--- /dev/null
--- /dev/null
++# see git-dpm(1) from git-dpm package
++bfef8af1dbdd3e12537a7379f057b35d006e0145
++bfef8af1dbdd3e12537a7379f057b35d006e0145
++9fafe903bcadf774d3eb5fbef4666166aa876d2d
++9fafe903bcadf774d3eb5fbef4666166aa876d2d
++xen_4.6.0.orig.tar.xz
++3a298ab580a62dd4ffbe63567d4114f9c36d570c
++3525684
--- /dev/null
--- /dev/null
++.debhelper
++build
++files
++*.debhelper.log
++*.substvars
++*.postinst.debhelper
++*.postrm.debhelper
++*.prerm.debhelper
++stamps
++libxen-*.*
++xen-utils-*.*
++xen-utils-common
++xenstore-utils
++libxen-dev
++libxenstore3.0
++xen-hypervisor-*.*-*
++xen-system-*
--- /dev/null
--- /dev/null
++[base]
++flavours:
++ amd64
++xen-arch: x86_64
++image-suffix: .gz
++
++[amd64_description]
++hardware: AMD64
++hardware-long: all 64bit single- and multiprocessor AMD and Intel
++
--- /dev/null
--- /dev/null
++[base]
++flavours:
++ arm64
++xen-arch: arm64
++image-suffix:
++with-ocaml: no
++
++[arm64_description]
++hardware: ARM64
++hardware-long: all 64bit ARMv8
++
--- /dev/null
--- /dev/null
++[base]
++flavours:
++ armhf
++xen-arch: arm32
++image-suffix:
++
++[armhf_description]
++hardware: ARMHF
++hardware-long: all 32bit ARMv7 with virtualisation extensions
++
--- /dev/null
--- /dev/null
++[abi]
++
++[base]
++arches:
++ amd64
++ arm64
++ armhf
++ i386
--- /dev/null
--- /dev/null
++[base]
++flavours:
++ amd64
++xen-arch: x86_32
++
++[amd64_base]
++xen-arch: x86_64
++
++[amd64_description]
++hardware: AMD64
++hardware-long: all 64bit single- and multiprocessor AMD and Intel
--- /dev/null
--- /dev/null
++#!/bin/sh -e
++
++TMPDIR=$(mktemp -d)
++trap "rm -rf $TMPDIR" EXIT
++grep -v "^#" debian/patches/series | awk '{if (NF == 1) print "debian/patches/" $1}' | sort -u > $TMPDIR/used
++find debian/patches -type f -name "*.diff" -printf "%p\n" | sort > $TMPDIR/avail
++echo "Used patches"
++echo "=============="
++cat $TMPDIR/used
++echo
++echo "Unused patches"
++echo "=============="
++fgrep -v -f $TMPDIR/used $TMPDIR/avail
--- /dev/null
--- /dev/null
++#!/usr/bin/env python3
++
++import os, sys
++sys.path.append(os.path.join(sys.path[0], "../lib/python"))
++
++from debian_xen.debian import VersionXen
++from debian_linux.config import ConfigCoreHierarchy
++from debian_linux.debian import Changelog, PackageArchitecture
++from debian_linux.gencontrol import Gencontrol as Base
++from debian_linux.utils import Templates
++
++class Gencontrol(Base):
++ config_schema = {
++ 'description': {
++ }
++ }
++
++ def __init__(self):
++ super(Gencontrol, self).__init__(ConfigCoreHierarchy(self.config_schema, ["debian/arch"]), Templates(["debian/templates"]))
++ self.process_changelog()
++
++ def do_main_setup(self, vars, makeflags, extra):
++ makeflags.update({
++ 'VERSION': self.version.xen_version,
++ })
++
++ def do_arch_setup(self, vars, makeflags, arch, extra):
++ config_entry = self.config.merge('base', arch)
++ config_entry_description = self.config.merge('description', arch)
++
++ for i in (
++ ('xen-arch', 'XEN_ARCH'),
++ ):
++ makeflags[i[1]] = config_entry[i[0]]
++
++ def do_arch_packages(self, packages, makefile, arch, vars, makeflags, extra):
++ packages_main = self.process_packages(self.templates["control.main"], vars)
++ packages_utils = self.process_packages(self.templates["control.utils"], vars)
++
++ for package in packages_main + packages_utils:
++ name = package['Package']
++ if name in packages:
++ package = packages.get(name)
++ else:
++ packages.append(package)
++
++ arches = package.setdefault('Architecture', PackageArchitecture())
++ if 'all' not in arches:
++ arches.add(arch)
++
++ package_utils_name = packages_utils[0]['Package']
++
++ for i in ('postinst', 'prerm', 'lintian-overrides'):
++ j = self.substitute(self.templates["xen-utils.%s" % i], vars)
++ open("debian/%s.%s" % (package_utils_name, i), 'w').write(j)
++
++ cmds_binary_arch = ["$(MAKE) -f debian/rules.real binary-arch-arch %s" % makeflags]
++ cmds_build = ["$(MAKE) -f debian/rules.real build-arch-arch %s" % makeflags]
++ cmds_setup = ["$(MAKE) -f debian/rules.real setup-arch %s" % makeflags]
++ makefile.add('binary-arch_%s_real' % arch, cmds = cmds_binary_arch)
++ makefile.add('build-arch_%s_real' % arch, cmds = cmds_build)
++ makefile.add('setup_%s_real' % arch, cmds = cmds_setup)
++
++ def do_flavour_setup(self, vars, makeflags, arch, featureset, flavour, extra):
++ config_entry = self.config.merge('base', arch, featureset, flavour)
++ config_description = self.config.merge('description', arch, featureset, flavour)
++
++ vars['class'] = config_description['hardware']
++ vars['longclass'] = config_description.get('hardware-long') or vars['class']
++
++ for i in (
++ ('xen-arch', 'XEN_ARCH'),
++ ('image-suffix', 'IMAGE_SUFFIX'),
++ ):
++ if i[0] in config_entry:
++ makeflags[i[1]] = config_entry[i[0]]
++
++ def do_flavour_packages(self, packages, makefile, arch, featureset, flavour, vars, makeflags, extra):
++ hypervisor = self.templates["control.hypervisor"]
++ system_latest = self.templates["control.system.latest"]
++
++ if not 'desc' in vars:
++ vars['desc'] = ''
++
++ packages_own = []
++ packages_own.extend(self.process_packages(hypervisor, vars))
++ packages_dummy = self.process_packages(system_latest, vars)
++
++ for package in packages_own + packages_dummy:
++ name = package['Package']
++ package.setdefault('Architecture', PackageArchitecture()).add(arch)
++ if name in packages:
++ package = packages.get(name)
++ else:
++ packages.append(package)
++
++ arches = package.setdefault('Architecture', PackageArchitecture())
