #279153: Support disks on iscsi/qcow/vmdk/nbd/file/phy/... + +------------------------------------------------------------------- +Fri Jun 8 11:33:41 MDT 2007 - jfehlig@novell.com + +- Added a modified version of upstream c/s 15157. Original version + of c/s 15157 fixed bug #262805 but also broke + 'xm block-detach dom dev_name'. Modified version fixes bug 262805 + without introducing regression. Patch fixing c/s 15157 has been + submitted upstream. + +------------------------------------------------------------------- +Wed May 23 16:36:54 MDT 2007 - ccoffing@novell.com + +- Drop xen-messages.diff; Xen now supports HVM save/restore. + +------------------------------------------------------------------- +Tue May 22 09:52:50 MDT 2007 - ccoffing@novell.com + +- Update Ron Terry's network-multi script. +- Drop xen-doc-ps. (#267948) +- Update init scripts. +- Tidy spec file to fix rpmlint errors. +- Updated patches from Jan. + +------------------------------------------------------------------- +Mon May 21 10:41:41 MDT 2007 - ccoffing@novell.com + +- vm-install bug fixes: + + #211342: better progress bar + + #259994: disk size would reset when editing path + + #247073: handle autoyast URLs + + #254311: physical disks were showing as 0.0 GB + +------------------------------------------------------------------- +Wed May 16 16:05:22 MDT 2007 - ccoffing@novell.com + +- Properly quote pathnames in domUloader to fix EVMS. (#274484) +- Allow user to specify a default 'keymap' in xend's configuration + file. (#258818 and 241149) + +------------------------------------------------------------------- +Mon May 14 12:46:35 MDT 2007 - plc@novell.com + +- Added upstream python patches for keymap specification in + PV config file. Added upstream ALTGR fix, sign extension fix + and modified patch 323 so that upstream patches applied cleanly. + (#258818) + +------------------------------------------------------------------- +Fri May 11 12:29:27 MDT 2007 - ccoffing@novell.com + +- Update to xen-3.1-testing rc10 (changeset 15040). +- Update .desktop with proper group. (#258600) +- Include Kurt's updated block-iscsi. (#251368) +- Jim's updated patch to honor localtime setting. (#273430) +- Fix vm-install to work correctly when doing multiple simultaneous + installs via virt-manager. (#259917) +- Network connectivity fails in FV SLES 10 SP1; MAC address was + being read incorrectly from xenstore by PV driver. (#272351) +- For FV SLES 9, default apic=1 to allow x86_64 SLES 9 to boot. + (#264183) + +------------------------------------------------------------------- +Fri May 4 08:41:38 MDT 2007 - carnold@novell.com + +- Added security fixes for problems found Travis Orandy (#270621) + CVE-2007-1320, CVE-2007-1321, CVE-2007-1322, CVE-2007-1323, + CVE-2007-1366 + +------------------------------------------------------------------- +Thu May 3 15:35:19 MDT 2007 - ccoffing@novell.com + +- Update to xen-3.1-testing rc7 (changeset 15020). +- Fix identification of virt-manager windows. (#264162) + +------------------------------------------------------------------- +Tue May 1 17:43:33 MDT 2007 - jfehlig@novell.com + +- Integrated domUloader with 3.0.5. Updated xen-domUloader.diff. + +------------------------------------------------------------------- +Mon Apr 30 10:44:41 MDT 2007 - ccoffing@novell.com + +- Update to xen-3.0.5-testing rc4 (changeset 14993). + +------------------------------------------------------------------- +Thu Apr 26 13:20:36 MDT 2007 - jfehlig@novell.com + +- Fixed autobuild error in function that returns random data. + File tools/ioemu/hw/piix4acpi.c line 72. Fix added to + xen-warnings.diff. + +------------------------------------------------------------------- +Thu Apr 26 11:59:04 MDT 2007 - ccoffing@novell.com + +- Fix build on SLES 10 SP1. + +------------------------------------------------------------------- +Wed Apr 25 13:41:20 MDT 2007 - ccoffing@novell.com + +- Update to xen-3.0.5-testing rc3 (changeset 14934). +- Switch BuildRequires to texlive. + +------------------------------------------------------------------- +Fri Apr 20 11:43:06 MDT 2007 - ccoffing@novell.com + +- Updated README. (#250705) +- Fix vm-install's detection of PV RHEL4/5 kernels. (#260983) + +------------------------------------------------------------------- +Thu Apr 19 16:00:12 MDT 2007 - ccoffing@novell.com + +- Place xenstore-* tools in new xen-tools-domU package, to be used + by suse_register. (#249157) + +------------------------------------------------------------------- +Tue Apr 17 08:20:47 MDT 2007 - ccoffing@novell.com + +- Update translations. + +------------------------------------------------------------------- +Thu Apr 12 14:23:15 MDT 2007 - ccoffing@novell.com + +- Combine two xenstore reads into one transaction, which causes + xenstored to not thrash so badly, and makes virt-manager more + responsive and less likely to time out or lock up. Partial fix + for #237406. +- If disk is read-only, pass -r to losetup. (#264158) + +------------------------------------------------------------------- +Thu Apr 5 17:45:45 MDT 2007 - ccoffing@novell.com + +- Update vm-install: + + #260510: do not delete xml settings file + + #260579: write correct vif line for PV NIC in FV VM + + #261288: re-enable add disk buttons after deleting a disk + + #192272, #222765, #250618: Update OS list and their defaults + +------------------------------------------------------------------- +Tue Apr 3 17:07:37 MDT 2007 - ccoffing@novell.com + +- Could not do simultaneous installs via virt-manager. (#259917) + +------------------------------------------------------------------- +Mon Apr 2 17:48:43 MDT 2007 - jfehlig@novell.com + +- Fix improper handling of guest kernel arguments in domUloader. + Bug #259810 + +------------------------------------------------------------------- +Mon Apr 2 17:02:11 MDT 2007 - ccoffing@novell.com + +- Update vm-install: + + #259420: refresh available memory more often + + #259972: cannot enter autoyast url + +------------------------------------------------------------------- +Mon Apr 2 08:46:03 MDT 2007 - ccoffing@novell.com + +- Update translations for RC2. + +------------------------------------------------------------------- +Fri Mar 30 12:54:45 MDT 2007 - ccoffing@novell.com + +- Fix "cannot allocate memory" when starting VMs. (#229849, 258743) + +------------------------------------------------------------------- +Thu Mar 29 10:16:54 MDT 2007 - ccoffing@novell.com + +- Fix quoting of args for child processes during VM install. + (#258376) +- Fix retry logic in block hotplug script. (#257925) + +------------------------------------------------------------------- +Wed Mar 28 11:31:48 MDT 2007 - ccoffing@novell.com + +- Updated vm-install's icon name. +- Updated translations. + +------------------------------------------------------------------- +Fri Mar 23 11:25:01 MDT 2007 - ccoffing@novell.com + +- Disable aspects of qemu's console that can affect domain 0. + (#256135) +- Fix xmclone.sh to work with managed domains. (#253988) +- Update to xen-unstable changeset 14535. + +------------------------------------------------------------------- +Mon Mar 19 09:46:21 MDT 2007 - ccoffing@novell.com + +- Update to xen-unstable changeset 14444. +- Include Ron Terry's network-multi_bridge + +------------------------------------------------------------------- +Fri Mar 9 18:45:33 MST 2007 - jfehlig@novell.com + +- Added lame patch to handle showing suspended state via Xen API. + The patch only affects Xen API and is thus low risk. + Bug #237859 + +------------------------------------------------------------------- +Fri Mar 9 17:00:20 MST 2007 - carnold@novell.com + +- Added AMD support for Vista 64 installation and boot. + +------------------------------------------------------------------- +Fri Mar 9 12:24:12 MST 2007 - ccoffing@novell.com + +- Make vm-install support NFS for SUSE (#241251). + +------------------------------------------------------------------- +Fri Mar 9 10:07:05 MST 2007 - jfehlig@novell.com + +- Fixed bug #250522 + + Upstream c/s 13557 stores model attribute of vif in xenstore. + +------------------------------------------------------------------- +Thu Mar 8 12:35:18 MST 2007 - ccoffing@novell.com + +- Update vm-install: + + Better description on "Virtual Disk" drop-down (not "xvda") + + Proper separation of recording options versus calculating + defaults; fixes corner cases + + #247849, #253013, 253009: Multiple fixes related to how disks + are defined, centered around bug #247849 (handle partitioned + PV installation disk) + + #252437: Allow virtual CDROM to be added (via ISO) even if + physical CDROM doesn't exist + +------------------------------------------------------------------- +Wed Mar 7 19:43:55 MST 2007 - jfehlig@novell.com + +- Fixed bug #252396 + + Added upstream c/s 14021. Applies to Xen API c-bindings - + low risk. + + Added local patch to correctly set Xen API Console.protocol + property + +------------------------------------------------------------------- +Wed Mar 7 14:28:41 MST 2007 - jfehlig@novell.com + +- Added upstream patch that fixes save/restore on 32pae guests. + Upstream c/s 14150. Bug #237859 + +------------------------------------------------------------------- +Tue Mar 6 15:48:13 MST 2007 - carnold@novell.com + +- Remove a debug message which is spamming the logs during live + migration. + +------------------------------------------------------------------- +Mon Mar 5 17:51:17 MST 2007 - jfehlig@novell.com + +- Fixed handling of vbd type in Xen API <-> sexpr integration. + Bug #250351 + + Updated an existing patch (xend_disk_decorate_rm.patch) and + then renamed patch to xend_vbd_type.patch to better reflect + purpose of patch. + +------------------------------------------------------------------- +Mon Mar 5 09:38:36 MST 2007 - ccoffing@novell.com + +- Default apic=0 for SLES 8 and 9, for performance. (#228133) + +------------------------------------------------------------------- +Fri Mar 2 16:58:06 MST 2007 - carnold@novell.com + +- Xen kernel crashes at domain creation time. Bug #248183. + Fix mouse for win2k hvm guest. + +------------------------------------------------------------------- +Fri Mar 2 13:15:33 MST 2007 - jfehlig@novell.com + +- Incorrect values returned for actions_after_* in Xen API. Added + patch xend-actions-after.patch for fix. Patch submitted upstream + as well. Bug #250870. + +------------------------------------------------------------------- +Fri Mar 2 12:08:55 MST 2007 - ccoffing@novell.com + +- Update vm-install: + + Fixed possible "tree path exception" when editing disk + + Fixed failure to properly refresh fields when editing disk + + #248356: allow specifying bridge + +------------------------------------------------------------------- +Fri Mar 2 10:23:38 MST 2007 - jfehlig@novell.com + +- Add check for HVM domain in domain_save. The check is + performed in domain_suspend and should be included here as well. + +------------------------------------------------------------------- +Thu Mar 1 18:13:20 MST 2007 - ccoffing@novell.com + +- Update vm-install: + + #250201: for linux PVFB, pass xencons=tty if graphics=none + + #250016: honor non-sparse flag + +------------------------------------------------------------------- +Thu Mar 1 17:25:44 MST 2007 - jfehlig@novell.com + +- Fix exception caused by incorrect method name in xen-messages.diff. + This is one of perhaps several problems with save/restore, + bug #237859 + +------------------------------------------------------------------- +Thu Mar 1 15:43:00 MST 2007 - dpmerrill@novell.com + +- Add xen-ioemu-hvm-pv-support.diff + This patch allows for shutting down the IDE drive. + +------------------------------------------------------------------- +Thu Mar 1 11:27:00 MST 2007 - jfehlig@novell.com + +- Fix bug #243667 + + Updated domUloader to accept '--args' parameter. The args + provided as an option to --args are simply added to the sexpr + returned by domUloader. pygrub has similar behavior. + +------------------------------------------------------------------- +Wed Feb 28 18:16:53 MST 2007 - ccoffing@novell.com + +- Update vm-install: + + #249013, #228113: default to realtek instead of pcnet + + #249124: write os-type to config files + + Updated translations + + Setting os_type should implicitly set full_virt; fixes NIC + model exceptions + + Add "Add" button to Operating System Installation page, based + on usability feedback + +------------------------------------------------------------------- +Wed Feb 28 15:55:15 MST 2007 - jfehlig@novell.com + +- Added changeset 13786 and 14022 from xen-unstable. These + changesets affect the Xen API C bindings only and are low risk. + This is a continuation of support for FATE feature 110320. ECO + has been approved for late arrival of this feature. + +------------------------------------------------------------------- +Mon Feb 26 10:39:06 MST 2007 - ccoffing@novell.com + +- Update vm-install: + + #244772: display error message in GUI if xen isn't running + + #246049: better error message when OS==SUSE but ISO looks wrong + + Fix printing of jobid when run with --background + +------------------------------------------------------------------- +Wed Feb 21 15:54:51 MST 2007 - ccoffing@novell.com + +- Don't allow "xm create" of running VM. (#245253) +- Update vm-install: + + Fix inability to use already-extracted SUSE kernel/initrds + + Fix accumulation of 0-byte tmp files + + #237063: close fds before running vncviewer + + default apic=0 for Windows, due to performance + +------------------------------------------------------------------- +Tue Feb 20 13:53:22 MST 2007 - carnold@novell.com + +- Domain0 reboots after 2-6 hours of running guests. (#246160) + +------------------------------------------------------------------- +Tue Feb 20 12:49:36 MST 2007 - ccoffing@novell.com + +- Fix typo in xendomains. (#246107) +- Fix order in which vm-install processes command-line arguments. + +------------------------------------------------------------------- +Fri Feb 16 18:07:09 MST 2007 - jfehlig@novell.com + +- Added changeset 13775 from xen-unstable. This patch fixes + the last known issue with the Xen API patchset backported + from xen-unstable. + +------------------------------------------------------------------- +Fri Feb 16 11:31:15 MST 2007 - jfehlig@novell.com + +- Added c/s 13226 from xen-unstable. It affects Xen API only. +- Added patch to remove ':disk' and 'tap:qcow' from stored domain + config. Fixes bug #237414 and helps with bug #242953. + +------------------------------------------------------------------- +Thu Feb 15 19:03:13 MST 2007 - jfehlig@novell.com + +- Backported Xen API functionality from xen-unstable to support + hosting CIM providers. This functionality is required for + FATE feature 110320. ECO has been approved. + + Includes 19 changesets from xen-unstable. Most are + specific to Xen API. + + Includes 1 patch that relaxes parsing of xml response + in Xen API c-bindings. + +------------------------------------------------------------------- +Thu Feb 15 12:52:24 MST 2007 - carnold@novell.com + +- Added x86-nmi-inject.patch for NW debuging. (#245942) + +------------------------------------------------------------------- +Thu Feb 15 10:09:41 MST 2007 - carnold@novell.com + +- kernel panic in DomU while installing 32bit DomU on 64bit + Dom0. (#244055) Patches 13630-domctl.patch, + 13903-domctl.patch and 13908-domctl.patch +- Updated patch pae-guest-linear-pgtable.patch + +------------------------------------------------------------------- +Mon Feb 12 17:00:58 MST 2007 - ccoffing@novell.com + +- Load xenblk at dom0 start to support bootstrapping from + non-loopback devices. (#242963, #186696) +- Update vm-install: + + Update translations + + Clean up exception error codes and sync man pages + + Honor ordering of arguments (as claimed in man page) + + #240984: properly detach vncviewer + + #240387: default to absolute coordinate mouse for Windows +- Drop logging patch. (#245150) + +------------------------------------------------------------------- +Mon Feb 12 01:50:34 CET 2007 - ro@suse.de + +- remove -fstack-protector from RPM_OPT_FLAGS for now + +------------------------------------------------------------------- +Thu Feb 8 16:54:59 MST 2007 - ccoffing@novell.com + +- Update vm-install: + + Allow specifing disk (and disk size) vs. cdrom from CLI + + Add missing -M/--max-memory parameter to CLI to match GUI + + #241528: Display error if user selects FV OS but hw lacks VT + + Move all consistency checks out of Options class, since CLI + options may be processed in a "bad" order + + Fix infinite loops when info is missing from background jobs + + --background implies --no-auto-console + + Don't let user close progress window + + Fix bug in qemu slowness work-around, reported by Jan Albrecht + + Do disk.validate() when clicking "OK" on disks page + + #238959: Probe for removable media via /sys/block + + Output VNC info for backgrounded job + + Fix method of waiting for VM to exit when --no-autoconsole + + #239582: Use extracted kernel-xen/initrd-xen if present + +------------------------------------------------------------------- +Tue Feb 6 12:02:47 MST 2007 - ro@suse.de + +- disable commented out buildreq for kernel for the moment + to workaround endless rebuild + +------------------------------------------------------------------- +Tue Feb 6 10:30:33 MST 2007 - ccoffing@novell.com + +- xm-test should clean up xenstore better (#180138) + +------------------------------------------------------------------- +Thu Feb 1 12:07:59 MST 2007 - ccoffing@novell.com + +- Implement better job support for CIM (#241197) +- Temporary fix to allow PV VMs to reboot (#237414) +- Delete PYTHONOPTIMIZE for good; callers don't set it. + +------------------------------------------------------------------- +Wed Jan 31 08:51:05 MST 2007 - ccoffing@novell.com + +- Update xen-3.0.4 (changeset 13138); includes migration bugfix. + +------------------------------------------------------------------- +Tue Jan 30 07:43:09 MST 2007 - ccoffing@novell.com + +- Enable building KMP. +- Fix xendomains to work with managed domains. (#238781) + +------------------------------------------------------------------- +Thu Jan 25 09:16:10 MST 2007 - ccoffing@novell.com + +- Various bug fixes of 32on64, from Jan and Keir. +- Gerd's fix for domain builder with > 4 GB RAM (#233761) +- Update xen-vm-install: + #234331, #239007: CD/DVDs should always be marked read-only + #238458: Work-around qemu slowness bug + #239196: Support SLED + #239275: Fix .desktop file + #240064: Clean up VMs better after failed install + +------------------------------------------------------------------- +Tue Jan 23 09:11:29 MST 2007 - ccoffing@novell.com + +- Update xen-vm-install: + #237370: Can now install 32pae SLES 10 on x86_64 hypervisor + #237396: Be able to use an existing disk, bypass OS installation + Fix handling of user's extra_args +- Patch from Jan to enable building PV drivers KMP for FV SUSE. + Currently conditionalized. +- Drop unused patches xen-io-register-context.diff and + xen-console.diff + +------------------------------------------------------------------- +Sat Jan 20 09:44:00 MST 2007 - brogers@novell.com + +- Fix handling of localtime config file parameter for PV guests + (#234376) + +------------------------------------------------------------------- +Fri Jan 19 14:40:01 MST 2007 - ccoffing@novell.com + +- Update xen-vm-install (NIC UI work; do not require tcp port bz + #236517; integrate with virt-manager) + +------------------------------------------------------------------- +Wed Jan 17 14:14:17 MST 2007 - ccoffing@novell.com + +- Update xen-vm-install (more disk UI work; support NetWare + response files and licenses) + +------------------------------------------------------------------- +Tue Jan 16 16:36:14 MST 2007 - ccoffing@novell.com + +- Major fixes to xen-vm-install (adding disks in the UI now works, + and fixed several CLI exceptions) +- Microcode does not need to be exactly 2048 bytes (changeset + 13079; Kurt) + +------------------------------------------------------------------- +Fri Jan 12 17:09:56 MST 2007 - ccoffing@novell.com + +- Include script to clone SLES 10 domU, from coolsolutions (fate + #301742) +- Updated patches from Gerd and Jan, including PAE > 4 gig fix, + updated VGA console patch. +- Updated xen-vm-install with finalized strings and desktop file. + +------------------------------------------------------------------- +Thu Jan 11 08:40:18 MST 2007 - ccoffing@novell.com + +- Include xen-unstable patches for HVM save/restore and 32-on-64 + HVM. +- Update to xen-3.0.4-1 (changeset 13132). + +------------------------------------------------------------------- +Wed Jan 10 16:27:50 MST 2007 - ccoffing@novell.com + +- Update xen-vm-install and domUloader to support NetWare. +- Include AMD's nested page table patches. + +------------------------------------------------------------------- +Mon Jan 8 09:36:40 MST 2007 - ccoffing@novell.com + +- Update to xen-3.0.4 (changeset 13129). +- Fix from upstream for mis-emulation of x86-64 pop. + +------------------------------------------------------------------- +Fri Jan 5 10:58:48 MST 2007 - carnold@novell.com + +- Many patches from Jan Beulich and Gerd Hoffmann in support of + 32 on 64 pv guests. These patches apply to both the hypervisor + and the tools. + +------------------------------------------------------------------- +Fri Dec 22 10:40:06 MST 2006 - ccoffing@novell.com + +- Do not require authentication on XenAPI socket, since CIMOM does + not support authentication. Socket is only accessible to root. + +------------------------------------------------------------------- +Wed Dec 20 09:07:41 MST 2006 - ccoffing@novell.com + +- Update to xen-3.0.4 (changeset 13100). +- Update xen-vm-install tools. +- Include Jim's 2 xen-tools patches for CIM provider issues. + +------------------------------------------------------------------- +Mon Dec 18 14:59:01 MST 2006 - ccoffing@novell.com + +- Update to xen-3.0.4-rc3 (changeset 13087). +- Fix line terminators in block-iscsi (#228864) +- Make domUloader work with blktap support in xend. + +------------------------------------------------------------------- +Fri Dec 15 10:22:29 MST 2006 - ccoffing@novell.com + +- Update to xen-3.0.4-rc2 (changeset 13067). + +------------------------------------------------------------------- +Thu Dec 14 14:54:19 MST 2006 - ccoffing@novell.com + +- Update to xen-3.0.4-rc1 (changeset 12901). + +------------------------------------------------------------------- +Wed Dec 13 12:53:00 MST 2006 - brogers@novell.com + +- Patch for loading bimodal PAE kernel to suuport NetWare + +------------------------------------------------------------------- +Thu Dec 7 10:33:58 MST 2006 - ccoffing@novell.com + +- Update to xen-unstable (changeset 12757). +- Enable LIBXENAPI_BINDINGS and XENFB_TOOLS. +- Enable unix domain socket for xend; needed by tools. + +------------------------------------------------------------------- +Tue Dec 5 15:12:12 MST 2006 - ccoffing@novell.com + +- Update to xen-unstable (changeset 12734; feature freeze for + 3.0.4) +- Make /etc/xen mode 0700 to protect vnc passwords. + +------------------------------------------------------------------- +Mon Nov 27 18:07:41 MST 2006 - ccoffing@novell.com + +- Fix how bootloader is called by the xend during restarts. + (#223850) + +------------------------------------------------------------------- +Wed Nov 22 11:26:06 MST 2006 - ccoffing@novell.com + +- Series of patches from Jan to address selectors with non-zero- + bases and other related issues in HVM. (#214568) +- Default pae=1, otherwise 64 bit HVM does not work at all. + (#217160) + +------------------------------------------------------------------- +Fri Nov 17 11:30:16 MST 2006 - ccoffing@novell.com + +- Backport several HVM fixes. (#176171?) + +------------------------------------------------------------------- +Thu Nov 16 13:16:09 MST 2006 - ccoffing@novell.com + +- Fix some problems in the xen-hvm-default-bridge patch. (#219092) +- xmlrpc isn't 64-bit clean, causing xend to get exceptions when + PFN is > 2 GB. (#220418) + +------------------------------------------------------------------- +Mon Nov 13 20:40:09 MST 2006 - kallan@novell.com + +- Backport changesets 11847, 11888, 1189[6-9], 119[00-18], 11974, + 1203[0-2], and 12205 from xen-unstable so that the PV drivers + can compile on older kernels such as sles9 and rhel4 +- Fix netfront.c to fail the probe if it is called for an ioemu + type device. This allows both PV and FV drivers to exist at + same time in the FV guest. + +------------------------------------------------------------------- +Thu Nov 9 10:10:09 MST 2006 - ccoffing@novell.com + +- Add xen-vm-install. +- Default bridge correctly for HVM guests. (#219092) + +------------------------------------------------------------------- +Wed Nov 8 11:26:02 CET 2006 - aj@suse.de + +- Set correct permissions on man files. + +------------------------------------------------------------------- +Tue Nov 7 08:43:01 MST 2006 - ccoffing@novell.com + +- Update name of blktap.ko in xend init script. (#215384) +- Remove some extraneous bad chars in xm manpage. (#218440) +- Update logrotate.conf. +- Update spec file. + +------------------------------------------------------------------- +Wed Nov 01 11:16:05 MST 2006 - kallan@novell.com + +- Backport xen-unstable changesets 12040 to address spurious + interrupts with PV drivers in HVM guests. + +------------------------------------------------------------------- +Tue Oct 31 13:56:04 MST 2006 - ccoffing@novell.com + +- Backport xen-unstable changesets 1184[1-3] to address SVM + interrupt injection issues. Replaces earlier (broken) patches. + +------------------------------------------------------------------- +Mon Oct 30 15:19:02 MST 2006 - ccoffing@novell.com + +- /var/lib/xen/images should not be world readable. (#214638) +- Update to xen-3.0.3-0 (changeset 11774; no code changes). + +------------------------------------------------------------------- +Mon Oct 16 12:58:46 MDT 2006 - ccoffing@novell.com + +- Update to xen-3.0.3-testing changeset 11772 (rc5). +- Fix several possible type errors when running domUloader. +- Remove pygrub. Was broken on reiserfs and never had ext2 + support, so it is useless. (#173384) +- First attempt at moving domUloader to blktap. Still disabled + due to block-detach failing. + +------------------------------------------------------------------- +Fri Oct 13 10:29:18 MDT 2006 - ccoffing@novell.com + +- Update to xen-3.0.3-testing changeset 11760 (rc4). + +------------------------------------------------------------------- +Tue Oct 10 10:42:51 MDT 2006 - ccoffing@novell.com + +- Update to xen-3.0.3-testing changeset 11740 (rc3). +- Fix crash on PAE when specifying dom0_mem=4096M. (#211399) +- Make xend.balloon aware of kernel's memory floor, to fix + "Privileged domain did not balloon" errors. (#184727) + +------------------------------------------------------------------- +Mon Oct 9 09:20:46 MDT 2006 - ccoffing@novell.com + +- Include AMD's interrupt injection fix. + +------------------------------------------------------------------- +Wed Oct 4 13:00:09 MDT 2006 - ccoffing@novell.com + +- Imported keymap patch. (#203758) +- Account for minimum memory required by dom0 kernel. (#184727) +- Package /usr/include/xen/hvm/*.h + +------------------------------------------------------------------- +Tue Oct 3 11:51:34 MDT 2006 - ccoffing@novell.com + +- Update to xen-3.0.3-testing changeset 11686. + +------------------------------------------------------------------- +Tue Oct 3 10:36 MDT 2006 - kallan@novell.com + +- Updated README.SuSE to reflect the current method of handling + Xen network-bridging when using SuSEfirewall2. (#205092) + +------------------------------------------------------------------- +Sat Sep 30 10:21:42 CEST 2006 - aj@suse.de + +- Cleanup BuildRequires. + +------------------------------------------------------------------- +Thu Sep 28 11:18:17 MDT 2006 - ccoffing@novell.com + +- Only "eval" disks once in domUloader, to match current Xen. + +------------------------------------------------------------------- +Wed Sep 27 10:47:16 MDT 2006 - ccoffing@novell.com + +- Switch to xen-3.0.3-testing tree; changeset 11633. +- Update (but disable) paravirtualized framebuffer patches. + +------------------------------------------------------------------- +Tue Sep 26 09:07:41 MDT 2006 - ccoffing@novell.com + +- Update to xen-unstable changeset 11623. +- Fix domUloader typo introduced in last update. +- Build debug version of xen-pae. + +------------------------------------------------------------------- +Mon Sep 25 10:11:31 MDT 2006 - ccoffing@novell.com + +- Update to xen-unstable changeset 11616. + +------------------------------------------------------------------- +Tue Sep 12 16:14:51 MDT 2006 - ccoffing@novell.com + +- Update check_python script to identify Python 2.5 RCs as valid. + +------------------------------------------------------------------- +Mon Sep 11 12:04:23 MDT 2006 - ccoffing@novell.com + +- Update to xen-unstable changeset 11440. +- xen-tools conflicts with qemu. Do not package qemu.1 manpage. + (#204758) +- Include Jan's updated patch for #192150 (to preserve register + context when doing IO). + +------------------------------------------------------------------- +Tue Sep 5 15:27:57 MDT 2006 - ccoffing@novell.com + +- Update block-nbd and xmexample.nbd, and add block-iscsi and + xmexample.iscsi (from Kurt). + +------------------------------------------------------------------- +Thu Aug 31 09:45:11 MDT 2006 - ccoffing@novell.com + +- Automatically create/destroy virtual frame buffer viewer. Add + "sdl=1" to config file of a paravirtualized VM to get the viewer. +- Log files have moved to /var/log/xen. + +------------------------------------------------------------------- +Tue Aug 29 15:34:38 MDT 2006 - ccoffing@novell.com + +- xendomains does not actually save domains. (#201349) +- Update to xen-unstable changeset 11299. + +------------------------------------------------------------------- +Tue Aug 29 01:04:22 CEST 2006 - ccoffing@novell.com + +- Fix incorrect path on x86_64 for vncfb and sdlfb. + +------------------------------------------------------------------- +Thu Aug 17 09:09:48 MDT 2006 - ccoffing@novell.com + +- Improve xendomains init script, to handle unset sysconfig vars. +- Import virtual framebuffer patches. +- Drop reboot patch; resync patches. + +------------------------------------------------------------------- +Wed Aug 16 09:20:15 MDT 2006 - ccoffing@novell.com + +- Update to xen-unstable changeset 11134. +- Drop xen-reverse-10064.diff now that kernel is updated. + +------------------------------------------------------------------- +Tue Aug 8 15:44:08 MDT 2006 - ccoffing@novell.com + +- Re-enabled patch for #184175. +- Update to xen-unstable changeset 10986. +- Include Jan's patch to preserve register context when doing + IO. (#192150) + +------------------------------------------------------------------- +Fri Jul 28 14:36:59 MDT 2006 - ccoffing@novell.com + +- Add support to domUloader for "xm create --dry-run". Based on + patch from HP. + +------------------------------------------------------------------- +Thu Jul 27 10:30:26 MDT 2006 - ccoffing@novell.com + +- Add link for qemu-dm that is invariant across architectures, so + that VM config files can be simple key/value pairs parsable by + yast, and still be movable to another arch. (#193854) +- Add loop.ko to rescue image created by mk-xen-rescue-img, and + remove usbfs from image's /etc/fstab since USB isn't yet + supported, to avoid errors during boot. (#191627) + +------------------------------------------------------------------- +Mon Jul 17 11:40:01 MDT 2006 - ccoffing@novell.com + +- Update to xen-unstable changeset 10712. +- Update domUloader and rcxend to work with blktap. + +------------------------------------------------------------------- +Fri Jul 14 09:02:50 MDT 2006 - ccoffing@novell.com + +- When waiting for domains to shut down, must also wait for + loopback devices to be torn down, otherwise higher-level tools + may migrate a VM before the disk image is flushed. (#185557) +- More updates to the README. + +------------------------------------------------------------------- +Wed Jul 13 13:06:14 MDT 2006 - kallan@novell.com + +- Added for loop to retry the losetup -d in /etc/xen/scripts/block. + It is possible for the losetup -d to fail if another process is + examining the loopback devices e.g. losetup -a. (#151105) + +------------------------------------------------------------------- +Wed Jul 12 16:11:10 MDT 2006 - ccoffing@novell.com + +- Corrected and updated README. + +------------------------------------------------------------------- +Mon Jul 10 10:27:09 MDT 2006 - ccoffing@novell.com + +- Add Jeff Mahoney's block-sync.diff, to give control of + "losetup -y" to the user (and potentially yast). Defaults to + old async behavior. (#190869) + +------------------------------------------------------------------- +Thu Jul 6 15:48:35 MDT 2006 - ccoffing@novell.com + +- Update to xen-unstable tree. Revert changeset 10064, to maintain + backwards compatibility with SLES 10. + +------------------------------------------------------------------- +Wed Jul 5 12:10:04 MDT 2006 - ccoffing@novell.com + +- Do not open migration port by default. (#190170) +- Update patch for migration oops, to latest version in bug + #162865. + +------------------------------------------------------------------- +Mon Jul 3 19:58:01 CEST 2006 - okir@suse.de + +- xen-losetup-sync.diff: use the new "losetup -y" option to force + the loop device to use synchronous I/O (#189051) + +------------------------------------------------------------------- +Fri Jun 30 12:38:24 MDT 2006 - ccoffing@novell.com + +- Increase balloon timeout value. (#189815) +- Update to xen-3.0-testing tree, changeset 9762. + +------------------------------------------------------------------- +Thu Jun 29 12:42:25 MDT 2006 - ccoffing@novell.com + +- Fix some loopback races in domUloader. (#151105) + +------------------------------------------------------------------- +Tue Jun 27 13:47:32 MDT 2006 - ccoffing@novell.com + +- Add "max_para_memory" and "max_hvm_memory" to output of "xm info" + for bug #184727. +- Include Jan's patches for bug #184175. Improves PAE guest + support on HVM. + +------------------------------------------------------------------- +Mon Jun 26 11:21:49 MDT 2006 - ccoffing@novell.com + +- Include patch from HP to fix a domU migration failure ("Kernel + BUG at mm/mmap.c:1961"). Force L1/L2 page tables to be updated + at the end, to avoid them from being dirtied and not transferred. + (#162865) + +------------------------------------------------------------------- +Thu Jun 23 09:23:19 MDT 2006 - kallan@novell.com + +- Updated xen-bonding.diff to enable bonding again after the latest + patches to network-bridge etc. (#161888) + +------------------------------------------------------------------- +Wed Jun 21 15:16:47 MDT 2006 - ccoffing@novell.com + +- Clean up the useless "Nothing to flush" messages, from 'ip addr + flush', in /var/log/xen-hotplug.log +- Fix race condition in domUloader.py, when another process did + losetup -d while domUloader was running. This would result in + the mount failing, and so the VM would fail to start. + +------------------------------------------------------------------- +Tue Jun 20 14:42:28 MDT 2006 - ccoffing@novell.com + +- Revamp balloon.py to account for pages currently being + scrubbed. (#185135) + +------------------------------------------------------------------- +Mon Jun 19 09:55:04 MDT 2006 - ccoffing@novell.com + +- Update to xen-3.0-testing tree, changeset 9749. +- DomUs are getting starved for CPU (up to 40 seconds was seen) + when dom0 has a load. This can cause pathological behavior, and + can cause OCFS2 to fence (panic) the domain. (#179368, #178884) +- Import Gerd's fix to network-bridge script for bug #161888. + +------------------------------------------------------------------- +Wed Jun 14 13:24:25 MDT 2006 - ccoffing@novell.com + +- Pull out accidentally-included debugging code. +- Drop xenvers patch; this was for backwards compatibility for + some early internal builds. +- Update from Jan on the console patch. Not all graphics cards / + drivers properly reflect the state in the register being tested. + Improved the check, to prevent screen corruption. (#161541) + +------------------------------------------------------------------- +Tue Jun 13 10:28:36 MDT 2006 - ccoffing@novell.com + +- Resync with new tarball from xen-3.0-testing; changeset 9738. + +------------------------------------------------------------------- +Mon Jun 12 10:23:35 MDT 2006 - ccoffing@novell.com + +- Drop BUILD_BUG_ON and pirq-shared patches. Last week's pirq + sharing patch from upstream (for bug #152892) makes these patches + redundant. Dropping these makes our shared_info structure match + upstream again, which is needed for compatibility with other + paravirtualized guests. +- Import changeset 9734 from xen-3.0-testing. This fixes a hyper- + call (used by the pcifront driver) to work on MP guests. Without + this, the pciback driver can hang on MP. (#181467) +- Import changeset 9733 from xen-3.0-testing. This patch is + required to match the Linux kernel, since Linux always calls + this operation from VCPU0 during secondary VCPU bringup. + Without this, process run-time accounting on secondary CPUs is + completely wrong. +- Updated README: Documented work-around for bug #180058. + +------------------------------------------------------------------- +Fri Jun 9 09:23:04 MDT 2006 - ccoffing@novell.com + +- Include Jan's patch: "IOPL is ignored for VM86 mode port + accesses. Fix Xen emulation to match native behaivour." Fixes + some X lockup issues. (#179045) +- Include Keir's patch to allow reading from port 0x61, to avoid + an X server lockup. (#171087) +- Include xen-3.0-testing changeset 9726, which is needed to + support the latest kernel-xen. With this support, Linux will + only trigger unhandled IRQ path if IRQ is not shared across + multiple guests (another guest may have handled the interrupt). + This is more upstream work that goes with bug #152892. +- Add versioning to the Requires lines, to guard against mixing + binary incompatible versions. (#183292) +- I accidentially dropped part of Clyde's fix for bug #162244. + SMP support in HVM is working in xen-unstable, so upstream + dropped the HT CPUID masking code, which we then inheirited. + Re-add HT CPUID masking. (#162244) +- Updated README: VNC installations, known issues. + +------------------------------------------------------------------- +Thu Jun 8 11:38:34 MDT 2006 - ccoffing@novell.com + +- Drop our XCHG patch for the equivalent upstream patch, to fix + patch application order. No code change. + +------------------------------------------------------------------- +Wed Jun 7 12:19:16 MDT 2006 - ccoffing@novell.com + +- Updated README: HVM issues/tips, CDROM tips, known issues. +- Add patch from Intel to decode LODS/STOS instructions to fix + Windows installation. Only affects HVM. Xen changeset #9725 + consolidates this patch and xen-hvm-decode.diff; drop our 2 in + favor of the consolidated upstream patch. (#176717) + +------------------------------------------------------------------- +Tue Jun 6 10:08:19 MDT 2006 - ccoffing@novell.com + +- Drop xen-8-way-bios patch, because it breaks Windows HVM + installation. The patch was only necessary when running SMP HVM + with "acpi=0" on the kernel command line. (#181974) +- Include two patches from xen-3.0-testing that change the + interface between Xen and guests. Including these now to help + forward-compatibility: + + 9709: Changes interface for accessing %cr3 so that extra bits + (>4GB) for PAE pgdirs are placed in low-order bits of %cr3. + Kernels without support for this will still run fine. + + 9721: Use explicitly-sized types in the dom0_ops and privcmd + structures. +- Fix ability to change ISOs images for HVM guest. (#181895) +- Removed pointless whitespace changes from xen-removable.diff, for + better maintainability. Cut the patch size in half; no code + changes. + +------------------------------------------------------------------- +Mon Jun 5 10:19:27 MDT 2006 - ccoffing@novell.com + +- Include select patches from xen-3.0-testing: + + 9698: Official fix for bug #159001. Dropped our patch. + + 9702: Fix MMU_NORMAL_PT_UPDATE when passed a page that is no + longer of type page-table. + + 9703: Modification to fix for bug #159001; ignore empty PTEs. + + 9704: Fix for obvious typo in map_pages_to_xen: When replacing + a pte, free the page table pointed to by the old entry, not the + new entry. + + 9705: Jan's previous signed-ness patch (c/s 9695) was changed + when accepted upstream, which broke it; this changeset + attempts to fix the breakage. + + 9708: HVM: Fix a hang when doing an "xm destroy" of Windows VM. + + 9717: HVM: Interrupts must be kept disabled when entering Xen + for external interrupt processing. + +------------------------------------------------------------------- +Fri Jun 2 11:08:07 MDT 2006 - ccoffing@novell.com + +- Include xen-3.0-testing changeset 9693. This scales the + ballooning timeout with the amount of memory being requested + (necessary for large memory machines). This is a more proper fix + for Novell bug #175805, and addresses XenSource bug #650. + +------------------------------------------------------------------- +Thu Jun 1 14:40:23 MDT 2006 - ccoffing@novell.com + +- Update the README, regarding how to make the mouse work properly + with VNC in HVM. +- Update help text in mk-xen-rescue-img. + +------------------------------------------------------------------- +Wed May 31 14:53:43 MDT 2006 - ccoffing@novell.com + +- Jan's backport of xen-unstable changesets 9517, 9518, and 9529. + This allows Xen to boot on 4-node configurations without + crashing. (#150114) +- Include patch from Jun Nakajima at Intel to fix inability to + start XWindows after creating HVM guest. (#159001) +- Include select patches from xen-3.0-testing: + + 9697: Fix infinite recursion loop in get_page_type() error path +- Include xen-unstable changeset 9967, to improve Summagraphics + tablet emulation, to help mouse tracking in HVM. (#167187) +- Include 3 patches from AMD to fix SMP support in HVM. (#176171) +- Add CPUID masking patches from AMD and Intel for HVM. This + prevents the OS from seeing (and trying to use) various hardware + features that are not supported within the VM. (#180879) + +------------------------------------------------------------------- +Fri May 26 11:48:08 MDT 2006 - ccoffing@novell.com + +- Fix deadlock between xm and qemu. Qemu should not call xm; + issue xc commands directly. This deadlock was exposed when + making qemu exit nicely and clean up. (#176400) +- Include Gerd's update to his previous REP MOVS fix. Calculating + high_addr and low_addr is more complicated than previously + thought, and the count was wrong. (#165448). +- Drop previous patch that forcefully turns off Xen's console + logging to avoid video corruption; instead use Jan's patch which + only turns logging off when in graphical mode. (#161541) +- Include Jan's patch to call machine_halt rather than inline + assembly "hlt" when Xen crashes to sync display, disable watchdog + timers, etc. +- Tweak the auto-ballooning patch to limit the VM itself to the + requested amount of memory, don't include the overhead, as + suggested by Intel. Separate calls exist elsewhere to increase + the max as needed. (#149179) +- Include select patches from xen-3.0-testing: + + 9688, 9696: These remove some broken assembly string + functions. This is prep work from Jan for bug #160066. + + 9695: Updates in the hypervisor to EDI and ESI could be + incorrect, due to sign not being handled correctly. + +------------------------------------------------------------------- +Fri May 19 11:01:29 MDT 2006 - ccoffing@novell.com + +- Update from Intel to previous patch to fix installation of HVM + W2k. Adds decoding for two more instructions. (#176717) +- Updated the README. +- Included updated version of KY's patch to reserve some lowmem + for PAE, to avoid kernel BUG() during boot. The amounts of + memory reserved at various physical memory sizes have been + adjusted. (#175124) +- Include Intel's patch for unchecked allocations in shadow*.c. + (#149179) + +------------------------------------------------------------------- +Thu May 18 09:50:11 MDT 2006 - ccoffing@novell.com + +- Include Intel's patch to fix installation of HVM W2k. This patch + adds decoding for 'xor' and 'and' instructions. Without this, + the VM crashes when W2k attempts to install network components. + (#176717) +- While tidying xen-hvm-memory-check.diff for submission upstream, + I noticed an error in the patch (such that low-memory while + starting the HVM domain could still crash the physical machine.) + Now all uses of iopm are protected by the check. (#149179) +- Xen must always relinquish control of the VGA console once dom0 + has started. Otherwise, it could be over-writing dom0's memory, + causing screen or other memory corruption. Admin can use + "xm dmesg" to view Xen's log instead. (#161541) +- First send a SIGTERM, rather than SIGKILL, to qemu to give it a + chance to clean up. This fixes both mouse and CD-ROM issues + for fully virtualized VMs. This is a work-around; Ross is + still working on the proper fix. (#176400, #171258, #176157) +- Include select patches from xen-3.0-testing: + + 9682,9683: These patches only affect full virtualization on + AMD. Fixes register corruption, cleans up event injection, + cleans up IO handling. + + 9685,9686: This patch only affects full virtualization on + Intel. Fixes VM's segment base address, to avoid vmentry + failure. Also remove 32/64 differences in vmx reg store/load. + +------------------------------------------------------------------- +Wed May 17 14:45:46 MDT 2006 - ccoffing@novell.com + +- When auto-ballooning domain 0's memory for a new HVM domain, + all memory (including memory intended for overhead) was given + to the VM itself. So increasing the memory size calculations + did not actually free up any more memory. Now, treat the amount + to balloon and the amount to give to the VM as separate values. + (#149179) + +------------------------------------------------------------------- +Tue May 16 11:11:12 MDT 2006 - ccoffing@novell.com + +- Include Gerd's fix for HVM emulation of REP MOVS when the copy + spans a page. If the direction flag was set, the emulation code + broke. This caused the VM to freeze when configuring firewall + (#165448). +- Include KY's fix to default to reserving 16M of lowmem for PAE, + to avoid hitting kernel BUG() during boot (#175124). +- Don Dugger's (Intel) fix for HVM screen corruption (#164573). +- Increase maximum time auto-ballooning will wait for domain 0 to + respond, otherwise large VMs will fail to start from yast + (#175805). + +------------------------------------------------------------------- +Mon May 15 13:18:14 MDT 2006 - ccoffing@novell.com + +- Update memory size calculations when auto-ballooning for HVM + to make more stable (#149179). + +------------------------------------------------------------------- +Fri May 12 10:42:37 MDT 2006 - ccoffing@novell.com + +- Include select patches from xen-3.0-testing: + + 9674: xc_ptrace: Fix reversed conditional, which broke single- + stepping. + + 9675: xc_ptrace: Fix out-of-bounds memory-access for FPU state. + + 9678: Fix the performance issues of 2-level paging HVM guests + on the PAE Xen. +- Update man pages. + +------------------------------------------------------------------- +Wed May 10 12:38:14 MDT 2006 - brogers@novell.com + +- Fix loading of binary images which either require PAE or + dynamically support running on both PAE hypervisor and non-PAE + hypervisors. (#174080) + +------------------------------------------------------------------- +Wed May 10 12:36:23 MDT 2006 - carnold@novell.com + +- Handle memory failure when staring fully virtualized + guests to prevent reboot of the box (AMD) or + hanging the box (VT) (#149179). + +------------------------------------------------------------------- +Tue May 9 16:40:59 MDT 2006 - ccoffing@novell.com + +- Include select patches from xen-3.0-testing: + + 9665: Fix pciif parsing for compatibility variable. + + 9666: Fix HVM hang; was broken due to previous "hda lost + interrupt" patch. (#169146) + + 9667: Do not set GP fault in VMCS for VMX (no bug#; from Intel) + +------------------------------------------------------------------- +Thu May 4 20:53:21 MDT 2006 - cgriffin@novell.com + +- Update xen-3.0-testing tree, changeset 9664: + + Changesets 9663 and 9664 fix AMD fully virtualized + guests causing the system to reboot when + first starting up. (#169855) + +------------------------------------------------------------------- +Thu May 4 20:16:06 MDT 2006 - cgriffin@novell.com + +- With a Xen domain set up with a loop-mountable file as rootfs, + the "xm start " invocation fails. The cause is a bug + domUloader.py (#172586) + +------------------------------------------------------------------- +Thu May 4 12:52:32 MDT 2006 - rmaxfiel@novell.com + +- Added the ability to 'attach' and 'detach' removable media + devices to hvm guests. Also made cdrom eject when the eject + request comes from the hvm guest. (#159907) +- Fixed the loss of mouse when a SDL session ends with 'grab' + in effect. (#159001) + +------------------------------------------------------------------- +Thu May 4 10:42:32 MDT 2006 - cgriffin@novell.com + +- Update xen-3.0-testing tree, changeset 9661: + + Drop patches merged upstream + + Took Kier's official patches for dropped patches most + notably spurious interrupts (#152892) +- Took Intel's patch to fix screen corruption when + resizing the screen of windows hvm guests (#164573) + +------------------------------------------------------------------- +Wed May 03 11:14:40 MDT 2006 - kallan@novell.com + +- Added configuring network interfaces when using Xen bridging instructions + to the README.SuSE file as requested by bug #171533. + +------------------------------------------------------------------- +Mon May 01 09:42:25 MDT 2006 - tthomas@novell.com + +- Added message to xm save to indicate that save is not currently + supported for fully virtualized guests. (#161661) + +------------------------------------------------------------------- +Fri Apr 28 09:42:25 MDT 2006 - ccoffing@novell.com + +- Close fds before exec-ing vncviewer, so yast2-vm doesn't hang + when viewing fully-virtualized console (#168392). + +------------------------------------------------------------------- +Thu Apr 27 08:14:18 MDT 2006 - ccoffing@novell.com + +- Update xen-3.0-testing tree, changeset 9656: + + Drop patches merged upstream. + + Fix reboot on large SMP machines (IBM, no bug #). +- Integrate Jan's patches: + + Spurious interrupt roundup (#152892). + +------------------------------------------------------------------- +Mon Apr 24 15:32:32 MDT 2006 - ccoffing@novell.com + +- Integrate Jan's patches: + + FXSR patch (#135677). + + APIC option patch (work-around #150114). + + Protect against hypervisor crash (#169143). +- Update xen-3.0-testing tree, changeset 9649: + + Avoid spurious timer activations in hypervisor. + + Fix xen command line parsing (lapic / nolapic parsing). + + Fix inverted BUG_ON w.r.t. SiS APIC bug. + +------------------------------------------------------------------- +Fri Apr 21 08:56:29 MDT 2006 - ccoffing@novell.com + +- Update to 3.0.2-2 (xen-3.0-testing tree, changeset 9640): + + Fix for "hda lost interrupt" for PAE VMX. + + Increase L2 PDE to 1 GB; allows x86_64 to boot larger dom0. + + Fix for SVM booting 32pae-on-32pae. +- Drop upstream patches (SiS APIC bug, HTT, HVM interrupt race) +- Add Jan's port of spurious interrupt patch (#152892). +- Add /etc/xen/images link for convenience (#168070). +- Updated README. + +------------------------------------------------------------------- +Thu Apr 20 10:29:44 MDT 2006 - ccoffing@novell.com + +- SiS APIC bug patch (Jan Beulich, #116485). + +------------------------------------------------------------------- +Wed Apr 19 12:22:53 MDT 2006 - ccoffing@novell.com + +- Don't kill xenstored and xenconsoled when stopping xend. + (#158562, #156261) + +------------------------------------------------------------------- +Wed Apr 19 10:46:32 MDT 2006 - ccoffing@novell.com + +- Update to 3.0.2-2 (xen-3.0-testing tree, changeset 9629): + + Fix for SMP IA32 VMX guest booting. + + KY's SETMAXMEM fix. + +------------------------------------------------------------------- +Wed Apr 19 10:23:57 MDT 2006 - cgriffin@novell.com + +- Removed HTT bit from cpuid and set logical processor count to 1. + Also fixed logic problem in svm code where apic=0 was not + handled (#162244). + +------------------------------------------------------------------- +Wed Apr 19 16:41:32 CEST 2006 - agruen@suse.de + +- Create /boot symlinks in the %install section instead of in + %post so that they will end up in the package file list. + +------------------------------------------------------------------- +Tue Apr 18 15:40:41 MDT 2006 - ccoffing@novell.com + +- Add /etc/xen/vm to vm config file search path (#167208). + +------------------------------------------------------------------- +Fri Apr 14 11:05:40 MDT 2006 - kallan@novell.com + +- Add support for bonding in network-bridge. (#161678). + +------------------------------------------------------------------- +Fri Apr 14 09:27:40 MDT 2006 - ccoffing@novell.com + +- Update to 3.0.2-2 (xen-3.0-testing tree, changeset 9620): + + Fixes stack corruption in libxs (XenSource #411). + +------------------------------------------------------------------- +Thu Apr 13 09:55:02 MDT 2006 - rmaxfiel@novell.com + +- Fixed a problem in ioemu which exited when the cdrom line was + found in the guest def file but the cd device contained no media. + (#161210) + +------------------------------------------------------------------- +Wed Apr 12 12:57:23 MDT 2006 - ccoffing@novell.com + +- Auto-balloon domain 0 for HVM domains (#149179). +- Update to 3.0.2-1 (xen-3.0-testing tree, changeset 9612): + + Fixes xmlrpc issues. + + Fixes several emulated instructions for HVM. + + Fixes for x86_64 inline assembly. + +------------------------------------------------------------------- +Tue Apr 11 16:45:48 MDT 2006 - ccoffing@novell.com + +- Fix "jitter" and race in dom0's memory target calculation, which + could cause auto-ballooning to fail (#164714). + +------------------------------------------------------------------- +Tue Apr 11 05:03:34 MDT 2006 - brogers@novell.com + +- Fix problem where localtime=1 results in zombie domains after + they shutdown (#164960) + +------------------------------------------------------------------- +Mon Apr 10 09:54:49 MDT 2006 - ccoffing@novell.com + +- Update to hg 9598 (xen-3.0-testing tree; 3.0.2-rc). Discounting + Linux changes and patches we already carry, this update contains: + + Saner error handling in iret hypercall (x86/64). + + Make root page table sanity check on restore more generic. + + Additional sanity / compatability checks during guest build. + + IO-APIC update hypercall fixes. + +------------------------------------------------------------------- +Fri Apr 7 11:45:56 MDT 2006 - ccoffing@novell.com + +- Don't throw an exception if 'xm top' is run by non-root; print + error message instead (#164224). +- Change localtime patch to account for daylight savings time + (Bruce Rogers). +- Re-add patch to make tightvnc work. It was accidentally dropped + recently (#149556). + +------------------------------------------------------------------- +Thu Apr 6 09:59:03 MDT 2006 - ccoffing@novell.com + +- Update to hg 9590 (xen-3.0-testing tree; 3.0.2-rc). +- Fix type error in localtime patch for para (Bruce Rogers). +- Fix default localtime for full (Bruce Rogers). +- Fix path in mk-xen-resue-img.sh (#163622). +- Update README (pathnames, yast2-vm descriptions, terminology). + +------------------------------------------------------------------- +Tue Apr 4 01:24:01 CEST 2006 - garloff@suse.de + +- init script: Test for control_d in capabilities to determine dom0 + rather than privcmd. +- init script: Try loading netloop and backend modules. +- mk-xen-rescue-img.sh: Copy frontend drivers, remove stale files. +- example config files: provide commented out domUloader exmaples. + +------------------------------------------------------------------- +Mon Apr 3 10:13:38 MDT 2006 - ccoffing@novell.com + +- Update to hg 9514 (xen-unstable tree; 3.0.2-rc). +- Fix for rebooting (Jan Beulich; #160064). + +------------------------------------------------------------------- +Fri Mar 31 13:00:22 MST 2006 - ccoffing@novell.com + +- Update to hg 9502 (xen-unstable tree; 3.0.2-rc). +- Update man page (#162402). +- xen-tools requires python-xml (#161712). +- Include localtime patch to support NetWare (Bruce Rogers). + +------------------------------------------------------------------- +Thu Mar 30 08:56:52 MST 2006 - ccoffing@novell.com + +- Update to hg 9481 (xen-unstable tree; 3.0.2-rc). +- Correctly default XAUTHORITY if it is not set. This allows the + GUI to come up for fully virtualized guests (was especially + problematic when VM was started from YaST). (#142472) + +------------------------------------------------------------------- +Wed Mar 29 15:23:51 MST 2006 - ccoffing@novell.com + +- Fixed reversed "Do I have enough memory?" test when creating + new VMs (#156448). + +------------------------------------------------------------------- +Tue Mar 28 11:37:34 MST 2006 - ccoffing@novell.com + +- Pick up two critical fixes for AMD to fix full virtualization: + c/s 9453 & c/s 9456. + +------------------------------------------------------------------- +Thu Mar 23 14:23:32 MST 2006 - ccoffing@novell.com + +- Update to hg 9434 (xen-unstable tree; 3.0.2-rc). +- Fix /etc/xen/scripts/block to properly check if devices can be + shared. +- Default XENDOMAINS_AUTO_ONLY to true; previous setting + contradicts yast2-vm's claim that only VM's marked auto will be + auto-started. + +------------------------------------------------------------------- +Mon Mar 20 08:48:31 MST 2006 - ccoffing@novell.com + +- Update to hg 9329 (xen-unstable tree). + +------------------------------------------------------------------- +Wed Mar 15 12:20:38 MST 2006 - ccoffing@novell.com + +- Update to hg 9251 (xen-unstable tree). +- Update to latest versions of Intel's VNC patches: + patch-vga-sse2-0314.l, patch-vnc_loop-0314.l, + patch-vncmouse-0315.l +- Gather example files in /etc/xen/examples. + +------------------------------------------------------------------- +Tue Mar 14 11:00:00 MST 2006 - rmaxfiel@novell.com + +- Removed the intermediate sym-link between xen.gz and + xen-<version>-<release>.gz. Grub 0.97 XFS can not handle a + double indirect to a file. (#151792) + +------------------------------------------------------------------- +Tue Mar 14 00:29:28 CET 2006 - garloff@suse.de + +- Update README.SuSE: Document limits (mem, cpu hotplug, max_loop), + more network troubleshooting, update security info. +- Be more tolerant against errors in ifdown/ifup to better coexist + with non-std network setups (e.g. ifplugd/NetworkManager). + +------------------------------------------------------------------- +Tue Mar 7 10:56:36 MST 2006 - ccoffing@novell.com + +- Update to hg 9172 (xen-unstable tree). +- Create new xen-libs package, split from xen-tools (#154473). +- Update mk-xen-rescume-img and xmexample.rescue to work with + current rescue image on CD (#152971). +- Include Kurt's patch to domUloader, to pass command line args. +- xendomains shouldn't try to migrate or save HVM domains, as this + isn't supported and will stall the shutdown (#155265). +- Create empty /etc/xen/vm directory for YaST to place config files + in, to avoid name collisions (#156322). +- Update and re-enable vga patch from Intel (Don Dugger). VGA + emul is faster and not corrupted. +- ifup is run to ensure IPs are assigned before rearranging for + xen, but this can fail with ifplugd; this should not kill the + whole script (Kirk Allan) (#154115). +- Make network-bridge script more robust, by checking /sys instead + of grep-ing. + +------------------------------------------------------------------- +Mon Mar 6 12:27:19 MST 2006 - ccoffing@novell.com + +- Update to hg 9148 (xen-unstable tree). Drop patches merged + upstream. +- More README improvements (#154134). +- Fix "vncviewer=1" to bring up vncviewer (#149556). + +------------------------------------------------------------------- +Mon Mar 6 09:58:24 MST 2006 - ccoffing@novell.com + +- Fix build of hvmloader and vmxassist by removing external + CFLAGS (XS changeset #9110). +- Fix build by forcing --prefix during installation of *.py. + +------------------------------------------------------------------- +Wed Mar 1 17:45:52 MST 2006 - ccoffing@novell.com + +- Update to hg 9029 (xen-unstable tree). Adds support for HVM on + 64 bit hardware. +- Update vncmouse diff to 20060301 from Intel; compensates for lack + of eager events in our LibVNCServer. +- Fix many bugs in lomount. +- Cap maximum value of "xm mem-set" for domain 0, based on size of + dom0's page tables (#152667). + +------------------------------------------------------------------- +Mon Feb 27 09:37:38 MST 2006 - ccoffing@novell.com + +- Update to hg 9015 (xen-unstable tree). More bug fixes. +- Update patch to better honor RPM_OPT_FLAGS. +- Updated README (#154134). +- Disable xen-vga-0213 patch; it speeds VGA updates but was + corrupting the display. +- Change max mouse polling time from 1ms to 10ms to reduce CPU + load (from Intel). + +------------------------------------------------------------------- +Thu Feb 23 13:26:07 MST 2006 - ccoffing@novell.com + +- Update to hg 8954 (xen-unstable tree). More bug fixes. +- Don't use a dummy IP of 1.2.3.4 for NFS server when booting domU + with DHCP. Seems to hang x86_64 Linux. +- Remove unnecessary x86_64 patch. +- Fix auto-ballooning of dom0 memory for HVM domUs (XenSource bug + 521). + +------------------------------------------------------------------- +Tue Feb 21 15:07:43 MST 2006 - ccoffing@novell.com + +- Update to hg 8920 (xen-unstable tree). Fixes instruction decode + for fully virtualized guests, fixing booting from CDs. +- Integrate 3 patches from Intel, to improve VNC performance. + +------------------------------------------------------------------- +Tue Feb 21 08:42:37 MST 2006 - ccoffing@novell.com + +- Update to hg 8910 (xen-unstable tree). + fixes 32 on 32, 32 pae on 32pae, 64 on 64, 32 on 64. + critical HVM fixes, for fully virtualized guests. + +------------------------------------------------------------------- +Fri Feb 17 08:27:11 MST 2006 - ccoffing@novell.com + +- Update to hg 8870 (xen-unstable tree). More HVM fixes. +- Remove duplicate balloon.free call. +- Add patch from Intel to fix dom0 crash on 64 bit SMP HVM. + +------------------------------------------------------------------- +Thu Feb 16 16:16:11 MST 2006 - carnold@novell.com + +- Update to hg 8858 (xen-unstable tree). + +------------------------------------------------------------------- +Wed Feb 15 08:31:19 MST 2006 - ccoffing@novell.com + +- Update to hg 8857 (xen-unstable tree). Syncs hypervisor core + with Linux 2.6.16, which may fix some ACPI issues. Fixes HVM. +- Fix uninitialized variable in xc_load_bin (from Bruce Rogers). +- Auto-balloon dom0 for fully virtualized domains (#149179). +- xen-doc-html was missing image files. + +------------------------------------------------------------------- +Mon Feb 13 12:20:03 MST 2006 - ccoffing@novell.com + +- Update to hg 8830 (xen-unstable tree). +- Restore cs 8783/8792 to match kernel. + +------------------------------------------------------------------- +Wed Feb 8 11:58:40 MST 2006 - ccoffing@novell.com + +- Update to hg 8800 (xen-unstable tree). +- Update BuildRequires. +- Add "max-free-memory" to "xm info", to support yast2-vm (#147612) +- Insserv xendomains, to support yast2-vm. +- Fix exit code of "xend stop". +- Revert cs 8783/8792 to allow xenstore to start (until kernel + catches up). +- Ensure eth0 aka veth0 really comes up in network-bridge. + +------------------------------------------------------------------- +Sat Feb 4 18:47:41 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 27 11:24:37 MST 2006 - ccoffing@novell.com + +- Update to hg 8728 (xen-unstable tree). +- Improve network-bridge: + + Ensure netdev really is up, to fix STARTMODE="manual". + + Stop ifplugd when doing ifdown, to fix STARTMODE="ifplugd". + + Improve check for whether bridge already exists. + + Improve defaults for netdev. +- Fix log rotate so xend moves to new log. +- xen-tools "Requires" python, et.al.; xen proper doesn't. +- Revamp mk-xen-rescue-img.sh (#118566). +- Revamp rcxendomains: improved output, error checking, return + values (#143754, #105677). + +------------------------------------------------------------------- +Tue Jan 24 14:49:09 MST 2006 - ccoffing@novell.com + +- Update to hg 8659 (xen-unstable tree). + +------------------------------------------------------------------- +Mon Jan 23 14:46:54 MST 2006 - ccoffing@novell.com + +- Correct return values and improve messages of init scripts. + +------------------------------------------------------------------- +Fri Jan 20 14:10:40 MST 2006 - ccoffing@novell.com + +- Use domUloader instead of pygrub. + +------------------------------------------------------------------- +Thu Jan 19 15:24:28 MST 2006 - carnold@novell.com + +- Build based on the xen-unstable.hg 8628 + +------------------------------------------------------------------- +Wed Jan 18 11:45:50 MST 2006 - carnold@novell.com + +- Update to hg 8646 xen-unstable-hvm.hg tree. + +------------------------------------------------------------------- +Fri Jan 13 11:05:06 MST 2006 - ccoffing@novell.com + +- Allow version string "XEN_VER=3.0" instead of just + "XEN_VER=xen-3.0" for backwards compatibility. +- Correctly set changeset in compile.h. + +------------------------------------------------------------------- +Thu Jan 12 15:39:00 MST 2006 - carnold@novell.com + +- Added two patches from AMD that apply to the 8513 changeset. + +------------------------------------------------------------------- +Thu Jan 12 11:39:17 CET 2006 - kukuk@suse.de + +- Add libreiserfs-devel to nfb. + +------------------------------------------------------------------- +Wed Jan 11 11:14:20 MST 2006 - carnold@novell.com + +- Update to hg 8513 xen-unstable-hvm.hg tree. + +------------------------------------------------------------------- +Tue Jan 10 13:13:24 MST 2006 - ccoffing@novell.com + +- Update to hg 8269 (xen-3.0-testing). +- Support try-restart in init scripts. +- Clean up installation of udev rules. + +------------------------------------------------------------------- +Wed Dec 14 13:05:07 MST 2005 - ccoffing@novell.com + +- Update to hg 8257 (xen-3.0-testing). +- Update documentation. +- Fix gcc 4.1 warnings. + +------------------------------------------------------------------- +Wed Dec 7 13:39:00 MST 2005 - ccoffing@novell.com + +- Update to hg 8241 (xen-3.0-testing). + +------------------------------------------------------------------- +Mon Nov 28 16:30:02 MST 2005 - ccoffing@novell.com + +- Update to hg 8073. +- Rationalize command names (eg, setsize -> xentrace-setsize). +- Fix gcc 4.1 warnings. + +------------------------------------------------------------------- +Wed Nov 16 13:40:03 MST 2005 - ccoffing@novell.com + +- Update to hg 7782. +- Honor RPM_OPT_FLAGS better. +- Include a few simple, obvious fixes from upstream. +- Build xm-test package. +- Update udev scripts. + +------------------------------------------------------------------- +Mon Nov 14 16:43:10 MST 2005 - ccoffing@novell.com + +- Includes upstream fixes to fix i586 save/restore. + +------------------------------------------------------------------- +Thu Nov 10 13:23:13 MST 2005 - ccoffing@novell.com + +- Include a few simple, obvious fixes: 7609, 7618, 7636, 7689, + 7690, 7692, 7696 + +------------------------------------------------------------------- +Thu Nov 3 10:26:32 MST 2005 - ccoffing@novell.com + +- Update to hg 7608. +- Fix warn_unused_result warnings. +- Drop some patches (merged upstream) +- Tidy README.SuSE. + +------------------------------------------------------------------- +Tue Nov 1 13:08:06 MST 2005 - ccoffing@novell.com + +- Update to hg 7583. + +------------------------------------------------------------------- +Thu Oct 20 21:16:07 CEST 2005 - ccoffing@novell.com + +- Don't mention unwritten man pages. +- Update xmexample* to match SUSE paths. +- Update xs-include patch. + +------------------------------------------------------------------- +Wed Oct 19 12:11:35 CEST 2005 - garloff@suse.de + +- Avoid race in watchdog functionality. +- Improve network-bridge script. + +------------------------------------------------------------------- +Tue Oct 18 22:34:41 CEST 2005 - garloff@suse.de + +- Ignore zombies in the xendomains shutdown procedure and have a + configurable timeout for the commands. Make xendomains status + report something useful. +- Make xendomains script comaptible to non-SUSE distros. + +------------------------------------------------------------------- +Mon Oct 17 23:38:58 CEST 2005 - garloff@suse.de + +- Update to hg 7398. + +------------------------------------------------------------------- +Mon Oct 17 15:41:07 CEST 2005 - garloff@suse.de + +- Create useful xendomains init script and sysconfig file. + +------------------------------------------------------------------- +Mon Oct 17 10:44:11 CEST 2005 - garloff@suse.de + +- Create symlinks also for -pae and -dbg hypervisor. +- Build doxygen documentation. +- Include block-nbd script and xen-nbd example config. +- Include patchset info. + +------------------------------------------------------------------- +Wed Oct 12 13:31:06 CEST 2005 - garloff@suse.de + +- Update docu. +- Enable xen-dbg hypervisor for gdbserver domU debugging. + +------------------------------------------------------------------- +Tue Oct 11 20:40:58 CEST 2005 - garloff@suse.de + +- Update docu. +- Update to hg 7313. +- Move libxenstore.so to xen-tools. + +------------------------------------------------------------------- +Tue Oct 11 12:09:24 CEST 2005 - garloff@suse.de + +- Fix buglet in /sbin/xen-vbd. + +------------------------------------------------------------------- +Mon Oct 10 13:18:20 CEST 2005 - garloff@suse.de + +- Downgrade to hg 7267. +- Add troubleshooting section to README.SUSE. + +------------------------------------------------------------------- +Mon Oct 10 11:14:43 CEST 2005 - garloff@suse.de + +- Fix typo in SrvDomain for mem-set operation. +- Workaround: write directly to balloon in dom0 setMemoryTarget. +- Kill xenconsoled and xenstored in rcxend stop. + +------------------------------------------------------------------- +Sun Oct 9 21:25:22 CEST 2005 - garloff@suse.de + +- Update to hg 7278. +- Provide udev rules to setup vifs and vbds in dom0 when domUs + boot (kraxel). +- Change default FS size for rescue images to 80MB. + +------------------------------------------------------------------- +Sat Sep 10 12:23:11 CEST 2005 - garloff@suse.de + +- Update to hg 6715. +- Fix network-bridge down. + +------------------------------------------------------------------- +Thu Sep 8 01:37:40 CEST 2005 - garloff@suse.de + +- Build PAE version along non-PAE version of Hypervisor. + +------------------------------------------------------------------- +Tue Sep 6 23:07:54 CEST 2005 - garloff@suse.de + +- Try to fix network bridge down issue. +- Document netowrking and firewalling caveats in README.SUSE. +- Enable PAE. + +------------------------------------------------------------------- +Tue Sep 6 22:53:08 CEST 2005 - garloff@suse.de + +- Update to hg 6644. + +------------------------------------------------------------------- +Sun Sep 4 23:03:12 CEST 2005 - garloff@suse.de + +- Update to hg 6610. +- Rename default name of xen-br0 to xenbr0. +- Fix pygrub installation. +- Use libreiserfs to support pygrub on reiser. + +------------------------------------------------------------------- +Mon Aug 29 21:39:58 CEST 2005 - ccoffing@novell.com + +- xen-bridge-net.diff: do not destroy domain 0's network setup + when starting xend. + +------------------------------------------------------------------- +Mon Aug 29 15:31:57 CEST 2005 - garloff@suse.de + +- Update to hg 6458. +- Drop privileged port check -- we use Unix dom sockets anyway + (#105178). +- init.xend: Fix linebreaks in PID list. +- Correctly assign insserv to xen-tools subpackage. + +------------------------------------------------------------------- +Thu Aug 25 18:10:15 CEST 2005 - garloff@suse.de + +- Add dirs /var/run/xenstored and /var/lib/xenstored. + +------------------------------------------------------------------- +Thu Aug 25 13:45:17 CEST 2005 - garloff@suse.de + +- Update to hg 6393. + +------------------------------------------------------------------- +Mon Aug 22 14:23:00 CEST 2005 - garloff@suse.de + +- Update to hg 6315. +- Include linux-public headers in xen-devel package. + +------------------------------------------------------------------- +Sun Aug 21 22:55:06 CEST 2005 - garloff@suse.de + +- Update to hg 6305. + +------------------------------------------------------------------- +Sun Aug 21 03:33:31 CEST 2005 - garloff@suse.de + +- Update to hg 6299. +- Enable VNC support (depending on LibVNCServer). + +------------------------------------------------------------------- +Sun Aug 21 02:41:34 CEST 2005 - garloff@suse.de + +- Split off xen-tools-ioemu for supporting unmodified guests. + +------------------------------------------------------------------- +Sat Aug 20 03:21:32 CEST 2005 - garloff@suse.de + +- Enable pygrub (at the cost of depending on e2fsprogs-devel) +- Enable VMX ioemu SDL support (at the cost of many dependencies) + +------------------------------------------------------------------- +Fri Aug 19 20:46:22 CEST 2005 - garloff@suse.de + +- Update to mercurial changeset 6223. +- Move /usr/libexec/xen/ to /usr/lib[64]/xen/bin/. +- Split off -tools package. + +------------------------------------------------------------------- +Mon Aug 15 15:24:05 CEST 2005 - garloff@suse.de + +- Create symlinks in %post. +- Update README.SUSE. +- Mark /etc/xen/ as %config(noreplace). +- Fix x86-64 build (movl -> mov, lib vs. lib64 inst dirs). +- Remove PYTHONOPTIMIZE. + +------------------------------------------------------------------- +Tue Aug 2 17:59:06 CEST 2005 - ccoffing@novell.com + +- Fix warn_unused_result warnings + +------------------------------------------------------------------- +Thu Jul 28 17:37:19 CEST 2005 - ccoffing@novell.com + +- Update to latest 3.0-unstable snapshot. + +------------------------------------------------------------------- +Wed Jul 13 20:41:06 CEST 2005 - ccoffing@novell.com + +- Fixed bug in glibc24 patch that caused erroneous "out of memory" + errors + +------------------------------------------------------------------- +Fri Jun 24 20:18:02 CEST 2005 - ccoffing@novell.com + +- Fix gcc4 patch that caused a panic in Xen at boot. + +------------------------------------------------------------------- +Fri Jun 24 16:11:20 CEST 2005 - ccoffing@novell.com + +- Fix xen-syms link. + +------------------------------------------------------------------- +Fri Jun 17 20:35:09 CEST 2005 - ccoffing@novell.com + +- Fix version-check in NetWare loader (0x336ec577 -> 0x326ec578). + +------------------------------------------------------------------- +Fri Jun 17 18:38:51 CEST 2005 - ccoffing@novell.com + +- Backport NetWare-friendly loader from Xen 3.0. + +------------------------------------------------------------------- +Thu Jun 16 23:18:30 CEST 2005 - ccoffing@novell.com + +- Destroy domains that failed to be fully created. + +------------------------------------------------------------------- +Fri Jun 10 15:42:00 CEST 2005 - garloff@suse.de + +- Update to latest 2.0-testing snapshot. +- Use RPM version and release no as xen version. + +------------------------------------------------------------------- +Wed Jun 8 02:13:40 CEST 2005 - garloff@suse.de + +- Update mk-xen-rescue-img.sh script: Handle SLES9 better. +- Export PYTHONOPTIMIZE in xend start script. + +------------------------------------------------------------------- +Tue Jun 7 00:59:47 CEST 2005 - garloff@suse.de + +- Merge _perform_err fixes. + +------------------------------------------------------------------- +Mon May 23 21:49:00 CEST 2005 - ccoffing@novell.com + +- update to 2.0.6 + +------------------------------------------------------------------- +Wed Apr 13 22:15:45 CEST 2005 - garloff@suse.de + +- More gcc4 and binutils related fixes. + +------------------------------------------------------------------- +Wed Apr 13 16:28:37 CEST 2005 - garloff@suse.de + +- Build fixes for gcc4. + +------------------------------------------------------------------- +Sun Apr 3 23:52:08 CEST 2005 - garloff@suse.de + +- Update xen: Various fixes (scheduling, memset, domain crash + handling) and enhancements (bg page scrubbing). + +------------------------------------------------------------------- +Thu Mar 24 15:36:39 CET 2005 - garloff@suse.de + +- xen-bridge-net.diff: Make sure bridge netdev is up after adding + addresses to it. + +------------------------------------------------------------------- +Wed Mar 23 15:59:27 CET 2005 - garloff@suse.de + +- xen-secure.diff: Check for privileged port before allowing + certain control operations. +- README.SUSE: Document this change. + +------------------------------------------------------------------- +Wed Mar 23 13:29:19 CET 2005 - garloff@suse.de + +- Require ports < 1024 to allow controlling VMs. + +------------------------------------------------------------------- +Mon Mar 21 19:54:38 CET 2005 - garloff@suse.de + +- Update xen. + +------------------------------------------------------------------- +Wed Mar 16 23:53:27 CET 2005 - garloff@suse.de + +- Update xen. +- Add /var/lib/xen/xen-db/ subdirs. + +------------------------------------------------------------------- +Sun Mar 13 12:24:14 CET 2005 - garloff@suse.de + +- Update to post-2.0.5 +- Make /usr/sbin/xm root:trusted 0750 +- Drop some patches (merged upstream) + +------------------------------------------------------------------- +Tue Mar 8 11:58:32 CET 2005 - garloff@suse.de + +- Update README with security notes. +- Update mk-xen-rescue-image.sh script allowing to specify the + kernel version to be used. +- Rather than busy-looping, exit console on a domain that has + shutdown. + +------------------------------------------------------------------- +Mon Mar 7 17:26:38 CET 2005 - garloff@suse.de + +- Update xen to latest snapshot. +- tgif not needed any more. + +------------------------------------------------------------------- +Tue Mar 1 20:32:39 CET 2005 - garloff@suse.de + +- Include serial-split from Charles Coffing. + +------------------------------------------------------------------- +Tue Mar 1 07:21:11 CET 2005 - garloff@suse.de + +- Update xen to latest snapshot. + +------------------------------------------------------------------- +Mon Feb 21 13:50:35 CET 2005 - garloff@suse.de + +- Update README.SuSE. +- Update xen to latest snapshot. + +------------------------------------------------------------------- +Sun Feb 13 17:09:03 CET 2005 - garloff@suse.de + +- Add init header to xendomains init script. +- Add bridge-utils dependency. +- Update config file and README. +- Activate xend init script on installation. + +------------------------------------------------------------------- +Thu Feb 10 02:31:27 CET 2005 - ro@suse.de + +- remove te_etex and te_pdf from neededforbuild. + +------------------------------------------------------------------- +Thu Feb 10 02:24:46 CET 2005 - garloff@suse.de + +- Update README about IDE dma. +- Default to dhcp. + +------------------------------------------------------------------- +Wed Feb 9 22:05:39 CET 2005 - garloff@suse.de + +- Update to xen post-2.0.4. +- Little bugfix for xen rescue install script. +- Update README.SUSE: Better explanation of root FS creation. + +------------------------------------------------------------------- +Mon Jan 24 03:09:50 CET 2005 - garloff@suse.de + +- Change some defaults to be more secure (xend only binds to + localhost, ip spoof protection on). +- Avoid ipv6 issue with xend network script. +- Extensive docu in README.SUSE now. +- mk-xen-rescue-img.sh creates a xen root fs image from the std + SUSE rescue image. +- Put boot.local script in root img to parse ip boot par. + +------------------------------------------------------------------- +Thu Jan 20 14:48:29 CET 2005 - garloff@suse.de + +- Update to newer snapshot. + +------------------------------------------------------------------- +Thu Jan 20 03:05:11 CET 2005 - garloff@suse.de + +- Update to xen-2.0-unstable (post 2.0.3). + +------------------------------------------------------------------- +Thu Dec 9 10:57:17 CET 2004 - garloff@suse.de + +- Initial creation of package xen, xen-doc-*. +- i686 only for now. + diff --git a/xen.libxl.dmmd.patch b/xen.libxl.dmmd.patch new file mode 100644 index 0000000..fef056a --- /dev/null +++ b/xen.libxl.dmmd.patch @@ -0,0 +1,135 @@ +References: bsc#954872 + +--- + tools/libxl/libxl.c | 4 ++++ + tools/libxl/libxl_device.c | 3 ++- + tools/libxl/libxl_dm.c | 34 +++++++++++++++++++++++++++++----- + tools/libxl/libxlu_disk_l.l | 2 ++ + 4 files changed, 37 insertions(+), 6 deletions(-) + +Index: xen-4.13.0-testing/tools/libxl/libxl_disk.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_disk.c ++++ xen-4.13.0-testing/tools/libxl/libxl_disk.c +@@ -178,7 +178,7 @@ static int libxl__device_disk_setdefault + return rc; + } + +-static int libxl__device_from_disk(libxl__gc *gc, uint32_t domid, ++int libxl__device_from_disk(libxl__gc *gc, uint32_t domid, + const libxl_device_disk *disk, + libxl__device *device) + { +@@ -336,6 +336,10 @@ static void device_disk_add(libxl__egc * + rc = ERROR_FAIL; + goto out; + case LIBXL_DISK_BACKEND_QDISK: ++ if (disk->script) { ++ script = libxl__abs_path(gc, disk->script, libxl__xen_script_dir_path()); ++ flexarray_append_pair(back, "script", script); ++ } + flexarray_append(back, "params"); + flexarray_append(back, GCSPRINTF("%s:%s", + libxl__device_disk_string_of_format(disk->format), +Index: xen-4.13.0-testing/tools/libxl/libxl_device.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_device.c ++++ xen-4.13.0-testing/tools/libxl/libxl_device.c +@@ -326,7 +326,8 @@ static int disk_try_backend(disk_try_bac + return 0; + + case LIBXL_DISK_BACKEND_QDISK: +- if (a->disk->script) goto bad_script; ++ LOG(DEBUG, "Disk vdev=%s, uses script=%s on %s backend", ++ a->disk->vdev, a->disk->script, libxl_disk_backend_to_string(backend)); + return backend; + + default: +@@ -343,11 +344,6 @@ static int disk_try_backend(disk_try_bac + libxl_disk_format_to_string(a->disk->format)); + return 0; + +- bad_script: +- LOG(DEBUG, "Disk vdev=%s, backend %s not compatible with script=...", +- a->disk->vdev, libxl_disk_backend_to_string(backend)); +- return 0; +- + bad_colo: + LOG(DEBUG, "Disk vdev=%s, backend %s not compatible with colo", + a->disk->vdev, libxl_disk_backend_to_string(backend)); +Index: xen-4.13.0-testing/tools/libxl/libxl_dm.