- 19 Feb, 2022 27 commits
-
-
Hans van Kranenburg authored
[git-debrebase pseudomerge: stitch]
-
Hans van Kranenburg authored
[git-debrebase make-patches: export and commit patches]
-
Hans van Kranenburg authored
-
The objdump output is fed to grep, so make sure it doesn't change with different user locales and break the grep parsing. This problem was identified while updating xen in Debian and the fix is needed for generating reproducible builds in varying environments. Signed-off-by:
Maximilian Engelhardt <maxi@daemonizer.de> -
Use the solution described in [1] to replace the call to the 'date' command with a version that uses SOURCE_DATE_EPOCH if available. This is needed for reproducible builds. [1] https://reproducible-builds.org/docs/source-date-epoch/ Signed-off-by:
Maximilian Engelhardt <maxi@daemonizer.de>
[Hans van Kranenburg]
Note: this patch is submitted upstream but not committed yet. We
expect that it gets in. Otherwise, we don't wait and already have it
here because I want to have the reproducible build work completed. -
Hans van Kranenburg authored
This is something that hasn't been touched (except for making it Python 3 compatible, which failed) since 2007. Don't build or ship it. -# xenmon File "/usr/sbin/xenmon", line 680 stop_cmd = "/usr/bin/pkill -INT -z global xenbaked" TabError: inconsistent use of tabs and spaces in indentation Signed-off-by:Hans van Kranenburg <hans@knorrie.org>
-
Hans van Kranenburg authored
We have the `xen` alias for xl in Debian, since in the past it was a command that could execute either xl or xm. Now, it always does xl, so, complete the same stuff for it as we have for xl. Signed-off-by: -
If LIBEXEC_LIB is not on the default linker search path, the python fsimage.so module fails to find libfsimage.so. Add the relevant directory to the rpath explicitly. (This situation occurs in the Debian package, where --with-libexec-libdir is used to put each Xen version's libraries and utilities in their own directory, to allow them to be coinstalled.) Signed-off-by:
Ian Jackson <ian.jackson@citrix.com> -
We install libfsimage in a non-standard path for Reasons. (See debian/rules.) This patch was originally part of `tools-pygrub-prefix.diff' (eg commit 51657319 ) and included changes to the Makefile to change the installation arrangements (we do that part in the rules now since that is a lot less prone to conflicts when we update) and to shared library rpath (which is now done in a separate patch). (Commit message rewritten by Ian Jackson.) Signed-off-by:
Ian Jackson <ian.jackson@citrix.com>
squash! pygrub: Set sys.path and rpath -
This is in the upstream script because on non-Debian systems, the default install locations in /usr/local/lib might not be on the linker path, and as a result the hotplug scripts would break. A reason we might need it in Debian is our multiple version coinstallation scheme. However, the hotplug scripts all call the utilities via the wrappers, and the binaries are configured to load from the right place anyway. This setting is an annoyance because it requires libdir, which is an arch-specific path but comes from a file we want to put in xen-utils-common, an arch:all package. So drop this setting. Signed-off-by:Ian Jackson <ian.jackson@citrix.com> -
Hans van Kranenburg authored
Strip all options that are for stuff we don't ship, which is 1) xenstored as stubdom and 2) the new options for oom score and open file descriptor limit, which would not have any effect, because we're shipping different init scripts... :| It seems useful to give the user the option to revert to xenstored instead of the default oxenstored if they really want. Signed-off-by:
Ian Jackson <ijackson@chiark.greenend.org.uk> -
Hans van Kranenburg authored