++ if 'all' not in arches:
++ arches.add(arch)
++
++ package_name = packages_own[0]['Package']
++
++ for i in ('postinst', 'postrm'):
++ j = self.substitute(self.templates["xen-hypervisor.%s" % i], vars)
++ open("debian/%s.%s" % (package_name, i), 'w').write(j)
++
++ cmds_binary_arch = ["$(MAKE) -f debian/rules.real binary-arch-flavour %s" % makeflags]
++ cmds_build = ["$(MAKE) -f debian/rules.real build-arch-flavour %s" % makeflags]
++ cmds_setup = ["$(MAKE) -f debian/rules.real setup-flavour %s" % makeflags]
++
++ cmds_binary_arch += ["$(MAKE) -f debian/rules.real install-dummy DH_OPTIONS='%s' %s" % (u' '.join([u"-p%s" % i['Package'] for i in packages_dummy]), makeflags)]
++
++ makefile.add("binary-arch_%s_%s_%s" % (arch, featureset, flavour), cmds = cmds_binary_arch)
++ makefile.add("build-arch_%s_%s_%s" % (arch, featureset, flavour), cmds = cmds_build)
++ makefile.add("setup_%s_%s_%s" % (arch, featureset, flavour), cmds = cmds_setup)
++
++ def process_changelog(self):
++ changelog = Changelog(version = VersionXen)
++ self.version = changelog[0].version
++ self.vars = {
++ 'version': self.version.xen_version,
++ }
++
++if __name__ == '__main__':
++ Gencontrol()()
--- /dev/null
--- /dev/null
++#!/usr/bin/env python3
++
++import sys
++sys.path.append(sys.path[0] + '/../lib/python')
++
++import itertools
++import os, os.path
++import shutil
++import subprocess
++
++from debian_xen.debian import VersionXen
++from debian_linux.debian import Changelog
++
++
++class Main(object):
++ log = sys.stdout.write
++
++ def __init__(self, options, repo):
++ self.options = options
++
++ self.changelog_entry = Changelog(version=VersionXen)[0]
++ self.source = self.changelog_entry.source
++ self.version = self.changelog_entry.version
++
++ if options.override_version:
++ self.version = VersionXen('%s-0' % options.override_version)
++
++ if options.component:
++ self.orig_dir = options.component
++ self.orig_tar = '%s_%s.orig-%s.tar.xz' % (self.source, self.version.upstream, options.component)
++ else:
++ self.orig_dir = '%s-%s' % (self.source, self.version.upstream)
++ self.orig_tar = '%s_%s.orig.tar.xz' % (self.source, self.version.upstream)
++ if options.tag is None:
++ options.tag = 'RELEASE-' + self.version.upstream
++
++ def __call__(self):
++ out = "../orig/%s" % self.orig_tar
++ self.log("Generate tarball %s\n" % out)
++
++ try:
++ os.stat(out)
++ raise RuntimeError("Destination already exists")
++ except OSError: pass
++
++ try:
++ with open(out, 'wb') as f:
++ tag = self.options.tag or 'HEAD'
++ p1 = subprocess.Popen(('git', 'archive', '--prefix', '%s/' % self.orig_dir, tag), stdout=subprocess.PIPE)
++ subprocess.check_call(('xz', ), stdin=p1.stdout, stdout=f)
++ if p1.wait():
++ raise RuntimeError
++ except:
++ os.unlink(out)
++ raise
++
++ try:
++ os.symlink(os.path.join('orig', self.orig_tar), os.path.join('..', self.orig_tar))
++ except OSError:
++ pass
++
++
++if __name__ == '__main__':
++ from optparse import OptionParser
++ p = OptionParser(prog=sys.argv[0], usage='%prog [OPTION]... DIR')
++ p.add_option('-c', '--component', dest='component')
++ p.add_option('-t', '--tag', dest='tag')
++ p.add_option('-V', '--override-version', dest='override_version')
++ options, args = p.parse_args()
++ if len(args) != 1:
++ raise RuntimeError
++ Main(options, *args)()
--- /dev/null
--- /dev/null
++xen (4.8.1-1+deb9u3) stretch-security; urgency=high
++
++ * Security fixes for
++ XSA-226 CVE-2017-12135
++ XSA-227 CVE-2017-12137
++ XSA-228 CVE-2017-12136
++ XSA-230 CVE-2017-12855
++ XSA-235 (no CVE yet)
++ * Adjust changelog entry for 4.8.1-1+deb9u2 to record
++ that XSA-225 fix was indeed included.
++ * Security fix for XSA-229 not included as that bug is in Linux, not Xen.
++ * Security fixes for XSA-231..234 inc. not inclued as still embargoed.
++
++ -- Ian Jackson <ian.jackson@eu.citrix.com> Thu, 07 Sep 2017 19:17:58 +0100
++
++xen (4.8.1-1+deb9u2) stretch-security; urgency=high
++
++ * Security fixes for
++ XSA-216 XSA-217 XSA-218 XSA-219 XSA-220
++ XSA-221 XSA-222 XSA-223 XSA-224 XSA-225
++
++ -- Ian Jackson <ian.jackson@eu.citrix.com> Tue, 20 Jun 2017 14:06:34 +0100
++
++xen (4.8.1-1+deb9u1) unstable; urgency=medium
++
++ * Security fixes for XSA-213 (Closes:#861659) and XSA-214
++ (Closes:#861660). (Xen 4.7 and later is not affected by XSA-215.)
++
++ -- Ian Jackson <ian.jackson@eu.citrix.com> Tue, 02 May 2017 12:19:57 +0100
++
++xen (4.8.1-1) unstable; urgency=high
++
++ * Update to upstream 4.8.1 release.
++ Changes include numerous bugfixes, including security fixes for:
++ XSA-212 / CVE-2017-7228 Closes:#859560
++ XSA-207 / no cve yet Closes:#856229
++ XSA-206 / no cve yet no Debian bug
++
++ -- Ian Jackson <ian.jackson@eu.citrix.com> Tue, 18 Apr 2017 18:05:00 +0100
++
++xen (4.8.1~pre.2017.01.23-1) unstable; urgency=medium
++
++ * Update to current upstream stable-4.8 git branch (Xen 4.8.1-pre).
++ Contains bugfixes.
++ * debian/control-real etc.: debian.py: Allow version numbers like this.
++
++ -- Ian Jackson <ian.jackson@eu.citrix.com> Mon, 23 Jan 2017 16:03:31 +0000
++
++xen (4.8.0-1) unstable; urgency=high
++
++ * Update to upstream Xen 4.8.0.
++ Includes the following security fixes:
++ XSA-201 CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818
++ XSA-198 CVE-2016-9379 CVE-2016-9380
++ XSA-196 CVE-2016-9378 CVE-2016-9377 Closes:#845669
++ XSA-195 CVE-2016-9383
++ XSA-194 CVE-2016-9384 Closes:#845667
++ XSA-193 CVE-2016-9385
++ XSA-192 CVE-2016-9382
++ XSA-191 CVE-2016-9386
++ Includes other bugfixes too:
++ Closes:#812166, Closes:#818525.