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_dm.c ++++ xen-4.13.0-testing/tools/libxl/libxl_dm.c +@@ -1162,6 +1162,30 @@ out: + return rc; + } + ++static void libxl__suse_node_to_path(libxl__gc *gc, int domid, const libxl_device_disk *dp, const char **pdev_path) ++{ ++ libxl_ctx *ctx = libxl__gc_owner(gc); ++ char *be_path, *node; ++ libxl__device device; ++ libxl_device_disk disk; ++ int rc; ++ ++ disk = *dp; ++ rc = libxl__device_from_disk(gc, domid, &disk, &device); ++ if (rc) { ++ LIBXL__LOG(ctx, LIBXL__LOG_WARNING, "libxl__device_from_disk failed %d", rc); ++ return; ++ } ++ be_path = libxl__device_backend_path(gc, &device); ++ ++ node = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/node", be_path)); ++ if (!node) ++ return; ++ ++ LIBXL__LOG(ctx, LIBXL__LOG_WARNING, "replacing '%s' with '%s' from %s/node, just for qemu-xen", *pdev_path, node, be_path); ++ *pdev_path = node; ++} ++ + static int libxl__build_device_model_args_new(libxl__gc *gc, + const char *dm, int guest_domid, + const libxl_domain_config *guest_config, +@@ -1795,9 +1819,11 @@ static int libxl__build_device_model_arg + libxl__device_disk_dev_number(disks[i].vdev, &disk, &part); + const char *format; + char *drive; +- const char *target_path = NULL; ++ const char *target_path = disks[i].pdev_path; + int colo_mode; + ++ libxl__suse_node_to_path(gc, guest_domid, disks + i, &target_path); ++ + if (dev_number == -1) { + LOGD(WARN, guest_domid, "unable to determine"" disk number for %s", + disks[i].vdev); +Index: xen-4.13.0-testing/tools/libxl/libxlu_disk_l.l +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxlu_disk_l.l ++++ xen-4.13.0-testing/tools/libxl/libxlu_disk_l.l +@@ -230,6 +230,8 @@ target=.* { STRIP(','); SAVESTRING("targ + free(newscript); + } + ++dmmd:/.* { DPC->had_depr_prefix=1; DEPRECATE(0); } ++npiv:/.* { DPC->had_depr_prefix=1; DEPRECATE(0); } + tapdisk:/.* { DPC->had_depr_prefix=1; DEPRECATE(0); } + tap2?:/.* { DPC->had_depr_prefix=1; DEPRECATE(0); } + aio:/.* { DPC->had_depr_prefix=1; DEPRECATE(0); } +Index: xen-4.13.0-testing/tools/libxl/libxl_internal.h +=================================================================== +--- xen-4.13.0-testing.orig/tools/libxl/libxl_internal.h ++++ xen-4.13.0-testing/tools/libxl/libxl_internal.h +@@ -2042,6 +2042,10 @@ struct libxl__cpuid_policy { + char *policy[4]; + }; + ++_hidden int libxl__device_from_disk(libxl__gc *gc, uint32_t domid, ++ const libxl_device_disk *disk, ++ libxl__device *device); ++ + /* Calls poll() again - useful to check whether a signaled condition + * is still true. Cannot fail. Returns currently-true revents. */ + _hidden short libxl__fd_poll_recheck(libxl__egc *egc, int fd, short events); diff --git a/xen.spec b/xen.spec new file mode 100644 index 0000000..c4ee979 --- /dev/null +++ b/xen.spec @@ -0,0 +1,9860 @@ +# +# spec file for package xen +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# +# needssslcertforbuild + + +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + +Name: xen +ExclusiveArch: %ix86 x86_64 aarch64 +%define changeset 40162 +%define xen_build_dir xen-4.13.1-testing +# +%define with_gdbsx 0 +%define with_dom0_support 0 +%bcond_with xen_oxenstored +%ifarch x86_64 +%bcond_without xen_debug +%bcond_without xen_stubdom +%else +%bcond_with xen_debug +%bcond_with xen_stubdom +%endif +# +%ifarch x86_64 +%define with_gdbsx 1 +%define with_dom0_support 1 +%endif +# +%ifarch %arm aarch64 +%define with_dom0_support 1 +%endif +# +%define xen_install_suffix %{nil} +%ifarch x86_64 +%define xen_install_suffix .gz +%endif +# EFI requires gcc 4.6 or newer +# gcc46 is available in 12.1 or sles11sp2 +# gcc47 is available in sles11sp3 +# gcc48 is available in sles11sp4 +# 12.2+ have gcc 4.7 as default compiler +%define with_gcc47 0 +%define with_gcc48 0 +%define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services + +BuildRequires: pkgconfig(libsystemd) +%define with_systemd_modules_load %{_prefix}/lib/modules-load.d + +%ifarch %arm aarch64 +%if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && 0%{?sle_version} > 120200 ) +BuildRequires: libfdt-devel +%else +BuildRequires: libfdt1-devel +%endif +%endif +BuildRequires: bison +BuildRequires: fdupes +%if 0%{?suse_version} > 1315 +BuildRequires: figlet +%endif +BuildRequires: flex +BuildRequires: glib2-devel +BuildRequires: libaio-devel +BuildRequires: libbz2-devel +BuildRequires: libnl3-devel +BuildRequires: libpixman-1-0-devel +BuildRequires: libuuid-devel +BuildRequires: libxml2-devel +BuildRequires: libyajl-devel +%if %{with xen_stubdom} +%if 0%{?suse_version} < 1230 +BuildRequires: texinfo +%else +BuildRequires: makeinfo +%endif +%endif +BuildRequires: ncurses-devel +%if %{?with_dom0_support}0 +%if %{with xen_oxenstored} +BuildRequires: ocaml +BuildRequires: ocaml-compiler-libs +BuildRequires: ocaml-findlib +BuildRequires: ocaml-ocamldoc +BuildRequires: ocaml-runtime +%endif +%endif +BuildRequires: acpica +BuildRequires: openssl-devel +BuildRequires: python3-devel +BuildRequires: xz-devel +BuildRequires: pkgconfig(systemd) +%ifarch x86_64 +BuildRequires: gcc-32bit +BuildRequires: gcc-c++ +%if %{?with_gcc47}0 +BuildRequires: gcc47 +%endif +%if %{?with_gcc48}0 +BuildRequires: gcc48 +%endif +BuildRequires: glibc-32bit +BuildRequires: glibc-devel-32bit +BuildRequires: makeinfo +%endif +%ifarch x86_64 +BuildRequires: pesign-obs-integration +%endif + +Version: 4.13.1_10 +Release: lp152.2.12.1 +Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) +License: GPL-2.0-only +Group: System/Kernel +Source0: xen-4.13.1-testing-src.tar.bz2 +Source1: stubdom.tar.bz2 +Source5: ipxe.tar.bz2 +Source6: mini-os.tar.bz2 +Source9: xen.changes +Source10: README.SUSE +Source11: boot.xen +Source12: boot.local.xenU +Source13: xen-supportconfig +Source15: logrotate.conf +Source21: block-npiv-common.sh +Source22: block-npiv +Source23: block-npiv-vport +Source26: init.xen_loop +Source29: block-dmmd +# Xen API remote authentication sources +Source30: etc_pam.d_xen-api +Source31: xenapiusers +# Init script and sysconf file for pciback +Source34: init.pciback +Source35: sysconfig.pciback +Source36: xnloader.py +Source37: xen2libvirt.py +# Systemd service files +Source41: xencommons.service +Source42: xen-dom0-modules.service +Source57: xen-utils-0.1.tar.bz2 +Source10172: xendomains-wait-disks.sh +Source10173: xendomains-wait-disks.LICENSE +Source10174: xendomains-wait-disks.README.md +Source10183: xen_maskcalc.py +# For xen-libs +Source99: baselibs.conf +# Upstream patches +Patch1: 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch +Patch2: 5eb51caa-sched-vcpu-pause-flags-atomic.patch +Patch3: 5ec2a760-x86-determine-MXCSR-mask-always.patch +Patch4: 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch +Patch5: 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch +Patch6: 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch +Patch7: 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch +Patch8: 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch +Patch9: 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch +Patch10: 5ed69804-x86-ucode-fix-start-end-update.patch +Patch11: 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch +Patch12: 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch +Patch13: 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch +Patch14: 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch +Patch15: 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch +Patch16: 5ef44e0d-x86-PMTMR-use-FADT-flags.patch +Patch17: 5ef6156a-x86-disallow-access-to-PT-MSRs.patch +Patch18: 5efcb354-x86-protect-CALL-JMP-straight-line-speculation.patch +Patch19: 5f046c18-evtchn-dont-ignore-error-in-get_free_port.patch +Patch20: 5f046c48-x86-shadow-dirty-VRAM-inverted-conditional.patch +Patch21: 5f046c64-EPT-set_middle_entry-adjustments.patch +Patch22: 5f046c78-EPT-atomically-modify-ents-in-ept_next_level.patch +Patch23: 5f046c9a-VT-d-improve-IOMMU-TLB-flush.patch +Patch24: 5f046cb5-VT-d-prune-rename-cache-flush-funcs.patch +Patch25: 5f046cca-x86-IOMMU-introduce-cache-sync-hook.patch +Patch26: 5f046ce9-VT-d-sync_cache-misaligned-addresses.patch +Patch27: 5f046cfd-x86-introduce-alternative_2.patch +Patch28: 5f046d1a-VT-d-optimize-CPU-cache-sync.patch +Patch29: 5f046d2b-EPT-flush-cache-when-modifying-PTEs.patch +Patch30: 5f046d5c-check-VCPUOP_register_vcpu_info-alignment.patch +Patch31: 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch +Patch32: 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch +Patch33: 5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch +Patch34: 5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch +Patch35: 5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch +Patch36: 5f560c42-x86-PV-64bit-segbase-consistency.patch +Patch333: xsa333.patch +Patch334: xsa334.patch +Patch336: xsa336.patch +Patch33701: xsa337-1.patch +Patch33702: xsa337-2.patch +Patch338: xsa338.patch +Patch339: xsa339.patch +Patch340: xsa340.patch +Patch342: xsa342.patch +Patch34301: xsa343-1.patch +Patch34302: xsa343-2.patch +Patch34303: xsa343-3.patch +Patch34401: xsa344-1.patch +Patch34402: xsa344-2.patch +Patch28601: xsa286-1.patch +Patch28602: xsa286-2.patch +Patch28603: xsa286-3.patch +Patch28604: xsa286-4.patch +Patch28605: xsa286-5.patch +Patch28606: xsa286-6.patch +Patch34501: xsa345-1.patch +Patch34502: xsa345-2.patch +Patch34503: xsa345-3.patch +Patch34601: xsa346-1.patch +Patch34602: xsa346-2.patch +Patch34701: xsa347-1.patch +Patch34702: xsa347-2.patch +Patch34703: xsa347-3.patch +# Our platform specific patches +Patch400: xen-destdir.patch +Patch401: vif-bridge-no-iptables.patch +Patch402: vif-bridge-tap-fix.patch +Patch403: xl-conf-default-bridge.patch +Patch404: xl-conf-disable-autoballoon.patch +Patch405: xen-arch-kconfig-nr_cpus.patch +Patch406: suse-xendomains-service.patch +Patch407: replace-obsolete-network-configuration-commands-in-s.patch +Patch408: disable-building-pv-shim.patch +Patch409: xenstore-launch.patch +Patch410: ignore-ip-command-script-errors.patch +# Needs to go upstream +Patch420: suspend_evtchn_lock.patch +Patch422: stubdom-have-iovec.patch +Patch423: vif-route.patch +Patch424: gcc10-fixes.patch +# Other bug fixes or features +Patch451: xenconsole-no-multiple-connections.patch +Patch452: hibernate.patch +Patch453: stdvga-cache.patch +Patch454: ipxe-enable-nics.patch +Patch455: pygrub-netware-xnloader.patch +Patch456: pygrub-boot-legacy-sles.patch +Patch457: pygrub-handle-one-line-menu-entries.patch +Patch458: aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch +Patch459: aarch64-maybe-uninitialized.patch +Patch461: libxl.max_event_channels.patch +Patch462: libxc.sr.superpage.patch +Patch463: libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch +Patch464: libxl.pvscsi.patch +Patch465: xen.libxl.dmmd.patch +Patch466: libxl.set-migration-constraints-from-cmdline.patch +Patch467: xenstore-run-in-studomain.patch +Patch468: libxl.libxl__domain_pvcontrol.patch +Patch469: libxl.helper_done-crash.patch +Patch470: libxl.LIBXL_HOTPLUG_TIMEOUT.patch +Patch471: libxc.migrate_tracking.patch +# python3 conversion patches +Patch500: build-python3-conversion.patch +Patch501: migration-python3-conversion.patch +Patch502: bin-python3-conversion.patch +# Hypervisor and PV driver Patches +Patch600: xen.bug1026236.suse_vtsc_tolerance.patch +Patch601: x86-ioapic-ack-default.patch +Patch602: x86-cpufreq-report.patch +Patch621: xen.build-compare.doc_html.patch +Patch623: ipxe-no-error-logical-not-parentheses.patch +Patch624: ipxe-use-rpm-opt-flags.patch +# Build patches +Patch99996: xen.stubdom.newlib.patch +Patch99998: tmp_build.patch +Patch99999: reproducible.patch +Url: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%define pyver %(python3 -c "import sys; print(sys.version[:3])") + +%description +Xen is a virtual machine monitor for x86 that supports execution of +multiple guest operating systems with unprecedented levels of +performance and resource isolation. + +This package contains the Xen Hypervisor. (tm) + +[Hypervisor is a trademark of IBM] + +%package libs +Summary: Xen Virtualization: Libraries +License: GPL-2.0-only +Group: System/Kernel + +%description libs +Xen is a virtual machine monitor for x86 that supports execution of +multiple guest operating systems with unprecedented levels of +performance and resource isolation. + +This package contains the libraries used to interact with the Xen +virtual machine monitor. + +In addition to this package you need to install kernel-xen, xen and +xen-tools to use Xen. + + +Authors: +-------- + Ian Pratt <ian.pratt@cl.cam.ac.uk> + + +%if %{?with_dom0_support}0 + +%package tools +Summary: Xen Virtualization: Control tools for domain 0 +License: GPL-2.0-only +Group: System/Kernel +%ifarch x86_64 +%if 0%{?suse_version} >= 1315 +Requires: grub2-x86_64-xen +%endif +Recommends: qemu-ovmf-x86_64 +Requires: qemu-x86 +%endif +%ifarch %arm aarch64 +Requires: qemu-arm +%endif +Requires: %{name} = %{version}-%{release} +Requires: %{name}-libs = %{version}-%{release} +Recommends: multipath-tools +Requires: python3 +Requires: python3-curses +%ifarch %{ix86} x86_64 +Requires: qemu-seabios +%endif +# subpackage existed in 10.3 +Provides: xen-tools-ioemu = %{version} +Obsoletes: xen-tools-ioemu < %{version} +Conflicts: libvirt < 1.0.5 + +%description tools +Xen is a virtual machine monitor for x86 that supports execution of +multiple guest operating systems with unprecedented levels of +performance and resource isolation. + +This package contains the control tools that allow you to start, stop, +migrate, and manage virtual machines. + +In addition to this package you need to install kernel-xen, xen and +xen-libs to use Xen. + + +Authors: +-------- + Ian Pratt <ian.pratt@cl.cam.ac.uk> + + +%ifarch x86_64 +%package tools-xendomains-wait-disk +Summary: Adds a new xendomains-wait-disks.service +License: GPL-3.0+ +Group: System/Kernel +Requires: %{name}-tools = %{version}-%{release} +Requires: coreutils +Requires: sed +Requires: vim +BuildArch: noarch + +%description tools-xendomains-wait-disk +This package adds a new service named xendomains-wait-disks.service, +that simply calls xendomains-wait-disks. xendomains-wait-disks script +loops checking for the presence of every disk used by domU that +xendomains.service will try to launch. The script returns when +all disks become available or xendomains-wait-disks.service expires. + +xendomains-wait-disks.service has the same dependencies as +xendomains.service, but it adds itself as a Wanted service for xendomains. +If xendomains-wait-disks.service fails, xendomains.service is launched anyway. + +https://github.com/luizluca/xen-tools-xendomains-wait-disk +%endif + +%endif + +%package tools-domU +Summary: Xen Virtualization: Control tools for domain U +License: GPL-2.0-only +Group: System/Kernel +Conflicts: %{name}-tools +Requires: %{name}-libs = %{version}-%{release} + +%description tools-domU +Xen is a virtual machine monitor for x86 that supports execution of +multiple guest operating systems with unprecedented levels of +performance and resource isolation. + +This package contains tools that allow unprivileged domains to query +the virtualized environment. + + + +Authors: +-------- + Ian Pratt <ian.pratt@cl.cam.ac.uk> + +%package devel +Summary: Xen Virtualization: Headers and libraries for development +License: GPL-2.0-only +Group: System/Kernel +Requires: %{name}-libs = %{version} +Requires: libuuid-devel + +%description devel +Xen is a virtual machine monitor for x86 that supports execution of +multiple guest operating systems with unprecedented levels of +performance and resource isolation. + +This package contains the libraries and header files needed to create +tools to control virtual machines. + + + +Authors: +-------- + Ian Pratt <ian.pratt@cl.cam.ac.uk> + +%if %{?with_dom0_support}0 + +%package doc-html +Summary: Xen Virtualization: HTML documentation +License: GPL-2.0-only +Group: Documentation/HTML + +%description doc-html +Xen is a virtual machine monitor for x86 that supports execution of +multiple guest operating systems with unprecedented levels of +performance and resource isolation. + +xen-doc-html contains the online documentation in HTML format. Point +your browser at file:/usr/share/doc/packages/xen/html/ + + + +Authors: +-------- + Ian Pratt <ian.pratt@cl.cam.ac.uk> +%endif + +%prep +%setup -q -n %xen_build_dir -a 1 -a 5 -a 6 -a 57 +# Upstream patches +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 +%patch20 -p1 +%patch21 -p1 +%patch22 -p1 +%patch23 -p1 +%patch24 -p1 +%patch25 -p1 +%patch26 -p1 +%patch27 -p1 +%patch28 -p1 +%patch29 -p1 +%patch30 -p1 +%patch31 -p1 +%patch32 -p1 +%patch33 -p1 +%patch34 -p1 +%patch35 -p1 +%patch36 -p1 +%patch333 -p1 +%patch334 -p1 +%patch336 -p1 +%patch33701 -p1 +%patch33702 -p1 +%patch338 -p1 +%patch339 -p1 +%patch340 -p1 +%patch342 -p1 +%patch34301 -p1 +%patch34302 -p1 +%patch34303 -p1 +%patch34401 -p1 +%patch34402 -p1 +%patch28601 -p1 +%patch28602 -p1 +%patch28603 -p1 +%patch28604 -p1 +%patch28605 -p1 +%patch28606 -p1 +%patch34501 -p1 +%patch34502 -p1 +%patch34503 -p1 +%patch34601 -p1 +%patch34602 -p1 +%patch34701 -p1 +%patch34702 -p1 +%patch34703 -p1 +# Our platform specific patches +%patch400 -p1 +%patch401 -p1 +%patch402 -p1 +%patch403 -p1 +%patch404 -p1 +%patch405 -p1 +%patch406 -p1 +%patch407 -p1 +%patch408 -p1 +%patch409 -p1 +%patch410 -p1 +# Needs to go upstream +%patch420 -p1 +%patch422 -p1 +%patch423 -p1 +%patch424 -p1 +# Other bug fixes or features +%patch451 -p1 +%patch452 -p1 +%patch453 -p1 +%patch454 -p1 +%patch455 -p1 +%patch456 -p1 +%patch457 -p1 +%patch458 -p1 +%patch459 -p1 +%patch461 -p1 +%patch462 -p1 +%patch463 -p1 +%patch464 -p1 +%patch465 -p1 +%patch466 -p1 +%patch467 -p1 +%patch468 -p1 +%patch469 -p1 +%patch470 -p1 +%patch471 -p1 +# python3 conversion patches +%patch500 -p1 +%patch501 -p1 +%patch502 -p1 +# Hypervisor and PV driver Patches +%patch600 -p1 +%patch601 -p1 +%patch602 -p1 +%patch621 -p1 +%patch623 -p1 +%patch624 -p1 +# Build patches +%patch99996 -p1 +%patch99998 -p1 +%patch99999 -p1 + +%build +%define _lto_cflags %{nil} + +# we control the version info of this package +# to gain control of filename of xen.gz +XEN_VERSION=%{version} +XEN_VERSION=${XEN_VERSION%%%%.*} +XEN_SUBVERSION=%{version} +XEN_SUBVERSION=${XEN_SUBVERSION#*.} +XEN_SUBVERSION=${XEN_SUBVERSION%%%%.*} +XEN_EXTRAVERSION="%version-%release" +XEN_EXTRAVERSION="${XEN_EXTRAVERSION#*.}" +XEN_EXTRAVERSION="${XEN_EXTRAVERSION#*.}" +# remove trailing B_CNT to reduce build-compare noise +XEN_EXTRAVERSION="${XEN_EXTRAVERSION%%.*}" +XEN_FULLVERSION="$XEN_VERSION.$XEN_SUBVERSION.$XEN_EXTRAVERSION" +XEN_BUILD_DATE="`date -u -d '1970-01-01'`" +XEN_BUILD_TIME="`date -u -d '1970-01-01' +%%T`" +SMBIOS_REL_DATE="`date -u -d '1970-01-01' +%%m/%%d/%%Y`" +RELDATE="`date -u -d '1970-01-01' '+%%d %%b %%Y'`" +if test -r %{S:9} +then + XEN_BUILD_DATE="` date -u -d \"$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\" `" + XEN_BUILD_TIME="` date -u -d \"$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\" +%%T`" + SMBIOS_REL_DATE="` date -u -d \"$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\" +%%m/%%d/%%Y`" + RELDATE="` date -u -d \"$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\" '+%%d %%b %%Y'`" +fi +cat > .our_xenversion <<_EOV_ +export WGET=$(type -P false) +export FTP=$(type -P false) +export GIT=$(type -P false) +export EXTRA_CFLAGS_XEN_TOOLS="%{optflags}" +export EXTRA_CFLAGS_QEMU_TRADITIONAL="%{optflags}" +export SMBIOS_REL_DATE="$SMBIOS_REL_DATE" +export RELDATE="$RELDATE" +XEN_VERSION=$XEN_VERSION +XEN_SUBVERSION=$XEN_SUBVERSION +XEN_EXTRAVERSION=$XEN_EXTRAVERSION +XEN_FULLVERSION=$XEN_FULLVERSION +_EOV_ +source ./.our_xenversion +echo "%{changeset}" > xen/.scmversion +sed -i~ " +s/XEN_VERSION[[:blank:]]*=.*/XEN_VERSION = $XEN_VERSION/ +s/XEN_SUBVERSION[[:blank:]]*=.*/XEN_SUBVERSION = $XEN_SUBVERSION/ +s/XEN_EXTRAVERSION[[:blank:]]*?=.*/XEN_EXTRAVERSION = .$XEN_EXTRAVERSION/ +s/XEN_FULLVERSION[[:blank:]]*=.*/XEN_FULLVERSION = $XEN_FULLVERSION/ +s/XEN_BUILD_DATE[[:blank:]]*?=.*/XEN_BUILD_DATE = $XEN_BUILD_DATE/ +s/XEN_BUILD_TIME[[:blank:]]*?=.*/XEN_BUILD_TIME = $XEN_BUILD_TIME/ +s/XEN_BUILD_HOST[[:blank:]]*?=.*/XEN_BUILD_HOST = buildhost/ +s/XEN_DOMAIN[[:blank:]]*?=.*/XEN_DOMAIN = suse.de/ +" xen/Makefile +if diff -u xen/Makefile~ xen/Makefile +then + : no changes? +fi +configure_flags= +%if %{with xen_stubdom} +configure_flags=--enable-stubdom +%else +# change the/our default to daemon due to lack of stubdom +sed -i~ 's/ XENSTORETYPE=domain$/ XENSTORETYPE=daemon/' tools/hotplug/Linux/launch-xenstore.in +configure_flags=--disable-stubdom +%endif +export PYTHON="/usr/bin/python3" +configure_flags="${configure_flags} --disable-qemu-traditional" +./configure \ + --disable-xen \ + --enable-tools \ + --enable-docs \ + --prefix=/usr \ + --exec_prefix=/usr \ + --bindir=%{_bindir} \ + --sbindir=%{_sbindir} \ + --libdir=%{_libdir} \ + --libexecdir=%{_libexecdir} \ + --datadir=%{_datadir} \ + --mandir=%{_mandir} \ + --includedir=%{_includedir} \ + --docdir=%{_defaultdocdir}/xen \ + --with-initddir=%{_initddir} \ +%if %{?with_dom0_support}0 +%if %{with xen_oxenstored} + --with-xenstored=oxenstored \ +%endif +%endif + --enable-systemd \ + --with-systemd=%{_unitdir} \ + --with-systemd-modules-load=%{with_systemd_modules_load} \ + --with-system-ovmf=%{_datadir}/qemu/ovmf-x86_64-ms.bin \ + --with-system-seabios=%{_datadir}/qemu/bios-256k.bin \ + --with-system-qemu=%{_bindir}/qemu-system-i386 \ + ${configure_flags} +make -C tools/include/xen-foreign %{?_smp_mflags} +make %{?_smp_mflags} +%if %{?with_dom0_support}0 +make -C tools/xen-utils-0.1 XEN_INTREE_BUILD=yes XEN_ROOT=$PWD +%endif +# + +%install +source ./.our_xenversion +# tools +make \ + DESTDIR=%{buildroot} \ + SYSCONFIG_DIR=%{_fillupdir} \ + PKG_INSTALLDIR=%{_libdir}/pkgconfig \ + %{?_smp_mflags} \ + install +find %{buildroot} -ls +for i in %{buildroot}/%{_fillupdir}/* +do + mv -v $i ${i%%/*}/sysconfig.${i##*/} +done + +# +udev_rulesdir=%{buildroot}/%{_udevrulesdir} +tools_domU_dir=%{buildroot}/%{_libexecdir}/%{name}-tools-domU +mkdir -p ${udev_rulesdir} +mkdir -p ${tools_domU_dir} +# +tee ${udev_rulesdir}/80-%{name}-tools-domU.rules <<'_EOR_' +# XenSource, Inc. Xen Platform Device +SUBSYSTEM=="pci", ATTR{modalias}=="pci:v00005853d00000001sv00005853sd00000001bcFFsc80i00", TAG+="systemd", ENV{SYSTEMD_WANTS}+="%{name}-vcpu-watch.service" +_EOR_ +# +tee %{buildroot}/%{_unitdir}/%{name}-vcpu-watch.service <<'_EOS_' +[Unit] +Description=Listen to CPU online/offline events from dom0 toolstack + +[Service] +Type=simple +ExecStart=%{_libexecdir}/%{name}-tools-domU/%{name}-vcpu-watch.sh +Restart=always +RestartSec=2 +_EOS_ +# +tee %{buildroot}/%{_libexecdir}/%{name}-tools-domU/%{name}-vcpu-watch.sh <<'_EOS_' +#!/bin/bash +unset LANG +unset ${!LC_*} +echo "$0 starting" >&2 +xenstore-watch cpu | while read +do + : xenstore event: ${REPLY} + case "${REPLY}" in + cpu) + : just started + ;; + cpu/[0-9]/availability|cpu/[0-9][0-9]/availability) + vcpu="${REPLY%%/*}" + vcpu="${vcpu#*/}" + sysfs="/sys/devices/system/cpu/cpu${vcpu}/online" + if test -f "${sysfs}" + then + availability="`xenstore-read \"${REPLY}\"`" + case "${availability}" in + online|offline) + if test "${availability}" = "online" + then + new_sysfs_state=1 + else + new_sysfs_state=0 + fi + read cur_sysfs_state rest < "${sysfs}" + if test "${cur_sysfs_state}" = "${new_sysfs_state}" + then + : the vcpu "${vcpu}" already has state "${availability}" via "${sysfs}" + else + : setting vcpu "${vcpu}" to "${availability}" via "${sysfs}" + echo "setting vcpu ${vcpu} to ${availability}" >&2 + echo "${new_sysfs_state}" > "${sysfs}" + fi + ;; + esac + fi + ;; + *) + : unhandled + ;; + esac +done +exit 1 +_EOS_ +chmod 755 %{buildroot}/%{_libexecdir}/%{name}-tools-domU/%{name}-vcpu-watch.sh +# +tee ${udev_rulesdir}/60-persistent-xvd.rules <<'_EOR_' +ACTION=="remove", GOTO="xvd_aliases_end" +SUBSYSTEM!="block", GOTO="xvd_aliases_end" +KERNEL=="xvd*[!0-9]", IMPORT{program}=="%{name}-tools-domU.sh --devpath %%p --devtype $env{DEVTYPE}" +KERNEL=="xvd*[0-9]", IMPORT{program}=="%{name}-tools-domU.sh --devpath %%p --devtype $env{DEVTYPE}" +KERNEL=="xvd*[!0-9]", ENV{VBD_HD_SYMLINK}=="hd[a-d]", SYMLINK+="$env{VBD_HD_SYMLINK}" +KERNEL=="xvd*[0-9]", ENV{VBD_HD_SYMLINK}=="hd[a-d]", SYMLINK+="$env{VBD_HD_SYMLINK}%%n" +LABEL="xvd_aliases_end" +_EOR_ +# +tee ${udev_rulesdir}/80-%{name}-channel-setup.rules <<'_EOF_' +SUBSYSTEM=="xen", DEVPATH=="/devices/console-[0-9]", IMPORT{program}=="xen-channel-setup.sh $attr{nodename} %%n" + +SUBSYSTEM=="xen", DEVPATH=="/devices/console-[0-9]", ENV{XEN_CHANNEL_NAME}=="org.qemu.guest_agent.0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="qemu-ga@hvc%%n.service" +_EOF_ +# +dracut_moduledir=%{buildroot}/usr/lib/dracut/modules.d/50%{name}-tools-domU +mkdir -p ${dracut_moduledir} +tee ${dracut_moduledir}/module-setup.sh <<'_EOS_' +#!/bin/bash +check() { + require_binaries xenstore-read || return 1 + return 0 +} + +depends() { + return 0 +} +install() { + inst_multiple xenstore-read + inst_multiple ${udevdir}/%{name}-tools-domU.sh + inst_rules 60-persistent-xvd.rules +} +_EOS_ +chmod 755 ${dracut_moduledir}/module-setup.sh +# +udev_programdir=%{buildroot}/usr/lib/udev +mkdir -p ${udev_programdir} +tee ${udev_programdir}/%{name}-tools-domU.sh <<'_EOS_' +#!/bin/bash +set -e +devpath= +devtype= +dev= +while test "$#" -gt 0 +do + : "$1" + case "$1" in + --devpath) devpath=$2 ; shift ;; + --devtype) devtype=$2 ; shift ;; + *) echo "$0: Unknown option $1" >&2 ; exit 1 ;; + esac + shift +done +test -n "${devpath}" || exit 1 +test -n "${devtype}" || exit 1 +cd "/sys/${devpath}" +case "${devtype}" in + partition) cd .. ;; +esac +cd -P device +d="${PWD##*/}" +d="${d/-/\/}" +backend="`xenstore-read device/${d}/backend`" +dev="`xenstore-read \"${backend}\"/dev`" +test -n "${dev}" && echo "VBD_HD_SYMLINK=${dev}" +_EOS_ +# +tee ${udev_programdir}/%{name}-channel-setup.sh <<'_EOF_' +#!/bin/bash + +if test "$#" -ne 2; then + exit 1 +fi + +channel_path="$1" +channel_num="$2" + +name="`xenstore-read \"$channel_path\"/name`" +test -z "$name" && exit 1 + +if test $name != "org.qemu.guest_agent.0"; then + exit 1 +fi + +mkdir -p /dev/xenchannel +devname=/dev/xenchannel/$name +# Xen's console devices are used for channels. See xen-pv-channel(7) +# for more details +ln -sfn /dev/hvc$channel_num $devname + +echo "XEN_CHANNEL_NAME=$name" +_EOF_ +chmod 755 ${udev_programdir}/*.sh + +# EFI +%if %{?with_dom0_support}0 +arch=`uname -m` +install_xen() +{ + local ext="" + find %{buildroot}/boot -ls + if [ -n "$1" ]; then + ext="-$1" + mv %{buildroot}/boot/xen-syms-${XEN_FULLVERSION} \ + %{buildroot}/boot/xen-syms${ext}-${XEN_FULLVERSION} + mv %{buildroot}/boot/xen-${XEN_FULLVERSION}%{xen_install_suffix} \ + %{buildroot}/boot/xen${ext}-${XEN_FULLVERSION}%{xen_install_suffix} + if test -d %{buildroot}/%{_libdir}/efi; then + mv %{buildroot}/%{_libdir}/efi/xen-${XEN_FULLVERSION}.efi %{buildroot}/%{_libdir}/efi/xen${ext}-${XEN_FULLVERSION}.efi + ln -sf xen${ext}-${XEN_FULLVERSION}.efi %{buildroot}/%{_libdir}/efi/xen${ext}-$XEN_VERSION.$XEN_SUBVERSION.efi + ln -sf xen${ext}-${XEN_FULLVERSION}.efi %{buildroot}/%{_libdir}/efi/xen${ext}-$XEN_VERSION.efi + ln -sf xen${ext}-${XEN_FULLVERSION}.efi %{buildroot}/%{_libdir}/efi/xen${ext}.efi + fi + elif test -d %{buildroot}/%{_libdir}/efi; then + # Move the efi files to /usr/share/efi/<arch> (fate#326960) + mkdir -p %{buildroot}/%{_datadir}/efi/$arch + mv %{buildroot}/%{_libdir}/efi/xen*.efi %{buildroot}/%{_datadir}/efi/$arch/ + ln -s %{_datadir}/efi/$arch/xen-${XEN_FULLVERSION}.efi %{buildroot}/%{_libdir}/efi/xen.efi + fi + rm %{buildroot}/boot/xen-$XEN_VERSION.$XEN_SUBVERSION%{xen_install_suffix} + rm %{buildroot}/boot/xen-$XEN_VERSION%{xen_install_suffix} + rm %{buildroot}/boot/xen%{xen_install_suffix} + # Do not link to links; grub cannot follow. + ln -s xen${ext}-${XEN_FULLVERSION}%{xen_install_suffix} %{buildroot}/boot/xen${ext}-$XEN_VERSION.$XEN_SUBVERSION%{xen_install_suffix} + ln -s xen${ext}-${XEN_FULLVERSION}%{xen_install_suffix} %{buildroot}/boot/xen${ext}-$XEN_VERSION%{xen_install_suffix} + ln -s xen${ext}-${XEN_FULLVERSION}%{xen_install_suffix} %{buildroot}/boot/xen${ext}%{xen_install_suffix} + if test -f xen-syms${ext}-${XEN_FULLVERSION}; then + ln -sf xen-syms${ext}-${XEN_FULLVERSION} %{buildroot}/boot/xen-syms${ext} + fi + find %{buildroot}/boot -ls +} +export BRP_PESIGN_FILES="*.efi /lib/firmware" +CC=gcc +%if %{?with_gcc47}0 +CC=gcc-4.7 +%endif +%if %{?with_gcc48}0 +CC=gcc-4.8 +%endif +rm -fv xen/.config +%if %{with xen_debug} +echo CONFIG_DEBUG=y > xen/.config +echo "CONFIG_DOM0_MEM=\"1G+10%%,max:64G\"" >> xen/.config +yes '' | make -C xen oldconfig +make -C xen install DEBUG_DIR=/boot DESTDIR=%{buildroot} CC=$CC %{?_smp_mflags} +install_xen dbg +make -C xen clean +%endif +echo CONFIG_DEBUG=n > xen/.config +echo "CONFIG_DOM0_MEM=\"1G+10%%,max:64G\"" >> xen/.config +yes '' | make -C xen oldconfig +make -C xen install DEBUG_DIR=/boot DESTDIR=%{buildroot} CC=$CC %{?_smp_mflags} +install_xen +make -C xen clean +%endif + +# On x86_64, qemu-xen was installed as /usr/lib/xen/bin/qemu-system-i386 +# and advertised as the <emulator> in libvirt capabilities. Tool such as +# virt-install include <emulator> in domXML they produce, so we need to +# preserve the path. For x86_64, create a simple wrapper that invokes +# /usr/bin/qemu-system-i386 +# Using qemu-system-x86_64 will result in an incompatible VM +%ifarch x86_64 +cat > %{buildroot}%{_libexecdir}/xen/bin/qemu-system-i386 << 'EOF' +#!/bin/sh + +exec %{_bindir}/qemu-system-i386 "$@" +EOF +chmod 0755 %{buildroot}%{_libexecdir}/xen/bin/qemu-system-i386 +# +unit='%{_libexecdir}/%{name}/bin/xendomains-wait-disks' +mkdir -vp '%{buildroot}%{_libexecdir}/%{name}/bin' +cp -avL '%{SOURCE10172}' "%{buildroot}${unit}" +mkdir xendomains-wait-disk +cp -avL '%{SOURCE10173}' xendomains-wait-disk/LICENSE +cp -avL '%{SOURCE10174}' xendomains-wait-disk/README.md +tee %{buildroot}%{_unitdir}/xendomains-wait-disks.service <<'_EOS_' +[Unit] +Description=Xendomains - for those machines that will start, wait for their disks to apear +Requires=proc-xen.mount xenstored.service +After=proc-xen.mount xenstored.service xenconsoled.service xen-init-dom0.service +After=network-online.target +After=remote-fs.target +Before=xendomains.service +ConditionPathExists=/proc/xen/capabilities + +[Service] +Type=oneshot +ExecStart=${unit} +TimeoutSec=5min + +[Install] +WantedBy=xendomains.service +_EOS_ +# +%endif + +# Stubdom +%if %{?with_dom0_support}0 +# Docs +mkdir -p %{buildroot}/%{_defaultdocdir}/xen/misc +for name in COPYING %SOURCE10 %SOURCE11 %SOURCE12; do + install -m 644 $name %{buildroot}/%{_defaultdocdir}/xen/ +done +for name in vtpm-platforms.txt crashdb.txt xenpaging.txt \ + xen-command-line.pandoc xenstore-paths.pandoc; do + install -m 644 docs/misc/$name %{buildroot}/%{_defaultdocdir}/xen/misc/ +done + +mkdir -p %{buildroot}/etc/modprobe.d +install -m644 %SOURCE26 %{buildroot}/etc/modprobe.d/xen_loop.conf + +# xen-utils +make -C tools/xen-utils-0.1 install DESTDIR=%{buildroot} XEN_INTREE_BUILD=yes XEN_ROOT=$PWD +install -m755 %SOURCE37 %{buildroot}/usr/sbin/xen2libvirt +install -m755 %SOURCE10183 %{buildroot}/usr/sbin/xen_maskcalc + +rm -f %{buildroot}/etc/xen/README* +# Example config +mkdir -p %{buildroot}/etc/xen/{vm,examples,scripts} +mv %{buildroot}/etc/xen/xlexample* %{buildroot}/etc/xen/examples +rm -f %{buildroot}/etc/xen/examples/*nbd +install -m644 tools/xentrace/formats %{buildroot}/etc/xen/examples/xentrace_formats.txt + +# Scripts +rm -f %{buildroot}/etc/xen/scripts/block-*nbd +install -m755 %SOURCE21 %SOURCE22 %SOURCE23 %SOURCE29 %{buildroot}/etc/xen/scripts/ +mkdir -p %{buildroot}/usr/lib/supportconfig/plugins +install -m 755 %SOURCE13 %{buildroot}/usr/lib/supportconfig/plugins/xen + +# Xen API remote authentication files +install -d %{buildroot}/etc/pam.d +install -m644 %SOURCE30 %{buildroot}/etc/pam.d/xen-api +install -m644 %SOURCE31 %{buildroot}/etc/xen/ + +# Logrotate +install -m644 -D %SOURCE15 %{buildroot}/etc/logrotate.d/xen + +# Directories +mkdir -p %{buildroot}/var/lib/xenstored +mkdir -p %{buildroot}/var/lib/xen/images +mkdir -p %{buildroot}/var/lib/xen/jobs +mkdir -p %{buildroot}/var/lib/xen/save +mkdir -p %{buildroot}/var/lib/xen/dump +mkdir -p %{buildroot}/var/log/xen +mkdir -p %{buildroot}/var/log/xen/console + +# Bootloader +install -m644 %SOURCE36 %{buildroot}/%{_libdir}/python%{pyver}/site-packages + +# Systemd +cp -bavL %{S:41} %{buildroot}/%{_unitdir} +bn=`basename %{S:42}` +cp -bavL %{S:42} %{buildroot}/%{_unitdir}/${bn} +mods="` +for conf in $(ls %{buildroot}/%{with_systemd_modules_load}/*.conf) +do + grep -v ^# $conf + echo -n > $conf +done +`" +for mod in $mods +do + echo "ExecStart=-/bin/sh -c 'modprobe $mod || :'" >> %{buildroot}/%{_unitdir}/${bn} +done +rm -rfv %{buildroot}/%{_initddir} +install -m644 %SOURCE35 %{buildroot}/%{_fillupdir}/sysconfig.pciback + +# Clean up unpackaged files +find %{buildroot} \( \ + -name .deps -o \ + -name README.blktap -o \ + -name README.xenmon -o \ + -name target-x86_64.conf -o \ + -name xen-mfndump -o \ + -name qcow-create -o \ + -name img2qcow -o \ + -name qcow2raw -o \ + -name qemu-bridge-helper -o \ + -name qemu-img-xen -o \ + -name qemu-nbd-xen -o \ + -name palcode-clipper -o \ + -name xen-shim-syms -o \ + -name "*.dtb" -o \ + -name "openbios-*" -o \ + -name "petalogix*" -o \ + -name "ppc*" -o \ + -name "*.pyc" -o \ + -name "s390*" -o \ + -name "slof*" -o \ + -name "spapr*" -o \ + -name "*.egg-info" \) \ + -print -delete +# Wipe empty directories +if find %{buildroot}/usr -type d -print0 | xargs -0n1 rmdir -p 2>/dev/null +then + : +fi + +# "xl devd" has to be called manually in a driver domain +find %{buildroot} -name xendriverdomain.service -print -delete + +# Create hardlinks for 3 .txt files and 1 .py +%fdupes %{buildroot}/%{_prefix} +find %{buildroot} -type f -size 0 -delete -print + +%else +# !with_dom0_support + +# 32 bit hypervisor no longer supported. Remove dom0 tools. +rm -rf %{buildroot}/%{_datadir}/doc +rm -rf %{buildroot}/%{_datadir}/man +rm -rf %{buildroot}/%{_libexecdir}/xen +rm -rf %{buildroot}/%{_libdir}/python* +rm -rf %{buildroot}/%{_libdir}/ocaml* +rm -rf %{buildroot}/%{_unitdir} +rm -rf %{buildroot}/%{_fillupdir} +rm -rf %{buildroot}/%{with_systemd_modules_load} +rm -rf %{buildroot}/usr/sbin +rm -rf %{buildroot}/etc/xen +rm -rf %{buildroot}/var +rm -f %{buildroot}/%{_sysconfdir}/bash_completion.d/xl.sh +rm -f %{buildroot}/%{_sysconfdir}/init.d/xen* +rm -f %{buildroot}/%{_bindir}/*trace* +rm -f %{buildroot}/%{_bindir}/xenalyze* +rm -f %{buildroot}/%{_bindir}/xenco* +rm -f %{buildroot}/%{_bindir}/xen-cpuid +rm -f %{buildroot}/%{_bindir}/xenstore* +rm -f %{buildroot}/%{_bindir}/pygrub +rm -f %{buildroot}/%{_bindir}/remus +rm -f %{buildroot}/usr/etc/qemu/target-x86_64.conf +rm -f %{buildroot}/usr/libexec/qemu-bridge-helper +%endif + +%if %{?with_dom0_support}0 + +%files +%defattr(-,root,root) +/boot/* +%{_libdir}/efi +%{_datadir}/efi + +%endif + +%files libs +%defattr(-,root,root) +%{_libdir}/xenfsimage/ +%{_libdir}/*.so.* + +%if %{?with_dom0_support}0 + +%files tools +%defattr(-,root,root) +/usr/bin/xenalyze +/usr/bin/xencons +/usr/bin/xenstore* +/usr/bin/pygrub +/usr/bin/xencov_split +/usr/bin/xentrace_format +%ifarch x86_64 +/usr/bin/xen-cpuid +/usr/sbin/xen-ucode +%endif +/usr/sbin/xenbaked +/usr/sbin/xenconsoled +/usr/sbin/xencov +/usr/sbin/xenlockprof +/usr/sbin/xenmon +/usr/sbin/xenperf +/usr/sbin/xenpm +/usr/sbin/xenpmd +/usr/sbin/xenstored +/usr/sbin/xentop +/usr/sbin/xentrace +/usr/sbin/xentrace_setsize +/usr/sbin/xentrace_setmask +/usr/sbin/xenwatchdogd +/usr/sbin/flask-get-bool +/usr/sbin/flask-getenforce +/usr/sbin/flask-label-pci +/usr/sbin/flask-loadpolicy +/usr/sbin/flask-set-bool +/usr/sbin/flask-setenforce +%if %{?with_gdbsx}0 +/usr/sbin/gdbsx +%endif +/usr/sbin/xl +/usr/sbin/xen2libvirt +/usr/sbin/xen_maskcalc +%ifarch %ix86 x86_64 +/usr/sbin/xen-hptool +/usr/sbin/xen-hvmcrash +/usr/sbin/xen-hvmctx +/usr/sbin/xen-lowmemd +/usr/sbin/xen-kdd +%endif +/usr/sbin/xen-list +/usr/sbin/xen-destroy +/usr/sbin/xen-livepatch +/usr/sbin/xen-diag +%dir %attr(700,root,root) /etc/xen +%dir /etc/xen/scripts +/etc/xen/scripts/block* +/etc/xen/scripts/external-device-migrate +/etc/xen/scripts/hotplugpath.sh +/etc/xen/scripts/launch-xenstore +/etc/xen/scripts/locking.sh +/etc/xen/scripts/logging.sh +/etc/xen/scripts/vif2 +/etc/xen/scripts/vif-* +/etc/xen/scripts/vscsi +/etc/xen/scripts/xen-hotplug-* +/etc/xen/scripts/xen-network-common.sh +/etc/xen/scripts/xen-script-common.sh +/etc/xen/scripts/colo-proxy-setup +/etc/xen/scripts/remus-netbuf-setup +%dir /usr/lib/supportconfig +%dir /usr/lib/supportconfig/plugins +/usr/lib/supportconfig/plugins/xen +%{_libexecdir}/xen +%exclude %{_libexecdir}/%{name}-tools-domU +%ifarch x86_64 +%exclude %{_libexecdir}/%{name}/bin/xendomains-wait-disks +%endif +%{_fillupdir}/sysconfig.pciback +%{_fillupdir}/sysconfig.xencommons +%{_fillupdir}/sysconfig.xendomains +%dir /var/lib/xen +%dir %attr(700,root,root) /var/lib/xen/images +%dir %attr(700,root,root) /var/lib/xen/save +%dir %attr(700,root,root) /var/lib/xen/dump +%ifarch %ix86 x86_64 +%dir %attr(700,root,root) /var/lib/xen/xenpaging +%endif +%dir /var/lib/xenstored +%dir /var/log/xen +%dir /var/log/xen/console +%config /etc/logrotate.d/xen +/etc/xen/auto +%config /etc/xen/examples +%config /etc/xen/cpupool +%config /etc/xen/vm +%config(noreplace) /etc/xen/xenapiusers +%config(noreplace) /etc/xen/xl.conf +%config /etc/pam.d/xen-api +%config /etc/modprobe.d/xen_loop.conf +%config %{_unitdir} +%exclude %{_unitdir}/%{name}-vcpu-watch.service +%exclude %{_unitdir}/xendomains-wait-disks.service +%config %{with_systemd_modules_load} +%dir /etc/modprobe.d +/etc/bash_completion.d/xl.sh +%dir %{_libdir}/python%{pyver}/site-packages/grub +%dir %{_libdir}/python%{pyver}/site-packages/xen +%dir %{_libdir}/python%{pyver}/site-packages/xen/lowlevel +%dir %{_libdir}/python%{pyver}/site-packages/xen/migration +%{_libdir}/python%{pyver}/site-packages/grub/* +%{_libdir}/python%{pyver}/site-packages/xen/__init__* +%{_libdir}/python%{pyver}/site-packages/xen/lowlevel/* +%{_libdir}/python%{pyver}/site-packages/xen/migration/* +%{_libdir}/python%{pyver}/site-packages/*.so +%{_libdir}/python%{pyver}/site-packages/xnloader.py +%dir %{_defaultdocdir}/xen +%{_defaultdocdir}/xen/COPYING +%{_defaultdocdir}/xen/README.SUSE +%{_defaultdocdir}/xen/boot.local.xenU +%{_defaultdocdir}/xen/boot.xen +%{_mandir}/man*/* + +%if %{with xen_oxenstored} +/usr/sbin/oxenstored +/etc/xen/oxenstored.conf +%dir %{_libdir}/ocaml +%dir %{_libdir}/ocaml/xenbus +%dir %{_libdir}/ocaml/xenctrl +%dir %{_libdir}/ocaml/xeneventchn +%dir %{_libdir}/ocaml/xenlight +%dir %{_libdir}/ocaml/xenmmap +%dir %{_libdir}/ocaml/xenstore +%dir %{_libdir}/ocaml/xentoollog +%{_libdir}/ocaml/xenbus/META +%{_libdir}/ocaml/xenbus/*.so +%{_libdir}/ocaml/xenbus/*.cma +%{_libdir}/ocaml/xenbus/*.cmi +%{_libdir}/ocaml/xenbus/*.cmo +%{_libdir}/ocaml/xenctrl/META +%{_libdir}/ocaml/xenctrl/*.so +%{_libdir}/ocaml/xenctrl/*.cma +%{_libdir}/ocaml/xenctrl/*.cmi +%{_libdir}/ocaml/xeneventchn/META +%{_libdir}/ocaml/xeneventchn/*.so +%{_libdir}/ocaml/xeneventchn/*.cma +%{_libdir}/ocaml/xeneventchn/*.cmi +%{_libdir}/ocaml/xenlight/META +%{_libdir}/ocaml/xenlight/*.so +%{_libdir}/ocaml/xenlight/*.cma +%{_libdir}/ocaml/xenlight/*.cmi +%{_libdir}/ocaml/xenmmap/META +%{_libdir}/ocaml/xenmmap/*.so +%{_libdir}/ocaml/xenmmap/*.cma +%{_libdir}/ocaml/xenmmap/*.cmi +%{_libdir}/ocaml/xenstore/META +%{_libdir}/ocaml/xenstore/*.cma +%{_libdir}/ocaml/xenstore/*.cmi +%{_libdir}/ocaml/xenstore/*.cmo +%{_libdir}/ocaml/xentoollog/META +%{_libdir}/ocaml/xentoollog/*.so +%{_libdir}/ocaml/xentoollog/*.cma +%{_libdir}/ocaml/xentoollog/*.cmi +%endif + +%ifarch x86_64 +%files tools-xendomains-wait-disk +%license xendomains-wait-disk/LICENSE +%doc xendomains-wait-disk/README.md +%config %{_unitdir}/xendomains-wait-disks.service +%config %attr(0755,root,root) %{_libexecdir}/%{name}/bin/xendomains-wait-disks +%endif +# with_dom0_support +%endif + +%posttrans -n %{name}-tools-domU +%{?regenerate_initrd_posttrans} + +%files tools-domU +%defattr(-,root,root) +%ifarch %ix86 x86_64 +/usr/bin/xen-detect +%endif +/bin/domu-xenstore* +/bin/xenstore-* +%if %{?with_dom0_support}0 +%config %{_unitdir}/%{name}-vcpu-watch.service +%endif +%{_libexecdir}/%{name}-tools-domU +/usr/lib/udev +/usr/lib/dracut + +%files devel +%defattr(-,root,root) +%{_libdir}/*.a +%{_libdir}/*.so +%if %{?with_dom0_support}0 +%if %{with xen_oxenstored} +%{_libdir}/ocaml/xenbus/*.a +%{_libdir}/ocaml/xenbus/*.cmx* +%{_libdir}/ocaml/xenctrl/*.a +%{_libdir}/ocaml/xenctrl/*.cmx* +%{_libdir}/ocaml/xeneventchn/*.a +%{_libdir}/ocaml/xeneventchn/*.cmx* +%{_libdir}/ocaml/xenlight/*.a +%{_libdir}/ocaml/xenlight/*.cmx* +%{_libdir}/ocaml/xenmmap/*.a +%{_libdir}/ocaml/xenmmap/*.cmx* +%{_libdir}/ocaml/xenstore/*.a +%{_libdir}/ocaml/xenstore/*.cmx* +%{_libdir}/ocaml/xentoollog/*.a +%{_libdir}/ocaml/xentoollog/*.cmx* +%endif +%endif +/usr/include/* +%{_libdir}/pkgconfig/xenlight.pc +%{_libdir}/pkgconfig/xlutil.pc +%{_libdir}/pkgconfig/xencall.pc +%{_libdir}/pkgconfig/xencontrol.pc +%{_libdir}/pkgconfig/xendevicemodel.pc +%{_libdir}/pkgconfig/xenevtchn.pc +%{_libdir}/pkgconfig/xenforeignmemory.pc +%{_libdir}/pkgconfig/xengnttab.pc +%{_libdir}/pkgconfig/xenguest.pc +%{_libdir}/pkgconfig/xenstat.pc +%{_libdir}/pkgconfig/xenstore.pc +%{_libdir}/pkgconfig/xentoolcore.pc +%{_libdir}/pkgconfig/xentoollog.pc +%{_libdir}/pkgconfig/xenvchan.pc + +%if %{?with_dom0_support}0 + +%files doc-html +%defattr(-,root,root) +%dir %{_defaultdocdir}/xen +%{_defaultdocdir}/xen/misc +%{_defaultdocdir}/xen/html + +%post +if [ -x /sbin/update-bootloader ]; then + /sbin/update-bootloader --refresh; exit 0 +fi + +%pre tools +%service_add_pre xencommons.service +%service_add_pre xendomains.service +%service_add_pre xen-watchdog.service +%service_add_pre xenstored.service +%service_add_pre xen-dom0-modules.service +%service_add_pre xenconsoled.service +%service_add_pre xen-init-dom0.service +%service_add_pre xen-qemu-dom0-disk-backend.service + +%post tools +xen_tools_first_arg=$1 +%{fillup_only -n xencommons xencommons} +%{fillup_only -n xendomains xendomains} +%service_add_post xencommons.service +%service_add_post xendomains.service +%service_add_post xen-watchdog.service +%service_add_post xenstored.service +%service_add_post xen-dom0-modules.service +%service_add_post xenconsoled.service +%service_add_post xen-init-dom0.service +%service_add_post xen-qemu-dom0-disk-backend.service + +if [ -f /usr/bin/qemu-img ]; then + if [ -f /usr/bin/qemu-img-xen ]; then + rm /usr/bin/qemu-img-xen + fi + rm -f %{_libexecdir}/xen/bin/qemu-img-xen + ln -s /usr/bin/qemu-img %{_libexecdir}/xen/bin/qemu-img-xen +fi +if [ -f /usr/bin/qemu-nbd ]; then + if [ -f /usr/bin/qemu-nbd-xen ]; then + rm /usr/bin/qemu-nbd-xen + fi + rm -f %{_libexecdir}/xen/bin/qemu-nbd-xen + ln -s /usr/bin/qemu-nbd %{_libexecdir}/xen/bin/qemu-nbd-xen +fi +if [ -f /usr/bin/qemu-io ]; then + rm -f %{_libexecdir}/xen/bin/qemu-io-xen + ln -s /usr/bin/qemu-io %{_libexecdir}/xen/bin/qemu-io-xen +fi +if [ -f /etc/default/grub ] && ! (/usr/bin/grep GRUB_CMDLINE_XEN /etc/default/grub >/dev/null); then + echo '# Xen boot parameters for all Xen boots' >> /etc/default/grub + echo 'GRUB_CMDLINE_XEN=""' >> /etc/default/grub + echo '# Xen boot parameters for non-recovery Xen boots (in addition to GRUB_CMDLINE_XEN)' >> /etc/default/grub + echo 'GRUB_CMDLINE_XEN_DEFAULT=""' >> /etc/default/grub +fi +if [ -f /usr/lib/grub2/x86_64-xen/grub.xen -a ! -f /usr/lib/xen/boot/pvgrub64.bin ]; then + ln -s /usr/lib/grub2/x86_64-xen/grub.xen /usr/lib/xen/boot/pvgrub64.bin +fi + +%preun tools +%service_del_preun xencommons.service +%service_del_preun xendomains.service +%service_del_preun xen-watchdog.service +%service_del_preun xenstored.service +%service_del_preun xen-dom0-modules.service +%service_del_preun xenconsoled.service +%service_del_preun xen-init-dom0.service +%service_del_preun xen-qemu-dom0-disk-backend.service + +%postun tools +export DISABLE_RESTART_ON_UPDATE=yes +%service_del_postun xencommons.service +%service_del_postun xendomains.service +%service_del_postun xen-watchdog.service +%service_del_postun xenstored.service +%service_del_postun xen-dom0-modules.service +%service_del_postun xenconsoled.service +%service_del_postun xen-init-dom0.service +%service_del_postun xen-qemu-dom0-disk-backend.service + +%endif + +%post libs -p /sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%changelog +* Tue Oct 13 2020 carnold@suse.com +- bsc#1177409 - VUL-0: xen: x86 PV guest INVLPG-like flushes may + leave stale TLB entries (XSA-286) + xsa286-1.patch + xsa286-2.patch + xsa286-3.patch + xsa286-4.patch + xsa286-5.patch + xsa286-6.patch +- bsc#1177412 - VUL-0: xen: Race condition in Xen mapping code + (XSA-345) + xsa345-1.patch + xsa345-2.patch + xsa345-3.patch +- bsc#1177413 - VUL-0: xen: undue deferral of IOMMU TLB flushes + (XSA-346) + xsa346-1.patch + xsa346-2.patch +- bsc#1177414 - VUL-0: xen: unsafe AMD IOMMU page table updates + (XSA-347) + xsa347-1.patch + xsa347-2.patch + xsa347-3.patch +* Fri Sep 11 2020 ohering@suse.de +- Escape some %% chars in xen.spec, they have to appear verbatim +* Wed Sep 9 2020 ohering@suse.de +- Enhance libxc.migrate_tracking.patch + Print number of allocated pages on sending side, this is more + accurate than p2m_size. +* Tue Sep 8 2020 carnold@suse.com +- bsc#1176339 - VUL-0: CVE-2020-25602: xen: x86 pv: Crash when + handling guest access to MSR_MISC_ENABLE (XSA-333) + xsa333.patch +- bsc#1176341 - VUL-0: CVE-2020-25598: xen: Missing unlock in + XENMEM_acquire_resource error path (XSA-334) + xsa334.patch +- bsc#1176343 - VUL-0: CVE-2020-25604: xen: race when migrating + timers between x86 HVM vCPU-s (XSA-336) + xsa336.patch +- bsc#1176344 - VUL-0: CVE-2020-25595: xen: PCI passthrough code + reading back hardware registers (XSA-337) + xsa337-1.patch + xsa337-2.patch +- bsc#1176346 - VUL-0: CVE-2020-25597: xen: once valid event + channels may not turn invalid (XSA-338) + xsa338.patch +- bsc#1176345 - VUL-0: CVE-2020-25596: xen: x86 pv guest kernel + DoS via SYSENTER (XSA-339) + xsa339.patch +- bsc#1176347 - VUL-0: CVE-2020-25603: xen: Missing barrier + barriers when accessing/allocating an event channel (XSA-340) + xsa340.patch +- bsc#1176348 - VUL-0: CVE-2020-25600: xen: out of bounds event + channels available to 32-bit x86 domains (XSA-342) + xsa342.patch +- bsc#1176349 - VUL-0: CVE-2020-25599: xen: races with + evtchn_reset() (XSA-343) + xsa343-1.patch + xsa343-2.patch + xsa343-3.patch +- bsc#1176350 - VUL-0: CVE-2020-25601: xen: lack of preemption in + evtchn_reset() / evtchn_destroy() (XSA-344) + xsa344-1.patch + xsa344-2.patch +- Upstream bug fixes (bsc#1027519) + 5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch + 5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch + 5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch + 5f560c42-x86-PV-64bit-segbase-consistency.patch +* Mon Aug 3 2020 carnold@suse.com +- Upstream bug fixes (bsc#1027519) + 5ef44e0d-x86-PMTMR-use-FADT-flags.patch + 5ef6156a-x86-disallow-access-to-PT-MSRs.patch + 5efcb354-x86-protect-CALL-JMP-straight-line-speculation.patch + 5f046c18-evtchn-dont-ignore-error-in-get_free_port.patch (Replaces xsa317.patch) + 5f046c48-x86-shadow-dirty-VRAM-inverted-conditional.patch (Replaces xsa319.patch) + 5f046c64-EPT-set_middle_entry-adjustments.patch (Replaces xsa328-1.patch) + 5f046c78-EPT-atomically-modify-ents-in-ept_next_level.patch (Replaces xsa328-2.patch) + 5f046c9a-VT-d-improve-IOMMU-TLB-flush.patch (Replaces xsa321-1.patch) + 5f046cb5-VT-d-prune-rename-cache-flush-funcs.patch (Replaces xsa321-2.patch) + 5f046cca-x86-IOMMU-introduce-cache-sync-hook.patch (Replaces xsa321-3.patch) + 5f046ce9-VT-d-sync_cache-misaligned-addresses.patch (Replaces xsa32141.patch) + 5f046cfd-x86-introduce-alternative_2.patch (Replaces xsa321-5.patch) + 5f046d1a-VT-d-optimize-CPU-cache-sync.patch (Replaces xsa321-6.patch) + 5f046d2b-EPT-flush-cache-when-modifying-PTEs.patch (Replaces xsa321-7.patch) + 5f046d5c-check-VCPUOP_register_vcpu_info-alignment.patch (Replaces xsa327.patch) + 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch + 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch +* Thu Jul 23 2020 carnold@suse.com +- bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to + attach on next reboot while it should be live attached + ignore-ip-command-script-errors.patch +* Fri Jul 17 2020 ohering@suse.de +- Enhance libxc.migrate_tracking.patch + After transfer of domU memory, the target host has to assemble + the backend devices. Track the time prior xc_domain_unpause. +* Tue Jun 30 2020 ohering@suse.de +- Add libxc.migrate_tracking.patch to track live migrations + unconditionally in logfiles, especially in libvirt. + This will track how long a domU was suspended during transit. +* Mon Jun 29 2020 carnold@suse.com +- bsc#1173376 - VUL-0: CVE-2020-15566: xen: XSA-317 - Incorrect + error handling in event channel port allocation + xsa317.patch +- bsc#1173377 - VUL-0: CVE-2020-15563: xen: XSA-319 - inverted code + paths in x86 dirty VRAM tracking + xsa319.patch +- bsc#1173378 - VUL-0: CVE-2020-15565: xen: XSA-321 - insufficient + cache write- back under VT-d + xsa321-1.patch + xsa321-2.patch + xsa321-3.patch + xsa321-4.patch + xsa321-5.patch + xsa321-6.patch + xsa321-7.patch +- bsc#1173380 - VUL-0: CVE-2020-15567: xen: XSA-328 - non-atomic + modification of live EPT PTE + xsa328-1.patch + xsa328-2.patch +* Mon Jun 22 2020 carnold@suse.com +- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer + Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) + 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch + 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch (Replaces xsa320-1.patch) + 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch (Replaces xsa320-2.patch) +- Upstream bug fixes (bsc#1027519) + 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch + 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch + 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch + 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch + 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch + 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch + 5ed69804-x86-ucode-fix-start-end-update.patch + 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch + 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch +* Fri Jun 5 2020 Callum Farmer <callumjfarmer13@gmail.com> +- Fixes for %%_libexecdir changing to /usr/libexec +* Thu May 28 2020 carnold@suse.com +- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer + Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) + xsa320-1.patch + xsa320-2.patch +* Mon May 18 2020 carnold@suse.com +- Update to Xen 4.13.1 bug fix release (bsc#1027519) + xen-4.13.1-testing-src.tar.bz2 + 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch + 5eb51caa-sched-vcpu-pause-flags-atomic.patch + 5ec2a760-x86-determine-MXCSR-mask-always.patch +- Drop patches contained in new tarball + 5de65f84-gnttab-map-always-do-IOMMU-part.patch + 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch + 5e15e03d-sched-fix-S3-resume-with-smt=0.patch + 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch + 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch + 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch + 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch + 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch + 5e318cd4-x86-apic-fix-disabling-LVT0.patch + 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch + 5e3bd385-EFI-recheck-variable-name-strings.patch + 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch + 5e3bd3f8-xmalloc-guard-against-overflow.patch + 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch + 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch + 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch + 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch + 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch + 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch + 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch + 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch + 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch + 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch + 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch + 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch + 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch + 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch + 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch + 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch + 5e86f7fd-credit2-fix-credit-too-few-resets.patch + 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch + 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch + 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch + 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch + 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch + 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch +* Wed May 13 2020 James Fehlig <jfehlig@suse.com> +- spec: Remove invocation of autogen.sh +- spec: Recommend qemu-ovmf-x86_64 to provide UEFI firmwares +* Wed May 13 2020 carnold@suse.com +- bsc#1170968 - GCC 10: xen build fails on i586 + gcc10-fixes.patch +* Tue Apr 14 2020 carnold@suse.com +- bsc#1169392 - VUL-0: CVE-2020-11742: xen: Bad continuation + handling in GNTTABOP_copy (XSA-318) + 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch +* Mon Apr 6 2020 carnold@suse.com +- bsc#1168140 - VUL-0: CVE-2020-11740, CVE-2020-11741: xen: XSA-313 + multiple xenoprof issues + 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch + 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch +- bsc#1168142 - VUL-0: CVE-2020-11739: xen: XSA-314 - Missing + memory barriers in read-write unlock paths + 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch +- bsc#1168143 - VUL-0: CVE-2020-11743: xen: XSA-316 - Bad error + path in GNTTABOP_map_grant + 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch +- bsc#1167152 - L3: Xenstored Crashed during VM install Need Core + analyzed + 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch +- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog + bug soft lockup CPU #0 stuck under high load / upstream with + workaround. See also bsc#1134506 + 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch + 5e86f7fd-credit2-fix-credit-too-few-resets.patch +- Drop for upstream solution (bsc#1165206) + 01-xen-credit2-avoid-vcpus-to.patch + default-to-credit1-scheduler.patch +- Upstream bug fixes (bsc#1027519) + 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch + 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch + 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch + 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch + 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch + 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch + 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch + 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch + 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch + 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch + 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch +* Wed Mar 25 2020 ohering@suse.de +- bsc#1167608 - unbound limit for max_event_channels + domUs with many vcpus and/or resources fail to start + libxl.max_event_channels.patch +* Wed Mar 18 2020 ohering@suse.de +- bsc#1161480 - Fix xl shutdown for HVM without PV drivers + add libxl.libxl__domain_pvcontrol.patch +* Thu Mar 12 2020 carnold@suse.com +- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog + bug soft lockup CPU #0 stuck under high load / upstream with + workaround. See also bsc#1134506 + 01-xen-credit2-avoid-vcpus-to.patch +* Tue Mar 10 2020 carnold@suse.com +- bsc#1158414 - GCC 10: xen build fails + gcc10-fixes.patch +* Wed Mar 4 2020 carnold@suse.com +- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog + bug soft lockup CPU #0 stuck under high load / upstream with + workaround. See also bsc#1134506 + default-to-credit1-scheduler.patch +* Thu Feb 20 2020 carnold@suse.com +- bsc#1160932 - VUL-0: xen: XSA-312 v1: arm: a CPU may speculate + past the ERET instruction + 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch +- bsc#1164425 - x86: "spec-ctrl=no-xen" should also disable branch + hardening + 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch +- Upstream bug fixes (bsc#1027519) + 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch + 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch + 5e318cd4-x86-apic-fix-disabling-LVT0.patch + 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch + 5e3bd385-EFI-recheck-variable-name-strings.patch + 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch + 5e3bd3f8-xmalloc-guard-against-overflow.patch + 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch + 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch + 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch +* Tue Feb 18 2020 ohering@suse.de +- bsc#1159755 - use fixed qemu-3.1 machine type for HVM + This must be done in qemu to preserve PCI layout + remove libxl.lock-qemu-machine-for-hvm.patch +* Fri Feb 7 2020 ohering@suse.de +- jsc#SLE-10183 - script to calculate cpuid= mask + add helper script from https://github.com/twizted/xen_maskcalc + domUs may be migrated between different cpus from the same vendor + if their visible cpuid value has incompatible feature bits masked. +* Wed Feb 5 2020 ohering@suse.de +- jsc#SLE-10172, bsc#1055731 - handle degraded raid for xendomains + add helper script and systemd service from + https://github.com/luizluca/xen-tools-xendomains-wait-disk + in new sub package xen-tools-xendomains-wait-disk + See included README for usage instructions + xendomains-wait-disks.LICENSE + xendomains-wait-disks.README.md + xendomains-wait-disks.sh +* Tue Jan 28 2020 ohering@suse.de +- bsc#1159755 - use fixed qemu-3.1 machine type for HVM + qemu4 introduced incompatible changes in pc-i440fx, which revealed + a design bug in 'xenfv'. Live migration from domUs started with + qemu versions prior qemu4 can not be received with qemu4+. + libxl.lock-qemu-machine-for-hvm.patch +* Tue Jan 14 2020 carnold@suse.com +- Upstream bug fixes (bsc#1027519) + 5de65f84-gnttab-map-always-do-IOMMU-part.patch + 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch + 5e15e03d-sched-fix-S3-resume-with-smt=0.patch + 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch + 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch +* Wed Jan 8 2020 Dominique Leuenberger <dimstar@opensuse.org> +- BuildRequire pkgconfig(libsystemd) instead of systemd-devel: + Allow OBS to shortcut through the -mini flavors. +* Wed Dec 18 2019 carnold@suse.com +- bsc#1159320 - Xen logrotate file needs updated + logrotate.conf +* Wed Dec 18 2019 carnold@suse.com +- Update to Xen 4.13.0 FCS release + xen-4.13.0-testing-src.tar.bz2 + * Core Scheduling (contributed by SUSE) + * Branch hardening to mitigate against Spectre v1 (contributed by Citrix) + * Late uCode loading (contributed by Intel) + * Improved live-patching build tools (contributed by AWS) + * OP-TEE support (contributed by EPAM) + * Renesas R-CAR IPMMU-VMSA driver (contributed by EPAM) + * Dom0-less passthrough and ImageBuilder (contributed by XILINX) + * Support for new Hardware +* Tue Dec 3 2019 carnold@suse.com +- Update to Xen 4.13.0 RC4 release + xen-4.13.0-testing-src.tar.bz2 +- Rebase libxl.pvscsi.patch +* Mon Nov 25 2019 carnold@suse.com +- Update to Xen 4.13.0 RC3 release + xen-4.13.0-testing-src.tar.bz2 +- Drop python38-build.patch +* Tue Nov 12 2019 carnold@suse.com +- Update to Xen 4.13.0 RC2 release + xen-4.13.0-testing-src.tar.bz2 +* Tue Oct 29 2019 Matej Cepl <mcepl@suse.com> +- Add python38-build.patch fixing build with Python 3.8 (add + - -embed to python-config call) +* Mon Oct 14 2019 carnold@suse.com +- Update to Xen 4.13.0 RC1 release + xen-4.13.0-testing-src.tar.bz2 +- Drop patches contained in new tarball or invalid + 5ca7660f-x86-entry-drop-unused-includes.patch + 5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch + 5cab2ab7-x86-IOMMU-introduce-init-ops.patch + 5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch + 5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch + 5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch + 5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch + 5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch + 5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch + 5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch + 5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch + 5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch + 5d358508-x86-IRQ-desc-affinity-represents-request.patch + 5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch + 5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch + 5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch + 5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch + 5d417813-AMD-IOMMU-bitfield-extended-features.patch + 5d417838-AMD-IOMMU-bitfield-control-reg.patch + 5d41785b-AMD-IOMMU-bitfield-IRTE.patch + 5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch + 5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch + 5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch + 5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch + 5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch + 5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch + 5d417b38-AMD-IOMMU-correct-IRTE-updating.patch + 5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch + 5d419d49-x86-spec-ctrl-report-proper-status.patch + 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch + 5d4a9d25-AMD-IOMMU-drop-not-found-message.patch + 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch + 5d4afa7a-credit2-fix-memory-leak.patch + 5d4d850a-introduce-bss-percpu-page-aligned.patch + 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch + 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch + 5d6524ca-x86-mm-correctly-init-M2P-entries.patch + 5d67ceaf-x86-properly-gate-PKU-clearing.patch + 5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch + 5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch + 5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch + 5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch + 5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch + 5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch + 5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch + 5d80ea13-vpci-honor-read-only-devices.patch + 5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch + 5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch + 5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch + 5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch + 5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch + 5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch + 5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch + 5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch + 5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch + 5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch + CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch + blktap2-no-uninit.patch + libxl.prepare-environment-for-domcreate_stream_done.patch + pygrub-python3-conversion.patch + fix-xenpvnetboot.patch +* Thu Oct 10 2019 carnold@suse.com +- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines + 5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch + 5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch + 5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch +* Wed Oct 2 2019 ohering@suse.de +- bsc#1120095 - add code to change LIBXL_HOTPLUG_TIMEOUT at runtime + The included README has details about the impact of this change + libxl.LIBXL_HOTPLUG_TIMEOUT.patch +* Mon Sep 30 2019 carnold@suse.com +- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines + 5ca7660f-x86-entry-drop-unused-includes.patch + 5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch + 5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch + 5cab2ab7-x86-IOMMU-introduce-init-ops.patch + 5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch + 5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch + 5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch + 5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch + 5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch + 5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch + 5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch + 5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch + 5d358508-x86-IRQ-desc-affinity-represents-request.patch + 5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch + 5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch + 5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch + 5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch + 5d417813-AMD-IOMMU-bitfield-extended-features.patch + 5d417838-AMD-IOMMU-bitfield-control-reg.patch + 5d41785b-AMD-IOMMU-bitfield-IRTE.patch + 5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch + 5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch + 5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch + 5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch + 5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch + 5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch + 5d417b38-AMD-IOMMU-correct-IRTE-updating.patch + 5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch + 5d4a9d25-AMD-IOMMU-drop-not-found-message.patch + 5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch + 5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch + 5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch + 5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch + 5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch + 5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch + 5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch + 5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch + 5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch +- bsc#1145240 - [Migration]Can't pre-allocate 1 shadow pages + 5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch +- bsc#1137717 - [HPS Bug] Unable to install Windows Server 2016 + with 2 CPUs setting (or above) under SLES12 SP4 Xen Server on AMD + ROME platform + 5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch +- Upstream bug fixes (bsc#1027519) + 5d67ceaf-x86-properly-gate-PKU-clearing.patch + 5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch + 5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch + 5d80ea13-vpci-honor-read-only-devices.patch + 5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch +* Fri Sep 27 2019 ohering@suse.de +- bsc#1145774 - Libivrtd segfaults when trying to live migrate a VM + Fix crash in an error path of libxl_domain_suspend with + libxl.helper_done-crash.patch +* Wed Aug 28 2019 carnold@suse.com +- Upstream bug fixes (bsc#1027519) + 5d419d49-x86-spec-ctrl-report-proper-status.patch + 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch + 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch + 5d4afa7a-credit2-fix-memory-leak.patch + 5d4d850a-introduce-bss-percpu-page-aligned.patch + 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch + 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch + 5d6524ca-x86-mm-correctly-init-M2P-entries.patch +- Drop 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch +* Wed Aug 28 2019 ohering@suse.de +- Preserve modified files which used to be marked as %%config, + rename file.rpmsave to file +* Fri Aug 9 2019 carnold@suse.com +- Update to Xen 4.12.1 bug fix release (bsc#1027519) + xen-4.12.1-testing-src.tar.bz2 +- Drop patches contained in new tarball + 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch + 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch + 5c87b6c8-drop-arch_evtchn_inject.patch + 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch + 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch + 5c8f752c-x86-e820-build-with-gcc9.patch + 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch + 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch + 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch + 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch + 5c9e63c5-credit2-SMT-idle-handling.patch + 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch + 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch + 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch + 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch + 5cd921fb-trace-fix-build-with-gcc9.patch + 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch + 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch + 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch + 5cd926d0-bitmap_fill-zero-sized.patch + 5cd92724-drivers-video-drop-constraints.patch + 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch + 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch + 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch + 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch + 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch + 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch + 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch + 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch + 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch + 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch + 5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch + 5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch + 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch + 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch + 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch + 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch + 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch + 5d03a0c4-6-Arm64-cmpxchg-simplify.patch + 5d03a0c4-7-Arm32-cmpxchg-simplify.patch + 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch + 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch + 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch + 5d03a0c4-B-bitops-guest-helpers.patch + 5d03a0c4-C-cmpxchg-guest-helpers.patch + 5d03a0c4-D-use-guest-atomics-helpers.patch + 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch + 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch +- Refreshed patches + libxl.pvscsi.patch +* Thu Aug 1 2019 carnold@suse.com +- bsc#1143563 - Speculative mitigation facilities report wrong status + 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch +* Wed Jul 17 2019 ohering@suse.de +- Update xen-dom0-modules.service (bsc#1137251) + Map backend module names from pvops and xenlinux kernels to a + module alias. This avoids errors from modprobe about unknown + modules. Ignore a few xenlinux modules that lack aliases. +* Mon Jul 15 2019 carnold@suse.com +- Gcc9 warnings seem to be cleared up with upstream fixes. + Drop gcc9-ignore-warnings.patch +* Tue Jun 25 2019 carnold@suse.com +- bsc#1138563 - L3: xenpvnetboot improperly ported to Python 3 + fix-xenpvnetboot.patch +* Mon Jun 24 2019 ohering@suse.de +- Move /etc/modprobe.d/xen_loop.conf to /lib/modprobe.d/xen_loop.conf +* Mon Jun 24 2019 ohering@suse.de +- Remove /etc/xen/xenapiusers and /etc/pam.d/xen-api +* Fri Jun 21 2019 ohering@suse.de +- Remove all upstream provided files in /etc/xen + They are not required at runtime. The host admin is now + responsible if he really needs anything in this subdirectory. +* Fri Jun 21 2019 ohering@suse.de +- In our effort to make /etc fully admin controlled, move /etc/xen/scripts + to libexec/xen/scripts with xen-tools.etc_pollution.patch +* Wed Jun 19 2019 ohering@suse.de +- Move /etc/bash_completion.d/xl.sh to %%{_datadir}/bash-completion/completions +* Mon Jun 17 2019 carnold@suse.com +- bsc#1138294 - VUL-0: CVE-2019-17349: XSA-295: Unlimited Arm + Atomics Operations + 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch + 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch + 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch + 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch + 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch + 5d03a0c4-6-Arm64-cmpxchg-simplify.patch + 5d03a0c4-7-Arm32-cmpxchg-simplify.patch + 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch + 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch + 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch + 5d03a0c4-B-bitops-guest-helpers.patch + 5d03a0c4-C-cmpxchg-guest-helpers.patch + 5d03a0c4-D-use-guest-atomics-helpers.patch + 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch + 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch +- Upstream bug fixes (bsc#1027519) + 5c87b6c8-drop-arch_evtchn_inject.patch + 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch + 5cd921fb-trace-fix-build-with-gcc9.patch + 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch + 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch + 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch + 5cd926d0-bitmap_fill-zero-sized.patch + 5cd92724-drivers-video-drop-constraints.patch + 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch (Replaces xsa297-0a.patch) + 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch (Replaces xsa297-0b.patch) + 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch (Replaces xsa297-0c.patch) + 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch (Replaces xsa297-0d.patch) + 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch (Replaces xsa297-1.patch) + 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch (Replaces xsa297-2.patch) + 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch (Replaces xsa297-3.patch) + 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch + 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch + 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch + 5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch + 5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch +* Fri Jun 14 2019 carnold@suse.com +- Fix some outdated information in the readme + README.SUSE +* Tue Jun 11 2019 Jim Fehlig <jfehlig@suse.com> +- spec: xen-tools: require matching version of xen package + bsc#1137471 +* Fri May 17 2019 ohering@suse.de +- Remove two stale patches + xen.build-compare.man.patch + xenpaging.doc.patch +* Tue May 14 2019 Martin Liška <mliska@suse.cz> +- Disable LTO (boo#1133296). +* Mon May 13 2019 ohering@suse.de +- Remove arm32 from ExclusiveArch to fix build +* Mon Apr 29 2019 carnold@suse.com +- bsc#1111331 - VUL-0: CPU issues Q2 2019 aka "Group 4". + CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + xsa297-0a.patch + xsa297-0b.patch + xsa297-0c.patch + xsa297-0d.patch + xsa297-1.patch + xsa297-2.patch + xsa297-3.patch +- Update 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch and + drop 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch + Refresh 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch +* Wed Apr 17 2019 carnold@suse.com +- bsc#1131811 - [XEN] internal error: libxenlight failed to create + new domain. This patch is a workaround for a systemd issue. See + patch header for additional comments. + xenstore-launch.patch +* Thu Apr 11 2019 carnold@suse.com +- bsc#1125378 - [xen][pygrub] Can not restore sle11sp4 pv guest + after upgrading host from sle11sp4 to sle15sp1 + pygrub-python3-conversion.patch +- Fix "TypeError: virDomainDefineXML() argument 2 must be str or + None, not bytes" when converting VMs from using the xm/xend + toolstack to the libxl/libvirt toolstack. (bsc#1123378) + xen2libvirt.py +* Mon Apr 8 2019 carnold@suse.com +- bsc#1124560 - Fully virtualized guests crash on boot + 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch +- bsc#1121391 - GCC 9: xen build fails + 5c8f752c-x86-e820-build-with-gcc9.patch +- Upstream bug fixes (bsc#1027519) + 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch + 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch + 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch + 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch + 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch + 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch + 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch + 5c9e63c5-credit2-SMT-idle-handling.patch + 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch + 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch + 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch + 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch +* Thu Apr 4 2019 ohering@suse.de +- Install pkgconfig files into libdir instead of datadir +* Tue Apr 2 2019 carnold@suse.com +- Update to Xen 4.12.0 FCS release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 + * HVM/PVH and PV only Hypervisor: The Xen 4.12 release separates + the HVM/PVH and PV code paths in Xen and provides KCONFIG + options to build a PV only or HVM/PVH only hypervisor. + * QEMU Deprivilege (DM_RESTRICT): In Xen 4.12, this feature has + been vastly improved. + * Argo - Hypervisor-Mediated data eXchange: Argo is a new inter- + domain communication mechanism. + * Improvements to Virtual Machine Introspection: The VMI subsystem + which allows detection of 0-day vulnerabilities has seen many + functional and performance improvements. + * Credit 2 Scheduler: The Credit2 scheduler is now the Xen Project + default scheduler. + * PVH Support: Grub2 boot support has been added to Xen and Grub2. + * PVH Dom0: PVH Dom0 support has now been upgraded from experimental + to tech preview. + * The Xen 4.12 upgrade also includes improved IOMMU mapping code, + which is designed to significantly improve the startup times of + AMD EPYC based systems. + * The upgrade also features Automatic Dom0 Sizing which allows the + setting of Dom0 memory size as a percentage of host memory (e.g. + 10%%) or with an offset (e.g. 1G+10%%). +* Tue Mar 26 2019 carnold@suse.com +- bsc#1130485 - Please drop Requires on multipath-tools in + xen-tools. Now using Recommends multipath-tools. + xen.spec +* Mon Mar 25 2019 carnold@suse.com +- Update to Xen 4.12.0 RC7 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 +* Wed Mar 20 2019 carnold@suse.com +- Update to Xen 4.12.0 RC6 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 +* Fri Mar 15 2019 ohering@suse.de +- bsc#1026236 - add Xen cmdline option "suse_vtsc_tolerance" to + avoid TSC emulation for HVM domUs if their expected frequency + does not match exactly the frequency of the receiving host + xen.bug1026236.suse_vtsc_tolerance.patch +* Mon Mar 11 2019 carnold@suse.com +- Update to Xen 4.12.0 RC5 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 +* Mon Mar 11 2019 carnold@suse.com +- jsc#SLE-3059 - Disable Xen auto-ballooning +- Add CONFIG_DOM0_MEM to the spec file for managing dom0 memory. + xen.spec +- Disable autoballooning in xl.con + xl-conf-disable-autoballoon.patch +* Thu Mar 7 2019 ohering@suse.de +- Update gcc9-ignore-warnings.patch to fix build in SLE12 +* Thu Mar 7 2019 ohering@suse.de +- bsc#1126325 - fix crash in libxl in error path + Setup of grant_tables and other variables may fail + libxl.prepare-environment-for-domcreate_stream_done.patch +* Wed Mar 6 2019 carnold@suse.com +- bsc#1127620 - Documentation for the xl configuration file allows + for firmware=pvgrub64 but we don't ship pvgrub64. + Create a link from grub.xen to pvgrub64 + xen.spec +* Mon Mar 4 2019 carnold@suse.com +- Update to Xen 4.12.0 RC4 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 +- Tarball also contains additional post RC4 security fixes for + Xen Security Advisories 287, 288, and 290 through 294. +* Tue Feb 19 2019 carnold@suse.com +- Update to Xen 4.12.0 RC3 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 +* Mon Feb 4 2019 carnold@suse.com +- Update to Xen 4.12.0 RC2 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 +* Fri Jan 25 2019 carnold@suse.com +- bsc#1121391 - GCC 9: xen build fails + gcc9-ignore-warnings.patch +* Thu Jan 24 2019 carnold@suse.com +- bsc#1122563 - Virtualization/xen: Bug no Xen on boot, missing + /proc/xen, after 4.11 -> 4.12 upgrade on X86_64/efi. + Keep xen.efi in /usr/lib64/efi for booting older distros. + xen.spec +* Fri Jan 18 2019 carnold@suse.com +- fate#326960: Package grub2 as noarch. + As part of the effort to have a unified bootloader across + architectures, modify the xen.spec file to move the Xen efi files + to /usr/share/efi/$(uname -m) from /usr/lib64/efi. +* Wed Jan 16 2019 carnold@suse.com +- Update to Xen 4.12.0 RC1 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 +- Drop + 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch + 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch + 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch + 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch + 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch + 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch + 5b9784d2-x86-HVM-add-known_gla-helper.patch + 5b9784f2-x86-HVM-split-page-straddling-accesses.patch + 5bdc31d5-VMX-fix-vmx_handle_eoi.patch + gcc8-fix-array-warning-on-i586.patch + gcc8-fix-format-warning-on-i586.patch + gcc8-inlining-failed.patch + xen.bug1079730.patch +* Tue Jan 15 2019 carnold@suse.com +- bsc#1121960 - xen: sync with Factory + xen.spec + xen.changes +* Sat Jan 12 2019 Jan Engelhardt <jengelh@inai.de> +- Replace old $RPM_* shell vars. +- Run fdupes for all architectures, and not crossing + subvolume boundaries. +* Thu Jan 10 2019 Guillaume GARDET <guillaume.gardet@opensuse.org> +- Do not run %%fdupes on aarch64 to avoid the hardlink-across-partition + rpmlint error +* Tue Jan 8 2019 Guillaume GARDET <guillaume.gardet@opensuse.org> +- Require qemu-seabios only on x86* as it is not available on non-x86 + systems +* Thu Dec 27 2018 Bernhard Wiedemann <bwiedemann@suse.com> +- Avoid creating dangling symlinks (bsc#1116524) + This reverts the revert of tmp_build.patch +* Tue Dec 4 2018 carnold@suse.com +- Update to Xen 4.11.1 bug fix release (bsc#1027519) + xen-4.11.1-testing-src.tar.bz2 +- 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch + replaces xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch +- 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch + replaces xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch +- Drop the following patches contained in the new tarball + 5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch + 5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch + 5b3cab8e-2-VMX-improve-MSR-load-save-API.patch + 5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch + 5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch + 5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch + 5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch + 5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch + 5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch + 5b3f8fa5-port-array_index_nospec-from-Linux.patch + 5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch + 5b4488e7-x86-spec-ctrl-cmdline-handling.patch + 5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch + 5b4c9a60-allow-cpu_down-to-be-called-earlier.patch + 5b4db308-SVM-fix-cleanup-svm_inject_event.patch + 5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch + 5b5040f2-x86-AMD-distinguish-CU-from-HT.patch + 5b505fe5-VMX-fix-find-msr-build.patch + 5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch + 5b508775-2-x86-possibly-bring-up-all-CPUs.patch + 5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch + 5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch + 5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch + 5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch + 5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch + 5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch + 5b62ca93-VMX-avoid-hitting-BUG_ON.patch + 5b6d84ac-x86-fix-improve-vlapic-read-write.patch + 5b6d8ce2-x86-XPTI-parsing.patch + 5b72fbbe-ARM-disable-grant-table-v2.patch + 5b72fbbe-oxenstored-eval-order.patch + 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch + 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch + 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch + 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch + 5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch + 5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch + 5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch + 5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch + 5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch + 5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch + 5b72fbbf-xl.conf-Add-global-affinity-masks.patch + 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch + 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch + 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch + 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch + 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch + 5b8d5832-x86-assorted-array_index_nospec-insertions.patch + 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch + 5bacae4b-x86-boot-allocate-extra-module-slot.patch + 5bae44ce-x86-silence-false-log-messages.patch + 5bb60c12-x86-split-opt_xpti.patch + 5bb60c4f-x86-split-opt_pv_l1tf.patch + 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch + 5bcf0722-x86-boot-enable-NMIs.patch + 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch + 5bd076e9-x86-boot-init-debug-regs-correctly.patch + 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch + 5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch + 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch + 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch + 5be2a308-x86-extend-get_platform_badpages.patch + 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch + xsa275-1.patch + xsa275-2.patch + xsa276-1.patch + xsa276-2.patch + xsa277.patch + xsa279.patch + xsa280-1.patch + xsa280-2.patch +* Wed Nov 21 2018 carnold@suse.com +- bsc#1116524 - Package xen-tools-4.11.0_09-2.1.x86_64 broken: + Missing /bin/domu-xenstore. This was broken because "make + package build reproducible" change. (boo#1047218, boo#1062303) + This fix reverses the change to this patch. + tmp_build.patch +* Mon Nov 12 2018 carnold@suse.com +- bsc#1115040 - VUL-0: CVE-2018-19961 CVE-2018-19962: xen: + insufficient TLB flushing / improper large page mappings with AMD + IOMMUs (XSA-275) + xsa275-1.patch + xsa275-2.patch +- bsc#1115043 - VUL-0: CVE-2018-19963: xen: resource accounting + issues in x86 IOREQ server handling (XSA-276) + xsa276-1.patch + xsa276-2.patch +- bsc#1115044 - VUL-0: CVE-2018-19964: xen: x86: incorrect error + handling for guest p2m page removals (XSA-277) + xsa277.patch +- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even + when disabled (XSA-278) + 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch +- bsc#1115045 - VUL-0: xen: CVE-2018-19965: x86: DoS from attempting + to use INVPCID with a non-canonical addresses (XSA-279) + xsa279.patch +- bsc#1115047 - VUL-0: CVE-2018-19966: xen: Fix for XSA-240 + conflicts with shadow paging (XSA-280) + xsa280-1.patch + xsa280-2.patch +- bsc#1114988 - VUL-0: CVE-2018-19967: xen: guest use of HLE + constructs may lock up host (XSA-282) + 5be2a308-x86-extend-get_platform_badpages.patch + 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch +- bsc#1108940 - L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV + 5bdc31d5-VMX-fix-vmx_handle_eoi.patch +- Upstream bug fixes (bsc#1027519) + 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch + 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch + 5bacae4b-x86-boot-allocate-extra-module-slot.patch + 5bae44ce-x86-silence-false-log-messages.patch + 5bb60c12-x86-split-opt_xpti.patch + 5bb60c4f-x86-split-opt_pv_l1tf.patch + 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch + 5bcf0722-x86-boot-enable-NMIs.patch + 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch + 5bd076e9-x86-boot-init-debug-regs-correctly.patch + 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch + 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch +* Tue Nov 6 2018 carnold@suse.com +- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even + when disabled (XSA-278) + 5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch +* Wed Oct 24 2018 ohering@suse.de +- Use SMBIOS_REL_DATE instead of SMBIOS_DATE for reproducible binaries +* Wed Oct 24 2018 Bernhard Wiedemann <bwiedemann@suse.com> +- make package build reproducible (boo#1047218, boo#1062303) + * Set SMBIOS_REL_DATE + * Update tmp_build.patch to use SHA instead of random build-id + * Add reproducible.patch to use --no-insert-timestamp +* Mon Oct 15 2018 ohering@suse.de +- Building with ncurses 6.1 will fail without + xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch +- Building libxl acpi support on aarch64 with gcc 8.2 will fail without + xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch +* Tue Sep 11 2018 carnold@suse.com +- bsc#1106263 - L3: The affinity reporting via 'xl vcpu-list' is + apparently broken + 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch + 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch + 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch +* Tue Sep 11 2018 carnold@suse.com +- bsc#1094508 - L3: Kernel oops in fs/dcache.c called by + d_materialise_unique() + 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch + 5b9784d2-x86-HVM-add-known_gla-helper.patch + 5b9784f2-x86-HVM-split-page-straddling-accesses.patch +- bsc#1103279 - (CVE-2018-15470) VUL-0: CVE-2018-15470: xen: + oxenstored does not apply quota-maxentity (XSA-272) + 5b72fbbe-oxenstored-eval-order.patch +- bsc#1103275 - (CVE-2018-15469) VUL-0: CVE-2018-15469: xen: Use of + v2 grant tables may cause crash on ARM (XSA-268) + 5b72fbbe-ARM-disable-grant-table-v2.patch +- Upstream patches from Jan (bsc#1027519) + 5b6d84ac-x86-fix-improve-vlapic-read-write.patch + 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch + 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch + 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch + 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch + 5b8d5832-x86-assorted-array_index_nospec-insertions.patch +- Drop 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch +* Tue Aug 28 2018 carnold@suse.com +- bsc#1078292 - rpmbuild -ba SPECS/xen.spec with xen-4.9.1 failed + xen.spec +* Fri Aug 17 2018 carnold@suse.com +- bsc#1091107 - VUL-0: CVE-2018-3646: xen: L1 Terminal Fault -VMM + (XSA-273) + 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch + 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch + 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch + 5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch + 5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch + 5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch + 5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch + 5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch +- bsc#1103276 - VUL-0: CVE-2018-15468: xen: x86: Incorrect + MSR_DEBUGCTL handling lets guests enable BTS (XSA-269) + 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch +- Upstream prereq patches for XSA-273 and other upstream fixes + (bsc#1027519) + 5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch + 5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch + 5b3cab8e-2-VMX-improve-MSR-load-save-API.patch + 5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch + 5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch + 5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch + 5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch + 5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch + 5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch + 5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch + 5b505fe5-VMX-fix-find-msr-build.patch + 5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch + 5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch + 5b62ca93-VMX-avoid-hitting-BUG_ON.patch + 5b6d8ce2-x86-XPTI-parsing.patch + 5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch + 5b72fbbf-xl.conf-Add-global-affinity-masks.patch + 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch +* Tue Jul 24 2018 carnold@suse.com +- Upstream patches from Jan (bsc#1027519) + 5b3f8fa5-port-array_index_nospec-from-Linux.patch + 5b4488e7-x86-spec-ctrl-cmdline-handling.patch + 5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch + 5b4c9a60-allow-cpu_down-to-be-called-earlier.patch + 5b4db308-SVM-fix-cleanup-svm_inject_event.patch + 5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch + 5b5040f2-x86-AMD-distinguish-CU-from-HT.patch + 5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch + 5b508775-2-x86-possibly-bring-up-all-CPUs.patch + 5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch + 5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch + 5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch + 5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch + gcc8-fix-format-warning-on-i586.patch + gcc8-fix-array-warning-on-i586.patch +- Drop xen.fuzz-_FORTIFY_SOURCE.patch + gcc8-fix-warning-on-i586.patch +* Mon Jul 9 2018 carnold@suse.com +- Update to Xen 4.11.0 FCS (fate#325202, fate#325123) + xen-4.11.0-testing-src.tar.bz2 + disable-building-pv-shim.patch +- Dropped patches + 5a33a12f-domctl-improve-locking-during-domain-destruction.patch + 5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch + 5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch + 5a9985bd-x86-invpcid-support.patch + 5ac72a48-gcc8.patch + 5ac72a5f-gcc8.patch + 5ac72a64-gcc8.patch + 5ac72a69-gcc8.patch + 5ac72a6e-gcc8.patch + 5ac72a74-gcc8.patch + 5ac72a7b-gcc8.patch + 5ad4923e-x86-correct-S3-resume-ordering.patch + 5ad49293-x86-suppress-BTI-mitigations-around-S3.patch + 5ad600d4-x86-pv-introduce-x86emul_read_dr.patch + 5ad600d4-x86-pv-introduce-x86emul_write_dr.patch + 5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch + 5adda097-x86-HPET-fix-race-triggering-ASSERT.patch + 5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch + 5adde9ed-xpti-fix-double-fault-handling.patch + 5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch + 5ae31917-x86-cpuidle-init-stats-lock-once.patch + 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch + 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch + 5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch + 5aec7393-1-x86-xpti-avoid-copy.patch + 5aec7393-2-x86-xpti-write-cr3.patch + 5aec744a-3-x86-xpti-per-domain-flag.patch + 5aec744a-4-x86-xpti-use-invpcid.patch + 5aec744a-5-x86-xpti-no-global-pages.patch + 5aec744a-6-x86-xpti-cr3-valid-flag.patch + 5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch + 5aec744b-8-x86-xpti-cr3-helpers.patch + 5aec74a8-9-x86-xpti-use-pcid.patch + 5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch + 5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch + 5af1daa9-3-x86-traps-use-IST-for-DB.patch + 5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch + 5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch + 5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch + 5af97999-viridian-cpuid-leaf-40000003.patch + 5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch + 5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch + 5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch + 5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch + 5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch + 5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch + 5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch + 5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch + 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch + 5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch + 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch + 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch + 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch + 5b0bc9da-x86-XPTI-fix-S3-resume.patch + 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch + 5b0d2d91-x86-suppress-sync-when-XPTI-off.patch + 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch + 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch + 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch + 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch + 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch + 5b238b92-x86-HVM-account-for-fully-eager-FPU.patch + 5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch + 5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch + 5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch + 5b34882d-x86-mm-dont-bypass-preemption-checks.patch + 5b348874-x86-refine-checks-in-DB-handler.patch + 5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch + 5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch + 5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch + 5b348954-x86-guard-against-NM.patch + libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch + libxl.LIBXL_DESTROY_TIMEOUT.patch + libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch + xen_fix_build_with_acpica_20180427_and_new_packages.patch +* Wed Jul 4 2018 trenn@suse.de +- Submit upstream patch libacpi: fixes for iasl >= 20180427 + git commit 858dbaaeda33b05c1ac80aea0ba9a03924e09005 + xen_fix_build_with_acpica_20180427_and_new_packages.patch + This is needed for acpica package to get updated in our build service +* Fri Jun 29 2018 carnold@suse.com +- Upstream patches from Jan (bsc#1027519) + 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-1.patch) + 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-2.patch) + 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch (Replaces Spectre-v4-3.patch) + 5b0bc9da-x86-XPTI-fix-S3-resume.patch + 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch + 5b0d2d91-x86-suppress-sync-when-XPTI-off.patch + 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch + 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch + 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch + 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch (Replaces xsa267-1.patch) + 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch (Replaces xsa267-2.patch) + 5b238b92-x86-HVM-account-for-fully-eager-FPU.patch + 5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch + 5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch + 5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch + 5b34882d-x86-mm-dont-bypass-preemption-checks.patch (Replaces xsa264.patch) + 5b348874-x86-refine-checks-in-DB-handler.patch (Replaces xsa265.patch) + 5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch (Replaces xsa266-1-<>.patch) + 5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch (Replaces xsa266-2-<>.patch) + 5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch + 5b348954-x86-guard-against-NM.patch +* Mon Jun 25 2018 ohering@suse.de +- Fix more build gcc8 related failures with xen.fuzz-_FORTIFY_SOURCE.patch +* Mon Jun 25 2018 ohering@suse.de +- bsc#1098403 - fix regression introduced by changes for bsc#1079730 + a PV domU without qcow2 and/or vfb has no qemu attached. + Ignore QMP errors for PV domUs to handle PV domUs with and without + an attached qemu-xen. + xen.bug1079730.patch +* Mon Jun 18 2018 carnold@suse.com +- bsc#1097521 - VUL-0: CVE-2018-12891: xen: preemption checks + bypassed in x86 PV MM handling (XSA-264) + xsa264.patch +- bsc#1097522 - VUL-0: CVE-2018-12893: xen: x86: #DB exception + safety check can be triggered by a guest (XSA-265) + xsa265.patch +- bsc#1097523 - VUL-0: CVE-2018-12892: xen: libxl fails to honour + readonly flag on HVM emulated SCSI disks (XSA-266) + xsa266-1-libxl-qemu_disk_scsi_drive_string-Break-out-common-p.patch + xsa266-2-libxl-restore-passing-readonly-to-qemu-for-SCSI-disk.patch +* Wed Jun 13 2018 carnold@suse.com +- bsc#1095242 - VUL-0: CVE-2018-3665: xen: Lazy FP Save/Restore + (XSA-267) + xsa267-1.patch + xsa267-2.patch +* Fri Jun 1 2018 carnold@suse.com +- bsc#1092543 - GCC 8: xen build fails + gcc8-fix-warning-on-i586.patch +* Fri May 18 2018 carnold@suse.com +- bsc#1092631 - VUL-0: CVE-2018-3639: xen: V4 – Speculative Store + Bypass aka "Memory Disambiguation" (XSA-263) + 5ad4923e-x86-correct-S3-resume-ordering.patch + 5ad49293-x86-suppress-BTI-mitigations-around-S3.patch + 5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch + 5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch + 5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch + 5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch + 5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch + 5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch + 5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch + 5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch + 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch + 5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch + Spectre-v4-1.patch + Spectre-v4-2.patch + Spectre-v4-3.patch +* Thu May 17 2018 ohering@suse.de +- Always call qemus xen-save-devices-state in suspend/resume to + fix migration with qcow2 images (bsc#1079730) + libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch + libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch + xen.bug1079730.patch +* Wed May 16 2018 carnold@suse.com +- bsc#1087289 - L3: Xen BUG at sched_credit.c:1663 + 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch + 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch +- Upstream patches from Jan (bsc#1027519) + 5ad600d4-x86-pv-introduce-x86emul_read_dr.patch + 5ad600d4-x86-pv-introduce-x86emul_write_dr.patch + 5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch + 5adda097-x86-HPET-fix-race-triggering-ASSERT.patch + 5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch + 5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch + 5ae31917-x86-cpuidle-init-stats-lock-once.patch + 5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch + 5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch (Replaces xsa260-1.patch) + 5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch (Replaces xsa260-2.patch) + 5af1daa9-3-x86-traps-use-IST-for-DB.patch (Replaces xsa260-3.patch) + 5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch (Replaces xsa260-4.patch) + 5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch (Replaces xsa262.patch) + 5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch (Replaces xsa261.patch) + 5af97999-viridian-cpuid-leaf-40000003.patch +* Fri May 11 2018 carnold@suse.com +- Fixes related to Page Table Isolation (XPTI). bsc#1074562 XSA-254 + 5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch + 5a9985bd-x86-invpcid-support.patch + 5adde9ed-xpti-fix-double-fault-handling.patch + 5aec7393-1-x86-xpti-avoid-copy.patch + 5aec7393-2-x86-xpti-write-cr3.patch + 5aec744a-3-x86-xpti-per-domain-flag.patch + 5aec744a-4-x86-xpti-use-invpcid.patch + 5aec744a-5-x86-xpti-no-global-pages.patch + 5aec744a-6-x86-xpti-cr3-valid-flag.patch + 5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch + 5aec744b-8-x86-xpti-cr3-helpers.patch + 5aec74a8-9-x86-xpti-use-pcid.patch +* Wed May 9 2018 carnold@suse.com +- bsc#1092543 - GCC 8: xen build fails + 5ac72a48-gcc8.patch + 5ac72a5f-gcc8.patch + 5ac72a64-gcc8.patch + 5ac72a69-gcc8.patch + 5ac72a6e-gcc8.patch + 5ac72a74-gcc8.patch + 5ac72a7b-gcc8.patch + gcc8-inlining-failed.patch +* Tue May 8 2018 carnold@suse.com +- Update to Xen 4.10.1 bug fix release (bsc#1027519) + xen-4.10.1-testing-src.tar.bz2 + disable-building-pv-shim.patch +- Drop the following patches contained in the new tarball + 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch + 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch + 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch + 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch + 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch + 5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch + 5a4caa8c-x86-E820-don-t-overrun-array.patch + 5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch + 5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch + 5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch + 5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch + 5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch + 5a4fd893-4-x86-introduce-cpuid_policy_updated.patch + 5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch + 5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch + 5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch + 5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch + 5a4fd894-4-clarifications-to-wait-infrastructure.patch + 5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch + 5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch + 5a5e2cff-x86-Meltdown-band-aid.patch + 5a5e2d73-x86-Meltdown-band-aid-conditional.patch + 5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch + 5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch + 5a5e3a4e-3-x86-report-speculative-mitigation-details.patch + 5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch + 5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch + 5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch + 5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch + 5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch + 5a5e459c-2-x86-report-domain-id-on-CPUID.patch + 5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch + 5a69c0b9-x86-fix-GET_STACK_END.patch + 5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch + 5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch + 5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch + 5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch + 5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch + 5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch + 5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch + 5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch + 5a6b36cd-9-x86-issue-speculation-barrier.patch + 5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch + 5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch + 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch + 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch + 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch + 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch + 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch + 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch + 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch + 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch + 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch + 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch + 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch + 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch + 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch + 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch + 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch + 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch + 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch + xsa258.patch + xsa259.patch +* Wed Apr 25 2018 carnold@suse.com +- bsc#1090820 - VUL-0: CVE-2018-8897: xen: x86: mishandling of + debug exceptions (XSA-260) + xsa260-1.patch + xsa260-2.patch + xsa260-3.patch + xsa260-4.patch +- bsc#1090822 - VUL-0: CVE-2018-10982: xen: x86 vHPET interrupt + injection errors (XSA-261) + xsa261.patch +- bsc#1090823 - VUL-0: CVE-2018-10981: xen: qemu may drive Xen into + unbounded loop (XSA-262) + xsa262.patch +* Mon Apr 16 2018 carnold@suse.com +- bsc#1089152 - VUL-0: CVE-2018-10472: xen: Information leak via + crafted user-supplied CDROM (XSA-258) + xsa258.patch +- bsc#1089635 - VUL-0: CVE-2018-10471: xen: x86: PV guest may crash + Xen with XPTI (XSA-259) + xsa259.patch +* Wed Mar 28 2018 ohering@suse.de +- Preserve xen-syms from xen-dbg.gz to allow processing vmcores + with crash(1) (bsc#1087251) +* Mon Mar 26 2018 carnold@suse.com +- Upstream patches from Jan (bsc#1027519) and fixes related to + Page Table Isolation (XPTI). See also bsc#1074562 XSA-254 + 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch + 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch + 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch + 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch + 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch + 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch +* Thu Mar 1 2018 carnold@suse.com +- bsc#1072834 - Xen HVM: unchecked MSR access error: RDMSR from + 0xc90 at rIP: 0xffffffff93061456 (native_read_msr+0x6/0x30) + 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch +- Upstream patches from Jan (bsc#1027519) + 5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch + 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch + 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch + 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch + 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch + 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch + 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch + 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch (Replaces xsa252.patch) + 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch (Replaces xsa255-1.patch) + 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch (Replaces xsa255-2.patch) + 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch (Replaces xsa256.patch) +- Drop + xsa252.patch + xsa255-1.patch + xsa255-2.patch + xsa256.patch +* Mon Feb 12 2018 carnold@suse.com +- bsc#1080635 - VUL-0: CVE-2018-7540: xen: DoS via non-preemptable + L3/L4 pagetable freeing (XSA-252) + xsa252.patch +- bsc#1080662 - VUL-0: CVE-2018-7541: xen: grant table v2 -> v1 + transition may crash Xen (XSA-255) + xsa255-1.patch + xsa255-2.patch +- bsc#1080634 - VUL-0: CVE-2018-7542: xen: x86 PVH guest without + LAPIC may DoS the host (XSA-256) + xsa256.patch +* Fri Feb 9 2018 ohering@suse.de +- Remove stale systemd presets code for 13.2 and older +* Fri Feb 9 2018 ohering@suse.de +- fate#324965 - add script, udev rule and systemd service to watch + for vcpu online/offline events in a HVM domU + They are triggered via xl vcpu-set domU N +* Fri Feb 9 2018 ohering@suse.de +- Replace hardcoded xen with Name tag when refering to subpkgs +* Fri Feb 9 2018 ohering@suse.de +- Make sure tools and tools-domU require libs from the very same build +* Wed Feb 7 2018 jfehlig@suse.com +- tools-domU: Add support for qemu guest agent. New files + 80-xen-channel-setup.rules and xen-channel-setup.sh configure a + xen-pv-channel for use by the guest agent + FATE#324963 +* Wed Feb 7 2018 ohering@suse.de +- Remove outdated /etc/xen/README* +* Mon Jan 29 2018 carnold@suse.com +- bsc#1073961 - VUL-0: CVE-2018-5244: xen: x86: memory leak with + MSR emulation (XSA-253) + 5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch +- bsc#1074562 - VUL-0: CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 + xen: Information leak via side effects of speculative execution + (XSA-254). Includes Spectre v2 mitigation. + 5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch + 5a4caa8c-x86-E820-don-t-overrun-array.patch + 5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch + 5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch + 5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch + 5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch + 5a4fd893-4-x86-introduce-cpuid_policy_updated.patch + 5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch + 5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch + 5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch + 5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch + 5a4fd894-4-clarifications-to-wait-infrastructure.patch + 5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch + 5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch + 5a5e2cff-x86-Meltdown-band-aid.patch + 5a5e2d73-x86-Meltdown-band-aid-conditional.patch + 5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch + 5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch + 5a5e3a4e-3-x86-report-speculative-mitigation-details.patch + 5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch + 5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch + 5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch + 5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch + 5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch + 5a5e459c-2-x86-report-domain-id-on-CPUID.patch + 5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch + 5a69c0b9-x86-fix-GET_STACK_END.patch + 5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch + 5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch + 5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch + 5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch + 5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch + 5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch + 5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch + 5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch + 5a6b36cd-9-x86-issue-speculation-barrier.patch + 5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch + 5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch +* Fri Jan 26 2018 carnold@suse.com +- Fix python3 deprecated atoi call (bsc#1067224) + pygrub-python3-conversion.patch +- Drop xenmon-python3-conversion.patch +* Wed Jan 10 2018 ohering@suse.de +- bsc#1067317 - pass cache=writeback|unsafe|directsync to qemu, + depending on the libxl disk settings + libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch +* Mon Jan 8 2018 ohering@suse.de +- Remove libxl.LIBXL_DESTROY_TIMEOUT.debug.patch +* Fri Jan 5 2018 carnold@suse.com +- bsc#1067224 - xen-tools have hard dependency on Python 2 + build-python3-conversion.patch + bin-python3-conversion.patch +* Wed Dec 20 2017 carnold@suse.com +- bsc#1070165 - xen crashes after aborted localhost migration + 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch +- bsc#1035442 - L3: libxl: error: libxl.c:1676:devices_destroy_cb: + libxl__devices_destroy failed + 5a33a12f-domctl-improve-locking-during-domain-destruction.patch +- Upstream patches from Jan (bsc#1027519) + 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch + 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch + 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch + 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch +* Wed Dec 13 2017 carnold@suse.com +- Update to Xen 4.10.0 FCS (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +* Mon Dec 11 2017 ohering@suse.de +- Rebuild initrd if xen-tools-domU is updated +* Tue Dec 5 2017 carnold@suse.com +- Update to Xen 4.10.0-rc8 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +* Tue Nov 28 2017 ohering@suse.de +- Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds + If many domUs shutdown in parallel the backends can not keep up + Add some debug output to track how long backend shutdown takes (bsc#1035442) + libxl.LIBXL_DESTROY_TIMEOUT.patch + libxl.LIBXL_DESTROY_TIMEOUT.debug.patch +* Tue Nov 28 2017 ohering@suse.de +- Adjust xenstore-run-in-studomain.patch to change the defaults + in the code instead of changing the sysconfig template, to also + cover the upgrade case +* Fri Nov 24 2017 carnold@suse.com +- Update to Xen 4.10.0-rc6 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +* Fri Nov 24 2017 ohering@suse.de +- Since xen switched to Kconfig, building a debug hypervisor + was done by default. Adjust make logic to build a non-debug + hypervisor by default, and continue to provide one as xen-dbg.gz +* Fri Nov 24 2017 ohering@suse.de +- fate#316614: set migration constraints from cmdline + fix libxl.set-migration-constraints-from-cmdline.patch for xen-4.10 +* Thu Nov 23 2017 ohering@suse.de +- Document the suse-diskcache-disable-flush option in + xl-disk-configuration(5) (bsc#879425,bsc#1067317) +* Thu Nov 23 2017 rbrown@suse.com +- Replace references to /var/adm/fillup-templates with new + %%_fillupdir macro (boo#1069468) +* Thu Nov 16 2017 carnold@suse.com +- Update to Xen 4.10.0-rc5 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +- fate#323663 - Run Xenstore in stubdomain + xenstore-run-in-studomain.patch +* Thu Nov 9 2017 carnold@suse.com +- bsc#1067224 - xen-tools have hard dependency on Python 2 + pygrub-python3-conversion.patch + xenmon-python3-conversion.patch + migration-python3-conversion.patch + xnloader.py + xen2libvirt.py +* Wed Nov 8 2017 ohering@suse.de +- Remove xendriverdomain.service (bsc#1065185) + Driver domains must be configured manually with custom .service file +* Thu Nov 2 2017 carnold@suse.com +- Update to Xen 4.10.0-rc3 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +- Drop 59f31268-libxc-remove-stale-error-check-for-domain-size.patch +* Thu Nov 2 2017 ohering@suse.de +- Adjust xen-dom0-modules.service to ignore errors (bsc#1065187) +* Fri Oct 27 2017 carnold@suse.com +- fate#324052 Support migration of Xen HVM domains larger than 1TB + 59f31268-libxc-remove-stale-error-check-for-domain-size.patch +* Wed Oct 25 2017 carnold@suse.com +- Update to Xen 4.10.0-rc2 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +* Mon Oct 16 2017 carnold@suse.com +- Update to Xen 4.10.0-rc1 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +- Drop patches included in new tarball + 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch + 596f257e-x86-fix-hvmemul_insn_fetch.patch + 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch + 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch + 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch + 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch + 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch + 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch + 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch + 59958ebf-gnttab-fix-transitive-grant-handling.patch + 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch + 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch + 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch + 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch + 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch + 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch + 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch + 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch + 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch + 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch + 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch + 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch + 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch + 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch + gcc7-arm.patch + gcc7-mini-os.patch +* Tue Oct 3 2017 carnold@suse.com +- bsc#1061084 - VUL-0: xen: page type reference leak on x86 + (XSA-242) + xsa242.patch +- bsc#1061086 - VUL-0: xen: x86: Incorrect handling of self-linear + shadow mappings with translated guests (XSA-243) + xsa243.patch +- bsc#1061087 - VUL-0: xen: x86: Incorrect handling of IST settings + during CPU hotplug (XSA-244) + xsa244.patch +* Mon Oct 2 2017 carnold@suse.com +- bsc#1061077 - VUL-0: xen: DMOP map/unmap missing argument checks + (XSA-238) + xsa238.patch +- bsc#1061080 - VUL-0: xen: hypervisor stack leak in x86 I/O + intercept code (XSA-239) + xsa239.patch +- bsc#1061081 - VUL-0: xen: Unlimited recursion in linear pagetable + de-typing (XSA-240) + xsa240-1.patch + xsa240-2.patch +- bsc#1061082 - VUL-0: xen: Stale TLB entry due to page type + release race (XSA-241) + xsa241.patch +* Fri Sep 29 2017 carnold@suse.com +- bsc#1061075 - VUL-0: xen: pin count / page reference race in + grant table code (XSA-236) + xsa236.patch +- bsc#1061076 - VUL-0: xen: multiple MSI mapping issues on x86 + (XSA-237) + xsa237-1.patch + xsa237-2.patch + xsa237-3.patch + xsa237-4.patch + xsa237-5.patch +* Tue Sep 26 2017 carnold@suse.com +- bsc#1056278 - VUL-0: xen: Missing NUMA node parameter + verification (XSA-231) + 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch +- bsc#1056280 - VUL-0: xen: Missing check for grant table (XSA-232) + 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch +- bsc#1056281 - VUL-0: xen: cxenstored: Race in domain cleanup + (XSA-233) + 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch +- bsc#1056282 - VUL-0: xen: insufficient grant unmapping checks for + x86 PV guests (XSA-234) + 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch +- bsc#1055321 - VUL-0: xen: add-to-physmap error paths fail to + release lock on ARM (XSA-235) + 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch +- Upstream patches from Jan (bsc#1027519) + 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch + 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch + 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch + 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch + 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch + 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch + 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch + 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch +- Dropped gcc7-xen.patch +* Thu Sep 7 2017 carnold@suse.com +- bsc#1057358 - Cannot Boot into SLES12.3 with Xen hypervisor when + Secure Boot is Enabled + xen.spec +* Tue Sep 5 2017 ohering@suse.de +- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored + update from v6 to v9 to cover more cases for ballooned domUs + libxc.sr.superpage.patch +* Mon Aug 28 2017 ohering@suse.de +- bsc#1026236 - remove suse_vtsc_tolerance= cmdline option for Xen + drop the patch because it is not upstream acceptable + remove xen.suse_vtsc_tolerance.patch +* Sat Aug 26 2017 ohering@suse.de +- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored + after the save using xl stack + libxc.sr.superpage.patch +* Tue Aug 22 2017 ohering@suse.de +- Unignore gcc-PIE + the toolstack disables PIE for firmware builds as needed +* Mon Aug 21 2017 carnold@suse.com +- Upstream patches from Jan (bsc#1027519) + 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch + 596f257e-x86-fix-hvmemul_insn_fetch.patch + 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch + 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch + 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch + 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch (Replaces xsa227.patch) + 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch (Replaces xsa228.patch) + 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch (Replaces xsa230.patch) + 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch (Replaces xsa226-1.patch) + 59958ebf-gnttab-fix-transitive-grant-handling.patch (Replaces xsa226-2.patch) + 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch +* Wed Aug 16 2017 carnold@suse.com +- bsc#1044974 - xen-tools require python-pam + xen.spec +* Fri Aug 11 2017 carnold@suse.com +- Clean up spec file errors and a few warnings. (bsc#1027519) +- Removed conditional 'with_systemd' and some old deprecated + 'sles_version' checks. + xen.spec +* Thu Aug 10 2017 jfehlig@suse.com +- Remove use of brctl utiltiy from supportconfig plugin + FATE#323639 +* Thu Aug 10 2017 ohering@suse.de +- Use upstream variant of mini-os __udivmoddi4 change + gcc7-mini-os.patch +* Wed Aug 9 2017 carnold@suse.com +- fate#323639 Move bridge-utils to legacy + replace-obsolete-network-configuration-commands-in-s.patch +* Tue Aug 8 2017 carnold@suse.com +- bsc#1052686 - VUL-0: xen: grant_table: possibly premature + clearing of GTF_writing / GTF_reading (XSA-230) + xsa230.patch +* Mon Aug 7 2017 ohering@suse.de +- bsc#1035231 - migration of HVM domU does not use superpages + on destination dom0 + libxc.sr.superpage.patch +* Thu Aug 3 2017 carnold@suse.com +- bsc#1051787 - VUL-0: CVE-2017-12135: xen: possibly unbounded + recursion in grant table code (XSA-226) + xsa226-1.patch + xsa226-2.patch +- bsc#1051788 - VUL-0: CVE-2017-12137: xen: x86: PV privilege + escalation via map_grant_ref (XSA-227) + xsa227.patch +- bsc#1051789 - VUL-0: CVE-2017-12136: xen: grant_table: Race + conditions with maptrack free list handling (XSA-228) + xsa228.patch +* Tue Aug 1 2017 jfehlig@suse.com +- Add a supportconfig plugin + xen-supportconfig + FATE#323661 +* Tue Jul 25 2017 ohering@suse.de +- bsc#1026236 - add suse_vtsc_tolerance= cmdline option for Xen + To avoid emulation of TSC access from a domU after live migration + add a global tolerance for the measured host kHz + xen.suse_vtsc_tolerance.patch +* Thu Jul 20 2017 carnold@suse.com +- fate#323662 Drop qemu-dm from xen-tools package + The following tarball and patches have been removed + qemu-xen-traditional-dir-remote.tar.bz2 + VNC-Support-for-ExtendedKeyEvent-client-message.patch + 0001-net-move-the-tap-buffer-into-TAPState.patch + 0002-net-increase-tap-buffer-size.patch + 0003-e1000-fix-access-4-bytes-beyond-buffer-end.patch + 0004-e1000-secrc-support.patch + 0005-e1000-multi-buffer-packet-support.patch + 0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch + 0007-e1000-verify-we-have-buffers-upfront.patch + 0008-e1000-check-buffer-availability.patch + CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch + CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch + CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch + CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch + CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch + CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch + CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch + CVE-2015-4037-qemut-smb-config-dir-name.patch + CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch + CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch + CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch + CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch + CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch + CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch + CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch + CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch + CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch + CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch + CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch + CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch + CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch + CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch + CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch + CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch + CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch + CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch + CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch + CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch + CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch + CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch + CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch + CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch + blktap.patch + cdrom-removable.patch + xen-qemu-iscsi-fix.patch + qemu-security-etch1.patch + xen-disable-qemu-monitor.patch + xen-hvm-default-bridge.patch + qemu-ifup-set-mtu.patch + ioemu-vnc-resize.patch + capslock_enable.patch + altgr_2.patch + log-guest-console.patch + bdrv_open2_fix_flags.patch + bdrv_open2_flags_2.patch + ioemu-7615-qcow2-fix-alloc_cluster_link_l2.patch + qemu-dm-segfault.patch + bdrv_default_rwflag.patch + kernel-boot-hvm.patch + ioemu-watchdog-support.patch + ioemu-watchdog-linkage.patch + ioemu-watchdog-ib700-timer.patch + ioemu-hvm-pv-support.patch + pvdrv_emulation_control.patch + ioemu-disable-scsi.patch + ioemu-disable-emulated-ide-if-pv.patch + xenpaging.qemu.flush-cache.patch + ioemu-devicemodel-include.patch +- Cleanup spec file and remove unused KMP patches + kmp_filelist + supported_module.patch + xen_pvonhvm.xen_emul_unplug.patch +* Mon Jul 17 2017 carnold@suse.com +- bsc#1002573 - Optimize LVM functions in block-dmmd + block-dmmd +* Fri Jul 14 2017 ohering@suse.de +- Record initial Xen dmesg in /var/log/xen/xen-boot.log for + supportconfig. Keep previous log in /var/log/xen/xen-boot.prev.log +* Fri Jul 14 2017 ohering@suse.de +- Remove storytelling from description in xen.rpm +* Wed Jun 28 2017 carnold@suse.com +- Update to Xen 4.9.0 FCS (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 +* Wed Jun 21 2017 carnold@suse.com +- Update block-dmmd script (bsc#1002573) + block-dmmd +* Tue Jun 20 2017 carnold@suse.com +- Update to Xen 4.9.0-rc8+ (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + gcc7-arm.patch +- Drop gcc7-error-xenpmd.patch +* Mon Jun 5 2017 carnold@suse.com +- Update to Xen 4.9.0-rc8 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 +* Thu Jun 1 2017 carnold@suse.com +- bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop + due to incorrect return value + CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch +* Tue May 30 2017 carnold@suse.com +- bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory + leakage via capture buffer + CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch +* Fri May 26 2017 carnold@suse.com +- Update to Xen 4.9.0-rc7 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 +* Mon May 22 2017 carnold@suse.com +- Update to Xen 4.9.0-rc6 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 +* Thu May 18 2017 carnold@suse.com +- bsc#1031343 - xen fails to build with GCC 7 + gcc7-mini-os.patch + gcc7-xen.patch +* Wed May 17 2017 carnold@suse.com +- bsc#1031343 - xen fails to build with GCC 7 + gcc7-error-xenpmd.patch +* Tue May 16 2017 carnold@suse.com +- Update to Xen 4.9.0-rc5 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 +- Drop xen-tools-pkgconfig-xenlight.patch +* Wed May 10 2017 carnold@suse.com +- bsc#1037779 - xen breaks kexec-tools build + xen-tools-pkgconfig-xenlight.patch +* Tue May 9 2017 carnold@suse.com +- Update to Xen 4.9.0-rc4 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 +* Tue May 2 2017 carnold@suse.com +- bsc#1036146 - sles12sp2 xen VM dumps core to wrong path + xen.spec +* Fri Apr 28 2017 carnold@suse.com +- Update to Xen 4.9.0-rc3 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + aarch64-maybe-uninitialized.patch +* Fri Apr 21 2017 carnold@suse.com +- Update to Xen 4.9.0-rc2 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 +* Wed Apr 19 2017 carnold@suse.com +- Update to Xen 4.9.0-rc1 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + ioemu-devicemodel-include.patch +- Dropped patches contained in new tarball + xen-4.8.0-testing-src.tar.bz2 + 0001-xenstore-let-write_node-and-some-callers-return-errn.patch + 0002-xenstore-undo-function-rename.patch + 0003-xenstore-rework-of-transaction-handling.patch + 584806ce-x86emul-correct-PUSHF-POPF.patch + 584fc649-fix-determining-when-domain-creation-is-complete.patch + 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch + 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch + 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch + 5853ed37-VT-d-correct-dma_msi_set_affinity.patch + 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch + 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch + 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch + 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch + 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch + 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch + 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch + 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch + 5882129d-x86emul-LOCK-check-adjustments.patch + 58821300-x86-segment-attribute-handling.patch + 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch + 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch + 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch + 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch + 5887888f-credit2-use-the-correct-scratch-cpumask.patch + 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch + 5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch + 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch + 58a44771-IOMMU-always-call-teardown-callback.patch + 58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch + 58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch + 58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch + 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch + 58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch + 58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch + 58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch + 58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch + 58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch + 58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch + 58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch + 58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch + 58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch + CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch + CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch + glibc-2.25-compatibility-fix.patch + xs-09-add_change_node-params.patch + xs-10-call-add_change_node.patch + xs-11-tdb-record-header.patch + xs-12-node-gen-count.patch + xs-13-read-directory-part-support.patch + xs-14-command-array.patch + xs-15-command-return-val.patch + xs-16-function-static.patch + xs-17-arg-parsing.patch + xs-18-default-buffer.patch + xs-19-handle-alloc-failures.patch + xs-20-tdb-version.patch + xs-21-empty-tdb-database.patch + xs-22-reopen_log-fix.patch + xs-23-XS_DEBUG-rename.patch + xs-24-xenstored_control.patch + xs-25-control-enhance.patch + xs-26-log-control.patch + xs-27-memory-report.patch + xs-28-remove-talloc-report.patch + xs-29-define-off_t.patch + xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch + xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch +* Wed Apr 5 2017 carnold@suse.com +- bsc#1022703 - Xen HVM guest with OVMF hangs with unattached CDRom + 58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch +* Wed Mar 29 2017 jfehlig@suse.com +- bsc#1015348 - L3: libvirtd does not start during boot + suse-xendomains-service.patch +* Wed Mar 22 2017 carnold@suse.com +- bsc#1014136 - Partner-L3: kdump can't dump a kernel on SLES12-SP2 + with Xen hypervisor. + 58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch +- bsc#1026236 - L3: Paravirtualized vs. fully virtualized migration + - latter one much faster + 58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch +- Upstream patch from Jan + 58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch + 58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch + 58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch +* Mon Mar 20 2017 carnold@suse.com +- bsc#1022555 - L3: Timeout in "execution of /etc/xen/scripts/block + add" + 58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch + 0001-xenstore-let-write_node-and-some-callers-return-errn.patch + 0002-xenstore-undo-function-rename.patch + 0003-xenstore-rework-of-transaction-handling.patch +- bsc#1030144 - VUL-0: xen: xenstore denial of service via repeated + update (XSA-206) + xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch + xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch +- bsc#1029827 - Forward port xenstored + xs-09-add_change_node-params.patch + xs-10-call-add_change_node.patch + xs-11-tdb-record-header.patch + xs-12-node-gen-count.patch + xs-13-read-directory-part-support.patch + xs-14-command-array.patch + xs-15-command-return-val.patch + xs-16-function-static.patch + xs-17-arg-parsing.patch + xs-18-default-buffer.patch + xs-19-handle-alloc-failures.patch + xs-20-tdb-version.patch + xs-21-empty-tdb-database.patch + xs-22-reopen_log-fix.patch + xs-23-XS_DEBUG-rename.patch + xs-24-xenstored_control.patch + xs-25-control-enhance.patch + xs-26-log-control.patch + xs-27-memory-report.patch + xs-28-remove-talloc-report.patch + xs-29-define-off_t.patch +* Tue Mar 14 2017 ohering@suse.de +- bsc#1029128 - fix make xen to really produce xen.efi with gcc48 +* Wed Mar 8 2017 carnold@suse.com +- bsc#1028235 - VUL-0: CVE-2017-6505: xen: qemu: usb: an infinite + loop issue in ohci_service_ed_list + CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch +- Upstream patches from Jan (bsc#1027519) + 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch + 5887888f-credit2-use-the-correct-scratch-cpumask.patch + 5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch + 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch + 58a44771-IOMMU-always-call-teardown-callback.patch + 58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch + 58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch + 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch + 58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch + 58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch + 58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch +* Thu Mar 2 2017 carnold@suse.com +- bsc#1027654 - XEN fails to build against glibc 2.25 + glibc-2.25-compatibility-fix.patch + libxl.pvscsi.patch +* Thu Feb 16 2017 ohering@suse.de +- fate#316613: Refresh and enable libxl.pvscsi.patch +* Fri Feb 10 2017 carnold@suse.com +- bsc#1024834 - VUL-0: CVE-2017-2620: xen: cirrus_bitblt_cputovideo + does not check if memory region is safe (XSA-209) + CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch +* Wed Feb 8 2017 carnold@suse.com +- bsc#1023948 - [pvusb][sles12sp3][openqa] Segmentation fault + happened when adding usbctrl devices via xl + 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch +* Thu Feb 2 2017 carnold@suse.com +- Upstream patches from Jan (bsc#1027519) + 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch + 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch + 5882129d-x86emul-LOCK-check-adjustments.patch + 58821300-x86-segment-attribute-handling.patch + 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch + 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch + 5887888f-credit2-use-the-correct-scratch-cpumask.patch + 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch + 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch + 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch +* Wed Feb 1 2017 carnold@suse.com +- bsc#1023004 - VUL-0: CVE-2017-2615: qemu: display: cirrus: oob + access while doing bitblt copy backward mode + CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch +* Thu Jan 26 2017 carnold@suse.com +- fate#322313 and fate#322150 require the acpica package ported to + aarch64 which Xen 4.8 needs to build. Temporarily disable aarch64 + until these fates are complete. + xen.spec +* Wed Jan 25 2017 carnold@suse.com +- bsc#1021952 - Virutalization/xen: Bug xen-tools missing + /usr/bin/domu-xenstore; guests fail to launch + tmp_build.patch + xen.spec +* Wed Jan 18 2017 ohering@suse.de +- No systemd presets for 42.3+ and SLE12SP3+ (bsc#1012842) +* Thu Jan 12 2017 carnold@suse.com +- bsc#1007224 - broken symlinks in /usr/share/doc/packages/xen/misc/ + xen.spec +* Mon Jan 9 2017 carnold@suse.com +- 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch + Replaces xsa202.patch (bsc#1014298) +- 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch + Replaces xsa203.patch (bsc#1014300) +- 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch + Replaces xsa204.patch (bsc#1016340) +- Upstream patches from Jan + 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch + 5853ed37-VT-d-correct-dma_msi_set_affinity.patch + 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch + 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch + 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch +* Wed Jan 4 2017 carnold@suse.com +- bsc#1015169 - VUL-0: CVE-2016-9921, CVE-2016-9922: xen: qemu: + display: cirrus_vga: a divide by zero in cirrus_do_copy + CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch +* Mon Dec 19 2016 carnold@suse.com +- bsc#1016340 - VUL-0: CVE-2016-10013: xen: x86: Mishandling of + SYSCALL singlestep during emulation (XSA-204) + xsa204.patch +* Thu Dec 15 2016 carnold@suse.com +- bsc#1012651 - VUL-0: CVE-2016-9932: xen: x86 CMPXCHG8B emulation + fails to ignore operand size override (XSA-200) + 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch +* Wed Dec 14 2016 carnold@suse.com +- bsc#1014298 - VUL-0: CVE-2016-10024: xen: x86 PV guests may be + able to mask interrupts (XSA-202) + xsa202.patch +- bsc#1014300 - VUL-0: CVE-2016-10025: xen: x86: missing NULL + pointer check in VMFUNC emulation (XSA-203) + xsa203.patch +- Upstream patches from Jan + 584806ce-x86emul-correct-PUSHF-POPF.patch + 584fc649-fix-determining-when-domain-creation-is-complete.patch + 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch + 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch +* Mon Dec 5 2016 carnold@suse.com +- Update to Xen 4.8 FCS + xen-4.8.0-testing-src.tar.bz2 +- Dropped + xen-4.7.1-testing-src.tar.bz2 + 0001-libxc-Rework-extra-module-initialisation.patch + 0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch + 0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch + 0004-firmware-makefile-install-BIOS-blob.patch + 0005-libxl-Load-guest-BIOS-from-file.patch + 0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch + 0007-hvmloader-Grab-the-hvm_start_info-pointer.patch + 0008-hvmloader-Locate-the-BIOS-blob.patch + 0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch + 0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch + 0011-hvmloader-Load-OVMF-from-modules.patch + 0012-hvmloader-Specific-bios_load-function-required.patch + 0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch + 0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch + 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch + 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch + 5769106e-x86-generate-assembler-equates-for-synthesized.patch + 57a1e603-x86-time-adjust-local-system-time-initialization.patch + 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch + 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch + 57a30261-x86-support-newer-Intel-CPU-models.patch + 5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch + 581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch + 581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch + 58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch + 582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch + 582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch + 58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch + 58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch + 58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch + 58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch + 58343ec2-x86emul-fix-huge-bit-offset-handling.patch + 58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch + 58343f44-x86-svm-fix-injection-of-software-interrupts.patch + 58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch + CVE-2016-9381-xsa197-qemut.patch + CVE-2016-9637-xsa199-qemut.patch +* Tue Nov 22 2016 carnold@suse.com +- bsc#1011652 - VUL-0: xen: qemu ioport array overflow + CVE-2016-9637-xsa199-qemut.patch +* Fri Nov 18 2016 carnold@suse.com +- bsc#1009100 - VUL-0: CVE-2016-9386: XSA-191: xen: x86 null + segments not always treated as unusable + 58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch +- bsc#1009103 - VUL-0: CVE-2016-9382: XSA-192: xen: x86 task switch + to VM86 mode mis-handled + 58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch +- bsc#1009104 - VUL-0: CVE-2016-9385: XSA-193: xen: x86 segment base + write emulation lacking canonical address checks + 58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch +- bsc#1009105 - VUL-0: CVE-2016-9384: XSA-194: xen: guest 32-bit + ELF symbol table load leaking host data + 58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch +- bsc#1009107 - VUL-0: CVE-2016-9383: XSA-195: xen: x86 64-bit bit + test instruction emulation broken + 58343ec2-x86emul-fix-huge-bit-offset-handling.patch +- bsc#1009108 - VUL-0: CVE-2016-9377,CVE-2016-9378: XSA-196: xen: + x86 software interrupt injection mis-handled + 58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch + 58343f44-x86-svm-fix-injection-of-software-interrupts.patch +- bsc#1009109 - VUL-0: CVE-2016-9381: XSA-197: xen: qemu incautious + about shared ring processing + CVE-2016-9381-xsa197-qemut.patch +- bsc#1009111 - VUL-0: CVE-2016-9379,CVE-2016-9380: XSA-198: xen: + delimiter injection vulnerabilities in pygrub + 58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch +- Upstream patches from Jan + 581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch + 581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch + 58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch + 582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch + 582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch +* Tue Nov 15 2016 carnold@suse.com +- Update to Xen Version 4.7.1 + xen-4.7.1-testing-src.tar.bz2 +- Dropped patches contained in new tarball + xen-4.7.0-testing-src.tar.bz2 + 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch + 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch + 57973099-have-schedulers-revise-initial-placement.patch + 579730e6-remove-buggy-initial-placement-algorithm.patch + 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch + 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch + 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch + 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch + 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch + 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch + 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch + 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch + 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch + 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch + 57c82be2-x86-32on64-adjust-call-gate-emulation.patch + 57c93e52-fix-error-in-libxl_device_usbdev_list.patch + 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch + 57c96e2c-x86-correct-PT_NOTE-file-position.patch + 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch + 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch + 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch + 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch + 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch + 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch + 57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch + 57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch + 57da8883-credit1-fix-mask-to-be-used-for-tickling.patch + 57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch + 57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch + 57e93e1d-x86emul-correct-loading-of-ss.patch + 57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch + 57e93e89-x86-AMD-apply-erratum-665-workaround.patch + 57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch + 57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch + 57fb6a91-x86-defer-not-present-segment-checks.patch + 5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch + 5800caec-x86emul-fix-pushing-of-selector-registers.patch + 5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch + 580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch + 57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch +* Mon Nov 7 2016 carnold@suse.com +- bsc#1004981 - Xen RPM doesn't contain debug hypervisor for EFI + systems + xen.spec +* Thu Nov 3 2016 carnold@suse.com +- bsc#1000106 - VUL-0: CVE-2016-7777: xen: CR0.TS and CR0.EM not + always honored for x86 HVM guests (XSA-190) + 57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch +- bsc#996191 - [XEN][acpi]residency -n 88 -c will cause xen panic + on broadwell-ep + 57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch +- Upstream patches from Jan + 57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch + 57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch + 57da8883-credit1-fix-mask-to-be-used-for-tickling.patch + 57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch + 57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch + 57e93e1d-x86emul-correct-loading-of-ss.patch + 57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch + 57e93e89-x86-AMD-apply-erratum-665-workaround.patch + 57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch + 57fb6a91-x86-defer-not-present-segment-checks.patch + 5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch + 5800caec-x86emul-fix-pushing-of-selector-registers.patch + 5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch + 580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch + 5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch +* Wed Nov 2 2016 carnold@suse.com +- bsc#1007941 - Xen tools limit the number of vcpus to 256 when the + system has 384 + xen-arch-kconfig-nr_cpus.patch +* Tue Nov 1 2016 carnold@suse.com +- bsc#1007157 - VUL-0: CVE-2016-8910: xen: net: rtl8139: infinite + loop while transmit in C+ mode + CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch +* Mon Oct 17 2016 carnold@suse.com +- bsc#1005004 - CVE-2016-8667: xen: dma: rc4030 divide by zero + error in set_next_tick + CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch +- bsc#1005005 - VUL-0: CVE-2016-8669: xen: char: divide by zero + error in serial_update_parameters + CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch +* Wed Oct 5 2016 carnold@suse.com +- bsc#1003030 - VUL-0: CVE-2016-7908: xen: net: Infinite loop in + mcf_fec_do_tx + CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch +- bsc#1003032 - VUL-0: CVE-2016-7909: xen: net: pcnet: infinite + loop in pcnet_rdra_addr + CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch +* Mon Sep 12 2016 carnold@suse.com +- bsc#995785 - VUL-0: CVE-2016-7092: xen: x86: Disallow L3 + recursive pagetable for 32-bit PV guests (XSA-185) + 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch +- bsc#995789 - VUL-0: CVE-2016-7093: xen: x86: Mishandling of + instruction pointer truncation during emulation (XSA-186) + 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch + 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch +- bsc#995792 - VUL-0: CVE-2016-7094: xen: x86 HVM: Overflow of + sh_ctxt->seg_reg[] (XSA-187) + 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch + 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch +- bsc#991934 - xen hypervisor crash in csched_acct + 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch +- Upstream patches from Jan + 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch + 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch + 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch + 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch + 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch + 57c82be2-x86-32on64-adjust-call-gate-emulation.patch + 57c96e2c-x86-correct-PT_NOTE-file-position.patch + 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch +* Mon Sep 12 2016 ohering@suse.de +- bsc#979002 - add 60-persistent-xvd.rules and helper script + also to initrd, add the relevant dracut helper +* Mon Sep 5 2016 ohering@suse.de +- bnc#953518 - unplug also SCSI disks in qemu-xen-traditional for + upstream unplug protocol +* Fri Sep 2 2016 carnold@suse.com +- bsc#989679 - [pvusb feature] USB device not found when + 'virsh detach-device guest usb.xml' + 57c93e52-fix-error-in-libxl_device_usbdev_list.patch +* Tue Aug 23 2016 carnold@suse.com +- bsc#992224 - [HPS Bug] During boot of Xen Hypervisor, Failed to + get contiguous memory for DMA from Xen + 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch +- bsc#978755 - xen uefi systems fail to boot +- bsc#983697 - SLES12 SP2 Xen UEFI mode cannot boot + 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch +- Upstream patch from Jan + 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch +* Mon Aug 8 2016 jfehlig@suse.com +- spec: to stay compatible with the in-tree qemu-xen binary, use + /usr/bin/qemu-system-i386 instead of /usr/bin/qemu-system-x86_64 + bsc#986164 +* Thu Aug 4 2016 carnold@suse.com +- bsc#970135 - new virtualization project clock test randomly fails + on Xen + 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch + 5769106e-x86-generate-assembler-equates-for-synthesized.patch + 57a1e603-x86-time-adjust-local-system-time-initialization.patch + 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch + 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch +- bsc#991934 - xen hypervisor crash in csched_acct + 57973099-have-schedulers-revise-initial-placement.patch + 579730e6-remove-buggy-initial-placement-algorithm.patch +- bsc#988675 - VUL-0: CVE-2016-6258: xen: x86: Privilege escalation + in PV guests (XSA-182) + 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch +- bsc#988676 - VUL-0: CVE-2016-6259: xen: x86: Missing SMAP + whitelisting in 32-bit exception / event delivery (XSA-183) + 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch +- Upstream patches from Jan + 57a30261-x86-support-newer-Intel-CPU-models.patch +* Mon Aug 1 2016 carnold@suse.com +- bsc#985503 - vif-route broken + vif-route.patch +* Thu Jul 28 2016 carnold@suse.com +- bsc#978413 - PV guest upgrade from sles11sp4 to sles12sp2 alpha3 + failed on sles11sp4 xen host. + pygrub-handle-one-line-menu-entries.patch +* Wed Jul 27 2016 carnold@suse.com +- bsc#990843 - VUL-1: CVE-2016-6351: xen: qemu: scsi: esp: OOB + write access in esp_do_dma + CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch +* Thu Jun 23 2016 carnold@suse.com +- bsc#900418 - Dump cannot be performed on SLES12 XEN + 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch +- Upstream patches from Jan + 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch + 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch +* Tue Jun 21 2016 carnold@suse.com +- fate#319989 - Update to Xen 4.7 FCS + xen-4.7.0-testing-src.tar.bz2 +- Drop CVE-2014-3672-qemut-xsa180.patch +* Thu Jun 16 2016 carnold@suse.com +- bsc#954872 - script block-dmmd not working as expected - libxl: + error: libxl_dm.c (Additional fixes) + block-dmmd +* Fri Jun 10 2016 ohering@suse.de +- Convert with_stubdom into build_conditional to allow adjusting + via prjconf +- Convert with_debug into build_conditional to allow adjusting + via prjconf +* Fri Jun 10 2016 ohering@suse.de +- bsc#979002 - add 60-persistent-xvd.rules and helper script to + xen-tools-domU to simplify transition to pvops based kernels +* Fri Jun 10 2016 ohering@suse.de +- Convert with_oxenstored into build_conditional to allow + adjusting via prjconf (fate#320836) +* Thu Jun 9 2016 carnold@suse.com +- bsc#983984 - VUL-0: CVE-2016-5338: xen: qemu: scsi: esp: OOB r/w + access while processing ESP_FIFO + CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch +- bsc#982960 - VUL-0: CVE-2016-5238: xen: qemu: scsi: esp: OOB + write when using non-DMA mode in get_cmd + CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch +* Tue Jun 7 2016 carnold@suse.com +- fate#319989 - Update to Xen 4.7 RC5 + xen-4.7.0-testing-src.tar.bz2 +* Wed May 25 2016 carnold@suse.com +- fate#319989 - Update to Xen 4.7 RC4 + xen-4.7.0-testing-src.tar.bz2 +- Dropped + xen.pkgconfig-4.7.patch + xsa164.patch +* Mon May 23 2016 carnold@suse.com +- bsc#981264 - VUL-0: CVE-2014-3672: xen: Unrestricted qemu logging + (XSA-180) + CVE-2014-3672-qemut-xsa180.patch +* Thu May 19 2016 carnold@suse.com +- bsc#980724 - VUL-0: CVE-2016-4441: Qemu: scsi: esp: OOB write + while writing to 's->cmdbuf' in get_cmd + CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch +- bsc#980716 - VUL-0: CVE-2016-4439: xen: scsi: esp: OOB write + while writing to 's->cmdbuf' in esp_reg_write + CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch +* Tue May 17 2016 carnold@suse.com +- fate#319989 - Update to Xen 4.7 RC3 + xen-4.7.0-testing-src.tar.bz2 +- Dropped + libxl-remove-cdrom-cachemode.patch + x86-PoD-only-reclaim-if-needed.patch + gcc6-warnings-as-errors.patch +* Wed May 11 2016 carnold@suse.com +- bsc#954872 - script block-dmmd not working as expected - libxl: + error: libxl_dm.c (another modification) + block-dmmd +* Tue May 10 2016 carnold@suse.com +- fate#319989 - Update to Xen 4.7 RC2 + xen-4.7.0-testing-src.tar.bz2 +* Tue May 10 2016 carnold@suse.com +- bsc#961600 - L3: poor performance when Xen HVM domU configured + with max memory > current memory + x86-PoD-only-reclaim-if-needed.patch +* Fri May 6 2016 ohering@suse.de +- Mark SONAMEs and pkgconfig as xen 4.7 + xen.pkgconfig-4.7.patch +* Tue May 3 2016 jfehlig@suse.com +- bsc#977329 - Xen: Cannot boot HVM guests with empty cdrom + libxl-remove-cdrom-cachemode.patch +* Tue May 3 2016 carnold@suse.com +- fate#319989 - Update to Xen 4.7 RC1 + xen-4.7.0-testing-src.tar.bz2 +* Tue May 3 2016 ohering@suse.de +- fate#316614: set migration constraints from cmdline + restore libxl.set-migration-constraints-from-cmdline.patch +* Tue May 3 2016 ohering@suse.de +- Remove obsolete patch for xen-kmp + magic_ioport_compat.patch +* Tue May 3 2016 ohering@suse.de +- fate#316613: update to v12 + libxl.pvscsi.patch +* Fri Apr 29 2016 carnold@suse.com +- Update to the latest Xen 4.7 pre-release c2994f86 + Drop libxl.migrate-legacy-stream-read.patch +* Fri Apr 15 2016 ohering@suse.de +- bnc#972756 - Can't migrate HVM guest from SLES12SP1 Xen host + to SLES12SP2 Alpha 1 host using xl migrate + libxl.migrate-legacy-stream-read.patch +* Fri Apr 1 2016 jfehlig@suse.com +- Add patches from proposed upstream series to load BIOS's from + the toolstack instead of embedding in hvmloader + http://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01626.html + 0001-libxc-Rework-extra-module-initialisation.patch, + 0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch, + 0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch, + 0004-firmware-makefile-install-BIOS-blob.patch, + 0005-libxl-Load-guest-BIOS-from-file.patch, + 0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch, + 0007-hvmloader-Grab-the-hvm_start_info-pointer.patch, + 0008-hvmloader-Locate-the-BIOS-blob.patch, + 0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch, + 0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch, + 0011-hvmloader-Load-OVMF-from-modules.patch, + 0012-hvmloader-Specific-bios_load-function-required.patch, + 0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch, + 0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch +- Enable support for UEFI on x86_64 using the ovmf-x86_64-ms.bin + firmware from qemu-ovmf-x86_64. The firmware is preloaded with + Microsoft keys to more closely resemble firmware on real hardware + FATE#320490 +* Fri Mar 25 2016 carnold@suse.com +- fate#319989: Update to Xen 4.7 (pre-release) + xen-4.7.0-testing-src.tar.bz2 +- Dropped: + xen-4.6.1-testing-src.tar.bz2 + 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch + 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch + 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch + 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch + hotplug-Linux-block-performance-fix.patch + set-mtu-from-bridge-for-tap-interface.patch + xendomains-libvirtd-conflict.patch + xsa154.patch + xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch + xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch + xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch + xsa170.patch +* Tue Mar 22 2016 jfehlig@suse.com +- Use system SeaBIOS instead of building/installing another one + FATE#320638 + Dropped files: + seabios-dir-remote.tar.bz2 + xen-c99-fix.patch + xen.build-compare.seabios.patch +* Wed Mar 16 2016 jfehlig@suse.com +- spec: drop BuildRequires that were only needed for qemu-xen +* Fri Mar 4 2016 carnold@suse.com +- bsc#969377 - xen does not build with GCC 6 + ipxe-use-rpm-opt-flags.patch + gcc6-warnings-as-errors.patch +* Thu Mar 3 2016 carnold@suse.com +- bsc#969351 - VUL-0: CVE-2016-2841: xen: net: ne2000: infinite + loop in ne2000_receive + CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch +- Drop xsa154-fix.patch +* Wed Mar 2 2016 jfehlig@suse.com +- Use system qemu instead of building/installing yet another qemu + FATE#320638 +- Dropped files + qemu-xen-dir-remote.tar.bz2 + CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch + CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch + CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch + CVE-2015-4037-qemuu-smb-config-dir-name.patch + CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch + CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch + CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch + CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch + CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch + CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch + CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch + CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch + CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch + CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch + CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch + CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch + CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch + CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch + CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch + CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch + qemu-xen-enable-spice-support.patch + qemu-xen-upstream-qdisk-cache-unsafe.patch + tigervnc-long-press.patch + xsa162-qemuu.patch +* Mon Feb 29 2016 carnold@suse.com +- bsc#962321 - VUL-0: CVE-2016-1922: xen: i386: null pointer + dereference in vapic_write() + CVE-2016-1922-qemuu-i386-null-pointer-dereference-in-vapic_write.patch +* Wed Feb 24 2016 carnold@suse.com +- bsc#968004 - VUL-0: CVE-2016-2538: xen: usb: integer overflow in + remote NDIS control message handling + CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch +* Thu Feb 18 2016 carnold@suse.com +- bsc#954872 - L3: script block-dmmd not working as expected - + libxl: error: libxl_dm.c + block-dmmd +- Update libxl to recognize dmmd and npiv prefix in disk spec + xen.libxl.dmmd.patch +* Wed Feb 17 2016 carnold@suse.com +- bsc#967101 - VUL-0: CVE-2016-2391: xen: usb: multiple eof_timers + in ohci module leads to null pointer dereference + CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch + CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch +- bsc#967090 - VUL-0: CVE-2016-2392: xen: usb: null pointer + dereference in remote NDIS control message handling + CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch +* Thu Feb 11 2016 carnold@suse.com +- Update to Xen Version 4.6.1 + xen-4.6.1-testing-src.tar.bz2 +- Dropped patches now contained in tarball or unnecessary + xen-4.6.0-testing-src.tar.bz2 + 5604f239-x86-PV-properly-populate-descriptor-tables.patch + 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch + 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch + 561d20a0-x86-hide-MWAITX-from-PV-domains.patch + 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch + 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch + 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch + 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch + 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch + 5632129c-free-domain-s-vcpu-array.patch + 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch + 563212e4-xenoprof-free-domain-s-vcpu-array.patch + 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch + 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch + 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch + 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch + 56549f24-x86-vPMU-document-as-unsupported.patch + 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch + xsa155-qemut-qdisk-double-access.patch + xsa155-qemut-xenfb.patch + xsa155-qemuu-qdisk-double-access.patch + xsa155-qemuu-xenfb.patch + xsa159.patch + xsa160.patch + xsa162-qemut.patch + xsa165.patch + xsa166.patch + xsa167.patch + xsa168.patch +* Fri Feb 5 2016 carnold@suse.com +- bsc#965315 - VUL-0: CVE-2016-2270: xen: x86: inconsistent + cachability flags on guest mappings (XSA-154) + xsa154.patch +- bsc#965317 - VUL-0: CVE-2016-2271: xen: VMX: guest user mode may + crash guest with non-canonical RIP (XSA-170) + xsa170.patch +* Fri Feb 5 2016 carnold@suse.com +- bsc#965269 - VUL-1: CVE-2015-8619: xen: stack based OOB write in + hmp_sendkey routine + CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch +* Thu Feb 4 2016 carnold@suse.com +- bsc#965156 - VUL-0: CVE-2015-6855: xen: ide: divide by zero issue + CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch +- bsc#965112 - VUL-0: CVE-2014-3640: xen: slirp: NULL pointer deref + in sosendto() + CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch +* Wed Feb 3 2016 carnold@suse.com +- bsc#964947 - VUL-0: CVE-2015-5278: xen: Infinite loop in + ne2000_receive() function + CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch +- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: + infinite loop in processing command block list + CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch + CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch +* Tue Feb 2 2016 carnold@suse.com +- bsc#964644 - VUL-0: CVE-2013-4533: xen pxa2xx: buffer overrun on + incoming migration + CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch +- bsc#964925 - VUL-0: CVE-2014-0222: xen: qcow1: validate L2 table + size to avoid integer overflows + CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch +- Dropped CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch +* Mon Feb 1 2016 carnold@suse.com +- bsc#964415 - VUL-1: CVE-2016-2198: xen: usb: ehci null pointer + dereference in ehci_caps_write + CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch +- bsc#964452 - VUL-0: CVE-2013-4534: xen: openpic: buffer overrun + on incoming migration + CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch +* Wed Jan 27 2016 carnold@suse.com +- bsc#963783 - VUL-1: CVE-2016-1981: xen: net: e1000 infinite loop + in start_xmit and e1000_receive_iov routines + CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch + CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch +* Wed Jan 20 2016 carnold@suse.com +- bsc#962758 - VUL-0: CVE-2013-4539: xen: tsc210x: buffer overrun + on invalid state load + CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch +* Tue Jan 19 2016 carnold@suse.com +- bsc#962632 - VUL-0: CVE-2015-1779: xen: vnc: insufficient + resource limiting in VNC websockets decoder + CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch + CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch +- bsc#962642 - VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on + invalid state load + CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch +- bsc#962627 - VUL-0: CVE-2014-7815: xen: vnc: insufficient + bits_per_pixel from the client sanitization + CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch +* Mon Jan 18 2016 carnold@suse.com +- bsc#962335 - VUL-0: CVE-2013-4538: xen: ssd0323: fix buffer + overun on invalid state + CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch +- bsc#962360 - VUL-0: CVE-2015-7512: xen: net: pcnet: buffer + overflow in non-loopback mode + CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch + CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch +* Wed Jan 13 2016 carnold@suse.com +- bsc#961692 - VUL-0: CVE-2016-1714: xen: nvram: OOB r/w access in + processing firmware configurations + CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch + CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch +* Mon Jan 11 2016 carnold@suse.com +- bsc#961358 - VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based + buffer overflow in megasas_ctrl_get_info + CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch +- bsc#961332 - VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci + use-after-free vulnerability in aio port commands + CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch +* Thu Jan 7 2016 carnold@suse.com +- bsc#959695 - missing docs for xen + xen.spec +* Wed Jan 6 2016 carnold@suse.com +- bsc#960862 - VUL-0: CVE-2016-1571: xen: VMX: intercept issue with + INVLPG on non-canonical address (XSA-168) + xsa168.patch +- bsc#960861 - VUL-0: CVE-2016-1570: xen: PV superpage + functionality missing sanity checks (XSA-167) + xsa167.patch +- bsc#960836 - VUL-0: CVE-2015-8744: xen: net: vmxnet3: incorrect + l2 header validation leads to a crash via assert(2) call + CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch +* Tue Jan 5 2016 carnold@suse.com +- bsc#960707 - VUL-0: CVE-2015-8745: xen: reading IMR registers + leads to a crash via assert(2) call + CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch +- bsc#960726 - VUL-0: CVE-2015-8743: xen: ne2000: OOB memory access + in ioport r/w functions + CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch +* Mon Jan 4 2016 carnold@suse.com +- bsc#960093 - VUL-0: CVE-2015-8615: xen: x86: unintentional + logging upon guest changing callback method (XSA-169) + 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch +* Mon Dec 21 2015 ohering@suse.de +- Adjust xen-dom0-modules.service to run Before xenstored.service + instead of proc-xen.mount to workaround a bug in systemd "design" + (bnc#959845) +* Wed Dec 16 2015 carnold@suse.com +- bsc#959387 - VUL-0: CVE-2015-8568 CVE-2015-8567: xen: qemu: net: + vmxnet3: host memory leakage + CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch +* Mon Dec 14 2015 carnold@suse.com +- bsc#957988 - VUL-0: CVE-2015-8550: xen: paravirtualized drivers + incautious about shared memory contents (XSA-155) + xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch + xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch + xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch + xsa155-qemuu-qdisk-double-access.patch + xsa155-qemut-qdisk-double-access.patch + xsa155-qemuu-xenfb.patch + xsa155-qemut-xenfb.patch +- bsc#959006 - VUL-0: CVE-2015-8558: xen: qemu: usb: infinite loop + in ehci_advance_state results in DoS + CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch +- bsc#958918 - VUL-0: CVE-2015-7549: xen: qemu pci: null pointer + dereference issue + CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch +- bsc#958493 - VUL-0: CVE-2015-8504: xen: qemu: ui: vnc: avoid + floating point exception + CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch + CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch +- bsc#958007 - VUL-0: CVE-2015-8554: xen: qemu-dm buffer overrun in + MSI-X handling (XSA-164) + xsa164.patch +- bsc#958009 - VUL-0: CVE-2015-8555: xen: information leak in + legacy x86 FPU/XMM initialization (XSA-165) + xsa165.patch +- bsc#958523 - VUL-0: xen: ioreq handling possibly susceptible to + multiple read issue (XSA-166) + xsa166.patch +* Fri Nov 27 2015 carnold@suse.com +- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: + infinite loop in processing command block list + CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch + CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch +- Upstream patches from Jan + 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch + 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) + 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch + 56544a57-VMX-fix-adjust-trap-injection.patch + 56546ab2-sched-fix-insert_vcpu-locking.patch +* Wed Nov 25 2015 carnold@suse.com +- bsc#956592 - VUL-0: xen: virtual PMU is unsupported (XSA-163) + 56549f24-x86-vPMU-document-as-unsupported.patch +- bsc#956408 - VUL-0: CVE-2015-8339, CVE-2015-8340: xen: + XENMEM_exchange error handling issues (XSA-159) + xsa159.patch +- bsc#956409 - VUL-0: CVE-2015-8341: xen: libxl leak of pv kernel + and initrd on error (XSA-160) + xsa160.patch +- bsc#956411 - VUL-0: CVE-2015-7504: xen: heap buffer overflow + vulnerability in pcnet emulator (XSA-162) + xsa162-qemuu.patch + xsa162-qemut.patch +- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour + readonly flag on disks with qemu-xen (xsa-142) + 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch + 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch +* Tue Nov 24 2015 carnold@suse.com +- fate#315712: XEN: Use the PVOPS kernel + Turn off building the KMPs now that we are using the pvops kernel + xen.spec +* Thu Nov 19 2015 carnold@suse.com +- Upstream patches from Jan + 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch + 561d20a0-x86-hide-MWAITX-from-PV-domains.patch + 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch + 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch + 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch + 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch + 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch + 5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch) + 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch + 563212e4-xenoprof-free-domain-s-vcpu-array.patch + 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch + 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch + 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch + 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) + 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch +- Dropped 55b0a2db-x86-MSI-track-guest-masking.patch +* Thu Nov 19 2015 ohering@suse.de +- Use upstream variants of block-iscsi and block-nbd +* Thu Nov 19 2015 ohering@suse.de +- Remove xenalyze.hg, its part of xen-4.6 +* Tue Nov 10 2015 carnold@suse.com +- Update to Xen Version 4.6.0 + xen-4.6.0-testing-src.tar.bz2 + mini-os.tar.bz2 + blktap2-no-uninit.patch + stubdom-have-iovec.patch +- Renamed + xsa149.patch to CVE-2015-7969-xsa149.patch +- Dropped patches now contained in tarball or unnecessary + xen-4.5.2-testing-src.tar.bz2 + 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch + 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch + 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch + 54f4985f-libxl-fix-libvirtd-double-free.patch + 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch + 551ac326-xentop-add-support-for-qdisk.patch + 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch + 552d0fe8-x86-mtrr-include-asm-atomic.h.patch + 552d293b-x86-vMSI-X-honor-all-mask-requests.patch + 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch + 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch + 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch + 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch + 554c7aee-x86-provide-arch_fetch_and_add.patch + 554c7b00-arm-provide-arch_fetch_and_add.patch + 554cc211-libxl-add-qxl.patch 55534b0a-x86-provide-add_sized.patch + 55534b25-arm-provide-add_sized.patch + 5555a4f8-use-ticket-locks-for-spin-locks.patch + 5555a5b9-x86-arm-remove-asm-spinlock-h.patch + 5555a8ec-introduce-non-contiguous-allocation.patch + 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch + 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch + 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch + 557eb55f-gnttab-per-active-entry-locking.patch + 557eb5b6-gnttab-introduce-maptrack-lock.patch + 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch + 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch + 5582bf43-evtchn-simplify-port_is_valid.patch + 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch + 5583d9c5-x86-MSI-X-cleanup.patch + 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch + 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch + 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch + 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch + 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch + 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch + 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch + 55b0a218-x86-PCI-CFG-write-intercept.patch + 55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch + 55b0a2ab-x86-MSI-X-enable.patch blktapctrl-close-fifos.patch + blktapctrl-default-to-ioemu.patch blktapctrl-disable-debug-printf.patch + blktap-no-uninit.patch blktap-pv-cdrom.patch build-tapdisk-ioemu.patch + ioemu-bdrv-open-CACHE_WB.patch ioemu-blktap-barriers.patch + ioemu-blktap-fv-init.patch ioemu-blktap-image-format.patch + ioemu-blktap-zero-size.patch libxl.set-migration-constraints-from-cmdline.patch + local_attach_support_for_phy.patch pci-attach-fix.patch + qemu-xen-upstream-megasas-buildtime.patch tapdisk-ioemu-logfile.patch + tapdisk-ioemu-shutdown-fix.patch udev-rules.patch xen.build-compare.ipxe.patch + xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch + xen.build-compare.vgabios.patch xen.build-compare.xen_compile_h.patch + xl-coredump-file-location.patch +* Thu Nov 5 2015 carnold@suse.com +- bsc#954405 - VUL-0: CVE-2015-8104: Xen: guest to host DoS by + triggering an infinite loop in microcode via #DB exception +- bsc#954018 - VUL-0: CVE-2015-5307: xen: x86: CPU lockup during + fault delivery (XSA-156) + CVE-2015-5307-xsa156.patch +* Wed Nov 4 2015 carnold@suse.com +- Update to Xen 4.5.2 + xen-4.5.2-testing-src.tar.bz2 +- Drop the following + xen-4.5.1-testing-src.tar.bz2 + 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch + 5576f178-kexec-add-more-pages-to-v1-environment.patch + 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch + 558bfaa0-x86-traps-avoid-using-current-too-early.patch + 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch + 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch + 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch + 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch + 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch + 559bdde5-pull-in-latest-linux-earlycpio.patch + 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch + 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch + 55a77e4f-dmar-device-scope-mem-leak-fix.patch + 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch + 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch + 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch + 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch + 55e43fd8-x86-NUMA-fix-setup_node.patch + 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch + 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch + 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch + 55f9345b-x86-MSI-fail-if-no-hardware-support.patch + 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch + 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch + 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch + 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch + 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch + 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch + 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch + 561d20a0-x86-hide-MWAITX-from-PV-domains.patch + 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch + 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch + CVE-2015-4106-xsa131-9.patch CVE-2015-3259-xsa137.patch + CVE-2015-7311-xsa142.patch CVE-2015-7835-xsa148.patch + xsa139-qemuu.patch xsa140-qemuu-1.patch xsa140-qemuu-2.patch + xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch + xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch + xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch + xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch + xsa151.patch xsa152.patch xsa153-libxl.patch + CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch + CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch + CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch + CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch + CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch + CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch + CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch + CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch" +* Mon Nov 2 2015 carnold@suse.com +- bsc#950704 - CVE-2015-7970 VUL-1: xen: x86: Long latency + populate-on-demand operation is not preemptible (XSA-150) + 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch +* Wed Oct 28 2015 carnold@suse.com +- Upstream patches from Jan + 5604f239-x86-PV-properly-populate-descriptor-tables.patch + 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch + 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch + 561d20a0-x86-hide-MWAITX-from-PV-domains.patch + 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch +* Fri Oct 23 2015 carnold@suse.com +- bsc#951845 - VUL-0: CVE-2015-7972: xen: x86: populate-on-demand + balloon size inaccuracy can crash guests (XSA-153) + xsa153-libxl.patch +* Fri Oct 16 2015 carnold@suse.com +- bsc#950703 - VUL-1: CVE-2015-7969: xen: leak of main per-domain + vcpu pointer array (DoS) (XSA-149) + xsa149.patch +- bsc#950705 - VUL-1: CVE-2015-7969: xen: x86: leak of per-domain + profiling-related vcpu pointer array (DoS) (XSA-151) + xsa151.patch +- bsc#950706 - VUL-0: CVE-2015-7971: xen: x86: some pmu and + profiling hypercalls log without rate limiting (XSA-152) + xsa152.patch +- Dropped + 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch + 5604f239-x86-PV-properly-populate-descriptor-tables.patch +* Thu Oct 15 2015 carnold@suse.com +- bsc#932267 - VUL-1: CVE-2015-4037: qemu,kvm,xen: insecure + temporary file use in /net/slirp.c + CVE-2015-4037-qemuu-smb-config-dir-name.patch + CVE-2015-4037-qemut-smb-config-dir-name.patch +- bsc#877642 - VUL-0: CVE-2014-0222: qemu: qcow1: validate L2 table + size to avoid integer overflows + CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch + CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch +* Wed Oct 14 2015 carnold@suse.com +- bsc#950367 - VUL-0: CVE-2015-7835: xen: x86: Uncontrolled + creation of large page mappings by PV guests (XSA-148) + CVE-2015-7835-xsa148.patch +* Tue Oct 6 2015 jfehlig@suse.com +- bsc#949138 - Setting vcpu affinity under Xen causes libvirtd + abort + 54f4985f-libxl-fix-libvirtd-double-free.patch +* Tue Oct 6 2015 carnold@suse.com +- bsc#949046 - Increase %%suse_version in SP1 to 1316 + xen.spec +- Update README.SUSE detailing dom0 ballooning recommendations +* Mon Oct 5 2015 carnold@suse.com +- bsc#945167 - Running command ’ xl pci-assignable-add 03:10.1’ + secondly show errors + 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch +- Upstream patches from Jan + 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch + 55f9345b-x86-MSI-fail-if-no-hardware-support.patch + 5604f239-x86-PV-properly-populate-descriptor-tables.patch + 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch + 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch + 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch + 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch + 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch + 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch +* Fri Oct 2 2015 mlatimer@suse.com +- bsc#941074 - VmError: Device 51728 (vbd) could not be connected. + Hotplug scripts not working. + hotplug-Linux-block-performance-fix.patch +* Wed Sep 23 2015 carnold@suse.com +- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour + readonly flag on disks with qemu-xen (xsa-142) + CVE-2015-7311-xsa142.patch +* Wed Sep 16 2015 cyliu@suse.com +- bsc#945165 - Xl pci-attach show error with kernel of SLES 12 sp1 + pci-attach-fix.patch +* Tue Sep 15 2015 jfehlig@suse.com +- bsc#945164 - Xl destroy show error with kernel of SLES 12 sp1 + 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch +* Wed Sep 9 2015 carnold@suse.com +- Upstream patches from Jan + 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch + 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch + 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch + 55e43fd8-x86-NUMA-fix-setup_node.patch + 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch + 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch + 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch + 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch + 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch +* Tue Sep 8 2015 carnold@suse.com +- bsc#944463 - VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in + vnc_client_read() and protocol_client_msg() + CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch + CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch +- bsc#944697 - VUL-1: CVE-2015-6815: qemu: net: e1000: infinite + loop issue + CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch + CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch +* Wed Aug 26 2015 carnold@suse.com +- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line + config handling stack overflow + 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch +* Tue Aug 18 2015 carnold@suse.com +- bsc#907514 - Bus fatal error & sles12 sudden reboot has been + observed +- bsc#910258 - SLES12 Xen host crashes with FATAL NMI after + shutdown of guest with VT-d NIC +- bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been + observed +- bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden + reboot has been observed + 552d293b-x86-vMSI-X-honor-all-mask-requests.patch + 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch + 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch + 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch + 5583d9c5-x86-MSI-X-cleanup.patch + 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch + 55b0a218-x86-PCI-CFG-write-intercept.patch + 55b0a255-x86-MSI-X-maskall.patch + 55b0a283-x86-MSI-X-teardown.patch + 55b0a2ab-x86-MSI-X-enable.patch + 55b0a2db-x86-MSI-track-guest-masking.patch +- Upstream patches from Jan + 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch + 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch + 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch + 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch + 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch + 55a77e4f-dmar-device-scope-mem-leak-fix.patch + 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch + 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch +- Dropped for upstream version + x86-MSI-mask.patch + x86-MSI-pv-unmask.patch + x86-MSI-X-enable.patch + x86-MSI-X-maskall.patch + x86-MSI-X-teardown.patch + x86-pci_cfg_okay.patch + x86-PCI-CFG-write-intercept.patch +* Tue Jul 28 2015 carnold@suse.com +- bsc#939712 - VUL-0: XSA-140: QEMU leak of uninitialized heap + memory in rtl8139 device model + xsa140-qemuu-1.patch + xsa140-qemuu-2.patch + xsa140-qemuu-3.patch + xsa140-qemuu-4.patch + xsa140-qemuu-5.patch + xsa140-qemuu-6.patch + xsa140-qemuu-7.patch + xsa140-qemut-1.patch + xsa140-qemut-2.patch + xsa140-qemut-3.patch + xsa140-qemut-4.patch + xsa140-qemut-5.patch + xsa140-qemut-6.patch + xsa140-qemut-7.patch +- bsc#939709 - VUL-0: XSA-139: xen: Use after free in QEMU/Xen + block unplug protocol + xsa139-qemuu.patch +* Tue Jul 21 2015 ohering@suse.de +- bsc#937371 - xen vm's running after reboot + xendomains-libvirtd-conflict.patch +* Thu Jul 16 2015 carnold@suse.com +- bsc#938344 - VUL-0: CVE-2015-5154: qemu,kvm,xen: host code + execution via IDE subsystem CD-ROM + CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch + CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch + CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch + CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch + CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch + CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch +* Wed Jul 15 2015 ohering@suse.de +- Remove xendomains.service from systemd preset file because it + conflicts with libvirt-guests.service (bnc#937371) + Its up to the admin to run systemctl enable xendomains.service +* Wed Jul 8 2015 carnold@suse.com +- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line + config handling stack overflow + CVE-2015-3259-xsa137.patch +- Upstream patches from Jan + 558bfaa0-x86-traps-avoid-using-current-too-early.patch + 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch + 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch + 559bdde5-pull-in-latest-linux-earlycpio.patch +- Upstream patches from Jan pending review + 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch + 552d0fe8-x86-mtrr-include-asm-atomic.h.patch + 552d293b-x86-vMSI-X-honor-all-mask-requests.patch + 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch + 554c7aee-x86-provide-arch_fetch_and_add.patch + 554c7b00-arm-provide-arch_fetch_and_add.patch + 55534b0a-x86-provide-add_sized.patch + 55534b25-arm-provide-add_sized.patch + 5555a4f8-use-ticket-locks-for-spin-locks.patch + 5555a5b9-x86-arm-remove-asm-spinlock-h.patch + 5555a8ec-introduce-non-contiguous-allocation.patch + 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch + 557eb55f-gnttab-per-active-entry-locking.patch + 557eb5b6-gnttab-introduce-maptrack-lock.patch + 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch + 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch + 5582bf43-evtchn-simplify-port_is_valid.patch + 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch + 5583d9c5-x86-MSI-X-cleanup.patch + 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch + 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch + 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch + 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch + 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch + 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch + 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch + x86-MSI-pv-unmask.patch + x86-pci_cfg_okay.patch + x86-PCI-CFG-write-intercept.patch + x86-MSI-X-maskall.patch + x86-MSI-X-teardown.patch + x86-MSI-X-enable.patch + x86-MSI-mask.patch +* Tue Jul 7 2015 ohering@suse.de +- Adjust more places to use br0 instead of xenbr0 +* Tue Jun 30 2015 carnold@suse.com +- bnc#936516 - xen fails to build with kernel update(4.1.0 from + stable) + 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch +* Fri Jun 26 2015 carnold@suse.com +- Update to Xen Version 4.5.1 FCS (fate#315675) + xen-4.5.1-testing-src.tar.bz2 +- Dropped patches now contained in tarball + 556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch + 556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch + 556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch + 556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch + 55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch + 55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch + 55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch + 55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch + 5513b458-allow-reboot-overrides-when-running-under-EFI.patch + 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch + 5576f178-kexec-add-more-pages-to-v1-environment.patch + 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch + CVE-2015-3456-xsa133-qemuu.patch + CVE-2015-3456-xsa133-qemut.patch + qemu-MSI-X-enable-maskall.patch + qemu-MSI-X-latch-writes.patch + x86-MSI-X-guest-mask.patch +* Thu Jun 25 2015 jfehlig@suse.com +- Replace 5124efbe-add-qxl-support.patch with the variant that + finally made it upstream, 554cc211-libxl-add-qxl.patch +* Wed Jun 10 2015 carnold@suse.com +- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable + qemu MSI-X pass-through error messages + qemu-MSI-X-latch-writes.patch +- bsc#907514 - Bus fatal error & sles12 sudden reboot has been observed +- bsc#910258 - SLES12 Xen host crashes with FATAL NMI after shutdown + of guest with VT-d NIC +- bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been + observed +- bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden reboot + has been observed + x86-MSI-X-teardown.patch + x86-MSI-X-enable.patch + x86-MSI-X-guest-mask.patch + x86-MSI-X-maskall.patch + qemu-MSI-X-enable-maskall.patch +- Upstream patches from Jan + 55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch + 55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch + 55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch + 55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch + 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch + 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch + 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch +- Dropped the following patches now contained in the tarball + xen-no-array-bounds.patch CVE-2015-4103-xsa128.patch + CVE-2015-4104-xsa129.patch CVE-2015-4105-xsa130.patch + CVE-2015-4106-xsa131-1.patch CVE-2015-4106-xsa131-2.patch + CVE-2015-4106-xsa131-3.patch CVE-2015-4106-xsa131-4.patch + CVE-2015-4106-xsa131-5.patch CVE-2015-4106-xsa131-6.patch + CVE-2015-4106-xsa131-7.patch CVE-2015-4106-xsa131-8.patch +* Wed Jun 3 2015 carnold@suse.com +- Update to Xen 4.5.1 RC2 +- bsc#931628 - VUL-0: CVE-2015-4106: XSA-131: xen: Unmediated PCI + register access in qemu + CVE-2015-4106-xsa131-1.patch + CVE-2015-4106-xsa131-2.patch + CVE-2015-4106-xsa131-3.patch + CVE-2015-4106-xsa131-4.patch + CVE-2015-4106-xsa131-5.patch + CVE-2015-4106-xsa131-6.patch + CVE-2015-4106-xsa131-7.patch + CVE-2015-4106-xsa131-8.patch + CVE-2015-4106-xsa131-9.patch +- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable + qemu MSI-X pass-through error messages + CVE-2015-4105-xsa130.patch +- bsc#931626 - VUL-0: CVE-2015-4104: XSA-129: xen: PCI MSI mask + bits inadvertently exposed to guests + CVE-2015-4104-xsa129.patch +- bsc#931625 - VUL-0: CVE-2015-4103: XSA-128: xen: Potential + unintended writes to host MSI message data field via qemu + CVE-2015-4103-xsa128.patch +- Upstream patches from Jan + 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch + 556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch + 556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch + 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch + 556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch + 556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch +* Wed May 20 2015 ohering@suse.de +- Add DefaultDependencies=no to xen-dom0-modules.service because + it has to run before proc-xen.mount +* Tue May 19 2015 carnold@suse.com +- Update to Xen 4.5.1 RC1 +* Fri May 15 2015 ohering@suse.de +- Update blktap-no-uninit.patch to work with gcc-4.5 +* Mon May 11 2015 carnold@suse.com +- bsc#927967 - VUL-0: CVE-2015-3340: xen: Information leak through + XEN_DOMCTL_gettscinfo (XSA-132) + 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch +* Thu May 7 2015 carnold@suse.com +- bnc#929339 - VUL-0: CVE-2015-3456: qemu kvm xen: VENOM qemu + floppy driver host code execution + CVE-2015-3456-xsa133-qemuu.patch + CVE-2015-3456-xsa133-qemut.patch +* Mon Apr 27 2015 carnold@suse.com +- bsc#928783 - Reboot failure; Request backport of upstream Xen + patch to 4.5.0, or update pkgs to 4.5.1 + 5513b458-allow-reboot-overrides-when-running-under-EFI.patch + 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch +* Tue Apr 21 2015 ohering@suse.de +- bnc#927750 - Avoid errors reported by system-modules-load.service +* Wed Apr 8 2015 rguenther@suse.com +- Add xen-no-array-bounds.patch and blktap-no-uninit.patch to selectively + turn errors back to warnings to fix build with GCC 5. +- Amend xen.stubdom.newlib.patch to pull in declaration of strcmp to + avoid implicit-fortify-decl rpmlint error. +- Fix quoting of __SMBIOS_DATE__ in xen.build-compare.smbiosdate.patch. +* Fri Apr 3 2015 carnold@suse.com +- xentop: Fix memory leak on read failure + 551ac326-xentop-add-support-for-qdisk.patch +* Tue Mar 31 2015 carnold@suse.com +- Dropped xentop-add-support-for-qdisk.patch in favor of upstream + version + 551ac326-xentop-add-support-for-qdisk.patch +* Mon Mar 16 2015 carnold@suse.com +- Enable spice support in qemu for x86_64 + 5124efbe-add-qxl-support.patch + qemu-xen-enable-spice-support.patch +* Thu Mar 12 2015 rguenther@suse.com +- Add xen-c99-fix.patch to remove pointless inline specifier on + function declarations which break build with a C99 compiler which + GCC 5 is by default. (bsc#921994) +- Add ipxe-no-error-logical-not-parentheses.patch to supply + - Wno-logical-not-parentheses to the ipxe build to fix + breakage with GCC 5. (bsc#921994) +* Wed Mar 11 2015 carnold@suse.com +- bnc#921842 - Xentop doesn't display disk statistics for VMs using + qdisks + xentop-add-support-for-qdisk.patch +* Tue Feb 24 2015 meissner@suse.com +- Disable the PIE enablement done for Factory, as the XEN code + is not buildable with PIE and it does not make much sense + to build the hypervisor code with it. +* Tue Feb 17 2015 carnold@suse.com +- bnc#918169 - XEN fixes required to work with Kernel 3.19.0 + xen.spec +* Tue Feb 10 2015 ohering@suse.de +- Package xen.changes because its referenced in xen.spec +* Wed Jan 28 2015 carnold@suse.com +- Update seabios to rel-1.7.5 which is the correct version for + Xen 4.5 +* Wed Jan 14 2015 carnold@suse.com +- Update to Xen 4.5.0 FCS +* Wed Jan 14 2015 ohering@suse.de +- Include systemd presets in 13.2 and older +* Mon Jan 12 2015 ohering@suse.de +- bnc#897352 - Enable xencommons/xendomains only during fresh install +- disable restart on upgrade because the toolstack is not restartable +* Tue Dec 16 2014 ohering@suse.de +- adjust seabios, vgabios, stubdom and hvmloader build to reduce + build-compare noise + xen.build-compare.mini-os.patch + xen.build-compare.smbiosdate.patch + xen.build-compare.ipxe.patch + xen.build-compare.vgabios.patch + xen.build-compare.seabios.patch + xen.build-compare.man.patch +* Mon Dec 15 2014 carnold@suse.com +- Update to Xen 4.5.0 RC4 +* Wed Dec 10 2014 ohering@suse.de +- Remove xend specific if-up scripts + Recording bridge slaves is a generic task which should be handled + by generic network code +* Tue Dec 9 2014 ohering@suse.de +- Use systemd features from upstream + requires updated systemd-presets-branding package +* Thu Dec 4 2014 carnold@suse.com +- Update to Xen 4.5.0 RC3 +* Thu Dec 4 2014 ohering@suse.de +- Set GIT, WGET and FTP to /bin/false +* Wed Dec 3 2014 ohering@suse.de +- Use new configure features instead of make variables + xen.stubdom.newlib.patch +* Wed Nov 19 2014 ohering@suse.de +- adjust docs and xen build to reduce build-compare noise + xen.build-compare.doc_html.patch + xen.build-compare.xen_compile_h.patch +* Mon Nov 17 2014 ohering@suse.de +- Drop trailing B_CNT from XEN_EXTRAVERSION to reduce build-compare noise +* Tue Nov 11 2014 carnold@suse.com +- Update to Xen 4.5.0 RC2 +* Thu Oct 23 2014 carnold@suse.com +- Update to Xen 4.5.0 RC1 + xen-4.5.0-testing-src.tar.bz2 +- Remove all patches now contained in the new tarball + xen-4.4.1-testing-src.tar.bz2 + 5315a3bb-x86-don-t-propagate-acpi_skip_timer_override-do-Dom0.patch + 5315a43a-x86-ACPI-also-print-address-space-for-PM1x-fields.patch + 53299d8f-xenconsole-reset-tty-on-failure.patch + 53299d8f-xenconsole-tolerate-tty-errors.patch + 5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch + 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch + 537c9c77-libxc-check-return-values-on-mmap-and-madvise.patch + 537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch + 537cd0cc-hvmloader-PA-range-0xfc000000-0xffffffff-should-be-UC.patch + 539ebe62-x86-EFI-improve-boot-time-diagnostics.patch + 53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch + 53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch + 53d124e7-fix-list_domain_details-check-config-data-length-0.patch + 53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch + 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch + 53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch + 53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch + 53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch + 53fcebab-xen-pass-kernel-initrd-to-qemu.patch + 53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch + 53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch + 53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch + 53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch + 53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch + 54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch + 540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch + 540f2624-x86-idle-add-barriers-to-CLFLUSH-workaround.patch + 541825dc-VMX-don-t-leave-x2APIC-MSR-intercepts-disabled.patch + 541ad385-x86-suppress-event-check-IPI-to-MWAITing-CPUs.patch + 541ad3ca-x86-HVM-batch-vCPU-wakeups.patch + 541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch + 54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch + 54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch + 542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch + 54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch + 5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch + 5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch + 542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch + 542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch + 54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch + 54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch + 54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch + 54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch + 54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch + 54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch + CVE-2013-4540-qemu.patch qemu-support-xen-hvm-direct-kernel-boot.patch + qemu-xen-upstream-blkif-discard.patch change-vnc-passwd.patch + libxc-pass-errno-to-callers-of-xc_domain_save.patch + libxl.honor-more-top-level-vfb-options.patch + libxl.add-option-for-discard-support-to-xl-disk-conf.patch + libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch + x86-dom-print.patch x86-extra-trap-info.patch tmp_build.patch + xl-check-for-libvirt-managed-domain.patch disable-wget-check.patch +- Xend/xm is no longer supported and is not part of the upstream code. Remove + all xend/xm specific patches, configs, and scripts + xen-xmexample.patch bridge-opensuse.patch xmexample.disks xmclone.sh + init.xend xend-relocation.sh xend.service xend-relocation-server.fw + domUloader.py xmexample.domUloader xmexample.disks + bridge-vlan.patch bridge-bonding.patch bridge-record-creation.patch + network-nat-open-SuSEfirewall2-FORWARD.patch + xend-set-migration-constraints-from-cmdline.patch + xen.migrate.tools-xend_move_assert_to_exception_block.patch + xend-pvscsi-recognize-also-SCSI-CDROM-devices.patch + xend-config.patch xend-max-free-mem.patch xend-hvm-default-pae.patch + xend-vif-route-ifup.patch xend-xenapi-console-protocol.patch xend-core-dump-loc.patch + xend-xen-api-auth.patch xend-checkpoint-rename.patch xend-xm-save-check-file.patch + xend-xm-create-xflag.patch xend-domu-usb-controller.patch xend-devid-or-name.patch + xend-migration-domname-fix.patch xend-del_usb_xend_entry.patch xend-xen-domUloader.patch + xend-multi-xvdp.patch xend-check_device_status.patch xend-change_home_server.patch + xend-minimum-restart-time.patch xend-disable-internal-logrotate.patch xend-config-enable-dump-comment.patch + xend-tools-watchdog-support.patch xend-console-port-restore.patch xend-vcpu-affinity-fix.patch + xend-migration-bridge-check.patch xend-managed-pci-device.patch xend-hvm-firmware-passthrough.patch + xend-cpuinfo-model-name.patch xend-xm-reboot-fix.patch xend-domain-lock.patch + xend-domain-lock-sfex.patch xend-32on64-extra-mem.patch xend-hv_extid_compatibility.patch + xend-xenpaging.autostart.patch xend-remove-xm-deprecation-warning.patch libxen_permissive.patch + tmp-initscript-modprobe.patch init.xendomains xendomains.service + xen-watchdog.service xen-updown.sh +* Thu Oct 16 2014 carnold@suse.com +- bnc#901317 - L3: increase limit domUloader to 32MB + domUloader.py +* Tue Oct 14 2014 carnold@suse.com +- bnc#898772 - SLES 12 RC3 - XEN Host crashes when assigning non-VF + device (SR-IOV) to guest + 54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch +- bnc#882089 - Windows 2012 R2 fails to boot up with greater than + 60 vcpus + 54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch +- bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d + Interrupt Remapping engines can be evaded by native NMI interrupts + 541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch +- Upstream patches from Jan + 540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch (Replaces xsa107.patch) + 54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch (Replaces xsa104.patch) + 54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch (Replaces xsa105.patch) + 542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch (Replaces xsa106.patch) + 54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch + 5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch + 5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch + 542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch + 542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch (Replaces xsa108.patch) + 54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch + 54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch + 54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch (Replaces xsa97.patch) + 54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch +* Sat Oct 11 2014 dmueller@suse.com +- restrict requires on grub2-x86_64-xen to x86_64 hosts +* Wed Oct 8 2014 jfehlig@suse.com +- bsc#900292 - xl: change default dump directory + xl-coredump-file-location.patch +* Fri Oct 3 2014 mlatimer@suse.com +- Update xen2libvirt.py to better detect and handle file formats +* Tue Sep 30 2014 carnold@suse.com +- bnc#889526 - VUL-0: CVE-2014-5146, CVE-2014-5149: xen: XSA-97 + Long latency virtual-mmu operations are not preemptible + xsa97.patch +- bnc#882089 - Windows 2012 R2 fails to boot up with greater than + 60 vcpus + 541ad385-x86-suppress-event-check-IPI-to-MWAITing-CPUs.patch + 541ad3ca-x86-HVM-batch-vCPU-wakeups.patch +- Upstream patches from Jan + 540f2624-x86-idle-add-barriers-to-CLFLUSH-workaround.patch + 541825dc-VMX-don-t-leave-x2APIC-MSR-intercepts-disabled.patch +* Tue Sep 30 2014 carnold@suse.com +- bnc#897657 - VUL-0: CVE-2014-7188: xen: XSA-108 Improper MSR + range used for x2APIC emulation + xsa108.patch +* Mon Sep 29 2014 carnold@suse.com +- bnc#897906 - libxc: check return values on mmap() and madvise() + on xc_alloc_hypercall_buffer() + 537c9c77-libxc-check-return-values-on-mmap-and-madvise.patch +* Mon Sep 22 2014 carnold@suse.com +- bnc#897614 - Virtualization/xen: Bug `xen-tools` uninstallable; + grub2-x86_64-xen dependency not available + xen.spec +* Wed Sep 17 2014 jfehlig@suse.com +- More cleanup of README.SUSE +* Mon Sep 15 2014 cyliu@suse.com +- Update xen patch with upstream patch so that latest libvirt + patch can work. (bnc#896044) + + 53fcebab-xen-pass-kernel-initrd-to-qemu.patch + - xen-pass-kernel-initrd-to-qemu.patch +* Wed Sep 10 2014 carnold@suse.com +- bnc#895804 - VUL-0: CVE-2014-6268: xen: XSA-107: Mishandling of + uninitialised FIFO-based event channel control blocks + xsa107.patch +- bnc#895802 - VUL-0: CVE-2014-7156: xen: XSA-106: Missing + privilege level checks in x86 emulation of software interrupts + xsa106.patch +- bnc#895799 - VUL-0: CVE-2014-7155: xen: XSA-105: Missing + privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation + xsa105.patch +- bnc#895798 - VUL-0: CVE-2014-7154: xen: XSA-104: Race condition + in HVMOP_track_dirty_vram + xsa104.patch +* Thu Sep 4 2014 cyliu@suse.com +- bnc#882405 - Only one key-press event was generated while holding + a key before key-release in pv guests through xl vncviewer + tigervnc-long-press.patch +* Tue Sep 2 2014 carnold@suse.com +- Update to Xen Version 4.4.1 FCS + xen-4.4.1-testing-src.tar.bz2 +- Dropped patches now contained in tarball + 53d7b781-x86-cpu-undo-BIOS-CPUID-max_leaf-limit-earlier.patch + 53df71c7-lz4-check-for-underruns.patch + 53e47d6b-x86_emulate-properly-do-IP-updates-and-other-side-effects.patch +* Mon Sep 1 2014 carnold@suse.com +- bnc#882089 - Windows 2012 R2 fails to boot up with greater than + 60 vcpus + 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch + 53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch + 53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch + 53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch + 53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch + 54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch +- Upstream patches from Jan + 53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch + 53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch + 53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch + 53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch +* Fri Aug 29 2014 carnold@suse.com +- bnc#864801 - VUL-0: CVE-2013-4540: qemu: zaurus: buffer overrun + on invalid state load + CVE-2013-4540-qemu.patch +* Fri Aug 15 2014 carnold@suse.com +- Update README.SUSE with additional debug help +* Fri Aug 8 2014 carnold@suse.com +- bnc#883112 - Xen Panic during boot "System without CMOS RTC must + be booted from EFI" + 53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch +- Upstream patches from Jan + 53d7b781-x86-cpu-undo-BIOS-CPUID-max_leaf-limit-earlier.patch + 53df71c7-lz4-check-for-underruns.patch + 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch + 53e47d6b-x86_emulate-properly-do-IP-updates-and-other-side-effects.patch +* Thu Aug 7 2014 carnold@suse.com +- Update to Xen Version 4.4.1-rc2 + xen-4.4.1-testing-src.tar.bz2 +- Dropped the following upstream patches and xen-4.4.0-testing-src.tar.bz2 + 537b5ede-move-domain-to-cpupool0-before-destroying-it.patch + 5327190a-x86-Intel-work-around-Xeon-7400-series-erratum-AAI65.patch + 534bdf47-x86-HAP-also-flush-TLB-when-altering-a-present-1G-or-intermediate-entry.patch + 535a354b-passthrough-allow-to-suppress-SERR-and-PERR-signaling.patch + 53636ebf-x86-fix-guest-CPUID-handling.patch + 5347b524-evtchn-eliminate-64k-ports-limitation.patch + 53a040c6-page-alloc-scrub-pages-used-by-hypervisor-upon-freeing.patch + 53a1990a-IOMMU-prevent-VT-d-device-IOTLB-operations-on-wrong-IOMMU.patch + 53732f4f-x86-MCE-bypass-uninitialized-vcpu-in-vMCE-injection.patch + 531dc0e2-xmalloc-handle-correctly-page-allocation-when-align-size.patch + 5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch + 531d8e09-x86-HVM-fix-memory-type-merging-in-epte_get_entry_emt.patch + 538ee637-ACPI-Prevent-acpi_table_entries-from-falling-into-a-infinite-loop.patch + 535a34eb-VT-d-suppress-UR-signaling-for-server-chipsets.patch + 535e31bc-x86-HVM-correct-the-SMEP-logic-for-HVM_CR0_GUEST_RESERVED_BITS.patch + 53859956-timers-set-the-deadline-more-accurately.patch + 53636978-hvm_set_ioreq_page-releases-wrong-page-in-error-path.patch + 535a3516-VT-d-suppress-UR-signaling-for-desktop-chipsets.patch + 53cfdcc7-avoid-crash-when-doing-shutdown-with-active-cpupools.patch + 5383175e-VT-d-fix-mask-applied-to-DMIBAR-in-desktop-chipset-XSA-59-workaround.patch + 531d8e34-x86-HVM-consolidate-passthrough-handling-in-epte_get_entry_emt.patch + 532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch + 5357baff-x86-add-missing-break-in-dom0_pit_access.patch + 530c54c3-x86-mce-Reduce-boot-time-logspam.patch + 5383167d-ACPI-ERST-fix-table-mapping.patch + 5390927f-x86-fix-reboot-shutdown-with-running-HVM-guests.patch + 530b27fd-x86-MCE-Fix-race-condition-in-mctelem_reserve.patch + 53709b77-Nested-VMX-load-current_vmcs-only-when-it-exists.patch + 5396d818-avoid-crash-on-HVM-domain-destroy-with-PCI-passthrough.patch + 531d8fd0-kexec-identify-which-cpu-the-kexec-image-is-being-executed-on.patch + 5385956b-x86-don-t-use-VA-for-cache-flush-when-also-flushing-TLB.patch + 539ec004-x86-mce-don-t-spam-the-console-with-CPUx-Temperature-z.patch + 53909259-x86-domctl-two-functional-fixes-to-XEN_DOMCTL_-gs-etvcpuextstate.patch + 53859549-AMD-IOMMU-don-t-free-page-table-prematurely.patch + 533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch + 535fa503-x86-HVM-restrict-HVMOP_set_mem_type.patch + 53271880-VT-d-fix-RMRR-handling.patch + 5390917a-VT-d-honor-APEI-firmware-first-mode-in-XSA-59-workaround-code.patch + 538dcada-x86-HVM-eliminate-vulnerabilities-from-hvm_inject_msi.patch + 53455585-x86-AMD-feature-masking-is-unavailable-on-Fam11.patch + 537b5e50-VT-d-apply-quirks-at-device-setup-time-rather-than-only-at-boot.patch + 53a199d7-x86-EFI-allow-FPU-XMM-use-in-runtime-service-functions.patch + 53cfddaf-x86-mem_event-validate-the-response-vcpu_id-before-acting-on-it.patch + 53b16cd4-VT-d-ATS-correct-and-clean-up-dev_invalidate_iotlb.patch + 53cfdde4-x86-mem_event-prevent-underflow-of-vcpu-pause-counts.patch + 53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch + 534bbd90-x86-nested-HAP-don-t-BUG-on-legitimate-error.patch + 530b28c5-x86-MSI-don-t-risk-division-by-zero.patch + 5396e805-x86-HVM-refine-SMEP-test-in-HVM_CR4_GUEST_RESERVED_BITS.patch + 5370e03b-pygrub-fix-error-handling-if-no-valid-partitions-are-found.patch + 5321b257-x86-make-hypercall-preemption-checks-consistent.patch + 5321b20b-common-make-hypercall-preemption-checks-consistent.patch + 538c338f-x86-amd_ucode-flip-revision-numbers-in-printk.patch + 537b5e79-VT-d-extend-error-report-masking-workaround-to-newer-chipsets.patch + 531d8db1-x86-hvm-refine-the-judgment-on-IDENT_PT-for-EMT.patch + 53b56de1-properly-reference-count-DOMCTL_-un-pausedomain-hypercalls.patch + 530b2880-Nested-VMX-update-nested-paging-mode-on-vmexit.patch + 533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch + 53206661-pygrub-support-linux16-and-initrd16.patch + 5315a254-IOMMU-generalize-and-correct-softirq-processing.patch +* Fri Aug 1 2014 cyliu@suse.com +- bnc#820873 - The "long" option doesn't work with "xl list" + 53d124e7-fix-list_domain_details-check-config-data-length-0.patch +* Wed Jul 30 2014 carnold@suse.com +- bnc#888996 - Package 'xen-tool' contains 'SuSE' spelling in a + filename and/or SPEC file + Renamed README.SuSE -> README.SUSE + Modified files: xen.spec, boot.local.xenU, init.pciback + xend-config.patch, xend-vif-route-ifup.patch +* Tue Jul 29 2014 carnold@suse.com +- bnc#882673 - Dom0 memory should enforce a minimum memory size + (e.g. dom0_mem=min:512M) + xen.spec (Mike Latimer) +* Thu Jul 24 2014 carnold@suse.com +- Upstream patches from Jan + 5347b524-evtchn-eliminate-64k-ports-limitation.patch + 53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch + 53b16cd4-VT-d-ATS-correct-and-clean-up-dev_invalidate_iotlb.patch + 53b56de1-properly-reference-count-DOMCTL_-un-pausedomain-hypercalls.patch + 53cfdcc7-avoid-crash-when-doing-shutdown-with-active-cpupools.patch + 53cfddaf-x86-mem_event-validate-the-response-vcpu_id-before-acting-on-it.patch + 53cfdde4-x86-mem_event-prevent-underflow-of-vcpu-pause-counts.patch +* Sun Jul 20 2014 cyliu@suse.com +- bnc#886801 - xl vncviewer: The first domu can be accessed by any id + 53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch +* Mon Jul 14 2014 carnold@suse.com +- Upstream pygrub bug fix + 5370e03b-pygrub-fix-error-handling-if-no-valid-partitions-are-found.patch +* Wed Jul 9 2014 carnold@suse.com +- Fix pygrub to handle old 32 bit VMs + pygrub-boot-legacy-sles.patch (Mike Latimer) +* Mon Jul 7 2014 jfehlig@suse.com +- Remove xen-vmresync utility. It is an old Platespin Orchestrate + utility that should have never been included in the Xen package. + Updated xen.spec +* Mon Jul 7 2014 jfehlig@suse.com +- Rework xen-destroy utility included in xen-utils + bnc#885292 and bnc#886063 + Updated xen-utils-0.1.tar.bz2 +* Mon Jul 7 2014 carnold@suse.com +- bnc#886063 - Xen monitor fails (xl list --long output different + from xm list --long output) +- bnc#885292 - VirtualDomain: pid_status does not know how to check + status on SLE12 + Re-enable building xen-utils for sle12 and include xen-list and + xen-destroy in the xen-tools package for HA. + xen.spec +* Fri Jun 27 2014 carnold@suse.com +- bnc#882127 - Xen kernel panics on booting SLES12 Beta 8 + 53a199d7-x86-EFI-allow-FPU-XMM-use-in-runtime-service-functions.patch +- Upstream patches from Jan + 538c338f-x86-amd_ucode-flip-revision-numbers-in-printk.patch + 538ee637-ACPI-Prevent-acpi_table_entries-from-falling-into-a-infinite-loop.patch + 5390917a-VT-d-honor-APEI-firmware-first-mode-in-XSA-59-workaround-code.patch + 53909259-x86-domctl-two-functional-fixes-to-XEN_DOMCTL_-gs-etvcpuextstate.patch + 5390927f-x86-fix-reboot-shutdown-with-running-HVM-guests.patch + 5396d818-avoid-crash-on-HVM-domain-destroy-with-PCI-passthrough.patch + 5396e805-x86-HVM-refine-SMEP-test-in-HVM_CR4_GUEST_RESERVED_BITS.patch + 539ebe62-x86-EFI-improve-boot-time-diagnostics.patch + 539ec004-x86-mce-don-t-spam-the-console-with-CPUx-Temperature-z.patch + 53a040c6-page-alloc-scrub-pages-used-by-hypervisor-upon-freeing.patch (replaces xsa100.patch) + 53a1990a-IOMMU-prevent-VT-d-device-IOTLB-operations-on-wrong-IOMMU.patch +* Tue Jun 24 2014 jfehlig@suse.com +- Replace 'domUloader' with 'pygrub' when converting or importing + Xen domains into libvirt with xen2libvirt. domUloader is no + longer provided in xen-tools. + Modified: xen2libvirt.py +* Fri Jun 13 2014 cyliu@suse.com +- fate#310956: Support Direct Kernel Boot for FV guests + patches would go to upstream: + qemu side: qemu-support-xen-hvm-direct-kernel-boot.patch + xen side: xen-pass-kernel-initrd-to-qemu.patch +* Fri Jun 6 2014 carnold@suse.com +- Modify how we check for libvirt managed domains + xl-check-for-libvirt-managed-domain.patch +* Thu Jun 5 2014 carnold@suse.com +- bnc#880751 - VUL-0: xen: Hypervisor heap contents leaked to + guests + xsa100.patch +- bnc#878841 - VUL-0: XSA-96: Xen: Vulnerabilities in HVM MSI + injection + 538dcada-x86-HVM-eliminate-vulnerabilities-from-hvm_inject_msi.patch +- Upstream patches from Jan + 537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch + 537cd0cc-hvmloader-PA-range-0xfc000000-0xffffffff-should-be-UC.patch + 5383167d-ACPI-ERST-fix-table-mapping.patch + 5383175e-VT-d-fix-mask-applied-to-DMIBAR-in-desktop-chipset-XSA-59-workaround.patch + 53859549-AMD-IOMMU-don-t-free-page-table-prematurely.patch + 5385956b-x86-don-t-use-VA-for-cache-flush-when-also-flushing-TLB.patch + 53859956-timers-set-the-deadline-more-accurately.patch +* Tue May 27 2014 ohering@suse.de +- bnc#879425: handle cache=unsafe from libvirt to disable flush in qdisk + libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch + qemu-xen-upstream-qdisk-cache-unsafe.patch +* Tue May 27 2014 ohering@suse.de +- libxl: introduce an option for disabling the non-O_DIRECT workaround + recognize direct-io-safe in domU.cfg diskspec + libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch +* Tue May 27 2014 ohering@suse.de +- fate#316071: add discard support for file backed storage (qdisk) + update patch to allow more values in overloaded ->readwrite member +* Tue May 27 2014 carnold@suse.com +- bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d + Interrupt Remapping engines can be evaded by native NMI interrupts + 537b5e50-VT-d-apply-quirks-at-device-setup-time-rather-than-only-at-boot.patch + 537b5e79-VT-d-extend-error-report-masking-workaround-to-newer-chipsets.patch +- Upstream patches from Jan + 53709b77-Nested-VMX-load-current_vmcs-only-when-it-exists.patch + 53732f4f-x86-MCE-bypass-uninitialized-vcpu-in-vMCE-injection.patch + 537b5ede-move-domain-to-cpupool0-before-destroying-it.patch +* Tue May 20 2014 carnold@suse.com +- Update README.SuSE with information on the toolstack change +* Fri May 16 2014 ohering@suse.de +- fate#316071: add discard support for file backed storage (qdisk) + update to recognize option discard/no-discard instead of discard=0,1 + to match upstream change +* Mon May 12 2014 ohering@suse.de +- fate#316613: Implement pvscsi in xl/libxl + libxl.pvscsi.patch +* Fri May 9 2014 carnold@suse.com +- bnc#875668 - VUL-0: CVE-2014-3124: xen: XSA-92: + HVMOP_set_mem_type allows invalid P2M entries to be created + 535fa503-x86-HVM-restrict-HVMOP_set_mem_type.patch (replaces xsa92.patch) +- bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d + Interrupt Remapping engines can be evaded by native NMI interrupts + 535a34eb-VT-d-suppress-UR-signaling-for-server-chipsets.patch + 535a3516-VT-d-suppress-UR-signaling-for-desktop-chipsets.patch +- Upstream patches from Jan + 535a354b-passthrough-allow-to-suppress-SERR-and-PERR-signaling.patch + 535e31bc-x86-HVM-correct-the-SMEP-logic-for-HVM_CR0_GUEST_RESERVED_BITS.patch + 53636978-hvm_set_ioreq_page-releases-wrong-page-in-error-path.patch + 53636ebf-x86-fix-guest-CPUID-handling.patch +* Tue May 6 2014 carnold@suse.com +- Fix pygrub to handle VM with no grub/menu.lst file. +- Don't use /var/run/xend/boot for temporary boot directory + pygrub-boot-legacy-sles.patch +* Sat Apr 26 2014 carnold@suse.com +- When the xl command is used, check to see if the domain being + modified is managed by libvirt and print warning if it is. + xl-check-for-libvirt-managed-domain.patch +* Thu Apr 24 2014 carnold@suse.com +- Upstream patches from Jan + 53455585-x86-AMD-feature-masking-is-unavailable-on-Fam11.patch + 5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch + 534bbd90-x86-nested-HAP-don-t-BUG-on-legitimate-error.patch + 534bdf47-x86-HAP-also-flush-TLB-when-altering-a-present-1G-or-intermediate-entry.patch + 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch + 5357baff-x86-add-missing-break-in-dom0_pit_access.patch +- XSA-92 + xsa92.patch +* Sat Apr 12 2014 mmarek@suse.cz +- Add # needssslcertforbuild to use the project's certificate when + building in a home project. (bnc#872354) +* Wed Apr 9 2014 carnold@suse.com +- Upstream patches from Jan + 53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch + 533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch + 533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch +* Thu Apr 3 2014 carnold@suse.com +- bnc#862608 - SLES 11 SP3 vm-install should get RHEL 7 support + when released + 53206661-pygrub-support-linux16-and-initrd16.patch +- Upstream bug fixes + 53299d8f-xenconsole-reset-tty-on-failure.patch + 53299d8f-xenconsole-tolerate-tty-errors.patch +* Thu Apr 3 2014 dmueller@suse.com +- fix build for armv7l and aarch64 +* Thu Apr 3 2014 ohering@suse.de +- Remove compiletime strings from qemu-upstream + qemu-xen-upstream-megasas-buildtime.patch +* Wed Apr 2 2014 carnold@suse.com +- bnc#871546 - KMPs are not signed in SUSE:SLE-12:GA? + xen.spec +* Tue Apr 1 2014 carnold@suse.com +- Upstream patches from Jan + 532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch + 5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch +- Drop xsa89.patch for upstream version (see bnc#867910, 5331917d-x86-enforce...) +* Fri Mar 28 2014 carnold@suse.com +- bnc#863821 - Xen unable to boot paravirtualized VMs installed + with btrfs. Add 'Requires: grub2-x86_64-xen' to xen-tools. +- Restore soft links for qemu-system-i386 and qemu-dm +- Cleanup inconsistency in which version of qemu-system-i386 is + being used (Xen vs qemu-x86). Use only Xen's version. + xen.spec +* Thu Mar 27 2014 carnold@suse.com +- Add conditionals for SLE12 when defining xend and max_cpus + xen.spec +* Wed Mar 19 2014 carnold@suse.com +- Upstream patches from Jan + 5321b20b-common-make-hypercall-preemption-checks-consistent.patch + 5321b257-x86-make-hypercall-preemption-checks-consistent.patch + 53271880-VT-d-fix-RMRR-handling.patch + 5327190a-x86-Intel-work-around-Xeon-7400-series-erratum-AAI65.patch +- Dropped the following as now part of 5321b257 + 5310bac3-mm-ensure-useful-progress-in-decrease_reservation.patch +* Wed Mar 12 2014 carnold@suse.com +- bnc#867910 - VUL-0: EMBARGOED: xen: XSA-89: HVMOP_set_mem_access + is not preemptible + xsa89.patch +- Upstream patches from Jan + 530b27fd-x86-MCE-Fix-race-condition-in-mctelem_reserve.patch + 530b2880-Nested-VMX-update-nested-paging-mode-on-vmexit.patch + 530b28c5-x86-MSI-don-t-risk-division-by-zero.patch + 530c54c3-x86-mce-Reduce-boot-time-logspam.patch + 5310bac3-mm-ensure-useful-progress-in-decrease_reservation.patch + 5315a254-IOMMU-generalize-and-correct-softirq-processing.patch + 5315a3bb-x86-don-t-propagate-acpi_skip_timer_override-do-Dom0.patch + 5315a43a-x86-ACPI-also-print-address-space-for-PM1x-fields.patch + 531d8db1-x86-hvm-refine-the-judgment-on-IDENT_PT-for-EMT.patch + 531d8e09-x86-HVM-fix-memory-type-merging-in-epte_get_entry_emt.patch + 531d8e34-x86-HVM-consolidate-passthrough-handling-in-epte_get_entry_emt.patch + 531d8fd0-kexec-identify-which-cpu-the-kexec-image-is-being-executed-on.patch + 531dc0e2-xmalloc-handle-correctly-page-allocation-when-align-size.patch +* Tue Mar 11 2014 carnold@suse.com +- Add conversion tool for migrating xend/xm managed VMs to libvirt + xen2libvirt.py (Jim Fehlig) +* Mon Mar 10 2014 carnold@suse.com +- Update to Xen 4.4.0 FCS +* Thu Mar 6 2014 mlatimer@suse.com +- bnc#865682 - Local attach support for PHY backends using scripts + local_attach_support_for_phy.patch +* Tue Feb 25 2014 mlatimer@suse.com +- bnc#798770 - Improve multipath support for npiv devices + block-npiv + block-npiv-common.sh +* Wed Feb 19 2014 ohering@suse.de +- honor global keymap= option in libxl + libxl.honor-more-top-level-vfb-options.patch +* Tue Feb 11 2014 carnold@suse.com +- Update to c/s 28381 to include libxl fork and event fixes for + libvirt + xen-4.4.0-testing-src.tar.bz2 +* Tue Feb 11 2014 ohering@suse.de +- bnc#863297: xend/pvscsi: recognize also SCSI CDROM devices + xend-pvscsi-recognize-also-SCSI-CDROM-devices.patch +* Tue Feb 11 2014 ohering@suse.de +- fate#316614: set migration constraints from cmdline + fix xl migrate to print the actual error string + libxc-pass-errno-to-callers-of-xc_domain_save.patch +* Mon Feb 10 2014 carnold@suse.com +- Include additional help docs for xl in xen-tools +- Apply all patches including those for unpackaged xend + xen.spec +* Mon Feb 10 2014 ohering@suse.de +- fate#316614: set migration constraints from cmdline + split existing changes into libxl and xend part + added libxl.set-migration-constraints-from-cmdline.patch + added xend-set-migration-constraints-from-cmdline.patch + removed xen.migrate.tools_add_xm_migrate_--log_progress_option.patch + removed xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch + removed xen.migrate.tools_set_migration_constraints_from_cmdline.patch +* Tue Feb 4 2014 carnold@suse.com +- Enable ix86 32bit build for xen-libs to be built to support + xen-tools-domU on 32bit VMs and also vhostmd running in 32bit VMs +* Mon Feb 3 2014 carnold@suse.de +- Enable blktapctrl when qemu-traditional is required to satisfy + build dependencies. Remove binaries after build if xend is + disabled +* Sun Feb 2 2014 ohering@suse.de +- update ifarch usage in xen.spec to cover also arm +- blktapctrl is used only by xend +- fix xend-tools-xend sub pkg handling +- default to gcc47 for sles11sp3 builds +- remove all latex packages from BuildRequires +- aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch +* Sun Feb 2 2014 ohering@suse.de +- add arch dependent install suffix for /boot/xen files +* Sat Feb 1 2014 ohering@suse.de +- Set max_cpus==4 for non-x86_64 builds +* Fri Jan 31 2014 carnold@suse.com +- Update to Xen 4.4.0 RC3 c/s 28321 +* Thu Jan 30 2014 ohering@suse.de +- Add flex and bison to BuildRequires, needed by previous patch +* Thu Jan 30 2014 ohering@suse.de +- fate#316071: add discard support for file backed storage (qdisk) + libxl.add-option-for-discard-support-to-xl-disk-conf.patch +* Mon Jan 27 2014 carnold@suse.com +- On platforms where xend is still supported don't output a + deprecation warning when using xm. + xend-remove-xm-deprecation-warning.patch +* Thu Jan 23 2014 carnold@suse.com +- Changed License to GPL-2.0 (from GPL-2.0+) +* Thu Jan 23 2014 carnold@suse.com +- Dropped xen-changeset.patch. It is no longer needed. +* Sat Jan 18 2014 ohering@suse.de +- BuildRequire libfdt1-devel on ARM +* Fri Jan 17 2014 ohering@suse.de +- fate#311487: remove modprobe.conf files for autoloading of + pv-on-hvm files. + Rely on core kernel to skip initialization of emulated hardware + Handle xen_emul_unplug= from xenlinux based core kernel-default + xen_pvonhvm.xen_emul_unplug.patch + Dropped xen_pvdrivers.conf +* Thu Jan 16 2014 carnold@suse.com +- Fix the spec file to build for old distros + The xm/xend toolstack will continue to be contained in xen-tools + for older openSUSE and sles distros but it will be contained in + xend-tools for os13.x +* Wed Jan 15 2014 ohering@suse.de +- fate#316071: add discard support for file backed storage (qdisk) + to qemu-upstream, enabled unconditionally + qemu-xen-upstream-blkif-discard.patch +* Tue Jan 14 2014 carnold@suse.com +- Update to Xen 4.4.0 RC2 c/s 28287 +* Thu Jan 9 2014 carnold@suse.com +- Restore 32bit ix86 support in spec file for kmps and domU tools +- Restore a few missing xend patches + xend-config-enable-dump-comment.patch + xend-tools-watchdog-support.patch + xend-vif-route-ifup.patch +* Thu Jan 2 2014 carnold@suse.com +- fate#315692: XEN: Include Xen version 4.4 in SLES-12 + Update to Xen 4.4.0 RC1 c/s 28233 +- Drop 32bit support from spec file +- Dropped numerous patches now included in the tarball +* Wed Jan 1 2014 coolo@suse.com +- gcc-32bit pulls in the right gcc bits, so better buildrequire that +* Tue Nov 26 2013 carnold@suse.com +- Upstream patches from Jan + 5281fad4-numa-sched-leave-node-affinity-alone-if-not-in-auto-mode.patch + 52820823-nested-SVM-adjust-guest-handling-of-structure-mappings.patch + 52820863-VMX-don-t-crash-processing-d-debug-key.patch + 5282492f-x86-eliminate-has_arch_mmios.patch + 52864df2-credit-Update-other-parameters-when-setting-tslice_ms.patch + 52864f30-fix-leaking-of-v-cpu_affinity_saved-on-domain-destruction.patch + 5289d225-nested-VMX-don-t-ignore-mapping-errors.patch + 528a0eb0-x86-consider-modules-when-cutting-off-memory.patch + 528f606c-x86-hvm-reset-TSC-to-0-after-domain-resume-from-S3.patch + 528f609c-x86-crash-disable-the-watchdog-NMIs-on-the-crashing-cpu.patch + 52932418-x86-xsave-fix-nonlazy-state-handling.patch +* Fri Nov 22 2013 carnold@suse.com +- bnc#851749 - Xen service file does not call xend properly + xend.service +* Fri Nov 22 2013 adrian@suse.de +- Add missing requires to pciutils package for xend-tools +* Tue Nov 19 2013 carnold@suse.com +- bnc#851386 - VUL-0: xen: XSA-78: Insufficient TLB flushing in + VT-d (iommu) code + 528a0e5b-TLB-flushing-in-dma_pte_clear_one.patch +* Tue Nov 19 2013 tbehrens@suse.com +- Make -devel package depend on libuuid-devel, since libxl.h + includes uuid.h +* Mon Nov 11 2013 carnold@suse.com +- bnc#849667 - VUL-0: xen: XSA-74: Lock order reversal between + page_alloc_lock and mm_rwlock + CVE-2013-4553-xsa74.patch +- bnc#849665 - VUL-0: CVE-2013-4551: xen: XSA-75: Host crash due to + guest VMX instruction execution + 52809208-nested-VMX-VMLANUCH-VMRESUME-emulation-must-check-permission-1st.patch +- bnc#849668 - VUL-0: xen: XSA-76: Hypercalls exposed to privilege + rings 1 and 2 of HVM guests + CVE-2013-4554-xsa76.patch +- Upstream patches from Jan + 52654798-x86-xsave-also-save-restore-XCR0-across-suspend-ACPI-S3.patch + 526e43d4-x86-refine-address-validity-checks-before-accessing-page-tables.patch + 526f786a-fix-locking-in-cpu_disable_scheduler.patch + 5277646c-x86-ACPI-x2APIC-guard-against-out-of-range-ACPI-or-APIC-IDs.patch + 5277a134-x86-make-sure-memory-block-is-RAM-before-passing-to-the-allocator.patch + 5278f7f9-x86-HVM-32-bit-IN-result-must-be-zero-extended-to-64-bits.patch + 527a0a05-call-sched_destroy_domain-before-cpupool_rm_domain.patch + 527cb7d2-x86-hvm-fix-restart-of-RTC-periodic-timer-with-vpt_align-1.patch + 527cb820-x86-EFI-make-trampoline-allocation-more-flexible.patch + 5280aae0-x86-idle-reduce-contention-on-ACPI-register-accesses.patch +* Mon Nov 4 2013 carnold@suse.com +- bnc#848657 - VUL-0: xen: CVE-2013-4494: XSA-73: Lock order + reversal between page allocation and grant table locks + 5277639c-gnttab-correct-locking-order-reversal.patch +* Thu Oct 31 2013 carnold@suse.com +- Update to Xen 4.3.1 +* Tue Oct 22 2013 carnold@suse.com +- domUloader can no longer be used with the xl toolstack to boot + sles10. Patch pygrub to get the kernel and initrd from the image. + pygrub-boot-legacy-sles.patch +* Mon Oct 21 2013 carnold@suse.com +- bnc#842515 - VUL-0: CVE-2013-4375: XSA-71: xen: qemu disk backend + (qdisk) resource leak + CVE-2013-4375-xsa71.patch +- bnc#845520 - VUL-0: CVE-2013-4416: xen: ocaml xenstored + mishandles oversized message replies + CVE-2013-4416-xsa72.patch +- Upstream patches from Jan + 52496bea-x86-properly-handle-hvm_copy_from_guest_-phys-virt-errors.patch (Replaces CVE-2013-4355-xsa63.patch) + 52496c11-x86-mm-shadow-Fix-initialization-of-PV-shadow-L4-tables.patch (Replaces CVE-2013-4356-xsa64.patch) + 52496c32-x86-properly-set-up-fbld-emulation-operand-address.patch (Replaces CVE-2013-4361-xsa66.patch) + 52497c6c-x86-don-t-blindly-create-L3-tables-for-the-direct-map.patch + 524e971b-x86-idle-Fix-get_cpu_idle_time-s-interaction-with-offline-pcpus.patch + 524e9762-x86-percpu-Force-INVALID_PERCPU_AREA-to-non-canonical.patch + 524e983e-Nested-VMX-check-VMX-capability-before-read-VMX-related-MSRs.patch + 524e98b1-Nested-VMX-fix-IA32_VMX_CR4_FIXED1-msr-emulation.patch + 524e9dc0-xsm-forbid-PV-guest-console-reads.patch + 5256a979-x86-check-segment-descriptor-read-result-in-64-bit-OUTS-emulation.patch + 5256be57-libxl-fix-vif-rate-parsing.patch + 5256be84-tools-ocaml-fix-erroneous-free-of-cpumap-in-stub_xc_vcpu_getaffinity.patch + 5256be92-libxl-fix-out-of-memory-error-handling-in-libxl_list_cpupool.patch + 5257a89a-x86-correct-LDT-checks.patch + 5257a8e7-x86-add-address-validity-check-to-guest_map_l1e.patch + 5257a944-x86-check-for-canonical-address-before-doing-page-walks.patch + 525b95f4-scheduler-adjust-internal-locking-interface.patch + 525b9617-sched-fix-race-between-sched_move_domain-and-vcpu_wake.patch + 525e69e8-credit-unpause-parked-vcpu-before-destroying-it.patch + 525faf5e-x86-print-relevant-tail-part-of-filename-for-warnings-and-crashes.patch +* Wed Oct 2 2013 jfehlig@suse.com +- Improvements to block-dmmd script + bnc#828623 +* Tue Oct 1 2013 carnold@suse.com +- bnc#840196 - L3: MTU size on Dom0 gets reset when booting DomU + with e1000 device + set-mtu-from-bridge-for-tap-interface.patch +* Mon Sep 30 2013 carnold@suse.com +- bnc#839596 - VUL-0: CVE-2013-1442: XSA-62: xen: Information leak + on AVX and/or LWP capable CPUs + 5242a1b5-x86-xsave-initialize-extended-register-state-when-guests-enable-it.patch +- bnc#840592 - VUL-0: CVE-2013-4355: XSA-63: xen: Information leaks + through I/O instruction emulation + CVE-2013-4355-xsa63.patch +- bnc#840593 - VUL-0: CVE-2013-4356: XSA-64: xen: Memory accessible + by 64-bit PV guests under live migration + CVE-2013-4356-xsa64.patch +- bnc#841766 - VUL-1: CVE-2013-4361: XSA-66: xen: Information leak + through fbld instruction emulation + CVE-2013-4361-xsa66.patch +- bnc#833796 - L3: Xen: migration broken from xsave-capable to + xsave-incapable host + 52205e27-x86-xsave-initialization-improvements.patch + 522dc0e6-x86-xsave-fix-migration-from-xsave-capable-to-xsave-incapable-host.patch +- bnc#839600 - [HP BCS SLES11 Bug]: In HP’s UEFI x86_64 platform and + sles11sp3 with xen environment, xen hypervisor will panic on + multiple blades nPar. + 523172d5-x86-fix-memory-cut-off-when-using-PFN-compression.patch +- bnc#833251 - [HP BCS SLES11 Bug]: In HP’s UEFI x86_64 platform + and with xen environment, in booting stage ,xen hypervisor will + panic. + 522d896b-x86-EFI-properly-handle-run-time-memory-regions-outside-the-1-1-map.patch +- bnc#834751 - [HP BCS SLES11 Bug]: In xen, “shutdown –y 0 –h” + cannot power off system + 522d896b-x86-EFI-properly-handle-run-time-memory-regions-outside-the-1-1-map.patch +- Upstream patches from Jan + 520119fc-xen-conring-Write-to-console-ring-even-if-console-lock-is-busted.patch + 520a2705-watchdog-crash-Always-disable-watchdog-in-console_force_unlock.patch + 522d8a1f-x86-allow-guest-to-set-clear-MSI-X-mask-bit-try-2.patch + 522dc044-xmalloc-make-whole-pages-xfree-clear-the-order-field-ab-used-by-xmalloc.patch + 522f2f9f-Nested-VMX-Clear-bit-31-of-IA32_VMX_BASIC-MSR.patch + 522f37b2-sched-arinc653-check-for-guest-data-transfer-failures.patch + 5231e090-libxc-x86-fix-page-table-creation-for-huge-guests.patch + 5231f00c-cpufreq-missing-check-of-copy_from_guest.patch + 523304b6-x86-machine_restart-must-not-call-acpi_dmar_reinstate-twice.patch + 5239a064-x86-HVM-fix-failure-path-in-hvm_vcpu_initialise.patch + 5239a076-VMX-fix-failure-path-in-construct_vmcs.patch + 523c0ed4-x86-HVM-properly-handle-wide-MMIO.patch + 523c1758-sched_credit-filter-node-affinity-mask-against-online-cpus.patch + 523ff393-x86-HVM-linear-address-must-be-canonical-for-the-whole-accessed-range.patch + 523ff3e2-x86-HVM-refuse-doing-string-operations-in-certain-situations.patch +* Wed Sep 25 2013 ohering@suse.de +- Use upstream version of unplugging in PVonHVM guests + add 523c1834-unmodified_drivers-enable-unplug-per-default.patch + remove disable_emulated_device.patch +* Wed Sep 25 2013 ohering@suse.de +- fate#315714 - Support pvUSB in Xen HVM guests, add xen-usb.ko +* Mon Sep 9 2013 carnold@suse.com +- Upstream patches from Jan + 521c6d4a-x86-don-t-allow-Dom0-access-to-the-MSI-address-range.patch + 521c6d6c-x86-don-t-allow-Dom0-access-to-the-HT-address-range.patch + 521c6e23-x86-Intel-add-support-for-Haswell-CPU-models.patch + 521db25f-Fix-inactive-timer-list-corruption-on-second-S3-resume.patch + 521e1156-x86-AVX-instruction-emulation-fixes.patch + 521ef8d9-AMD-IOMMU-add-missing-checks.patch + 52205a7d-hvmloader-smbios-Correctly-count-the-number-of-tables-written.patch + 52205a90-public-hvm_xs_strings.h-Fix-ABI-regression-for-OEM-SMBios-strings.patch + 52205e27-x86-xsave-initialization-improvements.patch + 5226020f-xend-handle-extended-PCI-configuration-space-when-saving-state.patch + 52260214-xend-fix-file-descriptor-leak-in-pci-utilities.patch + 52285317-hvmloader-fix-SeaBIOS-interface.patch +* Tue Sep 3 2013 carnold@suse.com +- bnc#837585 - xen* pkg update DISables `xencommons` and + `xendomains` systemd services + xen.spec +* Fri Aug 30 2013 ohering@suse.de +- remove unneeded patch, autoload is handled by PCI device, without + PCI device xen_platform_pci would not work anyway + xen.sles11sp1.fate311487.xen_platform_pci.dmistring.patch +* Fri Aug 30 2013 ohering@suse.de +- Update our xen-3.0.4 version of unplug code in qemu-trad + add comments about the usage of the code + rename handler function + reenable handlers for writing/reading from emulated PCI device +* Fri Aug 30 2013 ohering@suse.de +- Change unplugging of emulated devices in PVonHVM guests + Since 3.0.4 xen-platform-pci.ko triggerd the unplug by writing + to the PCI space of the emulated PCI device. 