diff options
| author | David Sutton | 2015-07-04 21:48:19 -0500 |
|---|---|---|
| committer | David Sutton | 2015-07-04 21:48:19 -0500 |
| commit | 13da07df55f234b0f3b8ae8cdb03b753d8768b14 (patch) | |
| tree | 02acdd00082d080db10476fdff9e9d7d073df02e | |
| download | aur-13da07df55f234b0f3b8ae8cdb03b753d8768b14.tar.gz | |
Initial import
| -rw-r--r-- | .SRCINFO | 128 | ||||
| -rw-r--r-- | 09_xen | 230 | ||||
| -rw-r--r-- | ChangeLog | 115 | ||||
| -rw-r--r-- | PKGBUILD | 239 | ||||
| -rw-r--r-- | ati-passthrough.patch | 415 | ||||
| -rw-r--r-- | conf.d-xenconsoled | 14 | ||||
| -rw-r--r-- | conf.d-xenstored | 2 | ||||
| -rw-r--r-- | disable-bluez.patch | 21 | ||||
| -rw-r--r-- | etherboot-gcc5.patch | 40 | ||||
| -rw-r--r-- | gcc5.patch | 10 | ||||
| -rw-r--r-- | grub.conf | 3 | ||||
| -rw-r--r-- | proc-xen.mount | 9 | ||||
| -rw-r--r-- | seabios-gcc5.patch | 28 | ||||
| -rw-r--r-- | tmpfiles.d-xen.conf | 2 | ||||
| -rw-r--r-- | var-lib-xenstored.mount | 10 | ||||
| -rw-r--r-- | xen-gcc5.patch | 11 | ||||
| -rw-r--r-- | xen.conf | 19 | ||||
| -rw-r--r-- | xen.install | 73 | ||||
| -rw-r--r-- | xenconsoled.service | 18 | ||||
| -rw-r--r-- | xendomU@.service | 12 | ||||
| -rw-r--r-- | xendomains.service | 15 | ||||
| -rw-r--r-- | xenstored.service | 21 | ||||
| -rw-r--r-- | xsa133-qemut.patch | 80 | ||||
| -rw-r--r-- | xsa133-qemuu.patch | 84 |
24 files changed, 1599 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..7fdd56852ce1 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,128 @@ +pkgbase = xen-4.4 + pkgdesc = Virtual Machine Hypervisor & Tools + pkgver = 4.4.2 + pkgrel = 3 + url = http://www.xenproject.org/ + install = xen.install + changelog = ChangeLog + arch = i686 + arch = x86_64 + license = GPL2 + makedepends = cmake + makedepends = dev86 + makedepends = git + makedepends = iasl + makedepends = markdown + makedepends = ocaml-findlib + depends = bin86 + depends = bridge-utils + depends = curl + depends = gnutls + depends = iproute2 + depends = libaio + depends = libcap-ng + depends = libiscsi + depends = libjpeg-turbo + depends = libpng + depends = libseccomp + depends = lzo2 + depends = nss + depends = pixman + depends = pciutils + depends = python + depends = python2 + depends = sdl + depends = wget + depends = vde2 + depends = yajl + optdepends = xen-docs: Official Xen Documentation + optdepends = openvswitch: Optional Networking support + conflicts = xen + conflicts = xen-4.2 + conflicts = xen-4.2-testing-hg + conflicts = xen-gdbsx + conflicts = xen-hg-unstable + conflicts = xen-rc + conflicts = xen-git + conflicts = xen-4.3 + conflicts = xen-4.3-testing-hg + noextract = lwip-1.3.0.tar.gz + noextract = zlib-1.2.3.tar.gz + noextract = newlib-1.16.0.tar.gz + noextract = pciutils-2.2.9.tar.bz2 + noextract = polarssl-1.1.4-gpl.tgz + noextract = grub-0.97.tar.gz + noextract = tpm_emulator-0.7.4.tar.gz + noextract = gmp-4.3.2.tar.bz2 + noextract = ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz + options = !buildflags + options = !strip + backup = etc/modules-load.d/xen.conf + backup = etc/xen/xl.conf + backup = etc/conf.d/xenstored + backup = etc/conf.d/xenconsoled + backup = etc/conf.d/xendomains + backup = etc/conf.d/xencommons + backup = etc/xen/grub.conf + source = http://bits.xensource.com/oss-xen/release/4.4.2/xen-4.4.2.tar.gz + source = http://xenbits.xen.org/xen-extfiles/ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz + source = http://xenbits.xen.org/xen-extfiles/lwip-1.3.0.tar.gz + source = http://xenbits.xen.org/xen-extfiles/zlib-1.2.3.tar.gz + source = http://xenbits.xen.org/xen-extfiles/newlib-1.16.0.tar.gz + source = http://xenbits.xen.org/xen-extfiles/pciutils-2.2.9.tar.bz2 + source = http://xenbits.xen.org/xen-extfiles/polarssl-1.1.4-gpl.tgz + source = http://xenbits.xen.org/xen-extfiles/grub-0.97.tar.gz + source = http://xenbits.xen.org/xen-extfiles/tpm_emulator-0.7.4.tar.gz + source = http://xenbits.xen.org/xen-extfiles/gmp-4.3.2.tar.bz2 + source = xen.install + source = 09_xen + source = ati-passthrough.patch + source = disable-bluez.patch + source = etherboot-gcc5.patch + source = gcc5.patch + source = gnutls-3.4.0.patch::http://git.alpinelinux.org/cgit/aports/plain/main/xen/gnutls-3.4.0.patch?id=628f27939412a7d6fb67734bd644119a1f49463a + source = seabios-gcc5.patch + source = xsa133-qemut.patch + source = xsa133-qemuu.patch + source = proc-xen.mount + source = var-lib-xenstored.mount + source = xenconsoled.service + source = conf.d-xenconsoled + source = xendomains.service + source = xendomU@.service + source = xenstored.service + source = conf.d-xenstored + source = tmpfiles.d-xen.conf + source = grub.conf + source = xen.conf + sha256sums = cd53592e86669e5e8c4d4a731b0199e8af17d8eadbb8f26dbb69f1b751259204 + sha256sums = 632ce8c193ccacc3012bd354bdb733a4be126f7c098e111930aa41dad537405c + sha256sums = 772e4d550e07826665ed0528c071dd5404ef7dbe1825a38c8adbc2a00bca948f + sha256sums = 1795c7d067a43174113fdf03447532f373e1c6c57c08d61d9e4e9be5e244b05e + sha256sums = db426394965c48c1d29023e1cc6d965ea6b9a9035d8a849be2750ca4659a3d07 + sha256sums = f60ae61cfbd5da1d849d0beaa21f593c38dac9359f0b3ddc612f447408265b24 + sha256sums = 2d29fd04a0d0ba29dae6bd29fb418944c08d3916665dcca74afb297ef37584b6 + sha256sums = 4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b + sha256sums = 4e48ea0d83dd9441cc1af04ab18cd6c961b9fa54d5cbf2c2feee038988dea459 + sha256sums = 936162c0312886c21581002b79932829aa048cfaf9937c6265aeaa14f1cd1775 + sha256sums = d80117b187f2c607f53fcfc012e871b2f1c15fbb44f38728b1a29fa9e3f0808b + sha256sums = 06c9f6140f7ef4ccfc4b1a7d9732a673313e269733180f53afcd9e43bf6c26bb + sha256sums = d93c2d5bcdf0c3e4c6e8efb357cb4b9d618209025361f5ccd9d03651a8acd7a3 + sha256sums = 0ba03980b4d300fea3f8bbe47b188a491ddf871246e5bd214b1ed15e971324d2 + sha256sums = e25d38376e22f6f935d2c0ce1b9d6e6b47ff261b5e6056bc3b47168739d7a992 + sha256sums = e7ca0106a9d4bfe472b3b52bbed8646b47305634ff16c3e17ed6185296a7e7ff + sha256sums = 0cbc0415ef63bc195a0338441f3770d9fe6741e894879e35d1a6609ad028e42f + sha256sums = 139eed988bfaf8edc8ccdfd0b668382bd63db48ce17be91776182a7e28e9d88c + sha256sums = c19146931c6ab8e53092bd9b2ebbfda5c76fd22ad3b1d42dcda3dd1b61f123ff + sha256sums = e4af7891e816b9549ebeff766a78036626c0e278734e5625b8e7d68729530ded + sha256sums = 48d76cc6f25caa79b3f527c96a0883b1decb9012f6616f61336c8d43791bf007 + sha256sums = 0bd45d9de6456c4f9adf32e726f2db3a3cd0423c1d161b442e8a1666d2e68e3f + sha256sums = 012cc60ffdcb0e061d04d404eb9232734554aef4dc4b551f66adf82a655e6e41 + sha256sums = 633d334c55395fac3f16dbe56dd7b7524d560b513d1895b53c89943033a45f39 + sha256sums = 0e1ad0a6a72b0c22025a556c23235a8f663427f1e769c45fe39d1c525bf82eff + sha256sums = 40e0760810a49f925f2ae9f986940b40eba477dc6d3e83a78baaae096513b3cf + sha256sums = 3f0af16958c3e057b9baa5afc47050d9adf7dd553274dd97ae4f35938fefb568 + sha256sums = 50a9b7fd19e8beb1dea09755f07318f36be0b7ec53d3c9e74f3266a63e682c0c + +pkgname = xen-4.4 + diff --git a/09_xen b/09_xen new file mode 100644 index 000000000000..59ac88ac48fe --- /dev/null +++ b/09_xen @@ -0,0 +1,230 @@ +#!