++
++ Cherry picks from upstream:
++ * Security fixes:
++ XSA-204 CVE-2016-10013 Closes:#848713
++ XSA-203 CVE-2016-10025
++ XSA-202 CVE-2016-10024
++ For completeness, the following XSAs do not apply here:
++ XSA-197 CVE-2016-9381 Bug is in qemu
++ XSA-199 CVE-2016-9637 Bug is in qemu
++ XSA-200 CVE-2016-9932 Xen 4.8 is not affected
++ * Cherry pick a build failure fix:
++ "x86/emul: add likely()/unlikely() to test harness"
++
++ [ Ian Jackson ]
++ * Drop -lcrypto search from upstream configure, and from our
++ Build-Depends. Closes:#844419.
++ * Change my own email address to my work (Citrix) address. When
++ uploading, I will swap hats to effectively sponsor my own upload.
++
++ [ Ian Campbell ]
++ * Start a qemu process in dom0 to service the toolstacks loopback disk
++ attaches. (Closes: #770456)
++ * Remove correct pidfile when stopping xenconsoled.
++ * Check that xenstored has actually started before talking to it.
++ Incorporate a timeout so as not to block boot (Mitigates #737613)
++ * Correct syntax error in xen-init-list when running with xend
++ (Closes: #763102)
++ * Apply SELinux labels to directories created by initscripts. Patch from
++ Russell Coker. (Closes: #764912)
++ * Include a reportbug control file to redirect bugs to src:xen for
++ packages which contain the Xen version in the name. Closes:#796370.
++
++ [ Lubomir Host ]
++ * Fix xen-init-name to not fail looking for a nonexistent 'config'
++ entry in xl's JSON output. Closes:#818129.
++
++ -- Ian Jackson <ian.jackson@eu.citrix.com> Thu, 22 Dec 2016 14:51:46 +0000
++
++xen (4.8.0~rc5-1) unstable; urgency=medium
++
++ * New upstream version, Xen 4.8.0 RC5.
++
++ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 11 Nov 2016 15:26:58 +0000
++
++xen (4.8.0~rc3-1) unstable; urgency=medium
++
++ * Upload 4.8.0~rc3 to unstable. (RC5 is out upstream, but let's not
++ update to that in the middle of the Xen 4.6 -> 4.8 transition.)
++ * No source changes.
++
++ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 05 Nov 2016 15:08:47 +0000
++
++xen (4.8.0~rc3-0exp2) experimental; urgency=medium
++
++ * Build-Depend on iasl on all architectures. ARM has ACPI now.
++ Fixes FTBFS on arm64 (at least).
++ * Add qemu-utils and seabios to Suggests.
++ * Pass -no-pie -fno-pic to x86 emulator test build. (Patch
++ also submitted upstream.) Fixes FTBFS on i386 with GCC6.
++ * Add myself to Uploaders.
++
++ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Tue, 01 Nov 2016 18:00:25 +0000
++
++xen (4.8.0~rc3-0exp1) experimental; urgency=high
++
++ * New upstream version, Xen 4.8.0 RC3.
++ Fixes many outstanding CVEs.
++ * Incorporated many changes from 4.8.0-0ubuntu2
++ - libxen-dev is M-A: same
++ - Work around grep bug http://bugs.launchpad.net/bugs/1547466
++ - debian/xen-hypervisor-4.6.xen.cfg:
++ Additional config file to simplify grub configuration.
++ - Use new library/abiname scheme.
++ - Document what xl and xm are in default.xen
++ - Add libvirtd dependency to xendomains init script
++ (Thanks to Stefan Bader and others.)
++
++ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 24 Oct 2016 17:31:27 +0100
++
++xen (4.6.0-1+nmu2) unstable; urgency=medium
++
++ * Ensure debian/control.md5sum is correctly updated. Fixes FTBFS of
++ 4.6.0-1+nmu1 on buildds where linux-support-4.2.0-1 is not expected to be
++ installed.
++
++ -- Ian Campbell <ijc@debian.org> Tue, 09 Feb 2016 16:41:16 +0000
++
++xen (4.6.0-1+nmu1) unstable; urgency=medium
++
++ * Non-maintainer upload.
++ * Drop unused patching in of $(PREFIX), $(SBINDIR) and $(BINDIR)
++ which are no longer used by the upstream build system.
++ * Use correct/consistent LIBEXEC dirs throughout build
++ (Closes: #805508).
++
++ -- Ian Campbell <ijc@debian.org> Tue, 19 Jan 2016 14:43:54 +0000
++
++xen (4.6.0-1) unstable; urgency=medium
++
++ * New upstream release.
++ * CVE-2015-7812
++ * CVE-2015-7813
++ * CVE-2015-7814
++ * CVE-2015-7835
++ * CVE-2015-7969
++ * CVE-2015-7970
++ * CVE-2015-7971
++ * CVE-2015-7972
++
++ -- Bastian Blank <waldi@debian.org> Sun, 01 Nov 2015 21:49:07 +0100
++
++xen (4.5.1~rc1-1) experimental; urgency=medium
++
++ [ Ian Campbell ]
++ * Use xen-init-dom0 from initscript when it is available.
++ * Install some user facing docs in xen-utils-common. (Closes: #688308)
++
++ [ Bastian Blank ]
++ * New upstream release candidate.
++
++ -- Bastian Blank <waldi@debian.org> Sun, 31 May 2015 21:59:56 +0200
++
++xen (4.5.0-1) experimental; urgency=medium
++
++ [ Ian Campbell ]
++ * New upstream release
++
++ -- Bastian Blank <waldi@debian.org> Wed, 21 Jan 2015 20:21:45 +0100
++
++xen (4.5.0~rc3-1) experimental; urgency=medium
++
++ * New upstream release candidate.
++ * Re-add xend config.
++
++ -- Bastian Blank <waldi@debian.org> Wed, 17 Dec 2014 22:37:23 +0100
++
++xen (4.4.1-6) unstable; urgency=medium
++
++ * Fix starvation of writers in locks.
++ CVE-2014-9065
++
++ -- Bastian Blank <waldi@debian.org> Thu, 11 Dec 2014 15:56:08 +0100
++
++xen (4.4.1-5) unstable; urgency=medium
++
++ * Fix excessive checks of hypercall arguments.
++ CVE-2014-8866
++ * Fix boundary checks of emulated MMIO access.
++ CVE-2014-8867
++ * Fix additional memory leaks in xl. (closes: #767295)
++
++ -- Bastian Blank <waldi@debian.org> Sun, 30 Nov 2014 20:13:32 +0100
++
++xen (4.4.1-4) unstable; urgency=medium
++
++ [ Bastian Blank ]
++ * Make operations pre-emptible.
++ CVE-2014-5146, CVE-2014-5149
++ * Don't allow page table updates from non-PV page tables.
++ CVE-2014-8594
++ * Enforce privilege level while loading code segment.
++ CVE-2014-8595
++ * Fix reference counter leak.
++ CVE-2014-9030
++ * Use linux 3.16.0-4 stuff.
++ * Fix memory leak in xl. (closes: #767295)
++
++ [ Ian Campbell ]
++ * Add licensing for tools/python/logging to debian/copyright.