3.3 introduced an + official unplug protocol. The option to unplug wit the official + protocol is disabled per default. + Remove our version and enable the unplug via official protocol +* Fri Aug 30 2013 carnold@suse.com +- Upstream patches from Jan + 51e517e6-AMD-IOMMU-allocate-IRTEs.patch + 51e5183f-AMD-IOMMU-untie-remap-and-vector-maps.patch + 51e63df6-VMX-fix-interaction-of-APIC-V-and-Viridian-emulation.patch + 52146070-ACPI-fix-acpi_os_map_memory.patch + 5214d26a-VT-d-warn-about-CFI-being-enabled-by-firmware.patch + 5215d094-Nested-VMX-Check-whether-interrupt-is-blocked-by-TPR.patch + 5215d0c5-Nested-VMX-Force-check-ISR-when-L2-is-running.patch + 5215d135-Nested-VMX-Clear-APIC-v-control-bit-in-vmcs02.patch + 5215d2d5-Nested-VMX-Update-APIC-v-RVI-SVI-when-vmexit-to-L1.patch + 5215d8b0-Correct-X2-APIC-HVM-emulation.patch +- Dropped 520d417d-xen-Add-stdbool.h-workaround-for-BSD.patch +* Mon Aug 26 2013 carnold@suse.com +- bnc#836239 - SLES 11 SP3 Xen security patch does not + automatically update UEFI boot binary + xen.spec +* Tue Aug 20 2013 carnold@suse.com +- Upstream patches from Jan + 51d5334e-x86-mm-Ensure-useful-progress-in-alloc_l2_table.patch + 51dd155c-adjust-x86-EFI-build.patch + 51e63d80-x86-cpuidle-Change-logging-for-unknown-APIC-IDs.patch + 51e6540d-x86-don-t-use-destroy_xen_mappings-for-vunmap.patch + 51e7963f-x86-time-Update-wallclock-in-shared-info-when-altering-domain-time-offset.patch + 51ffd577-fix-off-by-one-mistakes-in-vm_alloc.patch + 51ffd5fd-x86-refine-FPU-selector-handling-code-for-XSAVEOPT.patch + 520114bb-Nested-VMX-Flush-TLBs-and-Caches-if-paging-mode-changed.patch + 520a5504-VMX-add-boot-parameter-to-enable-disable-APIC-v-dynamically.patch + 520a24f6-x86-AMD-Fix-nested-svm-crash-due-to-assertion-in-__virt_to_maddr.patch + 520a2570-x86-AMD-Inject-GP-instead-of-UD-when-unable-to-map-vmcb.patch + 520b4b60-VT-d-protect-against-bogus-information-coming-from-BIOS.patch + 520b4bda-x86-MTRR-fix-range-check-in-mtrr_add_page.patch + 520cb8b6-x86-time-fix-check-for-negative-time-in-__update_vcpu_system_time.patch + 520d417d-xen-Add-stdbool.h-workaround-for-BSD.patch +* Fri Aug 16 2013 carnold@suse.com +- The xencommons.service file handles the starting of xenstored + and xenconsoled. Drop the following services files as + unecessary. Update xendomains.service to reflect these changes. + xenstored.service + xenconsoled.service + blktapctrl.service +* Fri Aug 16 2013 carnold@suse.com +- Add xencommons.service to xendomains.service 'After' tag + xendomains.service +* Thu Aug 15 2013 carnold@suse.com +- Change the default bridge in xl.conf from xenbr0 to just br0 + xl-conf-default-bridge.patch +- Add network.target to xendomains.service 'After' tag + xendomains.service +* Wed Jul 31 2013 carnold@suse.com +- Spec file cleanups + xen.spec +- Renamed xend-sysconfig.patch to xencommons-sysconfig.patch +* Mon Jul 29 2013 carnold@suse.com +- Added support for systemd with the following service files + xenstored.service + blktapctrl.service + xend.service + xenconsoled.service + xen-watchdog.service + xendomains.service + xencommons.service +* Fri Jul 12 2013 carnold@suse.com +- Upstream patches from Jan + 51d277a3-x86-don-t-pass-negative-time-to-gtime_to_gtsc-try-2.patch + 51d27807-iommu-amd-Fix-logic-for-clearing-the-IOMMU-interrupt-bits.patch + 51d27841-iommu-amd-Workaround-for-erratum-787.patch + 51daa074-Revert-hvmloader-always-include-HPET-table.patch +* Fri Jul 12 2013 carnold@suse.com +- Dropped deprecated or unnecessary patches + pvdrv-import-shared-info.patch + minios-fixups.patch +* Tue Jul 9 2013 carnold@suse.com +- Update to Xen 4.3.0 FCS +* Fri Jul 5 2013 agraf@suse.com +- Enable ARM targets for Xen +* Thu Jun 27 2013 carnold@suse.com +- Update to Xen 4.3.0-rc6 +* Wed Jun 19 2013 carnold@suse.com +- Update to Xen 4.3.0-rc5 +* Fri Jun 14 2013 carnold@suse.com +- Update to Xen 4.3.0-rc4 +* Mon Jun 10 2013 carnold@suse.com +- Fix xen-utils compiler time warnings + xen-utils-0.1.tar.bz2 +* Fri Jun 7 2013 carnold@suse.com +- Enable building the KMPs + xen.spec +* Wed Jun 5 2013 carnold@suse.com +- Update to Xen 4.3.0-rc3 +* Fri May 31 2013 carnold@suse.com +- bnc#801663 - performance of mirror lvm unsuitable for production + block-dmmd +* Thu May 30 2013 carnold@suse.com +- Update to Xen 4.3.0-rc2 +* Wed May 15 2013 carnold@suse.com +- The xend toolstack is now deprecated and unsupported. Consolidate + all xend and traditional qemu patches into one patch file. + Rename '.diff' patches to '.patch' and reoder others. + xend-traditional-qemu.patch +* Tue May 14 2013 carnold@suse.com +- Create a xend-tools package for the legacy xend toolstack and + traditional qemu files. +* Mon May 13 2013 carnold@suse.com +- Update to Xen 4.3.0-rc1 c/s 27068 + Drop all upstream changeset patches now included in 4.3 tarball +- Removed the doc-pdf RPM as there are no more PDFs to include + since the docs/xen-api sources were dropped. +* Tue May 7 2013 carnold@suse.com +- bnc#818183 - VUL-0: xen: CVE-2013-2007: XSA-51: qga set umask + 0077 when daemonizing + CVE-2013-2007-xsa51-1.patch + CVE-2013-2007-xsa51-2.patch +* Mon May 6 2013 ohering@suse.de +- add lndir to BuildRequires +* Mon May 6 2013 ohering@suse.de +- remove xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch + It changed migration protocol and upstream wants a different solution +* Sun May 5 2013 ohering@suse.de +- bnc#802221 - fix xenpaging + readd xenpaging.qemu.flush-cache.patch +* Thu May 2 2013 carnold@suse.com +- bnc#808269 - Fully Virtualized Windows VM install is failed on + Ivy Bridge platforms with Xen kernel + 26754-hvm-Improve-APIC-INIT-SIPI-emulation.patch +* Tue Apr 30 2013 carnold@suse.com +- Upstream patches from Jan + 26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch + 26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch +- Additional fix for bnc#816159 + CVE-2013-1918-xsa45-followup.patch +* Mon Apr 29 2013 cyliu@suse.com +- bnc#817068 - Xen guest with >1 sr-iov vf won't start + xen-managed-pci-device.patch +* Mon Apr 29 2013 carnold@suse.com +- Update to Xen 4.2.2 c/s 26064 + The following recent security patches are included in the tarball + CVE-2013-0151-xsa34.patch (bnc#797285) + CVE-2012-6075-xsa41.patch (bnc#797523) + CVE-2013-1917-xsa44.patch (bnc#813673) + CVE-2013-1919-xsa46.patch (bnc#813675) +* Wed Apr 24 2013 carnold@suse.com +- Upstream patch from Jan + 26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch +* Fri Apr 19 2013 carnold@suse.com +- bnc#816159 - VUL-0: xen: CVE-2013-1918: XSA-45: Several long + latency operations are not preemptible + CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch + CVE-2013-1918-xsa45-2-new-guest-cr3-preemptible.patch + CVE-2013-1918-xsa45-3-new-user-base-preemptible.patch + CVE-2013-1918-xsa45-4-vcpu-reset-preemptible.patch + CVE-2013-1918-xsa45-5-set-info-guest-preemptible.patch + CVE-2013-1918-xsa45-6-unpin-preemptible.patch + CVE-2013-1918-xsa45-7-mm-error-paths-preemptible.patch +- bnc#816163 - VUL-0: xen: CVE-2013-1952: XSA-49: VT-d interrupt + remapping source validation flaw for bridges + CVE-2013-1952-xsa49.patch +* Thu Apr 18 2013 cyliu@suse.com +- bnc#809662 - can't use pv-grub to start domU (pygrub does work) + xen.spec +* Mon Apr 15 2013 carnold@suse.com +- bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 + on Kyoto + xend-cpuinfo-model-name.patch +* Mon Apr 15 2013 carnold@suse.com +- bnc#813673 - VUL-0: CVE-2013-1917: xen: Xen PV DoS vulnerability with + SYSENTER + CVE-2013-1917-xsa44.patch +- bnc#813675 - VUL-0: CVE-2013-1919: xen: Several access permission + issues with IRQs for unprivileged guests + CVE-2013-1919-xsa46.patch +- bnc#814059 - VUL-1: xen: qemu-nbd format-guessing due to missing + format specification + CVE-2013-1922-xsa48.patch +- Upstream patches from Jan + 26749-x86-reserve-pages-when-SandyBridge-integrated-graphics.patch + 26751-x86-EFI-permit-setting-variable-with-non-zero-attributes.patch + 26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch + 26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vectors.patch + 26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch + 26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mode.patch + 26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap-pages.patch + 26774-defer-event-channel-bucket-pointer-store-until-after-XSM-checks.patch + 26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch +* Thu Apr 4 2013 carnold@suse.com +- bnc#813156 - IndentationError in XendCheckpoint.py + xend-domain-lock.patch +* Tue Apr 2 2013 ohering@suse.de +- bnc#797014 - no way to control live migrations +- bnc#803712 - after live migration rcu_sched_state detected stalls + xen.migrate.tools-xend_move_assert_to_exception_block.patch + xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch + xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch + xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch +* Tue Mar 26 2013 carnold@suse.com +- bnc#811764 - XEN (hypervisor or kernel) has a problem with EFI + variable services + x86-EFI-set-variable-permit-attrs.patch +- Upstream patches from Jan + 26060-ACPI-ERST-table-size-checks.patch + 26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch + 26702-powernow-add-fixups-for-AMD-P-state-figures.patch + 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch (bnc#805579) + 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch + 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch + 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch + 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch + 26737-ACPI-APEI-Add-apei_exec_run_optional.patch + 26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch + 26743-VT-d-deal-with-5500-5520-X58-errata.patch (bnc#801910) + 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch +* Thu Mar 14 2013 jfehlig@suse.com +- Load blktap module in xencommons init script. blktap2 doesn't + support qcow2, so blktap is needed to support domains with + 'tap:qcow2' disk configurations. + modified tmp-initscript-modprobe.patch +* Thu Mar 14 2013 carnold@suse.com +- bnc#809203 - xen.efi isn't signed with SUSE Secure Boot key + xen.spec +* Mon Mar 11 2013 jfehlig@suse.com +- Fix adding managed PCI device to an inactive domain + modified xen-managed-pci-device.patch +* Mon Mar 11 2013 jfehlig@suse.com +- bnc#805094 - xen hot plug attach/detach fails + modified blktap-pv-cdrom.patch +* Mon Mar 11 2013 jfehlig@suse.com +- bnc# 802690 - domain locking can prevent a live migration from + completing + modified xend-domain-lock.patch +* Fri Mar 8 2013 ohering@suse.de +- bnc#797014 - no way to control live migrations + 26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch + xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch + xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch + xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch + xen.migrate.tools_set_migration_constraints_from_cmdline.patch + xen.migrate.tools_add_xm_migrate_--log_progress_option.patch +* Thu Mar 7 2013 carnold@suse.com +- Upstream patches from Jan + 26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch + 26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch + 26601-honor-ACPI-v4-FADT-flags.patch + 26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch + 26659-AMD-IOMMU-erratum-746-workaround.patch + 26660-x86-fix-CMCI-injection.patch + 26672-vmx-fix-handling-of-NMI-VMEXIT.patch + 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch + 26676-fix-compat-memory-exchange-op-splitting.patch + 26677-x86-make-certain-memory-sub-ops-return-valid-values.patch + 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch + 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch + 26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch + 26689-fix-domain-unlocking-in-some-xsm-error-paths.patch +* Tue Mar 5 2013 carnold@suse.com +- fate#313584: pass bios information to XEN HVM guest + xend-hvm-firmware-passthrough.patch +* Mon Mar 4 2013 ohering@suse.de +- bnc#806736: enabling xentrace crashes hypervisor + 26686-xentrace_fix_off-by-one_in_calculate_tbuf_size.patch +* Thu Feb 28 2013 ohering@suse.de +- update xenalyze to revision 149 + Make eip_list output more useful + Use correct length when copying record into buffer + decode PV_HYPERCALL_SUBCALL events + decode PV_HYPERCALL_V2 records + Analyze populate-on-demand reclamation patterns + Handle 64-bit MMIO + Also strip write bit when processing a generic event + Make the warnigns in hvm_generic_postprocess more informative + Don't warn about switching paging levels unless verbosity>=6 + Process NPFs as generic for summary purposes + Add HVM_EVENT_VLAPIC +* Wed Feb 20 2013 jfehlig@suse.com +- Add upstream patch to fix vfb/vkb initialization in libxl + 26369-libxl-devid.patch +* Tue Feb 19 2013 carnold@suse.com +- fate##313584: pass bios information to XEN HVM guest + 26554-hvm-firmware-passthrough.patch + 26555-hvm-firmware-passthrough.patch + 26556-hvm-firmware-passthrough.patch +* Tue Feb 19 2013 carnold@suse.com +- Upstream patches from Jan + 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) + 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) + 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) + 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) + 26526-pvdrv-no-devinit.patch + 26529-gcc48-build-fix.patch + 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) + 26532-AMD-IOMMU-phantom-MSI.patch + 26536-xenoprof-div-by-0.patch + 26576-x86-APICV-migration.patch + 26577-x86-APICV-x2APIC.patch + 26578-AMD-IOMMU-replace-BUG_ON.patch +* Mon Feb 18 2013 ohering@suse.de +- bnc#797014 - no way to control live migrations + 26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch + 26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch + 26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch + 26550-tools-xc_restore_logging_in_xc_save.patch + 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch +* Mon Feb 11 2013 mmarek@suse.cz +- Set $BRP_PESIGN_FILES in the %%install section so that modules + are signed in the buildservice (fate#314552). +* Mon Feb 11 2013 ohering@suse.de +- PVonHVM: __devinit was removed in linux-3.8 +* Wed Feb 6 2013 jfehlig@suse.com +- Add 'managed' PCI passthrough support to xend, allowing support + for the same through libvirt + xen-managed-pci-device.patch + FATE#313570 +* Tue Feb 5 2013 carnold@suse.com +- Upstream patches from Jan + 26287-sched-credit-pick-idle.patch + 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) + 26370-libxc-x86-initial-mapping-fit.patch + 26395-x86-FPU-context-conditional.patch + 26404-x86-forward-both-NMI-kinds.patch + 26418-x86-trampoline-consider-multiboot.patch + 26427-x86-AMD-enable-WC+.patch + 26428-x86-HVM-RTC-update.patch + 26440-x86-forward-SERR.patch + 26443-ACPI-zap-DMAR.patch + 26444-x86-nHVM-no-self-enable.patch (Replaces CVE-2013-0152-xsa35.patch) + 26501-VMX-simplify-CR0-update.patch + 26502-VMX-disable-SMEP-when-not-paging.patch +* Fri Feb 1 2013 carnold@suse.com +- bnc#800275 - VUL-0: XSA-36: CVE-2013-0153: xen: interrupt remap + entries shared and old ones not cleared on AMD IOMMUs + CVE-2013-0153-xsa36.patch +* Wed Jan 30 2013 mmarek@suse.cz +- Add # needssslcertforbuild to the specfile, to make the UEFI + signing certificate available during build (fate#314511, fate#314552). +* Fri Jan 25 2013 jfehlig@suse.com +- bnc#798188 - Add $network to xend initscript dependencies +* Thu Jan 24 2013 jfehlig@suse.com +- Add upstream patches to fix libxl bugs. These patches have + already been posted for inclusion in xen-4.2-testing. + 25912-partial-libxl.patch + 26372-tools-paths.patch + 26468-libxl-race.patch + 26469-libxl-race.patch +* Tue Jan 22 2013 carnold@novell.com +- bnc#797285 - VUL-0: Xen: XSA-34 (CVE-2013-0151) - nested + virtualization on 32-bit exposes host crash + CVE-2013-0151-xsa34.patch +- bnc#797287 - VUL-0: Xen: XSA-35 (CVE-2013-0152) - Nested HVM + exposes host to being driven out of memory by guest + CVE-2013-0152-xsa35.patch +* Thu Jan 17 2013 carnold@novell.com +- bnc#793717 - NetWare will not boot on Xen 4.2 + xnloader.py + domUloader.py + pygrub-netware-xnloader.patch + Removed reverse-24757-use-grant-references.patch +* Wed Jan 16 2013 carnold@novell.com +- bnc#797523 - VUL-1: CVE-2012-6075: qemu / kvm-qemu: e1000 + overflows under some conditions + CVE-2012-6075-xsa41.patch +* Tue Jan 15 2013 carnold@novell.com +- Mask the floating point exceptions for guests like NetWare on + machines that support XSAVE. + x86-fpu-context-conditional.patch +* Mon Jan 14 2013 carnold@novell.com +- fate##313584: pass bios information to XEN HVM guest + 26341-hvm-firmware-passthrough.patch + 26342-hvm-firmware-passthrough.patch + 26343-hvm-firmware-passthrough.patch + 26344-hvm-firmware-passthrough.patch +* Tue Jan 8 2013 carnold@novell.com +- bnc#787169 - L3: Marvell 88SE9125 disk controller not detecting + disk in Xen kernel + 26133-IOMMU-defer-BM-disable.patch + 26324-IOMMU-assign-params.patch + 26325-IOMMU-add-remove-params.patch + 26326-VT-d-context-map-params.patch + 26327-AMD-IOMMU-flush-params.patch + 26328-IOMMU-pdev-type.patch + 26329-IOMMU-phantom-dev.patch + 26330-VT-d-phantom-MSI.patch + 26331-IOMMU-phantom-dev-quirk.patch +- Upstream patches from Jan + 26294-x86-AMD-Fam15-way-access-filter.patch + 26320-IOMMU-domctl-assign-seg.patch + 26332-x86-compat-show-guest-stack-mfn.patch + 26333-x86-get_page_type-assert.patch +* Mon Dec 17 2012 carnold@novell.com +- bnc#794316 - VUL-0: CVE-2012-5634: xen: VT-d interrupt remapping + source validation flaw (XSA-33) + CVE-2012-5634-xsa33.patch +* Mon Dec 17 2012 carnold@novell.com +- Update to Xen 4.2.1 c/s 25952 +* Tue Dec 11 2012 carnold@novell.com +- Upstream patches from Jan + 26195-x86-compat-atp-gmfn-range-cont.patch + 26196-ACPI-set-PDC-bits-rc.patch + 26200-IOMMU-debug-verbose.patch + 26203-x86-HAP-dirty-vram-leak.patch + 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) + 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) + 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) + 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) + 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) + 26234-x86-page-from-gfn-pv.patch (Replaces CVE-2012-5525-xsa32.patch) + 26235-IOMMU-ATS-max-queue-depth.patch + 26252-VMX-nested-rflags.patch + 26253-VMX-nested-rdtsc.patch + 26254-VMX-nested-dr.patch + 26255-VMX-nested-ia32e-mode.patch + 26258-VMX-nested-intr-delivery.patch + 26260-x86-mmuext-errors.patch + 26262-x86-EFI-secure-shim.patch + 26266-sched-ratelimit-check.patch + 26272-x86-EFI-makefile-cflags-filter.patch +* Mon Dec 10 2012 carnold@novell.com +- bnc#757525 - domain destroyed on live migration with missing vif + on target machine + xen-migration-bridge-check.patch +* Thu Dec 6 2012 carnold@novell.com +- NetWare will not boot or install on Xen 4.2 + reverse-24757-use-grant-references.patch +* Fri Nov 30 2012 cyliu@suse.com +- fate#313222 - xenstore-chmod should support 256 permissions + 26189-xenstore-chmod.patch +* Tue Nov 27 2012 carnold@novell.com +- bnc#789945 - VUL-0: CVE-2012-5510: xen: Grant table version + switch list corruption vulnerability (XSA-26) + CVE-2012-5510-xsa26.patch +- bnc#789944 - VUL-0: CVE-2012-5511: xen: Several HVM operations do + not validate the range of their inputs (XSA-27) + CVE-2012-5511-xsa27.patch +- bnc#789951 - VUL-0: CVE-2012-5513: xen: XENMEM_exchange may + overwrite hypervisor memory (XSA-29) + CVE-2012-5513-xsa29.patch +- bnc#789948 - VUL-0: CVE-2012-5514: xen: Missing unlock in + guest_physmap_mark_populate_on_demand() (XSA-30) + CVE-2012-5514-xsa30.patch +- bnc#789950 - VUL-0: CVE-2012-5515: xen: Several memory hypercall + operations allow invalid extent order values (XSA-31) + CVE-2012-5515-xsa31.patch +- bnc#789952 - VUL-0: CVE-2012-5525: xen: Several hypercalls do not + validate input GFNs (XSA-32) + CVE-2012-5525-xsa32.patch +- Upstream patches from Jan + 26129-ACPI-BGRT-invalidate.patch + 26132-tmem-save-NULL-check.patch + 26134-x86-shadow-invlpg-check.patch + 26139-cpumap-masking.patch + 26148-vcpu-timer-overflow.patch (Replaces CVE-2012-4535-xsa20.patch) + 26149-x86-p2m-physmap-error-path.patch (Replaces CVE-2012-4537-xsa22.patch) + 26150-x86-shadow-unhook-toplevel-check.patch (Replaces CVE-2012-4538-xsa23.patch) + 26151-gnttab-compat-get-status-frames.patch (Replaces CVE-2012-4539-xsa24.patch) + 26179-PCI-find-next-cap.patch + 26183-x86-HPET-masking.patch + 26188-x86-time-scale-asm.patch +* Wed Nov 21 2012 ohering@suse.de +- remove obsolete pv-driver-build.patch to fix build +* Sat Nov 17 2012 aj@suse.de +- Fix build with glibc 2.17: add patch xen-glibc217.patch, fix + configure for librt. +* Tue Nov 13 2012 jfehlig@suse.com +- bnc#777628 - guest "disappears" after live migration + Updated block-dmmd script +* Fri Nov 9 2012 carnold@novell.com +- Fix exception in balloon.py and osdep.py + xen-max-free-mem.diff +* Tue Nov 6 2012 carnold@novell.com +- fate#311966: Fix XEN VNC implementation to correctly map keyboard + layouts + VNC-Support-for-ExtendedKeyEvent-client-message.patch +* Tue Oct 30 2012 ohering@suse.de +- fate#310510 - fix xenpaging + restore changes to integrate paging into xm/xend + xenpaging.autostart.patch + xenpaging.doc.patch +* Mon Oct 29 2012 carnold@novell.com +- bnc#787163 - VUL-0: CVE-2012-4544: xen: Domain builder Out-of- + memory due to malicious kernel/ramdisk (XSA 25) + CVE-2012-4544-xsa25.patch +- bnc#779212 - VUL-0: CVE-2012-4411: XEN / qemu: guest + administrator can access qemu monitor console (XSA-19) + CVE-2012-4411-xsa19.patch +* Thu Oct 25 2012 carnold@novell.com +- bnc#786516 - VUL-0: CVE-2012-4535: xen: Timer overflow DoS + vulnerability + CVE-2012-4535-xsa20.patch +- bnc#786518 - VUL-0: CVE-2012-4536: xen: pirq range check DoS + vulnerability + CVE-2012-4536-xsa21.patch +- bnc#786517 - VUL-0: CVE-2012-4537: xen: Memory mapping failure + DoS vulnerability + CVE-2012-4537-xsa22.patch +- bnc#786519 - VUL-0: CVE-2012-4538: xen: Unhooking empty PAE + entries DoS vulnerability + CVE-2012-4538-xsa23.patch +- bnc#786520 - VUL-0: CVE-2012-4539: xen: Grant table hypercall + infinite loop DoS vulnerability + CVE-2012-4539-xsa24.patch +- bnc#784087 - L3: Xen BUG at io_apic.c:129 + 26102-x86-IOAPIC-legacy-not-first.patch +* Wed Oct 24 2012 carnold@novell.com +- Upstream patches from Jan + 25920-x86-APICV-enable.patch + 25921-x86-APICV-delivery.patch + 25922-x86-APICV-x2APIC.patch + 25957-x86-TSC-adjust-HVM.patch + 25958-x86-TSC-adjust-sr.patch + 25959-x86-TSC-adjust-expose.patch + 25975-x86-IvyBridge.patch + 25984-SVM-nested-paging-mode.patch + 26054-x86-AMD-perf-ctr-init.patch + 26055-x86-oprof-hvm-mode.patch + 26056-page-alloc-flush-filter.patch + 26061-x86-oprof-counter-range.patch + 26062-ACPI-ERST-move-data.patch + 26063-x86-HPET-affinity-lock.patch + 26095-SVM-nested-leak.patch + 26096-SVM-nested-vmexit-emul.patch + 26098-perfc-build.patch +* Mon Oct 22 2012 ohering@suse.de +- handle possible asprintf failures in log-guest-console.patch +* Mon Oct 22 2012 ohering@suse.de +- bnc#694863 - kexec fails in xen + 26093-hvm_handle_PoD_and_grant_pages_in_HVMOP_get_mem_type.patch +* Thu Oct 18 2012 carnold@novell.com +- fate#312709: Pygrub needs to know which entry to select + 26114-pygrub-list-entries.patch +* Thu Oct 18 2012 ohering@suse.de +- merge changes fron xen-unstable, obsolete our changes + 26077-stubdom_fix_compile_errors_in_grub.patch + 26078-hotplug-Linux_remove_hotplug_support_rely_on_udev_instead.patch + 26079-hotplug-Linux_close_lockfd_after_lock_attempt.patch + 26081-stubdom_fix_rpmlint_warning_spurious-executable-perm.patch + 26082-blktap2-libvhd_fix_rpmlint_warning_spurious-executable-perm.patch + 26083-blktap_fix_rpmlint_warning_spurious-executable-perm.patch + 26084-hotplug_install_hotplugpath.sh_as_data_file.patch + 26085-stubdom_install_stubdompath.sh_as_data_file.patch + 26086-hotplug-Linux_correct_sysconfig_tag_in_xendomains.patch + 26087-hotplug-Linux_install_sysconfig_files_as_data_files.patch + 26088-tools_xend_fix_wrong_condition_check_for_xml_file.patch +* Tue Oct 16 2012 carnold@novell.com +- fate#311966: Fix XEN VNC implementation to correctly map keyboard + layouts + VNC-Support-for-ExtendedKeyEvent-client-message.patch +* Mon Oct 15 2012 ohering@suse.de +- workaround bash bug in locking.sh:claim_lock, close fd +* Sat Oct 13 2012 ohering@suse.de +- fix incorrect self-provides/obsoletes of xen-tools-ioemu +* Tue Oct 9 2012 carnold@novell.com +- bnc#783847 - Virtualization/xen: Bug Xen 4.2 'xendomins' init + script incorrectly Requires 'xend' service when using 'xl' + toolstack + init.xendomains +* Mon Oct 8 2012 carnold@novell.com +- bnc#782835 - Xen HVM Guest fails (errors) to launch on Opensuse + 12.2 + Xen 4.2 + 'xl' toolstack + xen-pygrub-grub-args.patch +* Mon Oct 8 2012 ohering@suse.de +- backport parallel build support for stubdom +- rename 5 patches which were merged upstream +* Fri Oct 5 2012 ohering@suse.de +- remove more obsolete changes: + CFLAGS passing to qemu-traditional, PYTHON_PREFIX_ARG handling + and pygrub installation +* Fri Oct 5 2012 ohering@suse.de +- update blktap-pv-cdrom.patch + handle allocation errors in asprintf to fix compile errors + handle value returned from xs_read properly + remove casts from void pointers +* Fri Oct 5 2012 ohering@suse.de +- update xenalyze to revision 138 + Fix dump time calculation overflow + move struct record_info into a header + correctly display of count of HW events + update trace.h to match xen-unstable + Remove vestigal HW_IRQ trace records + Remove decode of PV_UPDATE_VA_MAPPING + automatically generate dependencies + Get rid of redundant hvm dump_header + Introduce more efficient read mechanism + Eliminate unnecessary cycles_to_time calculation + Rework math to remove two 64-bit divisions + Enable -O2 optimization level + Remove --dump-cooked + Remove spurious dump_header construction + Improve record-sorting algorithm + Use long to cast into and out of pointers + Make max_active_pcpu calculation smarter + Optimize pcpu_string + Enable more cr3 output + Sort cr3 enumerated values by start time + Add option to skip vga range in MMIO enumeration + Handle MMIO records from different vmexits + Relocate pio and mmio enumaration structs to their own sub-struct + Handle new hvm_event traces + Introduce generic summary functionality + Function-ize setting of h->post_process + Reorganize cr trace handling + Allow several summary handlers to register on a single vmexit + Get rid of all tabs in xenalyze.c + Handle new IRQ tracing + Decrease verbosity + Print exit reason number if no string is available + Fix minor summary issue + Add string for TPR_BELOW_THRESHOLD + Raise MAX_CPUS to 256 cpus. + Add --report-pcpu option to report physical cpu utilization. + increase MAX_CPUS + Handle RUNSTATE_INIT in domain_runstate calculation +* Fri Oct 5 2012 ohering@suse.de +- update RPM_OPT_FLAGS handling in spec file + pass EXTRA_CFLAGS via environment +* Fri Oct 5 2012 ohering@suse.de +- remove obsolete xencommons-proc-xen.patch +* Mon Oct 1 2012 carnold@novell.com +- Upstream patches from Jan + 25927-x86-domctl-ioport-mapping-range.patch + 25929-tmem-restore-pool-version.patch + 25931-x86-domctl-iomem-mapping-checks.patch + 25940-x86-S3-flush-cache.patch + 25952-x86-MMIO-remap-permissions.patch + 25961-x86-HPET-interrupts.patch + 25962-x86-assign-irq-vector-old.patch + 25965-x86-ucode-Intel-resume.patch +* Tue Sep 25 2012 ohering@suse.de +- pygrub: always append --args + 25941-pygrub_always_append_--args.patch +* Mon Sep 24 2012 ohering@suse.de +- use BuildRequires: gcc46 only in sles11sp2 or 12.1 to fix build + in 11.4 +* Wed Sep 19 2012 carnold@novell.com +- Upstream patches from Jan + 25833-32on64-bogus-pt_base-adjust.patch + 25835-adjust-rcu-lock-domain.patch + 25836-VT-d-S3-MSI-resume.patch + 25850-tmem-xsa-15-1.patch + 25851-tmem-xsa-15-2.patch + 25852-tmem-xsa-15-3.patch + 25853-tmem-xsa-15-4.patch + 25854-tmem-xsa-15-5.patch + 25855-tmem-xsa-15-6.patch + 25856-tmem-xsa-15-7.patch + 25857-tmem-xsa-15-8.patch + 25858-tmem-xsa-15-9.patch + 25859-tmem-missing-break.patch + 25860-tmem-cleanup.patch + 25861-x86-early-fixmap.patch + 25862-sercon-non-com.patch + 25863-sercon-ehci-dbgp.patch + 25864-sercon-unused.patch + 25866-sercon-ns16550-pci-irq.patch + 25867-sercon-ns16550-parse.patch + 25874-x86-EFI-chain-cfg.patch + 25909-xenpm-consistent.patch +* Tue Sep 18 2012 carnold@novell.com +- Fixed the 32bit build. +* Mon Sep 17 2012 carnold@novell.com +- Update to Xen 4.2.0 FCS c/s 25844 +* Fri Sep 7 2012 ohering@suse.de +- unmodified_drivers: handle IRQF_SAMPLE_RANDOM, it was removed + in 3.6-rc1 +* Wed Sep 5 2012 jfehlig@suse.com +- bnc#778105 - first XEN-PV VM fails to spawn + xend: Increase wait time for disk to appear in host bootloader + Modified existing xen-domUloader.diff +* Thu Aug 30 2012 carnold@novell.com +- Disable the snapshot patches. Snapshot only supported the qcow2 + image format which was poorly implemented qemu 0.10.2. Snapshot + support may be restored in the future when the newer upstream + qemu is used by Xen. +* Tue Aug 28 2012 ohering@suse.de +- bnc#776995 - attaching scsi control luns with pvscsi + - xend/pvscsi: fix passing of SCSI control LUNs + xen-bug776995-pvscsi-no-devname.patch + - xend/pvscsi: fix usage of persistant device names for SCSI devices + xen-bug776995-pvscsi-persistent-names.patch + - xend/pvscsi: update sysfs parser for Linux 3.0 + xen-bug776995-pvscsi-sysfs-parser.patch +* Thu Aug 23 2012 carnold@novell.com +- Update to Xen 4.2.0 RC3+ c/s 25779 +* Tue Aug 21 2012 carnold@novell.com +- Update to Xen 4.2.0 RC2+ c/s 25765 +* Mon Aug 20 2012 ohering@suse.de +-bnc#766284 - compiled-in ata_piix driver issues with PVonHVM guests + Update xen_pvdrivers.conf to match not only libata but also ata_piix + This avoids IO errors in the piix driver caused by unplugged hardware +* Fri Aug 10 2012 carnold@novell.com +- Update to Xen 4.1.3 c/s 23336 +* Mon Jul 30 2012 carnold@novell.com +- Upstream or pending upstream patches from Jan + 25587-fix-off-by-one-parsing-error.patch + 25616-x86-MCi_CTL-default.patch + 25617-vtd-qinval-addr.patch + 25688-x86-nr_irqs_gsi.patch +* Sun Jul 29 2012 aj@suse.de +- Build all files with optimization (fortify source does not work + with -O0). +* Fri Jul 27 2012 carnold@novell.com +- bnc#773393 - VUL-0: CVE-2012-3433: xen: HVM guest destroy p2m + teardown host DoS vulnerability + CVE-2012-3433-xsa11.patch +- bnc#773401 - VUL-1: CVE-2012-3432: xen: HVM guest user mode MMIO + emulation DoS + 25682-x86-inconsistent-io-state.patch +* Wed Jul 18 2012 carnold@novell.com +- bnc#762484 - VUL-1: CVE-2012-2625: xen: pv bootloader doesn't + check the size of the bzip2 or lzma compressed kernel, leading to + denial of service + 25589-pygrub-size-limits.patch +* Tue Jul 10 2012 werner@suse.de +- Make it build with latest TeXLive 2012 with new package layout +* Fri Jun 15 2012 carnold@novell.com +- bnc#767273 - unsupported /var/lock/subsys is still used by xendomains + init.xendomains +* Tue Jun 12 2012 carnold@novell.com +- bnc#766283 - opensuse 12.2 pv guests can not start after + installation due to lack of grub2 support in the host + 24000-pygrub-grub2.patch + 24001-pygrub-grub2.patch + 24002-pygrub-grub2.patch +* Mon Jun 11 2012 carnold@novell.com +- Upstream pygrub patches for grub2 support and fixes + 23686-pygrub-solaris.patch + 23697-pygrub-grub2.patch + 23944-pygrub-debug.patch + 23998-pygrub-GPT.patch + 23999-pygrub-grub2.patch + 24064-pygrub-HybridISO.patch + 24401-pygrub-scrolling.patch + 24402-pygrub-edit-fix.patch + 24460-pygrub-extlinux.patch + 24706-pygrub-extlinux.patch +* Wed Jun 6 2012 carnold@novell.com +- Revised version of security patch and an additional patch for + bnc#764077 + x86_64-AMD-erratum-121.patch + x86_64-allow-unsafe-adjust.patch +* Wed Jun 6 2012 ohering@suse.de +- remove dummy asm/smp-processor-id.h +* Tue May 29 2012 jsmeix@suse.de +- removed dummy xenapi.tex which was added because of bnc#750679 + (see the below entry dated "Mon Apr 2 13:07:20 CEST 2012") + because "ps2pdf xenapi.ps xenapi.pdf" failed only for + Ghostscript version 9.04 (now we have Ghostscript 9.05). +* Fri May 25 2012 carnold@novell.com +- bnc#764077 - VUL-0: EMBARGOED: xen: XSA-9: denial of service on + older AMD systems + x86_64-AMD-erratum-121.patch +- Revised version of security patch for bnc#757537 + x86_64-sysret-canonical.patch +* Tue May 15 2012 carnold@novell.com +- Upstream patches from Jan + 25242-x86_64-hotplug-compat-m2p.patch + 25247-SVM-no-rdtsc-intercept.patch + 25267-x86-text-unlikely.patch + 25269-x86-vMCE-addr-misc-write.patch + 25271-x86_64-IST-index.patch + 25327-pvdrv-no-asm-system-h.patch +* Mon May 14 2012 ohering@suse.de +- add dummy asm/smp-processor-id.h for kernel-source 3.4-rcX +* Sun May 13 2012 ohering@suse.de +- remove inclusion of asm/system.h from platform-pci.c +* Tue Apr 24 2012 carnold@novell.com +- Upstream patches from Jan + 25168-x86-memset-size.patch + 25191-x86-tdt-delta-calculation.patch + 25195-x86-cpuidle-C2-no-flush-or-bm-check.patch + 25196-x86-HAP-PAT-sr.patch + 25200-x86_64-trap-bounce-flags.patch +* Thu Apr 19 2012 carnold@novell.com +- bnc#757537 - VUL-0: xen: CVE-2012-0217 PV guest escalation + x86_64-sysret-canonical.patch +- bnc#757970 - VUL-1: xen: guest denial of service on syscall GPF + generation + x86_64-trap-bounce-flags.patch +* Tue Apr 3 2012 carnold@novell.com +- Upstream patches from Jan + 25098-x86-emul-lock-UD.patch + 25101-x86-hpet-disable.patch + ioemu-9877-MSI-X-device-cleanup.patch +* Mon Apr 2 2012 ohering@suse.de +- bnc#750679 - "ps2pdf xenapi.ps xenapi.pdf" fails for user abuild in Factory + add dummy xenapi.tex until ghostscript is fixed +* Wed Mar 28 2012 ohering@suse.de +- remove vcd.o rule from PVonHVM Makefile, not needed anymore +* Tue Mar 20 2012 carnold@novell.com +- bnc#753165 - xen/scripts/network-bridge wont create bridge + bridge-bonding.diff +* Mon Mar 19 2012 carnold@novell.com +- Upstream patches from Jan + 24950-gnttab-copy-mapped.patch + 24970-x86-cpuidle-deny-port-access.patch + 24996-x86-cpuidle-array-overrun.patch + 25041-tapdisk2-create-init-name.patch +* Wed Mar 14 2012 ohering@suse.de +- use BuildRequires: gcc46 only in sles11sp2 to avoid issues + when gcc47 and newer is the distro default +* Mon Feb 27 2012 jfehlig@suse.com +- bnc#745880 - cpuid setting is not preserved across xend restarts + xend-cpuid.patch +* Mon Feb 27 2012 jfehlig@suse.com +- Rename 2XXXX-vif-bridge.patch -> vif-bridge-tap-fix.patch +* Mon Feb 27 2012 carnold@novell.com +- bnc#747331 - XEN: standard "newburn" kernel QA stress test on guest + (+ smartd on Dom0?) freezes the guest + 24883-x86-guest-walk-not-present.patch +- bnc#745367 - MCE bank handling during migration + 24781-x86-vmce-mcg_ctl.patch + 24886-x86-vmce-mcg_ctl-default.patch + 24887-x86-vmce-sr.patch +- bnc#744771 - L3: VM with passed through PCI card fails to reboot + under dom0 load + 24888-pci-release-devices.patch +- Upstream patches from Jan + 24517-VT-d-fault-softirq.patch + 24527-AMD-Vi-fault-softirq.patch + 24535-x86-vMSI-misc.patch + 24615-VESA-lfb-flush.patch + 24690-x86-PCI-SERR-no-deadlock.patch + 24701-gnttab-map-grant-ref-recovery.patch + 24742-gnttab-misc.patch + 24780-x86-paging-use-clear_guest.patch + 24805-x86-MSI-X-dom0-ro.patch + ioemu-9869-MSI-X-init.patch + ioemu-9873-MSI-X-fix-unregister_iomem.patch +* Sat Feb 25 2012 ohering@suse.de +- add BuildRequires: libuuid-devel +* Tue Feb 14 2012 carnold@novell.com +- bnc#746702 - Xen HVM DomU crash during Windows Server 2008 R2 + install, when maxmem > memory + README.SuSE +* Wed Feb 8 2012 jfehlig@suse.com +- bnc#745005 - Update vif configuration examples in xmexample* + Updated xen-xmexample.diff +* Thu Feb 2 2012 jfehlig@suse.com +- bnc#743414 - using vifname is ignored when defining a xen virtual + interface with xl/libxl + 24459-libxl-vifname.patch +* Thu Feb 2 2012 carnold@novell.com +- bnc#740165 - VUL-0: kvm: qemu heap overflow in e1000 device + emulation (applicable to Xen qemu - CVE-2012-0029) + cve-2012-0029-qemu-xen-unstable.patch +* Wed Feb 1 2012 carnold@novell.com +- bnc#744014 - blank screen in SLES11 SP2 guest with a VF statically + assigned + ioemu-MSI-X-fix-unregister_iomem.patch +- Upstream patches from Jan + 24453-x86-vIRQ-IRR-TMR-race.patch + 24456-x86-emul-lea.patch +* Thu Jan 26 2012 ohering@suse.de +- fate#310510 - fix xenpaging + 24586-x86-mm_Properly_account_for_paged_out_pages.patch + 24609-tools-libxc_handle_fallback_in_linux_privcmd_map_foreign_bulk_properly.patch + 24610-xenpaging_make_file_op_largefile_aware.patch + xen-unstable.misc.linux_privcmd_map_foreign_bulk.retry_paged.patch + xenpaging.speedup-page-out.resume_pages.find_next_bit_set.patch + xenpaging.speedup-page-out.evict_pages.free_slot_stack.patch + xenpaging.speedup-page-out.policy_choose_victim.patch + update xenpaging.error-handling.patch, flush qemu cache not so often +* Thu Jan 26 2012 ohering@suse.de +- fate#310510 - fix xenpaging + 24566-tools-libxc_fix_error_handling_in_xc_mem_paging_load.patch +* Tue Jan 24 2012 ohering@suse.de +- fate#310510 - fix xenpaging + 24466-libxc_Only_retry_mapping_pages_when_ENOENT_is_returned.patch +* Mon Jan 23 2012 carnold@novell.com +- The xen kmp packages fail on the 09-check-packaged-twice script. + Rename xen_pvdrivers.conf to xen_pvdrivers-<kernel flavor>.conf +* Fri Jan 20 2012 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.speedup-page-in.gfn_to_slot.patch +* Wed Jan 18 2012 carnold@novell.com +- bnc#739585 - L3: Xen block-attach fails after repeated attach/detach + blktap-close-fifos.patch + blktap-disable-debug-printf.patch +* Fri Jan 13 2012 jfehlig@suse.com +- bnc#741159 - Fix default setting of XENSTORED_ROOTDIR in + xencommons init script + xencommons-xenstored-root.patch +* Thu Jan 12 2012 carnold@novell.com +- bnc#740625 - xen: cannot interact with xend after upgrade (SLES) +- bnc#738694 - xen: cannot interact with xend after upgrade (os12.1) +- Other README changes included. + README.SuSE +* Tue Jan 10 2012 ohering@suse.de +- bnc#694863 - kexec fails in xen + 24478-libxl_add_feature_flag_to_xenstore_for_XS_RESET_WATCHES.patch +* Mon Jan 9 2012 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.speedup-page-out.patch +* Tue Jan 3 2012 carnold@novell.com +- bnc#735806 - VF doesn't work after hot-plug for many times + 24448-x86-pt-irq-leak.patch +- Upstream patches from Jan + 24261-x86-cpuidle-Westmere-EX.patch + 24417-amd-erratum-573.patch + 24429-mceinj-tool.patch + 24447-x86-TXT-INIT-SIPI-delay.patch + ioemu-9868-MSI-X.patch +* Mon Jan 2 2012 ohering@suse.de +- bnc#732884 - remove private runlevel 4 from init scripts + xen.no-default-runlevel-4.patch +* Mon Dec 19 2011 carnold@novell.com +- bnc#727515 - Fragmented packets hang network boot of HVM guest + ipxe-gcc45-warnings.patch + ipxe-ipv4-fragment.patch + ipxe-enable-nics.patch +* Mon Dec 19 2011 ohering@suse.de +- fate#310510 - fix xenpaging + update xenpaging.autostart.patch, make changes with mem-swap-target + permanent + update xenpaging.doc.patch, mention issues with live migration +* Thu Dec 15 2011 ohering@suse.de +- fate#310510 - fix xenpaging + add xenpaging.evict_mmap_readonly.patch + update xenpaging.error-handling.patch, reduce debug output +* Thu Dec 15 2011 carnold@novell.com +- bnc#736824 - Microcode patches for AMD's 15h processors panic the + system + 24189-x86-p2m-pod-locking.patch + 24412-x86-AMD-errata-model-shift.patch + 24411-x86-ucode-AMD-Fam15.patch +* Wed Dec 14 2011 carnold@novell.com +- bnc#711219 - SR-IOV VF doesn't work in SLES11 sp2 guest + 24357-firmware-no-_PS0-_PS3.patch +- Upstream patches from Jan + 24153-x86-emul-feature-checks.patch + 24275-x86-emul-lzcnt.patch + 24277-x86-dom0-features.patch + 24278-x86-dom0-no-PCID.patch + 24282-x86-log-dirty-bitmap-leak.patch + 24359-x86-domU-features.patch + 24360-x86-pv-domU-no-PCID.patch + 24389-amd-fam10-gart-tlb-walk-err.patch + 24391-x86-pcpu-version.patch +* Thu Dec 8 2011 ohering@suse.de +- bnc#729208 - xenpaging=-1 doesn't work + xenpaging.doc.patch +* Thu Dec 8 2011 ohering@suse.de +- fate#310510 - fix xenpaging + readd xenpaging.qemu.flush-cache.patch +* Wed Dec 7 2011 jfehlig@suse.com +- bnc#732782 - L3: xm create hangs when maxmen value is enclosed + in "quotes" + xm-create-maxmem.patch +* Wed Dec 7 2011 carnold@novell.com +- Upstream patches / changes from Jan + Added 24358-kexec-compat-overflow.patch + Removed 24341-x86-64-mmcfg_remove___initdata_annotation_overlooked_in_23749e8d1c8f074ba.patch + Removed 24345-tools-libxc_Fix_x86_32_build_breakage_in_previous_changeset..patch +* Wed Dec 7 2011 ohering@suse.de +- fate#310510 - fix xenpaging + 24178-debug_Add_domain-vcpu_pause_count_info_to_d_key..patch + Use wait queues for paging, improve foreign mappings. + xenpaging.versioned-interface.patch + xenpaging.mmap-before-nominate.patch + xenpaging.p2m_is_paged.patch + xenpaging.evict_fail_fast_forward.patch + xenpaging.error-handling.patch + xenpaging.mem_event-use-wait_queue.patch + xenpaging.waitqueue-paging.patch + Remove obsolete patch, not needed with wait queue usage + xenpaging.HVMCOPY_gfn_paged_out.patch +* Wed Dec 7 2011 ohering@suse.de +- fate#310510 - fix xenpaging + Fix incorrect backport, remove double memset, use xzalloc + 24171-x86waitqueue_Allocate_whole_page_for_shadow_stack..patch +* Wed Dec 7 2011 ohering@suse.de +- fate#310510 - fix xenpaging + fix typo in nominate, use lock instead of double unlock + 23905-xenpaging_fix_locking_in_p2m_mem_paging_functions.patch +* Wed Dec 7 2011 ohering@suse.de +- fate#310510 - fix xenpaging + 24327-After_preparing_a_page_for_page-in_allow_immediate_fill-in_of_the_page_contents.patch + 24328-Tools_Libxc_wrappers_to_automatically_fill_in_page_oud_page_contents_on_prepare.patch + 24329-Teach_xenpaging_to_use_the_new_and_non-racy_xc_mem_paging_load_interface.patch +* Tue Dec 6 2011 jfehlig@suse.com +- bnc#734826 - xm rename doesn't work anymore + Updated xend-migration-domname-fix.patch +* Fri Dec 2 2011 ohering@suse.de +- fate#310510 - fix xenpaging + 24269-mem_event_move_mem_event_domain_out_of_struct_domain.patch + 24270-Free_d-mem_event_on_domain_destruction..patch +* Fri Dec 2 2011 ohering@suse.de +- fate#310510 - fix xenpaging + 24318-x86-mm_Fix_checks_during_foreign_mapping_of_paged_pages.patch +* Fri Dec 2 2011 ohering@suse.de +- fate#310510 - fix xenpaging + 23949-constify_vcpu_set_affinitys_second_parameter.patch +* Fri Dec 2 2011 ohering@suse.de +- fate#310510 - fix xenpaging + 24105-xenpaging_compare_domain_pointer_in_p2m_mem_paging_populate.patch + 24106-mem_event_check_capabilities_only_once.patch +* Fri Dec 2 2011 ohering@suse.de +- fate#310510 - fix xenpaging + 24272-xenpaging_Fix_c-s_235070a29c8c3ddf7_update_machine_to_phys_mapping_during_page_deallocation.patch +* Fri Dec 2 2011 ohering@suse.de +- bnc#727081 - xend domains don't work anymore since update from 12.1 beta to 12.1 RC 1 + 24344-tools-x86_64_Fix_cpuid_inline_asm_to_not_clobber_stacks_red_zone.patch + 24345-tools-libxc_Fix_x86_32_build_breakage_in_previous_changeset..patch +* Fri Dec 2 2011 ohering@suse.de +- bnc#733449 - Panic in mcfg_ioremap when booting xen-dbg.gz on Xeon E3-1230 + 24341-x86-64-mmcfg_remove___initdata_annotation_overlooked_in_23749e8d1c8f074ba.patch +* Fri Dec 2 2011 ohering@suse.de +- fate#310510 - fix xenpaging + backport waitqueue changes from xen-unstable + 24104-waitqueue_Double_size_of_x86_shadow_stack..patch + 24171-x86waitqueue_Allocate_whole_page_for_shadow_stack..patch + 24195-waitqueue_Detect_saved-stack_overflow_and_crash_the_guest..patch + 24196-waitqueue_Reorder_prepare_to_wait_so_that_vcpu_is_definitely_on_the.patch + 24197-x86-waitqueue_Because_we_have_per-cpu_stacks_we_must_wake_up_on_teh.patch + 24231-waitqueue_Implement_wake_up_nroneall..patch + 24232-waitqueue_Hold_a_reference_to_a_domain_on_a_waitqueue..patch +* Fri Dec 2 2011 ohering@suse.de +- fate#310510 - fix xenpaging + 24227-xenpaging_restrict_pagefile_permissions.patch +* Fri Dec 2 2011 ohering@suse.de +- fate#310510 - fix xenpaging + merge upstream version of our existing patches: + 24218-libxc_add_bitmap_clear_function.patch + remove old versions: + xenpaging.bitmap_clear.patch +* Fri Dec 2 2011 ohering@suse.de +- fate#310510 - fix xenpaging + merge upstream version of our existing patches: + 24138-xenpaging_munmap_all_pages_after_page-in.patch + 24208-xenpaging_remove_filename_from_comment.patch + 24209-xenpaging_remove_obsolete_comment_in_resume_path.patch + 24210-xenpaging_use_PERROR_to_print_errno.patch + 24211-xenpaging_simplify_file_op.patch + 24212-xenpaging_print_gfn_in_failure_case.patch + 24213-xenpaging_update_xenpaging_init.patch + 24214-xenpaging_remove_xc_dominfo_t_from_paging_t.patch + 24215-xenpaging_track_the_number_of_paged-out_pages.patch + 24216-xenpaging_move_page_add-resume_loops_into_its_own_function..patch + 24217-xenpaging_improve_mainloop_exit_handling.patch + 24219-xenpaging_retry_unpageable_gfns.patch + 24220-xenpaging_install_into_LIBEXEC_dir.patch + 24221-xenpaging_add_XEN_PAGING_DIR_-_libxl_xenpaging_dir_path.patch + 24222-xenpaging_use_guests_tot_pages_as_working_target.patch + 24223-xenpaging_watch_the_guests_memory-target-tot_pages_xenstore_value.patch + 24224-xenpaging_add_cmdline_interface_for_pager.patch + 24225-xenpaging_improve_policy_mru_list_handling.patch + 24226-xenpaging_add_debug_to_show_received_watch_event..patch + remove old versions: + xenpaging.XEN_PAGING_DIR.patch + xenpaging.add_evict_pages.patch + xenpaging.cmdline-interface.patch + xenpaging.encapsulate_domain_info.patch + xenpaging.file_op-return-code.patch + xenpaging.install-to-libexec.patch + xenpaging.low_target_policy_nomru.patch + xenpaging.main-loop-exit-handling.patch + xenpaging.misleading-comment.patch + xenpaging.page_in-munmap-size.patch + xenpaging.print-gfn.patch + xenpaging.record-numer-paged-out-pages.patch + xenpaging.reset-uncomsumed.patch + xenpaging.stale-comments.patch + xenpaging.target-tot_pages.patch + xenpaging.use-PERROR.patch + xenpaging.watch-target-tot_pages.patch + xenpaging.watch_event-DPRINTF.patch + xenpaging.xc_interface_open-comment.patch +* Wed Nov 30 2011 jfehlig@suse.com +- bnc#733348 - Use 'xm' in various scripts if xend is running. + Modified xmclone.sh and xen-updown.sh +- Only emit xl warning when xend is running and -f (force) flag + is not specified. + Modified disable-xl-when-using-xend.patch +* Wed Nov 30 2011 carnold@novell.com +- Upstream patches from Jan + 24190-hap-log-dirty-disable-rc.patch + 24193-hap-track-dirty-vram-rc.patch + 24201-x86-pcpu-platform-op.patch +* Tue Nov 22 2011 carnold@novell.com +- Upstream patches from Jan + 23900-xzalloc.patch + 24144-cpufreq-turbo-crash.patch + 24148-shadow-pgt-dying-op-performance.patch + 24155-x86-ioapic-EOI-after-migration.patch + 24156-x86-ioapic-shared-vectors.patch + 24157-x86-xstate-init.patch + 24168-x86-vioapic-clear-remote_irr.patch +* Tue Nov 22 2011 cyliu@suse.com +- submit fixes for bnc#649209 and bnc#711892 + xl-create-pv-with-qcow2-img.patch + update suspend_evtchn_lock.patch +* Sun Nov 20 2011 ohering@suse.de +- Update trace.c, merge patches from upstream + 23050-xentrace_dynamic_tracebuffer_allocation.patch + 23091-xentrace_fix_t_info_pages_calculation..patch + 23092-xentrace_print_calculated_numbers_in_calculate_tbuf_size.patch + 23093-xentrace_remove_gdprintk_usage_since_they_are_not_in_guest_context.patch + 23094-xentrace_update_comments.patch + 23095-xentrace_use_consistent_printk_prefix.patch + 23128-xentrace_correct_formula_to_calculate_t_info_pages.patch + 23129-xentrace_remove_unneeded_debug_printk.patch + 23173-xentrace_Move_register_cpu_notifier_call_into_boot-time_init..patch + 23239-xentrace_correct_overflow_check_for_number_of_per-cpu_trace_pages.patch + 23308-xentrace_Move_the_global_variable_t_info_first_offset_into_calculate_tbuf_size.patch + 23309-xentrace_Mark_data_size___read_mostly_because_its_only_written_once.patch + 23310-xentrace_Remove_unneeded_cast_when_assigning_pointer_value_to_dst.patch + 23404-xentrace_reduce_trace_buffer_size_to_something_mfn_offset_can_reach.patch + 23405-xentrace_fix_type_of_offset_to_avoid_ouf-of-bounds_access.patch + 23406-xentrace_update___insert_record_to_copy_the_trace_record_to_individual_mfns.patch + 23407-xentrace_allocate_non-contiguous_per-cpu_trace_buffers.patch + 23643-xentrace_Allow_tracing_to_be_enabled_at_boot.patch + 23719-xentrace_update___trace_var_comment.patch + Remove old patches: + xen-unstable.xentrace.dynamic_tbuf.patch + xen-unstable.xentrace.empty_t_info_pages.patch + xen-unstable.xentrace.verbose.patch + xen-unstable.xentrace.no_gdprintk.patch + xen-unstable.xentrace.comments.patch + xen-unstable.xentrace.printk_prefix.patch + xen-unstable.xentrace.remove_debug_printk.patch + xen-unstable.xentrace.t_info_pages-formula.patch + xen-unstable.xentrace.register_cpu_notifier-boot_time.patch + xen-unstable.xentrace.t_info_page-overflow.patch + xen-unstable.xentrace.t_info_first_offset.patch + xen-unstable.xentrace.data_size__read_mostly.patch + xen-unstable.xentrace.__insert_record-dst-type.patch +* Mon Nov 14 2011 carnold@novell.com +- Upstream patches from Jan + 24116-x86-continuation-cancel.patch + 24123-x86-cpuidle-quiesce.patch + 24124-x86-microcode-amd-quiesce.patch + 24137-revert-23666.patch + 24xxx-shadow-pgt-dying-op-performance.patch +* Thu Nov 10 2011 carnold@novell.com +- bnc#722738 - xm cpupool-create errors out + xen-cpupool-xl-config-format.patch +* Fri Nov 4 2011 carnold@novell.com +- Fix broken build when building docs + 23819-make-docs.patch +* Fri Nov 4 2011 jfehlig@suse.com +- bnc#720054 - Prevent vif-bridge from adding user-created tap + interfaces to a bridge + 2XXXX-vif-bridge.patch +* Fri Nov 4 2011 carnold@novell.com +- bnc#713503 - DOM0 filesystem commit + 23752-x86-shared-IRQ-vector-maps.patch + 23754-AMD-perdev-vector-map.patch +* Thu Nov 3 2011 ohering@suse.de +- fate#310510 - fix xenpaging + This change reverses the task of xenpaging. Before this change a + fixed number of pages was paged out. With this change the guest + will not have access to more than the given number of pages at + the same time. + The xenpaging= config option is replaced by actmem= + A new xm mem-swap-target is added. + The xenpaging binary is moved to /usr/lib/xen/bin/ + xenpaging.HVMCOPY_gfn_paged_out.patch + xenpaging.XEN_PAGING_DIR.patch + xenpaging.add_evict_pages.patch + xenpaging.bitmap_clear.patch + xenpaging.cmdline-interface.patch + xenpaging.encapsulate_domain_info.patch + xenpaging.file_op-return-code.patch + xenpaging.guest-memusage.patch + xenpaging.install-to-libexec.patch + xenpaging.low_target_policy_nomru.patch + xenpaging.main-loop-exit-handling.patch + xenpaging.misleading-comment.patch + xenpaging.page_in-munmap-size.patch + xenpaging.print-gfn.patch + xenpaging.record-numer-paged-out-pages.patch + xenpaging.reset-uncomsumed.patch + xenpaging.stale-comments.patch + xenpaging.target-tot_pages.patch + xenpaging.use-PERROR.patch + xenpaging.watch-target-tot_pages.patch + xenpaging.watch_event-DPRINTF.patch + xenpaging.xc_interface_open-comment.patch +* Thu Nov 3 2011 ohering@suse.de +- xen.spec: update filelist + package /usr/lib*/xen with wildcard to pickup new files + remove duplicate /usr/sbin/xen-list from filelist +* Wed Oct 26 2011 carnold@novell.com +- bnc#725169 - xen-4.0.2_21511_03-0.5.3: bootup hangs + 23993-x86-microcode-amd-fix-23871.patch +* Wed Oct 26 2011 carnold@novell.com +- Update to Xen 4.1.2 FCS c/s 23174 +* Mon Oct 24 2011 jfehlig@suse.com +- bnc#720054 - Fix syntax error introduced during recent adjustment + of Xen's tap udev rule. + Updated udev-rules.patch +* Thu Oct 20 2011 ohering@suse.de +- fate#310510 - fix xenpaging + Merge paging related fixes from xen-unstable: + 23506-x86_Disable_set_gpfn_from_mfn_until_m2p_table_is_allocated..patch + 23507-xenpaging_update_machine_to_phys_mapping_during_page_deallocation.patch + 23509-x86_32_Fix_build_Define_machine_to_phys_mapping_valid.patch + 23562-xenpaging_remove_unused_spinlock_in_pager.patch + 23576-x86_show_page_walk_also_for_early_page_faults.patch + 23577-tools_merge_several_bitop_functions_into_xc_bitops.h.patch + 23578-xenpaging_add_xs_handle_to_struct_xenpaging.patch + 23579-xenpaging_drop_xc.c_remove_ASSERT.patch + 23580-xenpaging_drop_xc.c_remove_xc_platform_info_t.patch + 23581-xenpaging_drop_xc.c_remove_xc_wait_for_event.patch + 23582-xenpaging_drop_xc.c_move_xc_mem_paging_flush_ioemu_cache.patch + 23583-xenpaging_drop_xc.c_move_xc_wait_for_event_or_timeout.patch + 23584-xenpaging_drop_xc.c_remove_xc_files.patch + 23585-xenpaging_correct_dropping_of_pages_to_avoid_full_ring_buffer.patch + 23586-xenpaging_do_not_bounce_p2mt_back_to_the_hypervisor.patch + 23587-xenpaging_remove_srand_call.patch + 23588-xenpaging_remove_return_values_from_functions_that_can_not_fail.patch + 23589-xenpaging_catch_xc_mem_paging_resume_errors.patch + 23590-xenpaging_remove_local_domain_id_variable.patch + 23591-xenpaging_move_num_pages_into_xenpaging_struct.patch + 23592-xenpaging_start_paging_in_the_middle_of_gfn_range.patch + 23593-xenpaging_pass_integer_to_xenpaging_populate_page.patch + 23594-xenpaging_add_helper_function_for_unlinking_pagefile.patch + 23595-xenpaging_add_watch_thread_to_catch_guest_shutdown.patch + 23596-xenpaging_implement_stopping_of_pager_by_sending_SIGTERM-SIGINT.patch + 23597-xenpaging_remove_private_mem_event.h.patch + 23599-tools_fix_build_after_recent_xenpaging_changes.patch + 23817-mem_event_add_ref_counting_for_free_requestslots.patch + 23818-mem_event_use_mem_event_mark_and_pause_in_mem_event_check_ring.patch + 23827-xenpaging_use_batch_of_pages_during_final_page-in.patch + 23841-mem_event_pass_mem_event_domain_pointer_to_mem_event_functions.patch + 23842-mem_event_use_different_ringbuffers_for_share_paging_and_access.patch + 23874-xenpaging_track_number_of_paged_pages_in_struct_domain.patch + 23904-xenpaging_use_p2m-get_entry_in_p2m_mem_paging_functions.patch + 23905-xenpaging_fix_locking_in_p2m_mem_paging_functions.patch + 23906-xenpaging_remove_confusing_comment_from_p2m_mem_paging_populate.patch + 23908-p2m_query-modify_p2mt_with_p2m_lock_held.patch + 23943-xenpaging_clear_page_content_after_evict.patch + 23953-xenpaging_handle_evict_failures.patch + 23978-xenpaging_check_p2mt_in_p2m_mem_paging_functions.patch + 23979-xenpaging_document_p2m_mem_paging_functions.patch + 23980-xenpaging_disallow_paging_in_a_PoD_guest.patch + Remove obsolete patches: + x86-show-page-walk-early.patch + xenpaging.23817-mem_event_check_ring.patch + xenpaging.catch-xc_mem_paging_resume-error.patch + xenpaging.guest_remove_page.slow_path.patch + xenpaging.mem_event-no-p2mt.patch + xenpaging.no-srand.patch + xenpaging.return-void.patch + xenpaging.xenpaging_populate_page-gfn.patch +* Thu Oct 20 2011 ohering@suse.de +- xen.spec: use changeset number as patch number for upstream patches +* Wed Oct 19 2011 adrian@suse.de +- do not use runlevel 4 in init scripts, it makes it impossible + to "insserv xend" on 12.1 +* Mon Oct 17 2011 carnold@novell.com +- Upstream patches from Jan + 23955-x86-pv-cpuid-xsave.patch + 23957-cpufreq-error-paths.patch +* Tue Oct 11 2011 carnold@novell.com +- Upstream patches from Jan + 23933-pt-bus2bridge-update.patch + 23726-x86-intel-flexmigration-v2.patch + 23925-x86-AMD-ARAT-Fam12.patch + 23246-x86-xsave-enable.patch + 23897-x86-mce-offline-again.patch +* Mon Oct 10 2011 carnold@novell.com +- Update to Xen 4.1.2_rc3 c/s 23171 +* Thu Oct 6 2011 jfehlig@suse.com +- bnc#720054 - Changed /etc/udev/rules.d/40-xen.rules to not run + Xen's vif-bridge script when not running Xen. This is not a + solution to the bug but an improvement in the rules regardless. + Updated udev-rules.patch +* Tue Oct 4 2011 carnold@novell.com +- Upstream patches from Jan + 23868-vtd-RMRR-validation.patch + 23871-x86-microcode-amd-silent.patch + 23898-cc-option-grep.patch +* Fri Sep 30 2011 jfehlig@suse.com +- Add pciback init script and sysconf file, giving users a simple + mechanism to configure pciback. + init.pciback sysconfig.pciback +* Fri Sep 23 2011 ohering@suse.de +- update scripts to use xl -f, or xm if xend is running: + xen-updown.sh, init.xendomains, xmclone.sh +* Fri Sep 23 2011 ohering@suse.de +- bnc#694863 - kexec fails in xen + xenstored: allow guest to shutdown all its watches/transactions + xenstored.XS_RESET_WATCHES.patch +* Thu Sep 22 2011 carnold@novell.com +- Upstream patches from Jan + 23843-scheduler-switch.patch + 23846-x86-TSC-check.patch + 23848-vmx-conditional-off.patch + 23853-x86-pv-cpuid-xsave.patch +* Fri Sep 16 2011 ohering@suse.de +- fate#310510 - fix xenpaging + mem_event: add ref counting for free requestslots + xenpaging.23817-mem_event_check_ring.patch +* Wed Sep 14 2011 carnold@novell.com +- bnc#717650 - Unable to start VM +- Update to Xen 4.1.2_rc2 c/s 23152 +* Fri Sep 9 2011 jfehlig@suse.com +- bnc#716695 - domUs using tap devices will not start + updated multi-xvdp.patch +* Tue Sep 6 2011 carnold@novell.com +- Upstream patches from Jan + 23803-intel-pmu-models.patch + 23800-x86_64-guest-addr-range.patch + 23795-intel-ich10-quirk.patch + 23804-x86-IPI-counts.patch +* Wed Aug 31 2011 jfehlig@suse.com +- bnc#706106 - Inconsistent reporting of VM names during migration + xend-migration-domname-fix.patch +* Tue Aug 30 2011 carnold@novell.com +- bnc#712823 - L3:Xen guest does not start reliable when rebooted + xend-vcpu-affinity-fix.patch +* Tue Aug 23 2011 carnold@novell.com +- Upstream patches from Jan + 23725-pci-add-device.patch + 23762-iommu-fault-bm-off.patch + 23763-pci-multi-seg-x2apic-vtd-no-crash.patch + 23765-x86-irq-vector-leak.patch + 23766-x86-msi-vf-bars.patch + 23771-x86-ioapic-clear-pin.patch + 23772-x86-trampoline.patch + 23774-x86_64-EFI-EDD.patch + 23776-x86-kexec-hpet-legacy-bcast-disable.patch + 23781-pm-wide-ACPI-ids.patch + 23782-x86-ioapic-clear-irr.patch + 23783-ACPI-set-_PDC-bits.patch +* Mon Aug 15 2011 ohering@suse.de +- Include gcc46 only when its available (>11.4 && >sles11sp1) +* Fri Aug 12 2011 carnold@novell.com +- bnc#711943 - [xl] Fail to create multi-guests with NIC assigned + 23685-libxl-segfault-fix.patch +* Thu Aug 11 2011 jfehlig@suse.com +- libxenlight and legacy xend toolstack should not be used + together. If xend is running, print a warning and exit + xl. Add a '-f' (force) option to xl to override this + behavior. + disable-xl-when-using-xend.patch + bnc#707664 +* Wed Aug 10 2011 carnold@novell.com +- Upstream patches from Jan + 23732-sedf.patch + 23735-guest-dom0-cap.patch + 23746-vtd-cleanup-timers.patch + 23747-mmcfg-base-address.patch + 23749-mmcfg-reservation.patch +* Tue Aug 9 2011 cyliu@novell.com +- bnc#704160 - crm resource migrate fails with xen machines + update snapshot-xend.patch +- bnc#706574 - xm console DomUName hang after "xm save/restore" of + PVM on the latest Xen + xend-console-port-restore.patch +* Tue Aug 9 2011 ohering@suse.de +- update xencommons script to run only when needed + xencommons-proc-xen.patch +* Fri Jul 22 2011 carnold@novell.com +- Upstream patches from Jan + 23726-x86-intel-flexmigration.patch + 23706-fix-20892.patch + 23723-x86-CMOS-lock.patch + 23676-x86_64-image-map-bounds.patch + 23724-x86-smpboot-x2apic.patch +* Mon Jul 11 2011 ohering@suse.de +- hotplug.losetup.patch + correct dev:inode detection, stat returns major:minor without + leading zeros, while losetup -a includes trailing zeros +* Fri Jul 8 2011 cyliu@novell.com +- fate#310635: xen npiv multipath support + update block-npiv* scripts for testing +* Thu Jul 7 2011 carnold@novell.com +- Fixes for EFI support + x86-EFI-discard-comment.patch +* Wed Jun 29 2011 carnold@novell.com +- fate#309894: Xen needs to correctly understand family 15h CPU + topology +- fate#311376: EFI support in SP2 +- fate#311529: Native UEFI booting under Xen (installation) + 23074-pfn.h.patch + 23571-vtd-fault-verbosity.patch + 23574-x86-dom0-compressed-ELF.patch + 23575-x86-DMI.patch + 23610-x86-topology-info.patch + 23611-amd-fam15-topology.patch + 23613-EFI-headers.patch + 23614-x86_64-EFI-boot.patch + 23615-x86_64-EFI-runtime.patch + 23616-x86_64-EFI-MPS.patch +* Wed Jun 29 2011 jbeulich@novell.com +- Mark xen-scsi.ko supported (bnc#582265, fate#309459). +* Tue Jun 28 2011 carnold@novell.com +- fate#310308: Hypervisor assisted watchdog driver + ioemu-watchdog-support.patch + ioemu-watchdog-linkage.patch + ioemu-watchdog-ib700-timer.patch + tools-watchdog-support.patch +* Mon Jun 27 2011 carnold@novell.com +- bnc#702025 - VUL-0: xen: VT-d (PCI passthrough) MSI trap + injection (CVE-2011-1898) + Fixed in Xen version 4.1.1 +* Wed Jun 22 2011 cyliu@novell.com +- fate#310956: Support Direct Kernel Boot for FV guests + kernel-boot-hvm.patch +* Wed Jun 22 2011 cyliu@novell.com +- fate#310316: Support change vnc password while vm is running + change-vnc-passwd.patch +- fate#310325: Support get domU console log from Dom0 + log-guest-console.patch +* Wed Jun 22 2011 ohering@suse.de +- fate#311487: remove modprobe.conf files for autoloading of Xen + and Hyper-V drivers + xen.sles11sp1.fate311487.xen_platform_pci.dmistring.patch + add dmi modalias to xen-platform-pci.ko +* Tue Jun 21 2011 carnold@novell.com +- fate#308532: [NONCODE] Remove XEN 32-bit Hypervisor + Modify ExclusiveArch in xen.spec to build only x86_64 +* Tue Jun 21 2011 carnold@novell.com +- fate#309900 - Add Xen support for SVM Decode Assist in AMD family + 15h +- fate#309902 - Add Xen support for AMD family 12h processors +- fate#309903 - Add Xen support for AMD family 14h processors +- fate#309906 - Add Xen support for performance event counters in + AMD family 15h +* Fri Jun 17 2011 carnold@novell.com +- fate#309893: Add Xen support for AMD family 15h processors +- fate#309901: Add Xen support for SVM TSC scaling in AMD family + 15h +- fate#311951: Ivy Bridge: XEN support for Supervisor Mode + Execution Protection (SMEP) + 23437-amd-fam15-TSC-scaling.patch + 23462-libxc-cpu-feature.patch + 23481-x86-SMEP.patch + 23504-x86-SMEP-hvm.patch + 23505-x86-cpu-add-arg-check.patch + 23508-vmx-proc-based-ctls-probe.patch + 23510-hvm-cpuid-DRNG.patch + 23511-amd-fam15-no-flush-for-C3.patch + 23516-cpuid-ERMS.patch + 23538-hvm-pio-emul-no-host-crash.patch + 23539-hvm-cpuid-FSGSBASE.patch + 23543-x86_64-maddr_to_virt-assertion.patch + 23546-fucomip.patch +* Wed Jun 15 2011 jfehlig@novell.com +- Fix libxc reentrancy issues + 23383-libxc-rm-static-vars.patch +* Wed Jun 15 2011 carnold@novell.com +- fate#310957 - Update to Xen 4.1.1 FCS c/s 23079 +* Tue Jun 14 2011 lidongyang@novell.com +- fate#311000 - Extend Xen domain lock framework to support + more alternative + xend-domain-lock-sfex.patch +* Mon Jun 13 2011 lidongyang@novell.com +- fate#311371 - Enhance yast to configure live migration for + Xen and KVM + add firewall service file for xen-tools +* Fri Jun 10 2011 jfehlig@novell.com +- Add man page for xen-list utility + updated xen-utils-0.1.tar.bz2 +* Thu May 26 2011 carnold@novell.com +- Upstream patches from Jan + 23233-hvm-cr-access.patch + 23234-svm-decode-assist-base.patch + 23235-svm-decode-assist-crs.patch + 23236-svm-decode-assist-invlpg.patch + 23238-svm-decode-assist-insn-fetch.patch + 23303-cpufreq-misc.patch + 23304-amd-oprofile-strings.patch + 23305-amd-fam15-xenoprof.patch + 23306-amd-fam15-vpmu.patch + 23334-amd-fam12+14-vpmu.patch + 23338-vtd-force-intremap.patch +* Thu May 26 2011 carnold@novell.com +- fate#310957 - Update to Xen 4.1.1-rc1 c/s 23064 +* Tue May 24 2011 ohering@suse.de +- xentrace: dynamic tracebuffer allocation + xen-unstable.xentrace.dynamic_tbuf.patch + xen-unstable.xentrace.empty_t_info_pages.patch + xen-unstable.xentrace.verbose.patch + xen-unstable.xentrace.no_gdprintk.patch + xen-unstable.xentrace.comments.patch + xen-unstable.xentrace.printk_prefix.patch + xen-unstable.xentrace.remove_debug_printk.patch + xen-unstable.xentrace.t_info_pages-formula.patch + xen-unstable.xentrace.register_cpu_notifier-boot_time.patch + xen-unstable.xentrace.t_info_page-overflow.patch + xen-unstable.xentrace.t_info_first_offset.patch + xen-unstable.xentrace.data_size__read_mostly.patch + xen-unstable.xentrace.__insert_record-dst-type.patch +* Tue May 24 2011 ohering@suse.de +- fate#310510 - fix xenpaging + update xenpaging patches for xen 4.1 + xenpaging.guest_remove_page.slow_path.patch + xenpaging.mem_event-no-p2mt.patch + xenpaging.no-srand.patch + xenpaging.return-void.patch + xenpaging.catch-xc_mem_paging_resume-error.patch + xenpaging.xenpaging_populate_page-gfn.patch + xenpaging.autostart.patch +* Fri May 20 2011 carnold@novell.com +- bnc#670465 - When connecting to Xen guest through vncviewer mouse + tracking is off. +- Upstream patch 23298-hvmop-get-mem-type.patch replaces + xen.sles11sp1.bug684297.HVMOP_get_mem_type.patch +- Upstream patches from Jan + 23333-hvm-32bit-compat-hypercalls.patch + 23337-vtd-malicious-msi-filter.patch + 23338-vtd-force-intremap.patch (CVE-2011-1898) + 23341-x86-ioapic-write-entry.patch + 23343-vtd-error-path-leaks.patch +* Thu May 19 2011 ohering@suse.de +- bnc#684305 - on_crash is being ignored with kdump now working in HVM + xend-config-enable-dump-comment.patch +* Thu May 19 2011 ohering@suse.de +- disable xend's logrotation for xend.log, use included logrotate.conf +* Wed May 18 2011 ohering@suse.de +- bnc#684297 - HVM taking too long to dump vmcore + xen.sles11sp1.bug684297.HVMOP_get_mem_type.patch + new hvm_op hyper call option + xen.sles11sp1.bug684297.xen_oldmem_pfn_is_ram.patch + Use new Xen HVMOP_get_mem_type hvmop hypercall option and new Linux + kernel register_oldmem_pfn_is_ram interface. + (depends on two kernel-source changes) +* Tue May 17 2011 carnold@novell.com +- Update to Xen 4.1.1-rc1-pre c/s 23051 +* Thu May 12 2011 carnold@novell.com +- Numerous cleanups when compiling with the unused-but-set-variable + flag enabled and warnings equal to errors. + xen-warnings-unused.diff +* Thu May 12 2011 jfehlig@novell.com +- Add a 'long' option to xen-list utility + Updated xen-utils-0.1.tar.bz2 +* Tue May 10 2011 jfehlig@novell.com +- bnc#691256 - move modprobe of xen backend modules from xend to + xencommons initscript + tmp-initscript-modprobe.patch +* Mon May 9 2011 jfehlig@novell.com +- bnc#691738 - Xen does not find device create with npiv block + xen-qemu-iscsi-fix.patch +* Tue May 3 2011 carnold@novell.com +- Upstream patches from Jan + 22998-x86-get_page_from_l1e-retcode.patch + 22999-x86-mod_l1_entry-retcode.patch + 23000-x86-mod_l2_entry-retcode.patch + 23096-x86-hpet-no-cpumask_lock.patch + 23099-x86-rwlock-scalability.patch + 23103-x86-pirq-guest-eoi-check.patch + 23127-vtd-bios-settings.patch + 23153-x86-amd-clear-DramModEn.patch + 23154-x86-amd-iorr-no-rdwr.patch + 23199-amd-iommu-unmapped-intr-fault.patch + 23200-amd-iommu-intremap-sync.patch + 23228-x86-conditional-write_tsc.patch +* Tue May 3 2011 carnold@novell.com +- bnc#691238 - L3: question on behaviour change xm list + snapshot-xend.patch +* Mon May 2 2011 ohering@suse.de +- update xenalyze to revision 98 + * Unify setting of vcpu data type + * Unify record size checks + * Fix cr3_switch not to access hvm struct before it's initialized +- add xenalyze.gcc46.patch to fix unused-but-set-variable errors +* Thu Apr 28 2011 jfehlig@novell.com +- bnc#688473 - VUL-0: potential buffer overflow in tools + cve-2011-1583-4.0.patch +* Thu Apr 28 2011 ohering@suse.de +- hotplug.losetup.patch + correct dev:inode detection and use variable expansion +* Tue Apr 26 2011 carnold@novell.com +- bnc#623680 - xen kernel freezes during boot when processor module + is loaded + 23228-x86-conditional-write_tsc.patch +- bnc#680824 - dom0 can't recognize boot disk when IOMMU is enabled + 23200-amd-iommu-intremap-sync.patch +- Upstream patches from Jan + 23127-vtd-bios-settings.patch + 23153-x86-amd-clear-DramModEn.patch + 23154-x86-amd-iorr-no-rdwr.patch + 23199-amd-iommu-unmapped-intr-fault.patch +* Thu Apr 21 2011 ohering@suse.de +- bnc#685189: update vif-route-ifup.patch to use correct variable + after upstream commit 22910:d4bc41a8cecb +* Wed Apr 20 2011 ohering@suse.de +- bnc#688519: correct indention in xend-domain-lock.patch +* Tue Apr 19 2011 jfehlig@novell.com +- bnc#687981 - L3: mistyping model type when defining VIF crashes + VM + xend-validate-nic-model.patch +* Mon Apr 11 2011 jfehlig@suse.de +- bnc#685338: Fix porting of xend-domain-lock.patch +* Mon Apr 11 2011 ohering@suse.de +- update scripts to use xl instead of xm: + xen-updown.sh, init.xendomains, xmclone.sh +* Mon Apr 11 2011 ohering@suse.de +- disable xend in openSuSE > 11.4 + the xl command is the replacement for the xm command +* Thu Apr 7 2011 ohering@suse.de +- mark runlevel scripts as config to preserve local changes by + admin or dev during package update +* Thu Apr 7 2011 ohering@suse.de +- enable xencommons runlevel script during upgrade if xend was + already enabled +* Thu Apr 7 2011 ohering@suse.de +- call /sbin/ldconfig directly in xen-libs post install scripts +* Tue Apr 5 2011 carnold@novell.com +- Upstream patches from Jan + 23103-x86-pirq-guest-eoi-check.patch + 23030-x86-hpet-init.patch + 23061-amd-iommu-resume.patch + 23127-vtd-bios-settings.patch +* Thu Mar 31 2011 coolo@novell.com +- add baselibs.conf as libvirt uses 32bit libraries +* Tue Mar 29 2011 carnold@novell.com +- Remus support is enabled for now. +* Mon Mar 28 2011 carnold@novell.com +- Enable support for kernel decompression for gzip, bzip2, and LZMA + so that kernels compressed with any of these methods can be + launched +* Fri Mar 25 2011 carnold@novell.com +- Update to Xen 4.1 FCS +* Thu Mar 24 2011 ohering@suse.de +- fix xentrace.dynamic_sized_tbuf.patch + the default case did not work, correct size calculation +* Tue Mar 22 2011 carnold@novell.com +- Update to c/s 23010 Xen 4.1 rc8 +* Tue Mar 22 2011 ohering@suse.de +- use _smp_mflags instead of jobs, jobs is not expanded everywhere +* Mon Mar 21 2011 carnold@novell.com +- bnc#681302 - xm create -x <guest> returns "ImportError: No module + named ext" + xm-create-xflag.patch +* Thu Mar 17 2011 carnold@novell.com +- bnc#675817 - Kernel panic when creating HVM guests on AMD + platforms with XSAVE + 22462-x86-xsave-init-common.patch +* Tue Mar 15 2011 carnold@novell.com +- bnc#679344 - Xen: multi-vCPU pv guest may crash host + 23034-x86-arch_set_info_guest-DoS.patch +- bnc#678871 - dom0 hangs long time when starting hvm guests with + memory >= 64GB + 22780-pod-preempt.patch +- bnc#675363 - Random lockups with kernel-xen. Possibly graphics + related + 22997-x86-map_pages_to_xen-check.patch +- Upstream patches from Jan + 22949-x86-nmi-pci-serr.patch + 22992-x86-fiop-m32i.patch + 22996-x86-alloc_xen_pagetable-no-BUG.patch + 23020-x86-cpuidle-ordering.patch + 23039-csched-constrain-cpu.patch +* Mon Mar 14 2011 jfehlig@novell.com +- Fix xen-utils to cope with xen-unstable c/s 21483 +* Mon Mar 14 2011 carnold@novell.com +- bnc#678229 - restore of sles HVM fails + 22873-svm-sr-32bit-sysenter-msrs.patch +* Fri Mar 11 2011 ohering@suse.de +- xz-devel is available since 11.2, make it optional for SLES11SP1 +* Mon Feb 28 2011 cyliu@novell.com +- Fix /vm/uuid xenstore leak on tapdisk2 device cleanup + 22499-xen-hotplug-cleanup.patch +* Fri Feb 25 2011 carnold@novell.com +- Upstream patches from Jan + 22872-amd-iommu-pci-reattach.patch + 22879-hvm-no-self-set-mem-type.patch + 22899-x86-tighten-msr-permissions.patch + 22915-x86-hpet-msi-s3.patch + 22947-amd-k8-mce-init-all-msrs.patch +* Thu Feb 17 2011 jfehlig@novell.com +- bnc#672833 - xen-tools bug causing problems with Ubuntu 10.10 + under Xen 4. + 22238-pygrub-grub2-fix.patch +* Thu Feb 17 2011 lidongyang@novell.com +- bnc#665610 - xm console > 1 to same VM messes up both consoles + Upstream rejected due to portability concern, see + http://lists.xensource.com/archives/html/xen-devel/2011-02/msg00942.html + xenconsole-no-multiple-connections.patch +* Fri Feb 11 2011 carnold@novell.com +- Enable support for kernel decompression for gzip, bzip2, and LZMA + so that kernels compressed with any of these methods can be + launched. +* Thu Feb 10 2011 lidongyang@novell.com +- bnc#651822 - xm snapshot-xxx scripts lead to an XP SP3 HVM domU + to chkdsk + Make sure we only apply the snapshot once, and the changes made + after snapshot-apply hit the disk. +* Wed Feb 9 2011 carnold@novell.com +- Update to Xen 4.1.0 c/s 22861 +* Tue Feb 8 2011 jfehlig@novell.com +- bnc#658569 - SLES 11 SP1 dom0 iptables gives lots of physdev + messages + 22385-vif-common.patch +* Mon Feb 7 2011 ohering@suse.de +- update xenalyze, more 64bit fixes +* Mon Feb 7 2011 ohering@suse.de +- allocate xentrace buffer metadata based on requested tbuf_size + xentrace.dynamic_sized_tbuf.patch +* Mon Feb 7 2011 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.runtime_mru_size.patch + - specify policy mru size at runtime + xenpaging.no_domain_id.patch + - reduce memory usage in pager +* Mon Feb 7 2011 ohering@suse.de +- bnc#625394 - set vif mtu from bridge mtu if kernel supports it + vif-bridge.mtu.patch +* Sun Feb 6 2011 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.autostart_delay.patch + - decouple create/destroycreateXenPaging from _create/_removeDevices + - change xenpaging variable from int to str + - init xenpaging variable to 0 if xenpaging is not in config file + to avoid string None coming from sxp file +* Tue Feb 1 2011 carnold@novell.com +- Update to Xen 4.0.2 rc2-pre, changeset 21443 +* Mon Jan 31 2011 carnold@novell.com +- bnc#633573 - System fail to boot after running several warm + reboot tests + 22749-vtd-workarounds.patch +- Upstream patches from Jan + 22744-ept-pod-locking.patch + 22777-vtd-ats-fixes.patch + 22781-pod-hap-logdirty.patch + 22782-x86-emul-smsw.patch + 22789-i386-no-x2apic.patch + 22790-svm-resume-migrate-pirqs.patch + 22816-x86-pirq-drop-priv-check.patch +* Thu Jan 27 2011 carnold@novell.com +- Don't pass the deprecataed extid parameter to xc.hvm_build +* Fri Jan 14 2011 carnold@novell.com +- bnc#658704 - SLES11 SP1 Xen boot panic in x2apic mode + 22707-x2apic-preenabled-check.patch +- bnc#641419 - L3: Xen: qemu-dm reports "xc_map_foreign_batch: mmap failed: + Cannot allocate memory" + 7434-qemu-rlimit-as.patch +- Additional or upstream patches from Jan + 22693-fam10-mmio-conf-base-protect.patch + 22694-x86_64-no-weak.patch + 22708-xenctx-misc.patch + 21432-4.0-cpu-boot-failure.patch + 22645-amd-flush-filter.patch + qemu-fix-7433.patch +* Wed Jan 12 2011 carnold@novell.com +- Maintain compatibility with the extid flag even though it is + deprecated for both legacy and sxp config files. + hv_extid_compatibility.patch +* Wed Jan 12 2011 cyliu@novell.com +- bnc#649209-improve suspend eventchn lock + suspend_evtchn_lock.patch +* Tue Jan 11 2011 carnold@novell.com +- Removed the hyper-v shim patches in favor of using the upstream + version. +* Mon Jan 10 2011 carnold@novell.com +- bnc#641419 - L3: Xen: qemu-dm reports "xc_map_foreign_batch: mmap + failed: Cannot allocate memory" + qemu-rlimit-as.patch +* Mon Jan 10 2011 cyliu@novell.com +- Upstream c/s 7433 to replace qemu_altgr_more.patch + 7433-qemu-altgr.patch +* Fri Jan 7 2011 jfehlig@novell.com +- bnc#661931 - Fix fd leak in xenstore library + 21344-4.0-testing-xenstore-fd-leak.patch +* Tue Jan 4 2011 carnold@novell.com +- bnc#656369 - g5plus: sles11sp1 xen crash with 8 socket x2apic + preenabled + 21989-x2apic-resume.patch + 22475-x2apic-cleanup.patch + 22535-x2apic-preenabled.patch +- bnc#658163 - maintenance release - Nehalem system cannot boot + into xen with maintenance release installed + 22504-iommu-dom0-holes.patch + 22506-x86-iommu-dom0-estimate.patch +- bnc#658704 - SLES11 SP1 Xen boot panic in x2apic mode + 21810-x2apic-acpi.patch +- Upstream patches from Jan + 22470-vlapic-tick-loss.patch + 22484-vlapic-tmcct-periodic.patch + 22526-ept-access-once.patch + 22533-x86-32bit-apicid.patch + 22534-x86-max-local-apic.patch + 22538-keyhandler-relax.patch + 22540-32on64-hypercall-debug.patch + 22549-vtd-map-page-leak.patch + 22574-ept-skip-validation.patch + 22632-vtd-print-entries.patch +* Tue Jan 4 2011 carnold@novell.com +- bnc#661298 - maintenance release candidate - Windows VMs reboot + too fast, triggering failsafe + xen-minimum-restart-time.patch +* Tue Jan 4 2011 cyliu@novell.com +- bnc#659070 - Fail to input '|' in en-us keyboard + qemu_altgr_more.patch +* Tue Dec 28 2010 jfehlig@novell.com +- bnc#659466 - XEN drbd block device type not working on SLES 11 SP1 + 20158-revert.patch +* Mon Dec 27 2010 jfehlig@novell.com +- Revert changes made to snapshot-xend.patch and + snapshot-ioemu-restore.patch made on 2010-11-19. The changes + were intended to fix bnc#651822, but testing revealed additional + changes were needed to completely resolve the bug. bnc#651822 + will be fixed in a subsequent maintenance release. +* Mon Dec 27 2010 lidongyang@novell.com +- bnc#654543 - PV guest won't unplug the IDE disk created by + qemu-dm + a dirty hack, only add the device to drives_table[] if we are FV + domU, that will be unplugged anyway if a PV driver is loaded + later. + ioemu-disable-emulated-ide-if-pv.patch +* Wed Dec 22 2010 cyliu@novell.com +- Upstream patch to replace xenfb_32bpp.patch + 7426-xenfb-depth.patch +* Tue Dec 21 2010 lidongyang@novell.com +- bnc#651822 make sure we only apply the snapshot once, and the + changes made after snapshot-apply hit the disk. + snapshot-xend.patch + snapshot-without-pv-fix.patch +* Fri Dec 17 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.HVMCOPY_gfn_paged_out.patch + - remove incorrect and unneeded cleanup from do_memory_op + subfunctions + add mainline tag to merged patches +* Thu Dec 16 2010 jfehlig@novell.com +- bnc#613584 - If available, use kpartx '-f' option in domUloader +* Thu Dec 16 2010 jfehlig@novell.com +- bnc#659872 - xend: Do no release domain lock on checkpoint + operation. +* Tue Dec 14 2010 carnold@novell.com +- Upstream patches from Jan + 22431-p2m-remove-bug-check.patch + 22448-x86_64-gdt-ldt-fault-filter.patch + 22466-x86-sis-apic-bug.patch + 22451-hvm-cap-clobber.patch + 22388-x2apic-panic.patch + 22452-x86-irq-migrate-directed-eoi.patch +* Tue Dec 14 2010 carnold@novell.com +- bnc#658163 - maintenance release - Nehalem system cannot boot + into xen with maintenance release installed + iommu-dom0-holes.patch + x86-iommu-dom0-estimate.patch +* Tue Dec 14 2010 carnold@novell.com +- bnc#659085 - physical host is rebooted with unknown reason + Regression: Remove the patch 22071-ept-get-entry-lock.patch +* Mon Dec 13 2010 carnold@novell.com +- Removed 7410-qemu-alt-gr.patch and altgr_2.patch. It causes a + regression (see bnc#659070) +* Tue Dec 7 2010 ohering@suse.de +- make stubdom build optional +* Tue Dec 7 2010 ohering@suse.de +- pass -j N to stubdom build +* Tue Dec 7 2010 ohering@suse.de +- add xenalzye from http://xenbits.xensource.com/ext/xenalyze.hg +* Tue Dec 7 2010 ohering@suse.de +- hotplug-block-losetup-a.patch + allow hardlinked blockdevices +- fate#310510 - fix xenpaging + xenpaging.paging_prep_enomem.patch + - retry page-in if guest is temporary out-of-memory + xenpaging.print-arguments.patch + - print arguments passed to xenpaging + xenpaging.machine_to_phys_mapping.patch + - invalidate array during page deallocation + xenpaging.autostart_delay.patch + - fold xenpaging.enabled.patch into this patch + - set xenpaging_delay to 0.0 to start xenpaging right away +* Fri Dec 3 2010 carnold@novell.com +- bnc#654591 - SLES11 SP0->Sp1 regression? (Xen, HVMs, NPIV) + Fixed xen-qemu-iscsi-fix.patch +* Fri Dec 3 2010 cyliu@novell.com +- blktap2 patch - fix problem that blktap2 device info not cleared + when block-attach fail. + blktap2.patch +* Tue Nov 30 2010 carnold@novell.com +- bnc#655438 - Using performance counter in domU on Nehalem cpus + 22417-vpmu-nehalem.patch +- Upstream patches from Jan + 22389-amd-iommu-decls.patch + 22416-acpi-check-mwait.patch + 22431-p2m-remove-bug-check.patch +* Tue Nov 30 2010 carnold@novell.com +- bnc#656245 - VUL-1: hypervisor: application or kernel in any pv + Xen domain can crash Xen + x86_64-gdt-ldt-fault-filter.patch +* Mon Nov 29 2010 carnold@novell.com +- bnc#654050 - Python: a crasher bug in pyexpat - upstream patch + needs backporting + 22235-lxml-validator.patch +* Tue Nov 23 2010 jfehlig@novell.com +- bnc#628729 - Add a small, fast alternative to 'xm list' for + enumerating active domains. xen-list is a C program that uses + libxenstore and libxenctl directly, bypassing the python + toolstack. + xen-utils-0.1.tar.bz2 +* Mon Nov 22 2010 jfehlig@novell.com +- bnc#628729 - Add a small, fast alternative to 'xm list' for + enumerating active domains. xen-list is a C program that uses + libxenstore and libxenctl directly, bypassing the python + toolstack. + xen-utils-0.1.tar.bz2 +* Fri Nov 19 2010 lidongyang@novell.com +- bnc#651822 - xm snapshot-xxx scripts lead to an XP SP3 HVM domU + to chkdsk + snapshot-xend.patch + snapshot-ioemu-restore.patch +* Wed Nov 17 2010 carnold@novell.com +- bnc#651957 - Xen: vm-install failed to start + xenpaging.enabled.patch +* Wed Nov 17 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.signal_handling.patch + - unlink pagefile in signal handler +* Fri Nov 12 2010 carnold@novell.com +- Upstream patch for python 2.7 compatibility + 22045-python27-compat.patch +* Thu Nov 11 2010 cyliu@novell.com +- bnc#641144 - FV Xen VM running windows or linux cannot write to + virtual floppy drive + bdrv_default_rwflag.patch +* Thu Nov 11 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.optimize_p2m_mem_paging_populate.patch + xenpaging.HVMCOPY_gfn_paged_out.patch +* Thu Nov 11 2010 carnold@novell.com +- bnc#649864 - automatic numa cpu placement of xen conflicts with + cpupools + 22326-cpu-pools-numa-placement.patch +* Wed Nov 10 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.populate_only_if_paged.patch + - revert logic, populate needs to happen unconditionally + xenpaging.p2m_mem_paging_populate_if_p2m_ram_paged.patch + - invalidate current mfn only if gfn is not in flight or done + xenpaging.mem_event_check_ring-free_requests.patch + - print info only if 1 instead of 2 slots are free + xenpaging.guest_remove_page.patch + - check mfn before usage in resume function + xenpaging.machine_to_phys_mapping.patch + - check mfn before usage in resume function +* Tue Nov 9 2010 jfehlig@novell.com +- bnc#552115 - Remove target discovery in block-iscsi + modified block-iscsi script +* Mon Nov 8 2010 jfehlig@novell.com +- bnc#649277 - Fix pci passthru in xend interface used by libvirt + 22369-xend-pci-passthru-fix.patch +* Sun Nov 7 2010 lidongyang@novell.com +- bnc#642078 - xm snapshot-create causes qemu-dm to SEGV + snapshot-without-pv-fix.patch +* Fri Nov 5 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.num_pages_equal_max_pages.patch +* Fri Nov 5 2010 carnold@novell.com +- bnc#647681 - L3: Passthrough of certain PCI device broken after + SLES 11 to SP1 upgrade +- bnc#650871 - Regression in Xen PCI Passthrough + 22348-vtd-check-secbus-devfn.patch +- Upstream patches from Jan + 22223-vtd-workarounds.patch (bnc#652935) + 22231-x86-pv-ucode-msr-intel.patch + 22232-x86-64-lahf-lm-bios-workaround.patch + 22280-kexec.patch + 22337-vtd-scan-single-func.patch +* Wed Nov 3 2010 carnold@novell.com +- bnc#497149 - SLES11 64bit Xen - SLES11 64bit HVM guest has + corrupt text console + stdvga-cache.patch +* Wed Nov 3 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.page_already_populated.patch + xenpaging.notify_policy_only_once.patch + xenpaging.guest_remove_page.patch + xenpaging.machine_to_phys_mapping.patch + remove xenpaging.memory_op.patch, retry loops are not needed +* Tue Nov 2 2010 carnold@novell.com +- bnc#474789 - xen-tools 3.3 rpm misses pv-grub +- PV-GRUB replaces PyGrub to boot domU images safely: it runs the + regular grub inside the created domain itself and uses regular + domU facilities to read the disk / fetch files from network etc.; + it eventually loads the PV kernel and chain-boots it. +* Wed Oct 27 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.doc.patch +- add /var/lib/xen/xenpaging directory +* Wed Oct 27 2010 ksrinivasan@novell.com +- Some cleanup in the APIC handling code in the HyperV shim. + hv_apic.patch +* Wed Oct 27 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.memory_op.patch, correct delay handling in retry loop +* Wed Oct 27 2010 cyliu@novell.com +- bnc#640370 - VM graphic console in VNC is corrupted + xenfb_32bpp.patch +* Fri Oct 22 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.autostart_delay.patch + delay start of xenpaging 7 seconds for smooth BIOS startup +* Wed Oct 20 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.tools_xenpaging_cleanup.patch +* Wed Oct 20 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.mem_event_check_ring-free_requests.patch +* Wed Oct 20 2010 ohering@suse.de +- install /etc/xen/examples/xentrace_formats.txt to get human readable + tracedata if xenalyze is not used +* Sun Oct 17 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.autostart_delay.patch + xenpaging.blacklist.patch + xenpaging.MRU_SIZE.patch + remove xenpaging.hacks.patch, realmode works +* Mon Oct 11 2010 carnold@novell.com +- Upstream patches from Jan including fixes for the following bugs + bnc#583568 - Xen kernel is not booting + bnc#615206 - Xen kernel fails to boot with IO-APIC problem + bnc#640773 - Xen kernel crashing right after grub + bnc#643477 - issues with PCI hotplug/hotunplug to Xen driver domain + 22222-x86-timer-extint.patch + 22214-x86-msr-misc-enable.patch + 22213-x86-xsave-cpuid-check.patch + 22194-tmem-check-pv-mfn.patch + 22177-i386-irq-safe-map_domain_page.patch + 22175-x86-irq-enter-exit.patch + 22174-x86-pmtimer-accuracy.patch + 22160-Intel-C6-EOI.patch + 22159-notify-evtchn-dying.patch + 22157-x86-debug-key-i.patch +* Mon Oct 11 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.signal_handling.patch + xenpaging.autostart.patch + xenpaging.hacks.patch +* Mon Oct 11 2010 ohering@suse.de +- rename xenpaging.XENMEM_decrease_reservation.patch + to xenpaging.memory_op.patch +* Fri Oct 8 2010 cyliu@novell.com +- bnc#632956 - fix VNC altgr-insert behavior + 7410-qemu-alt-gr.patch + altgr_2.patch +* Thu Oct 7 2010 jfehlig@novell.com +- bnc#618087 - VNC view won't stay connected to fully virtualized + Linux Xen VMs + modified ioemu-vnc-resize.patch +* Tue Oct 5 2010 carnold@novell.com +- bnc#639546 - Dom-U deleted after introduction of the parameter + "change_home_server False" in the VM configuration + change_home_server.patch +* Mon Oct 4 2010 jfehlig@novell.com +- bnc#641859 - block-dmmd script does not handle the configuration + when only MD is used + modified block-dmmd script +* Thu Sep 30 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.populate_only_if_paged.patch +* Mon Sep 27 2010 carnold@novell.com +- bnc#640773 - Xen kernel crashing right after grub + 21894-intel-unmask-cpuid.patch +- Upstream patch from Jan + 22148-serial-irq-dest.patch +* Thu Sep 23 2010 cyliu@novell.com +- bnc#628719 - improve check_device_status to handle HA cases + check_device_status.patch +* Thu Sep 23 2010 cyliu@novell.com +- bnc#628719 - multi-xvdp + mutli-xvdp.patch +* Wed Sep 22 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.XENMEM_decrease_reservation.patch + xenpaging.xenpaging_init.patch + xenpaging.policy_linear.patch +* Mon Sep 20 2010 cyliu@novell.com +- bnc#632956 - fix VNC altgr-insert behavior + 7410-qemu-alt-gr.patch + altgr_2.patch +* Fri Sep 17 2010 ohering@suse.de +- fate#310510 - fix xenpaging + xenpaging.pageout_policy.patch + xenpaging.xs_daemon_close.patch + xenpaging.pagefile.patch + xenpaging.mem_paging_tool_qemu_flush_cache.patch + xenpaging.get_paged_frame.patch + xenpaging.notify_via_xen_event_channel.patch +* Mon Sep 13 2010 carnold@novell.com +- bnc#636231 - XEN: Unable to disconnect/remove CDROM drive from VM + xend-devid-or-name.patch +* Mon Sep 13 2010 carnold@novell.com +- Upstream patches from Jan + 22019-x86-cpuidle-online-check.patch + 22051-x86-forced-EOI.patch + 22067-x86-irq-domain.patch + 22068-vtd-irte-RH-bit.patch + 22071-ept-get-entry-lock.patch + 22084-x86-xsave-off.patch +* Mon Sep 13 2010 carnold@novell.com +- bnc#638465 - hypervisor panic in memory handling + 22135-heap-lock.patch +* Fri Sep 10 2010 carnold@novell.com +- Update to Xen 4.0.1. This is a bug fix release. +* Thu Sep 9 2010 jfehlig@novell.com +- bnc#635380 - Fix pygrub Grub2 support + See update to Xen 4.0.1 for fixes +* Fri Aug 27 2010 cyliu@novell.com +- bnc#628701 - Improve performance when activate/deactivate dmmd + devices + modified block-dmmd script +* Wed Aug 25 2010 jfehlig@novell.com +- bnc#628701 - Fix qemu-dm handling of dmmd devices + modified xen-qemu-iscsi-fix.patch +* Mon Aug 16 2010 carnold@novell.com +- bnc#626262 - Populate-on-demand memory problem on xen with hvm + guest + 21971-pod-accounting.patch +* Mon Aug 16 2010 cyliu@novell.com +- bnc#584204 - xm usb-list broken + usb-list.patch +* Thu Aug 12 2010 carnold@novell.com +- bnc#625520 - TP-L3: NMI cannot be triggered for xen kernel + 21926-x86-pv-NMI-inject.patch +* Mon Aug 9 2010 carnold@novell.com +- bnc#613529 - TP-L3: kdump kernel hangs when crash was initiated + from xen kernel + 21886-kexec-shutdown.patch +* Mon Aug 2 2010 carnold@novell.com +- Upstream Intel patches to improve X2APIC handling. + 21716-iommu-alloc.patch + 21717-ir-qi.patch + 21718-x2apic-logic.patch +* Tue Jul 27 2010 jfehlig@novell.com +- bnc#623833 - Error in Xend-API method VM_set_actions_after_crash + 21866-xenapi.patch +* Tue Jul 27 2010 jfehlig@novell.com +- bnc#625003 - Fix vm config options coredump-{restart,destroy} + Added hunk to xm-create-xflag.patch +* Mon Jul 26 2010 jfehlig@novell.com +- bnc#605186 - Squelch harmless error messages in block-iscsi +* Mon Jul 26 2010 jfehlig@novell.com +- bnc#623438 - Add ability to control SCSI device path scanning + in xend + 21847-pscsi.patch +* Mon Jul 26 2010 carnold@novell.com +- Enable the packaging of create.dtd. This is needed for when xm + is configured to use xenapi. +* Wed Jul 21 2010 carnold@novell.com +- bnc#624285 - TP-L3: xen rdtsc emulation reports wrong frequency + 21445-x86-tsc-handling-cleanups-v2.patch +* Tue Jul 20 2010 carnold@novell.com +- bnc#623201 - drbd xvd will fail in new xen4 packages due to wrong + popen2 arguments in blkif.py + popen2-argument-fix.patch +* Thu Jul 8 2010 carnold@novell.com +- bnc#620694 - Xen yast vm-install for existing paravirtualized + disk fails with UnboundLocalError: local variable 'dev_type' + referenced before assignment + 21678-xend-mac-fix.patch +* Wed Jul 7 2010 carnold@novell.com +- bnc#586221 - cannot add DomU with USB host controller defined + domu-usb-controller.patch (Chun Yan Liu) +* Tue Jul 6 2010 carnold@novell.com +- Upstream patches from Jan + 21151-trace-bounds-check.patch + 21627-cpuidle-wrap.patch + 21643-vmx-vpmu-pmc-offset.patch + 21682-trace-buffer-range.patch + 21683-vtd-kill-timer-conditional.patch + 21693-memevent-64bit-only.patch + 21695-trace-t_info-readonly.patch + 21698-x86-pirq-range-check.patch + 21699-p2m-query-for-type-change.patch + 21700-32on64-vm86-gpf.patch + 21705-trace-printk.patch + 21706-trace-security.patch + 21712-amd-osvw.patch + 21744-x86-cpufreq-range-check.patch + 21933-vtd-ioapic-write.patch + 21953-msi-enable.patch +* Fri Jun 25 2010 jsong@novell.com +- bnc#599550 - Xen cannot distinguish the status of 'pause' + 21723-get-domu-state.patch +* Tue Jun 22 2010 jfehlig@novell.com +- bnc#604611 - Do not store vif device details when vif config + contains invalid mac address. + 21653-xend-mac-addr.patch +* Wed Jun 16 2010 carnold@novell.com +- linux pvdrv: generalize location of autoconf.h + Fixes error because of missing autoconf.h when building os11.2 + Factory. +* Mon Jun 14 2010 carnold@novell.com +- bnc#609153 - xm migrate <domain_name> localhost -l fails on + Windows VMs + 21615-dont-save-xen-heap-pages.patch +- Upstream fixes from Jan + 21446-iommu-graceful-generic-fail.patch + 21453-shadow-avoid-remove-all-after-teardown.patch + 21456-compat-hvm-addr-check.patch + 21492-x86-pirq-unbind.patch + 21526-x86-nehalem-cpuid-mask.patch + 21620-x86-signed-domain-irq.patch +* Mon Jun 7 2010 carnold@novell.com +- bnc#612189 - Clear APIC Timer Initial Count Register when masking + timer interrupt + 21542-amd-erratum-411.patch +* Fri Jun 4 2010 carnold@novell.com +- bnc#610658 - XEN: PXE boot fails for fully virtualized guests - + e1000 virtual nic. (see also bnc#484778) + enable_more_nic_pxe.patch +* Tue May 25 2010 carnold@novell.com +- bnc#608191 - /var/adm/fillup-templates/sysconfig.xend from + package xen-tools is no valid sysconfig file + xend-sysconfig.patch +* Tue May 25 2010 carnold@novell.com +- bnc#608194 - /etc/xen/* config files are not packaged with + noreplace +* Tue May 25 2010 carnold@novell.com +- bnc#569744 - SLE HVM guest clock/timezone is incorrect after + reboot + 21460-xend-timeoffset.patch +* Tue May 25 2010 jfehlig@novell.com +- bnc#606882 - Allow spaces in vbd path names + 21459-block-script.patch +* Mon May 24 2010 jsong@novell.com +- bnc#591799 - The status of Caps Lock is incorrect in domU + capslock_enable.patch +* Thu May 20 2010 carnold@novell.com +- Upstream fixes from Jan including a fix for Intel's ATS issue + 21435-vmx-retain-global-controls.patch + 21406-x86-microcode-quiet.patch + 21421-vts-ats-enabling.patch +* Wed May 19 2010 carnold@novell.com +- bnc#607219 - AMD Erratum 383 workaround for Xen + 21408-amd-erratum-383.patch +* Wed May 19 2010 carnold@novell.com +- Added modprobe of evtchn to init.xend. The kernel will also need + to build evtchn as a module for this to be meaningful. +* Mon May 17 2010 carnold@novell.com +- bnc#603008 - On an 8 Socket Nehalem-EX system, the fix for 593536 + causes a hang during network setup. +- Upstream patches from Jan. + 21360-x86-mce-polling-disabled-init.patch + 21372-x86-cross-cpu-wait.patch + 21331-svm-vintr-during-nmi.patch + 21333-xentrace-t_info-size.patch + 21340-vtd-dom0-mapping-latency.patch + 21346-x86-platform-timer-wrap.patch + 21373-dummy-domain-io-caps.patch +* Wed May 12 2010 carnold@novell.com +- bnc#605182 - /etc/xen/scripts/xen-hotplug-cleanup: line 24: [: + !