Also see Debian bug #894013. The current attempt at providing anti-spoofing rules results in a situation that does not have any effect. Also note that forwarding bridged traffic to iptables is not enabled by default, and that for openvswitch users it does not make any sense. So, stop cluttering the live iptables ruleset. This functionality seems to be introduced before 2004 and since then it has never got some additional love. It would be nice to have a proper discussion upstream about how Xen could provide some anti mac/ip spoofing in the dom0. It does not seem to be a trivial thing to do, since it requires having quite some knowledge about what the domU is allowed to do or not (e.g. a domU can be a router...). Signed-off-by: -
This manpage was omitted from docs/man: Provide properly-formatted NAME sections because I was previously building with markdown not installed. Signed-off-by:Ian Jackson <ian.jackson@citrix.com> -
When building on a 32-bit userland, the user wants to build 32-bit tools and a 64-bit hypervisor. This involves setting XEN_TARGET_ARCH to different values for the tools build and the hypervisor build. So the user must invoke the tools build and the hypervisor build separately. However, although the shim is done by the tools/firmware Makefile, its bitness needs to be the same as the hypervisor, not the same as the tools. When run with XEN_TARGET_ARCH=x86_32, it it skipped, which is wrong. So the user must invoke the shim build separately. This can be done with make -C tools/firmware/xen-dir XEN_TARGET_ARCH=x86_64 However, tools/firmware/xen-dir has no `install' target. The installation of all `firmware' is done in tools/firmware/Makefile. It might be possible to fix this, but it is not trivial. For example, the definitions of INST_DIR and DEBG_DIR would need to be copied, as would an appropriate $(INSTALL_DIR) call. For now, provide an `install-shim' target in tools/firmware/Makefile. This has to be called from `install' of course. We can't make it a dependency of `install' because it might be run before `all' has completed. We could make it depend on a `shim' target but such a target is nearly impossible to write because everything is done by the inflexible subdir-$@ machinery. The overally result of this patch is that existing make invocations work as before. But additionally, the user can say make -C tools/firmware install-shim XEN_TARGET_ARCH=x86_64 to install the shim. The user must have built it already. Unlike the build rune, this install-rune is properly conditional so it is OK to call on ARM. What a mess. Signed-off-by:Ian Jackson <ijackson@chiark.greenend.org.uk> -
This makes it easier to disable the shim build. (In Debian we need to build the shim separately because it needs different compiler flags). Signed-off-by:
Ian Jackson <ijackson@chiark.greenend.org.uk>
[ Hans: adjust from tools/firmware/Makefile to config/Tools.mk.in to
follow changes that happened in 8845155c
("pvshim: make PV shim build
selectable from configure") ]
Signed-off-by: -
Signed-off-by:Ian Jackson <ian.jackson@citrix.com> -
This is going to be used to put libfsimage.so into a path containing the multiarch triplet. Signed-off-by:Ian Jackson <ian.jackson@citrix.com> -
Hans van Kranenburg authored
\o/
-
Signed-off-by:Ian Jackson <ian.jackson@citrix.com> -
Patch-Name: tools-pygrub-remove-static-solaris-support Gbp-Pq: Topic misc Gbp-Pq: Name tools-pygrub-remove-static-solaris-support
-
This is not wanted in Debian. COPYING ends up in /usr/share/doc/xen-*copyright. Patch-Name: tools-include-no-COPYING.diff Signed-off-by:Ian Jackson <ian.jackson@citrix.com> -
Patch-Name: config-prefix.diff Gbp-Pq: Topic prefix-abiname Gbp-Pq: Name config-prefix.diff
-
During hypervisor boot, disable the banner and nicely display the xen version as well as the Maintainer address from debian/control. For this to work the SOURCE_BASE_DIR variable needs to be set by the build system to the top directory, i.e. where the debian folder is. Original patch by Bastian Blank <waldi@debian.org> Modified by Hans van Kranenburg <hans@knorrie.org> Maximilian Engelhardt <maxi@daemonizer.de>
-