++ (Closes: #759384)
++ * Correctly include xen-init-name in xen-utils-common. (Closes: #769543)
++ * xen-utils recommends grub-xen-host package (Closes: #770460)
++
++ -- Bastian Blank <waldi@debian.org> Thu, 27 Nov 2014 20:17:36 +0100
++
++xen (4.4.1-3) unstable; urgency=medium
++
++ [ Bastian Blank ]
++ * Remove unused build-depencencies.
++ * Extend list affected systems for broken interrupt assignment.
++ CVE-2013-3495
++ * Fix race in hvm memory management.
++ CVE-2014-7154
++ * Fix missing privilege checks on instruction emulation.
++ CVE-2014-7155, CVE-2014-7156
++ * Fix uninitialized control structures in FIFO handling.
++ CVE-2014-6268
++ * Fix MSR range check in emulation.
++ CVE-2014-7188
++
++ [ Ian Campbell ]
++ * Install xen.efi into /boot for amd64 builds.
++
++ -- Bastian Blank <waldi@debian.org> Fri, 17 Oct 2014 16:27:46 +0200
++
++xen (4.4.1-2) unstable; urgency=medium
++
++ * Re-build with correct content.
++ * Use dh_lintian.
++
++ -- Bastian Blank <waldi@debian.org> Wed, 24 Sep 2014 20:23:14 +0200
++
++xen (4.4.1-1) unstable; urgency=medium
++
++ * New upstream release.
++ - Fix several vulnerabilities. (closes: #757724)
++ CVE-2014-2599, CVE-2014-3124,
++ CVE-2014-3967, CVE-2014-3968,
++ CVE-2014-4021
++
++ -- Bastian Blank <waldi@debian.org> Sun, 21 Sep 2014 10:45:47 +0200
++
++xen (4.4.0-5) unstable; urgency=medium
++
++ [ Ian Campbell ]
++ * Expand on the descriptions of some packages. (Closes: #466683)
++ * Clarify where xen-utils-common is required. (Closes: #612403)
++ * No longer depend on gawk. Xen can now use any awk one of which is always
++ present. (Closes: #589176)
++ * Put core dumps in /var/lib/xen/dump and ensure it exists.
++ (Closes: #444000)
++
++ [ Bastian Blank ]
++ * Handle JSON output from xl in xendomains init script.
++
++ -- Bastian Blank <waldi@debian.org> Sat, 06 Sep 2014 22:11:20 +0200
++
++xen (4.4.0-4) unstable; urgency=medium
++
++ [ Bastian Blank ]
++ * Also remove unused OCaml packages from control file.
++ * Make library packages multi-arch: same. (closes: #730417)
++ * Use debhelper compat level 9. (closes: #692352)
++
++ [ Ian Campbell ]
++ * Correct contents of /etc/xen/scripts/hotplugpath.sh (Closes: #706283)
++ * Drop references cpuperf-xen and cpuperf-perfcntr. (Closes: #733847)
++ * Install xentrace_format(1), xentrace(8) and xentop(1). (Closes: #407143)
++
++ -- Bastian Blank <waldi@debian.org> Sat, 30 Aug 2014 13:34:04 +0200
++
++xen (4.4.0-3) unstable; urgency=medium
++
++ [ Ian Campbell ]
++ * Use correct SeaBIOS binary which supports Xen (Closes: #737905).
++
++ [ Bastian Blank ]
++ * Really update config.{sub,guess}.
++
++ -- Bastian Blank <waldi@debian.org> Fri, 29 Aug 2014 16:33:19 +0200
++
++xen (4.4.0-2) unstable; urgency=medium
++
++ * Remove broken and unused OCaml-support.
++
++ -- Bastian Blank <waldi@debian.org> Mon, 18 Aug 2014 15:18:42 +0200
++
++xen (4.4.0-1) unstable; urgency=medium
++
++ [ Bastian Blank ]
++ * New upstream release.
++ - Update scripts for compatiblity with latest coreutils.
++ (closes: #718898)
++ - Fix guest reboot with xl toolstack. (closes: #727100)
++ - CVE-2013-6375: Insufficient TLB flushing in VT-d (iommu) code.
++ (closes: #730254)
++ - xl support for global VNC options. (closes: #744157)
++ - vif scripts can now be named relative to /etc/xen/scripts.
++ (closes: #744160)
++ - Support for arbitrary sized SeaBIOS binaries. (closes: #737905)
++ - pygrub searches for extlinux.conf in the expected places.
++ (closes: #697407)
++ - Update scripts to use correct syntax for ip command.
++ (closes: #705659)
++ * Fix install of xend configs to not break compatibility.
++
++ [ Ian Campbell ]
++ * Disable blktap1 support using new configure option instead of by patching.
++ * Disable qemu-traditional and rombios support using new configure option
++ instead of by patching. No need to build-depend on ipxe any more.
++ * Use system qemu-xen via new configure option instead of patching.
++ * Use system seabios via new configure option instead of patching.
++ * Use EXTRA_CFLAGS_XEN_TOOLS and APPEND_{CPPFLAGS,LDFLAGS} during build.
++ * Add support for armhf and arm64.
++ * Update config.{sub,guess}.
++
++ -- Bastian Blank <waldi@debian.org> Sat, 09 Aug 2014 13:09:00 +0200
++
++xen (4.3.0-3) unstable; urgency=low
++
++ * Revive hypervisor on i386.
++
++ -- Bastian Blank <waldi@debian.org> Fri, 18 Oct 2013 00:15:16 +0200
++
++xen (4.3.0-2) unstable; urgency=low
++
++ * Force proper install order. (closes: #721999)
++
++ -- Bastian Blank <waldi@debian.org> Sat, 05 Oct 2013 15:03:36 +0000
++
++xen (4.3.0-1) unstable; urgency=low
++
++ * New upstream release.
++ - Fix HVM PCI passthrough. (closes: #706543)
++ * Call configure with proper arguments.
++ * Remove now empty xen-docs package.
++ * Disable external code retrieval.
++ * Drop all i386 hypervisor packages.
++ * Drop complete blktap support.
++ * Create /run/xen.
++ * Make xen-utils recommend qemu-system-x86. (closes: #688311)
++ - This version comes with audio support. (closes: #635166)
++ * Make libxenlight and libxlutil public. (closes: #644390)
++ - Set versioned ABI name.
++ - Install headers.
++ - Move libs into normal library path.
++ * Use build flags in the tools build.
++ - Fix fallout from harderning flags.
++ * Update Standards-Version to 3.9.4. No changes.
++
++ -- Bastian Blank <waldi@debian.org> Thu, 05 Sep 2013 13:54:03 +0200
++
++xen (4.2.2-1) unstable; urgency=low
++
++ * New upstream release.
++ - Fix build with gcc 4.8. (closes: #712376)
++ * Build-depend on libssl-dev. (closes: #712366)
++ * Enable hardening as much as possible.
++ * Re-enable ocaml build fixes. (closes: #695176)
++ * Check for out-of-bound values in CPU affinity setup.