/usr/bin/env bash + +## +## grub-mkconfig helper script specific to Arch Linux +## Contributed by "Keshav Amburay" <the ddoott ridikulus ddoott rat aatt geemmayil ddoott ccoomm> +## Updated on 08 February 2014 +## +## Script based on do_grub_config() function in Arch Linux Archboot ISO Installer/Setup script +## Some parts taken from /etc/grub.d/10_linux script shipped by GRUB(2) upstream +## +## This script can be freely distributed and/or modified +## under the terms of the GNU General Public License as published by +## the Free Software Foundation, either version 3 of the License, or +## (at your option) any later version. +## +## This script is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +## Adapted for use with the xen AUR package, to ensure feature comparity +## Modified by "David Sutton" <kantras - gmail com> + +_FUNC_GRUB_FILE_PRESENT() { + + [[ -z "${GRUB_PLATFORM}" ]] && GRUB_PLATFORM="x86" + + if [[ "${GRUB_PLATFORM}" == "x86" ]]; then + check="--is-x86-linux32" + elif [[ "${GRUB_PLATFORM}" == "i386-xen-pae" ]]; then + check="--is-i386-xen-pae-domu" + elif [[ "${GRUB_PLATFORM}" == "x86_64-xen" ]]; then + check="--is-x86_64-xen-domu" + else + check="--is-${GRUB_PLATFORM}-linux" + fi + + case "${GRUB_PLATFORM}" in + x86) + list="$(for i in "${GRUB_ROOT}"/boot/vmlinuz-linux* ; do + if grub_file_is_not_garbage "${i}" && "${grub_file}" ${check} "${i}" ; then echo -n "${i} " ; fi + done)" ;; + *) + list="$(for i in "${GRUB_ROOT}"/boot/vmlinuz-linux* ; do + if grub_file_is_not_garbage "${i}" && "${grub_file}" ${check} "${i}" ; then echo -n "${i} " ; fi + done)" ;; + esac +} + +set -e + +prefix="/usr" +exec_prefix="${prefix}" +datarootdir="/usr/share" +datadir="${datarootdir}" +sysconfdir="/etc" + +. "${datarootdir}/grub/grub-mkconfig_lib" + +. "${sysconfdir}/default/grub" + +export XEN_HYPERVISOR_CMDLINE="xsave=1" +export XEN_LINUX_CMDLINE="console=tty0" + +[[ -r "${sysconfdir}/xen/grub.conf" ]] && . "${sysconfdir}/xen/grub.conf" + +[[ -z "${XEN_LINUX_CMDLINE_OVERRIDE}" ]] && XEN_LINUX_CMDLINE_OVERRIDE="0" + +export TEXTDOMAIN="grub" +export TEXTDOMAINDIR="${datarootdir}/locale" + +CLASS="--class xen --class arch-linux --class arch --class gnu-linux --class gnu --class os" + +[[ "${grub_file}" != "" ]] && _FUNC_GRUB_FILE_PRESENT + +BOOT_PART_FS_UUID="$(${grub_probe} --target="fs_uuid" "/boot" 2>/dev/null)" +BOOT_PART_HINTS_STRING="$(${grub_probe} --target="hints_string" "/boot" 2>/dev/null || true)" +BOOT_PART_FS="$(${grub_probe} --target="fs" "/boot" 2>/dev/null)" + +ROOT_PART_GRUB_DEVICE="$(${grub_probe} --target=device / || true)" +ROOT_PART_FS="$(${grub_probe} --device ${ROOT_PART_GRUB_DEVICE} --target=fs 2> /dev/null || echo "unknown")" + +if [[ "${GRUB_LINUX_ROOT_DEVICE}" == "" ]]; then + + case "${ROOT_PART_FS}" in + btrfs) + rootsubvol="$(make_system_path_relative_to_its_root /)" + rootsubvol="${rootsubvol#/}" + if [[ "${rootsubvol}" != "" ]]; then + GRUB_LINUX_ROOT_DEVICE="subvol=${rootsubvol}" + fi + ;; + zfs) + rpool="$(${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true)" + bootfs="$(make_system_path_relative_to_its_root / | sed -e "s,@$,,")" + GRUB_LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs}" + ;; + esac + + if [[ "${GRUB_DEVICE_UUID}" == "" ]] || \ + [[ "${GRUB_DISABLE_LINUX_UUID}" == "true" ]] || \ + [[ ! -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" ]] || \ + uses_abstraction "${GRUB_DEVICE}" lvm ; then + GRUB_LINUX_ROOT_DEVICE="${GRUB_DEVICE}" + else + GRUB_LINUX_ROOT_DEVICE="UUID=${GRUB_DEVICE_UUID}" + fi +fi + +[[ "${GRUB_LINUX_PARAMS}" == "" ]] && GRUB_LINUX_PARAMS="${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" +if [[ "${XEN_LINUX_CMDLINE_OVERRIDE}" == "0" ]]; then + GRUB_LINUX_PARAMS="${GRUB_LINUX_PARAMS} ${XEN_LINUX_CMDLINE}" +else + GRUB_LINUX_PARAMS="${XEN_LINUX_CMDLINE}" +fi + +xen_list=`for i in /boot/xen-*.gz /xen-*.gz ; do + if grub_file_is_not_garbage "$i" ; then echo -n "$i "; fi +done` + +while [ "x$xen_list" != "x" ] ; do + xen=`version_find_latest $xen_list` + echo "Found Xen hypervisor image: $xen" >&2 + XEN_BASENAME=`basename $xen` + XEN_VERSION=`echo $XEN_BASENAME | sed -e "s,^[^0-9]*-,,g" | sed -e "s,.gz,,g"` + + for _KERNEL_ in ${list} ; do + + echo "Found linux image: ${_KERNEL_}" >&2 + + basename="$(basename "${_KERNEL_}")" + dirname="$(dirname "${_KERNEL_}")" + REAL_DIR="$(make_system_path_relative_to_its_root "${dirname}")" + + _KERNEL_FILE_="$(echo ${_KERNEL_} | sed 's,/boot/,,g')" + _KERNEL_PKG_="pkg-$(echo ${_KERNEL_FILE_} | sed 's,vmlinuz-,,g')" + + _INITRAMFS_="${_KERNEL_FILE_/vmlinuz-/initramfs-}.img" + + if [[ -e "/boot/${_INITRAMFS_}" ]]; then + + echo "Found initramfs image: /boot/${_INITRAMFS_}" >&2 + + cat << EOF + +menuentry "Xen ${XEN_VERSION} / Arch Linux ${_KERNEL_PKG_} kernel" ${CLASS} { + $(save_default_entry) + if [ x\$feature_all_video_module = xy ]; then + insmod all_video + fi + set gfxpayload=keep + insmod ${BOOT_PART_FS} + if [ x\$feature_platform_search_hint = xy ]; then + search --no-floppy --fs-uuid --set=root ${BOOT_PART_HINTS_STRING} ${BOOT_PART_FS_UUID} + else + search --no-floppy --fs-uuid --set=root ${BOOT_PART_FS_UUID} + fi + echo '$(printf "Loading Xen %s ..." ${XEN_VERSION})' + multiboot ${REAL_DIR}/${XEN_BASENAME} ${REAL_DIR}/${XEN_BASENAME} ${XEN_HYPERVISOR_CMDLINE} + echo 'Loading Arch Linux ${_KERNEL_PKG_} kernel ...' + module ${REAL_DIR}/${_KERNEL_FILE_} ${REAL_DIR}/${_KERNEL_FILE_} root=${GRUB_LINUX_ROOT_DEVICE} rw ${GRUB_LINUX_PARAMS} + echo 'Loading Arch Linux ${_KERNEL_PKG_} kernel initramfs ...' + module ${REAL_DIR}/${_INITRAMFS_} +} + +EOF + fi + + _INITRAMFS_FALLBACK_="${_KERNEL_FILE_/vmlinuz-/initramfs-}-fallback.img" + + if [[ -e "/boot/${_INITRAMFS_FALLBACK_}" ]]; then + + echo "Found fallback initramfs image: /boot/${_INITRAMFS_FALLBACK_}" >&2 + + cat << EOF + +menuentry "Xen ${XEN_VERSION} / Arch Linux ${_KERNEL_PKG_} kernel (fallback initramfs)" ${CLASS} { + $(save_default_entry) + if [ x\$feature_all_video_module = xy ]; then + insmod all_video + fi + set gfxpayload=keep + insmod ${BOOT_PART_FS} + if [ x\$feature_platform_search_hint = xy ]; then + search --no-floppy --fs-uuid --set=root ${BOOT_PART_HINTS_STRING} ${BOOT_PART_FS_UUID} + else + search --no-floppy --fs-uuid --set=root ${BOOT_PART_FS_UUID} + fi + echo '$(printf "Loading Xen %s ..." ${XEN_VERSION})' + multiboot ${REAL_DIR}/${XEN_BASENAME} ${REAL_DIR}/${XEN_BASENAME} ${XEN_HYPERVISOR_CMDLINE} + echo 'Loading Arch Linux ${_KERNEL_PKG_} kernel ...' + module ${REAL_DIR}/${_KERNEL_FILE_} ${REAL_DIR}/${_KERNEL_FILE_} root=${GRUB_LINUX_ROOT_DEVICE} rw ${GRUB_LINUX_PARAMS} + echo 'Loading Arch Linux ${_KERNEL_PKG_} kernel fallback initramfs ...' + module ${REAL_DIR}/${_INITRAMFS_FALLBACK_} +} + +EOF + fi + + if [[ ! -e "/boot/${_INITRAMFS_}" ]] && [[ ! -e "/boot/${_INITRAMFS_FALLBACK_}" ]]; then + cat << EOF + +menuentry "Xen ${XEN_VERSION} / Arch Linux ${_KERNEL_PKG_} kernel (no initramfs)" ${CLASS} { + $(save_default_entry) + if [ x\$feature_all_video_module = xy ]; then + insmod all_video + fi + set gfxpayload=keep + insmod ${BOOT_PART_FS} + if [ x\$feature_platform_search_hint = xy ]; then + search --no-floppy --fs-uuid --set=root ${BOOT_PART_HINTS_STRING} ${BOOT_PART_FS_UUID} + else + search --no-floppy --fs-uuid --set=root ${BOOT_PART_FS_UUID} + fi + echo '$(printf "Loading Xen %s ..." ${XEN_VERSION})' + multiboot ${REAL_DIR}/${XEN_BASENAME} ${REAL_DIR}/${XEN_BASENAME} ${XEN_HYPERVISOR_CMDLINE} + echo 'Loading Arch Linux ${_KERNEL_PKG_} kernel ...' + module ${REAL_DIR}/${_KERNEL_FILE_} ${REAL_DIR}/${_KERNEL_FILE_} root=${GRUB_LINUX_ROOT_DEVICE} rw ${GRUB_LINUX_PARAMS} +} + +EOF + fi + + done + + xen_list=`echo $xen_list | tr ' ' '\n' | grep -vx $xen | tr '\n' ' '` +done + + diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 000000000000..73192bc9f642 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,115 @@ +2015-07-04 David Sutton <kantras - gmail.com> + * 4.4-4.4.2-3: + Added in patches to support compiling under GCC 5 + +2015-05-15 David Sutton <kantras - gmail.com> + * 4.4-4.4.2-2: + Added security patches for XSA 133 ( CVE-2015-3456 ) + +2015-05-05 David Sutton <kantras - gmail.com> + * 4.4-4.4.2-1: + New upstream release + Added gnutls patch to allow compiling + Added quotes to some of the $srcdir references + +2015-03-01 David Sutton <kantras - gmail.com> + * 4.4-4.4.1-1: + Moved to xen-4.4 as xen package is now at 4.5 + Initial release + +2014-10-12 David Sutton <kantras - gmail.com> + * 4.4.1-2: + Added XSA 104, 105, 106, 107 and 108 security patches + Added .config to resolve compile issues where /etc/sysconfig exists + +2014-09-04 David Sutton <kantras - gmail.com> + * 4.4.1-1: + New Upstream release + Cleared out unnecessary patches (security, gcc compile and pit) + +2014-06-22 David Sutton <kantras - gmail.com> + * 4.4.0-6: + Added additional patch to support XSA 100 on AMD platform + +2014-06-17 David Sutton <kantras - gmail.com> + * 4.4.0-5: + Added XSA 96 and 100 security patches + Added patch to explictly disable searching for bluez libs + Cleaned up PKGBUILD + +2014-05-17 David Sutton <kantras - gmail.com> + * 4.4.0-4: + Added patch to fix shutdown issues with pvh domains + +2014-05-01 David Sutton <kantras - gmail.com> + * 4.4.0-3: + Added XSA 92 Security patch + Added fix for compiling under GCC 4.9.0 (From Fedora Rawhide SRPM) + Added updates to 09_xen to closer match system 10_linux + +2014-03-11 David Sutton <kantras - gmail.com> + * 4.4.0-2: + Moved xen-syms file so 09_xen won't pick it up as a potential kernel. + Added XSA 89 Security patch + Minor PKGBUILD cleanup/changes + +2014-03-10 David Sutton <kantras - gmail.com> + * 4.4.0-1: + New upstream release + Cleaned up old unnecessary patches + +2014-02-19 David Sutton <kantras - gmail.com> + * 4.3.2-1: + New upstream release + Removed unnecessary security patches (since now integrated into source) + Attempts to pull down additional required source file to ensure not corrupted + Added missing dependancy libseccomp + +2013-11-25 David Sutton <kantras - gmail.com> + * 4.3.1-2: + Changed bluez dependancy from bluez4 to bluez + Added recent security patches + +2013-10-31 David Sutton <kantras - gmail.com> + * 4.3.1-1: + New upstream release + Removed unnecessary security patches (already merged) + Fixed BIOS Workaround patch to apply to the new source files + Fixed ATI Passthrough patch to apply to the new source files + Updated paths in all patches + +2013-09-29 David Sutton <kantras - gmail.com> + * 4.3.0-7: + Fixed optdepends in PKGBUILD + Added in a pre_remove function in xen.install to disable services + Minor text formating changes in xen.install + Added XSA 62,63,64 and 66 patches (Xen Security Advisories) + +2013-09-29 David Sutton <kantras - gmail.com> + * 4.3.0-6: + Fixed 09_xen so it can detect lts kernels + +2013-09-28 David Sutton <kantras - gmail.com> + * 4.3.0-5: + Fixed mount option in 09_xen from ro to rw + Added in dummy /etc/xen/grub.conf to control settings in 09_xen + Fix library sanitize so that it returns to the base directory + Move the syms file to /usr/share/xen so that it is out of the way of boot but still accessible + Added optional dependancy for openvswitch + +2013-08-13 David Sutton <kantras - gmail.com> + * 4.3.0-4 : + Added patch for qemu-xen to add a TOM register for PCI Hole mapping + Protected /etc/conf.d/xendomains from being overwritten + Included ATI Passthrough patch (not enabled by default, compile tested only) + +2013-07-23 David Sutton <kantras - gmail.com> + + * 4.3.0-3 : + added ChangeLog. + Cleaned up PKGBUILD to match Arch Package Standards + Fixed some path references - /var/run to /run + Removed some unnecessary empty directories + Updated xenconsoled and xenstored so they use /run for pid file + Updated auto-created /run directories to include xenstored + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..2e4e39dc0a49 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,239 @@ +# Maintainer: David Sutton <kantras - gmail.com> +# Contributor: Shanmu Thiagaraja <sthiagaraja+AUR@prshanmu.com> +# Contributor: Limao Luo +# Contributor: Luceo +# Contributor: Revellion + +pkgname=xen-4.4 +_pkgname=xen +pkgver=4.4.2 +pkgrel=3 +pkgdesc="Virtual Machine Hypervisor & Tools" +arch=(i686 x86_64) +url="http://www.xenproject.org/" +license=(GPL2) +depends=(bin86 bridge-utils curl gnutls iproute2 libaio libcap-ng libiscsi libjpeg-turbo libpng libseccomp lzo2 nss pixman pciutils python python2 sdl wget vde2 yajl) +[[ "$CARCH" == "x86_64" ]] && depends+=(lib32-glibc) +makedepends=(cmake dev86 git iasl markdown ocaml-findlib) +optdepends=('xen-docs: Official Xen Documentation' 'openvswitch: Optional Networking support') +conflicts=(xen xen-4.2{,-testing-hg} xen-{gdbsx,hg-unstable,rc,git} xen-4.3{,-testing-hg}) +backup=(etc/modules-load.d/$_pkgname.conf etc/$_pkgname/xl.conf etc/conf.d/xen{stored,consoled,domains,commons} etc/$_pkgname/grub.conf) +options=(!buildflags !strip) +install=$_pkgname.install +changelog=ChangeLog +source=(http://bits.xensource.com/oss-xen/release/$pkgver/$_pkgname-$pkgver.tar.gz + http://xenbits.xen.org/xen-extfiles/ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz + http://xenbits.xen.org/xen-extfiles/lwip-1.3.0.tar.gz + http://xenbits.xen.org/xen-extfiles/zlib-1.2.3.tar.gz + http://xenbits.xen.org/xen-extfiles/newlib-1.16.0.tar.gz + http://xenbits.xen.org/xen-extfiles/pciutils-2.2.9.tar.bz2 + http://xenbits.xen.org/xen-extfiles/polarssl-1.1.4-gpl.tgz + http://xenbits.xen.org/xen-extfiles/grub-0.97.tar.gz + http://xenbits.xen.org/xen-extfiles/tpm_emulator-0.7.4.tar.gz + http://xenbits.xen.org/xen-extfiles/gmp-4.3.2.tar.bz2 + xen.install + 09_xen + ati-passthrough.patch + disable-bluez.patch + etherboot-gcc5.patch + gcc5.patch + gnutls-3.4.0.patch::http://git.alpinelinux.org/cgit/aports/plain/main/xen/gnutls-3.4.0.patch?id=628f27939412a7d6fb67734bd644119a1f49463a + seabios-gcc5.patch + xen-gcc5.patch + xsa133-qemut.patch + xsa133-qemuu.patch + proc-xen.mount + var-lib-xenstored.mount + xenconsoled.service + conf.d-xenconsoled + xendomains.service + xendomU@.service + xenstored.service + conf.d-xenstored + tmpfiles.d-$_pkgname.conf + grub.conf + $_pkgname.conf) +noextract=(lwip-1.3.0.tar.gz + zlib-1.2.3.tar.gz + newlib-1.16.0.tar.gz + pciutils-2.2.9.tar.bz2 + polarssl-1.1.4-gpl.tgz + grub-0.97.tar.gz + tpm_emulator-0.7.4.tar.gz + gmp-4.3.2.tar.bz2 + ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz) + +sha256sums=('cd53592e86669e5e8c4d4a731b0199e8af17d8eadbb8f26dbb69f1b751259204' + '632ce8c193ccacc3012bd354bdb733a4be126f7c098e111930aa41dad537405c' + '772e4d550e07826665ed0528c071dd5404ef7dbe1825a38c8adbc2a00bca948f' + '1795c7d067a43174113fdf03447532f373e1c6c57c08d61d9e4e9be5e244b05e' + 'db426394965c48c1d29023e1cc6d965ea6b9a9035d8a849be2750ca4659a3d07' + 'f60ae61cfbd5da1d849d0beaa21f593c38dac9359f0b3ddc612f447408265b24' + '2d29fd04a0d0ba29dae6bd29fb418944c08d3916665dcca74afb297ef37584b6' + '4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b' + '4e48ea0d83dd9441cc1af04ab18cd6c961b9fa54d5cbf2c2feee038988dea459' + '936162c0312886c21581002b79932829aa048cfaf9937c6265aeaa14f1cd1775' + 