These autogenerated files are not useful in Debian; dh_autoreconf will regenerate them. If this patch does not apply when rebasing, you can simply delete the files again. Signed-off-by:Ian Jackson <ian.jackson@citrix.com> -
dh_autoreconf will provide these back. If this patch does not apply when rebasing, you can simply delete the files again. Signed-off-by:Ian Jackson <ian.jackson@citrix.com> -
Hans van Kranenburg authored
[git-debrebase changelog: new upstream 4.16.0+51-g0941d6cb]
-
Hans van Kranenburg authored
[git-debrebase anchor: new upstream 4.16.0+51-g0941d6cb, merge]
-
- 17 Feb, 2022 1 commit
-
-
Hans van Kranenburg authored
[git-debrebase pseudomerge: quick]
-
- 16 Feb, 2022 5 commits
-
-
Jan Beulich authored
Element size for this opcode depends on EVEX.W, not the low opcode bit. Make use of AVX512BW being a prereq to AVX512_BITALG and move the case label there, adding an AVX512BW feature check. Signed-off-by:
Jan Beulich <jbeulich@suse.com> Reviewed-by:
Andrew Cooper <andrew.cooper3@citrix.com> master commit: eddf13b5e9401f6871dcce1ce61c80cff62079ed master date: 2022-02-14 10:08:38 +0100
-
Anthony PERARD authored
Some libs' Makefile aren't loading the dependencies files *.d2. We can load them from "libs.mk" as none of the Makefile here are changing $(DEPS) or $(DEPS_INCLUDE) so it is fine to move the "include" to "libs.mk". As a little improvement, don't load the dependencies files (and thus avoid regenerating the *.d2 files) during `make clean`. Signed-off-by:
Anthony PERARD <anthony.perard@citrix.com> Reviewed-by:
Juergen Gross <jgross@suse.com> master commit: e62cc29f9b6c42b67182a1362e2ea18bad75b5ff master date: 2022-02-08 11:15:53 +0000
-
Anthony PERARD authored
Exporting a variable with a dash doesn't work reliably, they may be striped from the environment when calling a sub-make or sub-shell. CFLAGS-stack-boundary start to be removed from env in patch "build: set ALL_OBJS in main Makefile; move prelink.o to main Makefile" when running `make "ALL_OBJS=.."` due to the addition of the quote. At least in my empirical tests. Fixes: 2740d96e ("xen/build: have the root Makefile generates the CFLAGS") Signed-off-by:
-
Roger Pau Monné authored
By writing an empty "hotplug-status" xenstore node in the backend path libxl can force Linux netback to wait for hotplug script execution before proceeding to the 'connected' state. This is required so that netback doesn't skip state 2 (InitWait) and thus blocks libxl waiting for such state in order to launch the hotplug script (see libxl__wait_device_connection). Reported-by:
James Dingwall <james-xen@dingwall.me.uk> Signed-off-by:
Roger Pau Monné <roger.pau@citrix.com> Tested-by:
Paul Durrant <paul@xen.org> Tested-by:
Julien Grall <jgrall@amazon.com> Reviewed-by:
Wei Liu <wei.liu@kernel.org> master commit: 0bdc43c8dec993258e930b34855853c22b917519 master date: 2022-01-27 13:51:19 +0100
-
Dario Faggioli authored
If we are in libxl_list_vcpu() and we are returning NULL, let's avoid touching the output parameter *nr_vcpus_out, which the caller should have initialized to 0. The current behavior could be problematic if are creating a domain and, in the meantime, an existing one is destroyed when we have already done some steps of the loop. At which point, we'd return a NULL list of vcpus but with something different than 0 as the number of vcpus in that list. And this can cause troubles in the callers (e.g., nr_vcpus_on_nodes()), when they do a libxl_vcpuinfo_list_free(). Crashes due to this are rare and difficult to reproduce, but have been observed, with stack traces looking like this one: #0 libxl_bitmap_dispose (map=map@entry=0x50) at libxl_utils.c:626 #1 0x00007fe72c993a32 in libxl_vcpuinfo_dispose (p=p@entry=0x38) at _libxl_types.c:692 #2 0x00007fe72c94e3c4 in libxl_vcpuinfo_list_free (list=0x0, nr=<optimized out>) at libxl_utils.c:1059 #3 0x00007fe72c9528bf in nr_vcpus_on_nodes (vcpus_on_node=0x7fe71000eb60, suitable_cpumap=0x7fe721df0d38, tinfo_elements=48, tinfo=0x7fe7101b3900, gc=0x7fe7101bbfa0) at