++ CVE-2013-2072
++ * Fix information leak on AMD CPUs.
++ CVE-2013-2076
++ * Recover from faults on XRSTOR.
++ CVE-2013-2077
++ * Properly check guest input to XSETBV.
++ CVE-2013-2078
++
++ -- Bastian Blank <waldi@debian.org> Thu, 11 Jul 2013 00:28:24 +0200
++
++xen (4.2.1-2) unstable; urgency=low
++
++ * Actually upload to unstable.
++
++ -- Bastian Blank <waldi@debian.org> Sun, 12 May 2013 00:20:58 +0200
++
++xen (4.2.1-1) experimental; urgency=low
++
++ * New upstream release.
++ * Enable usage of seabios.
++ * Fix some toolchain issues.
++
++ -- Bastian Blank <waldi@debian.org> Sat, 11 May 2013 23:55:46 +0200
++
++xen (4.2.0-2) experimental; urgency=low
++
++ * Support JSON output in domain init script helper.
++
++ -- Bastian Blank <waldi@debian.org> Mon, 01 Oct 2012 15:11:30 +0200
++
++xen (4.2.0-1) experimental; urgency=low
++
++ * New upstream release.
++
++ -- Bastian Blank <waldi@debian.org> Tue, 18 Sep 2012 13:54:30 +0200
++
++xen (4.2.0~rc3-1) experimental; urgency=low
++
++ * New upstream snapshot.
++
++ -- Bastian Blank <waldi@debian.org> Fri, 07 Sep 2012 20:28:46 +0200
++
++xen (4.2.0~rc2-1) experimental; urgency=low
++
++ * New upstream snapshot.
++ * Build-depend against libglib2.0-dev and libyajl-dev.
++ * Disable seabios build for now.
++ * Remove support for Lenny and earlier.
++ * Support build-arch and build-indep make targets.
++
++ -- Bastian Blank <waldi@debian.org> Sun, 13 May 2012 12:21:10 +0000
++
++xen (4.1.4-4) unstable; urgency=high
++
++ * Make several long runing operations preemptible.
++ CVE-2013-1918
++ * Fix source validation for VT-d interrupt remapping.
++ CVE-2013-1952
++
++ -- Bastian Blank <waldi@debian.org> Thu, 02 May 2013 14:30:29 +0200
++
++xen (4.1.4-3) unstable; urgency=high
++
++ * Fix return from SYSENTER.
++ CVE-2013-1917
++ * Fix various problems with guest interrupt handling.
++ CVE-2013-1919
++ * Only save pointer after access checks.
++ CVE-2013-1920
++ * Fix domain locking for transitive grants.
++ CVE-2013-1964
++
++ -- Bastian Blank <waldi@debian.org> Fri, 19 Apr 2013 13:01:57 +0200
++
++xen (4.1.4-2) unstable; urgency=low
++
++ * Use pre-device interrupt remapping mode per default. Fix removing old
++ remappings.
++ CVE-2013-0153
++
++ -- Bastian Blank <waldi@debian.org> Wed, 06 Feb 2013 13:04:52 +0100
++
++xen (4.1.4-1) unstable; urgency=low
++
++ * New upstream release.
++ - Disable process-context identifier support in newer CPUs for all
++ domains.
++ - Add workarounds for AMD errata.
++ - Don't allow any non-canonical addresses.
++ - Use Multiboot memory map if BIOS emulation does not provide one.
++ - Fix several problems in tmem.
++ CVE-2012-3497
++ - Fix error handling in domain creation.
++ - Adjust locking and interrupt handling during S3 resume.
++ - Tighten more resource and memory range checks.
++ - Reset performance counters. (closes: #698651)
++ - Remove special-case for first IO-APIC.
++ - Fix MSI handling for HVM domains. (closes: #695123)
++ - Revert cache value of disks in HVM domains.
++
++ -- Bastian Blank <waldi@debian.org> Thu, 31 Jan 2013 15:44:50 +0100
++
++xen (4.1.3-8) unstable; urgency=high
++
++ * Fix error in VT-d interrupt remapping source validation.
++ CVE-2012-5634
++ * Fix buffer overflow in qemu e1000 emulation.
++ CVE-2012-6075
++ * Update patch, mention second CVE.
++ CVE-2012-5511, CVE-2012-6333
++
++ -- Bastian Blank <waldi@debian.org> Sat, 19 Jan 2013 13:55:07 +0100
++
++xen (4.1.3-7) unstable; urgency=low
++
++ * Fix clock jump due to incorrect annotated inline assembler.
++ (closes: #599161)
++ * Add support for XZ compressed Linux kernels to hypervisor and userspace
++ based loaders, it is needed for any Linux kernels newer then Wheezy.
++ (closes: #695056)
++
++ -- Bastian Blank <waldi@debian.org> Tue, 11 Dec 2012 18:54:59 +0100
++
++xen (4.1.3-6) unstable; urgency=high
++
++ * Fix error handling in physical to machine memory mapping.
++ CVE-2012-5514
++
++ -- Bastian Blank <waldi@debian.org> Tue, 04 Dec 2012 10:51:43 +0100
++
++xen (4.1.3-5) unstable; urgency=high
++
++ * Fix state corruption due to incomplete grant table switch.
++ CVE-2012-5510
++ * Check range of arguments to several HVM operations.
++ CVE-2012-5511, CVE-2012-6333
++ * Check array index before using it in HVM memory operation.
++ CVE-2012-5512
++ * Check memory range in memory exchange operation.
++ CVE-2012-5513
++ * Don't allow too large memory size and avoid busy looping.
++ CVE-2012-5515
++
++ -- Bastian Blank <waldi@debian.org> Mon, 03 Dec 2012 19:37:38 +0100
++
++xen (4.1.3-4) unstable; urgency=high
++
++ * Use linux 3.2.0-4 stuff.
++ * Fix overflow in timer calculations.
++ CVE-2012-4535
++ * Check value of physical interrupts parameter before using it.
++ CVE-2012-4536
++ * Error out on incorrect memory mapping updates.
++ CVE-2012-4537
++ * Check if toplevel page tables are present.
++ CVE-2012-4538
++ * Fix infinite loop in compatibility code.
++ CVE-2012-4539
++ * Limit maximum kernel and ramdisk size.
++ CVE-2012-2625, CVE-2012-4544
++
++ -- Bastian Blank <waldi@debian.org> Tue, 20 Nov 2012 15:51:01 +0100
++
++xen (4.1.3-3) unstable; urgency=low
++
++ * Xen domain init script:
++ - Make sure Open vSwitch is started before any domain.
++ - Properly handle and show output of failed migration and save.
++ - Ask all domains to shut down before checking them.
++
++ -- Bastian Blank <waldi@debian.org> Tue, 18 Sep 2012 13:26:32 +0200
++
++xen (4.1.3-2) unstable; urgency=medium
++
++ * Don't allow writing reserved bits in debug register.
++ CVE-2012-3494
++ * Fix error handling in interrupt assignment.