'd80117b187f2c607f53fcfc012e871b2f1c15fbb44f38728b1a29fa9e3f0808b' + '06c9f6140f7ef4ccfc4b1a7d9732a673313e269733180f53afcd9e43bf6c26bb' + 'd93c2d5bcdf0c3e4c6e8efb357cb4b9d618209025361f5ccd9d03651a8acd7a3' + '0ba03980b4d300fea3f8bbe47b188a491ddf871246e5bd214b1ed15e971324d2' + 'deeec880522c1374ad135dc8b4c14c7b301464a60fbac410efb3db70f670eed9' + '01fda9bf39f044d6f01e17965f576935595e6453d9aac346cf0c608de541a2c2' + 'e25d38376e22f6f935d2c0ce1b9d6e6b47ff261b5e6056bc3b47168739d7a992' + '756a7ce9b6e89a12968cbaf9d03cb84b7fed7ab8bf40fbc05b4b035e8e56d7f3' + '9233e2fd2e401fabf910e8e267beceefdea3d64ba1e09a6c4fea400843d96e8b' + 'e7ca0106a9d4bfe472b3b52bbed8646b47305634ff16c3e17ed6185296a7e7ff' + '0cbc0415ef63bc195a0338441f3770d9fe6741e894879e35d1a6609ad028e42f' + '139eed988bfaf8edc8ccdfd0b668382bd63db48ce17be91776182a7e28e9d88c' + 'c19146931c6ab8e53092bd9b2ebbfda5c76fd22ad3b1d42dcda3dd1b61f123ff' + 'e4af7891e816b9549ebeff766a78036626c0e278734e5625b8e7d68729530ded' + '48d76cc6f25caa79b3f527c96a0883b1decb9012f6616f61336c8d43791bf007' + '0bd45d9de6456c4f9adf32e726f2db3a3cd0423c1d161b442e8a1666d2e68e3f' + '012cc60ffdcb0e061d04d404eb9232734554aef4dc4b551f66adf82a655e6e41' + '633d334c55395fac3f16dbe56dd7b7524d560b513d1895b53c89943033a45f39' + '0e1ad0a6a72b0c22025a556c23235a8f663427f1e769c45fe39d1c525bf82eff' + '40e0760810a49f925f2ae9f986940b40eba477dc6d3e83a78baaae096513b3cf' + '3f0af16958c3e057b9baa5afc47050d9adf7dd553274dd97ae4f35938fefb568' + '50a9b7fd19e8beb1dea09755f07318f36be0b7ec53d3c9e74f3266a63e682c0c') + +prepare() { + cd "$_pkgname-$pkgver/" + + ### Patching + + # Security Patches + + # Security Patches - qemu-xen + cd tools/qemu-xen-traditional + patch -p1 -i "$srcdir/xsa133-qemut.patch" + cd ../../ + + # Security Patches - qemu-upstream + cd tools/qemu-xen + patch -p1 -i "$srcdir/xsa133-qemuu.patch" + cd ../../ + + # Compile Patches + patch -Np1 -i "$srcdir/disable-bluez.patch" + patch -Np1 -i "$srcdir/gnutls-3.4.0.patch" + patch -p1 -i "$srcdir/xen-gcc5.patch" + patch -p1 -i "$srcdir/gcc5.patch" + echo "etherboot-gcc5.patch" >> tools/firmware/etherboot/patches/series + cp "$srcdir/seabios-gcc5.patch" tools/firmware/ + cp "$srcdir/etherboot-gcc5.patch" tools/firmware/etherboot/patches/ + + # Uncomment line below if you want to enable ATI Passthrough support (some reported successes, untested with 4.4) + #patch -Np1 -i "$srcdir/ati-passthrough.patch" + + # Fix Install Paths + sed -i 's:/sbin:/bin:' config/StdGNU.mk + sed -i 's:/var/lock:/run/lock:' config/StdGNU.mk + sed -i 's:/var/run:/run:' config/StdGNU.mk + + # Bypass distribution auto-discovery + echo "CONFIG_LEAF_DIR=default" >> .config + echo "SUBSYS_DIR=/run" >> .config + echo "INITD_DIR=/etc/init.d" >> .config + + # Copy supporting tarballs into place + cp "$srcdir/lwip-1.3.0.tar.gz" stubdom/ + cp "$srcdir/zlib-1.2.3.tar.gz" stubdom/ + cp "$srcdir/newlib-1.16.0.tar.gz" stubdom/ + cp "$srcdir/pciutils-2.2.9.tar.bz2" stubdom/ + cp "$srcdir/polarssl-1.1.4-gpl.tgz" stubdom/ + cp "$srcdir/grub-0.97.tar.gz" stubdom/ + cp "$srcdir/tpm_emulator-0.7.4.tar.gz" stubdom/ + cp "$srcdir/gmp-4.3.2.tar.bz2" stubdom/ + cp "$srcdir/ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz" tools/firmware/etherboot/ipxe.tar.gz + +} + +build() { + export CFLAGS+='-Wall -Wstrict-prototypes -Wno-unused-local-typedefs -Wno-sizeof-pointer-memaccess -fno-caller-saves' + cd "$_pkgname-$pkgver/" + ./autogen.sh + ./configure PYTHON=/usr/bin/python2 --prefix=/usr --localstatedir=/run --enable-xend + make LANG=C PYTHON=python2 dist-{xen,tools,kernels} + export CFLAGS=-fno-caller-saves + make LANG=C PYTHON=python2 dist-stubdom +} + +package() { + cd "$_pkgname-$pkgver/" + + make DESTDIR="$pkgdir" LANG=C PYTHON=python2 install-{xen,tools,kernels,stubdom} + + # Install files from AUR package + cd ../ + for f in ${source[@]}; do + [[ $f =~ .mount || $f =~ .service ]] && install -Dm644 $f "$pkgdir"/usr/lib/systemd/system/$f + done + install -Dm644 tmpfiles.d-$_pkgname.conf "$pkgdir"/usr/lib/tmpfiles.d/$_pkgname.conf + install -Dm644 $_pkgname.conf "$pkgdir"/etc/modules-load.d/$_pkgname.conf + install -Dm644 conf.d-xenstored "$pkgdir"/etc/conf.d/xenstored + install -Dm644 conf.d-xenconsoled "$pkgdir"/etc/conf.d/xenconsoled + install -Dm644 grub.conf "$pkgdir"/etc/xen/grub.conf + install -Dm755 09_xen "$pkgdir"/etc/grub.d/09_xen + + cd "$pkgdir" + + # Fix paths in scripts, move to right locations and create missing directories + sed -i 's:/etc/sysconfig:/etc/conf.d:' etc/init.d/xendomains + sed -i 's:/var/lock:/run/lock:' etc/init.d/xendomains + sed -i 's:/var/lock:/run/lock:' etc/xen/scripts/hotplugpath.sh + sed -i 's:/var/run:/run:' etc/init.d/xencommons + sed -i 's:/var/run:/run:' etc/xen/scripts/hotplugpath.sh + sed -i 's:/var/run:/run:' etc/xen/scripts/locking.sh + + mv etc/init.d/xencommons etc/xen/scripts/xencommons + mv etc/init.d/xendomains etc/xen/scripts/xendomains + mv etc/init.d/xen-watchdog etc/xen/scripts/xen-watchdog + mv etc/default/xencommons etc/conf.d/xencommons + mv etc/default/xendomains etc/conf.d/xendomains + mv var/xen/dump var/lib/xen/ + mkdir var/log/xen/console + + # Sanitize library path (if lib64 exists) + if [[ -d usr/lib64 ]]; then + cd usr/ + cp -r lib64/* lib/ + rm -rf lib64 + cd ../ + fi + + # Compress syms file and move to a share location + gzip boot/$_pkgname-syms-* + mv boot/$_pkgname-syms-*.gz usr/share/xen + + ##### Kill unwanted stuff ##### + # hypervisor symlinks + rm -f boot/xen{,-4,-4.4}.gz + + # Documentation cleanup ( see xen-docs package ) + rm -rf usr/share/doc + rm -rf usr/share/man + + # Pointless helper cleanup + rm -f usr/bin/xen-python-path + + # Unnecessary qemu support files + rm -rf usr/bin/qemu-*-xen + rm -rf usr/etc + rm -rf usr/libexec + rm usr/share/qemu-xen/qemu/{palcode,openbios}-* + rm usr/share/xen/qemu/openbios-* + + # Clean up udev rules naming + mv etc/udev/rules.d/xen-backend.rules etc/udev/rules.d/40-xen-backend.rules + + # Cleanup additional leftover files + rm -rf usr/include/cacard + rm -f usr/lib/libcacard* + rm -f usr/lib/pkgconfig/libcacard.pc + + # Clean up left over empty directories + rm -rf var/run var/lock var/xen etc/default etc/init.d + + # adhere to Static Library Packaging Guidelines + rm -rf usr/lib/*.a +} diff --git a/ati-passthrough.patch b/ati-passthrough.patch new file mode 100644 index 000000000000..7c20b1ecd61a --- /dev/null +++ b/ati-passthrough.patch @@ -0,0 +1,415 @@ +--- xen-4.3.1/tools/qemu-xen-traditional/hw/pass-through.c Thu Sep 6 11:05:30 2012 ++++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pass-through.c Sat Nov 24 08:27:07 2012 +@@ -1438,9 +1438,17 @@ static void pt_ioport_map(PCIDevice *d, + if (e_phys != -1) + { + /* Create new mapping */ +- ret = xc_domain_ioport_mapping(xc_handle, domid, e_phys, +- assigned_device->bases[i].access.pio_base, e_size, +- DPCI_ADD_MAPPING); ++ if ( vga_skip_ioport_map(d) ) ++ { ++ assigned_device->bases[i].e_physbase = -1; ++ } ++ else ++ { ++ ret = xc_domain_ioport_mapping(xc_handle, domid, e_phys, ++ assigned_device->bases[i].access.pio_base, e_size, ++ DPCI_ADD_MAPPING); ++ } ++ + if ( ret != 0 ) + { + PT_LOG("Error: create new mapping failed!