=: unary operator expected + 21129-xen-hotplug-cleanup.patch +* Mon May 10 2010 carnold@novell.com +- bnc#599929 - Hot add/remove Kawela NIC device over 500 times will + cause guest domain crash + passthrough-hotplug-segfault.patch +* Fri May 7 2010 jfehlig@novell.com +- bnc#603583 - Fix migration of domUs using tapdisk devices + 21317-xend-blkif-util-tap2.patch + suse-disable-tap2-default.patch +* Thu May 6 2010 carnold@novell.com +- Match upstreams cpu pools switch from domctl to sysctl +- Upstream replacements for two of our custom patches (to ease + applying further backports) +- Fixed dump-exec-state.patch (could previously hang the system, as + could - with lower probability - the un-patched implementation) +* Wed May 5 2010 carnold@novell.com +- bnc#593536 - xen hypervisor takes very long to initialize Dom0 on + 128 CPUs and 256Gb + 21272-x86-dom0-alloc-performance.patch + 21266-vmx-disabled-check.patch + 21271-x86-cache-flush-global.patch +* Tue May 4 2010 carnold@novell.com +- bnc#558815 - using multiple npiv luns with same wwpn/wwnn broken +- bnc#601104 - Xen /etc/xen/scripts/block-npiv script fails when + accessing multiple disks using NPIV + block-npiv +* Fri Apr 30 2010 carnold@novell.com +- bnc#595124 - VT-d can not be enabled on 32PAE Xen on Nehalem-EX + platform + 21234-x86-bad-srat-clear-pxm2node.patch + bnc#585371 - kdump fails to load with xen: locate_hole failed + 21235-crashkernel-advanced.patch +* Thu Apr 29 2010 carnold@novell.com +- bnc#588918 - Attaching a U-disk to domain's failed by + "xm usb-attach" + init.xend +* Wed Apr 21 2010 jfehlig@novell.com +- bnc#596442 - Preserve device config on domain start failure + xend-preserve-devs.patch +* Tue Apr 20 2010 jfehlig@novell.com +- bnc#597770 - insserv reports a loop between xendomains and + openais. Remove openais from Should-Start in xendomains script. +* Fri Apr 16 2010 jfehlig@novell.com +- bnc#569194 - Tools-side fixes for tapdisk protocol specification + blktap-script.patch + ioemu-subtype.patch + Modified xen-domUloader.diff +* Wed Apr 14 2010 carnold@novell.com +- Upstream bug fixes from Jan + 21089-x86-startup-irq-from-setup-gsi.patch + 21109-x86-cpu-hotplug.patch + 21150-shadow-race.patch + 21160-sysctl-debug-keys.patch +* Fri Apr 9 2010 jfehlig@novell.com +- Updated to Xen 4.0.0 FCS, changeset 21091 +* Tue Apr 6 2010 jfehlig@novell.com +- Change default lock dir (when domain locking is enabled) to + /var/lib/xen/images/vm_locks +- Support SXP config files in xendomains script +* Wed Mar 31 2010 carnold@novell.com +- Update to changeset 21087 Xen 4.0.0 RC9. +* Fri Mar 26 2010 carnold@novell.com +- Update to changeset 21075 Xen 4.0.0 RC8. +* Thu Mar 25 2010 jsong@novell.com +- bnc#584210 - xm usb-hc-destroy does not remove entry from xend + del_usb_xend_entry.patch +* Tue Mar 23 2010 carnold@novell.com +- Update to changeset 21057 Xen 4.0.0 RC7. +* Wed Mar 17 2010 jsong@novell.com +-Fix bnc#466899 - numa enabled xen fails to start/create vms + adjust_vcpuaffinity_more_cpu.patch +* Tue Mar 9 2010 carnold@novell.com +- Update to changeset 21022 Xen 4.0.0 RC6. +* Tue Mar 9 2010 carnold@novell.com +- bnc#586510 - cpupool fixes + cpu-pools-update.patch +* Fri Mar 5 2010 carnold@novell.com +- bnc#582645 - Xen stuck, mptbase driver attempting to reset config + request +* Mon Mar 1 2010 carnold@novell.com +- Update to changeset 20990 Xen 4.0.0 RC5. +* Mon Feb 22 2010 jfehlig@novell.com +- bnc#556939 - Improve device map cleanup code in domUloader +* Sun Feb 21 2010 jfehlig@novell.com +- bnc# 578910 - xm block-detach does not cleanup xenstore + hotplug-cleanup-fix.patch +* Fri Feb 19 2010 carnold@novell.com +- bnc#579361 - Windows Server 2003 cannot wake up from stand by in + sp1 + hibernate.patch +* Fri Feb 19 2010 carnold@novell.com +- fate#308852: XEN CPU Pools + cpupools-core.patch + cpupools-core-fixup.patch + keyhandler-alternative.patch + cpu-pools-libxc.patch + cpu-pools-python.patch + cpu-pools-libxen.patch + cpu-pools-xmtest.patch + cpu-pools-docs.patch +* Thu Feb 18 2010 ksrinivasan@novell.com +- bnc#558760: Disable scsi devices when PV drivers are loaded. +* Tue Feb 16 2010 carnold@novell.com +- Update to changeset 20951 Xen 4.0.0 RC4 for sle11-sp1 beta5. +* Mon Feb 8 2010 carnold@novell.com +- bnc#572146 - SLES11 SP1 beta 2 Xen - BUG: soft lockup - CPU#31 + stuck for 61s! [kstop/31:4512] + cpuidle-hint-v3.patch +* Fri Feb 5 2010 carnold@novell.com +- Update to changeset 20900 RC2+ for sle11-sp1 beta4. +* Fri Jan 29 2010 carnold@novell.com +- bnc#573376 - OS reboot while create DomU with Windows CD +* Wed Jan 27 2010 carnold@novell.com +- bnc#573881 - /usr/lib64/xen/bin/qemu-dm is a broken link +* Thu Jan 21 2010 carnold@novell.com +- Update to changeset 20840 RC1+ for sle11-sp1 beta3. +* Thu Jan 21 2010 jfehlig@novell.com +- bnc#569581 - SuSEfirewall2 should handle rules. Disable + handle_iptable in vif-bridge script + vif-bridge-no-iptables.patch +* Wed Jan 20 2010 carnold@novell.com +- bnc#569577 - /etc/modprove.d/xen_pvdrivers, installed by + xen-kmp-default, to ../xen_pvdrivers.conf +* Wed Jan 6 2010 ksrinivasan@novell.com +- bnc#564406 - Make the new PV drivers work with older hosts that + do not understand the new PV driver protocol. +* Fri Dec 11 2009 carnold@novell.com +- Upstream Xen version renamed to 4.0.0 in changeset 20624 & 20625. +* Wed Dec 9 2009 carnold@novell.com +- fate#307594: HP-MCBS: XEN: support NR_CPUS=256 + This is a spec file change (xen.spec) +* Thu Dec 3 2009 carnold@novell.com +- bnc#555152 - "NAME" column in xentop (SLES11) output limited to + 10 characters unlike SLES10 + The update to c/s 20572 includes this fix (at c/s 20567). +* Tue Dec 1 2009 wkong@novell.com +- Modify xen-paths.diff +* Tue Dec 1 2009 wkong@novell.com +- Merge xend-tap-fix.patch to xen-domUloader.diff + remove part of it which accepted by upstream +* Tue Dec 1 2009 jfehlig@novell.com +- Load gntdev module in xend init script similar to blkbk, + netbk, etc. +* Thu Nov 26 2009 wkong@novell.com +- Backport dmmd from sles11/xen + block-dmmd + xen-qemu-iscsi-fix.patch + xen.spec +* Thu Nov 26 2009 wkong@novell.com +- Fix regression when create_vbd for tap + xend-tap-fix.patch +* Tue Nov 24 2009 carnold@novell.com +- Temporarily disable libxl because of libconfig dependency. +* Thu Nov 19 2009 wkong@novell.com +- fate#302864 domUloader support lvm in disk + domUloader.py + Note: for test in Beta1, if not good, remove it +* Thu Nov 19 2009 wkong@novell.com +- fate#302864 domUloader support fs on whole disk + domUloader.py +* Fri Nov 6 2009 carnold@suse.de +- Turn KMPs back on now that kernel side fix is checked in. +* Tue Oct 20 2009 jfehlig@novell.com +- fate#304415 VMM: ability to switch networking mode + Add vif-route-ifup to handle routed configurations using + sysconfig scripts. + vif-route-ifup.patch +* Mon Oct 19 2009 jsong@novell.com +- fate#307540 USB for Xen VMs + usb-add.patch +* Mon Oct 19 2009 jsong@novell.com +- fate#305545 XEN extra descriptive field within xenstore + add_des.patch +* Mon Oct 12 2009 carnold@novell.com +- Update to Xen version 3.5.0 for the following features. + fate#304226 XEN: FlexMigration feature of VT-x2 support + fate#305004 Add SR-IOV PF and VF drivers to Vt-d enabled Xen + fate#306830 T states in Xen controlling by MSR + fate#306832 Fix for xen panic on new processors + fate#306833 Westmere and Nehalem-EX: Add support for Pause Loop exiting feature for Xen + fate#306835 Xen: server virtual power management enhacement + fate#306837 VT-d2 - PCI SIG ATS support + fate#306872 Xen: Node manager support P/T-states change when Vt-d enable + fate#306873 Xen: SMP guest live migration may fail with hap=1 on NHM + fate#306875 Westmere: LT-SX (Xen) + fate#306891 RAS features for Xen: Add support for Machine Check and CPU/Memory online/offline features + fate#307322 1GB page support in Xen + fate#307324 Xen IOMMU support +* Fri Oct 9 2009 carnold@novell.com +- bnc#541945 - xm create -x command does not work in SLES 10 SP2 or + SLES 11 + xm-create-xflag.patch +* Thu Oct 8 2009 jfehlig@novell.com +- Minor enhancement to xen-updown.sh sysconfig hook +* Mon Sep 28 2009 wkong@novell.com +- Add patch ioemu-bdrv-open-CACHE_WB.patch + for install guest on tapdisk very very slow. +* Fri Sep 25 2009 jfehlig@novell.com +- Add temporary workaround for race between xend writing and + qemu-dm reading from xenstore. The issue is preventing PV + domUs from booting as they have no backend console. + qemu-retry-be-status.patch +- bnc#520234 - npiv does not work with XEN + Update block-npiv +- bnc#496033 - Support for creating NPIV ports without starting vm + block-npiv-common.sh + block-npiv-vport + Update block-npiv +- bnc#500043 - Fix access to NPIV disk from HVM vm + Update xen-qemu-iscsi-fix.patch +* Tue Sep 15 2009 jfehlig@novell.com +- bnc#513921 - Xen doesn't work get an eror when starting the + install processes or starting a pervious installed DomU + 20125-xc-parse-tuple-fix.patch +* Wed Sep 2 2009 carnold@novell.com +- bnc#536176 - Xen panic when using iommu after updating hypervisor + 19380-vtd-feature-check.patch +* Fri Aug 28 2009 jfehlig@novell.com +- bnc#530959 - virsh autostart doesn't work + Fixing this libvirt bug also required fixing xend's op_pincpu + method with upstream c/s 19580 + 19580-xend-pincpu.patch +* Fri Aug 28 2009 jbeulich@novell.com +- bnc#534146 - Xen: Fix SRAT check for discontig memory + 20120-x86-srat-check-discontig.patch +* Mon Aug 24 2009 carnold@novell.com +- bnc#491081 - Xen time goes backwards x3950M2 + 20112-x86-dom0-boot-run-timers.patch +* Mon Aug 10 2009 ro@suse.de +- disable module build for ec2 correctly to fix build + (at the suse_kernel_module_package macro) +* Mon Aug 10 2009 ksrinivasan@novell.com +- bnc#524071 - implemented workaround for a windows7 bug. + hv_win7_eoi_bug.patch +* Mon Aug 3 2009 jfehlig@novell.com +- bnc#524180 - xend memory leak resulting in long garbage collector + runs + 20013-xend-memleak.patch +* Fri Jul 31 2009 carnold@novell.com +- Upstream bugfixes from Jan. + 19896-32on64-arg-xlat.patch + 19960-show-page-walk.patch + 19945-pae-xen-l2-entries.patch + 19953-x86-fsgs-base.patch + 19931-gnttblop-preempt.patch + 19885-kexec-gdt-switch.patch + 19894-shadow-resync-fastpath-race.patch +- hvperv shim patches no longer require being applied conditionally +* Wed Jul 29 2009 jfehlig@novell.com +- bnc#520234 - npiv does not work with XEN in SLE11 + Update block-npiv +- bnc#496033 - Support for creating NPIV ports without starting vm + block-npiv-common.sh + block-npiv-vport + Update block-npiv +- bnc#500043 - Fix access to NPIV disk from HVM vm + Update xen-qemu-iscsi-fix.patch +* Wed Jul 15 2009 carnold@novell.com +- Don't build the KMPs for the ec2 kernel. +* Thu Jul 2 2009 jfehlig@novell.com +- Upstream fixes from Jan Beulich + 19606-hvm-x2apic-cpuid.patch + 19734-vtd-gcmd-submit.patch + 19752-vtd-srtp-sirtp-flush.patch + 19753-vtd-reg-write-lock.patch + 19764-hvm-domain-lock-leak.patch + 19765-hvm-post-restore-vcpu-state.patch + 19767-hvm-port80-inhibit.patch + 19768-x86-dom0-stack-dump.patch + 19770-x86-amd-s3-resume.patch + 19801-x86-p2m-2mb-hap-only.patch + 19815-vtd-kill-correct-timer.patch +- Patch from Jan Beulich to aid in debugging bnc#509911 + gnttblop-preempt.patch +* Tue Jun 23 2009 wkong@novell.com +- bnc#515220 - qemu-img-xen snapshot Segmentation fault + qemu-img-snapshot.patch update +* Tue Jun 9 2009 wkong@novell.com +- bnc#504491 - drop write data when set read only disk in xen config + bdrv_open2_fix_flags.patch + bdrv_open2_flags_2.patch +* Fri Jun 5 2009 carnold@novell.com +- Upstream fixes from Jan Beulich. + 19474-32on64-S3.patch + 19490-log-dirty.patch + 19492-sched-timer-non-idle.patch + 19493-hvm-io-intercept-count.patch + 19505-x86_64-clear-cr1.patch + 19519-domctl-deadlock.patch + 19523-32on64-restore-p2m.patch + 19555-ept-live-migration.patch + 19557-amd-iommu-ioapic-remap.patch + 19560-x86-flush-tlb-empty-mask.patch + 19571-x86-numa-shift.patch + 19578-hvm-load-ldt-first.patch + 19592-vmx-exit-reason-perfc-size.patch + 19595-hvm-set-callback-irq-level.patch + 19597-x86-ioport-quirks-BL2xx.patch + 19602-vtd-multi-ioapic-remap.patch + 19631-x86-frametable-map.patch + 19653-hvm-vcpuid-range-checks.patch +* Fri Jun 5 2009 jsong@novell.com +- bnc#382112 - Caps lock not being passed to vm correctly. + capslock_enable.patch +* Wed May 27 2009 jfehlig@novell.com +- bnc#506833 - Use pidof in xend and xendomains init scripts +* Wed May 27 2009 jsong@novell.com +- bnc#484778 - XEN: PXE boot of FV domU using non-Realtek NIC fails + enable_more_nic_pxe.patch +* Wed May 27 2009 jsong@novell.com + cross-migrate.patch +- bnc#390961 - cross-migration of a VM causes it to become + unresponsive (remains paused after migration) +* Tue May 19 2009 carnold@novell.com +- Patches taken to fix the xenctx tool. The fixed version of this + tool is needed to debug bnc#502735. + 18962-xc_translate_foreign_address.patch + 18963-xenctx.patch + 19168-hvm-domctl.patch + 19169-remove-declare-bitmap.patch + 19170-libxc.patch + 19171-xenctx.patch + 19450-xc_translate_foreign_address.patch +* Mon May 18 2009 wkong@novell.com +-bnc#485770 - check exsit file for save and snapshot-create + xm-save-check-file.patch + snapshot-xend.patch +* Mon May 18 2009 wkong@novell.com +-bnc#503782 - Using converted vmdk image does not work + ioemu-tapdisk-compat-QEMU_IMG.patch +* Thu May 14 2009 jfehlig@novell.com +- bnc#503332 - Remove useless qcow tools + /usr/sbin/{qcow-create,img2qcow,qcow2raw} from xen-tools package. +* Wed May 13 2009 jsong@novell.com +- bnc#474738 - adding CD drive to VM guest makes it unbootable. + parse_boot_disk.patch +* Mon May 11 2009 wkong@novell.com +- bnc#477892 - snapshot windows can't accomplish. + snapshot-xend.patch +* Tue Apr 28 2009 carnold@novell.com +- bnc#495300 - L3: Xen unable to PXE boot Windows based DomU's + 18545-hvm-gpxe-rom.patch, 18548-hvm-gpxe-rom.patch +* Mon Apr 27 2009 jfehlig@novell.com +- bnc#459836 - Fix rtc_timeoffset when localtime=0 + xend-timeoffset.patch +* Wed Apr 22 2009 carnold@novell.com +- bnc#497440 - xmclone.sh script incorrectly handles networking for + SLE11. +* Fri Apr 17 2009 wkong@novell.com +- bnc#477890 - VM becomes unresponsive after applying snapshot +* Wed Apr 15 2009 jfehlig@novell.com +- bnc#494892 - Update xend-domain-lock.patch to flock the lock + file. +* Wed Apr 8 2009 ksrinivasan@novell.com +- bnc#439639 - SVVP Test 273 System - Sleep Stress With IO" fails + Turned off s3/s4 sleep states for HVM guests. +* Tue Apr 7 2009 jsong@novell.com +- bnc#468169 - fix domUloader to umount the mounted device mapper target in dom0 + when install a sles10 guest with disk = /dev/disk/by_path +* Thu Apr 2 2009 jfehlig@novell.com +- bnc#488490 - domUloader can't handle block device names with ':' +- bnc#486244 - vms fail to start after reboot when using qcow2 +* Tue Mar 31 2009 carnold@novell.com +- bnc#490835 - VTd errata on Cantiga chipset + 19230-vtd-mobile-series4-chipset.patch +* Mon Mar 30 2009 carnold@novell.com +- bnc#482515 - Missing dependency in xen.spec +* Thu Mar 26 2009 carnold@novell.com +- Additional upstream bug fix patches from Jan Beulich. + 19132-page-list-mfn-links.patch + 19134-fold-shadow-page-info.patch + 19135-next-shadow-mfn.patch + 19136-page-info-rearrange.patch + 19156-page-list-simplify.patch + 19161-pv-ldt-handling.patch + 19162-page-info-no-cpumask.patch + 19216-msix-fixmap.patch + 19268-page-get-owner.patch + 19293-vcpu-migration-delay.patch + 19391-vpmu-double-free.patch + 19415-vtd-dom0-s3.patch +* Wed Mar 25 2009 carnold@novell.com +- Imported numerous upstream bug fix patches. + 19083-memory-is-conventional-fix.patch + 19097-M2P-table-1G-page-mappings.patch + 19137-lock-domain-page-list.patch + 19140-init-heap-pages-max-order.patch + 19167-recover-pat-value-s3-resume.patch + 19172-irq-to-vector.patch + 19173-pci-passthrough-fix.patch + 19176-free-irq-shutdown-fix.patch + 19190-pciif-typo-fix.patch + 19204-allow-old-images-restore.patch + 19232-xend-exception-fix.patch + 19239-ioapic-s3-suspend-fix.patch + 19240-ioapic-s3-suspend-fix.patch + 19242-xenstored-use-after-free-fix.patch + 19259-ignore-shutdown-deferrals.patch + 19266-19365-event-channel-access-fix.patch + 19275-19296-schedular-deadlock-fixes.patch + 19276-cpu-selection-allocation-fix.patch + 19302-passthrough-pt-irq-time-out.patch + 19313-hvmemul-read-msr-fix.patch + 19317-vram-tracking-fix.patch + 19335-apic-s3-resume-error-fix.patch + 19353-amd-migration-fix.patch + 19354-amd-migration-fix.patch + 19371-in-sync-L1s-writable.patch + 19372-2-on-3-shadow-mode-fix.patch + 19377-xend-vnclisten.patch + 19400-ensure-ltr-execute.patch + 19410-virt-to-maddr-fix.patch +* Mon Mar 9 2009 jfehlig@novell.com +- bnc#483565 - Fix block-iscsi script. + Updated block-iscsi and xen-domUloader.diff +* Mon Mar 9 2009 carnold@novell.com +- bnc#465814 - Mouse stops responding when wheel is used in Windows + VM. + mouse-wheel-roll.patch (James Song) +- bnc#470704 - save/restore of windows VM throws off the mouse + tracking. + usb-save-restore.patch (James Song) +* Thu Mar 5 2009 jfehlig@novell.com +- bnc#436629 - Use global vnc-listen setting specified in xend + configuration file. + xend-vnclisten.patch +- bnc#482623 - Fix pygrub to append user-supplied 'extra' args + to kernel args. + 19234_pygrub.patch +* Thu Mar 5 2009 carnold@novell.com +- bnc#481161 upgrade - sles10sp2 to sles11 upgrade keeps + xen-tools-ioemu +* Tue Mar 3 2009 kukuk@suse.de +- Don't load 8139* driver if xen-vnif works [bnc#480164] +* Fri Feb 27 2009 carnold@novell.com +- bnc#480164 - Default network proposal in fully virtualized + SLES 11 VM is invalid. + xen_pvdrivers +* Thu Feb 26 2009 carnold@novell.com +- bnc#474822 - L3: Win2003 i386 XEN VM can see only 2 TB with a + 4TB LUN. + int13_hardisk-64bit-lba.patch +* Wed Feb 25 2009 jfehlig@novell.com +- bnc#477890 - Destroy domain if snapshot restore fails. + Updated snapshot-xend.patch +* Tue Feb 24 2009 ksrinivasan@novell.com +- bnc#470238 - SLE11 32FV guest is hanging during certification + tests. + bnc#468265 - Xen guest shows duplicate drives + bnc#469598 - SLES11 RC2 64bit Xen - SLES11 full virt guests + hanging under load. + disable_emulated_device.diff +* Tue Feb 24 2009 kwolf@suse.de +- bnc#477892 - Disable xend timeout for snapshots + Updated snapshot-xend.patch +* Tue Feb 24 2009 kwolf@suse.de +- bnc#477895 - Fix detaching blktap disks from domains without + device model + Updated blktap-ioemu-close-fix.patch +* Fri Feb 20 2009 kwolf@suse.de +- bnc#472390 - Enable debuginfo for ioemu + ioemu-debuginfo.patch +* Thu Feb 19 2009 carnold@novell.com +- bnc#473883 - Xen: 64 bit guest crashes with qemu-dm segfault + qemu-dm-segfault.patch +* Wed Feb 18 2009 jfehlig@novell.com +- bnc#437776 - Remove tracing (bash -x) from network-nat script + network-nat.patch +* Wed Feb 18 2009 jfehlig@novell.com +- bnc#473815 - Handle NULL return when reading a xenstore path. + Updated blktap-error-handling.patch +* Wed Feb 18 2009 kwolf@suse.de +- Fix VHD image support for > 4 GB (offsets truncated to 32 bits) + ioemu-vpc-4gb-fix.patch +* Thu Feb 12 2009 ksrinivasan@novell.com +- bnc#468660 - Fix migration from sles10 to sles11 on Intel. + old-arbytes.patch +* Thu Feb 12 2009 carnold@novell.com +- bnc#473800 - If VT-d is enabled, Dom0 fails to boot up on + Nehalem-HEDT platform. + 19198-fix-snoop.patch + 19154-snoop-control.patch +* Thu Feb 5 2009 jfehlig@novell.com +- bnc#470133 - Better error handling in xm when not booted Xen + 19153-xm-noxen-error.patch +* Wed Feb 4 2009 kwolf@suse.de +- bnc#472075 - Fix ioemu to initialize its blktap backend also for + fully virtualized guests + ioemu-blktap-fv-init.patch +* Tue Feb 3 2009 jfehlig@novell.com +- bnc#470855 - Add note to xm man page on how to detach domain + console + 19152-xm-man-page.patch +* Mon Feb 2 2009 jfehlig@novell.com +- bnc#471090 - XendAPIStore: Do not remove non-existent item + class list + 19151-xend-class-dereg.patch +* Mon Feb 2 2009 carnold@novell.com +- bnc#470949 - user mode application may crash kernel + 19088-x86-page-non-atomic-owner.patch (Jan Beulich) + 19089-x86_64-widen-page-refcounts.patch + 19103-x86_64-fold-page-lock.patch + x86_64-page-info-pack.patch + x86_64-sh-next-shadow.patch +* Fri Jan 23 2009 carnold@novell.com +- Intel - Remove improper operating condition that results in a + machine check. + 19072-vmx-pat.patch + 19079-snp_ctl-1.patch +* Fri Jan 23 2009 kwolf@suse.de +- bnc#465379 - Fix blktap error handling + blktap-error-handling.patch +* Thu Jan 22 2009 carnold@novell.com +- bnc#435219 - XEN pv-driver doesn't work +* Thu Jan 22 2009 jbeulich@novell.com +- Fix unmaskable MSI handling. + 18778-msi-irq-fix.patch +* Wed Jan 21 2009 jfehlig@novell.com +- bnc#467883 - Squelch output of xen-updown.sh sysconfig hook + script and don't save state of tap devices not belonging to Xen. +* Wed Jan 21 2009 carnold@novell.com +- bnc#467807 - Xen: IRQs stop working + xen-ioapic-ack-default.diff +* Fri Jan 16 2009 carnold@novell.com +- bnc#447178 - xm dump-core does not work for cross-bitness guest. + 19046-cross-bit-coredumping.patch + 19048-cross-bit-coredumping.patch + 19051-cross-bit-coredumping.patch +* Thu Jan 15 2009 brieske@novell.com +- bnc#429637 - SSVP SMBIOS HCT Test failing + 19027-hvmloader-SMBIOS-dev-mem-boundary.patch +* Wed Jan 14 2009 carnold@novell.com +- bnc#460805 - Unable to boot with Xen kernel with IBM T42p / T41p + 19039-x86-propagate-nolapic.patch + 19038-x86-no-apic.patch +* Mon Jan 5 2009 carnold@novell.com +- bnc#435596 - dom0 S3 resume fails if disk drive is set as AHCI + mode. + 18937-S3-MSI.patch +- Final Xen 3.3.1 FCS changeset 18546 +* Mon Dec 29 2008 carnold@novell.com +- bnc#436021 - On PAE host with EPT enabled, booting a HVM guest + with 4G memory will cause Xen hang. + 18943-amd-32bit-paging-limit.patch +* Mon Dec 22 2008 carnold@novell.com +- bnc#461596 - Failue to load 64-bit HVM Solaris 10U6 DomU with 2 + vcpus. Update to RC4 contains fix in c/s 18538. +* Mon Dec 22 2008 jfehlig@novell.com +- bnc#379032 and bnc#404014 - Fix loop device leak in domUloader +* Wed Dec 17 2008 kwolf@suse.de +- bnc#456758 - Allow all block device types for which a script + exists in /etc/xen/scripts besides file, tap and phy. + reenable-block-protocols.patch +* Mon Dec 15 2008 carnold@novell.com +- Patch cleanup. Updated tarball with several of our stand-alone + but now upstream patches (c/s 18536). +* Fri Dec 5 2008 kwolf@suse.de +- bnc#404014 - Fix memory leak in libxenguest during domain + creation + libxc-zlib-memleak.patch +* Thu Dec 4 2008 jfehlig@novell.com +- bnc#456511 - Fix domain name change after checkpoint/shutdown + events. +* Tue Dec 2 2008 carnold@novell.com +- Fixed xmclone.sh. It calls lomount which no longer exists in the + distro. +* Tue Nov 25 2008 kwolf@suse.de +- Fix the build. Build system seems to be unhappy about having two + copies of the xenstore binary (this is not a proper fix in fact + as the build error says the two files are not identical - they + are hardlinks, so this seems unlikely to be the real cause). + tmp_build.patch +* Mon Nov 24 2008 jfehlig@novell.com +- bnc#448364 - Fix cpu affinity on save/restore/migrate +* Thu Nov 20 2008 kwolf@suse.de +- bnc#444731 - Fix data corruption bug (caused by broken x86 + emulation for movnti instruction) + xen-x86-emulate-movnti.patch +* Wed Nov 19 2008 kwolf@suse.de +- Report device model errors during the creation of snapshots + to xend instead of failing silently +* Wed Nov 19 2008 kwolf@suse.de +- bnc#445659 - ioemu: Workaround for VNC client initialization + race with xenfb changing the resolution (caused VNC connection + to be closed, vm-install recognized this as failed installation) + ioemu-vnc-resize.patch +* Tue Nov 18 2008 carnold@novell.com +- bnc#444203 - With EPT mode4, HVM S3 causes Xen HV crash. + 18783-hvm-vcpu-reset-state-fix.patch +* Mon Nov 17 2008 carnold@novell.com +- bnc#444731 - Blackscreen instead of second stage during + installation + 18766-realmode-stack-size-fix.patch +* Thu Nov 13 2008 carnold@novell.com +- bnc#429739 - Network failure with bnx2 when booted to XEN + 18778-msi-irq-fix.patch +* Wed Nov 12 2008 kwolf@suse.de +- bnc#444197 - Add udev rule to fix domUloader race with + automounter (udev-rules.patch) +* Sun Nov 9 2008 ro@suse.de +- disable kmp to fix build again +* Fri Nov 7 2008 kwolf@suse.de +- Fix merge damage which prevented disks to be snapshotted when + not in disk-only snapshot mode +* Wed Nov 5 2008 kwolf@suse.de +- bnc#435195 - Fix error handling for blktap devices and ioemu; + check for images smaller than a sector and abort (causes hangs + of the complete blktap stack otherwise) + ioemu-blktap-zero-size.patch +* Mon Nov 3 2008 plc@novell.com +- bnc#436572 - L3: vm serial port configuration and access is not + persistent across dom0 reboot +* Wed Oct 29 2008 carnold@novell.com +- bnc#436926 - Xen hypervisor crash +* Tue Oct 28 2008 jfehlig@novell.com +- bnc#438927 - Fix migration bug in xend +* Tue Oct 28 2008 carnold@suse.de +- disable KMP, does not build with current kernel +* Fri Oct 24 2008 jfehlig@novell.com +- bnc#437756 - Fix default netdev device in network-route +* Wed Oct 22 2008 jfehlig@novell.com +- bnc#434560 - Remove local patch that prevents creating PV vif + when "type=ioemu" is specified in guest vif config. This patch + is causing several problems with recent changes to xenstore + layout. +* Wed Oct 22 2008 jfehlig@novell.com +- bnc#431758 - Added upstream changeset 18654 to prevent setting + vcpus > VCPUs_max on running domain. +* Tue Oct 21 2008 carnold@novell.com +- Update to changeset 18455. +* Fri Oct 17 2008 olh@suse.de +- add ExclusiveArch x86 x86_64 +* Wed Oct 15 2008 jfehlig@novell.com +- bnc#433722 - Fix handling of default bridge in qemu-ifup. +* Mon Oct 13 2008 carnold@novell.com +- bnc#431324 - Cannot boot from XEN kernel +* Mon Oct 13 2008 kwolf@suse.de +- blktapctrl: Close connection to tapdisk-ioemu only if there are + no more attached disks + blktap-ioemu-close-fix.patch +- blktapctrl: If tapdisk-ioemu has been shut down and a new + instance is needed, fix saving the PID of the new instance +* Thu Oct 2 2008 jfehlig@novell.com +- bnc#431737 - Fix use of deprecated python constructs in xend +* Mon Sep 29 2008 carnold@novell.com +- Update to c/s 18430, remove our versions of upstream patches. +- fate#303867 - minimum HVM domain limits. Pulled upstream + patches for supporting up to 255 cpus. +* Fri Sep 26 2008 kwolf@suse.de +- bnc#430222 - Fixed block-attach for tap:aio images +* Thu Sep 25 2008 kwolf@suse.de +- bnc#429801 - Fixed xm start -c / --vncviewer + xm-start-fix.patch +* Wed Sep 24 2008 carnold@novell.com +- bnc#382401 - xm man page missing information for commands. +* Wed Sep 17 2008 carnold@novell.com +- Pulled some upstream patches for Intel and AMD microcode fixes. +* Tue Sep 16 2008 carnold@novell.com +- Update to changeset 18412. Contains several bug fixes including + a crash fix in qemu-dm and also various memory leaks fixes. +* Mon Sep 15 2008 carnold@novell.com +- Fix parameters in call to kill_proc_info (pv drivers). +- Add conditional for use of smp_call_function so the pv drivers + can be built on older kernel versions. +* Thu Sep 11 2008 brogers@novell.com +- Added gdbserver-xen to the set of tools we build. + fate#302942 +* Thu Sep 11 2008 jfehlig@novell.com +- Added ocfs2 to Should-Start in xendomains init script +* Wed Sep 10 2008 plc@novell.com +- Added pv cdrom support to blktap + fate#300964 +* Wed Sep 10 2008 jfehlig@novell.com +- Removed invocation of network-bridge script from xend-config.sxp. + Networks are now created through yast2-network package. +- Added sysconfig hook script for Xen to cope with ifup/ifdown + events on network devices (e.g. bridges) in use by virtual + machines. + fate#303386 +* Mon Sep 8 2008 carnold@novell.com +- Updated to xen version 3.3.1 RC changeset 18390. +* Wed Sep 3 2008 kwolf@suse.de +- Snapshots: Fix xend API functions for libvirt usage +* Mon Sep 1 2008 carnold@novell.com +- Fix problems building KMPs against the 2.6.27 kernel. +* Fri Aug 29 2008 plc@novell.com +- Added 'tap' to the type of devices for HalDaemon.py to + scan for change of xenstore attribute media-present. +* Wed Aug 27 2008 jfehlig@novell.com +- Don't create pv vif device if emulated network device is + explicitly specified in guest config. +* Fri Aug 22 2008 carnold@novell.com +- Updated to xen-unstable changeset 18358 Xen 3.3.0 FCS. +* Wed Aug 20 2008 carnold@novell.com +- Updated to xen-unstable changeset 18353 RC7. +* Wed Aug 20 2008 kwolf@suse.de +- Implementation of xm snapshot-delete + snapshot-ioemu-delete.patch, snapshot-xend.patch +- Add snapshot options to qemu-img-xen + qemu-img-snapshot.patch +* Tue Aug 19 2008 carnold@novell.com +- Enable kboot and kexec patches. +* Mon Aug 18 2008 carnold@novell.com +- Updated to xen-unstable changeset 18335 RC5. +* Mon Aug 18 2008 carnold@suse.de +- Removed git dependency. Instead use a static version of + ioemu-remote. +* Thu Aug 14 2008 jfehlig@novell.com +- Added patch to prevent starting same domU from multiple hosts. + Feature is disabled by default - see /etc/xen/xend-config.sxp. + fate#305062 +* Mon Aug 11 2008 jfehlig@novell.com +- Added python-openssl to Requires list for xen-tools. This + package is required if SSL relocation is enabled by user. +* Mon Aug 11 2008 carnold@novell.com +- Updated to xen-unstable changeset 18309. Pre 3.3.0-rc4. +* Sat Aug 9 2008 jfehlig@novell.com +- Disabled xend-relocation-ssl-server for now. Certificates must + be created and feature needs testing. +* Fri Aug 8 2008 carnold@novell.com +- Update to xen-unstable changeset 18269 post RC3. Reverse + version back to 3.3.0 from 4.0.0. +* Wed Aug 6 2008 carnold@novell.com +- Updated to xen-unstable changeset 18242. Version changes from + 3.3.0 to 4.0.0 +* Mon Aug 4 2008 carnold@novell.com +- Updated to xen-unstable changeset 18210. Post 3.3.0-rc2. +* Tue Jul 8 2008 carnold@novell.com +- Updated to xen-unstable changeset 17990. +* Tue Jul 8 2008 kwolf@suse.de +- ioemu: Write barriers for blktap devices + ioemu-blktap-barriers.patch +* Thu Jul 3 2008 kwolf@suse.de +- blktapctrl defaults to using ioemu instead of tapdisk now + blktapctrl-default-to-ioemu.patch +- Now that ioemu is default, it can be called with image paths + starting e.g. with tap:qcow2. If the image format is specified, + it has to be respected and no guessing on the image file must + happen. + ioemu-blktap-image-format.patch +- qcow2: Read/Write multiple sectors at once if possible to + improve performance. + ioemu-qcow2-multiblock-aio.patch +* Thu Jun 12 2008 kwolf@novell.com +- Add snapshot support to ioemu and blktapctrl + snapshot-ioemu-save.patch + snapshot-ioemu-restore.patch +* Fri Jun 6 2008 jfehlig@novell.com +- bnc#397890 - Create and own /var/lib/xen/dump +* Thu Jun 5 2008 kwolf@novell.com +- Fix tapdisk for qcow2 images > 2 GB + 1xxxx-qcow2-2gb-bug.patch +* Thu Jun 5 2008 jfehlig@novell.com +- Updated to xen-unstable changeset 17772. +* Tue May 27 2008 plc@novell.com +- bnc#381368 - boot qcow image fix. +* Fri May 23 2008 jfehlig@novell.com +- bnc#378595 - Revert patch that disables use of ifup/ifdown. + ifup-bridge in sysconfig has been fixed so patch is no longer + needed. Calling ifdown on bridge now removes ports and deletes + bridge, so network-bridge no longer needs to do these tasks. +* Fri May 16 2008 carnold@novell.com +- bnc#390985 - xm man page needs FIXME sections to be fixed + xen-fixme-doc.diff +* Wed May 14 2008 carnold@novell.com +- bnc#375322 - L3:timer went backwards + x86-domain-shutdown-latency.patch +* Sat May 10 2008 plc@novell.com +- bnc#388969 - Shift tab traversal does not work + xen-shift-key.patch +- bnc#384277 - PVFB security hole + xen-pvfb-security.patch +- bnc#385586 - VNC windows size too small + xen-vnc-resize.patch +* Fri Apr 25 2008 carnold@novell.com +- bnc#383513 - Unknown unit 'K' in Xen's logrotate config file. +* Fri Apr 25 2008 carnold@novell.com +- Update to Xen 3.2.1 FCS changeset 16881. +* Fri Apr 11 2008 carnold@novell.com +- Update to Xen 3.2.1 RC5 changeset 16864. +* Thu Apr 10 2008 jfehlig@novell.com +- bnc#378595 - Do not use ifup/ifdown in network-bridge for now. +* Mon Mar 24 2008 carnold@novell.com +- bnc#373194 - The xen module and the kernel for Dom0 don't match. +- Add ncurses-devel build dependency +* Mon Mar 24 2008 carnold@novell.com +- Update to Xen 3.2.1 RC1 changeset 16820. +* Thu Mar 20 2008 coolo@suse.de +- 3.1.0 is unfortunately not enough to obsolete 3.1.0_<something> + in rpm terms +* Fri Mar 14 2008 carnold@novell.com +- Update to Xen 3.2.1 changeset 16805. +* Fri Mar 14 2008 coolo@suse.de +- ipcalc does not exist - and breaks pattern +* Wed Mar 12 2008 jfehlig@novell.com +- Increased dom0-min-mem value to 512Mb in xend-config.sxp + bnc#370007 +* Mon Mar 10 2008 jfehlig@novell.com +- Fixed initialization of default VM config values when creating + VMs through Xen API. bnc#368273 +* Mon Mar 10 2008 jfehlig@novell.com +- Removed unused/untested xend-relocation script. +* Fri Mar 7 2008 jfehlig@novell.com +- Set device model when creating pvfb consoles via XenAPI. + bnc#367851 +* Fri Mar 7 2008 jfehlig@novell.com +- Ensure dhcpcd is activated, if appropriate, on bridges created + by network-multinet. bnc#364633 +* Fri Feb 29 2008 carnold@novell.com +- bnc#357966 - VT-D dosen't work for HVM guest. +* Fri Feb 29 2008 plc@novell.com +- Send UNIT_ATTENTION when CD drive has newly inserted media and + becomes ready. bnc#365386 +* Thu Feb 28 2008 jfehlig@novell.com +- Updated block-iscsi script and xen-domUloader patch, bnc #365385 +* Thu Feb 28 2008 carnold@novell.com +- Add support for Intel EPT / VPID. +* Tue Feb 26 2008 carnold@novell.com +- bnc#362415 - SLE-based installs 32-bit fully-virtualized have + network problems during installs. +- bnc#358244 - Time remaining does not change properly for FV SLES10 + SP2 guest. +- bnc#363053 - Install remaining time always shows 2:00:00 +* Tue Feb 26 2008 carnold@novell.com +- bnc#359457 - Xen full virt has data integrity issue. +* Tue Feb 26 2008 plc@novell.com +- Tranlate colors from 32 bit to 16 bit when viewing a 32 bit PV + VM from a 16 bit client. bnc#351470 + Also includes upstream mouse queue patch. +* Fri Feb 22 2008 jfehlig@novell.com +- Added PAM configuration files for remote authentication via + Xen API. bnc #353464 +* Tue Feb 19 2008 carnold@novell.com +- Fix PV drivers for HVM guests. +* Fri Feb 15 2008 carnold@novell.com +- Support for pxe booting fully virtualized guests in vm-install is + complete. +* Thu Feb 14 2008 carnold@novell.com +- Added upstream changesets that fix various bugs. + 16859 16929 16930 16945 16947 16962 16976 16980 16995 16998 17036 +* Wed Feb 13 2008 jfehlig@novell.com +- Updated network-multinet + - Simplify bridge creation + - Create traditional bridge and hostonly networks by default +* Fri Feb 8 2008 jfehlig@novell.com +- Added upstream changesets 16932, 16965, 16977, and 16988 to fix + various bugs in tool stack +- Also added upstream changeset 16989 to complete fate #302941. +* Mon Feb 4 2008 plc@novell.com +- Replaced xen-blktab-subtype-strip.patch with official upstream + changeset for bnc#353065. +* Fri Feb 1 2008 carnold@novell.com +- Update to xen 3.2 FCS. Changeset 16718 +- Merge xen-tools and xen-tools-ioemu into xen-tools. +* Wed Dec 19 2007 carnold@novell.com +- Update to xen 3.2 RC2. Changeset 16646 +* Thu Dec 13 2007 carnold@novell.com +- Added agent support for HP Proliant hardware. +* Wed Dec 5 2007 carnold@novell.com +- #338108 - VUL-0: Xen security issues in SLE10 +- #279062 - Timer ISR/1: Time went backwards +* Thu Nov 29 2007 carnold@novell.com +- Added part of upstream c/s 15211. Fixed open call with O_CREAT + because it had no mode flags (15211-fix-open-mode.patch). +* Mon Nov 5 2007 jfehlig@novell.com +- Added upstream c/s 15434 to allow access to serial devices. + Bug #338486. +* Thu Nov 1 2007 carnold@novell.com +- #334445: xenbaked: Fix security vulnerability CVE-2007-3919. +* Thu Nov 1 2007 carnold@novell.com +- #310279: Kernel Panic while booting Xen +* Tue Oct 2 2007 ccoffing@novell.com +- #286859: Fix booting from SAN +* Thu Sep 13 2007 ccoffing@novell.com +- #310338: Fix "No such file or directory" in network-multinet +* Wed Sep 12 2007 jfehlig@novell.com +- #309940: Fix 'xm reboot' +- Moved hvm_vnc.diff and xend_mem_leak.diff to 'Upstream patches' + section of spec file since both have been accepted upstream now. +* Mon Sep 10 2007 jfehlig@novell.com +- #289283: Fix memory leak in xend +* Fri Sep 7 2007 jfehlig@novell.com +- #297125: Expose 'type vnc' in vfb device sexp for HVM guests. +* Thu Sep 6 2007 ccoffing@novell.com +- #302106: Update network-multinet +* Wed Sep 5 2007 carnold@novell.com +- #307458: AMD-V CR8 intercept reduction for HVM windows 64b guests +* Wed Aug 29 2007 ccoffing@novell.com +- Update block-iscsi to match changes to open-iscsi. +* Mon Aug 27 2007 carnold@novell.com +- #289275 - domu will not reboot if pci= is passed in at boot time. +* Fri Aug 24 2007 carnold@novell.com +- #297345: Added several upstream patches for hvm migration. +* Fri Aug 17 2007 jfehlig@novell.com +- Added upstream c/s 15128, 15153, 15477, and 15716. These patches + provide foundation for bug #238986 +- Renamed xend_dev_destroy_cleanup.patch to reflect the upstream + c/s number and moved it to "upstream patches" section of spec + file. +* Mon Aug 13 2007 carnold@novell.com +- hvm svm: Log into 'xm dmesg' that SVM NPT is enabled. +* Fri Aug 10 2007 ccoffing@novell.com +- Honor RPM_OPT_FLAGS better +* Thu Aug 9 2007 ccoffing@novell.com +- #298176: Do not enable NX if CPU/BIOS does not support it +- #289569: Modify network-bridge to handle vlan +- #297295: Fix bridge setup: stop using getcfg +* Tue Aug 7 2007 olh@suse.de +- remove inclusion of linux/compiler.h and linux/string.h + remove ExclusiveArch and fix prep section for quilt setup *.spec +* Thu Aug 2 2007 jfehlig@novell.com +- Added patch to fix/cleanup destoryDevice code path in xend. + Patch was submitted upstream. Aids in fixing several bugs, e.g. + [#217211] and #242953. +* Tue Jul 31 2007 ccoffing@novell.com +- Update Ron Terry's network-multi script +- Fix insserv +* Tue Jul 31 2007 jfehlig@novell.com +- Added following upstream patches: + + 15642 - Fixes bug 289421 found in SLES10 SP1 but applies to + Xen 3.1.0 as well. + + 15649, 15650, 15651 - Fixes/enhancements to Xen API required + by Xen CIM providers +* Fri Jul 27 2007 ccoffing@novell.com +- #242953: Allow HVM to use blktap +- #239173: block-attach as RW for domUloader to avoid failures with + reiserfs (since blktap does not yet correctly communicate RO to + the kernel) +* Mon Jul 23 2007 ccoffing@novell.com +- Drop xen-bootloader-dryrun.diff; not needed for xen 3.1 +- rpmlint: Actually apply patch for #280637 +- rpmlint: Rename logrotate config from xend to xen +- Don't package xenperf twice +- xen-detect is a domU tool +* Mon Jul 23 2007 jfehlig@novell.com +- Added upstream patches that fix various bugs + + 15168 fixes check for duplicate domains + + 15587 resets domain ID and fixes problems with domain state + via Xen API + + 15609 stores memory values changed via Xen API +* Thu Jul 19 2007 ccoffing@novell.com +- BuildRequires LibVNCServer-devel +- Rotate all logs. +- Fix network data corruption on Win2003 with rtl8139. (#254646) +- Xen fails to create VM due to "out of memory" errors. (#280637) +* Tue Jul 17 2007 plc@novell.com +- Added CDROM removable media patch from 3.0.4 +* Fri Jul 6 2007 ccoffing@novell.com +- xensource bug #858: Disable strict aliasing for xenstore, to + avoid domU hangs. +* Tue Jul 3 2007 ccoffing@novell.com +- #285929: Bad "xendomains status" output w/ empty XENDOMAINS_SAVE +* Tue Jul 3 2007 carnold@novell.com +- Changes necessary to support EDD and EDID from Jan. +* Wed Jun 20 2007 jfehlig@novell.com +- Added upstream changesets 15273, 15274, and 15275. +- Removed the modified 15157 patch. This patch was actually a + consolidation of changesets 15157 and 15250. These changesets + are now discrete patches to ease subsequent updates of Xen. +* Wed Jun 20 2007 ccoffing@novell.com +- Split vm-install off as a separate package. +- Update man page. +- Update Ron Terry's network-multi script. +* Mon Jun 18 2007 ccoffing@novell.com +- Fix compiler warnings. +- Update block-npiv. +* Mon Jun 11 2007 ccoffing@novell.com +- Fix more warn_unused_value compiler warnings. +* Fri Jun 8 2007 ccoffing@novell.com +- Update to official rc10 (changeset 15042). +- Updated vm-install: + + easier to exit with Ctrl-C + + drop "TERM=xterm" for Linux (breaks PVFB text install) + + use "TERM=vt100" when calling "xm" to suppress terminal codes + + command-line support for VNC password + + fixed disk groups (e.g., 2 disks on command line w/o PDEV) + + fixed regression: Don't let user close progress window + + failure to open a device should not completely fail search for + bootsector (consider: no media in /dev/cdrom) + + always remove PV kernel and initrd from /tmp + + #279153: Support disks on iscsi/qcow/vmdk/nbd/file/phy/... +* Fri Jun 8 2007 jfehlig@novell.com +- Added a modified version of upstream c/s 15157. Original version + of c/s 15157 fixed bug #262805 but also broke + 'xm block-detach dom dev_name'. Modified version fixes bug 262805 + without introducing regression. Patch fixing c/s 15157 has been + submitted upstream. +* Wed May 23 2007 ccoffing@novell.com +- Drop xen-messages.diff; Xen now supports HVM save/restore. +* Tue May 22 2007 ccoffing@novell.com +- Update Ron Terry's network-multi script. +- Drop xen-doc-ps. (#267948) +- Update init scripts. +- Tidy spec file to fix rpmlint errors. +- Updated patches from Jan. +* Mon May 21 2007 ccoffing@novell.com +- vm-install bug fixes: + + #211342: better progress bar + + #259994: disk size would reset when editing path + + #247073: handle autoyast URLs + + #254311: physical disks were showing as 0.0 GB +* Wed May 16 2007 ccoffing@novell.com +- Properly quote pathnames in domUloader to fix EVMS. (#274484) +- Allow user to specify a default 'keymap' in xend's configuration + file. (#258818 and 241149) +* Mon May 14 2007 plc@novell.com +- Added upstream python patches for keymap specification in + PV config file. Added upstream ALTGR fix, sign extension fix + and modified patch 323 so that upstream patches applied cleanly. + (#258818) +* Fri May 11 2007 ccoffing@novell.com +- Update to xen-3.1-testing rc10 (changeset 15040). +- Update .desktop with proper group. (#258600) +- Include Kurt's updated block-iscsi. (#251368) +- Jim's updated patch to honor localtime setting. (#273430) +- Fix vm-install to work correctly when doing multiple simultaneous + installs via virt-manager. (#259917) +- Network connectivity fails in FV SLES 10 SP1; MAC address was + being read incorrectly from xenstore by PV driver. (#272351) +- For FV SLES 9, default apic=1 to allow x86_64 SLES 9 to boot. + (#264183) +* Fri May 4 2007 carnold@novell.com +- Added security fixes for problems found Travis Orandy (#270621) + CVE-2007-1320, CVE-2007-1321, CVE-2007-1322, CVE-2007-1323, + CVE-2007-1366 +* Thu May 3 2007 ccoffing@novell.com +- Update to xen-3.1-testing rc7 (changeset 15020). +- Fix identification of virt-manager windows. (#264162) +* Tue May 1 2007 jfehlig@novell.com +- Integrated domUloader with 3.0.5. Updated xen-domUloader.diff. +* Mon Apr 30 2007 ccoffing@novell.com +- Update to xen-3.0.5-testing rc4 (changeset 14993). +* Thu Apr 26 2007 jfehlig@novell.com +- Fixed autobuild error in function that returns random data. + File tools/ioemu/hw/piix4acpi.c line 72. Fix added to + xen-warnings.diff. +* Thu Apr 26 2007 ccoffing@novell.com +- Fix build on SLES 10 SP1. +* Wed Apr 25 2007 ccoffing@novell.com +- Update to xen-3.0.5-testing rc3 (changeset 14934). +- Switch BuildRequires to texlive. +* Fri Apr 20 2007 ccoffing@novell.com +- Updated README. (#250705) +- Fix vm-install's detection of PV RHEL4/5 kernels. (#260983) +* Thu Apr 19 2007 ccoffing@novell.com +- Place xenstore-* tools in new xen-tools-domU package, to be used + by suse_register. (#249157) +* Tue Apr 17 2007 ccoffing@novell.com +- Update translations. +* Thu Apr 12 2007 ccoffing@novell.com +- Combine two xenstore reads into one transaction, which causes + xenstored to not thrash so badly, and makes virt-manager more + responsive and less likely to time out or lock up. Partial fix + for #237406. +- If disk is read-only, pass -r to losetup. (#264158) +* Thu Apr 5 2007 ccoffing@novell.com +- Update vm-install: + + #260510: do not delete xml settings file + + #260579: write correct vif line for PV NIC in FV VM + + #261288: re-enable add disk buttons after deleting a disk + + #192272, #222765, #250618: Update OS list and their defaults +* Tue Apr 3 2007 ccoffing@novell.com +- Could not do simultaneous installs via virt-manager. (#259917) +* Mon Apr 2 2007 jfehlig@novell.com +- Fix improper handling of guest kernel arguments in domUloader. + Bug #259810 +* Mon Apr 2 2007 ccoffing@novell.com +- Update vm-install: + + #259420: refresh available memory more often + + #259972: cannot enter autoyast url +* Mon Apr 2 2007 ccoffing@novell.com +- Update translations for RC2. +* Fri Mar 30 2007 ccoffing@novell.com +- Fix "cannot allocate memory" when starting VMs. (#229849, 258743) +* Thu Mar 29 2007 ccoffing@novell.com +- Fix quoting of args for child processes during VM install. + (#258376) +- Fix retry logic in block hotplug script. (#257925) +* Wed Mar 28 2007 ccoffing@novell.com +- Updated vm-install's icon name. +- Updated translations. +* Fri Mar 23 2007 ccoffing@novell.com +- Disable aspects of qemu's console that can affect domain 0. + (#256135) +- Fix xmclone.sh to work with managed domains. (#253988) +- Update to xen-unstable changeset 14535. +* Mon Mar 19 2007 ccoffing@novell.com +- Update to xen-unstable changeset 14444. +- Include Ron Terry's network-multi_bridge +* Fri Mar 9 2007 jfehlig@novell.com +- Added lame patch to handle showing suspended state via Xen API. + The patch only affects Xen API and is thus low risk. + Bug #237859 +* Fri Mar 9 2007 carnold@novell.com +- Added AMD support for Vista 64 installation and boot. +* Fri Mar 9 2007 ccoffing@novell.com +- Make vm-install support NFS for SUSE (#241251). +* Fri Mar 9 2007 jfehlig@novell.com +- Fixed bug #250522 + + Upstream c/s 13557 stores model attribute of vif in xenstore. +* Thu Mar 8 2007 ccoffing@novell.com +- Update vm-install: + + Better description on "Virtual Disk" drop-down (not "xvda") + + Proper separation of recording options versus calculating + defaults; fixes corner cases + + #247849, #253013, 253009: Multiple fixes related to how disks + are defined, centered around bug #247849 (handle partitioned + PV installation disk) + + #252437: Allow virtual CDROM to be added (via ISO) even if + physical CDROM doesn't exist +* Wed Mar 7 2007 jfehlig@novell.com +- Fixed bug #252396 + + Added upstream c/s 14021. Applies to Xen API c-bindings - + low risk. + + Added local patch to correctly set Xen API Console.protocol + property +* Wed Mar 7 2007 jfehlig@novell.com +- Added upstream patch that fixes save/restore on 32pae guests. + Upstream c/s 14150. Bug #237859 +* Tue Mar 6 2007 carnold@novell.com +- Remove a debug message which is spamming the logs during live + migration. +* Mon Mar 5 2007 jfehlig@novell.com +- Fixed handling of vbd type in Xen API <-> sexpr integration. + Bug #250351 + + Updated an existing patch (xend_disk_decorate_rm.patch) and + then renamed patch to xend_vbd_type.patch to better reflect + purpose of patch. +* Mon Mar 5 2007 ccoffing@novell.com +- Default apic=0 for SLES 8 and 9, for performance. (#228133) +* Fri Mar 2 2007 carnold@novell.com +- Xen kernel crashes at domain creation time. Bug #248183. + Fix mouse for win2k hvm guest. +* Fri Mar 2 2007 jfehlig@novell.com +- Incorrect values returned for actions_after_* in Xen API. Added + patch xend-actions-after.patch for fix. Patch submitted upstream + as well. Bug #250870. +* Fri Mar 2 2007 ccoffing@novell.com +- Update vm-install: + + Fixed possible "tree path exception" when editing disk + + Fixed failure to properly refresh fields when editing disk + + #248356: allow specifying bridge +* Fri Mar 2 2007 jfehlig@novell.com +- Add check for HVM domain in domain_save. The check is + performed in domain_suspend and should be included here as well. +* Thu Mar 1 2007 ccoffing@novell.com +- Update vm-install: + + #250201: for linux PVFB, pass xencons=tty if graphics=none + + #250016: honor non-sparse flag +* Thu Mar 1 2007 jfehlig@novell.com +- Fix exception caused by incorrect method name in xen-messages.diff. + This is one of perhaps several problems with save/restore, + bug #237859 +* Thu Mar 1 2007 dpmerrill@novell.com +- Add xen-ioemu-hvm-pv-support.diff + This patch allows for shutting down the IDE drive. +* Thu Mar 1 2007 jfehlig@novell.com +- Fix bug #243667 + + Updated domUloader to accept '--args' parameter. The args + provided as an option to --args are simply added to the sexpr + returned by domUloader. pygrub has similar behavior. +* Wed Feb 28 2007 ccoffing@novell.com +- Update vm-install: + + #249013, #228113: default to realtek instead of pcnet + + #249124: write os-type to config files + + Updated translations + + Setting os_type should implicitly set full_virt; fixes NIC + model exceptions + + Add "Add" button to Operating System Installation page, based + on usability feedback +* Wed Feb 28 2007 jfehlig@novell.com +- Added changeset 13786 and 14022 from xen-unstable. These + changesets affect the Xen API C bindings only and are low risk. + This is a continuation of support for FATE feature 110320. ECO + has been approved for late arrival of this feature. +* Mon Feb 26 2007 ccoffing@novell.com +- Update vm-install: + + #244772: display error message in GUI if xen isn't running + + #246049: better error message when OS==SUSE but ISO looks wrong + + Fix printing of jobid when run with --background +* Wed Feb 21 2007 ccoffing@novell.com +- Don't allow "xm create" of running VM. (#245253) +- Update vm-install: + + Fix inability to use already-extracted SUSE kernel/initrds + + Fix accumulation of 0-byte tmp files + + #237063: close fds before running vncviewer + + default apic=0 for Windows, due to performance +* Tue Feb 20 2007 carnold@novell.com +- Domain0 reboots after 2-6 hours of running guests. (#246160) +* Tue Feb 20 2007 ccoffing@novell.com +- Fix typo in xendomains. (#246107) +- Fix order in which vm-install processes command-line arguments. +* Fri Feb 16 2007 jfehlig@novell.com +- Added changeset 13775 from xen-unstable. This patch fixes + the last known issue with the Xen API patchset backported + from xen-unstable. +* Fri Feb 16 2007 jfehlig@novell.com +- Added c/s 13226 from xen-unstable. It affects Xen API only. +- Added patch to remove ':disk' and 'tap:qcow' from stored domain + config. Fixes bug #237414 and helps with bug #242953. +* Thu Feb 15 2007 jfehlig@novell.com +- Backported Xen API functionality from xen-unstable to support + hosting CIM providers. This functionality is required for + FATE feature 110320. ECO has been approved. + + Includes 19 changesets from xen-unstable. Most are + specific to Xen API. + + Includes 1 patch that relaxes parsing of xml response + in Xen API c-bindings. +* Thu Feb 15 2007 carnold@novell.com +- Added x86-nmi-inject.patch for NW debuging. (#245942) +* Thu Feb 15 2007 carnold@novell.com +- kernel panic in DomU while installing 32bit DomU on 64bit + Dom0. (#244055) Patches 13630-domctl.patch, + 13903-domctl.patch and 13908-domctl.patch +- Updated patch pae-guest-linear-pgtable.patch +* Mon Feb 12 2007 ccoffing@novell.com +- Load xenblk at dom0 start to support bootstrapping from + non-loopback devices. (#242963, #186696) +- Update vm-install: + + Update translations + + Clean up exception error codes and sync man pages + + Honor ordering of arguments (as claimed in man page) + + #240984: properly detach vncviewer + + #240387: default to absolute coordinate mouse for Windows +- Drop logging patch. (#245150) +* Sun Feb 11 2007 ro@suse.de +- remove -fstack-protector from RPM_OPT_FLAGS for now +* Thu Feb 8 2007 ccoffing@novell.com +- Update vm-install: + + Allow specifing disk (and disk size) vs. cdrom from CLI + + Add missing -M/--max-memory parameter to CLI to match GUI + + #241528: Display error if user selects FV OS but hw lacks VT + + Move all consistency checks out of Options class, since CLI + options may be processed in a "bad" order + + Fix infinite loops when info is missing from background jobs + + --background implies --no-auto-console + + Don't let user close progress window + + Fix bug in qemu slowness work-around, reported by Jan Albrecht + + Do disk.validate() when clicking "OK" on disks page + + #238959: Probe for removable media via /sys/block + + Output VNC info for backgrounded job + + Fix method of waiting for VM to exit when --no-autoconsole + + #239582: Use extracted kernel-xen/initrd-xen if present +* Tue Feb 6 2007 ro@suse.de +- disable commented out buildreq for kernel for the moment + to workaround endless rebuild +* Tue Feb 6 2007 ccoffing@novell.com +- xm-test should clean up xenstore better (#180138) +* Thu Feb 1 2007 ccoffing@novell.com +- Implement better job support for CIM (#241197) +- Temporary fix to allow PV VMs to reboot (#237414) +- Delete PYTHONOPTIMIZE for good; callers don't set it. +* Wed Jan 31 2007 ccoffing@novell.com +- Update xen-3.0.4 (changeset 13138); includes migration bugfix. +* Tue Jan 30 2007 ccoffing@novell.com +- Enable building KMP. +- Fix xendomains to work with managed domains. (#238781) +* Thu Jan 25 2007 ccoffing@novell.com +- Various bug fixes of 32on64, from Jan and Keir. +- Gerd's fix for domain builder with > 4 GB RAM (#233761) +- Update xen-vm-install: + [#234331], #239007: CD/DVDs should always be marked read-only + [#238458]: Work-around qemu slowness bug + [#239196]: Support SLED + [#239275]: Fix .desktop file + [#240064]: Clean up VMs better after failed install +* Tue Jan 23 2007 ccoffing@novell.com +- Update xen-vm-install: + [#237370]: Can now install 32pae SLES 10 on x86_64 hypervisor + [#237396]: Be able to use an existing disk, bypass OS installation + Fix handling of user's extra_args +- Patch from Jan to enable building PV drivers KMP for FV SUSE. + Currently conditionalized. +- Drop unused patches xen-io-register-context.diff and + xen-console.diff +* Sat Jan 20 2007 brogers@novell.com +- Fix handling of localtime config file parameter for PV guests + (#234376) +* Fri Jan 19 2007 ccoffing@novell.com +- Update xen-vm-install (NIC UI work; do not require tcp port bz + [#236517]; integrate with virt-manager) +* Wed Jan 17 2007 ccoffing@novell.com +- Update xen-vm-install (more disk UI work; support NetWare + response files and licenses) +* Tue Jan 16 2007 ccoffing@novell.com +- Major fixes to xen-vm-install (adding disks in the UI now works, + and fixed several CLI exceptions) +- Microcode does not need to be exactly 2048 bytes (changeset + 13079; Kurt) +* Fri Jan 12 2007 ccoffing@novell.com +- Include script to clone SLES 10 domU, from coolsolutions (fate + [#301742]) +- Updated patches from Gerd and Jan, including PAE > 4 gig fix, + updated VGA console patch. +- Updated xen-vm-install with finalized strings and desktop file. +* Thu Jan 11 2007 ccoffing@novell.com +- Include xen-unstable patches for HVM save/restore and 32-on-64 + HVM. +- Update to xen-3.0.4-1 (changeset 13132). +* Wed Jan 10 2007 ccoffing@novell.com +- Update xen-vm-install and domUloader to support NetWare. +- Include AMD's nested page table patches. +* Mon Jan 8 2007 ccoffing@novell.com +- Update to xen-3.0.4 (changeset 13129). +- Fix from upstream for mis-emulation of x86-64 pop. +* Fri Jan 5 2007 carnold@novell.com +- Many patches from Jan Beulich and Gerd Hoffmann in support of + 32 on 64 pv guests. These patches apply to both the hypervisor + and the tools. +* Fri Dec 22 2006 ccoffing@novell.com +- Do not require authentication on XenAPI socket, since CIMOM does + not support authentication. Socket is only accessible to root. +* Wed Dec 20 2006 ccoffing@novell.com +- Update to xen-3.0.4 (changeset 13100). +- Update xen-vm-install tools. +- Include Jim's 2 xen-tools patches for CIM provider issues. +* Mon Dec 18 2006 ccoffing@novell.com +- Update to xen-3.0.4-rc3 (changeset 13087). +- Fix line terminators in block-iscsi (#228864) +- Make domUloader work with blktap support in xend. +* Fri Dec 15 2006 ccoffing@novell.com +- Update to xen-3.0.4-rc2 (changeset 13067). +* Thu Dec 14 2006 ccoffing@novell.com +- Update to xen-3.0.4-rc1 (changeset 12901). +* Wed Dec 13 2006 brogers@novell.com +- Patch for loading bimodal PAE kernel to suuport NetWare +* Thu Dec 7 2006 ccoffing@novell.com +- Update to xen-unstable (changeset 12757). +- Enable LIBXENAPI_BINDINGS and XENFB_TOOLS. +- Enable unix domain socket for xend; needed by tools. +* Tue Dec 5 2006 ccoffing@novell.com +- Update to xen-unstable (changeset 12734; feature freeze for + 3.0.4) +- Make /etc/xen mode 0700 to protect vnc passwords. +* Mon Nov 27 2006 ccoffing@novell.com +- Fix how bootloader is called by the xend during restarts. + (#223850) +* Wed Nov 22 2006 ccoffing@novell.com +- Series of patches from Jan to address selectors with non-zero- + bases and other related issues in HVM. (#214568) +- Default pae=1, otherwise 64 bit HVM does not work at all. + (#217160) +* Fri Nov 17 2006 ccoffing@novell.com +- Backport several HVM fixes. (#176171?) +* Thu Nov 16 2006 ccoffing@novell.com +- Fix some problems in the xen-hvm-default-bridge patch. (#219092) +- xmlrpc isn't 64-bit clean, causing xend to get exceptions when + PFN is > 2 GB. (#220418) +* Mon Nov 13 2006 kallan@novell.com +- Backport changesets 11847, 11888, 1189[6-9], 119[00-18], 11974, + 1203[0-2], and 12205 from xen-unstable so that the PV drivers + can compile on older kernels such as sles9 and rhel4 +- Fix netfront.c to fail the probe if it is called for an ioemu + type device. This allows both PV and FV drivers to exist at + same time in the FV guest. +* Thu Nov 9 2006 ccoffing@novell.com +- Add xen-vm-install. +- Default bridge correctly for HVM guests. (#219092) +* Wed Nov 8 2006 aj@suse.de +- Set correct permissions on man files. +* Tue Nov 7 2006 ccoffing@novell.com +- Update name of blktap.ko in xend init script. (#215384) +- Remove some extraneous bad chars in xm manpage. (#218440) +- Update logrotate.conf. +- Update spec file. +* Wed Nov 1 2006 kallan@novell.com +- Backport xen-unstable changesets 12040 to address spurious + interrupts with PV drivers in HVM guests. +* Tue Oct 31 2006 ccoffing@novell.com +- Backport xen-unstable changesets 1184[1-3] to address SVM + interrupt injection issues. Replaces earlier (broken) patches. +* Mon Oct 30 2006 ccoffing@novell.com +- /var/lib/xen/images should not be world readable. (#214638) +- Update to xen-3.0.3-0 (changeset 11774; no code changes). +* Mon Oct 16 2006 ccoffing@novell.com +- Update to xen-3.0.3-testing changeset 11772 (rc5). +- Fix several possible type errors when running domUloader. +- Remove pygrub. Was broken on reiserfs and never had ext2 + support, so it is useless. (#173384) +- First attempt at moving domUloader to blktap. Still disabled + due to block-detach failing. +* Fri Oct 13 2006 ccoffing@novell.com +- Update to xen-3.0.3-testing changeset 11760 (rc4). +* Tue Oct 10 2006 ccoffing@novell.com +- Update to xen-3.0.3-testing changeset 11740 (rc3). +- Fix crash on PAE when specifying dom0_mem=4096M. (#211399) +- Make xend.balloon aware of kernel's memory floor, to fix + "Privileged domain did not balloon" errors. (#184727) +* Mon Oct 9 2006 ccoffing@novell.com +- Include AMD's interrupt injection fix. +* Wed Oct 4 2006 ccoffing@novell.com +- Imported keymap patch. (#203758) +- Account for minimum memory required by dom0 kernel. (#184727) +- Package /usr/include/xen/hvm/*.h +* Tue Oct 3 2006 ccoffing@novell.com +- Update to xen-3.0.3-testing changeset 11686. +* Tue Oct 3 2006 kallan@novell.com +- Updated README.SuSE to reflect the current method of handling + Xen network-bridging when using SuSEfirewall2. (#205092) +* Sat Sep 30 2006 aj@suse.de +- Cleanup BuildRequires. +* Thu Sep 28 2006 ccoffing@novell.com +- Only "eval" disks once in domUloader, to match current Xen. +* Wed Sep 27 2006 ccoffing@novell.com +- Switch to xen-3.0.3-testing tree; changeset 11633. +- Update (but disable) paravirtualized framebuffer patches. +* Tue Sep 26 2006 ccoffing@novell.com +- Update to xen-unstable changeset 11623. +- Fix domUloader typo introduced in last update. +- Build debug version of xen-pae. +* Mon Sep 25 2006 ccoffing@novell.com +- Update to xen-unstable changeset 11616. +* Tue Sep 12 2006 ccoffing@novell.com +- Update check_python script to identify Python 2.5 RCs as valid. +* Mon Sep 11 2006 ccoffing@novell.com +- Update to xen-unstable changeset 11440. +- xen-tools conflicts with qemu. Do not package qemu.1 manpage. + (#204758) +- Include Jan's updated patch for #192150 (to preserve register + context when doing IO). +* Tue Sep 5 2006 ccoffing@novell.com +- Update block-nbd and xmexample.nbd, and add block-iscsi and + xmexample.iscsi (from Kurt). +* Thu Aug 31 2006 ccoffing@novell.com +- Automatically create/destroy virtual frame buffer viewer. Add + "sdl=1" to config file of a paravirtualized VM to get the viewer. +- Log files have moved to /var/log/xen. +* Tue Aug 29 2006 ccoffing@novell.com +- xendomains does not actually save domains. (#201349) +- Update to xen-unstable changeset 11299. +* Mon Aug 28 2006 ccoffing@novell.com +- Fix incorrect path on x86_64 for vncfb and sdlfb. +* Thu Aug 17 2006 ccoffing@novell.com +- Improve xendomains init script, to handle unset sysconfig vars. +- Import virtual framebuffer patches. +- Drop reboot patch; resync patches. +* Wed Aug 16 2006 ccoffing@novell.com +- Update to xen-unstable changeset 11134. +- Drop xen-reverse-10064.diff now that kernel is updated. +* Tue Aug 8 2006 ccoffing@novell.com +- Re-enabled patch for #184175. +- Update to xen-unstable changeset 10986. +- Include Jan's patch to preserve register context when doing + IO. (#192150) +* Fri Jul 28 2006 ccoffing@novell.com +- Add support to domUloader for "xm create --dry-run". Based on + patch from HP. +* Thu Jul 27 2006 ccoffing@novell.com +- Add link for qemu-dm that is invariant across architectures, so + that VM config files can be simple key/value pairs parsable by + yast, and still be movable to another arch. (#193854) +- Add loop.ko to rescue image created by mk-xen-rescue-img, and + remove usbfs from image's /etc/fstab since USB isn't yet + supported, to avoid errors during boot. (#191627) +* Mon Jul 17 2006 ccoffing@novell.com +- Update to xen-unstable changeset 10712. +- Update domUloader and rcxend to work with blktap. +* Fri Jul 14 2006 ccoffing@novell.com +- When waiting for domains to shut down, must also wait for + loopback devices to be torn down, otherwise higher-level tools + may migrate a VM before the disk image is flushed. (#185557) +- More updates to the README. +* Thu Jul 13 2006 kallan@novell.com +- Added for loop to retry the losetup -d in /etc/xen/scripts/block. + It is possible for the losetup -d to fail if another process is + examining the loopback devices e.g. losetup -a. (#151105) +* Wed Jul 12 2006 ccoffing@novell.com +- Corrected and updated README. +* Mon Jul 10 2006 ccoffing@novell.com +- Add Jeff Mahoney's block-sync.diff, to give control of + "losetup -y" to the user (and potentially yast). Defaults to + old async behavior. (#190869) +* Thu Jul 6 2006 ccoffing@novell.com +- Update to xen-unstable tree. Revert changeset 10064, to maintain + backwards compatibility with SLES 10. +* Wed Jul 5 2006 ccoffing@novell.com +- Do not open migration port by default. (#190170) +- Update patch for migration oops, to latest version in bug + [#162865]. +* Mon Jul 3 2006 okir@suse.de +- xen-losetup-sync.diff: use the new "losetup -y" option to force + the loop device to use synchronous I/O (#189051) +* Fri Jun 30 2006 ccoffing@novell.com +- Increase balloon timeout value. (#189815) +- Update to xen-3.0-testing tree, changeset 9762. +* Thu Jun 29 2006 ccoffing@novell.com +- Fix some loopback races in domUloader. (#151105) +* Tue Jun 27 2006 ccoffing@novell.com +- Add "max_para_memory" and "max_hvm_memory" to output of "xm info" + for bug #184727. +- Include Jan's patches for bug #184175. Improves PAE guest + support on HVM. +* Mon Jun 26 2006 ccoffing@novell.com +- Include patch from HP to fix a domU migration failure ("Kernel + BUG at mm/mmap.c:1961"). Force L1/L2 page tables to be updated + at the end, to avoid them from being dirtied and not transferred. + (#162865) +* Fri Jun 23 2006 kallan@novell.com +- Updated xen-bonding.diff to enable bonding again after the latest + patches to network-bridge etc. (#161888) +* Wed Jun 21 2006 ccoffing@novell.com +- Clean up the useless "Nothing to flush" messages, from 'ip addr + flush', in /var/log/xen-hotplug.log +- Fix race condition in domUloader.py, when another process did + losetup -d while domUloader was running. This would result in + the mount failing, and so the VM would fail to start. +* Tue Jun 20 2006 ccoffing@novell.com +- Revamp balloon.py to account for pages currently being + scrubbed. (#185135) +* Mon Jun 19 2006 ccoffing@novell.com +- Update to xen-3.0-testing tree, changeset 9749. +- DomUs are getting starved for CPU (up to 40 seconds was seen) + when dom0 has a load. This can cause pathological behavior, and + can cause OCFS2 to fence (panic) the domain. (#179368, #178884) +- Import Gerd's fix to network-bridge script for bug #161888. +* Wed Jun 14 2006 ccoffing@novell.com +- Pull out accidentally-included debugging code. +- Drop xenvers patch; this was for backwards compatibility for + some early internal builds. +- Update from Jan on the console patch. Not all graphics cards / + drivers properly reflect the state in the register being tested. + Improved the check, to prevent screen corruption. (#161541) +* Tue Jun 13 2006 ccoffing@novell.com +- Resync with new tarball from xen-3.0-testing; changeset 9738. +* Mon Jun 12 2006 ccoffing@novell.com +- Drop BUILD_BUG_ON and pirq-shared patches. Last week's pirq + sharing patch from upstream (for bug #152892) makes these patches + redundant. Dropping these makes our shared_info structure match + upstream again, which is needed for compatibility with other + paravirtualized guests. +- Import changeset 9734 from xen-3.0-testing. This fixes a hyper- + call (used by the pcifront driver) to work on MP guests. Without + this, the pciback driver can hang on MP. (#181467) +- Import changeset 9733 from xen-3.0-testing. This patch is + required to match the Linux kernel, since Linux always calls + this operation from VCPU0 during secondary VCPU bringup. + Without this, process run-time accounting on secondary CPUs is + completely wrong. +- Updated README: Documented work-around for bug #180058. +* Fri Jun 9 2006 ccoffing@novell.com +- Include Jan's patch: "IOPL is ignored for VM86 mode port + accesses. Fix Xen emulation to match native behaivour." Fixes + some X lockup issues. (#179045) +- Include Keir's patch to allow reading from port 0x61, to avoid + an X server lockup. (#171087) +- Include xen-3.0-testing changeset 9726, which is needed to + support the latest kernel-xen. With this support, Linux will + only trigger unhandled IRQ path if IRQ is not shared across + multiple guests (another guest may have handled the interrupt). + This is more upstream work that goes with bug #152892. +- Add versioning to the Requires lines, to guard against mixing + binary incompatible versions. (#183292) +- I accidentially dropped part of Clyde's fix for bug #162244. + SMP support in HVM is working in xen-unstable, so upstream + dropped the HT CPUID masking code, which we then inheirited. + Re-add HT CPUID masking. (#162244) +- Updated README: VNC installations, known issues. +* Thu Jun 8 2006 ccoffing@novell.com +- Drop our XCHG patch for the equivalent upstream patch, to fix + patch application order. No code change. +* Wed Jun 7 2006 ccoffing@novell.com +- Updated README: HVM issues/tips, CDROM tips, known issues. +- Add patch from Intel to decode LODS/STOS instructions to fix + Windows installation. Only affects HVM. Xen changeset #9725 + consolidates this patch and xen-hvm-decode.diff; drop our 2 in + favor of the consolidated upstream patch. (#176717) +* Tue Jun 6 2006 ccoffing@novell.com +- Drop xen-8-way-bios patch, because it breaks Windows HVM + installation. The patch was only necessary when running SMP HVM + with "acpi=0" on the kernel command line. (#181974) +- Include two patches from xen-3.0-testing that change the + interface between Xen and guests. Including these now to help + forward-compatibility: + + 9709: Changes interface for accessing %%cr3 so that extra bits + (>4GB) for PAE pgdirs are placed in low-order bits of %%cr3. + Kernels without support for this will still run fine. + + 9721: Use explicitly-sized types in the dom0_ops and privcmd + structures. +- Fix ability to change ISOs images for HVM guest. (#181895) +- Removed pointless whitespace changes from xen-removable.diff, for + better maintainability. Cut the patch size in half; no code + changes. +* Mon Jun 5 2006 ccoffing@novell.com +- Include select patches from xen-3.0-testing: + + 9698: Official fix for bug #159001. Dropped our patch. + + 9702: Fix MMU_NORMAL_PT_UPDATE when passed a page that is no + longer of type page-table. + + 9703: Modification to fix for bug #159001; ignore empty PTEs. + + 9704: Fix for obvious typo in map_pages_to_xen: When replacing + a pte, free the page table pointed to by the old entry, not the + new entry. + + 9705: Jan's previous signed-ness patch (c/s 9695) was changed + when accepted upstream, which broke it; this changeset + attempts to fix the breakage. + + 9708: HVM: Fix a hang when doing an "xm destroy" of Windows VM. + + 9717: HVM: Interrupts must be kept disabled when entering Xen + for external interrupt processing. +* Fri Jun 2 2006 ccoffing@novell.com +- Include xen-3.0-testing changeset 9693. This scales the + ballooning timeout with the amount of memory being requested + (necessary for large memory machines). This is a more proper fix + for Novell bug #175805, and addresses XenSource bug #650. +* Thu Jun 1 2006 ccoffing@novell.com +- Update the README, regarding how to make the mouse work properly + with VNC in HVM. +- Update help text in mk-xen-rescue-img. +* Wed May 31 2006 ccoffing@novell.com +- Jan's backport of xen-unstable changesets 9517, 9518, and 9529. + This allows Xen to boot on 4-node configurations without + crashing. (#150114) +- Include patch from Jun Nakajima at Intel to fix inability to + start XWindows after creating HVM guest. (#159001) +- Include select patches from xen-3.0-testing: + + 9697: Fix infinite recursion loop in get_page_type() error path +- Include xen-unstable changeset 9967, to improve Summagraphics + tablet emulation, to help mouse tracking in HVM. (#167187) +- Include 3 patches from AMD to fix SMP support in HVM. (#176171) +- Add CPUID masking patches from AMD and Intel for HVM. This + prevents the OS from seeing (and trying to use) various hardware + features that are not supported within the VM. (#180879) +* Fri May 26 2006 ccoffing@novell.com +- Fix deadlock between xm and qemu. Qemu should not call xm; + issue xc commands directly. This deadlock was exposed when + making qemu exit nicely and clean up. (#176400) +- Include Gerd's update to his previous REP MOVS fix. Calculating + high_addr and low_addr is more complicated than previously + thought, and the count was wrong. (#165448). +- Drop previous patch that forcefully turns off Xen's console + logging to avoid video corruption; instead use Jan's patch which + only turns logging off when in graphical mode. (#161541) +- Include Jan's patch to call machine_halt rather than inline + assembly "hlt" when Xen crashes to sync display, disable watchdog + timers, etc. +- Tweak the auto-ballooning patch to limit the VM itself to the + requested amount of memory, don't include the overhead, as + suggested by Intel. Separate calls exist elsewhere to increase + the max as needed. (#149179) +- Include select patches from xen-3.0-testing: + + 9688, 9696: These remove some broken assembly string + functions. This is prep work from Jan for bug #160066. + + 9695: Updates in the hypervisor to EDI and ESI could be + incorrect, due to sign not being handled correctly. +* Fri May 19 2006 ccoffing@novell.com +- Update from Intel to previous patch to fix installation of HVM + W2k. Adds decoding for two more instructions. (#176717) +- Updated the README. +- Included updated version of KY's patch to reserve some lowmem + for PAE, to avoid kernel BUG() during boot. The amounts of + memory reserved at various physical memory sizes have been + adjusted. (#175124) +- Include Intel's patch for unchecked allocations in shadow*.c. + (#149179) +* Thu May 18 2006 ccoffing@novell.com +- Include Intel's patch to fix installation of HVM W2k. This patch + adds decoding for 'xor' and 'and' instructions. Without this, + the VM crashes when W2k attempts to install network components. + (#176717) +- While tidying xen-hvm-memory-check.diff for submission upstream, + I noticed an error in the patch (such that low-memory while + starting the HVM domain could still crash the physical machine.) + Now all uses of iopm are protected by the check. (#149179) +- Xen must always relinquish control of the VGA console once dom0 + has started. Otherwise, it could be over-writing dom0's memory, + causing screen or other memory corruption. Admin can use + "xm dmesg" to view Xen's log instead. (#161541) +- First send a SIGTERM, rather than SIGKILL, to qemu to give it a + chance to clean up. This fixes both mouse and CD-ROM issues + for fully virtualized VMs. This is a work-around; Ross is + still working on the proper fix. (#176400, #171258, #176157) +- Include select patches from xen-3.0-testing: + + 9682,9683: These patches only affect full virtualization on + AMD. Fixes register corruption, cleans up event injection, + cleans up IO handling. + + 9685,9686: This patch only affects full virtualization on + Intel. Fixes VM's segment base address, to avoid vmentry + failure. Also remove 32/64 differences in vmx reg store/load. +* Wed May 17 2006 ccoffing@novell.com +- When auto-ballooning domain 0's memory for a new HVM domain, + all memory (including memory intended for overhead) was given + to the VM itself. So increasing the memory size calculations + did not actually free up any more memory. Now, treat the amount + to balloon and the amount to give to the VM as separate values. + (#149179) +* Tue May 16 2006 ccoffing@novell.com +- Include Gerd's fix for HVM emulation of REP MOVS when the copy + spans a page. If the direction flag was set, the emulation code + broke. This caused the VM to freeze when configuring firewall + (#165448). +- Include KY's fix to default to reserving 16M of lowmem for PAE, + to avoid hitting kernel BUG() during boot (#175124). +- Don Dugger's (Intel) fix for HVM screen corruption (#164573). +- Increase maximum time auto-ballooning will wait for domain 0 to + respond, otherwise large VMs will fail to start from yast + (#175805). +* Mon May 15 2006 ccoffing@novell.com +- Update memory size calculations when auto-ballooning for HVM + to make more stable (#149179). +* Fri May 12 2006 ccoffing@novell.com +- Include select patches from xen-3.0-testing: + + 9674: xc_ptrace: Fix reversed conditional, which broke single- + stepping. + + 9675: xc_ptrace: Fix out-of-bounds memory-access for FPU state. + + 9678: Fix the performance issues of 2-level paging HVM guests + on the PAE Xen. +- Update man pages. +* Wed May 10 2006 brogers@novell.com +- Fix loading of binary images which either require PAE or + dynamically support running on both PAE hypervisor and non-PAE + hypervisors. (#174080) +* Wed May 10 2006 carnold@novell.com +- Handle memory failure when staring fully virtualized + guests to prevent reboot of the box (AMD) or + hanging the box (VT) (#149179). +* Tue May 9 2006 ccoffing@novell.com +- Include select patches from xen-3.0-testing: + + 9665: Fix pciif parsing for compatibility variable. + + 9666: Fix HVM hang; was broken due to previous "hda lost + interrupt" patch. (#169146) + + 9667: Do not set GP fault in VMCS for VMX (no bug#; from Intel) +* Thu May 4 2006 cgriffin@novell.com +- Update xen-3.0-testing tree, changeset 9664: + + Changesets 9663 and 9664 fix AMD fully virtualized + guests causing the system to reboot when + first starting up. (#169855) +* Thu May 4 2006 cgriffin@novell.com +- With a Xen domain set up with a loop-mountable file as rootfs, + the "xm start " invocation fails. The cause is a bug + domUloader.py (#172586) +* Thu May 4 2006 rmaxfiel@novell.com +- Added the ability to 'attach' and 'detach' removable media + devices to hvm guests. Also made cdrom eject when the eject + request comes from the hvm guest. (#159907) +- Fixed the loss of mouse when a SDL session ends with 'grab' + in effect. (#159001) +* Thu May 4 2006 cgriffin@novell.com +- Update xen-3.0-testing tree, changeset 9661: + + Drop patches merged upstream + + Took Kier's official patches for dropped patches most + notably spurious interrupts (#152892) +- Took Intel's patch to fix screen corruption when + resizing the screen of windows hvm guests (#164573) +* Wed May 3 2006 kallan@novell.com +- Added configuring network interfaces when using Xen bridging instructions + to the README.SuSE file as requested by bug #171533. +* Mon May 1 2006 tthomas@novell.com +- Added message to xm save to indicate that save is not currently + supported for fully virtualized guests. (#161661) +* Fri Apr 28 2006 ccoffing@novell.com +- Close fds before exec-ing vncviewer, so yast2-vm doesn't hang + when viewing fully-virtualized console (#168392). +* Thu Apr 27 2006 ccoffing@novell.com +- Update xen-3.0-testing tree, changeset 9656: + + Drop patches merged upstream. + + Fix reboot on large SMP machines (IBM, no bug #). +- Integrate Jan's patches: + + Spurious interrupt roundup (#152892). +* Mon Apr 24 2006 ccoffing@novell.com +- Integrate Jan's patches: + + FXSR patch (#135677). + + APIC option patch (work-around #150114). + + Protect against hypervisor crash (#169143). +- Update xen-3.0-testing tree, changeset 9649: + + Avoid spurious timer activations in hypervisor. + + Fix xen command line parsing (lapic / nolapic parsing). + + Fix inverted BUG_ON w.r.t. SiS APIC bug. +* Fri Apr 21 2006 ccoffing@novell.com +- Update to 3.0.2-2 (xen-3.0-testing tree, changeset 9640): + + Fix for "hda lost interrupt" for PAE VMX. + + Increase L2 PDE to 1 GB; allows x86_64 to boot larger dom0. + + Fix for SVM booting 32pae-on-32pae. +- Drop upstream patches (SiS APIC bug, HTT, HVM interrupt race) +- Add Jan's port of spurious interrupt patch (#152892). +- Add /etc/xen/images link for convenience (#168070). +- Updated README. +* Thu Apr 20 2006 ccoffing@novell.com +- SiS APIC bug patch (Jan Beulich, #116485). +* Wed Apr 19 2006 ccoffing@novell.com +- Don't kill xenstored and xenconsoled when stopping xend. + (#158562, #156261) +* Wed Apr 19 2006 ccoffing@novell.com +- Update to 3.0.2-2 (xen-3.0-testing tree, changeset 9629): + + Fix for SMP IA32 VMX guest booting. + + KY's SETMAXMEM fix. +* Wed Apr 19 2006 cgriffin@novell.com +- Removed HTT bit from cpuid and set logical processor count to 1. + Also fixed logic problem in svm code where apic=0 was not + handled (#162244). +* Wed Apr 19 2006 agruen@suse.de +- Create /boot symlinks in the %%install section instead of in + %%post so that they will end up in the package file list. +* Tue Apr 18 2006 ccoffing@novell.com +- Add /etc/xen/vm to vm config file search path (#167208). +* Fri Apr 14 2006 kallan@novell.com +- Add support for bonding in network-bridge. (#161678). +* Fri Apr 14 2006 ccoffing@novell.com +- Update to 3.0.2-2 (xen-3.0-testing tree, changeset 9620): + + Fixes stack corruption in libxs (XenSource #411). +* Thu Apr 13 2006 rmaxfiel@novell.com +- Fixed a problem in ioemu which exited when the cdrom line was + found in the guest def file but the cd device contained no media. + (#161210) +* Wed Apr 12 2006 ccoffing@novell.com +- Auto-balloon domain 0 for HVM domains (#149179). +- Update to 3.0.2-1 (xen-3.0-testing tree, changeset 9612): + + Fixes xmlrpc issues. + + Fixes several emulated instructions for HVM. + + Fixes for x86_64 inline assembly. +* Tue Apr 11 2006 ccoffing@novell.com +- Fix "jitter" and race in dom0's memory target calculation, which + could cause auto-ballooning to fail (#164714). +* Tue Apr 11 2006 brogers@novell.com +- Fix problem where localtime=1 results in zombie domains after + they shutdown (#164960) +* Mon Apr 10 2006 ccoffing@novell.com +- Update to hg 9598 (xen-3.0-testing tree; 3.0.2-rc). Discounting + Linux changes and patches we already carry, this update contains: + + Saner error handling in iret hypercall (x86/64). + + Make root page table sanity check on restore more generic. + + Additional sanity / compatability checks during guest build. + + IO-APIC update hypercall fixes. +* Fri Apr 7 2006 ccoffing@novell.com +- Don't throw an exception if 'xm top' is run by non-root; print + error message instead (#164224). +- Change localtime patch to account for daylight savings time + (Bruce Rogers). +- Re-add patch to make tightvnc work. It was accidentally dropped + recently (#149556). +* Thu Apr 6 2006 ccoffing@novell.com +- Update to hg 9590 (xen-3.0-testing tree; 3.0.2-rc). +- Fix type error in localtime patch for para (Bruce Rogers). +- Fix default localtime for full (Bruce Rogers). +- Fix path in mk-xen-resue-img.sh (#163622). +- Update README (pathnames, yast2-vm descriptions, terminology). +* Mon Apr 3 2006 garloff@suse.de +- init script: Test for control_d in capabilities to determine dom0 + rather than privcmd. +- init script: Try loading netloop and backend modules. +- mk-xen-rescue-img.sh: Copy frontend drivers, remove stale files. +- example config files: provide commented out domUloader exmaples. +* Mon Apr 3 2006 ccoffing@novell.com +- Update to hg 9514 (xen-unstable tree; 3.0.2-rc). +- Fix for rebooting (Jan Beulich; #160064). +* Fri Mar 31 2006 ccoffing@novell.com +- Update to hg 9502 (xen-unstable tree; 3.0.2-rc). +- Update man page (#162402). +- xen-tools requires python-xml (#161712). +- Include localtime patch to support NetWare (Bruce Rogers). +* Thu Mar 30 2006 ccoffing@novell.com +- Update to hg 9481 (xen-unstable tree; 3.0.2-rc). +- Correctly default XAUTHORITY if it is not set. This allows the + GUI to come up for fully virtualized guests (was especially + problematic when VM was started from YaST). (#142472) +* Wed Mar 29 2006 ccoffing@novell.com +- Fixed reversed "Do I have enough memory?" test when creating + new VMs (#156448). +* Tue Mar 28 2006 ccoffing@novell.com +- Pick up two critical fixes for AMD to fix full virtualization: + c/s 9453 & c/s 9456. +* Thu Mar 23 2006 ccoffing@novell.com +- Update to hg 9434 (xen-unstable tree; 3.0.2-rc). +- Fix /etc/xen/scripts/block to properly check if devices can be + shared. +- Default XENDOMAINS_AUTO_ONLY to true; previous setting + contradicts yast2-vm's claim that only VM's marked auto will be + auto-started. +* Mon Mar 20 2006 ccoffing@novell.com +- Update to hg 9329 (xen-unstable tree). +* Wed Mar 15 2006 ccoffing@novell.com +- Update to hg 9251 (xen-unstable tree). +- Update to latest versions of Intel's VNC patches: + patch-vga-sse2-0314.l, patch-vnc_loop-0314.l, + patch-vncmouse-0315.l +- Gather example files in /etc/xen/examples. +* Tue Mar 14 2006 rmaxfiel@novell.com +- Removed the intermediate sym-link between xen.gz and + xen-<version>-<release>.gz. Grub 0.97 XFS can not handle a + double indirect to a file. (#151792) +* Mon Mar 13 2006 garloff@suse.de +- Update README.SuSE: Document limits (mem, cpu hotplug, max_loop), + more network troubleshooting, update security info. +- Be more tolerant against errors in ifdown/ifup to better coexist + with non-std network setups (e.g. ifplugd/NetworkManager). +* Tue Mar 7 2006 ccoffing@novell.com +- Update to hg 9172 (xen-unstable tree). +- Create new xen-libs package, split from xen-tools (#154473). +- Update mk-xen-rescume-img and xmexample.rescue to work with + current rescue image on CD (#152971). +- Include Kurt's patch to domUloader, to pass command line args. +- xendomains shouldn't try to migrate or save HVM