++ CVE-2012-3495
++ * Don't trigger bug messages on invalid flags.
++ CVE-2012-3496
++ * Check array bounds in interrupt assignment.
++ CVE-2012-3498
++ * Properly check bounds while setting the cursor in qemu.
++ CVE-2012-3515
++ * Disable monitor in qemu by default.
++ CVE-2012-4411
++
++ -- Bastian Blank <waldi@debian.org> Fri, 07 Sep 2012 19:41:46 +0200
++
++xen (4.1.3-1) unstable; urgency=medium
++
++ * New upstream release: (closes: #683286)
++ - Don't leave the x86 emulation in a bad state. (closes: #683279)
++ CVE-2012-3432
++ - Only check for shared pages while any exist on teardown.
++ CVE-2012-3433
++ - Fix error handling for unexpected conditions.
++ - Update CPUID masking to latest Intel spec.
++ - Allow large ACPI ids.
++ - Fix IOMMU support for PCI-to-PCIe bridges.
++ - Disallow access to some sensitive IO-ports.
++ - Fix wrong address in IOTLB.
++ - Fix deadlock on CPUs without working cpufreq driver.
++ - Use uncached disk access in qemu.
++ - Fix buffer size on emulated e1000 device in qemu.
++ * Fixup broken and remove applied patches.
++
++ -- Bastian Blank <waldi@debian.org> Fri, 17 Aug 2012 11:25:02 +0200
++
++xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-5) unstable; urgency=low
++
++ [ Ian Campbell ]
++ * Set tap device MAC addresses to fe:ff:ff:ff:ff:ff (Closes: #671018)
++ * Only run xendomains initscript if toolstack is xl or xm (Closes: #680528)
++
++ [ Bastian Blank ]
++ * Actually build-depend on new enough version of dpkg-dev.
++ * Add xen-sytem-* meta-packages. We are finally in a position to do
++ automatic upgrades and this package is missing. (closes: #681376)
++
++ -- Bastian Blank <waldi@debian.org> Sat, 28 Jul 2012 10:23:26 +0200
++
++xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4) unstable; urgency=low
++
++ * Add Build-Using info to xen-utils package.
++ * Fix build-arch target.
++
++ -- Bastian Blank <waldi@debian.org> Sun, 01 Jul 2012 19:52:30 +0200
++
++xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-3) unstable; urgency=low
++
++ * Remove /usr/lib/xen-default. It breaks systems if xenstored is not
++ compatible.
++ * Fix init script usage.
++ * Fix udev rules for emulated network devices:
++ - Force names of emulated network devices to a predictable name.
++
++ -- Bastian Blank <waldi@debian.org> Sun, 01 Jul 2012 16:59:04 +0200
++
++xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-2) unstable; urgency=low
++
++ * Fix pointer missmatch in interrupt functions. Fixes build on i386.
++
++ -- Bastian Blank <waldi@debian.org> Fri, 15 Jun 2012 18:00:51 +0200
++
++xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-1) unstable; urgency=low
++
++ * New upstream snapshot.
++ - Fix privilege escalation and syscall/sysenter DoS while using
++ non-canonical addresses by untrusted PV guests. (closes: #677221)
++ CVE-2012-0217
++ CVE-2012-0218
++ - Disable Xen on CPUs affected by AMD Erratum #121. PV guests can
++ cause a DoS of the host.
++ CVE-2012-2934
++ * Don't fail if standard toolstacks are not available. (closes: #677244)
++
++ -- Bastian Blank <waldi@debian.org> Thu, 14 Jun 2012 17:06:25 +0200
++
++xen (4.1.2-7) unstable; urgency=low
++
++ * Really use ucf.
++ * Update init script dependencies:
++ - Start $syslog before xen.
++ - Start drbd and iscsi before xendomains. (closes: #626356)
++ - Start corosync and heartbeat after xendomains.
++ * Remove /var/log/xen on purge. (closes: #656216)
++
++ -- Bastian Blank <waldi@debian.org> Tue, 22 May 2012 10:44:41 +0200
++
++xen (4.1.2-6) unstable; urgency=low
++
++ * Fix generation of architectures for hypervisor packages.
++ * Remove information about loop devices, it is incorrect. (closes: #503044)
++ * Update xendomains init script:
++ - Create directory for domain images only root readable. (closes: #596048)
++ - Add missing sanity checks for variables. (closes: #671750)
++ - Remove not longer supported config options.
++ - Don't fail if no config is available.
++ - Remove extra output if domain was restored.
++
++ -- Bastian Blank <waldi@debian.org> Sun, 06 May 2012 20:07:41 +0200
++
++xen (4.1.2-5) unstable; urgency=low
++
++ * Actually force init script rename. (closes: #669341)
++ * Fix long output from xl.
++ * Move complete init script setup.
++ * Rewrite xendomains init script:
++ - Use LSB output functions.
++ - Make output more clear.
++ - Use xen toolstack wrapper.
++ - Use a python script to properly read domain details.
++ * Set name for Domain-0.
++
++ -- Bastian Blank <waldi@debian.org> Mon, 23 Apr 2012 11:56:45 +0200
++
++xen (4.1.2-4) unstable; urgency=low
++
++ [ Bastian Blank ]
++ * Build-depend on ipxe-qemu instead of ipxe. (closes: #665070)
++ * Don't longer use a4wide latex package.
++ * Use ucf for /etc/default/xen.
++ * Remove handling for old udev rules link and xenstored directory.
++ * Rename xend init script to xen.
++
++ [ Lionel Elie Mamane ]
++ * Fix toolstack script to work with old dash. (closes: #648029)
++
++ -- Bastian Blank <waldi@debian.org> Mon, 16 Apr 2012 08:47:29 +0000
++
++xen (4.1.2-3) unstable; urgency=low
++
++ * Merge xen-common source package.
++ * Remove xend wrapper, it should not be called by users.
++ * Support xl in init script.
++ * Restart xen daemons on upgrade.
++ * Restart and stop xenconsoled in init script.
++ * Load xen-gntdev module.
++ * Create /var/lib/xen. (closes: #658101)
++ * Cleanup udev rules. (closes: #657745)
++
++ -- Bastian Blank <waldi@debian.org> Wed, 01 Feb 2012 19:28:28 +0100
++
++xen (4.1.2-2) unstable; urgency=low
++
++ [ Jon Ludlam ]
++ * Import (partially reworked) upstream changes for OCaml support.
++ - Rename the ocamlfind packages.
++ - Remove uuid and log libraries.
++ - Fix 2 bit-twiddling bugs and an off-by-one
++ * Fix build of OCaml libraries.
++ * Add OCaml library and development package.
++ * Include some missing headers.
++
++ -- Bastian Blank <waldi@debian.org> Sat, 10 Dec 2011 19:13:25 +0000
++
++xen (4.1.2-1) unstable; urgency=low
++
++ * New upstream release.
++ * Build-depend on pkg-config.
++ * Add package libxen-4.1. Includes some shared libs.