\n"); +--- xen-4.3.1/tools/qemu-xen-traditional/hw/pass-through.h Thu Sep 6 11:05:30 2012 ++++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pass-through.h Sat Nov 24 08:27:07 2012 +@@ -419,6 +419,11 @@ int pt_pci_host_write(struct pci_dev *pc + void intel_pch_init(PCIBus *bus); + int register_vga_regions(struct pt_dev *real_device); + int unregister_vga_regions(struct pt_dev *real_device); ++int vga_skip_ioport_map(PCIDevice *d); ++int igd_register_vga_regions(struct pt_dev *real_device); ++int igd_unregister_vga_regions(struct pt_dev *real_device); ++int ati_register_vga_regions(struct pt_dev *real_device); ++int ati_unregister_vga_regions(struct pt_dev *real_device); + int setup_vga_pt(struct pt_dev *real_device); + PCIBus *intel_pci_bridge_init(PCIBus *bus, int devfn, uint16_t vid, + uint16_t did, const char *name, uint16_t revision); +--- xen-4.3.1/tools/qemu-xen-traditional/hw/pci.h Thu Sep 6 11:05:30 2012 ++++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pci.h Sat Nov 24 08:27:07 2012 +@@ -54,6 +54,8 @@ extern target_phys_addr_t pci_mem_base; + + #define PCI_VENDOR_ID_CIRRUS 0x1013 + ++#define PCI_VENDOR_ID_ATI 0x1002 ++ + #define PCI_VENDOR_ID_IBM 0x1014 + #define PCI_DEVICE_ID_IBM_OPENPIC2 0xffff + +--- xen-4.3.1/tools/qemu-xen-traditional/hw/pt-graphics.c Thu Sep 6 11:05:30 2012 ++++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pt-graphics.c Sat Nov 24 08:28:10 2012 +@@ -13,6 +13,207 @@ + + extern int gfx_passthru; + extern int igd_passthru; ++/*********************************/ ++/* Code for ATI GFX Passthru */ ++/*********************************/ ++/* ATI VBIOS Working Mechanism ++ * ++ * Generally there are three memory resources (two MMIO and one PIO) ++ * associated with modern ATI gfx. VBIOS uses special tricks to figure out ++ * BARs, instead of using regular PCI config space read. ++ * ++ * (1) VBIOS relies on I/O port 0x3C3 to retrieve PIO BAR ++ * (2) VBIOS maintains a shadow copy of PCI configure space. It retries the ++ * MMIO BARs from this shadow copy via sending I/O requests to first two ++ * registers of PIO (MMINDEX and MMDATA). The workflow is like this: ++ * MMINDEX (register 0) is written with an index value, specifying the ++ * register VBIOS wanting to access. Then the shadowed data can be ++ * read/written from MMDATA (register 1). For two MMIO BARs, the index ++ * values are 0x4010 and 0x4014 respectively. ++ * ++ */ ++ ++#define ATI_BAR1_INDEX 0 //MMIO BAR1 ++#define ATI_BAR2_INDEX 1 //MMIO BAR2 ++#define ATI_BAR5_INDEX 4 //PIO BAR == BAR5 ++ ++#define ATI_BAR1_MMINDEX 0x4010 //data written to MMINDEX for MMIO BAR1 ++#define ATI_BAR2_MMINDEX 0x4014 //data written to MMINDEX FOR MMIO BAR2 ++ ++struct ati_gfx_info { ++ int initialized; /* initialized already? */ ++ ++ /* PIO */ ++ uint32_t host_pio_base; /* host base addr of PIO */ ++ uint32_t guest_pio_base; /* guest base addr of PIO */ ++ uint32_t pio_size; /* PIO size */ ++ ++ /* MMIO */ ++ uint32_t guest_mmio_base1; /* guest base addr of MMIO 1 */ ++ uint32_t guest_mmio_base2; /* guest base addr of MMIO 2 */ ++ ++ /* PIO MMINDEX access recording */ ++ uint32_t pre_mmindex_data; /* previous data written to MMINDEX */ ++}; ++ ++static struct ati_gfx_info gfx_info; ++ ++/* Convert guest PIO port to host PIO port */ ++static uint16_t gport_to_hport(uint16_t gport) ++{ ++ return (gport - gfx_info.guest_pio_base) + gfx_info.host_pio_base; ++} ++ ++/* Read host PIO port */ ++static uint32_t ati_hw_in(uint16_t hport) ++{ ++ unsigned val; ++ ++ //iopl(3); ++ asm volatile ("in %1,%0":"=a"(val):"Nd"(hport)); ++ //iopl(0); ++ ++ return val; ++} ++ ++/* Write data to host PIO */ ++static void ati_hw_out(uint16_t hport, uint32_t data) ++{ ++ //iopl(3); ++ asm volatile ("out %1, %0"::"Nd"(hport),"a"(data)); ++ //iopl(0); ++} ++ ++static uint32_t ati_io_regs_read(void *opaque, uint32_t addr) ++{ ++ uint32_t val; ++ ++ val = ati_hw_in(gport_to_hport(addr)); ++ ++ /* tweak the value if VBIOS is reading MMIO BAR1 and BAR2 */ ++ if ( addr == (gfx_info.guest_pio_base + 4) ) ++ { ++ switch ( gfx_info.pre_mmindex_data ) ++ { ++ case ATI_BAR1_MMINDEX: ++ val = gfx_info.guest_mmio_base1 | (val & 0x0000000f); ++ break; ++ case ATI_BAR2_MMINDEX: ++ val = gfx_info.guest_mmio_base2 | (val & 0x0000000f); ++ break; ++ default: ++ break; ++ } ++ } ++ ++ return val; ++} ++ ++static void ati_io_regs_write(void *opaque, uint32_t addr, uint32_t val) ++{ ++ ati_hw_out(gport_to_hport(addr), val); ++ ++ /* book keeping */ ++ if ( addr == gfx_info.guest_pio_base ) ++ gfx_info.pre_mmindex_data = val; ++} ++ ++static void ati_gfx_init(struct pt_dev *assigned) ++{ ++ PCIDevice *dev = (PCIDevice *)&assigned->dev; ++ ++ register_ioport_read(dev->io_regions[ATI_BAR5_INDEX].addr, ++ dev->io_regions[ATI_BAR5_INDEX].size, 4, ati_io_regs_read, assigned); ++ ++ register_ioport_write(dev->io_regions[ATI_BAR5_INDEX].addr, ++ dev->io_regions[ATI_BAR5_INDEX].size, 4, ati_io_regs_write, assigned); ++ ++ /* initialize IO registers */ ++ gfx_info.guest_pio_base = dev->io_regions[ATI_BAR5_INDEX].addr; ++ gfx_info.pio_size = dev->io_regions[ATI_BAR5_INDEX].size; ++ gfx_info.host_pio_base = assigned->bases[ATI_BAR5_INDEX].access.pio_base; ++ ++ gfx_info.guest_mmio_base1 = dev->io_regions[ATI_BAR1_INDEX].addr; ++ gfx_info.guest_mmio_base2 = dev->io_regions[ATI_BAR2_INDEX].addr; ++ gfx_info.initialized = 1; ++ ++ PT_LOG("guest_pio_bar = 0x%x, host_pio_bar = 0x%x, pio_size=0x%x " ++ "guest_mmio_bar1=0x%x, guest_mmio_bar2=0x%x\n", ++ gfx_info.guest_pio_base, gfx_info.host_pio_base, gfx_info.pio_size, ++ gfx_info.guest_mmio_base1, gfx_info.guest_mmio_base2); ++} ++ ++static uint32_t ati_legacy_io_read(void *opaque, uint32_t addr) ++{ ++ struct pt_dev *assigned_device = opaque; ++ PCIDevice *dev = (PCIDevice *)&assigned_device->dev; ++ uint32_t val = 0xFF; ++ ++ switch( addr ) ++ { ++ case 0x3c3: ++ val = dev->io_regions[ATI_BAR5_INDEX].addr >> 8; ++ /* Intercept GFX IO registers. This supposes to happen in ++ * ati_register_vga_regions(). But we cannot get guest phys IO BAR ++ * over there. */ ++ if ( !gfx_info.initialized ) ++ ati_gfx_init(assigned_device); ++ break; ++ default: ++ PT_LOG("ERROR: port 0x%x I/O read not handled\n", addr); ++ break; ++ } ++ ++ return val; ++} ++ ++static void ati_legacy_io_write(void *opaque, uint32_t addr, uint32_t val) ++{ ++ PT_LOG("ERROR: port 0x%x I/O write not handled\n", addr); ++} ++ ++int ati_register_vga_regions(struct pt_dev *real_device) ++{ ++ PCIDevice *dev = (PCIDevice *)&real_device->dev; ++ int ret = 0; ++ ++ /* We need to intercept VBIOS accesses to port 0x3C3, which returns ++ * device port I/O BAR. For the rest of legacy I/O ports, we allow direct ++ * accesses. ++ */ ++ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, ++ 0x3C0, 0x3, DPCI_ADD_MAPPING); ++ ++ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C4, ++ 0x3C4, 0x1C, DPCI_ADD_MAPPING); ++ ++ register_ioport_read(0x3c3, 1, 1, ati_legacy_io_read, real_device); ++ register_ioport_write(0x3c3, 1, 1, ati_legacy_io_write, real_device); ++ ++ /* initialized on the first port 0x3C3 access in ati_gfx_init */ ++ gfx_info.initialized = 0; ++ ++ return ret; ++} ++ ++int ati_unregister_vga_regions(struct pt_dev *real_device) ++{ ++ int ret = 0; ++ ++ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, ++ 0x3C0, 0x3, DPCI_REMOVE_MAPPING); ++ ++ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C4, ++ 0x3C4, 0x1C, DPCI_REMOVE_MAPPING); ++ ++ gfx_info.initialized = 0; ++ ++ return ret; ++} ++ ++/*********************************/ ++/* Code for Intel IGD