domains, as this + isn't supported and will stall the shutdown (#155265). +- Create empty /etc/xen/vm directory for YaST to place config files + in, to avoid name collisions (#156322). +- Update and re-enable vga patch from Intel (Don Dugger). VGA + emul is faster and not corrupted. +- ifup is run to ensure IPs are assigned before rearranging for + xen, but this can fail with ifplugd; this should not kill the + whole script (Kirk Allan) (#154115). +- Make network-bridge script more robust, by checking /sys instead + of grep-ing. +* Mon Mar 6 2006 ccoffing@novell.com +- Update to hg 9148 (xen-unstable tree). Drop patches merged + upstream. +- More README improvements (#154134). +- Fix "vncviewer=1" to bring up vncviewer (#149556). +* Mon Mar 6 2006 ccoffing@novell.com +- Fix build of hvmloader and vmxassist by removing external + CFLAGS (XS changeset #9110). +- Fix build by forcing --prefix during installation of *.py. +* Wed Mar 1 2006 ccoffing@novell.com +- Update to hg 9029 (xen-unstable tree). Adds support for HVM on + 64 bit hardware. +- Update vncmouse diff to 20060301 from Intel; compensates for lack + of eager events in our LibVNCServer. +- Fix many bugs in lomount. +- Cap maximum value of "xm mem-set" for domain 0, based on size of + dom0's page tables (#152667). +* Mon Feb 27 2006 ccoffing@novell.com +- Update to hg 9015 (xen-unstable tree). More bug fixes. +- Update patch to better honor RPM_OPT_FLAGS. +- Updated README (#154134). +- Disable xen-vga-0213 patch; it speeds VGA updates but was + corrupting the display. +- Change max mouse polling time from 1ms to 10ms to reduce CPU + load (from Intel). +* Thu Feb 23 2006 ccoffing@novell.com +- Update to hg 8954 (xen-unstable tree). More bug fixes. +- Don't use a dummy IP of 1.2.3.4 for NFS server when booting domU + with DHCP. Seems to hang x86_64 Linux. +- Remove unnecessary x86_64 patch. +- Fix auto-ballooning of dom0 memory for HVM domUs (XenSource bug + 521). +* Tue Feb 21 2006 ccoffing@novell.com +- Update to hg 8920 (xen-unstable tree). Fixes instruction decode + for fully virtualized guests, fixing booting from CDs. +- Integrate 3 patches from Intel, to improve VNC performance. +* Tue Feb 21 2006 ccoffing@novell.com +- Update to hg 8910 (xen-unstable tree). + fixes 32 on 32, 32 pae on 32pae, 64 on 64, 32 on 64. + critical HVM fixes, for fully virtualized guests. +* Fri Feb 17 2006 ccoffing@novell.com +- Update to hg 8870 (xen-unstable tree). More HVM fixes. +- Remove duplicate balloon.free call. +- Add patch from Intel to fix dom0 crash on 64 bit SMP HVM. +* Thu Feb 16 2006 carnold@novell.com +- Update to hg 8858 (xen-unstable tree). +* Wed Feb 15 2006 ccoffing@novell.com +- Update to hg 8857 (xen-unstable tree). Syncs hypervisor core + with Linux 2.6.16, which may fix some ACPI issues. Fixes HVM. +- Fix uninitialized variable in xc_load_bin (from Bruce Rogers). +- Auto-balloon dom0 for fully virtualized domains (#149179). +- xen-doc-html was missing image files. +* Mon Feb 13 2006 ccoffing@novell.com +- Update to hg 8830 (xen-unstable tree). +- Restore cs 8783/8792 to match kernel. +* Wed Feb 8 2006 ccoffing@novell.com +- Update to hg 8800 (xen-unstable tree). +- Update BuildRequires. +- Add "max-free-memory" to "xm info", to support yast2-vm (#147612) +- Insserv xendomains, to support yast2-vm. +- Fix exit code of "xend stop". +- Revert cs 8783/8792 to allow xenstore to start (until kernel + catches up). +- Ensure eth0 aka veth0 really comes up in network-bridge. +* Sat Feb 4 2006 mls@suse.de +- converted neededforbuild to BuildRequires +* Fri Jan 27 2006 ccoffing@novell.com +- Update to hg 8728 (xen-unstable tree). +- Improve network-bridge: + + Ensure netdev really is up, to fix STARTMODE="manual". + + Stop ifplugd when doing ifdown, to fix STARTMODE="ifplugd". + + Improve check for whether bridge already exists. + + Improve defaults for netdev. +- Fix log rotate so xend moves to new log. +- xen-tools "Requires" python, et.al.; xen proper doesn't. +- Revamp mk-xen-rescue-img.sh (#118566). +- Revamp rcxendomains: improved output, error checking, return + values (#143754, #105677). +* Tue Jan 24 2006 ccoffing@novell.com +- Update to hg 8659 (xen-unstable tree). +* Mon Jan 23 2006 ccoffing@novell.com +- Correct return values and improve messages of init scripts. +* Fri Jan 20 2006 ccoffing@novell.com +- Use domUloader instead of pygrub. +* Thu Jan 19 2006 carnold@novell.com +- Build based on the xen-unstable.hg 8628 +* Wed Jan 18 2006 carnold@novell.com +- Update to hg 8646 xen-unstable-hvm.hg tree. +* Fri Jan 13 2006 ccoffing@novell.com +- Allow version string "XEN_VER=3.0" instead of just + "XEN_VER=xen-3.0" for backwards compatibility. +- Correctly set changeset in compile.h. +* Thu Jan 12 2006 carnold@novell.com +- Added two patches from AMD that apply to the 8513 changeset. +* Thu Jan 12 2006 kukuk@suse.de +- Add libreiserfs-devel to nfb. +* Wed Jan 11 2006 carnold@novell.com +- Update to hg 8513 xen-unstable-hvm.hg tree. +* Tue Jan 10 2006 ccoffing@novell.com +- Update to hg 8269 (xen-3.0-testing). +- Support try-restart in init scripts. +- Clean up installation of udev rules. +* Wed Dec 14 2005 ccoffing@novell.com +- Update to hg 8257 (xen-3.0-testing). +- Update documentation. +- Fix gcc 4.1 warnings. +* Wed Dec 7 2005 ccoffing@novell.com +- Update to hg 8241 (xen-3.0-testing). +* Mon Nov 28 2005 ccoffing@novell.com +- Update to hg 8073. +- Rationalize command names (eg, setsize -> xentrace-setsize). +- Fix gcc 4.1 warnings. +* Wed Nov 16 2005 ccoffing@novell.com +- Update to hg 7782. +- Honor RPM_OPT_FLAGS better. +- Include a few simple, obvious fixes from upstream. +- Build xm-test package. +- Update udev scripts. +* Mon Nov 14 2005 ccoffing@novell.com +- Includes upstream fixes to fix i586 save/restore. +* Thu Nov 10 2005 ccoffing@novell.com +- Include a few simple, obvious fixes: 7609, 7618, 7636, 7689, + 7690, 7692, 7696 +* Thu Nov 3 2005 ccoffing@novell.com +- Update to hg 7608. +- Fix warn_unused_result warnings. +- Drop some patches (merged upstream) +- Tidy README.SuSE. +* Tue Nov 1 2005 ccoffing@novell.com +- Update to hg 7583. +* Thu Oct 20 2005 ccoffing@novell.com +- Don't mention unwritten man pages. +- Update xmexample* to match SUSE paths. +- Update xs-include patch. +* Wed Oct 19 2005 garloff@suse.de +- Avoid race in watchdog functionality. +- Improve network-bridge script. +* Tue Oct 18 2005 garloff@suse.de +- Ignore zombies in the xendomains shutdown procedure and have a + configurable timeout for the commands. Make xendomains status + report something useful. +- Make xendomains script comaptible to non-SUSE distros. +* Mon Oct 17 2005 garloff@suse.de +- Update to hg 7398. +* Mon Oct 17 2005 garloff@suse.de +- Create useful xendomains init script and sysconfig file. +* Mon Oct 17 2005 garloff@suse.de +- Create symlinks also for -pae and -dbg hypervisor. +- Build doxygen documentation. +- Include block-nbd script and xen-nbd example config. +- Include patchset info. +* Wed Oct 12 2005 garloff@suse.de +- Update docu. +- Enable xen-dbg hypervisor for gdbserver domU debugging. +* Tue Oct 11 2005 garloff@suse.de +- Update docu. +- Update to hg 7313. +- Move libxenstore.so to xen-tools. +* Tue Oct 11 2005 garloff@suse.de +- Fix buglet in /sbin/xen-vbd. +* Mon Oct 10 2005 garloff@suse.de +- Downgrade to hg 7267. +- Add troubleshooting section to README.SUSE. +* Mon Oct 10 2005 garloff@suse.de +- Fix typo in SrvDomain for mem-set operation. +- Workaround: write directly to balloon in dom0 setMemoryTarget. +- Kill xenconsoled and xenstored in rcxend stop. +* Sun Oct 9 2005 garloff@suse.de +- Update to hg 7278. +- Provide udev rules to setup vifs and vbds in dom0 when domUs + boot (kraxel). +- Change default FS size for rescue images to 80MB. +* Sat Sep 10 2005 garloff@suse.de +- Update to hg 6715. +- Fix network-bridge down. +* Wed Sep 7 2005 garloff@suse.de +- Build PAE version along non-PAE version of Hypervisor. +* Tue Sep 6 2005 garloff@suse.de +- Try to fix network bridge down issue. +- Document netowrking and firewalling caveats in README.SUSE. +- Enable PAE. +* Tue Sep 6 2005 garloff@suse.de +- Update to hg 6644. +* Sun Sep 4 2005 garloff@suse.de +- Update to hg 6610. +- Rename default name of xen-br0 to xenbr0. +- Fix pygrub installation. +- Use libreiserfs to support pygrub on reiser. +* Mon Aug 29 2005 ccoffing@novell.com +- xen-bridge-net.diff: do not destroy domain 0's network setup + when starting xend. +* Mon Aug 29 2005 garloff@suse.de +- Update to hg 6458. +- Drop privileged port check -- we use Unix dom sockets anyway + (#105178). +- init.xend: Fix linebreaks in PID list. +- Correctly assign insserv to xen-tools subpackage. +* Thu Aug 25 2005 garloff@suse.de +- Add dirs /var/run/xenstored and /var/lib/xenstored. +* Thu Aug 25 2005 garloff@suse.de +- Update to hg 6393. +* Mon Aug 22 2005 garloff@suse.de +- Update to hg 6315. +- Include linux-public headers in xen-devel package. +* Sun Aug 21 2005 garloff@suse.de +- Update to hg 6305. +* Sat Aug 20 2005 garloff@suse.de +- Update to hg 6299. +- Enable VNC support (depending on LibVNCServer). +* Sat Aug 20 2005 garloff@suse.de +- Split off xen-tools-ioemu for supporting unmodified guests. +* Fri Aug 19 2005 garloff@suse.de +- Enable pygrub (at the cost of depending on e2fsprogs-devel) +- Enable VMX ioemu SDL support (at the cost of many dependencies) +* Fri Aug 19 2005 garloff@suse.de +- Update to mercurial changeset 6223. +- Move /usr/libexec/xen/ to /usr/lib[64]/xen/bin/. +- Split off -tools package. +* Mon Aug 15 2005 garloff@suse.de +- Create symlinks in %%post. +- Update README.SUSE. +- Mark /etc/xen/ as %%config(noreplace). +- Fix x86-64 build (movl -> mov, lib vs. lib64 inst dirs). +- Remove PYTHONOPTIMIZE. +* Tue Aug 2 2005 ccoffing@novell.com +- Fix warn_unused_result warnings +* Thu Jul 28 2005 ccoffing@novell.com +- Update to latest 3.0-unstable snapshot. +* Wed Jul 13 2005 ccoffing@novell.com +- Fixed bug in glibc24 patch that caused erroneous "out of memory" + errors +* Fri Jun 24 2005 ccoffing@novell.com +- Fix gcc4 patch that caused a panic in Xen at boot. +* Fri Jun 24 2005 ccoffing@novell.com +- Fix xen-syms link. +* Fri Jun 17 2005 ccoffing@novell.com +- Fix version-check in NetWare loader (0x336ec577 -> 0x326ec578). +* Fri Jun 17 2005 ccoffing@novell.com +- Backport NetWare-friendly loader from Xen 3.0. +* Thu Jun 16 2005 ccoffing@novell.com +- Destroy domains that failed to be fully created. +* Fri Jun 10 2005 garloff@suse.de +- Update to latest 2.0-testing snapshot. +- Use RPM version and release no as xen version. +* Tue Jun 7 2005 garloff@suse.de +- Update mk-xen-rescue-img.sh script: Handle SLES9 better. +- Export PYTHONOPTIMIZE in xend start script. +* Mon Jun 6 2005 garloff@suse.de +- Merge _perform_err fixes. +* Mon May 23 2005 ccoffing@novell.com +- update to 2.0.6 +* Wed Apr 13 2005 garloff@suse.de +- More gcc4 and binutils related fixes. +* Wed Apr 13 2005 garloff@suse.de +- Build fixes for gcc4. +* Sun Apr 3 2005 garloff@suse.de +- Update xen: Various fixes (scheduling, memset, domain crash + handling) and enhancements (bg page scrubbing). +* Thu Mar 24 2005 garloff@suse.de +- xen-bridge-net.diff: Make sure bridge netdev is up after adding + addresses to it. +* Wed Mar 23 2005 garloff@suse.de +- xen-secure.diff: Check for privileged port before allowing + certain control operations. +- README.SUSE: Document this change. +* Wed Mar 23 2005 garloff@suse.de +- Require ports < 1024 to allow controlling VMs. +* Mon Mar 21 2005 garloff@suse.de +- Update xen. +* Wed Mar 16 2005 garloff@suse.de +- Update xen. +- Add /var/lib/xen/xen-db/ subdirs. +* Sun Mar 13 2005 garloff@suse.de +- Update to post-2.0.5 +- Make /usr/sbin/xm root:trusted 0750 +- Drop some patches (merged upstream) +* Tue Mar 8 2005 garloff@suse.de +- Update README with security notes. +- Update mk-xen-rescue-image.sh script allowing to specify the + kernel version to be used. +- Rather than busy-looping, exit console on a domain that has + shutdown. +* Mon Mar 7 2005 garloff@suse.de +- Update xen to latest snapshot. +- tgif not needed any more. +* Tue Mar 1 2005 garloff@suse.de +- Include serial-split from Charles Coffing. +* Tue Mar 1 2005 garloff@suse.de +- Update xen to latest snapshot. +* Mon Feb 21 2005 garloff@suse.de +- Update README.SuSE. +- Update xen to latest snapshot. +* Sun Feb 13 2005 garloff@suse.de +- Add init header to xendomains init script. +- Add bridge-utils dependency. +- Update config file and README. +- Activate xend init script on installation. +* Wed Feb 9 2005 ro@suse.de +- remove te_etex and te_pdf from neededforbuild. +* Wed Feb 9 2005 garloff@suse.de +- Update README about IDE dma. +- Default to dhcp. +* Wed Feb 9 2005 garloff@suse.de +- Update to xen post-2.0.4. +- Little bugfix for xen rescue install script. +- Update README.SUSE: Better explanation of root FS creation. +* Sun Jan 23 2005 garloff@suse.de +- Change some defaults to be more secure (xend only binds to + localhost, ip spoof protection on). +- Avoid ipv6 issue with xend network script. +- Extensive docu in README.SUSE now. +- mk-xen-rescue-img.sh creates a xen root fs image from the std + SUSE rescue image. +- Put boot.local script in root img to parse ip boot par. +* Thu Jan 20 2005 garloff@suse.de +- Update to newer snapshot. +* Wed Jan 19 2005 garloff@suse.de +- Update to xen-2.0-unstable (post 2.0.3). +* Thu Dec 9 2004 garloff@suse.de +- Initial creation of package xen, xen-doc-*. +- i686 only for now. diff --git a/xen.stubdom.newlib.patch b/xen.stubdom.newlib.patch new file mode 100644 index 0000000..64983fb --- /dev/null +++ b/xen.stubdom.newlib.patch @@ -0,0 +1,119 @@ +# HG changeset patch +# Parent 02ec826cab1e4acb25b364a180a1597ace1149f9 +stubdom: fix errors in newlib + +rpm post-build-checks found a few code bugs in newlib, and marks them as +errors. Add another newlib patch and apply it during stubdom build. + +I: A function uses a 'return;' statement, but has actually a value + to return, like an integer ('return 42;') or similar. +W: xen voidreturn ../../../../newlib-1.16.0/libgloss/i386/cygmon-gmon.c:117, 125, 146, 157, 330 + +I: Program is using implicit definitions of special functions. + these functions need to use their correct prototypes to allow + the lightweight buffer overflow checking to work. + - Implicit memory/string functions need #include <string.h>. + - Implicit *printf functions need #include <stdio.h>. + - Implicit *printf functions need #include <stdio.h>. + - Implicit *read* functions need #include <unistd.h>. + - Implicit *recv* functions need #include <sys/socket.h>. +E: xen implicit-fortify-decl ../../../../newlib-1.16.0/libgloss/i386/cygmon-gmon.c:119 + +I: Program returns random data in a function +E: xen no-return-in-nonvoid-function ../../../../newlib-1.16.0/libgloss/i386/cygmon-gmon.c:362 + +Signed-off-by: Olaf Hering <olaf@aepfle.de> + +Index: xen-4.12.0-testing/stubdom/Makefile +=================================================================== +--- xen-4.12.0-testing.orig/stubdom/Makefile ++++ xen-4.12.0-testing/stubdom/Makefile +@@ -88,6 +88,8 @@ newlib-$(NEWLIB_VERSION): newlib-$(NEWLI + patch -d $@ -p0 < newlib-chk.patch + patch -d $@ -p1 < newlib-stdint-size_max-fix-from-1.17.0.patch + patch -d $@ -p1 < newlib-disable-texinfo.patch ++ patch -d $@ -p1 < newlib-cygmon-gmon.patch ++ patch -d $@ -p1 < newlib-makedoc.patch + find $@ -type f | xargs perl -i.bak \ + -pe 's/\b_(tzname|daylight|timezone)\b/$$1/g' + touch $@ +Index: xen-4.12.0-testing/stubdom/newlib-cygmon-gmon.patch +=================================================================== +--- /dev/null ++++ xen-4.12.0-testing/stubdom/newlib-cygmon-gmon.patch +@@ -0,0 +1,60 @@ ++ ++I: A function uses a 'return;' statement, but has actually a value ++ to return, like an integer ('return 42;') or similar. ++W: xen voidreturn ../../../../newlib-1.16.0/libgloss/i386/cygmon-gmon.c:117, 125, 146, 157, 330 ++ ++I: Program is using implicit definitions of special functions. ++ these functions need to use their correct prototypes to allow ++ the lightweight buffer overflow checking to work. ++ - Implicit memory/string functions need #include <string.h>. ++ - Implicit *printf functions need #include <stdio.h>. ++ - Implicit *printf functions need #include <stdio.h>. ++ - Implicit *read* functions need #include <unistd.h>. ++ - Implicit *recv* functions need #include <sys/socket.h>. ++E: xen implicit-fortify-decl ../../../../newlib-1.16.0/libgloss/i386/cygmon-gmon.c:119 ++ ++I: Program returns random data in a function ++E: xen no-return-in-nonvoid-function ../../../../newlib-1.16.0/libgloss/i386/cygmon-gmon.c:362 ++ ++--- ++ libgloss/i386/cygmon-gmon.c | 6 +++++- ++ 1 file changed, 5 insertions(+), 1 deletion(-) ++ ++Index: newlib-1.16.0/libgloss/i386/cygmon-gmon.c ++=================================================================== ++--- newlib-1.16.0.orig/libgloss/i386/cygmon-gmon.c +++++ newlib-1.16.0/libgloss/i386/cygmon-gmon.c ++@@ -61,6 +61,8 @@ ++ static char sccsid[] = "@(#)gmon.c 5.3 (Berkeley) 5/22/91"; ++ #endif /* not lint */ ++ +++#include <string.h> +++#include <unistd.h> ++ #define DEBUG ++ #ifdef DEBUG ++ #include <stdio.h> ++@@ -89,7 +91,7 @@ static int s_scale; ++ ++ extern int errno; ++ ++-int +++void ++ monstartup(lowpc, highpc) ++ char *lowpc; ++ char *highpc; ++@@ -199,6 +201,7 @@ _mcleanup() ++ ++ static char already_setup = 0; ++ +++void ++ _mcount() ++ { ++ register char *selfpc; ++@@ -341,6 +344,7 @@ overflow: ++ * profiling is what mcount checks to see if ++ * all the data structures are ready. ++ */ +++void ++ moncontrol(mode) ++ int mode; ++ { +Index: xen-4.12.0-testing/stubdom/newlib-makedoc.patch +=================================================================== +--- /dev/null ++++ xen-4.12.0-testing/stubdom/newlib-makedoc.patch +@@ -0,0 +1,10 @@ ++--- newlib-1.16.0/newlib/doc/makedoc.c.orig 2015-04-08 11:56:39.283090914 +0200 +++++ newlib-1.16.0/newlib/doc/makedoc.c 2015-04-08 11:56:51.245227742 +0200 ++@@ -39,6 +39,7 @@ ++ #include <stdio.h> ++ #include <stdlib.h> ++ #include <ctype.h> +++#include <string.h> ++ ++ #define DEF_SIZE 5000 ++ #define STACK 50 diff --git a/xen2libvirt.py b/xen2libvirt.py new file mode 100644 index 0000000..68958ef --- /dev/null +++ b/xen2libvirt.py @@ -0,0 +1,137 @@ +#!/usr/bin/python3 +# +# Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see +# <http://www.gnu.org/licenses/>. +# +# Authors: +# Jim Fehlig <jfehlig@suse.com> +# +# Read native Xen configuration format, convert to libvirt domXML, and +# import (virsh define <xml>) into libvirt. + + +import sys +import os +import argparse +import re +from xml.etree import ElementTree + +try: + import libvirt +except ImportError: + print('Unable to import the libvirt module. Is libvirt-python installed?') + sys.exit(1) + +parser = argparse.ArgumentParser(description='Import Xen domain configuration into libvirt') +parser.add_argument('-c', '--convert-only', help='Convert Xen domain configuration into libvirt domXML, but do not import into libvirt', action='store_true', dest='convert_only') +parser.add_argument('-r', '--recursive', help='Operate recursivelly on all Xen domain configuration rooted at path', action='store_true') +parser.add_argument('-f', '--format', help='Format of Xen domain configuration. Supported formats are xm and sexpr', choices=['xm', 'sexpr'], default=None) +parser.add_argument('-v', '--verbose', help='Print information about the import process', action='store_true') +parser.add_argument('path', help='Path to Xen domain configuration') + + +def print_verbose(msg): + if args.verbose: + print(msg) + + +def check_config(path, config): + isbinary = os.system('file -b ' + path + ' | grep text > /dev/null') + + if isbinary: + print('Skipping %s (not a valid Xen configuration file)' % path) + return 'unknown' + + for line in config.splitlines(): + if len(line) == 0 or line.startswith('#'): + continue + if line.startswith('<domain'): + # XML is not a supported conversion format + break + if line.startswith('(domain'): + print('Found sexpr formatted file %s' % path) + return 'sexpr' + if '=' in line: + print('Found xm formatted file %s' % path) + return 'xm' + break + + print('Skipping %s (not a valid Xen configuration file)' % path) + return 'unknown' + + +def import_domain(conn, path, format=None, convert_only=False): + + f = open(path, 'r') + config = f.read() + print_verbose('Xen domain configuration read from %s:\n %s' % (path, config)) + if format is None: + format = check_config(path, config) + + if format == 'sexpr': + print_verbose('scrubbing domid from configuration') + config = re.sub("\(domid [0-9]*\)", "", config) + print_verbose('scrubbed sexpr:\n %s' % config) + xml = conn.domainXMLFromNative('xen-sxpr', config, 0) + elif format == 'xm': + xml = conn.domainXMLFromNative('xen-xm', config, 0) + else: + # Return to continue on to next file (if recursive) + return + + f.close() + + # domUloader is no longer available in SLES12, replace with pygrub + tree = ElementTree.fromstring(xml) + bl = tree.find('.//bootloader') + if bl is not None and bl.text is not None and 'domUloader' in bl.text: + bl.text = 'pygrub' + xml = ElementTree.tostring(tree) + + print_verbose('Successfully converted Xen domain configuration to ' + 'libvirt domXML:\n %s' % xml) + if convert_only: + print(xml) + else: + print_verbose('Importing converted libvirt domXML into libvirt...') + dom = conn.defineXML(xml.decode("utf-8")) + if dom is None: + print('Failed to define domain from converted domXML') + sys.exit(1) + print_verbose('domXML successfully imported into libvirt') + + +args = parser.parse_args() +path = args.path + +# Connect to libvirt +conn = libvirt.open(None) +if conn is None: + print('Failed to open connection to the hypervisor') + sys.exit(1) + +if args.recursive: + try: + for root, dirs, files in os.walk(path): + for name in files: + abs_name = os.path.join(root, name) + print_verbose('Processing file %s' % abs_name) + import_domain(conn, abs_name, args.format, args.convert_only) + except IOError: + print('Failed to open/read path %s' % path) + sys.exit(1) +else: + import_domain(conn, args.path, args.format, args.convert_only) diff --git a/xen_maskcalc.py b/xen_maskcalc.py new file mode 100644 index 0000000..0d12227 --- /dev/null +++ b/xen_maskcalc.py @@ -0,0 +1,395 @@ +#!/usr/bin/python3 + +# Xen Mask Calculator - Calculate CPU masking information based on cpuid(1) +# Copyright (C) 2017 Armando Vega +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import argparse +import sys +import os + + +EAX1_MATCH = '0x00000001 0x00:' +EAX7_MATCH = '0x00000007 0x00:' +EXP_LINELN = 76 + +libxl_names_ecx1 = [] +libxl_names_edx1 = [] +libvirt_names_ecx1 = [] +libvirt_names_edx1 = [] + +libxl_names_ebx7 = [] +libxl_names_ecx7 = [] +libvirt_names_ebx7 = [] +libvirt_names_ecx7 = [] + +def fill_ecx1(bit, libxl, libvirt): + if libxl_names_ecx1[bit]: + print("ecx bit %s already set: libxl %s libvirt %s. Ignoring %s/%s\n" % (bit, libxl_names_ecx1[bit], libvirt_names_ecx1[bit], libxl, libvirt)) + return + libxl_names_ecx1[bit] = libxl + libvirt_names_ecx1[bit] = libvirt + +def fill_edx1(bit, libxl, libvirt): + if libxl_names_edx1[bit]: + print("edx bit %s already set: libxl %s libvirt %s. Ignoring %s/%s\n" % (bit, libxl_names_edx1[bit], libvirt_names_edx1[bit], libxl, libvirt)) + return + libxl_names_edx1[bit] = libxl + libvirt_names_edx1[bit] = libvirt + +def fill_ebx7(bit, libxl, libvirt): + if libxl_names_ebx7[bit]: + print("edx bit %s already set: libxl %s libvirt %s. Ignoring %s/%s\n" % (bit, libxl_names_ebx7[bit], libvirt_names_ebx7[bit], libxl, libvirt)) + return + libxl_names_ebx7[bit] = libxl + libvirt_names_ebx7[bit] = libvirt + +def fill_ecx7(bit, libxl, libvirt): + if libxl_names_ecx7[bit]: + print("ecx bit %s already set: libxl %s libvirt %s. Ignoring %s/%s\n" % (bit, libxl_names_ecx7[bit], libvirt_names_ecx7[bit], libxl, libvirt)) + return + libxl_names_ecx7[bit] = libxl + libvirt_names_ecx7[bit] = libvirt + +def fill_bit_names(): + for i in range(0,32): + libxl_names_ecx1.append(None) + libxl_names_edx1.append(None) + libxl_names_ebx7.append(None) + libxl_names_ecx7.append(None) + libvirt_names_ecx1.append(None) + libvirt_names_edx1.append(None) + libvirt_names_ebx7.append(None) + libvirt_names_ecx7.append(None) + + fill_ecx1(0, "sse3", "pni") + fill_ecx1(1, "pclmulqdq", "pclmuldq") + fill_ecx1(2, "dtes64", "dtes64") + fill_ecx1(3, "monitor", "monitor") + fill_ecx1(4, "dscpl", "ds_cpl") + fill_ecx1(5, "vmx", "vmx") + fill_ecx1(6, "smx", "smx") + fill_ecx1(7, "est", "est") + fill_ecx1(8, "tm2", "tm2") + fill_ecx1(9, "ssse3", "ssse3") + fill_ecx1(10, "cntxid", "cid") + fill_ecx1(12, "fma", "fma") + fill_ecx1(13, "cmpxchg16", "cx16") + fill_ecx1(14, "xtpr", "xtpr") + fill_ecx1(15, "pdcm", "pdcm") + fill_ecx1(17, "pcid", "pcid") + fill_ecx1(18, "dca", "dca") + fill_ecx1(19, "sse4_1", "sse4.1") + fill_ecx1(20, "sse4_2", "sse4.2") + fill_ecx1(21, "x2apic", "x2apic") + fill_ecx1(22, "movbe", "movbe") + fill_ecx1(23, "popcnt", "popcnt") + fill_ecx1(24, "tsc-deadline", "tsc-deadline") + fill_ecx1(25, "aes", "aes") + fill_ecx1(26, "xsave", "xsave") + fill_ecx1(27, "osxsave", "osxsave") + fill_ecx1(28, "avx", "avx") + fill_ecx1(29, "f16c", "f16c") + fill_ecx1(30, "rdrand", "rdrand") + fill_ecx1(31, "hypervisor", "hypervisor") + + fill_edx1(0, "fpu", "fpu") + fill_edx1(1, "vme", "vme") + fill_edx1(2, "de", "de") + fill_edx1(3, "pse", "pse") + fill_edx1(4, "tsc", "tsc") + fill_edx1(5, "msr", "msr") + fill_edx1(6, "pae", "pae") + fill_edx1(7, "mce", "mce") + fill_edx1(8, "cmpxchg8", "cx8") + fill_edx1(9, "apic", "apic") + fill_edx1(11, "sysenter", "sep") + fill_edx1(12, "mtrr", "mtrr") + fill_edx1(13, "pge", "pge") + fill_edx1(14, "mca", "mca") + fill_edx1(15, "cmov", "cmov") + fill_edx1(16, "pat", "pat") + fill_edx1(17, "pse36", "pse36") + fill_edx1(18, "psn", "pn") + fill_edx1(19, "clfsh", "clflush") + fill_edx1(21, "ds", "ds") + fill_edx1(22, "acpi", "acpi") + fill_edx1(23, "mmx", "mmx") + fill_edx1(24, "fxsr", "fxsr") + fill_edx1(25, "sse", "sse") + fill_edx1(26, "sse2", "sse2") + fill_edx1(27, "ss", "ss") + fill_edx1(28, "htt", "ht") + fill_edx1(29, "tm", "tm") + fill_edx1(30, "ia64", "ia64") + fill_edx1(31, "pbe", "pbe") + + fill_ebx7(0, "fsgsbase", "fsgsbase") + fill_ebx7(1, "tsc_adjust", "tsc_adjust") + fill_ebx7(3, "bmi1", "bmi1") + fill_ebx7(4, "hle", "hle") + fill_ebx7(5, "avx2", "avx2") + fill_ebx7(7, "smep", "smep") + fill_ebx7(8, "bmi2", "bmi2") + fill_ebx7(9, "erms", "erms") + fill_ebx7(10, "invpcid", "invpcid") + fill_ebx7(11, "rtm", "rtm") + fill_ebx7(12, "cmt", "cmt") + fill_ebx7(14, "mpx", "mpx") + fill_ebx7(16, "avx512f", "avx512f") + fill_ebx7(17, "avx512dq", "avx512dq") + fill_ebx7(18, "rdseed", "rdseed") + fill_ebx7(19, "adx", "adx") + fill_ebx7(20, "smap", "smap") + fill_ebx7(21, "avx512-ifma", "avx512-ifma") + fill_ebx7(23, "clflushopt", "clflushopt") + fill_ebx7(24, "clwb", "clwb") + fill_ebx7(26, "avx512pf", "avx512pf") + fill_ebx7(27, "avx512er", "avx512er") + fill_ebx7(28, "avx512cd", "avx512cd") + fill_ebx7(29, "sha", "sha") + fill_ebx7(30, "avx512bw", "avx512bw") + fill_ebx7(31, "avx512vl", "avx512vl") + + fill_ecx7(0, "prefetchwt1", "prefetchwt1") + fill_ecx7(1, "avx512-vbmi", "avx512-vbmi") + fill_ecx7(2, "umip", "umip") + fill_ecx7(3, "pku", "pku") + fill_ecx7(4, "ospke", "ospke") + fill_ecx7(6, "avx512-vbmi2", "avx512-vbmi2") + fill_ecx7(8, "gfni", "gfni") + fill_ecx7(9, "vaes", "vaes") + fill_ecx7(10, "vpclmulqdq", "vpclmulqdq") + fill_ecx7(11, "avx512-vnni", "avx512-vnni") + fill_ecx7(12, "avx512-bitalg", "avx512-bitalg") + fill_ecx7(14, "avx512-vpopcntdq", "avx512-vpopcntdq") + fill_ecx7(22, "rdpid", "rdpid") + fill_ecx7(25, "cldemote", "cldemote") + + +def get_register_mask(regs): + """ Take a list of register values and return the calculated mask """ + reg_n = len(regs) + mask = '' + for idx in range(32): + counter = 0 + for reg in regs: + counter += 1 if (reg & (1 << idx) > 0) else 0 + # if we have all 1s or all 0s we don't mask the bit + if counter == reg_n or counter == 0: + mask = mask + 'x' + else: + mask = mask + '0' + # we calculated the mask in reverse, so we reverse it again + return mask[::-1] + + +def print_xl_masking_config(nodes): + """ Take a dictionary of nodes containing their registers and print out CPUID masking configuration for xl """ + nomasking = 'x' * 32 + libxl = [] + libvirt = [] + eax1_ecx_regs = [] + eax1_edx_regs = [] + eax7_ebx_regs = [] + eax7_ecx_regs = [] + for node in nodes: + eax1_ecx_regs.append(nodes[node]['eax1_ecx']) + eax1_edx_regs.append(nodes[node]['eax1_edx']) + eax7_ebx_regs.append(nodes[node]['eax7_ebx']) + eax7_ecx_regs.append(nodes[node]['eax7_ecx']) + # Get masks for the EAX1 and EAX7 registers + eax1_ecx_mask = get_register_mask(eax1_ecx_regs) + eax1_edx_mask = get_register_mask(eax1_edx_regs) + eax7_ebx_mask = get_register_mask(eax7_ebx_regs) + eax7_ecx_mask = get_register_mask(eax7_ecx_regs) + # Build the xl CPUID config + cpuid_config = 'cpuid = [\n "0x00000001:ecx=' + eax1_ecx_mask + if eax1_edx_mask != nomasking: + cpuid_config += ',edx=' + eax1_edx_mask + cpuid_config += '",\n' + cpuid_config += ' "0x00000007,0x00:ebx=' + eax7_ebx_mask + if eax7_ecx_mask != nomasking: + cpuid_config += ',ecx=' + eax7_ecx_mask + cpuid_config += '"\n' + cpuid_config += ']' + print(cpuid_config) + + bitnum = len(eax1_ecx_mask) + while bitnum > 0: + bitnum -= 1 + bitval = eax1_ecx_mask[len(eax1_ecx_mask) - 1 - bitnum] + if bitval == "0" and libxl_names_ecx1[bitnum]: + libxl.append(libxl_names_ecx1[bitnum] + "=0") + libvirt.append(libvirt_names_ecx1[bitnum]) + + bitnum = len(eax1_edx_mask) + while bitnum > 0: + bitnum -= 1 + bitval = eax1_edx_mask[len(eax1_edx_mask) - 1 - bitnum] + if bitval == "0" and libxl_names_edx1[bitnum]: + libxl.append(libxl_names_edx1[bitnum] + "=0") + libvirt.append(libvirt_names_edx1[bitnum]) + + bitnum = len(eax7_ebx_mask) + while bitnum > 0: + bitnum -= 1 + bitval = eax7_ebx_mask[len(eax7_ebx_mask) - 1 - bitnum] + if bitval == "0" and libxl_names_ebx7[bitnum]: + libxl.append(libxl_names_ebx7[bitnum] + "=0") + libvirt.append(libvirt_names_ebx7[bitnum]) + + bitnum = len(eax7_ecx_mask) + while bitnum > 0: + bitnum -= 1 + bitval = eax7_ecx_mask[len(eax7_ecx_mask) - 1 - bitnum] + if bitval == "0" and libxl_names_ecx7[bitnum]: + libxl.append(libxl_names_ecx7[bitnum] + "=0") + libvirt.append(libvirt_names_ecx7[bitnum]) + + if len(libxl) > 0: + output = "cpuid = [ host" + for i in libxl: + output += "," + i + output += " ]" + print(output) + + print("<domain>") + print(" <cpu>") + for i in libvirt: + print(" <feature policy='optional' name='%s' />" % i) + print(" </cpu>") + print("</domain>") + + +def print_verbose_masking_info(nodes): + """ Take a dictionary of nodes containing their registers and print out verbose mask derivation information """ + eax1_ecx_regs = [] + eax1_edx_regs = [] + eax7_ebx_regs = [] + eax7_ecx_regs = [] + for node in nodes: + eax1_ecx_regs.append(nodes[node]['eax1_ecx']) + eax1_edx_regs.append(nodes[node]['eax1_edx']) + eax7_ebx_regs.append(nodes[node]['eax7_ebx']) + eax7_ecx_regs.append(nodes[node]['eax7_ecx']) + + print("") + print('== Detailed mask derivation info ==') + print("") + + print('EAX1 ECX registers:') + for reg in eax1_ecx_regs: + print('{0:032b}'.format(reg)) + print('================================') + print(get_register_mask(eax1_ecx_regs)) + + print("") + print('EAX1 EDX registers:') + for reg in eax1_edx_regs: + print('{0:032b}'.format(reg)) + print('================================') + print(get_register_mask(eax1_edx_regs)) + + print("") + print('EAX7,0 EBX registers:') + for reg in eax7_ebx_regs: + print('{0:032b}'.format(reg)) + print('================================') + print(get_register_mask(eax7_ebx_regs)) + + print("") + print('EAX7,0 ECX registers:') + for reg in eax7_ecx_regs: + print('{0:032b}'.format(reg)) + print('================================') + print(get_register_mask(eax7_ecx_regs)) + + +if __name__ == '__main__': + epilog = """The individual 'node_files' are generated with 'cpuid -1r': + server1~$ cpuid -1r > node1 + server2~$ cpuid -1r > node2 + server3~$ cpuid -1r > node3 + + ~$ {0} node1 node2 node3 + + Use 'zypper install cpuid' to install the cpuid.rpm. + +Note: Run 'cpuid' with NATIVE boot instead of dom0 to get the complete cpid value. +Xen hides some bits from dom0! + """.format(sys.argv[0]) + parser = argparse.ArgumentParser( + formatter_class=argparse.RawDescriptionHelpFormatter, + description='A utility that calculates a XEN CPUID difference mask', + epilog=epilog + ) + parser.add_argument('node_files', nargs='*', help='Filenames of XEN node CPUID outputs') + parser.add_argument('-v', '--verbose', action='store_true', help='Get detailed mask derivation information') + args = parser.parse_args() + if len(args.node_files) < 2: + print('Need at least 2 files to do the comparison!') + parser.print_help() + sys.exit(1) + + fill_bit_names() + nodes = dict() + for node in args.node_files: + if os.path.isfile(node): + try: + f = open(node) + except IOError as e: + print("I/O error({0}): {1}".format(e.errno, e.strerror)) + sys.exit(1) + else: + lines = [line.strip() for line in f] + eax1 = '' + eax7 = '' + # try to match the lines containing interesting registers + # EAX1 - Processor Info and Feature Bits + # EAX7 - Extended features + for line in lines: + if line.startswith(EAX1_MATCH): + eax1 = line + elif line.startswith(EAX7_MATCH): + eax7 = line + # if we get garbled data we should probably just give up + if len(eax1) < EXP_LINELN or len(eax7) < EXP_LINELN: + print('ERROR: invalid data format in file : ' + node) + sys.exit(1) + + # check if we can actually parse the strings into integers + try: + eax1_ecx = int(eax1.split()[4].split('=')[1], 0) + eax1_edx = int(eax1.split()[5].split('=')[1], 0) + eax7_ebx = int(eax7.split()[3].split('=')[1], 0) + eax7_ecx = int(eax7.split()[4].split('=')[1], 0) + except ValueError: + print('ERROR: invalid data format in file: ' + node) + sys.exit(1) + + nodes[node] = dict() + nodes[node]['eax1_ecx'] = eax1_ecx + nodes[node]['eax1_edx'] = eax1_edx + nodes[node]['eax7_ebx'] = eax7_ebx + nodes[node]['eax7_ecx'] = eax7_ecx + f.close() + else: + print('File not found: ' + node) + sys.exit(1) + + print_xl_masking_config(nodes) + if args.verbose: + print_verbose_masking_info(nodes) diff --git a/xenapiusers b/xenapiusers new file mode 100644 index 0000000..d8649da --- /dev/null +++ b/xenapiusers @@ -0,0 +1 @@ +root diff --git a/xencommons.service b/xencommons.service new file mode 100644 index 0000000..ba2a6cd --- /dev/null +++ b/xencommons.service @@ -0,0 +1,36 @@ +[Unit] +Description=xencommons +ConditionPathExists=/proc/xen/capabilities + +# Avoid errors from systemd-modules-load.service +Requires=xen-dom0-modules.service +After=xen-dom0-modules.service + +# Pull in all upstream service files +Requires=proc-xen.mount +After=proc-xen.mount +Requires=xenstored.service +After=xenstored.service +Requires=xenconsoled.service +After=xenconsoled.service +Requires=xen-init-dom0.service +After=xen-init-dom0.service +Requires=xen-qemu-dom0-disk-backend.service +After=xen-qemu-dom0-disk-backend.service + +# Make sure network (for bridge) and remote mounts (for xendomains) are available ... +After=network-online.target +After=remote-fs.target + +# ... for libvirt and xendomains +Before=xendomains.service libvirtd.service + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStartPre=/bin/grep -q control_d /proc/xen/capabilities +ExecStart=/usr/bin/xenstore-ls -f +ExecStartPost=/bin/sh -c 'mv -vf /var/log/xen/xen-boot.log /var/log/xen/xen-boot.prev.log ; /usr/sbin/xl dmesg > /var/log/xen/xen-boot.log' + +[Install] +WantedBy=multi-user.target diff --git a/xenconsole-no-multiple-connections.patch b/xenconsole-no-multiple-connections.patch new file mode 100644 index 0000000..89bb169 --- /dev/null +++ b/xenconsole-no-multiple-connections.patch @@ -0,0 +1,27 @@ +Index: xen-4.8.0-testing/tools/console/client/main.c +=================================================================== +--- xen-4.8.0-testing.orig/tools/console/client/main.c ++++ xen-4.8.0-testing/tools/console/client/main.c +@@ -101,6 +101,7 @@ static int get_pty_fd(struct xs_handle * + * Assumes there is already a watch set in the store for this path. */ + { + struct timeval tv; ++ struct flock lock; + fd_set watch_fdset; + int xs_fd = xs_fileno(xs), pty_fd = -1; + int start, now; +@@ -124,6 +125,14 @@ static int get_pty_fd(struct xs_handle * + pty_fd = open(pty_path, O_RDWR | O_NOCTTY); + if (pty_fd == -1) + warn("Could not open tty `%s'", pty_path); ++ else { ++ memset(&lock, 0, sizeof(lock)); ++ lock.l_type = F_WRLCK; ++ lock.l_whence = SEEK_SET; ++ if (fcntl(pty_fd, F_SETLK, &lock) != 0) ++ err(errno, "Could not lock tty '%s'", ++ pty_path); ++ } + } + free(pty_path); + } diff --git a/xendomains-wait-disks.LICENSE b/xendomains-wait-disks.LICENSE new file mode 100644 index 0000000..9cecc1d --- /dev/null +++ b/xendomains-wait-disks.LICENSE @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + {one line to give the program's name and a brief idea of what it does.} + Copyright (C) {year} {name of author} + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + {project} Copyright (C) {year} {fullname} + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +<http://www.gnu.org/licenses/>. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +<http://www.gnu.org/philosophy/why-not-lgpl.html>. diff --git a/xendomains-wait-disks.README.md b/xendomains-wait-disks.README.md new file mode 100644 index 0000000..4eb3881 --- /dev/null +++ b/xendomains-wait-disks.README.md @@ -0,0 +1,28 @@ +# xen-tools-xendomains-wait-disk + +[xendomains.service](https://github.com/xen-project/xen/blob/RELEASE-4.13.0/tools/hotplug/Linux/systemd/xendomains.service.in) has problems +with disks that appear only later in boot process (or even after booting is complete). This project creates a service that +loops over all disks that domU will use and wait for them to appear. + +xendomains-wait-disk.service launches a script that reads both /etc/xen/auto/ configurations and /var/lib/xen/save/ dumps. +From those files, it extracts which disks are needed for all domU that will be started (respecting /etc/sysconfig/xendomains +settings). After that, it simply loops waiting for those disks to appear. There is a timeout (5 min) configured in +xendomains-wait-disk.service that prevents it to block booting process forever. + +There are two known cases where this project is useful: + +## degraded mdadm RAID + +mdadm RAID are assembled by [udev rules](https://github.com/neilbrown/mdadm/blob/master/udev-md-raid-assembly.rules). +However, it is only assembled when it is healthy. When a member is still missing, it starts a [timer](https://github.com/neilbrown/mdadm/blob/master/systemd/mdadm-last-resort%40.timer) that will try to assemble the RAID anyway after 30s, even if degraded. This timer does not block xendomains to be started. So, if a domU is depending on a MD RAID that is degraded (i.e. RAID 1 missing one disk), xendomains.service will be started before those 30s passed and that domU will fail. + +An alternative solution would be to add extra hard dependencies to xendomains.service for each required disk (Require=xxx.device). However, this solution introduces another bigger problem. Before, if a single RAID is degraded, only the domU that depends on it will fail. With Require=xxx.device, xendomains will never start if +a RAID could not be assembled even after 30s (i.e. RAID5 with two missing disks). + +With xendomains-wait-disk.service, xendomains.service will be blocked up to 5 min waiting for those MD RAID used by domUs. If it fails, xendomains.service +continues anyway. + +## iSCSI disks + +domU that uses iSCSI disk (mapped by host OS) also fails to start during boot. open-iscsi.service returns before it connect to the remote target and rescan +iscsi disks. As in mdadm RAID case, xendomains.service is started and domU that depends on iSCSI disks will fail. diff --git a/xendomains-wait-disks.sh b/xendomains-wait-disks.sh new file mode 100644 index 0000000..15ae507 --- /dev/null +++ b/xendomains-wait-disks.sh @@ -0,0 +1,199 @@ +#!/bin/bash +# +# Generates xendomains unit +# + +read_conf_from_file() { + ${sbindir}/xl create --quiet --dryrun --defconfig "$1" +} + +big2littleendian_32bit(){ + echo ${1:6:2}${1:4:2}${1:2:2}${1:0:2} +} + +read_hex() { + local out_var=$1; shift + local input=$1; shift + local pos_var=$1; shift + local length=$1; shift + local hex=$(dd bs=1 skip=${!pos_var} count=$length status=none <$input | xxd -p -c$length -l$length) + read -r $pos_var <<<"$((${!pos_var} + $length))" + read -r $out_var <<<"$hex" +} + +hex2dec() { + local hex=$1; shift + local little_endian=$1; shift + if $little_endian; then + hex=$(big2littleendian_32bit $hex) + fi + echo $((0x$hex)) +} + +read_conf_from_image(){ + local pos=0 length=0 + + local magic_header byte_order mandatory_flags optional_flags optional_data_len config_len config_json + + read_hex magic_header $1 pos 32 + # "Xen saved domain, xl format\n \0 \r" + if [ "$magic_header" != "58656e20736176656420646f6d61696e2c20786c20666f726d61740a2000200d" ]; then + log $err "Unknown file format in $1. Wrong magic header: '0x$magic_header'" + return 1 + fi + + read_hex byte_order $1 pos 4 + case "$byte_order" in + 04030201) little_endian=true;; + 01020304) little_endian=false;; + *) log $err "Unknown byte order 0x$byte_order in $1"; return 1;; + esac + + #define XL_MANDATORY_FLAG_JSON (1U << 0) /* config data is in JSON format */ + #define XL_MANDATORY_FLAG_STREAMv2 (1U << 1) /* stream is v2 */ + read_hex mandatory_flags $1 pos 4 + if [ "$(($(hex2dec $mandatory_flags $little_endian) & 0x3))" -ne 3 ]; then + log $err "Unknown config format or stream version. Mandatory flags are 0x$mandatory_flag" + return 1 + fi + + read_hex optional_flags $1 pos 4 + read_hex optional_data_len $1 pos 4 + optional_data_len=$(hex2dec $optional_data_len $little_endian) + + # I'll not use but saved memory dump will begin at $((pos+optional_data_len)) + read_hex config_len $1 pos 4 + config_len=$(hex2dec $config_len $little_endian) + + # null terminated string + read_hex config_json $1 pos $config_len + xxd -p -r <<<"$config_json" +} + +log() { + local msg_loglevel=$1; shift + if [ "$msg_loglevel" -gt "$LOGLEVEL" ]; then + return 0 + fi + echo "$@" >&2 +} + + +emerg=0; alert=1; crit=2; err=3 +warning=4; notice=5; info=6; debug=7 +LOGLEVEL=${LOGLEVEL:-4} +if [ "$SYSTEMD_LOG_LEVEL" ]; then + LOGLEVEL=${!SYSTEMD_LOG_LEVEL} +fi +log $debug "Using loglevel $LOGLEVEL" +trap "log $err Error on \$LINENO: \$(caller)" ERR + +log $debug "loading /etc/xen/scripts/hotplugpath.sh..." +. /etc/xen/scripts/hotplugpath.sh + +#log $debug "testing for ${sbindir}/xl..." +#CMD=${sbindir}/xl +#if ! $CMD list &> /dev/null; then +# log $err "${sbindir}/xl list failed!" +# log $err "$($CMD list &>&1)" +# exit $? +#fi +#log $debug "${sbindir}/xl list OK!" + +log $debug "loading /etc/sysconfig/xendomains..." +XENDOM_CONFIG=/etc/sysconfig/xendomains +if ! test -r $XENDOM_CONFIG; then + echo "$XENDOM_CONFIG not existing" >&2; + exit 6 +fi + +. $XENDOM_CONFIG + +doms_conf=() +doms_restore=() +doms_source=() + +log $debug "Reading saved domains..." +if [ "$XENDOMAINS_RESTORE" = "true" ] && [ -d "$XENDOMAINS_SAVE" ]; then + for dom in $XENDOMAINS_SAVE/*; do + log $debug "Trying $dom..." + if ! [ -r $dom ] ; then + log $debug "Not readable $dom..." + continue + fi + + log $debug "Reading conf from $dom..." + if ! dom_conf=$(read_conf_from_image $dom); then + log $error "Cannot read conf from $dom" + continue + fi + + log $debug "Adding $dom to the list" + doms_conf+=("$dom_conf") + doms_restore+=(true) + doms_source+=("$dom") + done +fi + +log $debug "Reading auto domains..." +if [ -d "$XENDOMAINS_AUTO" ]; then + for dom in $XENDOMAINS_AUTO/*; do + log $debug "Trying $dom..." + if ! [ -r $dom ] ; then + log $debug "Not readable $dom..." + continue + fi + + log $debug "Reading conf from $dom..." + if ! dom_conf=$(read_conf_from_file $dom); then + echo 123 + log $error "Cannot read conf from $dom" + continue + fi + + log $debug "Adding $dom to the list" + doms_conf+=("$dom_conf") + doms_restore+=(false) + doms_source+=("$dom") + done +fi + +log $debug "We have ${#doms_conf[*]} to check" +for i in ${!doms_conf[*]}; do + log $debug "Doing dom $i..." + + dom_conf="${doms_conf[i]}" + dom_restore="${doms_restore[i]}" + dom_source="${doms_source[i]}" + + dom_name=$(sed -n 's/^.*(name \(.*\))$/\1/p;s/^.*"name": "\(.*\)",$/\1/p' <<<"$dom_conf") + readarray -t required_disks <<<"$(sed -n -e '/^ "disks": \[/,/ \],/{ /"pdev_path":/ { s/.*"pdev_path": "//;s/".*//p } }' <<<"$dom_conf")" + + log $debug "dom $i is named $dom_name..." + for disk in "${required_disks[@]}"; do + disk_control_var=control_$(tr -d -c '[a-zA-Z0-9_]' <<<"$disk") + if [ "${!disk_control_var:-0}" -eq 1 ]; then + log $debug "$disk for $dom_name is already being checked" + continue + fi + declare $disk_control_var=1 + log $debug "waiting for $disk for $dom_name" + ( + j=0 found_loglevel=$debug + while true; do + if [ -e "$disk" ]; then + log $found_loglevel "disk $disk found (after $j seconds)" + exit 0 + fi + if [ "$(( j++ % 5))" -eq 0 ]; then + log $warning "still waiting for $disk for $dom_name..." + found_loglevel=$warning + fi + sleep 1 + done + ) & + done +done + +wait +log $debug "Exiting normally" diff --git a/xenstore-launch.patch b/xenstore-launch.patch new file mode 100644 index 0000000..03e2bce --- /dev/null +++ b/xenstore-launch.patch @@ -0,0 +1,19 @@ +References: bsc#1131811 + +When the xenstored service is started it exits successfully but systemd seems to +lose track of the service and reports an error causing other xen services to fail. +This patch is a workaround giving systemd time to acknowledge a succesful start +of xenstored. The real fix is believed to be needed in systemd. + +diff --git a/tools/hotplug/Linux/launch-xenstore.in b/tools/hotplug/Linux/launch-xenstore.in +index 991dec8d25..eb3d7c964c 100644 +--- a/tools/hotplug/Linux/launch-xenstore.in ++++ b/tools/hotplug/Linux/launch-xenstore.in +@@ -79,6 +79,7 @@ test -f @CONFIG_DIR@/@CONFIG_LEAF_DIR@/xencommons && . @CONFIG_DIR@/@CONFIG_LEAF + echo -n Starting $XENSTORE_DOMAIN_KERNEL... + ${LIBEXEC_BIN}/init-xenstore-domain $XENSTORE_DOMAIN_ARGS || exit 1 + systemd-notify --ready 2>/dev/null ++ systemd-notify --booted 2>/dev/null && sleep 60 + + exit 0 + } diff --git a/xenstore-run-in-studomain.patch b/xenstore-run-in-studomain.patch new file mode 100644 index 0000000..5cdb3f2 --- /dev/null +++ b/xenstore-run-in-studomain.patch @@ -0,0 +1,59 @@ +References: fate#323663 - Run Xenstore in stubdomain + +Index: xen-4.10.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in +=================================================================== +--- xen-4.10.0-testing.orig/tools/hotplug/Linux/init.d/sysconfig.xencommons.in ++++ xen-4.10.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in +@@ -16,7 +16,7 @@ + # + # Changing this requires a reboot to take effect. + # +-#XENSTORETYPE=daemon ++#XENSTORETYPE=domain + + ## Type: string + ## Default: xenstored +@@ -67,7 +67,7 @@ XENSTORED_ARGS= + # + # xenstore domain memory size in MiB. + # Only evaluated if XENSTORETYPE is "domain". +-#XENSTORE_DOMAIN_SIZE=8 ++#XENSTORE_DOMAIN_SIZE=32 + + ## Type: string + ## Default: not set, no autoballooning of xenstore domain +@@ -78,7 +78,7 @@ XENSTORED_ARGS= + # - combination of both in form of <val>:<frac> (e.g. 8:1/100), resulting + # value will be the higher of both specifications + # Only evaluated if XENSTORETYPE is "domain". +-#XENSTORE_MAX_DOMAIN_SIZE= ++#XENSTORE_MAX_DOMAIN_SIZE=1/100 + + ## Type: string + ## Default: "" +Index: xen-4.10.0-testing/tools/hotplug/Linux/launch-xenstore.in +=================================================================== +--- xen-4.10.0-testing.orig/tools/hotplug/Linux/launch-xenstore.in ++++ xen-4.10.0-testing/tools/hotplug/Linux/launch-xenstore.in +@@ -48,7 +48,7 @@ test_xenstore && exit 0 + + test -f @CONFIG_DIR@/@CONFIG_LEAF_DIR@/xencommons && . @CONFIG_DIR@/@CONFIG_LEAF_DIR@/xencommons + +-[ "$XENSTORETYPE" = "" ] && XENSTORETYPE=daemon ++[ "$XENSTORETYPE" = "" ] && XENSTORETYPE=domain + + /bin/mkdir -p @XEN_RUN_DIR@ + +@@ -72,9 +72,10 @@ test -f @CONFIG_DIR@/@CONFIG_LEAF_DIR@/x + [ "$XENSTORETYPE" = "domain" ] && { + [ -z "$XENSTORE_DOMAIN_KERNEL" ] && XENSTORE_DOMAIN_KERNEL=@LIBEXEC@/boot/xenstore-stubdom.gz + XENSTORE_DOMAIN_ARGS="$XENSTORE_DOMAIN_ARGS --kernel $XENSTORE_DOMAIN_KERNEL" +- [ -z "$XENSTORE_DOMAIN_SIZE" ] && XENSTORE_DOMAIN_SIZE=8 ++ [ -z "$XENSTORE_DOMAIN_SIZE" ] && XENSTORE_DOMAIN_SIZE=32 + XENSTORE_DOMAIN_ARGS="$XENSTORE_DOMAIN_ARGS --memory $XENSTORE_DOMAIN_SIZE" +- [ -z "$XENSTORE_MAX_DOMAIN_SIZE" ] || XENSTORE_DOMAIN_ARGS="$XENSTORE_DOMAIN_ARGS --maxmem $XENSTORE_MAX_DOMAIN_SIZE" ++ [ -z "$XENSTORE_MAX_DOMAIN_SIZE" ] && XENSTORE_MAX_DOMAIN_SIZE="1/100" ++ XENSTORE_DOMAIN_ARGS="$XENSTORE_DOMAIN_ARGS --maxmem $XENSTORE_MAX_DOMAIN_SIZE" + + echo -n Starting $XENSTORE_DOMAIN_KERNEL... + ${LIBEXEC_BIN}/init-xenstore-domain $XENSTORE_DOMAIN_ARGS || exit 1 diff --git a/xl-conf-default-bridge.patch b/xl-conf-default-bridge.patch new file mode 100644 index 0000000..0d2cd72 --- /dev/null +++ b/xl-conf-default-bridge.patch @@ -0,0 +1,13 @@ +Index: xen-4.4.0-testing/tools/examples/xl.conf +=================================================================== +--- xen-4.4.0-testing.orig/tools/examples/xl.conf ++++ xen-4.4.0-testing/tools/examples/xl.conf +@@ -30,7 +30,7 @@ + #vif.default.script="vif-bridge" + + # default bridge device to use with vif-bridge hotplug scripts +-#vif.default.bridge="xenbr0" ++vif.default.bridge="br0" + + # Reserve a claim of memory when launching a guest. This guarantees immediate + # feedback whether the guest can be launched due to memory exhaustion diff --git a/xl-conf-disable-autoballoon.patch b/xl-conf-disable-autoballoon.patch new file mode 100644 index 0000000..150d988 --- /dev/null +++ b/xl-conf-disable-autoballoon.patch @@ -0,0 +1,11 @@ +--- xen-4.12.0-testing/tools/examples/xl.conf.orig 2019-03-11 06:17:17.586380817 -0600 ++++ xen-4.12.0-testing/tools/examples/xl.conf 2019-03-11 06:17:31.314553910 -0600 +@@ -3,7 +3,7 @@ + # Control whether dom0 is ballooned down when xen doesn't have enough + # free memory to create a domain. "auto" means only balloon if dom0 + # starts with all the host's memory. +-#autoballoon="auto" ++autoballoon="off" + + # full path of the lockfile used by xl during domain creation + #lockfile="/var/lock/xl" diff --git a/xnloader.py b/xnloader.py new file mode 100644 index 0000000..e194da4 --- /dev/null +++ b/xnloader.py @@ -0,0 +1,64 @@ +# NetWare-specific operations +# +# Copyright (c) 2013 Suse Linux Products. +# Author: Charles Arnold <carnold@suse.com> +# +# This software may be freely redistributed under the terms of the GNU +# general public license. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# 51 Franklin St, Boston, MA 02110 + +# Binary patching of xnloader.sys +# For launching NetWare on Xen 4.2 and newer + + +import os, sys, base64 + +CODE_OFFSET=0x49F5 +NUMBER_OF_CODE_BYTES=17 +ORIGINAL_CODE="BA00080000C786FC1F0000FFFFFFFF31C9" +PATCHED_CODE="BAF8070000834C961CFFB9080000009090" +XNLOADER_SYS_MD5SUM="eb76cce2a2d45928ea2bf26e01430af2" + +def patch_netware_loader(loader): + """Open the given xnloader.sys file and patch the relevant code hunk.""" + + # domUloader calls this with all kernels so perhaps this is not the NetWare loader + md5sum_cmd = 'md5sum ' + loader + p = os.popen(md5sum_cmd) + sum = p.read().split()[0] + p.close() + if sum != XNLOADER_SYS_MD5SUM: + return + + try: + fd = os.open(loader, os.O_RDWR) + except Exception as e: + print(e, file=sys.stderr) + raise + + # Validate minimum size for I/O + stat = os.fstat(fd) + if stat.st_size < CODE_OFFSET+NUMBER_OF_CODE_BYTES: + os.close(fd) + return + + # Seek to location of code hunk + os.lseek(fd, CODE_OFFSET, os.SEEK_SET) + + # Read code bytes at offset + buf = os.read(fd, NUMBER_OF_CODE_BYTES) + + code_as_hex = base64.b16encode(buf) + code_as_hex = code_as_hex.decode('utf-8') + if code_as_hex == ORIGINAL_CODE: + # Seek back to start location of the code hunk + os.lseek(fd, CODE_OFFSET, os.SEEK_SET) + # Convert the PATCHED_CODE string to raw binary + code_as_bin = base64.b16decode(PATCHED_CODE) + # Write the patched code + os.write(fd, code_as_bin) + os.close(fd) + diff --git a/xsa286-1.patch b/xsa286-1.patch new file mode 100644 index 0000000..f0f51d5 --- /dev/null +++ b/xsa286-1.patch @@ -0,0 +1,70 @@ +x86/mm: split L4 and L3 parts of the walk out of do_page_walk() + +The L3 one at least is going to be re-used by a subsequent patch, and +splitting the L4 one then as well seems only natural. + +This is part of XSA-286. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: George Dunlap <george.dunlap@citrix.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/x86_64/mm.c ++++ b/xen/arch/x86/x86_64/mm.c +@@ -44,26 +44,47 @@ unsigned int __read_mostly m2p_compat_vs + + l2_pgentry_t *compat_idle_pg_table_l2; + +-void *do_page_walk(struct vcpu *v, unsigned long addr) ++static l4_pgentry_t page_walk_get_l4e(pagetable_t root, unsigned long addr) + { +- unsigned long mfn = pagetable_get_pfn(v->arch.guest_table); +- l4_pgentry_t l4e, *l4t; +- l3_pgentry_t l3e, *l3t; +- l2_pgentry_t l2e, *l2t; +- l1_pgentry_t l1e, *l1t; ++ unsigned long mfn = pagetable_get_pfn(root); ++ l4_pgentry_t *l4t, l4e; + +- if ( !is_pv_vcpu(v) || !is_canonical_address(addr) ) +- return NULL; ++ if ( !is_canonical_address(addr) ) ++ return l4e_empty(); + + l4t = map_domain_page(_mfn(mfn)); + l4e = l4t[l4_table_offset(addr)]; + unmap_domain_page(l4t); ++ ++ return l4e; ++} ++ ++static l3_pgentry_t page_walk_get_l3e(pagetable_t root, unsigned long addr) ++{ ++ l4_pgentry_t l4e = page_walk_get_l4e(root, addr); ++ l3_pgentry_t *l3t, l3e; ++ + if ( !(l4e_get_flags(l4e) & _PAGE_PRESENT) ) +- return NULL; ++ return l3e_empty(); + + l3t = map_l3t_from_l4e(l4e); + l3e = l3t[l3_table_offset(addr)]; + unmap_domain_page(l3t); ++ ++ return l3e; ++} ++ ++void *do_page_walk(struct vcpu *v, unsigned long addr) ++{ ++ l3_pgentry_t l3e; ++ l2_pgentry_t l2e, *l2t; ++ l1_pgentry_t l1e, *l1t; ++ unsigned long mfn; ++ ++ if ( !is_pv_vcpu(v) ) ++ return NULL; ++ ++ l3e = page_walk_get_l3e(v->arch.guest_table, addr); + mfn = l3e_get_pfn(l3e); + if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) || !mfn_valid(_mfn(mfn)) ) + return NULL; diff --git a/xsa286-2.patch b/xsa286-2.patch new file mode 100644 index 0000000..80bc3c8 --- /dev/null +++ b/xsa286-2.patch @@ -0,0 +1,167 @@ +x86/mm: check page types in do_page_walk() + +For page table entries read to be guaranteed valid, transiently locking +the pages and validating their types is necessary. Note that guest use +of linear page tables is intentionally not taken into account here, as +ordinary data (guest stacks) can't possibly live inside page tables. + +This is part of XSA-286. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: George Dunlap <george.dunlap@citrix.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/x86_64/mm.c ++++ b/xen/arch/x86/x86_64/mm.c +@@ -46,15 +46,29 @@ l2_pgentry_t *compat_idle_pg_table_l2; + + static l4_pgentry_t page_walk_get_l4e(pagetable_t root, unsigned long addr) + { +- unsigned long mfn = pagetable_get_pfn(root); +- l4_pgentry_t *l4t, l4e; ++ mfn_t mfn = pagetable_get_mfn(root); ++ /* current's root page table can't disappear under our feet. */ ++ bool need_lock = !mfn_eq(mfn, pagetable_get_mfn(current->arch.guest_table)); ++ struct page_info *pg; ++ l4_pgentry_t l4e = l4e_empty(); + + if ( !is_canonical_address(addr) ) + return l4e_empty(); + +- l4t = map_domain_page(_mfn(mfn)); +- l4e = l4t[l4_table_offset(addr)]; +- unmap_domain_page(l4t); ++ pg = mfn_to_page(mfn); ++ if ( need_lock && !page_lock(pg) ) ++ return l4e_empty(); ++ ++ if ( (pg->u.inuse.type_info & PGT_type_mask) == PGT_l4_page_table ) ++ { ++ l4_pgentry_t *l4t = map_domain_page(mfn); ++ ++ l4e = l4t[l4_table_offset(addr)]; ++ unmap_domain_page(l4t); ++ } ++ ++ if ( need_lock ) ++ page_unlock(pg); + + return l4e; + } +@@ -62,14 +76,26 @@ static l4_pgentry_t page_walk_get_l4e(pa + static l3_pgentry_t page_walk_get_l3e(pagetable_t root, unsigned long addr) + { + l4_pgentry_t l4e = page_walk_get_l4e(root, addr); +- l3_pgentry_t *l3t, l3e; ++ mfn_t mfn = l4e_get_mfn(l4e); ++ struct page_info *pg; ++ l3_pgentry_t l3e = l3e_empty(); + + if ( !(l4e_get_flags(l4e) & _PAGE_PRESENT) ) + return l3e_empty(); + +- l3t = map_l3t_from_l4e(l4e); +- l3e = l3t[l3_table_offset(addr)]; +- unmap_domain_page(l3t); ++ pg = mfn_to_page(mfn); ++ if ( !page_lock(pg) ) ++ return l3e_empty(); ++ ++ if ( (pg->u.inuse.type_info & PGT_type_mask) == PGT_l3_page_table ) ++ { ++ l3_pgentry_t *l3t = map_domain_page(mfn); ++ ++ l3e = l3t[l3_table_offset(addr)]; ++ unmap_domain_page(l3t); ++ } ++ ++ page_unlock(pg); + + return l3e; + } +@@ -77,44 +103,67 @@ static l3_pgentry_t page_walk_get_l3e(pa + void *do_page_walk(struct vcpu *v, unsigned long addr) + { + l3_pgentry_t l3e; +- l2_pgentry_t l2e, *l2t; +- l1_pgentry_t l1e, *l1t; +- unsigned long mfn; ++ l2_pgentry_t l2e = l2e_empty(); ++ l1_pgentry_t l1e = l1e_empty(); ++ mfn_t mfn; ++ struct page_info *pg; + + if ( !is_pv_vcpu(v) ) + return NULL; + + l3e = page_walk_get_l3e(v->arch.guest_table, addr); +- mfn = l3e_get_pfn(l3e); +- if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) || !mfn_valid(_mfn(mfn)) ) ++ mfn = l3e_get_mfn(l3e); ++ if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) || !mfn_valid(mfn) ) + return NULL; + if ( (l3e_get_flags(l3e) & _PAGE_PSE) ) + { +- mfn += PFN_DOWN(addr & ((1UL << L3_PAGETABLE_SHIFT) - 1)); ++ mfn = mfn_add(mfn, PFN_DOWN(addr & ((1UL << L3_PAGETABLE_SHIFT) - 1))); + goto ret; + } + +- l2t = map_domain_page(_mfn(mfn)); +- l2e = l2t[l2_table_offset(addr)]; +- unmap_domain_page(l2t); +- mfn = l2e_get_pfn(l2e); +- if ( !(l2e_get_flags(l2e) & _PAGE_PRESENT) || !mfn_valid(_mfn(mfn)) ) ++ pg = mfn_to_page(mfn); ++ if ( !page_lock(pg) ) ++ return NULL; ++ ++ if ( (pg->u.inuse.type_info & PGT_type_mask) == PGT_l2_page_table ) ++ { ++ const l2_pgentry_t *l2t = map_domain_page(mfn); ++ ++ l2e = l2t[l2_table_offset(addr)]; ++ unmap_domain_page(l2t); ++ } ++ ++ page_unlock(pg); ++ ++ mfn = l2e_get_mfn(l2e); ++ if ( !(l2e_get_flags(l2e) & _PAGE_PRESENT) || !mfn_valid(mfn) ) + return NULL; + if ( (l2e_get_flags(l2e) & _PAGE_PSE) ) + { +- mfn += PFN_DOWN(addr & ((1UL << L2_PAGETABLE_SHIFT) - 1)); ++ mfn = mfn_add(mfn, PFN_DOWN(addr & ((1UL << L2_PAGETABLE_SHIFT) - 1))); + goto ret; + } + +- l1t = map_domain_page(_mfn(mfn)); +- l1e = l1t[l1_table_offset(addr)]; +- unmap_domain_page(l1t); +- mfn = l1e_get_pfn(l1e); +- if ( !(l1e_get_flags(l1e) & _PAGE_PRESENT) || !mfn_valid(_mfn(mfn)) ) ++ pg = mfn_to_page(mfn); ++ if ( !page_lock(pg) ) ++ return NULL; ++ ++ if ( (pg->u.inuse.type_info & PGT_type_mask) == PGT_l1_page_table ) ++ { ++ const l1_pgentry_t *l1t = map_domain_page(mfn); ++ ++ l1e = l1t[l1_table_offset(addr)]; ++ unmap_domain_page(l1t); ++ } ++ ++ page_unlock(pg); ++ ++ mfn = l1e_get_mfn(l1e); ++ if ( !(l1e_get_flags(l1e) & _PAGE_PRESENT) || !mfn_valid(mfn) ) + return NULL; + + ret: +- return map_domain_page(_mfn(mfn)) + (addr & ~PAGE_MASK); ++ return map_domain_page(mfn) + (addr & ~PAGE_MASK); + } + + /* diff --git a/xsa286-3.patch b/xsa286-3.patch new file mode 100644 index 0000000..2b0f703 --- /dev/null +++ b/xsa286-3.patch @@ -0,0 +1,81 @@ +x86/mm: avoid using linear page tables in map_guest_l1e() + +Replace the linear L2 table access by an actual page walk. + +This is part of XSA-286. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: George Dunlap <george.dunlap@citrix.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/pv/mm.c ++++ b/xen/arch/x86/pv/mm.c +@@ -40,11 +40,14 @@ l1_pgentry_t *map_guest_l1e(unsigned lon + if ( unlikely(!__addr_ok(linear)) ) + return NULL; + +- /* Find this l1e and its enclosing l1mfn in the linear map. */ +- if ( __copy_from_user(&l2e, +- &__linear_l2_table[l2_linear_offset(linear)], +- sizeof(l2_pgentry_t)) ) ++ if ( unlikely(!(current->arch.flags & TF_kernel_mode)) ) ++ { ++ ASSERT_UNREACHABLE(); + return NULL; ++ } ++ ++ /* Find this l1e and its enclosing l1mfn. */ ++ l2e = page_walk_get_l2e(current->arch.guest_table, linear); + + /* Check flags that it will be safe to read the l1e. */ + if ( (l2e_get_flags(l2e) & (_PAGE_PRESENT | _PAGE_PSE)) != _PAGE_PRESENT ) +--- a/xen/arch/x86/x86_64/mm.c ++++ b/xen/arch/x86/x86_64/mm.c +@@ -100,6 +100,34 @@ static l3_pgentry_t page_walk_get_l3e(pa + return l3e; + } + ++l2_pgentry_t page_walk_get_l2e(pagetable_t root, unsigned long addr) ++{ ++ l3_pgentry_t l3e = page_walk_get_l3e(root, addr); ++ mfn_t mfn = l3e_get_mfn(l3e); ++ struct page_info *pg; ++ l2_pgentry_t l2e = l2e_empty(); ++ ++ if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) || ++ (l3e_get_flags(l3e) & _PAGE_PSE) ) ++ return l2e_empty(); ++ ++ pg = mfn_to_page(mfn); ++ if ( !page_lock(pg) ) ++ return l2e_empty(); ++ ++ if ( (pg->u.inuse.type_info & PGT_type_mask) == PGT_l2_page_table ) ++ { ++ l2_pgentry_t *l2t = map_domain_page(mfn); ++ ++ l2e = l2t[l2_table_offset(addr)]; ++ unmap_domain_page(l2t); ++ } ++ ++ page_unlock(pg); ++ ++ return l2e; ++} ++ + void *do_page_walk(struct vcpu *v, unsigned long addr) + { + l3_pgentry_t l3e; +--- a/xen/include/asm-x86/mm.h ++++ b/xen/include/asm-x86/mm.h +@@ -577,7 +577,9 @@ void audit_domains(void); + void make_cr3(struct vcpu *v, mfn_t mfn); + void update_cr3(struct vcpu *v); + int vcpu_destroy_pagetables(struct vcpu *); ++ + void *do_page_walk(struct vcpu *v, unsigned long addr); ++l2_pgentry_t page_walk_get_l2e(pagetable_t root, unsigned long addr); + + int __sync_local_execstate(void); + diff --git a/xsa286-4.patch b/xsa286-4.patch new file mode 100644 index 0000000..b425374 --- /dev/null +++ b/xsa286-4.patch @@ -0,0 +1,161 @@ +x86/mm: avoid using linear page tables in guest_get_eff_kern_l1e() + +First of all drop guest_get_eff_l1e() entirely - there's no actual user +of it: pv_ro_page_fault() has a guest_kernel_mode() conditional around +its only call site. + +Then replace the linear L1 table access by an actual page walk. + +This is part of XSA-286. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: George Dunlap <george.dunlap@citrix.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/pv/mm.c ++++ b/xen/arch/x86/pv/mm.c +@@ -59,27 +59,6 @@ l1_pgentry_t *map_guest_l1e(unsigned lon + } + + /* +- * Read the guest's l1e that maps this address, from the kernel-mode +- * page tables. +- */ +-static l1_pgentry_t guest_get_eff_kern_l1e(unsigned long linear) +-{ +- struct vcpu *curr = current; +- const bool user_mode = !(curr->arch.flags & TF_kernel_mode); +- l1_pgentry_t l1e; +- +- if ( user_mode ) +- toggle_guest_pt(curr); +- +- l1e = guest_get_eff_l1e(linear); +- +- if ( user_mode ) +- toggle_guest_pt(curr); +- +- return l1e; +-} +- +-/* + * Map a guest's LDT page (covering the byte at @offset from start of the LDT) + * into Xen's virtual range. Returns true if the mapping changed, false + * otherwise. +--- a/xen/arch/x86/pv/mm.h ++++ b/xen/arch/x86/pv/mm.h +@@ -5,19 +5,19 @@ l1_pgentry_t *map_guest_l1e(unsigned lon + + int new_guest_cr3(mfn_t mfn); + +-/* Read a PV guest's l1e that maps this linear address. */ +-static inline l1_pgentry_t guest_get_eff_l1e(unsigned long linear) ++/* ++ * Read the guest's l1e that maps this address, from the kernel-mode ++ * page tables. ++ */ ++static inline l1_pgentry_t guest_get_eff_kern_l1e(unsigned long linear) + { +- l1_pgentry_t l1e; ++ l1_pgentry_t l1e = l1e_empty(); + + ASSERT(!paging_mode_translate(current->domain)); + ASSERT(!paging_mode_external(current->domain)); + +- if ( unlikely(!__addr_ok(linear)) || +- __copy_from_user(&l1e, +- &__linear_l1_table[l1_linear_offset(linear)], +- sizeof(l1_pgentry_t)) ) +- l1e = l1e_empty(); ++ if ( likely(__addr_ok(linear)) ) ++ l1e = page_walk_get_l1e(current->arch.guest_table, linear); + + return l1e; + } +--- a/xen/arch/x86/pv/ro-page-fault.c ++++ b/xen/arch/x86/pv/ro-page-fault.c +@@ -357,7 +357,7 @@ int pv_ro_page_fault(unsigned long addr, + bool mmio_ro; + + /* Attempt to read the PTE that maps the VA being accessed. */ +- pte = guest_get_eff_l1e(addr); ++ pte = guest_get_eff_kern_l1e(addr); + + /* We are only looking for read-only mappings */ + if ( ((l1e_get_flags(pte) & (_PAGE_PRESENT | _PAGE_RW)) != _PAGE_PRESENT) ) +--- a/xen/arch/x86/x86_64/mm.c ++++ b/xen/arch/x86/x86_64/mm.c +@@ -128,6 +128,62 @@ l2_pgentry_t page_walk_get_l2e(pagetable + return l2e; + } + ++/* ++ * For now no "set_accessed" parameter, as all callers want it set to true. ++ * For now also no "set_dirty" parameter, as all callers deal with r/o ++ * mappings, and we don't want to set the dirty bit there (conflicts with ++ * CET-SS). However, as there are CPUs which may set the dirty bit on r/o ++ * PTEs, the logic below tolerates the bit becoming set "behind our backs". ++ */ ++l1_pgentry_t page_walk_get_l1e(pagetable_t root, unsigned long addr) ++{ ++ l2_pgentry_t l2e = page_walk_get_l2e(root, addr); ++ mfn_t mfn = l2e_get_mfn(l2e); ++ struct page_info *pg; ++ l1_pgentry_t l1e = l1e_empty(); ++ ++ if ( !(l2e_get_flags(l2e) & _PAGE_PRESENT) || ++ (l2e_get_flags(l2e) & _PAGE_PSE) ) ++ return l1e_empty(); ++ ++ pg = mfn_to_page(mfn); ++ if ( !page_lock(pg) ) ++ return l1e_empty(); ++ ++ if ( (pg->u.inuse.type_info & PGT_type_mask) == PGT_l1_page_table ) ++ { ++ l1_pgentry_t *l1t = map_domain_page(mfn); ++ ++ l1e = l1t[l1_table_offset(addr)]; ++ ++ if ( (l1e_get_flags(l1e) & (_PAGE_ACCESSED | _PAGE_PRESENT)) == ++ _PAGE_PRESENT ) ++ { ++ l1_pgentry_t ol1e = l1e; ++ ++ l1e_add_flags(l1e, _PAGE_ACCESSED); ++ /* ++ * Best effort only; with the lock held the page shouldn't ++ * change anyway, except for the dirty bit to perhaps become set. ++ */ ++ while ( cmpxchg(&l1e_get_intpte(l1t[l1_table_offset(addr)]), ++ l1e_get_intpte(ol1e), l1e_get_intpte(l1e)) != ++ l1e_get_intpte(ol1e) && ++ !(l1e_get_flags(l1e) & _PAGE_DIRTY) ) ++ { ++ l1e_add_flags(ol1e, _PAGE_DIRTY); ++ l1e_add_flags(l1e, _PAGE_DIRTY); ++ } ++ } ++ ++ unmap_domain_page(l1t); ++ } ++ ++ page_unlock(pg); ++ ++ return l1e; ++} ++ + void *do_page_walk(struct vcpu *v, unsigned long addr) + { + l3_pgentry_t l3e; +--- a/xen/include/asm-x86/mm.h ++++ b/xen/include/asm-x86/mm.h +@@ -580,6 +580,7 @@ int vcpu_destroy_pagetables(struct vcpu + + void *do_page_walk(struct vcpu *v, unsigned long addr); + l2_pgentry_t page_walk_get_l2e(pagetable_t root, unsigned long addr); ++l1_pgentry_t page_walk_get_l1e(pagetable_t root, unsigned long addr); + + int __sync_local_execstate(void); + diff --git a/xsa286-5.patch b/xsa286-5.patch new file mode 100644 index 0000000..01fa2c1 --- /dev/null +++ b/xsa286-5.patch @@ -0,0 +1,94 @@ +x86/mm: avoid using top level linear page tables in {,un}map_domain_page() + +Move the page table recursion two levels down. This entails avoiding +to free the recursive mapping prematurely in free_perdomain_mappings(). + +This is part of XSA-286. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: George Dunlap <george.dunlap@citrix.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/domain_page.c ++++ b/xen/arch/x86/domain_page.c +@@ -65,7 +65,8 @@ void __init mapcache_override_current(st + #define mapcache_l2_entry(e) ((e) >> PAGETABLE_ORDER) + #define MAPCACHE_L2_ENTRIES (mapcache_l2_entry(MAPCACHE_ENTRIES - 1) + 1) + #define MAPCACHE_L1ENT(idx) \ +- __linear_l1_table[l1_linear_offset(MAPCACHE_VIRT_START + pfn_to_paddr(idx))] ++ ((l1_pgentry_t *)(MAPCACHE_VIRT_START | \ ++ ((L2_PAGETABLE_ENTRIES - 1) << L2_PAGETABLE_SHIFT)))[idx] + + void *map_domain_page(mfn_t mfn) + { +@@ -235,6 +236,7 @@ int mapcache_domain_init(struct domain * + { + struct mapcache_domain *dcache = &d->arch.pv.mapcache; + unsigned int bitmap_pages; ++ int rc; + + ASSERT(is_pv_domain(d)); + +@@ -243,8 +245,10 @@ int mapcache_domain_init(struct domain * + return 0; + #endif + ++ BUILD_BUG_ON(MAPCACHE_VIRT_START & ((1 << L3_PAGETABLE_SHIFT) - 1)); + BUILD_BUG_ON(MAPCACHE_VIRT_END + PAGE_SIZE * (3 + +- 2 * PFN_UP(BITS_TO_LONGS(MAPCACHE_ENTRIES) * sizeof(long))) > ++ 2 * PFN_UP(BITS_TO_LONGS(MAPCACHE_ENTRIES) * sizeof(long))) + ++ (1U << L2_PAGETABLE_SHIFT) > + MAPCACHE_VIRT_START + (PERDOMAIN_SLOT_MBYTES << 20)); + bitmap_pages = PFN_UP(BITS_TO_LONGS(MAPCACHE_ENTRIES) * sizeof(long)); + dcache->inuse = (void *)MAPCACHE_VIRT_END + PAGE_SIZE; +@@ -253,9 +257,25 @@ int mapcache_domain_init(struct domain * + + spin_lock_init(&dcache->lock); + +- return create_perdomain_mapping(d, (unsigned long)dcache->inuse, +- 2 * bitmap_pages + 1, +- NIL(l1_pgentry_t *), NULL); ++ rc = create_perdomain_mapping(d, (unsigned long)dcache->inuse, ++ 2 * bitmap_pages + 1, ++ NIL(l1_pgentry_t *), NULL); ++ if ( !rc ) ++ { ++ /* ++ * Install mapping of our L2 table into its own last slot, for easy ++ * access to the L1 entries via MAPCACHE_L1ENT(). ++ */ ++ l3_pgentry_t *l3t = __map_domain_page(d->arch.perdomain_l3_pg); ++ l3_pgentry_t l3e = l3t[l3_table_offset(MAPCACHE_VIRT_END)]; ++ l2_pgentry_t *l2t = map_l2t_from_l3e(l3e); ++ ++ l2e_get_intpte(l2t[L2_PAGETABLE_ENTRIES - 1]) = l3e_get_intpte(l3e); ++ unmap_domain_page(l2t); ++ unmap_domain_page(l3t); ++ } ++ ++ return rc; + } + + int mapcache_vcpu_init(struct vcpu *v) +@@ -346,7 +366,7 @@ mfn_t domain_page_map_to_mfn(const void + else + { + ASSERT(va >= MAPCACHE_VIRT_START && va < MAPCACHE_VIRT_END); +- pl1e = &__linear_l1_table[l1_linear_offset(va)]; ++ pl1e = &MAPCACHE_L1ENT(PFN_DOWN(va - MAPCACHE_VIRT_START)); + } + + return l1e_get_mfn(*pl1e); +--- a/xen/arch/x86/mm.c ++++ b/xen/arch/x86/mm.c +@@ -6024,6 +6024,10 @@ void free_perdomain_mappings(struct doma + { + struct page_info *l1pg = l2e_get_page(l2tab[j]); + ++ /* mapcache_domain_init() installs a recursive entry. */ ++ if ( l1pg == l2pg ) ++ continue; ++ + if ( l2e_get_flags(l2tab[j]) & _PAGE_AVAIL0 ) + { + l1_pgentry_t *l1tab = __map_domain_page(l1pg); diff --git a/xsa286-6.patch b/xsa286-6.patch new file mode 100644 index 0000000..a2dcabd --- /dev/null +++ b/xsa286-6.patch @@ -0,0 +1,95 @@ +x86/mm: restrict use of linear page tables to shadow mode code + +Other code does not require them to be set up anymore, so restrict when +to populate the respective L4 slot and reduce visibility of the +accessors. + +While with the removal of all uses the vulnerability is actually fixed, +removing the creation of the linear mapping adds an extra layer of +protection. Similarly reducing visibility of the accessors mostly +eliminates the risk of undue re-introduction of uses of the linear +mappings. + +This is (not strictly) part of XSA-286. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: George Dunlap <george.dunlap@citrix.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/mm.c ++++ b/xen/arch/x86/mm.c +@@ -1750,9 +1750,10 @@ void init_xen_l4_slots(l4_pgentry_t *l4t + l4t[l4_table_offset(PCI_MCFG_VIRT_START)] = + idle_pg_table[l4_table_offset(PCI_MCFG_VIRT_START)]; + +- /* Slot 258: Self linear mappings. */ ++ /* Slot 258: Self linear mappings (shadow pt only). */ + ASSERT(!mfn_eq(l4mfn, INVALID_MFN)); + l4t[l4_table_offset(LINEAR_PT_VIRT_START)] = ++ !shadow_mode_external(d) ? l4e_empty() : + l4e_from_mfn(l4mfn, __PAGE_HYPERVISOR_RW); + + /* Slot 259: Shadow linear mappings (if applicable) .*/ +--- a/xen/arch/x86/mm/shadow/private.h ++++ b/xen/arch/x86/mm/shadow/private.h +@@ -135,6 +135,15 @@ enum { + # define GUEST_PTE_SIZE 4 + #endif + ++/* Where to find each level of the linear mapping */ ++#define __linear_l1_table ((l1_pgentry_t *)(LINEAR_PT_VIRT_START)) ++#define __linear_l2_table \ ++ ((l2_pgentry_t *)(__linear_l1_table + l1_linear_offset(LINEAR_PT_VIRT_START))) ++#define __linear_l3_table \ ++ ((l3_pgentry_t *)(__linear_l2_table + l2_linear_offset(LINEAR_PT_VIRT_START))) ++#define __linear_l4_table \ ++ ((l4_pgentry_t *)(__linear_l3_table + l3_linear_offset(LINEAR_PT_VIRT_START))) ++ + /****************************************************************************** + * Auditing routines + */ +--- a/xen/arch/x86/x86_64/mm.c ++++ b/xen/arch/x86/x86_64/mm.c +@@ -833,9 +833,6 @@ void __init paging_init(void) + + machine_to_phys_mapping_valid = 1; + +- /* Set up linear page table mapping. */ +- l4e_write(&idle_pg_table[l4_table_offset(LINEAR_PT_VIRT_START)], +- l4e_from_paddr(__pa(idle_pg_table), __PAGE_HYPERVISOR_RW)); + return; + + nomem: +--- a/xen/include/asm-x86/config.h ++++ b/xen/include/asm-x86/config.h +@@ -193,7 +193,7 @@ extern unsigned char boot_edid_info[128] + */ + #define PCI_MCFG_VIRT_START (PML4_ADDR(257)) + #define PCI_MCFG_VIRT_END (PCI_MCFG_VIRT_START + PML4_ENTRY_BYTES) +-/* Slot 258: linear page table (guest table). */ ++/* Slot 258: linear page table (monitor table, HVM only). */ + #define LINEAR_PT_VIRT_START (PML4_ADDR(258)) + #define LINEAR_PT_VIRT_END (LINEAR_PT_VIRT_START + PML4_ENTRY_BYTES) + /* Slot 259: linear page table (shadow table). */ +--- a/xen/include/asm-x86/page.h ++++ b/xen/include/asm-x86/page.h +@@ -274,19 +274,6 @@ void copy_page_sse2(void *, const void * + #define vmap_to_mfn(va) _mfn(l1e_get_pfn(*virt_to_xen_l1e((unsigned long)(va)))) + #define vmap_to_page(va) mfn_to_page(vmap_to_mfn(va)) + +-#endif /* !defined(__ASSEMBLY__) */ +- +-/* Where to find each level of the linear mapping */ +-#define __linear_l1_table ((l1_pgentry_t *)(LINEAR_PT_VIRT_START)) +-#define __linear_l2_table \ +- ((l2_pgentry_t *)(__linear_l1_table + l1_linear_offset(LINEAR_PT_VIRT_START))) +-#define __linear_l3_table \ +- ((l3_pgentry_t *)(__linear_l2_table + l2_linear_offset(LINEAR_PT_VIRT_START))) +-#define __linear_l4_table \ +- ((l4_pgentry_t *)(__linear_l3_table + l3_linear_offset(LINEAR_PT_VIRT_START))) +- +- +-#ifndef __ASSEMBLY__ + extern root_pgentry_t idle_pg_table[ROOT_PAGETABLE_ENTRIES]; + extern l2_pgentry_t *compat_idle_pg_table_l2; + extern unsigned int m2p_compat_vstart; diff --git a/xsa333.patch b/xsa333.patch new file mode 100644 index 0000000..fac386b --- /dev/null +++ b/xsa333.patch @@ -0,0 +1,35 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: x86/pv: Handle the Intel-specific MSR_MISC_ENABLE correctly + +This MSR doesn't exist on AMD hardware, and switching away from the safe +functions in the common MSR path was an erroneous change. + +Partially revert the change. + +This is XSA-333. + +Fixes: 4fdc932b3cc ("x86/Intel: drop another 32-bit leftover") +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/pv/emul-priv-op.c ++++ b/xen/arch/x86/pv/emul-priv-op.c +@@ -891,7 +891,8 @@ static int read_msr(unsigned int reg, ui + return X86EMUL_OKAY; + + case MSR_IA32_MISC_ENABLE: +- rdmsrl(reg, *val); ++ if ( rdmsr_safe(reg, *val) ) ++ break; + *val = guest_misc_enable(*val); + return X86EMUL_OKAY; + +@@ -1031,7 +1032,8 @@ static int write_msr(unsigned int reg, u + break; + + case MSR_IA32_MISC_ENABLE: +- rdmsrl(reg, temp); ++ if ( rdmsr_safe(reg, temp) ) ++ break; + if ( val != guest_misc_enable(temp) ) + goto invalid; + return X86EMUL_OKAY; diff --git a/xsa334.patch b/xsa334.patch new file mode 100644 index 0000000..5473a0f --- /dev/null +++ b/xsa334.patch @@ -0,0 +1,48 @@ +xen/memory: Don't skip the RCU unlock path in acquire_resource() + +In the case that an HVM Stubdomain makes an XENMEM_acquire_resource hypercall, +the FIXME path will bypass rcu_unlock_domain() on the way out of the function. + +Move the check to the start of the function. This does change the behaviour +of the get-size path for HVM Stubdomains, but that functionality is currently +broken and unused anyway, as well as being quite useless to entities which +can't actually map the resource anyway. + +This is XSA-334. + +Fixes: 83fa6552ce ("common: add a new mappable resource type: XENMEM_resource_grant_table") +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/common/memory.c ++++ b/xen/common/memory.c +@@ -1057,6 +1057,14 @@ static int acquire_resource( + xen_pfn_t mfn_list[32]; + int rc; + ++ /* ++ * FIXME: Until foreign pages inserted into the P2M are properly ++ * reference counted, it is unsafe to allow mapping of ++ * resource pages unless the caller is the hardware domain. ++ */ ++ if ( paging_mode_translate(currd) && !is_hardware_domain(currd) ) ++ return -EACCES; ++ + if ( copy_from_guest(&xmar, arg, 1) ) + return -EFAULT; + +@@ -1113,14 +1121,6 @@ static int acquire_resource( + xen_pfn_t gfn_list[ARRAY_SIZE(mfn_list)]; + unsigned int i; + +- /* +- * FIXME: Until foreign pages inserted into the P2M are properly +- * reference counted, it is unsafe to allow mapping of +- * resource pages unless the caller is the hardware domain. +- */ +- if ( !is_hardware_domain(currd) ) +- return -EACCES; +- + if ( copy_from_guest(gfn_list, xmar.frame_list, xmar.nr_frames) ) + rc = -EFAULT; + diff --git a/xsa336.patch b/xsa336.patch new file mode 100644 index 0000000..7bfdce8 --- /dev/null +++ b/xsa336.patch @@ -0,0 +1,274 @@ +x86/vpt: fix race when migrating timers between vCPUs + +The current vPT code will migrate the emulated timers between vCPUs +(change the pt->vcpu field) while just holding the destination lock, +either from create_periodic_time or pt_adjust_global_vcpu_target if +the global target is adjusted. Changing the periodic_timer vCPU field +in this way creates a race where a third party could grab the lock in +the unlocked region of pt_adjust_global_vcpu_target (or before +create_periodic_time performs the vcpu change) and then release the +lock from a different vCPU, creating a locking imbalance. + +Introduce a per-domain rwlock in order to protect periodic_time +migration between vCPU lists. Taking the lock in read mode prevents +any timer from being migrated to a different vCPU, while taking it in +write mode allows performing migration of timers across vCPUs. The +per-vcpu locks are still used to protect all the other fields from the +periodic_timer struct. + +Note that such migration shouldn't happen frequently, and hence +there's no performance drop as a result of such locking. + +This is XSA-336. + +Reported-by: Igor Druzhinin <igor.druzhinin@citrix.com> +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Tested-by: Igor Druzhinin <igor.druzhinin@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/hvm/hvm.c ++++ b/xen/arch/x86/hvm/hvm.c +@@ -646,6 +646,8 @@ int hvm_domain_initialise(struct domain + /* need link to containing domain */ + d->arch.hvm.pl_time->domain = d; + ++ rwlock_init(&d->arch.hvm.pl_time->pt_migrate); ++ + /* Set the default IO Bitmap. */ + if ( is_hardware_domain(d) ) + { +--- a/xen/arch/x86/hvm/vpt.c ++++ b/xen/arch/x86/hvm/vpt.c +@@ -152,23 +152,32 @@ static int pt_irq_masked(struct periodic + return 1; + } + +-static void pt_lock(struct periodic_time *pt) ++static void pt_vcpu_lock(struct vcpu *v) + { +- struct vcpu *v; ++ read_lock(&v->domain->arch.hvm.pl_time->pt_migrate); ++ spin_lock(&v->arch.hvm.tm_lock); ++} + +- for ( ; ; ) +- { +- v = pt->vcpu; +- spin_lock(&v->arch.hvm.tm_lock); +- if ( likely(pt->vcpu == v) ) +- break; +- spin_unlock(&v->arch.hvm.tm_lock); +- } ++static void pt_vcpu_unlock(struct vcpu *v) ++{ ++ spin_unlock(&v->arch.hvm.tm_lock); ++ read_unlock(&v->domain->arch.hvm.pl_time->pt_migrate); ++} ++ ++static void pt_lock(struct periodic_time *pt) ++{ ++ /* ++ * We cannot use pt_vcpu_lock here, because we need to acquire the ++ * per-domain lock first and then (re-)fetch the value of pt->vcpu, or ++ * else we might be using a stale value of pt->vcpu. ++ */ ++ read_lock(&pt->vcpu->domain->arch.hvm.pl_time->pt_migrate); ++ spin_lock(&pt->vcpu->arch.hvm.tm_lock); + } + + static void pt_unlock(struct periodic_time *pt) + { +- spin_unlock(&pt->vcpu->arch.hvm.tm_lock); ++ pt_vcpu_unlock(pt->vcpu); + } + + static void pt_process_missed_ticks(struct periodic_time *pt) +@@ -218,7 +227,7 @@ void pt_save_timer(struct vcpu *v) + if ( v->pause_flags & VPF_blocked ) + return; + +- spin_lock(&v->arch.hvm.tm_lock); ++ pt_vcpu_lock(v); + + list_for_each_entry ( pt, head, list ) + if ( !pt->do_not_freeze ) +@@ -226,7 +235,7 @@ void pt_save_timer(struct vcpu *v) + + pt_freeze_time(v); + +- spin_unlock(&v->arch.hvm.tm_lock); ++ pt_vcpu_unlock(v); + } + + void pt_restore_timer(struct vcpu *v) +@@ -234,7 +243,7 @@ void pt_restore_timer(struct vcpu *v) + struct list_head *head = &v->arch.hvm.tm_list; + struct periodic_time *pt; + +- spin_lock(&v->arch.hvm.tm_lock); ++ pt_vcpu_lock(v); + + list_for_each_entry ( pt, head, list ) + { +@@ -247,7 +256,7 @@ void pt_restore_timer(struct vcpu *v) + + pt_thaw_time(v); + +- spin_unlock(&v->arch.hvm.tm_lock); ++ pt_vcpu_unlock(v); + } + + static void pt_timer_fn(void *data) +@@ -308,7 +317,7 @@ int pt_update_irq(struct vcpu *v) + int irq, pt_vector = -1; + bool level; + +- spin_lock(&v->arch.hvm.tm_lock); ++ pt_vcpu_lock(v); + + earliest_pt = NULL; + max_lag = -1ULL; +@@ -338,7 +347,7 @@ int pt_update_irq(struct vcpu *v) + + if ( earliest_pt == NULL ) + { +- spin_unlock(&v->arch.hvm.tm_lock); ++ pt_vcpu_unlock(v); + return -1; + } + +@@ -346,7 +355,7 @@ int pt_update_irq(struct vcpu *v) + irq = earliest_pt->irq; + level = earliest_pt->level; + +- spin_unlock(&v->arch.hvm.tm_lock); ++ pt_vcpu_unlock(v); + + switch ( earliest_pt->source ) + { +@@ -393,7 +402,7 @@ int pt_update_irq(struct vcpu *v) + time_cb *cb = NULL; + void *cb_priv; + +- spin_lock(&v->arch.hvm.tm_lock); ++ pt_vcpu_lock(v); + /* Make sure the timer is still on the list. */ + list_for_each_entry ( pt, &v->arch.hvm.tm_list, list ) + if ( pt == earliest_pt ) +@@ -403,7 +412,7 @@ int pt_update_irq(struct vcpu *v) + cb_priv = pt->priv; + break; + } +- spin_unlock(&v->arch.hvm.tm_lock); ++ pt_vcpu_unlock(v); + + if ( cb != NULL ) + cb(v, cb_priv); +@@ -440,12 +449,12 @@ void pt_intr_post(struct vcpu *v, struct + if ( intack.source == hvm_intsrc_vector ) + return; + +- spin_lock(&v->arch.hvm.tm_lock); ++ pt_vcpu_lock(v); + + pt = is_pt_irq(v, intack); + if ( pt == NULL ) + { +- spin_unlock(&v->arch.hvm.tm_lock); ++ pt_vcpu_unlock(v); + return; + } + +@@ -454,7 +463,7 @@ void pt_intr_post(struct vcpu *v, struct + cb = pt->cb; + cb_priv = pt->priv; + +- spin_unlock(&v->arch.hvm.tm_lock); ++ pt_vcpu_unlock(v); + + if ( cb != NULL ) + cb(v, cb_priv); +@@ -465,12 +474,12 @@ void pt_migrate(struct vcpu *v) + struct list_head *head = &v->arch.hvm.tm_list; + struct periodic_time *pt; + +- spin_lock(&v->arch.hvm.tm_lock); ++ pt_vcpu_lock(v); + + list_for_each_entry ( pt, head, list ) + migrate_timer(&pt->timer, v->processor); + +- spin_unlock(&v->arch.hvm.tm_lock); ++ pt_vcpu_unlock(v); + } + + void create_periodic_time( +@@ -489,7 +498,7 @@ void create_periodic_time( + + destroy_periodic_time(pt); + +- spin_lock(&v->arch.hvm.tm_lock); ++ write_lock(&v->domain->arch.hvm.pl_time->pt_migrate); + + pt->pending_intr_nr = 0; + pt->do_not_freeze = 0; +@@ -539,7 +548,7 @@ void create_periodic_time( + init_timer(&pt->timer, pt_timer_fn, pt, v->processor); + set_timer(&pt->timer, pt->scheduled); + +- spin_unlock(&v->arch.hvm.tm_lock); ++ write_unlock(&v->domain->arch.hvm.pl_time->pt_migrate); + } + + void destroy_periodic_time(struct periodic_time *pt) +@@ -564,30 +573,20 @@ void destroy_periodic_time(struct period + + static void pt_adjust_vcpu(struct periodic_time *pt, struct vcpu *v) + { +- int on_list; +- + ASSERT(pt->source == PTSRC_isa || pt->source == PTSRC_ioapic); + + if ( pt->vcpu == NULL ) + return; + +- pt_lock(pt); +- on_list = pt->on_list; +- if ( pt->on_list ) +- list_del(&pt->list); +- pt->on_list = 0; +- pt_unlock(pt); +- +- spin_lock(&v->arch.hvm.tm_lock); ++ write_lock(&pt->vcpu->domain->arch.hvm.pl_time->pt_migrate); + pt->vcpu = v; +- if ( on_list ) ++ if ( pt->on_list ) + { +- pt->on_list = 1; ++ list_del(&pt->list); + list_add(&pt->list, &v->arch.hvm.tm_list); +- + migrate_timer(&pt->timer, v->processor); + } +- spin_unlock(&v->arch.hvm.tm_lock); ++ write_unlock(&pt->vcpu->domain->arch.hvm.pl_time->pt_migrate); + } + + void pt_adjust_global_vcpu_target(struct vcpu *v) +--- a/xen/include/asm-x86/hvm/vpt.h ++++ b/xen/include/asm-x86/hvm/vpt.h +@@ -134,6 +134,13 @@ struct pl_time { /* platform time */ + struct RTCState vrtc; + struct HPETState vhpet; + struct PMTState vpmt; ++ /* ++ * rwlock to prevent periodic_time vCPU migration. Take the lock in read ++ * mode in order to prevent the vcpu field of periodic_time from changing. ++ * Lock must be taken in write mode when changes to the vcpu field are ++ * performed, as it allows exclusive access to all the timers of a domain. ++ */ ++ rwlock_t pt_migrate; + /* guest_time = Xen sys time + stime_offset */ + int64_t stime_offset; + /* Ensures monotonicity in appropriate timer modes. */ diff --git a/xsa337-1.patch b/xsa337-1.patch new file mode 100644 index 0000000..feab65b --- /dev/null +++ b/xsa337-1.patch @@ -0,0 +1,85 @@ +x86/msi: get rid of read_msi_msg + +It's safer and faster to just use the cached last written +(untranslated) MSI message stored in msi_desc for the single user that +calls read_msi_msg. + +This also prevents relying on the data read from the device MSI +registers in order to figure out the index into the IOMMU interrupt +remapping table, which is not safe. + +This is XSA-337. + +Requested-by: Andrew Cooper <andrew.cooper3@citrix.com> +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/msi.c ++++ b/xen/arch/x86/msi.c +@@ -183,54 +183,6 @@ void msi_compose_msg(unsigned vector, co + MSI_DATA_VECTOR(vector); + } + +-static bool read_msi_msg(struct msi_desc *entry, struct msi_msg *msg) +-{ +- switch ( entry->msi_attrib.type ) +- { +- case PCI_CAP_ID_MSI: +- { +- struct pci_dev *dev = entry->dev; +- int pos = entry->msi_attrib.pos; +- uint16_t data; +- +- msg->address_lo = pci_conf_read32(dev->sbdf, +- msi_lower_address_reg(pos)); +- if ( entry->msi_attrib.is_64 ) +- { +- msg->address_hi = pci_conf_read32(dev->sbdf, +- msi_upper_address_reg(pos)); +- data = pci_conf_read16(dev->sbdf, msi_data_reg(pos, 1)); +- } +- else +- { +- msg->address_hi = 0; +- data = pci_conf_read16(dev->sbdf, msi_data_reg(pos, 0)); +- } +- msg->data = data; +- break; +- } +- case PCI_CAP_ID_MSIX: +- { +- void __iomem *base = entry->mask_base; +- +- if ( unlikely(!msix_memory_decoded(entry->dev, +- entry->msi_attrib.pos)) ) +- return false; +- msg->address_lo = readl(base + PCI_MSIX_ENTRY_LOWER_ADDR_OFFSET); +- msg->address_hi = readl(base + PCI_MSIX_ENTRY_UPPER_ADDR_OFFSET); +- msg->data = readl(base + PCI_MSIX_ENTRY_DATA_OFFSET); +- break; +- } +- default: +- BUG(); +- } +- +- if ( iommu_intremap ) +- iommu_read_msi_from_ire(entry, msg); +- +- return true; +-} +- + static int write_msi_msg(struct msi_desc *entry, struct msi_msg *msg) + { + entry->msg = *msg; +@@ -302,10 +254,7 @@ void set_msi_affinity(struct irq_desc *d + + ASSERT(spin_is_locked(&desc->lock)); + +- memset(&msg, 0, sizeof(msg)); +- if ( !read_msi_msg(msi_desc, &msg) ) +- return; +- ++ msg = msi_desc->msg; + msg.data &= ~MSI_DATA_VECTOR_MASK; + msg.data |= MSI_DATA_VECTOR(desc->arch.vector); + msg.address_lo &= ~MSI_ADDR_DEST_ID_MASK; diff --git a/xsa337-2.patch b/xsa337-2.patch new file mode 100644 index 0000000..8bcbf7c --- /dev/null +++ b/xsa337-2.patch @@ -0,0 +1,180 @@ +x86/MSI-X: restrict reading of table/PBA bases from BARs + +When assigned to less trusted or un-trusted guests, devices may change +state behind our backs (they may e.g. get reset by means we may not know +about). Therefore we should avoid reading BARs from hardware once a +device is no longer owned by Dom0. Furthermore when we can't read a BAR, +or when we read zero, we shouldn't instead use the caller provided +address unless that caller can be trusted. + +Re-arrange the logic in msix_capability_init() such that only Dom0 (and +only if the device isn't DomU-owned yet) or calls through +PHYSDEVOP_prepare_msix will actually result in the reading of the +respective BAR register(s). Additionally do so only as long as in-use +table entries are known (note that invocation of PHYSDEVOP_prepare_msix +counts as a "pseudo" entry). In all other uses the value already +recorded will get used instead. + +Clear the recorded values in _pci_cleanup_msix() as well as on the one +affected error path. (Adjust this error path to also avoid blindly +disabling MSI-X when it was enabled on entry to the function.) + +While moving around variable declarations (in many cases to reduce their +scopes), also adjust some of their types. + +This is part of XSA-337. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> + +--- a/xen/arch/x86/msi.c ++++ b/xen/arch/x86/msi.c +@@ -769,16 +769,14 @@ static int msix_capability_init(struct p + { + struct arch_msix *msix = dev->msix; + struct msi_desc *entry = NULL; +- int vf; + u16 control; + u64 table_paddr; + u32 table_offset; +- u8 bir, pbus, pslot, pfunc; + u16 seg = dev->seg; + u8 bus = dev->bus; + u8 slot = PCI_SLOT(dev->devfn); + u8 func = PCI_FUNC(dev->devfn); +- bool maskall = msix->host_maskall; ++ bool maskall = msix->host_maskall, zap_on_error = false; + unsigned int pos = pci_find_cap_offset(seg, bus, slot, func, + PCI_CAP_ID_MSIX); + +@@ -820,43 +818,45 @@ static int msix_capability_init(struct p + + /* Locate MSI-X table region */ + table_offset = pci_conf_read32(dev->sbdf, msix_table_offset_reg(pos)); +- bir = (u8)(table_offset & PCI_MSIX_BIRMASK); +- table_offset &= ~PCI_MSIX_BIRMASK; ++ if ( !msix->used_entries && ++ (!msi || ++ (is_hardware_domain(current->domain) && ++ (dev->domain == current->domain || dev->domain == dom_io))) ) ++ { ++ unsigned int bir = table_offset & PCI_MSIX_BIRMASK, pbus, pslot, pfunc; ++ int vf; ++ paddr_t pba_paddr; ++ unsigned int pba_offset; + +- if ( !dev->info.is_virtfn ) +- { +- pbus = bus; +- pslot = slot; +- pfunc = func; +- vf = -1; +- } +- else +- { +- pbus = dev->info.physfn.bus; +- pslot = PCI_SLOT(dev->info.physfn.devfn); +- pfunc = PCI_FUNC(dev->info.physfn.devfn); +- vf = PCI_BDF2(dev->bus, dev->devfn); +- } +- +- table_paddr = read_pci_mem_bar(seg, pbus, pslot, pfunc, bir, vf); +- WARN_ON(msi && msi->table_base != table_paddr); +- if ( !table_paddr ) +- { +- if ( !msi || !msi->table_base ) ++ if ( !dev->info.is_virtfn ) + { +- pci_conf_write16(dev->sbdf, msix_control_reg(pos), +- control & ~PCI_MSIX_FLAGS_ENABLE); +- xfree(entry); +- return -ENXIO; ++ pbus = bus; ++ pslot = slot; ++ pfunc = func; ++ vf = -1; ++ } ++ else ++ { ++ pbus = dev->info.physfn.bus; ++ pslot = PCI_SLOT(dev->info.physfn.devfn); ++ pfunc = PCI_FUNC(dev->info.physfn.devfn); ++ vf = PCI_BDF2(dev->bus, dev->devfn); + } +- table_paddr = msi->table_base; +- } +- table_paddr += table_offset; + +- if ( !msix->used_entries ) +- { +- u64 pba_paddr; +- u32 pba_offset; ++ table_paddr = read_pci_mem_bar(seg, pbus, pslot, pfunc, bir, vf); ++ WARN_ON(msi && msi->table_base != table_paddr); ++ if ( !table_paddr ) ++ { ++ if ( !msi || !msi->table_base ) ++ { ++ pci_conf_write16(dev->sbdf, msix_control_reg(pos), ++ control & ~PCI_MSIX_FLAGS_ENABLE); ++ xfree(entry); ++ return -ENXIO; ++ } ++ table_paddr = msi->table_base; ++ } ++ table_paddr += table_offset & ~PCI_MSIX_BIRMASK; + + msix->table.first = PFN_DOWN(table_paddr); + msix->table.last = PFN_DOWN(table_paddr + +@@ -875,7 +875,18 @@ static int msix_capability_init(struct p + BITS_TO_LONGS(msix->nr_entries) - 1); + WARN_ON(rangeset_overlaps_range(mmio_ro_ranges, msix->pba.first, + msix->pba.last)); ++ ++ zap_on_error = true; ++ } ++ else if ( !msix->table.first ) ++ { ++ pci_conf_write16(dev->sbdf, msix_control_reg(pos), control); ++ xfree(entry); ++ return -ENODATA; + } ++ else ++ table_paddr = (msix->table.first << PAGE_SHIFT) + ++ (table_offset & ~PCI_MSIX_BIRMASK & ~PAGE_MASK); + + if ( entry ) + { +@@ -886,8 +897,15 @@ static int msix_capability_init(struct p + + if ( idx < 0 ) + { +- pci_conf_write16(dev->sbdf, msix_control_reg(pos), +- control & ~PCI_MSIX_FLAGS_ENABLE); ++ if ( zap_on_error ) ++ { ++ msix->table.first = 0; ++ msix->pba.first = 0; ++ ++ control &= ~PCI_MSIX_FLAGS_ENABLE; ++ } ++ ++ pci_conf_write16(dev->sbdf, msix_control_reg(pos), control); + xfree(entry); + return idx; + } +@@ -1076,9 +1094,14 @@ static void _pci_cleanup_msix(struct arc + if ( rangeset_remove_range(mmio_ro_ranges, msix->table.first, + msix->table.last) ) + WARN(); ++ msix->table.first = 0; ++ msix->table.last = 0; ++ + if ( rangeset_remove_range(mmio_ro_ranges, msix->pba.first, + msix->pba.last) ) + WARN(); ++ msix->pba.first = 0; ++ msix->pba.last = 0; + } + } + diff --git a/xsa338.patch b/xsa338.patch new file mode 100644 index 0000000..131853c --- /dev/null +++ b/xsa338.patch @@ -0,0 +1,39 @@ +evtchn: relax port_is_valid() + +To avoid ports potentially becoming invalid behind the back of certain +other functions (due to ->max_evtchn shrinking) because of +- a guest invoking evtchn_reset() and from a 2nd vCPU opening new + channels in parallel (see also XSA-343), +- alloc_unbound_xen_event_channel() produced channels living above the + 2-level range (see also XSA-342), +drop the max_evtchns check from port_is_valid(). For a port for which +the function once returned "true", the returned value may not turn into +"false" later on. The function's result may only depend on bounds which +can only ever grow (which is the case for d->valid_evtchns). + +This also eliminates a false sense of safety, utilized by some of the +users (see again XSA-343): Without a suitable lock held, d->max_evtchns +may change at any time, and hence deducing that certain other operations +are safe when port_is_valid() returned true is not legitimate. The +opportunities to abuse this may get widened by the change here +(depending on guest and host configuration), but will be taken care of +by the other XSA. + +This is XSA-338. + +Fixes: 48974e6ce52e ("evtchn: use a per-domain variable for the max number of event channels") +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> +Reviewed-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/include/xen/event.h ++++ b/xen/include/xen/event.h +@@ -107,8 +107,6 @@ void notify_via_xen_event_channel(struct + + static inline bool_t port_is_valid(struct domain *d, unsigned int p) + { +- if ( p >= d->max_evtchns ) +- return 0; + return p < read_atomic(&d->valid_evtchns); + } + diff --git a/xsa339.patch b/xsa339.patch new file mode 100644 index 0000000..4a67286 --- /dev/null +++ b/xsa339.patch @@ -0,0 +1,71 @@ +x86/pv: Avoid double exception injection + +There is at least one path (SYSENTER with NT set, Xen converts to #GP) which +ends up injecting the #GP fault twice, first in compat_sysenter(), and then a +second time in compat_test_all_events(), due to the stale TBF_EXCEPTION left +in TRAPBOUNCE_flags. + +The guest kernel sees the second fault first, which is a kernel level #GP +pointing at the head of the #GP handler, and is therefore a userspace +trigger-able DoS. + +This particular bug has bitten us several times before, so rearrange +{compat_,}create_bounce_frame() to clobber TRAPBOUNCE on success, rather than +leaving this task to one area of code which isn't used uniformly. + +Other scenarios which might result in a double injection (e.g. two calls +directly to compat_create_bounce_frame) will now crash the guest, which is far +more obvious than letting the kernel run with corrupt state. + +This is XSA-339. + +Fixes: fdac9515607b ("x86: clear EFLAGS.NT in SYSENTER entry path") +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/x86_64/compat/entry.S ++++ b/xen/arch/x86/x86_64/compat/entry.S +@@ -78,7 +78,6 @@ compat_process_softirqs: + sti + .Lcompat_bounce_exception: + call compat_create_bounce_frame +- movb $0, TRAPBOUNCE_flags(%rdx) + jmp compat_test_all_events + + ALIGN +@@ -349,7 +348,13 @@ __UNLIKELY_END(compat_bounce_null_select + movl %eax,UREGS_cs+8(%rsp) + movl TRAPBOUNCE_eip(%rdx),%eax + movl %eax,UREGS_rip+8(%rsp) ++ ++ /* Trapbounce complete. Clobber state to avoid an erroneous second injection. */ ++ xor %eax, %eax ++ mov %ax, TRAPBOUNCE_cs(%rdx) ++ mov %al, TRAPBOUNCE_flags(%rdx) + ret ++ + .section .fixup,"ax" + .Lfx13: + xorl %edi,%edi +--- a/xen/arch/x86/x86_64/entry.S ++++ b/xen/arch/x86/x86_64/entry.S +@@ -90,7 +90,6 @@ process_softirqs: + sti + .Lbounce_exception: + call create_bounce_frame +- movb $0, TRAPBOUNCE_flags(%rdx) + jmp test_all_events + + ALIGN +@@ -495,6 +494,11 @@ UNLIKELY_START(z, create_bounce_frame_ba + jmp asm_domain_crash_synchronous /* Does not return */ + __UNLIKELY_END(create_bounce_frame_bad_bounce_ip) + movq %rax,UREGS_rip+8(%rsp) ++ ++ /* Trapbounce complete. Clobber state to avoid an erroneous second injection. */ ++ xor %eax, %eax ++ mov %rax, TRAPBOUNCE_eip(%rdx) ++ mov %al, TRAPBOUNCE_flags(%rdx) + ret + + .pushsection .fixup, "ax", @progbits diff --git a/xsa340.patch b/xsa340.patch new file mode 100644 index 0000000..80aa95a --- /dev/null +++ b/xsa340.patch @@ -0,0 +1,62 @@ +xen/evtchn: Add missing barriers when accessing/allocating an event channel + +While the allocation of a bucket is always performed with the per-domain +lock, the bucket may be accessed without the lock taken (for instance, see +evtchn_send()). + +Instead such sites relies on port_is_valid() to return a non-zero value +when the port has a struct evtchn associated to it. The function will +mostly check whether the port is less than d->valid_evtchns as all the +buckets/event channels should be allocated up to that point. + +Unfortunately a compiler is free to re-order the assignment in +evtchn_allocate_port() so it would be possible to have d->valid_evtchns +updated before the new bucket has finish to allocate. + +Additionally on Arm, even if this was compiled "correctly", the +processor can still re-order the memory access. + +Add a write memory barrier in the allocation side and a read memory +barrier when the port is valid to prevent any re-ordering issue. + +This is XSA-340. + +Signed-off-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -178,6 +178,13 @@ int evtchn_allocate_port(struct domain * + return -ENOMEM; + bucket_from_port(d, port) = chn; + ++ /* ++ * d->valid_evtchns is used to check whether the bucket can be ++ * accessed without the per-domain lock. Therefore, ++ * d->valid_evtchns should be seen *after* the new bucket has ++ * been setup. ++ */ ++ smp_wmb(); + write_atomic(&d->valid_evtchns, d->valid_evtchns + EVTCHNS_PER_BUCKET); + } + +--- a/xen/include/xen/event.h ++++ b/xen/include/xen/event.h +@@ -107,7 +107,17 @@ void notify_via_xen_event_channel(struct + + static inline bool_t port_is_valid(struct domain *d, unsigned int p) + { +- return p < read_atomic(&d->valid_evtchns); ++ if ( p >= read_atomic(&d->valid_evtchns) ) ++ return false; ++ ++ /* ++ * The caller will usually access the event channel afterwards and ++ * may be done without taking the per-domain lock. The barrier is ++ * going in pair the smp_wmb() barrier in evtchn_allocate_port(). ++ */ ++ smp_rmb(); ++ ++ return true; + } + + static inline struct evtchn *evtchn_from_port(struct domain *d, unsigned int p) diff --git a/xsa342.patch b/xsa342.patch new file mode 100644 index 0000000..6638271 --- /dev/null +++ b/xsa342.patch @@ -0,0 +1,144 @@ +evtchn/x86: enforce correct upper limit for 32-bit guests + +The recording of d->max_evtchns in evtchn_2l_init(), in particular with +the limited set of callers of the function, is insufficient. Neither for +PV nor for HVM guests the bitness is known at domain_create() time, yet +the upper bound in 2-level mode depends upon guest bitness. Recording +too high a limit "allows" x86 32-bit domains to open not properly usable +event channels, management of which (inside Xen) would then result in +corruption of the shared info and vCPU info structures. + +Keep the upper limit dynamic for the 2-level case, introducing a helper +function to retrieve the effective limit. This helper is now supposed to +be private to the event channel code. The used in do_poll() and +domain_dump_evtchn_info() weren't consistent with port uses elsewhere +and hence get switched to port_is_valid(). + +Furthermore FIFO mode's setup_ports() gets adjusted to loop only up to +the prior ABI limit, rather than all the way up to the new one. + +Finally a word on the change to do_poll(): Accessing ->max_evtchns +without holding a suitable lock was never safe, as it as well as +->evtchn_port_ops may change behind do_poll()'s back. Using +port_is_valid() instead widens some the window for potential abuse, +until we've dealt with the race altogether (see XSA-343). + +This is XSA-342. + +Fixes: 48974e6ce52e ("evtchn: use a per-domain variable for the max number of event channels") +Reported-by: Julien Grall <jgrall@amazon.com> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> +Reviewed-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/common/event_2l.c ++++ b/xen/common/event_2l.c +@@ -103,7 +103,6 @@ static const struct evtchn_port_ops evtc + void evtchn_2l_init(struct domain *d) + { + d->evtchn_port_ops = &evtchn_port_ops_2l; +- d->max_evtchns = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); + } + + /* +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -151,7 +151,7 @@ static void free_evtchn_bucket(struct do + + int evtchn_allocate_port(struct domain *d, evtchn_port_t port) + { +- if ( port > d->max_evtchn_port || port >= d->max_evtchns ) ++ if ( port > d->max_evtchn_port || port >= max_evtchns(d) ) + return -ENOSPC; + + if ( port_is_valid(d, port) ) +@@ -1396,13 +1396,11 @@ static void domain_dump_evtchn_info(stru + + spin_lock(&d->event_lock); + +- for ( port = 1; port < d->max_evtchns; ++port ) ++ for ( port = 1; port_is_valid(d, port); ++port ) + { + const struct evtchn *chn; + char *ssid; + +- if ( !port_is_valid(d, port) ) +- continue; + chn = evtchn_from_port(d, port); + if ( chn->state == ECS_FREE ) + continue; +--- a/xen/common/event_fifo.c ++++ b/xen/common/event_fifo.c +@@ -478,7 +478,7 @@ static void cleanup_event_array(struct d + d->evtchn_fifo = NULL; + } + +-static void setup_ports(struct domain *d) ++static void setup_ports(struct domain *d, unsigned int prev_evtchns) + { + unsigned int port; + +@@ -488,7 +488,7 @@ static void setup_ports(struct domain *d + * - save its pending state. + * - set default priority. + */ +- for ( port = 1; port < d->max_evtchns; port++ ) ++ for ( port = 1; port < prev_evtchns; port++ ) + { + struct evtchn *evtchn; + +@@ -546,6 +546,8 @@ int evtchn_fifo_init_control(struct evtc + if ( !d->evtchn_fifo ) + { + struct vcpu *vcb; ++ /* Latch the value before it changes during setup_event_array(). */ ++ unsigned int prev_evtchns = max_evtchns(d); + + for_each_vcpu ( d, vcb ) { + rc = setup_control_block(vcb); +@@ -562,8 +564,7 @@ int evtchn_fifo_init_control(struct evtc + goto error; + + d->evtchn_port_ops = &evtchn_port_ops_fifo; +- d->max_evtchns = EVTCHN_FIFO_NR_CHANNELS; +- setup_ports(d); ++ setup_ports(d, prev_evtchns); + } + else + rc = map_control_block(v, gfn, offset); +--- a/xen/common/schedule.c ++++ b/xen/common/schedule.c +@@ -1434,7 +1434,7 @@ static long do_poll(struct sched_poll *s + goto out; + + rc = -EINVAL; +- if ( port >= d->max_evtchns ) ++ if ( !port_is_valid(d, port) ) + goto out; + + rc = 0; +--- a/xen/include/xen/event.h ++++ b/xen/include/xen/event.h +@@ -105,6 +105,12 @@ void notify_via_xen_event_channel(struct + #define bucket_from_port(d, p) \ + ((group_from_port(d, p))[((p) % EVTCHNS_PER_GROUP) / EVTCHNS_PER_BUCKET]) + ++static inline unsigned int max_evtchns(const struct domain *d) ++{ ++ return d->evtchn_fifo ? EVTCHN_FIFO_NR_CHANNELS ++ : BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); ++} ++ + static inline bool_t port_is_valid(struct domain *d, unsigned int p) + { + if ( p >= read_atomic(&d->valid_evtchns) ) +--- a/xen/include/xen/sched.h ++++ b/xen/include/xen/sched.h +@@ -382,7 +382,6 @@ struct domain + /* Event channel information. */ + struct evtchn *evtchn; /* first bucket only */ + struct evtchn **evtchn_group[NR_EVTCHN_GROUPS]; /* all other buckets */ +- unsigned int max_evtchns; /* number supported by ABI */ + unsigned int max_evtchn_port; /* max permitted port number */ + unsigned int valid_evtchns; /* number of allocated event channels */ + spinlock_t event_lock; diff --git a/xsa343-1.patch b/xsa343-1.patch new file mode 100644 index 0000000..04d7e44 --- /dev/null +++ b/xsa343-1.patch @@ -0,0 +1,189 @@ +evtchn: evtchn_reset() may not succeed with still-open ports + +While the function closes all ports, it does so without holding any +lock, and hence racing requests may be issued causing new ports to get +opened. This would have been problematic in particular if such a newly +opened port had a port number above the new implementation limit (i.e. +when switching from FIFO to 2-level) after the reset, as prior to +"evtchn: relax port_is_valid()" this could have led to e.g. +evtchn_close()'s "BUG_ON(!port_is_valid(d2, port2))" to trigger. + +Introduce a counter of active ports and check that it's (still) no +larger then the number of Xen internally used ones after obtaining the +necessary lock in evtchn_reset(). + +As to the access model of the new {active,xen}_evtchns fields - while +all writes get done using write_atomic(), reads ought to use +read_atomic() only when outside of a suitably locked region. + +Note that as of now evtchn_bind_virq() and evtchn_bind_ipi() don't have +a need to call check_free_port(). + +This is part of XSA-343. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> +Reviewed-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -188,6 +188,8 @@ int evtchn_allocate_port(struct domain * + write_atomic(&d->valid_evtchns, d->valid_evtchns + EVTCHNS_PER_BUCKET); + } + ++ write_atomic(&d->active_evtchns, d->active_evtchns + 1); ++ + return 0; + } + +@@ -211,11 +213,26 @@ static int get_free_port(struct domain * + return -ENOSPC; + } + ++/* ++ * Check whether a port is still marked free, and if so update the domain ++ * counter accordingly. To be used on function exit paths. ++ */ ++static void check_free_port(struct domain *d, evtchn_port_t port) ++{ ++ if ( port_is_valid(d, port) && ++ evtchn_from_port(d, port)->state == ECS_FREE ) ++ write_atomic(&d->active_evtchns, d->active_evtchns - 1); ++} ++ + void evtchn_free(struct domain *d, struct evtchn *chn) + { + /* Clear pending event to avoid unexpected behavior on re-bind. */ + evtchn_port_clear_pending(d, chn); + ++ if ( consumer_is_xen(chn) ) ++ write_atomic(&d->xen_evtchns, d->xen_evtchns - 1); ++ write_atomic(&d->active_evtchns, d->active_evtchns - 1); ++ + /* Reset binding to vcpu0 when the channel is freed. */ + chn->state = ECS_FREE; + chn->notify_vcpu_id = 0; +@@ -258,6 +275,7 @@ static long evtchn_alloc_unbound(evtchn_ + alloc->port = port; + + out: ++ check_free_port(d, port); + spin_unlock(&d->event_lock); + rcu_unlock_domain(d); + +@@ -351,6 +369,7 @@ static long evtchn_bind_interdomain(evtc + bind->local_port = lport; + + out: ++ check_free_port(ld, lport); + spin_unlock(&ld->event_lock); + if ( ld != rd ) + spin_unlock(&rd->event_lock); +@@ -488,7 +507,7 @@ static long evtchn_bind_pirq(evtchn_bind + struct domain *d = current->domain; + struct vcpu *v = d->vcpu[0]; + struct pirq *info; +- int port, pirq = bind->pirq; ++ int port = 0, pirq = bind->pirq; + long rc; + + if ( (pirq < 0) || (pirq >= d->nr_pirqs) ) +@@ -536,6 +555,7 @@ static long evtchn_bind_pirq(evtchn_bind + arch_evtchn_bind_pirq(d, pirq); + + out: ++ check_free_port(d, port); + spin_unlock(&d->event_lock); + + return rc; +@@ -1011,10 +1031,10 @@ int evtchn_unmask(unsigned int port) + return 0; + } + +- + int evtchn_reset(struct domain *d) + { + unsigned int i; ++ int rc = 0; + + if ( d != current->domain && !d->controller_pause_count ) + return -EINVAL; +@@ -1024,7 +1044,9 @@ int evtchn_reset(struct domain *d) + + spin_lock(&d->event_lock); + +- if ( d->evtchn_fifo ) ++ if ( d->active_evtchns > d->xen_evtchns ) ++ rc = -EAGAIN; ++ else if ( d->evtchn_fifo ) + { + /* Switching back to 2-level ABI. */ + evtchn_fifo_destroy(d); +@@ -1033,7 +1055,7 @@ int evtchn_reset(struct domain *d) + + spin_unlock(&d->event_lock); + +- return 0; ++ return rc; + } + + static long evtchn_set_priority(const struct evtchn_set_priority *set_priority) +@@ -1219,10 +1241,9 @@ int alloc_unbound_xen_event_channel( + + spin_lock(&ld->event_lock); + +- rc = get_free_port(ld); ++ port = rc = get_free_port(ld); + if ( rc < 0 ) + goto out; +- port = rc; + chn = evtchn_from_port(ld, port); + + rc = xsm_evtchn_unbound(XSM_TARGET, ld, chn, remote_domid); +@@ -1238,7 +1259,10 @@ int alloc_unbound_xen_event_channel( + + spin_unlock(&chn->lock); + ++ write_atomic(&ld->xen_evtchns, ld->xen_evtchns + 1); ++ + out: ++ check_free_port(ld, port); + spin_unlock(&ld->event_lock); + + return rc < 0 ? rc : port; +@@ -1314,6 +1338,7 @@ int evtchn_init(struct domain *d, unsign + return -EINVAL; + } + evtchn_from_port(d, 0)->state = ECS_RESERVED; ++ write_atomic(&d->active_evtchns, 0); + + #if MAX_VIRT_CPUS > BITS_PER_LONG + d->poll_mask = xzalloc_array(unsigned long, BITS_TO_LONGS(d->max_vcpus)); +@@ -1340,6 +1365,8 @@ void evtchn_destroy(struct domain *d) + for ( i = 0; port_is_valid(d, i); i++ ) + evtchn_close(d, i, 0); + ++ ASSERT(!d->active_evtchns); ++ + clear_global_virq_handlers(d); + + evtchn_fifo_destroy(d); +--- a/xen/include/xen/sched.h ++++ b/xen/include/xen/sched.h +@@ -384,6 +384,16 @@ struct domain + struct evtchn **evtchn_group[NR_EVTCHN_GROUPS]; /* all other buckets */ + unsigned int max_evtchn_port; /* max permitted port number */ + unsigned int valid_evtchns; /* number of allocated event channels */ ++ /* ++ * Number of in-use event channels. Writers should use write_atomic(). ++ * Readers need to use read_atomic() only when not holding event_lock. ++ */ ++ unsigned int active_evtchns; ++ /* ++ * Number of event channels used internally by Xen (not subject to ++ * EVTCHNOP_reset). Read/write access like for active_evtchns. ++ */ ++ unsigned int xen_evtchns; + spinlock_t event_lock; + const struct evtchn_port_ops *evtchn_port_ops; + struct evtchn_fifo_domain *evtchn_fifo; diff --git a/xsa343-2.patch b/xsa343-2.patch new file mode 100644 index 0000000..e38fb65 --- /dev/null +++ b/xsa343-2.patch @@ -0,0 +1,289 @@ +evtchn: convert per-channel lock to be IRQ-safe + +... in order for send_guest_{global,vcpu}_virq() to be able to make use +of it. + +This is part of XSA-343. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -248,6 +248,7 @@ static long evtchn_alloc_unbound(evtchn_ + int port; + domid_t dom = alloc->dom; + long rc; ++ unsigned long flags; + + d = rcu_lock_domain_by_any_id(dom); + if ( d == NULL ) +@@ -263,14 +264,14 @@ static long evtchn_alloc_unbound(evtchn_ + if ( rc ) + goto out; + +- spin_lock(&chn->lock); ++ spin_lock_irqsave(&chn->lock, flags); + + chn->state = ECS_UNBOUND; + if ( (chn->u.unbound.remote_domid = alloc->remote_dom) == DOMID_SELF ) + chn->u.unbound.remote_domid = current->domain->domain_id; + evtchn_port_init(d, chn); + +- spin_unlock(&chn->lock); ++ spin_unlock_irqrestore(&chn->lock, flags); + + alloc->port = port; + +@@ -283,26 +284,32 @@ static long evtchn_alloc_unbound(evtchn_ + } + + +-static void double_evtchn_lock(struct evtchn *lchn, struct evtchn *rchn) ++static unsigned long double_evtchn_lock(struct evtchn *lchn, ++ struct evtchn *rchn) + { +- if ( lchn < rchn ) ++ unsigned long flags; ++ ++ if ( lchn <= rchn ) + { +- spin_lock(&lchn->lock); +- spin_lock(&rchn->lock); ++ spin_lock_irqsave(&lchn->lock, flags); ++ if ( lchn != rchn ) ++ spin_lock(&rchn->lock); + } + else + { +- if ( lchn != rchn ) +- spin_lock(&rchn->lock); ++ spin_lock_irqsave(&rchn->lock, flags); + spin_lock(&lchn->lock); + } ++ ++ return flags; + } + +-static void double_evtchn_unlock(struct evtchn *lchn, struct evtchn *rchn) ++static void double_evtchn_unlock(struct evtchn *lchn, struct evtchn *rchn, ++ unsigned long flags) + { +- spin_unlock(&lchn->lock); + if ( lchn != rchn ) +- spin_unlock(&rchn->lock); ++ spin_unlock(&lchn->lock); ++ spin_unlock_irqrestore(&rchn->lock, flags); + } + + static long evtchn_bind_interdomain(evtchn_bind_interdomain_t *bind) +@@ -312,6 +319,7 @@ static long evtchn_bind_interdomain(evtc + int lport, rport = bind->remote_port; + domid_t rdom = bind->remote_dom; + long rc; ++ unsigned long flags; + + if ( rdom == DOMID_SELF ) + rdom = current->domain->domain_id; +@@ -347,7 +355,7 @@ static long evtchn_bind_interdomain(evtc + if ( rc ) + goto out; + +- double_evtchn_lock(lchn, rchn); ++ flags = double_evtchn_lock(lchn, rchn); + + lchn->u.interdomain.remote_dom = rd; + lchn->u.interdomain.remote_port = rport; +@@ -364,7 +372,7 @@ static long evtchn_bind_interdomain(evtc + */ + evtchn_port_set_pending(ld, lchn->notify_vcpu_id, lchn); + +- double_evtchn_unlock(lchn, rchn); ++ double_evtchn_unlock(lchn, rchn, flags); + + bind->local_port = lport; + +@@ -387,6 +395,7 @@ int evtchn_bind_virq(evtchn_bind_virq_t + struct domain *d = current->domain; + int virq = bind->virq, vcpu = bind->vcpu; + int rc = 0; ++ unsigned long flags; + + if ( (virq < 0) || (virq >= ARRAY_SIZE(v->virq_to_evtchn)) ) + return -EINVAL; +@@ -424,14 +433,14 @@ int evtchn_bind_virq(evtchn_bind_virq_t + + chn = evtchn_from_port(d, port); + +- spin_lock(&chn->lock); ++ spin_lock_irqsave(&chn->lock, flags); + + chn->state = ECS_VIRQ; + chn->notify_vcpu_id = vcpu; + chn->u.virq = virq; + evtchn_port_init(d, chn); + +- spin_unlock(&chn->lock); ++ spin_unlock_irqrestore(&chn->lock, flags); + + v->virq_to_evtchn[virq] = bind->port = port; + +@@ -448,6 +457,7 @@ static long evtchn_bind_ipi(evtchn_bind_ + struct domain *d = current->domain; + int port, vcpu = bind->vcpu; + long rc = 0; ++ unsigned long flags; + + if ( domain_vcpu(d, vcpu) == NULL ) + return -ENOENT; +@@ -459,13 +469,13 @@ static long evtchn_bind_ipi(evtchn_bind_ + + chn = evtchn_from_port(d, port); + +- spin_lock(&chn->lock); ++ spin_lock_irqsave(&chn->lock, flags); + + chn->state = ECS_IPI; + chn->notify_vcpu_id = vcpu; + evtchn_port_init(d, chn); + +- spin_unlock(&chn->lock); ++ spin_unlock_irqrestore(&chn->lock, flags); + + bind->port = port; + +@@ -509,6 +519,7 @@ static long evtchn_bind_pirq(evtchn_bind + struct pirq *info; + int port = 0, pirq = bind->pirq; + long rc; ++ unsigned long flags; + + if ( (pirq < 0) || (pirq >= d->nr_pirqs) ) + return -EINVAL; +@@ -541,14 +552,14 @@ static long evtchn_bind_pirq(evtchn_bind + goto out; + } + +- spin_lock(&chn->lock); ++ spin_lock_irqsave(&chn->lock, flags); + + chn->state = ECS_PIRQ; + chn->u.pirq.irq = pirq; + link_pirq_port(port, chn, v); + evtchn_port_init(d, chn); + +- spin_unlock(&chn->lock); ++ spin_unlock_irqrestore(&chn->lock, flags); + + bind->port = port; + +@@ -569,6 +580,7 @@ int evtchn_close(struct domain *d1, int + struct evtchn *chn1, *chn2; + int port2; + long rc = 0; ++ unsigned long flags; + + again: + spin_lock(&d1->event_lock); +@@ -668,14 +680,14 @@ int evtchn_close(struct domain *d1, int + BUG_ON(chn2->state != ECS_INTERDOMAIN); + BUG_ON(chn2->u.interdomain.remote_dom != d1); + +- double_evtchn_lock(chn1, chn2); ++ flags = double_evtchn_lock(chn1, chn2); + + evtchn_free(d1, chn1); + + chn2->state = ECS_UNBOUND; + chn2->u.unbound.remote_domid = d1->domain_id; + +- double_evtchn_unlock(chn1, chn2); ++ double_evtchn_unlock(chn1, chn2, flags); + + goto out; + +@@ -683,9 +695,9 @@ int evtchn_close(struct domain *d1, int + BUG(); + } + +- spin_lock(&chn1->lock); ++ spin_lock_irqsave(&chn1->lock, flags); + evtchn_free(d1, chn1); +- spin_unlock(&chn1->lock); ++ spin_unlock_irqrestore(&chn1->lock, flags); + + out: + if ( d2 != NULL ) +@@ -705,13 +717,14 @@ int evtchn_send(struct domain *ld, unsig + struct evtchn *lchn, *rchn; + struct domain *rd; + int rport, ret = 0; ++ unsigned long flags; + + if ( !port_is_valid(ld, lport) ) + return -EINVAL; + + lchn = evtchn_from_port(ld, lport); + +- spin_lock(&lchn->lock); ++ spin_lock_irqsave(&lchn->lock, flags); + + /* Guest cannot send via a Xen-attached event channel. */ + if ( unlikely(consumer_is_xen(lchn)) ) +@@ -746,7 +759,7 @@ int evtchn_send(struct domain *ld, unsig + } + + out: +- spin_unlock(&lchn->lock); ++ spin_unlock_irqrestore(&lchn->lock, flags); + + return ret; + } +@@ -1238,6 +1251,7 @@ int alloc_unbound_xen_event_channel( + { + struct evtchn *chn; + int port, rc; ++ unsigned long flags; + + spin_lock(&ld->event_lock); + +@@ -1250,14 +1264,14 @@ int alloc_unbound_xen_event_channel( + if ( rc ) + goto out; + +- spin_lock(&chn->lock); ++ spin_lock_irqsave(&chn->lock, flags); + + chn->state = ECS_UNBOUND; + chn->xen_consumer = get_xen_consumer(notification_fn); + chn->notify_vcpu_id = lvcpu; + chn->u.unbound.remote_domid = remote_domid; + +- spin_unlock(&chn->lock); ++ spin_unlock_irqrestore(&chn->lock, flags); + + write_atomic(&ld->xen_evtchns, ld->xen_evtchns + 1); + +@@ -1280,11 +1294,12 @@ void notify_via_xen_event_channel(struct + { + struct evtchn *lchn, *rchn; + struct domain *rd; ++ unsigned long flags; + + ASSERT(port_is_valid(ld, lport)); + lchn = evtchn_from_port(ld, lport); + +- spin_lock(&lchn->lock); ++ spin_lock_irqsave(&lchn->lock, flags); + + if ( likely(lchn->state == ECS_INTERDOMAIN) ) + { +@@ -1294,7 +1309,7 @@ void notify_via_xen_event_channel(struct + evtchn_port_set_pending(rd, rchn->notify_vcpu_id, rchn); + } + +- spin_unlock(&lchn->lock); ++ spin_unlock_irqrestore(&lchn->lock, flags); + } + + void evtchn_check_pollers(struct domain *d, unsigned int port) diff --git a/xsa343-3.patch b/xsa343-3.patch new file mode 100644 index 0000000..19d9252 --- /dev/null +++ b/xsa343-3.patch @@ -0,0 +1,379 @@ +evtchn: address races with evtchn_reset() + +Neither d->evtchn_port_ops nor max_evtchns(d) may be used in an entirely +lock-less manner, as both may change by a racing evtchn_reset(). In the +common case, at least one of the domain's event lock or the per-channel +lock needs to be held. In the specific case of the inter-domain sending +by evtchn_send() and notify_via_xen_event_channel() holding the other +side's per-channel lock is sufficient, as the channel can't change state +without both per-channel locks held. Without such a channel changing +state, evtchn_reset() can't complete successfully. + +Lock-free accesses continue to be permitted for the shim (calling some +otherwise internal event channel functions), as this happens while the +domain is in effectively single-threaded mode. Special care also needs +taking for the shim's marking of in-use ports as ECS_RESERVED (allowing +use of such ports in the shim case is okay because switching into and +hence also out of FIFO mode is impossible there). + +As a side effect, certain operations on Xen bound event channels which +were mistakenly permitted so far (e.g. unmask or poll) will be refused +now. + +This is part of XSA-343. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/arch/x86/irq.c ++++ b/xen/arch/x86/irq.c +@@ -2474,14 +2474,24 @@ static void dump_irqs(unsigned char key) + + for ( i = 0; i < action->nr_guests; ) + { ++ struct evtchn *evtchn; ++ unsigned int pending = 2, masked = 2; ++ + d = action->guest[i++]; + pirq = domain_irq_to_pirq(d, irq); + info = pirq_info(d, pirq); ++ evtchn = evtchn_from_port(d, info->evtchn); ++ local_irq_disable(); ++ if ( spin_trylock(&evtchn->lock) ) ++ { ++ pending = evtchn_is_pending(d, evtchn); ++ masked = evtchn_is_masked(d, evtchn); ++ spin_unlock(&evtchn->lock); ++ } ++ local_irq_enable(); + printk("d%d:%3d(%c%c%c)%c", +- d->domain_id, pirq, +- evtchn_port_is_pending(d, info->evtchn) ? 'P' : '-', +- evtchn_port_is_masked(d, info->evtchn) ? 'M' : '-', +- info->masked ? 'M' : '-', ++ d->domain_id, pirq, "-P?"[pending], ++ "-M?"[masked], info->masked ? 'M' : '-', + i < action->nr_guests ? ',' : '\n'); + } + } +--- a/xen/arch/x86/pv/shim.c ++++ b/xen/arch/x86/pv/shim.c +@@ -660,8 +660,11 @@ void pv_shim_inject_evtchn(unsigned int + if ( port_is_valid(guest, port) ) + { + struct evtchn *chn = evtchn_from_port(guest, port); ++ unsigned long flags; + ++ spin_lock_irqsave(&chn->lock, flags); + evtchn_port_set_pending(guest, chn->notify_vcpu_id, chn); ++ spin_unlock_irqrestore(&chn->lock, flags); + } + } + +--- a/xen/common/event_2l.c ++++ b/xen/common/event_2l.c +@@ -63,8 +63,10 @@ static void evtchn_2l_unmask(struct doma + } + } + +-static bool evtchn_2l_is_pending(const struct domain *d, evtchn_port_t port) ++static bool evtchn_2l_is_pending(const struct domain *d, ++ const struct evtchn *evtchn) + { ++ evtchn_port_t port = evtchn->port; + unsigned int max_ports = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); + + ASSERT(port < max_ports); +@@ -72,8 +74,10 @@ static bool evtchn_2l_is_pending(const s + guest_test_bit(d, port, &shared_info(d, evtchn_pending))); + } + +-static bool evtchn_2l_is_masked(const struct domain *d, evtchn_port_t port) ++static bool evtchn_2l_is_masked(const struct domain *d, ++ const struct evtchn *evtchn) + { ++ evtchn_port_t port = evtchn->port; + unsigned int max_ports = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); + + ASSERT(port < max_ports); +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -156,8 +156,9 @@ int evtchn_allocate_port(struct domain * + + if ( port_is_valid(d, port) ) + { +- if ( evtchn_from_port(d, port)->state != ECS_FREE || +- evtchn_port_is_busy(d, port) ) ++ const struct evtchn *chn = evtchn_from_port(d, port); ++ ++ if ( chn->state != ECS_FREE || evtchn_is_busy(d, chn) ) + return -EBUSY; + } + else +@@ -774,6 +775,7 @@ void send_guest_vcpu_virq(struct vcpu *v + unsigned long flags; + int port; + struct domain *d; ++ struct evtchn *chn; + + ASSERT(!virq_is_global(virq)); + +@@ -784,7 +786,10 @@ void send_guest_vcpu_virq(struct vcpu *v + goto out; + + d = v->domain; +- evtchn_port_set_pending(d, v->vcpu_id, evtchn_from_port(d, port)); ++ chn = evtchn_from_port(d, port); ++ spin_lock(&chn->lock); ++ evtchn_port_set_pending(d, v->vcpu_id, chn); ++ spin_unlock(&chn->lock); + + out: + spin_unlock_irqrestore(&v->virq_lock, flags); +@@ -813,7 +818,9 @@ void send_guest_global_virq(struct domai + goto out; + + chn = evtchn_from_port(d, port); ++ spin_lock(&chn->lock); + evtchn_port_set_pending(d, chn->notify_vcpu_id, chn); ++ spin_unlock(&chn->lock); + + out: + spin_unlock_irqrestore(&v->virq_lock, flags); +@@ -823,6 +830,7 @@ void send_guest_pirq(struct domain *d, c + { + int port; + struct evtchn *chn; ++ unsigned long flags; + + /* + * PV guests: It should not be possible to race with __evtchn_close(). The +@@ -837,7 +845,9 @@ void send_guest_pirq(struct domain *d, c + } + + chn = evtchn_from_port(d, port); ++ spin_lock_irqsave(&chn->lock, flags); + evtchn_port_set_pending(d, chn->notify_vcpu_id, chn); ++ spin_unlock_irqrestore(&chn->lock, flags); + } + + static struct domain *global_virq_handlers[NR_VIRQS] __read_mostly; +@@ -1034,12 +1044,15 @@ int evtchn_unmask(unsigned int port) + { + struct domain *d = current->domain; + struct evtchn *evtchn; ++ unsigned long flags; + + if ( unlikely(!port_is_valid(d, port)) ) + return -EINVAL; + + evtchn = evtchn_from_port(d, port); ++ spin_lock_irqsave(&evtchn->lock, flags); + evtchn_port_unmask(d, evtchn); ++ spin_unlock_irqrestore(&evtchn->lock, flags); + + return 0; + } +@@ -1449,8 +1462,8 @@ static void domain_dump_evtchn_info(stru + + printk(" %4u [%d/%d/", + port, +- evtchn_port_is_pending(d, port), +- evtchn_port_is_masked(d, port)); ++ evtchn_is_pending(d, chn), ++ evtchn_is_masked(d, chn)); + evtchn_port_print_state(d, chn); + printk("]: s=%d n=%d x=%d", + chn->state, chn->notify_vcpu_id, chn->xen_consumer); +--- a/xen/common/event_fifo.c ++++ b/xen/common/event_fifo.c +@@ -296,23 +296,26 @@ static void evtchn_fifo_unmask(struct do + evtchn_fifo_set_pending(v, evtchn); + } + +-static bool evtchn_fifo_is_pending(const struct domain *d, evtchn_port_t port) ++static bool evtchn_fifo_is_pending(const struct domain *d, ++ const struct evtchn *evtchn) + { +- const event_word_t *word = evtchn_fifo_word_from_port(d, port); ++ const event_word_t *word = evtchn_fifo_word_from_port(d, evtchn->port); + + return word && guest_test_bit(d, EVTCHN_FIFO_PENDING, word); + } + +-static bool_t evtchn_fifo_is_masked(const struct domain *d, evtchn_port_t port) ++static bool_t evtchn_fifo_is_masked(const struct domain *d, ++ const struct evtchn *evtchn) + { +- const event_word_t *word = evtchn_fifo_word_from_port(d, port); ++ const event_word_t *word = evtchn_fifo_word_from_port(d, evtchn->port); + + return !word || guest_test_bit(d, EVTCHN_FIFO_MASKED, word); + } + +-static bool_t evtchn_fifo_is_busy(const struct domain *d, evtchn_port_t port) ++static bool_t evtchn_fifo_is_busy(const struct domain *d, ++ const struct evtchn *evtchn) + { +- const event_word_t *word = evtchn_fifo_word_from_port(d, port); ++ const event_word_t *word = evtchn_fifo_word_from_port(d, evtchn->port); + + return word && guest_test_bit(d, EVTCHN_FIFO_LINKED, word); + } +--- a/xen/include/asm-x86/event.h ++++ b/xen/include/asm-x86/event.h +@@ -47,4 +47,10 @@ static inline bool arch_virq_is_global(u + return true; + } + ++#ifdef CONFIG_PV_SHIM ++# include <asm/pv/shim.h> ++# define arch_evtchn_is_special(chn) \ ++ (pv_shim && (chn)->port && (chn)->state == ECS_RESERVED) ++#endif ++ + #endif +--- a/xen/include/xen/event.h ++++ b/xen/include/xen/event.h +@@ -133,6 +133,24 @@ static inline struct evtchn *evtchn_from + return bucket_from_port(d, p) + (p % EVTCHNS_PER_BUCKET); + } + ++/* ++ * "usable" as in "by a guest", i.e. Xen consumed channels are assumed to be ++ * taken care of separately where used for Xen's internal purposes. ++ */ ++static bool evtchn_usable(const struct evtchn *evtchn) ++{ ++ if ( evtchn->xen_consumer ) ++ return false; ++ ++#ifdef arch_evtchn_is_special ++ if ( arch_evtchn_is_special(evtchn) ) ++ return true; ++#endif ++ ++ BUILD_BUG_ON(ECS_FREE > ECS_RESERVED); ++ return evtchn->state > ECS_RESERVED; ++} ++ + /* Wait on a Xen-attached event channel. */ + #define wait_on_xen_event_channel(port, condition) \ + do { \ +@@ -165,19 +183,24 @@ int evtchn_reset(struct domain *d); + + /* + * Low-level event channel port ops. ++ * ++ * All hooks have to be called with a lock held which prevents the channel ++ * from changing state. This may be the domain event lock, the per-channel ++ * lock, or in the case of sending interdomain events also the other side's ++ * per-channel lock. Exceptions apply in certain cases for the PV shim. + */ + struct evtchn_port_ops { + void (*init)(struct domain *d, struct evtchn *evtchn); + void (*set_pending)(struct vcpu *v, struct evtchn *evtchn); + void (*clear_pending)(struct domain *d, struct evtchn *evtchn); + void (*unmask)(struct domain *d, struct evtchn *evtchn); +- bool (*is_pending)(const struct domain *d, evtchn_port_t port); +- bool (*is_masked)(const struct domain *d, evtchn_port_t port); ++ bool (*is_pending)(const struct domain *d, const struct evtchn *evtchn); ++ bool (*is_masked)(const struct domain *d, const struct evtchn *evtchn); + /* + * Is the port unavailable because it's still being cleaned up + * after being closed? + */ +- bool (*is_busy)(const struct domain *d, evtchn_port_t port); ++ bool (*is_busy)(const struct domain *d, const struct evtchn *evtchn); + int (*set_priority)(struct domain *d, struct evtchn *evtchn, + unsigned int priority); + void (*print_state)(struct domain *d, const struct evtchn *evtchn); +@@ -193,38 +216,67 @@ static inline void evtchn_port_set_pendi + unsigned int vcpu_id, + struct evtchn *evtchn) + { +- d->evtchn_port_ops->set_pending(d->vcpu[vcpu_id], evtchn); ++ if ( evtchn_usable(evtchn) ) ++ d->evtchn_port_ops->set_pending(d->vcpu[vcpu_id], evtchn); + } + + static inline void evtchn_port_clear_pending(struct domain *d, + struct evtchn *evtchn) + { +- d->evtchn_port_ops->clear_pending(d, evtchn); ++ if ( evtchn_usable(evtchn) ) ++ d->evtchn_port_ops->clear_pending(d, evtchn); + } + + static inline void evtchn_port_unmask(struct domain *d, + struct evtchn *evtchn) + { +- d->evtchn_port_ops->unmask(d, evtchn); ++ if ( evtchn_usable(evtchn) ) ++ d->evtchn_port_ops->unmask(d, evtchn); + } + +-static inline bool evtchn_port_is_pending(const struct domain *d, +- evtchn_port_t port) ++static inline bool evtchn_is_pending(const struct domain *d, ++ const struct evtchn *evtchn) + { +- return d->evtchn_port_ops->is_pending(d, port); ++ return evtchn_usable(evtchn) && d->evtchn_port_ops->is_pending(d, evtchn); + } + +-static inline bool evtchn_port_is_masked(const struct domain *d, +- evtchn_port_t port) ++static inline bool evtchn_port_is_pending(struct domain *d, evtchn_port_t port) + { +- return d->evtchn_port_ops->is_masked(d, port); ++ struct evtchn *evtchn = evtchn_from_port(d, port); ++ bool rc; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&evtchn->lock, flags); ++ rc = evtchn_is_pending(d, evtchn); ++ spin_unlock_irqrestore(&evtchn->lock, flags); ++ ++ return rc; ++} ++ ++static inline bool evtchn_is_masked(const struct domain *d, ++ const struct evtchn *evtchn) ++{ ++ return !evtchn_usable(evtchn) || d->evtchn_port_ops->is_masked(d, evtchn); ++} ++ ++static inline bool evtchn_port_is_masked(struct domain *d, evtchn_port_t port) ++{ ++ struct evtchn *evtchn = evtchn_from_port(d, port); ++ bool rc; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&evtchn->lock, flags); ++ rc = evtchn_is_masked(d, evtchn); ++ spin_unlock_irqrestore(&evtchn->lock, flags); ++ ++ return rc; + } + +-static inline bool evtchn_port_is_busy(const struct domain *d, +- evtchn_port_t port) ++static inline bool evtchn_is_busy(const struct domain *d, ++ const struct evtchn *evtchn) + { + return d->evtchn_port_ops->is_busy && +- d->evtchn_port_ops->is_busy(d, port); ++ d->evtchn_port_ops->is_busy(d, evtchn); + } + + static inline int evtchn_port_set_priority(struct domain *d, +@@ -233,6 +285,8 @@ static inline int evtchn_port_set_priori + { + if ( !d->evtchn_port_ops->set_priority ) + return -ENOSYS; ++ if ( !evtchn_usable(evtchn) ) ++ return -EACCES; + return d->evtchn_port_ops->set_priority(d, evtchn, priority); + } + diff --git a/xsa344-1.patch b/xsa344-1.patch new file mode 100644 index 0000000..a130366 --- /dev/null +++ b/xsa344-1.patch @@ -0,0 +1,128 @@ +evtchn: arrange for preemption in evtchn_destroy() + +Especially closing of fully established interdomain channels can take +quite some time, due to the locking involved. Therefore we shouldn't +assume we can clean up still active ports all in one go. Besides adding +the necessary preemption check, also avoid pointlessly starting from +(or now really ending at) 0; 1 is the lowest numbered port which may +need closing. + +Since we're now reducing ->valid_evtchns, free_xen_event_channel(), +and (at least to be on the safe side) notify_via_xen_event_channel() +need to cope with attempts to close / unbind from / send through already +closed (and no longer valid, as per port_is_valid()) ports. + +This is part of XSA-344. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/common/domain.c ++++ b/xen/common/domain.c +@@ -770,12 +770,14 @@ int domain_kill(struct domain *d) + return domain_kill(d); + d->is_dying = DOMDYING_dying; + argo_destroy(d); +- evtchn_destroy(d); + gnttab_release_mappings(d); + vnuma_destroy(d->vnuma); + domain_set_outstanding_pages(d, 0); + /* fallthrough */ + case DOMDYING_dying: ++ rc = evtchn_destroy(d); ++ if ( rc ) ++ break; + rc = domain_relinquish_resources(d); + if ( rc != 0 ) + break; +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -1297,7 +1297,16 @@ int alloc_unbound_xen_event_channel( + + void free_xen_event_channel(struct domain *d, int port) + { +- BUG_ON(!port_is_valid(d, port)); ++ if ( !port_is_valid(d, port) ) ++ { ++ /* ++ * Make sure ->is_dying is read /after/ ->valid_evtchns, pairing ++ * with the spin_barrier() and BUG_ON() in evtchn_destroy(). ++ */ ++ smp_rmb(); ++ BUG_ON(!d->is_dying); ++ return; ++ } + + evtchn_close(d, port, 0); + } +@@ -1309,7 +1318,17 @@ void notify_via_xen_event_channel(struct + struct domain *rd; + unsigned long flags; + +- ASSERT(port_is_valid(ld, lport)); ++ if ( !port_is_valid(ld, lport) ) ++ { ++ /* ++ * Make sure ->is_dying is read /after/ ->valid_evtchns, pairing ++ * with the spin_barrier() and BUG_ON() in evtchn_destroy(). ++ */ ++ smp_rmb(); ++ ASSERT(ld->is_dying); ++ return; ++ } ++ + lchn = evtchn_from_port(ld, lport); + + spin_lock_irqsave(&lchn->lock, flags); +@@ -1380,8 +1399,7 @@ int evtchn_init(struct domain *d, unsign + return 0; + } + +- +-void evtchn_destroy(struct domain *d) ++int evtchn_destroy(struct domain *d) + { + unsigned int i; + +@@ -1390,14 +1408,29 @@ void evtchn_destroy(struct domain *d) + spin_barrier(&d->event_lock); + + /* Close all existing event channels. */ +- for ( i = 0; port_is_valid(d, i); i++ ) ++ for ( i = d->valid_evtchns; --i; ) ++ { + evtchn_close(d, i, 0); + ++ /* ++ * Avoid preempting when called from domain_create()'s error path, ++ * and don't check too often (choice of frequency is arbitrary). ++ */ ++ if ( i && !(i & 0x3f) && d->is_dying != DOMDYING_dead && ++ hypercall_preempt_check() ) ++ { ++ write_atomic(&d->valid_evtchns, i); ++ return -ERESTART; ++ } ++ } ++ + ASSERT(!d->active_evtchns); + + clear_global_virq_handlers(d); + + evtchn_fifo_destroy(d); ++ ++ return 0; + } + + +--- a/xen/include/xen/sched.h ++++ b/xen/include/xen/sched.h +@@ -136,7 +136,7 @@ struct evtchn + } __attribute__((aligned(64))); + + int evtchn_init(struct domain *d, unsigned int max_port); +-void evtchn_destroy(struct domain *d); /* from domain_kill */ ++int evtchn_destroy(struct domain *d); /* from domain_kill */ + void evtchn_destroy_final(struct domain *d); /* from complete_domain_destroy */ + + struct waitqueue_vcpu; diff --git a/xsa344-2.patch b/xsa344-2.patch new file mode 100644 index 0000000..530e0c3 --- /dev/null +++ b/xsa344-2.patch @@ -0,0 +1,201 @@ +evtchn: arrange for preemption in evtchn_reset() + +Like for evtchn_destroy() looping over all possible event channels to +close them can take a significant amount of time. Unlike done there, we +can't alter domain properties (i.e. d->valid_evtchns) here. Borrow, in a +lightweight form, the paging domctl continuation concept, redirecting +the continuations to different sub-ops. Just like there this is to be +able to allow for predictable overall results of the involved sub-ops: +Racing requests should either complete or be refused. + +Note that a domain can't interfere with an already started (by a remote +domain) reset, due to being paused. It can prevent a remote reset from +happening by leaving a reset unfinished, but that's only going to affect +itself. + +This is part of XSA-344. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/common/domain.c ++++ b/xen/common/domain.c +@@ -1214,7 +1214,7 @@ void domain_unpause_except_self(struct d + domain_unpause(d); + } + +-int domain_soft_reset(struct domain *d) ++int domain_soft_reset(struct domain *d, bool resuming) + { + struct vcpu *v; + int rc; +@@ -1228,7 +1228,7 @@ int domain_soft_reset(struct domain *d) + } + spin_unlock(&d->shutdown_lock); + +- rc = evtchn_reset(d); ++ rc = evtchn_reset(d, resuming); + if ( rc ) + return rc; + +--- a/xen/common/domctl.c ++++ b/xen/common/domctl.c +@@ -572,12 +572,22 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe + } + + case XEN_DOMCTL_soft_reset: ++ case XEN_DOMCTL_soft_reset_cont: + if ( d == current->domain ) /* no domain_pause() */ + { + ret = -EINVAL; + break; + } +- ret = domain_soft_reset(d); ++ ret = domain_soft_reset(d, op->cmd == XEN_DOMCTL_soft_reset_cont); ++ if ( ret == -ERESTART ) ++ { ++ op->cmd = XEN_DOMCTL_soft_reset_cont; ++ if ( !__copy_field_to_guest(u_domctl, op, cmd) ) ++ ret = hypercall_create_continuation(__HYPERVISOR_domctl, ++ "h", u_domctl); ++ else ++ ret = -EFAULT; ++ } + break; + + case XEN_DOMCTL_destroydomain: +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -1057,7 +1057,7 @@ int evtchn_unmask(unsigned int port) + return 0; + } + +-int evtchn_reset(struct domain *d) ++int evtchn_reset(struct domain *d, bool resuming) + { + unsigned int i; + int rc = 0; +@@ -1065,11 +1065,40 @@ int evtchn_reset(struct domain *d) + if ( d != current->domain && !d->controller_pause_count ) + return -EINVAL; + +- for ( i = 0; port_is_valid(d, i); i++ ) ++ spin_lock(&d->event_lock); ++ ++ /* ++ * If we are resuming, then start where we stopped. Otherwise, check ++ * that a reset operation is not already in progress, and if none is, ++ * record that this is now the case. ++ */ ++ i = resuming ? d->next_evtchn : !d->next_evtchn; ++ if ( i > d->next_evtchn ) ++ d->next_evtchn = i; ++ ++ spin_unlock(&d->event_lock); ++ ++ if ( !i ) ++ return -EBUSY; ++ ++ for ( ; port_is_valid(d, i); i++ ) ++ { + evtchn_close(d, i, 1); + ++ /* NB: Choice of frequency is arbitrary. */ ++ if ( !(i & 0x3f) && hypercall_preempt_check() ) ++ { ++ spin_lock(&d->event_lock); ++ d->next_evtchn = i; ++ spin_unlock(&d->event_lock); ++ return -ERESTART; ++ } ++ } ++ + spin_lock(&d->event_lock); + ++ d->next_evtchn = 0; ++ + if ( d->active_evtchns > d->xen_evtchns ) + rc = -EAGAIN; + else if ( d->evtchn_fifo ) +@@ -1204,7 +1233,8 @@ long do_event_channel_op(int cmd, XEN_GU + break; + } + +- case EVTCHNOP_reset: { ++ case EVTCHNOP_reset: ++ case EVTCHNOP_reset_cont: { + struct evtchn_reset reset; + struct domain *d; + +@@ -1217,9 +1247,13 @@ long do_event_channel_op(int cmd, XEN_GU + + rc = xsm_evtchn_reset(XSM_TARGET, current->domain, d); + if ( !rc ) +- rc = evtchn_reset(d); ++ rc = evtchn_reset(d, cmd == EVTCHNOP_reset_cont); + + rcu_unlock_domain(d); ++ ++ if ( rc == -ERESTART ) ++ rc = hypercall_create_continuation(__HYPERVISOR_event_channel_op, ++ "ih", EVTCHNOP_reset_cont, arg); + break; + } + +--- a/xen/include/public/domctl.h ++++ b/xen/include/public/domctl.h +@@ -1152,7 +1152,10 @@ struct xen_domctl { + #define XEN_DOMCTL_iomem_permission 20 + #define XEN_DOMCTL_ioport_permission 21 + #define XEN_DOMCTL_hypercall_init 22 +-#define XEN_DOMCTL_arch_setup 23 /* Obsolete IA64 only */ ++#ifdef __XEN__ ++/* #define XEN_DOMCTL_arch_setup 23 Obsolete IA64 only */ ++#define XEN_DOMCTL_soft_reset_cont 23 ++#endif + #define XEN_DOMCTL_settimeoffset 24 + #define XEN_DOMCTL_getvcpuaffinity 25 + #define XEN_DOMCTL_real_mode_area 26 /* Obsolete PPC only */ +--- a/xen/include/public/event_channel.h ++++ b/xen/include/public/event_channel.h +@@ -74,6 +74,9 @@ + #define EVTCHNOP_init_control 11 + #define EVTCHNOP_expand_array 12 + #define EVTCHNOP_set_priority 13 ++#ifdef __XEN__ ++#define EVTCHNOP_reset_cont 14 ++#endif + /* ` } */ + + typedef uint32_t evtchn_port_t; +--- a/xen/include/xen/event.h ++++ b/xen/include/xen/event.h +@@ -171,7 +171,7 @@ void evtchn_check_pollers(struct domain + void evtchn_2l_init(struct domain *d); + + /* Close all event channels and reset to 2-level ABI. */ +-int evtchn_reset(struct domain *d); ++int evtchn_reset(struct domain *d, bool resuming); + + /* + * Low-level event channel port ops. +--- a/xen/include/xen/sched.h ++++ b/xen/include/xen/sched.h +@@ -394,6 +394,8 @@ struct domain + * EVTCHNOP_reset). Read/write access like for active_evtchns. + */ + unsigned int xen_evtchns; ++ /* Port to resume from in evtchn_reset(), when in a continuation. */ ++ unsigned int next_evtchn; + spinlock_t event_lock; + const struct evtchn_port_ops *evtchn_port_ops; + struct evtchn_fifo_domain *evtchn_fifo; +@@ -663,7 +665,7 @@ int domain_shutdown(struct domain *d, u8 + void domain_resume(struct domain *d); + void domain_pause_for_debugger(void); + +-int domain_soft_reset(struct domain *d); ++int domain_soft_reset(struct domain *d, bool resuming); + + int vcpu_start_shutdown_deferral(struct vcpu *v); + void vcpu_end_shutdown_deferral(struct vcpu *v); diff --git a/xsa345-1.patch b/xsa345-1.patch new file mode 100644 index 0000000..a9759d5 --- /dev/null +++ b/xsa345-1.patch @@ -0,0 +1,81 @@ +x86/mm: Refactor map_pages_to_xen to have only a single exit path + +We will soon need to perform clean-ups before returning. + +No functional change. + +This is part of XSA-345. + +Signed-off-by: Wei Liu <wei.liu2@citrix.com> +Signed-off-by: Hongyan Xia <hongyxia@amazon.com> +Signed-off-by: George Dunlap <george.dunlap@citrix.com> +Acked-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/mm.c ++++ b/xen/arch/x86/mm.c +@@ -5181,6 +5181,7 @@ int map_pages_to_xen( + l2_pgentry_t *pl2e, ol2e; + l1_pgentry_t *pl1e, ol1e; + unsigned int i; ++ int rc = -ENOMEM; + + #define flush_flags(oldf) do { \ + unsigned int o_ = (oldf); \ +@@ -5201,7 +5202,8 @@ int map_pages_to_xen( + l3_pgentry_t ol3e, *pl3e = virt_to_xen_l3e(virt); + + if ( !pl3e ) +- return -ENOMEM; ++ goto out; ++ + ol3e = *pl3e; + + if ( cpu_has_page1gb && +@@ -5289,7 +5291,7 @@ int map_pages_to_xen( + + pl2e = alloc_xen_pagetable(); + if ( pl2e == NULL ) +- return -ENOMEM; ++ goto out; + + for ( i = 0; i < L2_PAGETABLE_ENTRIES; i++ ) + l2e_write(pl2e + i, +@@ -5318,7 +5320,7 @@ int map_pages_to_xen( + + pl2e = virt_to_xen_l2e(virt); + if ( !pl2e ) +- return -ENOMEM; ++ goto out; + + if ( ((((virt >> PAGE_SHIFT) | mfn_x(mfn)) & + ((1u << PAGETABLE_ORDER) - 1)) == 0) && +@@ -5361,7 +5363,7 @@ int map_pages_to_xen( + { + pl1e = virt_to_xen_l1e(virt); + if ( pl1e == NULL ) +- return -ENOMEM; ++ goto out; + } + else if ( l2e_get_flags(*pl2e) & _PAGE_PSE ) + { +@@ -5388,7 +5390,7 @@ int map_pages_to_xen( + + pl1e = alloc_xen_pagetable(); + if ( pl1e == NULL ) +- return -ENOMEM; ++ goto out; + + for ( i = 0; i < L1_PAGETABLE_ENTRIES; i++ ) + l1e_write(&pl1e[i], +@@ -5532,7 +5534,10 @@ int map_pages_to_xen( + + #undef flush_flags + +- return 0; ++ rc = 0; ++ ++ out: ++ return rc; + } + + int populate_pt_range(unsigned long virt, unsigned long nr_mfns) diff --git a/xsa345-2.patch b/xsa345-2.patch new file mode 100644 index 0000000..a007f05 --- /dev/null +++ b/xsa345-2.patch @@ -0,0 +1,55 @@ +x86/mm: Refactor modify_xen_mappings to have one exit path + +We will soon need to perform clean-ups before returning. + +No functional change. + +This is part of XSA-345. + +Signed-off-by: Wei Liu <wei.liu2@citrix.com> +Signed-off-by: Hongyan Xia <hongyxia@amazon.com> +Signed-off-by: George Dunlap <george.dunlap@citrix.com> +Acked-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/mm.c ++++ b/xen/arch/x86/mm.c +@@ -5564,6 +5564,7 @@ int modify_xen_mappings(unsigned long s, + l1_pgentry_t *pl1e; + unsigned int i; + unsigned long v = s; ++ int rc = -ENOMEM; + + /* Set of valid PTE bits which may be altered. */ + #define FLAGS_MASK (_PAGE_NX|_PAGE_RW|_PAGE_PRESENT) +@@ -5605,7 +5606,8 @@ int modify_xen_mappings(unsigned long s, + /* PAGE1GB: shatter the superpage and fall through. */ + pl2e = alloc_xen_pagetable(); + if ( !pl2e ) +- return -ENOMEM; ++ goto out; ++ + for ( i = 0; i < L2_PAGETABLE_ENTRIES; i++ ) + l2e_write(pl2e + i, + l2e_from_pfn(l3e_get_pfn(*pl3e) + +@@ -5660,7 +5662,8 @@ int modify_xen_mappings(unsigned long s, + /* PSE: shatter the superpage and try again. */ + pl1e = alloc_xen_pagetable(); + if ( !pl1e ) +- return -ENOMEM; ++ goto out; ++ + for ( i = 0; i < L1_PAGETABLE_ENTRIES; i++ ) + l1e_write(&pl1e[i], + l1e_from_pfn(l2e_get_pfn(*pl2e) + i, +@@ -5789,7 +5792,10 @@ int modify_xen_mappings(unsigned long s, + flush_area(NULL, FLUSH_TLB_GLOBAL); + + #undef FLAGS_MASK +- return 0; ++ rc = 0; ++ ++ out: ++ return rc; + } + + #undef flush_area diff --git a/xsa345-3.patch b/xsa345-3.patch new file mode 100644 index 0000000..1b49a71 --- /dev/null +++ b/xsa345-3.patch @@ -0,0 +1,237 @@ +x86/mm: Prevent some races in hypervisor mapping updates + +map_pages_to_xen will attempt to coalesce mappings into 2MiB and 1GiB +superpages if possible, to maximize TLB efficiency. This means both +replacing superpage entries with smaller entries, and replacing +smaller entries with superpages. + +Unfortunately, while some potential races are handled correctly, +others are not. These include: + +1. When one processor modifies a sub-superpage mapping while another +processor replaces the entire range with a superpage. + +Take the following example: + +Suppose L3[N] points to L2. And suppose we have two processors, A and +B. + +* A walks the pagetables, get a pointer to L2. +* B replaces L3[N] with a 1GiB mapping. +* B Frees L2 +* A writes L2[M] # + +This is race exacerbated by the fact that virt_to_xen_l[21]e doesn't +handle higher-level superpages properly: If you call virt_xen_to_l2e +on a virtual address within an L3 superpage, you'll either hit a BUG() +(most likely), or get a pointer into the middle of a data page; same +with virt_xen_to_l1 on a virtual address within either an L3 or L2 +superpage. + +So take the following example: + +* A reads pl3e and discovers it to point to an L2. +* B replaces L3[N] with a 1GiB mapping +* A calls virt_to_xen_l2e() and hits the BUG_ON() # + +2. When two processors simultaneously try to replace a sub-superpage +mapping with a superpage mapping. + +Take the following example: + +Suppose L3[N] points to L2. And suppose we have two processors, A and B, +both trying to replace L3[N] with a superpage. + +* A walks the pagetables, get a pointer to pl3e, and takes a copy ol3e pointing to L2. +* B walks the pagetables, gets a pointre to pl3e, and takes a copy ol3e pointing to L2. +* A writes the new value into L3[N] +* B writes the new value into L3[N] +* A recursively frees all the L1's under L2, then frees L2 +* B recursively double-frees all the L1's under L2, then double-frees L2 # + +Fix this by grabbing a lock for the entirety of the mapping update +operation. + +Rather than grabbing map_pgdir_lock for the entire operation, however, +repurpose the PGT_locked bit from L3's page->type_info as a lock. +This means that rather than locking the entire address space, we +"only" lock a single 512GiB chunk of hypervisor address space at a +time. + +There was a proposal for a lock-and-reverify approach, where we walk +the pagetables to the point where we decide what to do; then grab the +map_pgdir_lock, re-verify the information we collected without the +lock, and finally make the change (starting over again if anything had +changed). Without being able to guarantee that the L2 table wasn't +freed, however, that means every read would need to be considered +potentially unsafe. Thinking carefully about that is probably +something that wants to be done on public, not under time pressure. + +This is part of XSA-345. + +Signed-off-by: Hongyan Xia <hongyxia@amazon.com> +Signed-off-by: George Dunlap <george.dunlap@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/mm.c ++++ b/xen/arch/x86/mm.c +@@ -2161,6 +2161,50 @@ void page_unlock(struct page_info *page) + current_locked_page_set(NULL); + } + ++/* ++ * L3 table locks: ++ * ++ * Used for serialization in map_pages_to_xen() and modify_xen_mappings(). ++ * ++ * For Xen PT pages, the page->u.inuse.type_info is unused and it is safe to ++ * reuse the PGT_locked flag. This lock is taken only when we move down to L3 ++ * tables and below, since L4 (and above, for 5-level paging) is still globally ++ * protected by map_pgdir_lock. ++ * ++ * PV MMU update hypercalls call map_pages_to_xen while holding a page's page_lock(). ++ * This has two implications: ++ * - We cannot reuse reuse current_locked_page_* for debugging ++ * - To avoid the chance of deadlock, even for different pages, we ++ * must never grab page_lock() after grabbing l3t_lock(). This ++ * includes any page_lock()-based locks, such as ++ * mem_sharing_page_lock(). ++ * ++ * Also note that we grab the map_pgdir_lock while holding the ++ * l3t_lock(), so to avoid deadlock we must avoid grabbing them in ++ * reverse order. ++ */ ++static void l3t_lock(struct page_info *page) ++{ ++ unsigned long x, nx; ++ ++ do { ++ while ( (x = page->u.inuse.type_info) & PGT_locked ) ++ cpu_relax(); ++ nx = x | PGT_locked; ++ } while ( cmpxchg(&page->u.inuse.type_info, x, nx) != x ); ++} ++ ++static void l3t_unlock(struct page_info *page) ++{ ++ unsigned long x, nx, y = page->u.inuse.type_info; ++ ++ do { ++ x = y; ++ BUG_ON(!(x & PGT_locked)); ++ nx = x & ~PGT_locked; ++ } while ( (y = cmpxchg(&page->u.inuse.type_info, x, nx)) != x ); ++} ++ + #ifdef CONFIG_PV + /* + * PTE flags that a guest may change without re-validating the PTE. +@@ -5171,6 +5215,23 @@ l1_pgentry_t *virt_to_xen_l1e(unsigned l + flush_area_local((const void *)v, f) : \ + flush_area_all((const void *)v, f)) + ++#define L3T_INIT(page) (page) = ZERO_BLOCK_PTR ++ ++#define L3T_LOCK(page) \ ++ do { \ ++ if ( locking ) \ ++ l3t_lock(page); \ ++ } while ( false ) ++ ++#define L3T_UNLOCK(page) \ ++ do { \ ++ if ( locking && (page) != ZERO_BLOCK_PTR ) \ ++ { \ ++ l3t_unlock(page); \ ++ (page) = ZERO_BLOCK_PTR; \ ++ } \ ++ } while ( false ) ++ + int map_pages_to_xen( + unsigned long virt, + mfn_t mfn, +@@ -5182,6 +5243,7 @@ int map_pages_to_xen( + l1_pgentry_t *pl1e, ol1e; + unsigned int i; + int rc = -ENOMEM; ++ struct page_info *current_l3page; + + #define flush_flags(oldf) do { \ + unsigned int o_ = (oldf); \ +@@ -5197,13 +5259,20 @@ int map_pages_to_xen( + } \ + } while (0) + ++ L3T_INIT(current_l3page); ++ + while ( nr_mfns != 0 ) + { +- l3_pgentry_t ol3e, *pl3e = virt_to_xen_l3e(virt); ++ l3_pgentry_t *pl3e, ol3e; + ++ L3T_UNLOCK(current_l3page); ++ ++ pl3e = virt_to_xen_l3e(virt); + if ( !pl3e ) + goto out; + ++ current_l3page = virt_to_page(pl3e); ++ L3T_LOCK(current_l3page); + ol3e = *pl3e; + + if ( cpu_has_page1gb && +@@ -5537,6 +5606,7 @@ int map_pages_to_xen( + rc = 0; + + out: ++ L3T_UNLOCK(current_l3page); + return rc; + } + +@@ -5565,6 +5635,7 @@ int modify_xen_mappings(unsigned long s, + unsigned int i; + unsigned long v = s; + int rc = -ENOMEM; ++ struct page_info *current_l3page; + + /* Set of valid PTE bits which may be altered. */ + #define FLAGS_MASK (_PAGE_NX|_PAGE_RW|_PAGE_PRESENT) +@@ -5573,11 +5644,22 @@ int modify_xen_mappings(unsigned long s, + ASSERT(IS_ALIGNED(s, PAGE_SIZE)); + ASSERT(IS_ALIGNED(e, PAGE_SIZE)); + ++ L3T_INIT(current_l3page); ++ + while ( v < e ) + { +- l3_pgentry_t *pl3e = virt_to_xen_l3e(v); ++ l3_pgentry_t *pl3e; + +- if ( !pl3e || !(l3e_get_flags(*pl3e) & _PAGE_PRESENT) ) ++ L3T_UNLOCK(current_l3page); ++ ++ pl3e = virt_to_xen_l3e(v); ++ if ( !pl3e ) ++ goto out; ++ ++ current_l3page = virt_to_page(pl3e); ++ L3T_LOCK(current_l3page); ++ ++ if ( !(l3e_get_flags(*pl3e) & _PAGE_PRESENT) ) + { + /* Confirm the caller isn't trying to create new mappings. */ + ASSERT(!(nf & _PAGE_PRESENT)); +@@ -5795,9 +5877,13 @@ int modify_xen_mappings(unsigned long s, + rc = 0; + + out: ++ L3T_UNLOCK(current_l3page); + return rc; + } + ++#undef L3T_LOCK ++#undef L3T_UNLOCK ++ + #undef flush_area + + int destroy_xen_mappings(unsigned long s, unsigned long e) diff --git a/xsa346-1.patch b/xsa346-1.patch new file mode 100644 index 0000000..cd747f7 --- /dev/null +++ b/xsa346-1.patch @@ -0,0 +1,49 @@ +IOMMU: suppress "iommu_dont_flush_iotlb" when about to free a page + +Deferring flushes to a single, wide range one - as is done when +handling XENMAPSPACE_gmfn_range - is okay only as long as +pages don't get freed ahead of the eventual flush. While the only +function setting the flag (xenmem_add_to_physmap()) suggests by its name +that it's only mapping new entries, in reality the way +xenmem_add_to_physmap_one() works means an unmap would happen not only +for the page being moved (but not freed) but, if the destination GFN is +populated, also for the page being displaced from that GFN. Collapsing +the two flushes for this GFN into just one (end even more so deferring +it to a batched invocation) is not correct. + +This is part of XSA-346. + +Fixes: cf95b2a9fd5a ("iommu: Introduce per cpu flag (iommu_dont_flush_iotlb) to avoid unnecessary iotlb... ") +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Paul Durrant <paul@xen.org> +Acked-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/common/memory.c ++++ b/xen/common/memory.c +@@ -292,6 +292,7 @@ int guest_remove_page(struct domain *d, + p2m_type_t p2mt; + #endif + mfn_t mfn; ++ bool *dont_flush_p, dont_flush; + int rc; + + #ifdef CONFIG_X86 +@@ -378,8 +379,18 @@ int guest_remove_page(struct domain *d, + return -ENXIO; + } + ++ /* ++ * Since we're likely to free the page below, we need to suspend ++ * xenmem_add_to_physmap()'s suppressing of IOMMU TLB flushes. ++ */ ++ dont_flush_p = &this_cpu(iommu_dont_flush_iotlb); ++ dont_flush = *dont_flush_p; ++ *dont_flush_p = false; ++ + rc = guest_physmap_remove_page(d, _gfn(gmfn), mfn, 0); + ++ *dont_flush_p = dont_flush; ++ + /* + * With the lack of an IOMMU on some platforms, domains with DMA-capable + * device must retrieve the same pfn when the hypercall populate_physmap diff --git a/xsa346-2.patch b/xsa346-2.patch new file mode 100644 index 0000000..783d34b --- /dev/null +++ b/xsa346-2.patch @@ -0,0 +1,203 @@ +IOMMU: hold page ref until after deferred TLB flush + +When moving around a page via XENMAPSPACE_gmfn_range, deferring the TLB +flush for the "from" GFN range requires that the page remains allocated +to the guest until the TLB flush has actually occurred. Otherwise a +parallel hypercall to remove the page would only flush the TLB for the +GFN it has been moved to, but not the one is was mapped at originally. + +This is part of XSA-346. + +Fixes: cf95b2a9fd5a ("iommu: Introduce per cpu flag (iommu_dont_flush_iotlb) to avoid unnecessary iotlb... ") +Reported-by: Julien Grall <jgrall@amazon.com> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/arch/arm/mm.c ++++ b/xen/arch/arm/mm.c +@@ -1407,7 +1407,7 @@ void share_xen_page_with_guest(struct pa + int xenmem_add_to_physmap_one( + struct domain *d, + unsigned int space, +- union xen_add_to_physmap_batch_extra extra, ++ union add_to_physmap_extra extra, + unsigned long idx, + gfn_t gfn) + { +@@ -1480,10 +1480,6 @@ int xenmem_add_to_physmap_one( + break; + } + case XENMAPSPACE_dev_mmio: +- /* extra should be 0. Reserved for future use. */ +- if ( extra.res0 ) +- return -EOPNOTSUPP; +- + rc = map_dev_mmio_region(d, gfn, 1, _mfn(idx)); + return rc; + +--- a/xen/arch/x86/mm.c ++++ b/xen/arch/x86/mm.c +@@ -4662,7 +4662,7 @@ static int handle_iomem_range(unsigned l + int xenmem_add_to_physmap_one( + struct domain *d, + unsigned int space, +- union xen_add_to_physmap_batch_extra extra, ++ union add_to_physmap_extra extra, + unsigned long idx, + gfn_t gpfn) + { +@@ -4746,9 +4746,20 @@ int xenmem_add_to_physmap_one( + rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + + put_both: +- /* In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. */ ++ /* ++ * In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. ++ * We also may need to transfer ownership of the page reference to our ++ * caller. ++ */ + if ( space == XENMAPSPACE_gmfn ) ++ { + put_gfn(d, gfn); ++ if ( !rc && extra.ppage ) ++ { ++ *extra.ppage = page; ++ page = NULL; ++ } ++ } + + if ( page ) + put_page(page); +--- a/xen/common/memory.c ++++ b/xen/common/memory.c +@@ -814,13 +814,12 @@ int xenmem_add_to_physmap(struct domain + { + unsigned int done = 0; + long rc = 0; +- union xen_add_to_physmap_batch_extra extra; ++ union add_to_physmap_extra extra = {}; ++ struct page_info *pages[16]; + + ASSERT(paging_mode_translate(d)); + +- if ( xatp->space != XENMAPSPACE_gmfn_foreign ) +- extra.res0 = 0; +- else ++ if ( xatp->space == XENMAPSPACE_gmfn_foreign ) + extra.foreign_domid = DOMID_INVALID; + + if ( xatp->space != XENMAPSPACE_gmfn_range ) +@@ -835,7 +834,10 @@ int xenmem_add_to_physmap(struct domain + xatp->size -= start; + + if ( is_iommu_enabled(d) ) ++ { + this_cpu(iommu_dont_flush_iotlb) = 1; ++ extra.ppage = &pages[0]; ++ } + + while ( xatp->size > done ) + { +@@ -847,8 +849,12 @@ int xenmem_add_to_physmap(struct domain + xatp->idx++; + xatp->gpfn++; + ++ if ( extra.ppage ) ++ ++extra.ppage; ++ + /* Check for continuation if it's not the last iteration. */ +- if ( xatp->size > ++done && hypercall_preempt_check() ) ++ if ( (++done > ARRAY_SIZE(pages) && extra.ppage) || ++ (xatp->size > done && hypercall_preempt_check()) ) + { + rc = start + done; + break; +@@ -858,6 +864,7 @@ int xenmem_add_to_physmap(struct domain + if ( is_iommu_enabled(d) ) + { + int ret; ++ unsigned int i; + + this_cpu(iommu_dont_flush_iotlb) = 0; + +@@ -866,6 +873,15 @@ int xenmem_add_to_physmap(struct domain + if ( unlikely(ret) && rc >= 0 ) + rc = ret; + ++ /* ++ * Now that the IOMMU TLB flush was done for the original GFN, drop ++ * the page references. The 2nd flush below is fine to make later, as ++ * whoever removes the page again from its new GFN will have to do ++ * another flush anyway. ++ */ ++ for ( i = 0; i < done; ++i ) ++ put_page(pages[i]); ++ + ret = iommu_iotlb_flush(d, _dfn(xatp->gpfn - done), done, + IOMMU_FLUSHF_added | IOMMU_FLUSHF_modified); + if ( unlikely(ret) && rc >= 0 ) +@@ -879,6 +895,8 @@ static int xenmem_add_to_physmap_batch(s + struct xen_add_to_physmap_batch *xatpb, + unsigned int extent) + { ++ union add_to_physmap_extra extra = {}; ++ + if ( unlikely(xatpb->size < extent) ) + return -EILSEQ; + +@@ -890,6 +908,19 @@ static int xenmem_add_to_physmap_batch(s + !guest_handle_subrange_okay(xatpb->errs, extent, xatpb->size - 1) ) + return -EFAULT; + ++ switch ( xatpb->space ) ++ { ++ case XENMAPSPACE_dev_mmio: ++ /* res0 is reserved for future use. */ ++ if ( xatpb->u.res0 ) ++ return -EOPNOTSUPP; ++ break; ++ ++ case XENMAPSPACE_gmfn_foreign: ++ extra.foreign_domid = xatpb->u.foreign_domid; ++ break; ++ } ++ + while ( xatpb->size > extent ) + { + xen_ulong_t idx; +@@ -902,8 +933,7 @@ static int xenmem_add_to_physmap_batch(s + extent, 1)) ) + return -EFAULT; + +- rc = xenmem_add_to_physmap_one(d, xatpb->space, +- xatpb->u, ++ rc = xenmem_add_to_physmap_one(d, xatpb->space, extra, + idx, _gfn(gpfn)); + + if ( unlikely(__copy_to_guest_offset(xatpb->errs, extent, &rc, 1)) ) +--- a/xen/include/xen/mm.h ++++ b/xen/include/xen/mm.h +@@ -588,8 +588,22 @@ void scrub_one_page(struct page_info *); + &(d)->xenpage_list : &(d)->page_list) + #endif + ++union add_to_physmap_extra { ++ /* ++ * XENMAPSPACE_gmfn: When deferring TLB flushes, a page reference needs ++ * to be kept until after the flush, so the page can't get removed from ++ * the domain (and re-used for another purpose) beforehand. By passing ++ * non-NULL, the caller of xenmem_add_to_physmap_one() indicates it wants ++ * to have ownership of such a reference transferred in the success case. ++ */ ++ struct page_info **ppage; ++ ++ /* XENMAPSPACE_gmfn_foreign */ ++ domid_t foreign_domid; ++}; ++ + int xenmem_add_to_physmap_one(struct domain *d, unsigned int space, +- union xen_add_to_physmap_batch_extra extra, ++ union add_to_physmap_extra extra, + unsigned long idx, gfn_t gfn); + + int xenmem_add_to_physmap(struct domain *d, struct xen_add_to_physmap *xatp, diff --git a/xsa347-1.patch b/xsa347-1.patch new file mode 100644 index 0000000..22acb7c --- /dev/null +++ b/xsa347-1.patch @@ -0,0 +1,148 @@ +AMD/IOMMU: convert amd_iommu_pte from struct to union + +This is to add a "raw" counterpart to the bitfield equivalent. Take the +opportunity and +- convert fields to bool / unsigned int, +- drop the naming of the reserved field, +- shorten the names of the ignored ones. + +This is part of XSA-347. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Paul Durrant <paul@xen.org> + +--- a/xen/drivers/passthrough/amd/iommu_map.c ++++ b/xen/drivers/passthrough/amd/iommu_map.c +@@ -38,7 +38,7 @@ static unsigned int pfn_to_pde_idx(unsig + static unsigned int clear_iommu_pte_present(unsigned long l1_mfn, + unsigned long dfn) + { +- struct amd_iommu_pte *table, *pte; ++ union amd_iommu_pte *table, *pte; + unsigned int flush_flags; + + table = map_domain_page(_mfn(l1_mfn)); +@@ -52,7 +52,7 @@ static unsigned int clear_iommu_pte_pres + return flush_flags; + } + +-static unsigned int set_iommu_pde_present(struct amd_iommu_pte *pte, ++static unsigned int set_iommu_pde_present(union amd_iommu_pte *pte, + unsigned long next_mfn, + unsigned int next_level, bool iw, + bool ir) +@@ -87,7 +87,7 @@ static unsigned int set_iommu_pte_presen + int pde_level, + bool iw, bool ir) + { +- struct amd_iommu_pte *table, *pde; ++ union amd_iommu_pte *table, *pde; + unsigned int flush_flags; + + table = map_domain_page(_mfn(pt_mfn)); +@@ -178,7 +178,7 @@ void iommu_dte_set_guest_cr3(struct amd_ + static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, + unsigned long pt_mfn[], bool map) + { +- struct amd_iommu_pte *pde, *next_table_vaddr; ++ union amd_iommu_pte *pde, *next_table_vaddr; + unsigned long next_table_mfn; + unsigned int level; + struct page_info *table; +@@ -458,7 +458,7 @@ int __init amd_iommu_quarantine_init(str + unsigned long end_gfn = + 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT); + unsigned int level = amd_iommu_get_paging_mode(end_gfn); +- struct amd_iommu_pte *table; ++ union amd_iommu_pte *table; + + if ( hd->arch.root_table ) + { +@@ -489,7 +489,7 @@ int __init amd_iommu_quarantine_init(str + + for ( i = 0; i < PTE_PER_TABLE_SIZE; i++ ) + { +- struct amd_iommu_pte *pde = &table[i]; ++ union amd_iommu_pte *pde = &table[i]; + + /* + * PDEs are essentially a subset of PTEs, so this function +--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c ++++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c +@@ -390,7 +390,7 @@ static void deallocate_next_page_table(s + + static void deallocate_page_table(struct page_info *pg) + { +- struct amd_iommu_pte *table_vaddr; ++ union amd_iommu_pte *table_vaddr; + unsigned int index, level = PFN_ORDER(pg); + + PFN_ORDER(pg) = 0; +@@ -405,7 +405,7 @@ static void deallocate_page_table(struct + + for ( index = 0; index < PTE_PER_TABLE_SIZE; index++ ) + { +- struct amd_iommu_pte *pde = &table_vaddr[index]; ++ union amd_iommu_pte *pde = &table_vaddr[index]; + + if ( pde->mfn && pde->next_level && pde->pr ) + { +@@ -557,7 +557,7 @@ static void amd_dump_p2m_table_level(str + paddr_t gpa, int indent) + { + paddr_t address; +- struct amd_iommu_pte *table_vaddr; ++ const union amd_iommu_pte *table_vaddr; + int index; + + if ( level < 1 ) +@@ -573,7 +573,7 @@ static void amd_dump_p2m_table_level(str + + for ( index = 0; index < PTE_PER_TABLE_SIZE; index++ ) + { +- struct amd_iommu_pte *pde = &table_vaddr[index]; ++ const union amd_iommu_pte *pde = &table_vaddr[index]; + + if ( !(index % 2) ) + process_pending_softirqs(); +--- a/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h ++++ b/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h +@@ -465,20 +465,23 @@ union amd_iommu_x2apic_control { + #define IOMMU_PAGE_TABLE_U32_PER_ENTRY (IOMMU_PAGE_TABLE_ENTRY_SIZE / 4) + #define IOMMU_PAGE_TABLE_ALIGNMENT 4096 + +-struct amd_iommu_pte { +- uint64_t pr:1; +- uint64_t ignored0:4; +- uint64_t a:1; +- uint64_t d:1; +- uint64_t ignored1:2; +- uint64_t next_level:3; +- uint64_t mfn:40; +- uint64_t reserved:7; +- uint64_t u:1; +- uint64_t fc:1; +- uint64_t ir:1; +- uint64_t iw:1; +- uint64_t ignored2:1; ++union amd_iommu_pte { ++ uint64_t raw; ++ struct { ++ bool pr:1; ++ unsigned int ign0:4; ++ bool a:1; ++ bool d:1; ++ unsigned int ign1:2; ++ unsigned int next_level:3; ++ uint64_t mfn:40; ++ unsigned int :7; ++ bool u:1; ++ bool fc:1; ++ bool ir:1; ++ bool iw:1; ++ unsigned int ign2:1; ++ }; + }; + + /* Paging modes */ diff --git a/xsa347-2.patch b/xsa347-2.patch new file mode 100644 index 0000000..0a2c7d8 --- /dev/null +++ b/xsa347-2.patch @@ -0,0 +1,71 @@ +AMD/IOMMU: update live PTEs atomically + +Updating a live PTE bitfield by bitfield risks the compiler re-ordering +the individual updates as well as splitting individual updates into +multiple memory writes. Construct the new entry fully in a local +variable, do the check to determine the flushing needs on the thus +established new entry, and then write the new entry by a single insn. + +Similarly using memset() to clear a PTE is unsafe, as the order of +writes the function does is, at least in principle, undefined. + +This is part of XSA-347. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Paul Durrant <paul@xen.org> + +--- a/xen/drivers/passthrough/amd/iommu_map.c ++++ b/xen/drivers/passthrough/amd/iommu_map.c +@@ -45,7 +45,7 @@ static unsigned int clear_iommu_pte_pres + pte = &table[pfn_to_pde_idx(dfn, 1)]; + + flush_flags = pte->pr ? IOMMU_FLUSHF_modified : 0; +- memset(pte, 0, sizeof(*pte)); ++ write_atomic(&pte->raw, 0); + + unmap_domain_page(table); + +@@ -57,26 +57,30 @@ static unsigned int set_iommu_pde_presen + unsigned int next_level, bool iw, + bool ir) + { ++ union amd_iommu_pte new = {}, old; + unsigned int flush_flags = IOMMU_FLUSHF_added; + +- if ( pte->pr && +- (pte->mfn != next_mfn || +- pte->iw != iw || +- pte->ir != ir || +- pte->next_level != next_level) ) +- flush_flags |= IOMMU_FLUSHF_modified; +- + /* + * FC bit should be enabled in PTE, this helps to solve potential + * issues with ATS devices + */ +- pte->fc = !next_level; ++ new.fc = !next_level; ++ ++ new.mfn = next_mfn; ++ new.iw = iw; ++ new.ir = ir; ++ new.next_level = next_level; ++ new.pr = true; ++ ++ old.raw = read_atomic(&pte->raw); ++ old.ign0 = 0; ++ old.ign1 = 0; ++ old.ign2 = 0; ++ ++ if ( old.pr && old.raw != new.raw ) ++ flush_flags |= IOMMU_FLUSHF_modified; + +- pte->mfn = next_mfn; +- pte->iw = iw; +- pte->ir = ir; +- pte->next_level = next_level; +- pte->pr = 1; ++ write_atomic(&pte->raw, new.raw); + + return flush_flags; + } diff --git a/xsa347-3.patch b/xsa347-3.patch new file mode 100644 index 0000000..a203089 --- /dev/null +++ b/xsa347-3.patch @@ -0,0 +1,58 @@ +AMD/IOMMU: ensure suitable ordering of DTE modifications + +DMA and interrupt translation should be enabled only after other +applicable DTE fields have been written. Similarly when disabling +translation or when moving a device between domains, translation should +first be disabled, before other entry fields get modified. Note however +that the "moving" aspect doesn't apply to the interrupt remapping side, +as domain specifics are maintained in the IRTEs here, not the DTE. We +also never disable interrupt remapping once it got enabled for a device +(the respective argument passed is always the immutable iommu_intremap). + +This is part of XSA-347. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Paul Durrant <paul@xen.org> + +--- a/xen/drivers/passthrough/amd/iommu_map.c ++++ b/xen/drivers/passthrough/amd/iommu_map.c +@@ -107,11 +107,18 @@ void amd_iommu_set_root_page_table(struc + uint64_t root_ptr, uint16_t domain_id, + uint8_t paging_mode, bool valid) + { ++ if ( valid || dte->v ) ++ { ++ dte->tv = false; ++ dte->v = true; ++ smp_wmb(); ++ } + dte->domain_id = domain_id; + dte->pt_root = paddr_to_pfn(root_ptr); + dte->iw = true; + dte->ir = true; + dte->paging_mode = paging_mode; ++ smp_wmb(); + dte->tv = true; + dte->v = valid; + } +@@ -134,6 +141,7 @@ void amd_iommu_set_intremap_table( + } + + dte->ig = false; /* unmapped interrupts result in i/o page faults */ ++ smp_wmb(); + dte->iv = valid; + } + +--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c ++++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c +@@ -120,7 +120,10 @@ static void amd_iommu_setup_domain_devic + /* Undo what amd_iommu_disable_domain_device() may have done. */ + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + if ( dte->it_root ) ++ { + dte->int_ctl = IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED; ++ smp_wmb(); ++ } + dte->iv = iommu_intremap; + dte->ex = ivrs_dev->dte_allow_exclusion; + dte->sys_mgt = MASK_EXTR(ivrs_dev->device_flags, ACPI_IVHD_SYSTEM_MGMT); |