++
++ -- Bastian Blank <waldi@debian.org> Sat, 26 Nov 2011 18:28:06 +0100
++
++xen (4.1.1-3) unstable; urgency=low
++
++ [ Julien Danjou ]
++ * Remove Julien Danjou from the Uploaders field. (closes: #590439)
++
++ [ Bastian Blank ]
++ * Use current version of python. (closes: #646660)
++ * Build-depend against liblzma-dev, it is used if available.
++ (closes: #646694)
++ * Update Standards-Version to 3.9.2. No changes.
++ * Don't use brace-expansion in debhelper install files.
++
++ -- Bastian Blank <waldi@debian.org> Wed, 26 Oct 2011 14:42:33 +0200
++
++xen (4.1.1-2) unstable; urgency=low
++
++ * Fix hvmloader with gcc 4.6.
++
++ -- Bastian Blank <waldi@debian.org> Fri, 05 Aug 2011 23:58:36 +0200
++
++xen (4.1.1-1) unstable; urgency=low
++
++ * New upstream release.
++ * Don't use qemu-dm if it is not needed. (Backport from xen-unstable.)
++ * Use dh_python2.
++
++ -- Bastian Blank <waldi@debian.org> Mon, 18 Jul 2011 19:38:38 +0200
++
++xen (4.1.0-3) unstable; urgency=low
++
++ * Add ghostscript to build-deps.
++ * Enable qemu-dm build.
++ - Add qemu as another orig tar.
++ - Remove blktap1, bluetooth and sdl support from qemu.
++ - Recommend qemu-keymaps and qemu-utils.
++
++ -- Bastian Blank <waldi@debian.org> Thu, 28 Apr 2011 15:20:45 +0200
++
++xen (4.1.0-2) unstable; urgency=low
++
++ * Re-enable hvmloader:
++ - Use packaged ipxe.
++ * Workaround incompatibility with xenstored of Xen 4.0.
++
++ -- Bastian Blank <waldi@debian.org> Fri, 15 Apr 2011 11:38:25 +0200
++
++xen (4.1.0-1) unstable; urgency=low
++
++ * New upstream release.
++
++ -- Bastian Blank <waldi@debian.org> Sun, 27 Mar 2011 18:09:28 +0000
++
++xen (4.1.0~rc6-1) unstable; urgency=low
++
++ * New upstream release candidate.
++ * Build documentation using pdflatex.
++ * Use python 2.6. (closes: #596545)
++ * Fix lintian override.
++ * Install new tools: xl, xenpaging.
++ * Enable blktap2.
++ - Use own md5 implementation.
++ - Fix includes.
++ - Fix linking of blktap2 binaries.
++ - Remove optimization setting.
++ * Temporarily disable hvmloader, wants to download ipxe.
++ * Remove xenstored pid check from xl.
++
++ -- Bastian Blank <waldi@debian.org> Thu, 17 Mar 2011 16:12:45 +0100
++
++xen (4.0.1-2) unstable; urgency=low
++
++ * Fix races in memory management.
++ * Make sure that frame-table compression leaves enough alligned.
++ * Disable XSAVE support. (closes: #595490)
++ * Check for dying domain instead of raising an assertion.
++ * Add C6 state with EOI errata for Intel.
++ * Make some memory management interrupt safe. Unsure if really needed.
++ * Raise bar for inter-socket migrations on mostly-idle systems.
++ * Fix interrupt handling for legacy routed interrupts.
++ * Allow to set maximal domain memory even during a running change.
++ * Support new partition name in pygrub. (closes: #599243)
++ * Fix some comparisions "< 0" that may be optimized away.
++ * Check for MWAIT support before using it.
++ * Fix endless loop on interrupts on Nehalem cpus.
++ * Don't crash upon direct GDT/LDT access. (closes: #609531)
++ CVE-2010-4255
++ * Don't loose timer ticks after domain restore.
++ * Reserve some space for IOMMU area in dom0. (closes: #608715)
++ * Fix hypercall arguments after trace callout.
++ * Fix some error paths in vtd support. Memory leak.
++ * Reinstate ACPI DMAR table.
++
++ -- Bastian Blank <waldi@debian.org> Wed, 12 Jan 2011 15:01:40 +0100
++
++xen (4.0.1-1) unstable; urgency=low
++
++ * New upstream release.
++ - Fix IOAPIC S3 with interrupt remapping enabled.
++
++ -- Bastian Blank <waldi@debian.org> Fri, 03 Sep 2010 17:14:28 +0200
++
++xen (4.0.1~rc6-1) unstable; urgency=low
++
++ * New upstream release candidate.
++ - Add some missing locks for page table walk.
++ - Fix NMU injection into guest.
++ - Fix ioapic updates for vt-d.
++ - Add check for GRUB2 commandline behaviour.
++ - Fix handling of invalid kernel images.
++ - Allow usage of powernow.
++ * Remove lowlevel python modules usage from pygrub. (closes: #588811)
++
++ -- Bastian Blank <waldi@debian.org> Tue, 17 Aug 2010 23:15:34 +0200
++
++xen (4.0.1~rc5-1) unstable; urgency=low
++
++ * New upstream release candidate.
++
++ -- Bastian Blank <waldi@debian.org> Mon, 02 Aug 2010 17:06:27 +0200
++
++xen (4.0.1~rc3-1) unstable; urgency=low
++
++ * New upstream release candidate.
++ * Call dh_pyversion with the correct version.
++ * Restart xen daemon on upgrade.
++
++ -- Bastian Blank <waldi@debian.org> Wed, 30 Jun 2010 16:30:47 +0200
++
++xen (4.0.0-2) unstable; urgency=low
++
++ * Fix python dependency. (closes: #586666)
++ - Use python-support.
++ - Hardcode to use python 2.5 for now.
++
++ -- Bastian Blank <waldi@debian.org> Mon, 21 Jun 2010 17:23:16 +0200
++
++xen (4.0.0-1) unstable; urgency=low
++
++ * Update to unstable.
++ * Fix spelling in README.
++ * Remove unnecessary build-depends.
++ * Fixup xend to use different filename lookup.
++
++ -- Bastian Blank <waldi@debian.org> Thu, 17 Jun 2010 11:16:55 +0200
++
++xen (4.0.0-1~experimental.2) experimental; urgency=low
++
++ * Merge changes from 3.4.3-1.
++
++ -- Bastian Blank <waldi@debian.org> Fri, 28 May 2010 12:58:12 +0200
++
++xen (4.0.0-1~experimental.1) experimental; urgency=low
++
++ * New upstream version.
++ * Rename source package to xen.
++ * Build depend against iasl and uuid-dev.
++ * Disable blktap2 support, it links against OpenSSL.
++ * Update copyright file.
++
++ -- Bastian Blank <waldi@debian.org> Thu, 06 May 2010 15:47:38 +0200
++
++xen-3 (3.4.3-1) unstable; urgency=low
++
++ * New upstream version.
++ * Disable blktap support, it is unusable with current kernels.
++ * Disable libaio, was only used by blktap.