Passthru */ ++/*********************************/ + + static uint32_t igd_guest_opregion = 0; + +@@ -176,6 +377,77 @@ read_default: + return pci_default_read_config(pci_dev, config_addr, len); + } + ++int igd_register_vga_regions(struct pt_dev *real_device) ++{ ++ u32 vendor_id, igd_opregion; ++ int ret = 0; ++ ++ /* legacy I/O ports 0x3C0 -- 0x3E0 */ ++ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, ++ 0x3C0, 0x20, DPCI_ADD_MAPPING); ++ ++ /* 1:1 map ASL Storage register value */ ++ vendor_id = pt_pci_host_read(real_device->pci_dev, PCI_VENDOR_ID, 2); ++ igd_opregion = pt_pci_host_read(real_device->pci_dev, PCI_INTEL_OPREGION, 4); ++ if ( (vendor_id == PCI_VENDOR_ID_INTEL) && igd_opregion ) ++ { ++ ret |= xc_domain_memory_mapping(xc_handle, domid, ++ igd_opregion >> XC_PAGE_SHIFT, ++ igd_opregion >> XC_PAGE_SHIFT, ++ 2, ++ DPCI_ADD_MAPPING); ++ PT_LOG("register_vga: igd_opregion = %x\n", igd_opregion); ++ } ++ ++ return ret; ++} ++ ++int igd_unregister_vga_regions(struct pt_dev *real_device) ++{ ++ u32 vendor_id, igd_opregion; ++ int ret = 0; ++ ++ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, ++ 0x3C0, 0x20, DPCI_REMOVE_MAPPING); ++ ++ vendor_id = pt_pci_host_read(real_device->pci_dev, PCI_VENDOR_ID, 2); ++ igd_opregion = pt_pci_host_read(real_device->pci_dev, PCI_INTEL_OPREGION, 4); ++ if ( (vendor_id == PCI_VENDOR_ID_INTEL) && igd_opregion ) ++ { ++ ret |= xc_domain_memory_mapping(xc_handle, domid, ++ igd_opregion >> XC_PAGE_SHIFT, ++ igd_opregion >> XC_PAGE_SHIFT, ++ 2, ++ DPCI_REMOVE_MAPPING); ++ } ++ ++ return ret; ++} ++/*********************************/ ++/* Generic Code for GFX Passthru */ ++/*********************************/ ++/* This function decides whether I/O port map should be skipped */ ++int vga_skip_ioport_map(PCIDevice *d) ++{ ++ struct pt_dev *dev = (struct pt_dev *)d; ++ int skip = 0; ++ ++ if ( !gfx_passthru || dev->pci_dev->device_class != 0x0300 ) ++ return 0; ++ ++ switch( dev->pci_dev->vendor_id ) ++ { ++ case PCI_VENDOR_ID_ATI: ++ case PCI_VENDOR_ID_AMD: ++ skip = 1; ++ break; ++ default: ++ skip = 0; ++ break; ++ } ++ ++ return skip; ++} + /* + * register VGA resources for the domain with assigned gfx + */ +@@ -187,18 +459,33 @@ int register_vga_regions(struct pt_dev * + if ( !gfx_passthru || real_device->pci_dev->device_class != 0x0300 ) + return ret; + ++ /* legacy I/O ports 0x3B0 - 0x3BC */ + ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3B0, + 0x3B0, 0xC, DPCI_ADD_MAPPING); + +- ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, +- 0x3C0, 0x20, DPCI_ADD_MAPPING); +- ++ /* legacy video MMIO range 0xA0000 - 0xBFFFF */ + ret |= xc_domain_memory_mapping(xc_handle, domid, + 0xa0000 >> XC_PAGE_SHIFT, + 0xa0000 >> XC_PAGE_SHIFT, + 0x20, + DPCI_ADD_MAPPING); + ++ /* Other VGA regions are vendor specific */ ++ switch( real_device->pci_dev->vendor_id ) ++ { ++ case PCI_VENDOR_ID_INTEL: ++ ret = igd_register_vga_regions(real_device); ++ break; ++ case PCI_VENDOR_ID_ATI: ++ case PCI_VENDOR_ID_AMD: ++ ret = ati_register_vga_regions(real_device); ++ break; ++ default: ++ PT_LOG("gfx card wasn't supported by Xen passthru!\n"); ++ ret = 1; ++ break; ++ } ++ + if ( ret != 0 ) + PT_LOG("VGA region mapping failed\n"); + +@@ -216,26 +503,31 @@ int unregister_vga_regions(struct pt_dev + if ( !gfx_passthru || real_device->pci_dev->device_class != 0x0300 ) + return ret; + ++ /* legacy I/O ports 0x3B0 - 0x3BC */ + ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3B0, + 0x3B0, 0xC, DPCI_REMOVE_MAPPING); + +- ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, +- 0x3C0, 0x20, DPCI_REMOVE_MAPPING); +- ++ /* legacy video MMIO range 0xA0000 - 0xBFFFF */ + ret |= xc_domain_memory_mapping(xc_handle, domid, + 0xa0000 >> XC_PAGE_SHIFT, + 0xa0000 >> XC_PAGE_SHIFT, + 20, + DPCI_REMOVE_MAPPING); + +- vendor_id = pt_pci_host_read(real_device->pci_dev, PCI_VENDOR_ID, 2); +- if ( (vendor_id == PCI_VENDOR_ID_INTEL) && igd_guest_opregion ) ++ /* Other VGA regions are vendor specific */ ++ switch( real_device->pci_dev->vendor_id ) + { +- ret |= xc_domain_memory_mapping(xc_handle, domid, +- igd_guest_opregion >> XC_PAGE_SHIFT, +- igd_guest_opregion >> XC_PAGE_SHIFT, +- 2, +- DPCI_REMOVE_MAPPING); ++ case PCI_VENDOR_ID_INTEL: ++ ret = igd_unregister_vga_regions(real_device); ++ break; ++ case PCI_VENDOR_ID_ATI: ++ case PCI_VENDOR_ID_AMD: ++ ret = ati_unregister_vga_regions(real_device); ++ break; ++ default: ++ PT_LOG("gfx card wasn't supported by Xen passthru!\n"); ++ ret = 1; ++ break; + } + + if ( ret != 0 ) diff --git a/conf.d-xenconsoled b/conf.d-xenconsoled new file mode 100644 index 000000000000..9dee0960a14e --- /dev/null +++ b/conf.d-xenconsoled @@ -0,0 +1,14 @@ +# No logging (default) +#XENCONSOLED_LOG=none +# Log guest console output only +#XENCONSOLED_LOG=guest +# Log hypervisor messages only +#XENCONSOLED_LOG=hv +# Log both guest console output and hypervisor messages +XENCONSOLED_LOG=all + +# Location to store guest & hypervisor logs +XENCONSOLED_LOG_DIR=/var/log/xen/console + +#XENCONSOLED_ARGS= + diff --git a/conf.d-xenstored b/conf.d-xenstored new file mode 100644 index 000000000000..366abf9ad525 --- /dev/null +++ b/conf.d-xenstored @@ -0,0 +1,2 @@ +#XENSTORED_ARGS=" -T /var/log/xen/xenstored-trace.log" +XENDOM0_NAME="Domain-0" diff --git a/disable-bluez.patch b/disable-bluez.patch new file mode 100644 index 000000000000..d420f038c82d --- /dev/null +++ b/disable-bluez.patch @@ -0,0 +1,21 @@ +--- a/tools/qemu-xen-traditional/xen-setup 2013-12-19 09:19:49.000000000 -0600 ++++ b/tools/qemu-xen-traditional/xen-setup 2014-06-18 19:07:28.018807657 -0500 +@@ -18,7 +18,7 @@ + XEN_SCRIPT_DIR="/etc/xen/scripts" + fi + +-${QEMU_ROOT:-.}/configure --disable-gfx-check --disable-curses --disable-slirp "$@" --prefix=${PREFIX} ++${QEMU_ROOT:-.}/configure --disable-gfx-check --disable-curses --disable-slirp "$@" --prefix=${PREFIX} --disable-bluez + + if [ "x$XEN_ROOT" != x ]; then + echo "XEN_ROOT=$XEN_ROOT" >>config-host.mak +--- a/tools/Makefile 2014-03-10 05:43:57.000000000 -0500 ++++ b/tools/Makefile.new 2014-06-18 20:07:56.707835949 -0500 +@@ -203,6 +203,7 @@ + --disable-kvm \ + --disable-docs \ + --disable-guest-agent \ ++ --disable-bluez \ + --python=$(PYTHON) \ + $(IOEMU_CONFIGURE_CROSS); \ + $(MAKE) all diff --git a/etherboot-gcc5.patch b/etherboot-gcc5.patch new file mode 100644 index 000000000000..38838ce9b834 --- /dev/null +++ b/etherboot-gcc5.patch @@ -0,0 +1,40 @@ +--- a/src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c 2011-12-11 03:28:04.000000000 +0100 ++++ b/src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c 2015-05-25 11:14:30.732759966 +0200 +@@ -1141,7 +1141,7 @@ + REG_CLR_BIT(ah, AR_PHY_SFCORR_LOW, + AR_PHY_SFCORR_LOW_USE_SELF_CORR_LOW); + +- if (!on != aniState->ofdmWeakSigDetectOff) { ++ if ((!on) != aniState->ofdmWeakSigDetectOff) { + if (on) + ah->stats.ast_ani_ofdmon++; + else +@@ -1307,7 +1307,7 @@ + REG_CLR_BIT(ah, AR_PHY_SFCORR_LOW, + AR_PHY_SFCORR_LOW_USE_SELF_CORR_LOW); + +- if (!on != aniState->ofdmWeakSigDetectOff) { ++ if ((!on) != aniState->ofdmWeakSigDetectOff) { + DBG2("ath9k: " + "** ch %d: ofdm weak signal: %s=>%s\n", + chan->channel, +--- a/src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c 2011-12-11 03:28:04.000000000 +0100 ++++ b/src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c 2015-05-25 10:33:05.576229086 +0200 +@@ -859,7 +859,7 @@ + REG_CLR_BIT(ah, AR_PHY_SFCORR_LOW, + AR_PHY_SFCORR_LOW_USE_SELF_CORR_LOW); + +- if (!on != aniState->ofdmWeakSigDetectOff) { ++ if ((!on) != aniState->ofdmWeakSigDetectOff) { + DBG2("ath9k: " + "** ch %d: ofdm weak signal: %s=>%s\n", + chan->channel, +@@ -1013,7 +1013,7 @@ + AR_PHY_MRC_CCK_ENABLE, is_on); + REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL, + AR_PHY_MRC_CCK_MUX_REG, is_on); +- if (!is_on != aniState->mrcCCKOff) { ++ if ((!is_on) != aniState->mrcCCKOff) { + DBG2("ath9k: " + "** ch %d: MRC CCK: %s=>%s\n", + chan->channel, diff --git a/gcc5.patch b/gcc5.patch new file mode 100644 index 000000000000..8fe0cc315c10 --- /dev/null +++ b/gcc5.patch @@ -0,0 +1,10 @@ +--- a/tools/firmware/Makefile 2015-07-04 19:12:25.128440156 -0500 ++++ b/tools/firmware/Makefile 2015-07-04 19:14:17.614028900 -0500 +@@ -23,6 +23,7 @@ + + seabios-dir: + GIT=$(GIT) $(XEN_ROOT)/scripts/git-checkout.sh $(SEABIOS_UPSTREAM_URL) $(SEABIOS_UPSTREAM_TAG) seabios-dir ++ patch -Np1 -i seabios-gcc5.patch + cp seabios-config seabios-dir/.config; + + .PHONY: all diff --git a/grub.conf b/grub.conf new file mode 100644 index 000000000000..e456973db062 --- /dev/null +++ b/grub.conf @@ -0,0 +1,3 @@ +#XEN_HYPERVISOR_CMDLINE="xsave=1" +#XEN_LINUX_CMDLINE="console=tty0" +#XEN_LINUX_CMDLINE_OVERRIDE=0 diff --git a/proc-xen.mount b/proc-xen.mount new file mode 100644 index 000000000000..0eaa59c5fab1 --- /dev/null +++ b/proc-xen.mount @@ -0,0 +1,9 @@ +[Unit] +Description=Mount /proc/xen files +ConditionPathExists=/proc/xen +RefuseManualStop=true + +[Mount] +What=xenfs +Where=/proc/xen +Type=xenfs diff --git a/seabios-gcc5.patch b/seabios-gcc5.patch new file mode 100644 index 000000000000..0dbba3b4b7e5 --- /dev/null +++ b/seabios-gcc5.patch @@ -0,0 +1,28 @@ +--- a/seabios-dir-remote/src/kbd.c ++++ b/seabios-dir-remote/src/kbd.c +@@ -117,8 +117,8 @@ static int + kbd_command(int command, u8 *param) + { + if (usb_kbd_active()) +- return stack_hop(command, (u32)param, usb_kbd_command); +- return stack_hop(command, (u32)param, ps2_kbd_command); ++ return usb_kbd_command(command, param); ++ return ps2_kbd_command(command, param); + } + + // read keyboard input +--- a/seabios-dir-remote/src/mouse.c ++++ b/seabios-dir-remote/src/mouse.c +@@ -27,8 +27,8 @@ static int + mouse_command(int command, u8 *param) + { + if (usb_mouse_active()) +- return stack_hop(command, (u32)param, usb_mouse_command); +- return stack_hop(command, (u32)param, ps2_mouse_command); ++ return usb_mouse_command(command, param); ++ return ps2_mouse_command(command, param); + } + + #define RET_SUCCESS 0x00 + +-- diff --git a/tmpfiles.d-xen.conf b/tmpfiles.d-xen.conf new file mode 100644 index 000000000000..a55258b0feae --- /dev/null +++ b/tmpfiles.d-xen.conf @@ -0,0 +1,2 @@ +d /run/xen 0755 root root - +d /run/xenstored 0755 root root - diff --git a/var-lib-xenstored.mount b/var-lib-xenstored.mount new file mode 100644 index 000000000000..1c2015ca2257 --- /dev/null +++ b/var-lib-xenstored.mount @@ -0,0 +1,10 @@ +[Unit] +Description=mount xenstore file system +ConditionPathExists=/proc/xen +RefuseManualStop=true + +[Mount] +What=xenstore +Where=/var/lib/xenstored +Type=tmpfs +Options=mode=755 diff --git a/xen-gcc5.patch b/xen-gcc5.patch new file mode 100644 index 000000000000..701873267f18 --- /dev/null +++ b/xen-gcc5.patch @@ -0,0 +1,11 @@ +--- a/xen/common/symbols.c 2015-01-12 17:53:24.000000000 +0100 ++++ b/xen/common/symbols.c 2015-05-24 18:47:56.186578687 +0200 +@@ -19,7 +19,7 @@ + #include <xen/spinlock.h> + + #ifdef SYMBOLS_ORIGIN +-extern const unsigned int symbols_offsets[1]; ++extern const unsigned int symbols_offsets[]; + #define symbols_address(n) (SYMBOLS_ORIGIN + symbols_offsets[n]) + #else + extern const unsigned long symbols_addresses[]; diff --git a/xen.conf b/xen.conf new file mode 100644 index 000000000000..37a5b59f790a --- /dev/null +++ b/xen.conf @@ -0,0 +1,19 @@ +xen-evtchn +xen-gntdev +xen-gntalloc +xen-blkback +xen-netback +xen-pciback +xen-acpi-processor +## xen-acpi-processor: This module may not work on all machines; try removing this first if it causes issues. + +## The following were included in xencommons, but were not inserted by systemd: +# evtchn +# gntdev +# netbk +# blkbk +# xen-scsibk +# usbbk +# pciback +# blktap2 +# blktap diff --git a/xen.install b/xen.install new file mode 100644 index 000000000000..3de080984b12 --- /dev/null +++ b/xen.install @@ -0,0 +1,73 @@ +install_msg() { + cat << __EOF__ +===> IMPORTANT NOTICES: + +In order to complete the installation, and enable Xen, +at the very least you must: +1. Edit your GRUB2 config files as specified at + https://wiki.archlinux.org/index.php/Xen#Bootloader_Configuration +2. Issue the following commands to allow you to create and start VMs: + systemctl enable xenstored.service + systemctl enable xenconsoled.service +3. If you want some domains to automatically start up/shutdown, run the following: + systemctl enable xendomains.service +4. xen 4.4 no longer includes the xend daemon or the xm binary + +For more information refer to the Wiki: + https://wiki.archlinux.org/index.php/Xen + +__EOF__ + +} + +upgrade_msg() { + cat << __EOF__ + +Note: If you are upgrading from one of the previous 4.2 xen builds, and are having issues + with graphics card passthrough, the default device model used has changed and the + newer model can sometimes have issues. To resolve, add (or change ) the following + line into your domain config file: + device_model_version = "qemu-xen-traditional" + + Also remember to rebuild your grub configuration if upgrading from a non-xen 4.4.1 + install. + + xen 4.4 no longer includes the xend daemon or the xm toolset by default, however + this build does enable it. + + This install is now using a new version of the 09_xen file, used when generating + a new grub.cfg file. The new version inherits the default linux kernel command + line settings; to use the old method, uncomment the 'XEN_LINUX_CMDLINE_OVERRIDE' + option in /etc/xen/grub.conf and change the '0' to '1' +__EOF__ + +} + +post_install() { + install_msg + upgrade_msg +} + +post_upgrade() { + upgrade_msg +} + +pre_remove() { + systemctl stop xendomains.service + systemctl stop xenconsoled.service + systemctl stop xenstored.service + + systemctl disable xendomains.service + systemctl disable xenconsoled.service + systemctl disable xenstored.service +} + +post_remove() { + cat << __EOF__ +===> IMPORTANT NOTICE: + +In order to finish removing Xen, you will need to modify +your bootloader configuration files to load your Linux +kernel instead of Xen kernel. +__EOF__ +} diff --git a/xenconsoled.service b/xenconsoled.service new file mode 100644 index 000000000000..1e06b453766b --- /dev/null +++ b/xenconsoled.service @@ -0,0 +1,18 @@ +[Unit] +Description=Xenconsoled - handles logging from guest consoles and hypervisor +Requires=proc-xen.mount +After=proc-xen.mount xenstored.service +ConditionPathExists=/proc/xen + +[Service] +Type=simple +Environment=XENCONSOLED_ARGS= +Environment=XENCONSOLED_LOG=none +Environment=XENCONSOLED_LOG_DIR=/var/log/xen/console +EnvironmentFile=-/etc/conf.d/xenconsoled +PIDFile=/run/xenconsoled.pid +ExecStartPre=/usr/bin/grep -q control_d /proc/xen/capabilities +ExecStart=/usr/bin/xenconsoled --pid-file /run/xenconsoled.pid --log=${XENCONSOLED_LOG} --log-dir=${XENCONSOLED_LOG_DIR} $XENCONSOLED_ARGS + +[Install] +WantedBy=multi-user.target diff --git a/xendomU@.service b/xendomU@.service new file mode 100644 index 000000000000..b3dd6c7d7d34 --- /dev/null +++ b/xendomU@.service @@ -0,0 +1,12 @@ +[Unit] +Description=xen domU service for domain %i +Requires=xenstored.