libxl_numa.c:258 #4 libxl__get_numa_candidate (gc=gc@entry=0x7fe7100033a0, min_free_memkb=4233216, min_cpus=4, min_nodes=min_nodes@entry=0, max_nodes=max_nodes@entry=0, suitable_cpumap=suitable_cpumap@entry=0x7fe721df0d38, numa_cmpf=0x7fe72c940110 <numa_cmpf>, cndt_out=0x7fe721df0cf0, cndt_found=0x7fe721df0cb4) at libxl_numa.c:394 #5 0x00007fe72c94152b in numa_place_domain (d_config=0x7fe721df11b0, domid=975, gc=0x7fe7100033a0) at libxl_dom.c:209 #6 libxl__build_pre (gc=gc@entry=0x7fe7100033a0, domid=domid@entry=975, d_config=d_config@entry=0x7fe721df11b0, state=state@entry=0x7fe710077700) at libxl_dom.c:436 #7 0x00007fe72c92c4a5 in libxl__domain_build (gc=0x7fe7100033a0, d_config=d_config@entry=0x7fe721df11b0, domid=975, state=0x7fe710077700) at libxl_create.c:444 #8 0x00007fe72c92de8b in domcreate_bootloader_done (egc=0x7fe721df0f60, bl=0x7fe7100778c0, rc=<optimized out>) at libxl_create.c:1222 #9 0x00007fe72c980425 in libxl__bootloader_run (egc=egc@entry=0x7fe721df0f60, bl=bl@entry=0x7fe7100778c0) at libxl_bootloader.c:403 #10 0x00007fe72c92f281 in initiate_domain_create (egc=egc@entry=0x7fe721df0f60, dcs=dcs@entry=0x7fe7100771b0) at libxl_create.c:1159 #11 0x00007fe72c92f456 in do_domain_create (ctx=ctx@entry=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, restore_fd=restore_fd@entry=-1, send_back_fd=send_back_fd@entry=-1, params=params@entry=0x0, ao_how=0x0, aop_console_how=0x7fe721df10f0) at libxl_create.c:1856 #12 0x00007fe72c92f776 in libxl_domain_create_new (ctx=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, ao_how=ao_how@entry=0x0, aop_console_how=aop_console_how@entry=0x7fe721df10f0) at libxl_create.c:2075 Signed-off-by:
Dario Faggioli <dfaggioli@suse.com> Tested-by:
James Fehlig <jfehlig@suse.com> Reviewed-by:
-
- 08 Feb, 2022 6 commits
-
-
Andrew Cooper authored
The Feb 2022 microcode from Intel retrofits AMD's MSR_SPEC_CTRL.PSFD interface to Sunny Cove (IceLake) and later cores. Update the MSR_SPEC_CTRL emulation, and expose it to guests. Signed-off-by:
-
Andrew Cooper authored
While in principle it would be nice to keep leaf 7 in order, that would involve having an extra 5 words of zeros in a featureset. Signed-off-by:
-
Andrew Cooper authored
This MSR needs to be identical across the system for TSX to have identical behaviour everywhere. Furthermore, its CPUID bit (SRBDS_CTRL) shouldn't be visible to guests. Signed-off-by:
-
Andrew Cooper authored
The February 2022 microcode is formally de-featuring TSX on the TAA-impacted client CPUs. The backup TAA mitigation (VERW regaining its flushing side effect) is being dropped, meaning that `smt=0 spec-ctrl=md-clear` no longer protects against TAA on these parts. The new functionality enumerates itself via the RTM_ALWAYS_ABORT CPUID bit (the same as June 2021), but has its control in MSR_MCU_OPT_CTRL as opposed to MSR_TSX_FORCE_ABORT. TSX now defaults to being disabled on ucode load. Furthermore, if SGX is enabled in the BIOS, TSX is locked and cannot be re-enabled. In this case, override opt_tsx to 0, so the RTM/HLE CPUID bits get hidden by default. While updating the command line documentation, take the opportunity to add a paragraph explaining what TSX being disabled actually means, and how migration compatibility works. Signed-off-by:
-
Andrew Cooper authored
We are about to introduce a second path which needs to conditionally force the presence of RTM_ALWAYS_ABORT. No functional change. Signed-off-by:
-
Andrew Cooper authored
Introduce cpu_has_srbds_ctrl as more users are going to appear shortly. MSR_MCU_OPT_CTRL is gaining extra functionality, meaning that the current default_xen_mcu_opt_ctrl is no longer a good fit. Introduce two new helpers, update_mcu_opt_ctrl() which does a full RMW cycle on the MSR, and set_in_mcu_opt_ctrl() which lets callers configure specific bits at a time without clobbering each others settings. No functional change. Signed-off-by:
-
- 04 Feb, 2022 1 commit
-
-
Jan Beulich authored
Signed-off-by:
-