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/xl create /etc/xen/conf/%i.cfg +ExecStop=/usr/bin/xl shutdown %i + +[Install] +WantedBy=multi-user.target diff --git a/xendomains.service b/xendomains.service new file mode 100644 index 000000000000..d49bd5593e74 --- /dev/null +++ b/xendomains.service @@ -0,0 +1,15 @@ +[Unit] +Description=Xendomains - start and stop guests on boot and shutdown +Requires=proc-xen.mount xenstored.service +After=proc-xen.mount xenstored.service xenconsoled.service +ConditionPathExists=/proc/xen + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStartPre=/usr/bin/grep -q control_d /proc/xen/capabilities +ExecStart=/etc/xen/scripts/xendomains start +ExecStop=/etc/xen/scripts/xendomains stop + +[Install] +WantedBy=multi-user.target diff --git a/xenstored.service b/xenstored.service new file mode 100644 index 000000000000..b090ce860c50 --- /dev/null +++ b/xenstored.service @@ -0,0 +1,21 @@ +[Unit] +Description=Xenstored - daemon managing xenstore file system +Requires=proc-xen.mount var-lib-xenstored.mount systemd-tmpfiles-setup.service +After=proc-xen.mount var-lib-xenstored.mount systemd-tmpfiles-setup.service +Before=libvirtd.service libvirt-guests.service +RefuseManualStop=true +ConditionPathExists=/proc/xen + +[Service] +Type=forking +Environment=XENSTORED_ARGS= +Environment=XENDOM0_NAME=Domain-0 +EnvironmentFile=-/etc/conf.d/xenstored +PIDFile=/run/xenstored.pid +ExecStartPre=/usr/bin/grep -q control_d /proc/xen/capabilities +ExecStart=/usr/bin/xenstored --pid-file /run/xenstored.pid $XENSTORED_ARGS +ExecStartPost=/usr/bin/xenstore-write "/local/domain/0/name" "$XENDOM0_NAME" +ExecStartPost=/usr/bin/xenstore-write "/local/domain/0/domid" 0 + +[Install] +WantedBy=multi-user.target diff --git a/xsa133-qemut.patch b/xsa133-qemut.patch new file mode 100644 index 000000000000..e1b77117df16 --- /dev/null +++ b/xsa133-qemut.patch @@ -0,0 +1,80 @@ +From ac7ddbe342d7aa2303c39ca731cc6229dbbd739b Mon Sep 17 00:00:00 2001 +From: Petr Matousek <pmatouse@redhat.com> +Date: Wed, 6 May 2015 09:48:59 +0200 +Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer + +During processing of certain commands such as FD_CMD_READ_ID and +FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could +get out of bounds leading to memory corruption with values coming +from the guest. + +Fix this by making sure that the index is always bounded by the +allocated memory. + +This is CVE-2015-3456. + +Signed-off-by: Petr Matousek <pmatouse@redhat.com> +Reviewed-by: John Snow <jsnow@redhat.com> +--- + hw/fdc.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/hw/fdc.c b/hw/fdc.c +index b00a4ec..aba02e4 100644 +--- a/hw/fdc.c ++++ b/hw/fdc.c +@@ -1318,7 +1318,7 @@ static uint32_t fdctrl_read_data (fdctrl_t *fdctrl) + { + fdrive_t *cur_drv; + uint32_t retval = 0; +- int pos; ++ uint32_t pos; + + cur_drv = get_cur_drv(fdctrl); + fdctrl->dsr &= ~FD_DSR_PWRDOWN; +@@ -1327,8 +1327,8 @@ static uint32_t fdctrl_read_data (fdctrl_t *fdctrl) + return 0; + } + pos = fdctrl->data_pos; ++ pos %= FD_SECTOR_LEN; + if (fdctrl->msr & FD_MSR_NONDMA) { +- pos %= FD_SECTOR_LEN; + if (pos == 0) { + if (fdctrl->data_pos != 0) + if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) { +@@ -1673,10 +1673,13 @@ static void fdctrl_handle_option (fdctrl_t *fdctrl, int direction) + static void fdctrl_handle_drive_specification_command (fdctrl_t *fdctrl, int direction) + { + fdrive_t *cur_drv = get_cur_drv(fdctrl); ++ uint32_t pos; + +- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) { ++ pos = fdctrl->data_pos - 1; ++ pos %= FD_SECTOR_LEN; ++ if (fdctrl->fifo[pos] & 0x80) { + /* Command parameters done */ +- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) { ++ if (fdctrl->fifo[pos] & 0x40) { + fdctrl->fifo[0] = fdctrl->fifo[1]; + fdctrl->fifo[2] = 0; + fdctrl->fifo[3] = 0; +@@ -1771,7 +1774,7 @@ static uint8_t command_to_handler[256]; + static void fdctrl_write_data (fdctrl_t *fdctrl, uint32_t value) + { + fdrive_t *cur_drv; +- int pos; ++ uint32_t pos; + + /* Reset mode */ + if (!(fdctrl->dor & FD_DOR_nRESET)) { +@@ -1817,7 +1820,9 @@ static void fdctrl_write_data (fdctrl_t *fdctrl, uint32_t value) + } + + FLOPPY_DPRINTF("%s: %02x\n", __func__, value); +- fdctrl->fifo[fdctrl->data_pos++] = value; ++ pos = fdctrl->data_pos++; ++ pos %= FD_SECTOR_LEN; ++ fdctrl->fifo[pos] = value; + if (fdctrl->data_pos == fdctrl->data_len) { + /* We now have all parameters + * and will be able to treat the command diff --git a/xsa133-qemuu.patch b/xsa133-qemuu.patch new file mode 100644 index 000000000000..95f3dcc21e5b --- /dev/null +++ b/xsa133-qemuu.patch @@ -0,0 +1,84 @@ +From ac7ddbe342d7aa2303c39ca731cc6229dbbd739b Mon Sep 17 00:00:00 2001 +From: Petr Matousek <pmatouse@redhat.com> +Date: Wed, 6 May 2015 09:48:59 +0200 +Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer + +During processing of certain commands such as FD_CMD_READ_ID and +FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could +get out of bounds leading to memory corruption with values coming +from the guest. + +Fix this by making sure that the index is always bounded by the +allocated memory. + +This is CVE-2015-3456. + +Signed-off-by: Petr Matousek <pmatouse@redhat.com> +Reviewed-by: John Snow <jsnow@redhat.com> +--- + hw/block/fdc.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/hw/block/fdc.c b/hw/block/fdc.c +index f72a392..d8a8edd 100644 +--- a/hw/block/fdc.c ++++ b/hw/block/fdc.c +@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl) + { + FDrive *cur_drv; + uint32_t retval = 0; +- int pos; ++ uint32_t pos; + + cur_drv = get_cur_drv(fdctrl); + fdctrl->dsr &= ~FD_DSR_PWRDOWN; +@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl) + return 0; + } + pos = fdctrl->data_pos; ++ pos %= FD_SECTOR_LEN; + if (fdctrl->msr & FD_MSR_NONDMA) { +- pos %= FD_SECTOR_LEN; + if (pos == 0) { + if (fdctrl->data_pos != 0) + if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) { +@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction) + static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction) + { + FDrive *cur_drv = get_cur_drv(fdctrl); ++ uint32_t pos; + +- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) { ++ pos = fdctrl->data_pos - 1; ++ pos %= FD_SECTOR_LEN; ++ if (fdctrl->fifo[pos] & 0x80) { + /* Command parameters done */ +- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) { ++ if (fdctrl->fifo[pos] & 0x40) { + fdctrl->fifo[0] = fdctrl->fifo[1]; + fdctrl->fifo[2] = 0; + fdctrl->fifo[3] = 0; +@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256]; + static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value) + { + FDrive *cur_drv; +- int pos; ++ uint32_t pos; + + /* Reset mode */ + if (!(fdctrl->dor & FD_DOR_nRESET)) { +@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value) + } + + FLOPPY_DPRINTF("%s: %02x\n", __func__, value); +- fdctrl->fifo[fdctrl->data_pos++] = value; ++ pos = fdctrl->data_pos++; ++ pos %= FD_SECTOR_LEN; ++ fdctrl->fifo[pos] = value; + if (fdctrl->data_pos == fdctrl->data_len) { + /* We now have all parameters + * and will be able to treat the command +-- +2.1.0 + + |