++ * Drop device creation support. (closes: #583283)
++
++ -- Bastian Blank <waldi@debian.org> Fri, 28 May 2010 11:43:18 +0200
++
++xen-3 (3.4.3~rc6-1) unstable; urgency=low
++
++ * New upstream release candidate.
++ - Relocate multiboot modules. (closes: #580045)
++ - Support grub2 in pygrub. (closes: #573311)
++
++ -- Bastian Blank <waldi@debian.org> Sat, 08 May 2010 11:32:29 +0200
++
++xen-3 (3.4.3~rc3-2) unstable; urgency=low
++
++ * Again list the complete version in the hypervisor.
++ * Fix path detection for bootloader, document it. (closes: #481105)
++ * Rewrite README.
++
++ -- Bastian Blank <waldi@debian.org> Thu, 08 Apr 2010 16:14:58 +0200
++
++xen-3 (3.4.3~rc3-1) unstable; urgency=low
++
++ * New upstream release candidate.
++ * Use 3.0 (quilt) source format.
++ * Always use current python version.
++
++ -- Bastian Blank <waldi@debian.org> Mon, 01 Mar 2010 22:14:22 +0100
++
++xen-3 (3.4.2-2) unstable; urgency=low
++
++ * Remove Jeremy T. Bouse from uploaders.
++ * Export blktap lib and headers.
++ * Build amd64 hypervisor on i386. (closes: #366315)
++
++ -- Bastian Blank <waldi@debian.org> Sun, 22 Nov 2009 16:54:47 +0100
++
++xen-3 (3.4.2-1) unstable; urgency=low
++
++ * New upstream version.
++ * Strip hvmloader by hand.
++ * Remove extra license file from libxen-dev.
++
++ -- Bastian Blank <waldi@debian.org> Mon, 16 Nov 2009 20:57:07 +0100
++
++xen-3 (3.4.1-1) unstable; urgency=low
++
++ * New upstream version.
++
++ -- Bastian Blank <waldi@debian.org> Fri, 21 Aug 2009 21:34:38 +0200
++
++xen-3 (3.4.0-2) unstable; urgency=low
++
++ * Add symbols file for libxenstore3.0. (closes: #536173)
++ * Document that ioemu is currently unsupported. (closes: #536175)
++ * Fix location of fsimage plugins. (closes: #536174)
++
++ -- Bastian Blank <waldi@debian.org> Sat, 18 Jul 2009 18:05:35 +0200
++
++xen-3 (3.4.0-1) unstable; urgency=low
++
++ [ Bastian Blank ]
++ * New upstream version.
++ * Remove ioemu for now. (closes: #490409, #496367)
++ * Remove non-pae hypervisor.
++ * Use debhelper compat level 7.
++ * Make the init script start all daemons.
++
++ -- Bastian Blank <waldi@debian.org> Tue, 30 Jun 2009 22:33:22 +0200
++
++xen-3 (3.2.1-2) unstable; urgency=low
++
++ * Use e2fslibs based ext2 support for pygrub. (closes: #476366)
++ * Fix missing checks in pvfb code.
++ See CVE-2008-1952. (closes: #487095)
++ * Add support for loading bzImage files. (closes: #474509)
++ * Enable TLS support in ioemu code.
++ * Drop libcrypto usage because of GPL-incompatibility.
++ * Remove AES code from blktap drivers. Considered broken.
++
++ -- Bastian Blank <waldi@debian.org> Sat, 28 Jun 2008 11:30:43 +0200
++
++xen-3 (3.2.1-1) unstable; urgency=low
++
++ * New upstream version.
++ * Set rpath relative to ${ORIGIN}.
++ * Add lintian override to xen-utils package.
++
++ -- Bastian Blank <waldi@debian.org> Thu, 22 May 2008 14:01:47 +0200
++
++xen-3 (3.2.0-5) unstable; urgency=low
++
++ * Provide correct directory to dh_pycentral.
++
++ -- Bastian Blank <waldi@debian.org> Mon, 14 Apr 2008 21:43:49 +0200
++
++xen-3 (3.2.0-4) unstable; urgency=low
++
++ * Pull in newer xen-utils-common.
++ * Fix missing size checks in the ioemu block driver. (closes: #469654)
++ See: CVE-2008-0928
++
++ -- Bastian Blank <waldi@debian.org> Fri, 07 Mar 2008 14:21:38 +0100
++
++xen-3 (3.2.0-3) unstable; urgency=low
++
++ * Clean environment for build.
++ * Add packages libxenstore3.0 and xenstore-utils.
++ * Move docs package in docs section to match overwrites.
++ * Make the hypervisor only recommend the utils.
++ * Cleanup installation. (closes: #462989)
++
++ -- Bastian Blank <waldi@debian.org> Tue, 12 Feb 2008 12:40:56 +0000
++
++xen-3 (3.2.0-2) unstable; urgency=low
++
++ * Fix broken patch. (closes: #462522)
++
++ -- Bastian Blank <waldi@debian.org> Sat, 26 Jan 2008 17:21:52 +0000
++
++xen-3 (3.2.0-1) unstable; urgency=low
++
++ * New upstream version.
++ * Add package libxen-dev. Including public headers and static libs.
++ (closes: #402249)
++ * Don't longer install xenfb, removed upstream.
++
++ -- Bastian Blank <waldi@debian.org> Tue, 22 Jan 2008 12:51:49 +0000
++
++xen-3 (3.1.2-2) unstable; urgency=low
++
++ * Add missing rpath definitions.
++ * Fix building of pae version.
++
++ -- Bastian Blank <waldi@debian.org> Sat, 08 Dec 2007 12:07:42 +0000
++
++xen-3 (3.1.2-1) unstable; urgency=high
++
++ * New upstream release:
++ - Move shared file into /var/run. (closes: #447795)
++ See CVE-2007-3919.
++ - x86: Fix various problems with debug-register handling. (closes: #451626)
++ See CVE-2007-5906.
++
++ -- Bastian Blank <waldi@debian.org> Sat, 24 Nov 2007 13:24:45 +0000
++
++xen-3 (3.1.1-1) unstable; urgency=low
++
++ * New upstream release:
++ - Don't use exec with untrusted values in pygrub. (closes: #444430)
++ See CVE-2007-4993.
++
++ -- Bastian Blank <waldi@debian.org> Fri, 19 Oct 2007 16:02:37 +0000
++
++xen-3 (3.1.0-2) unstable; urgency=low
++
++ * Switch to texlive for documentation.
++ * Drop unused transfig.
++ * Drop unused latex features from documentation.
++ * Build depend against gcc-multilib for amd64. (closes: #439662)
++
++ -- Bastian Blank <waldi@debian.org> Fri, 31 Aug 2007 08:15:50 +0000
++
++xen-3 (3.1.0-1) unstable; urgency=low
++
++ [ Julien Danjou ]
++ * New upstream version.
++
++ [ Ralph Passgang ]
++ * Added graphviz to Build-Indeps
++
++ [ Bastian Blank ]
++ * Upstream removed one part of the version. Do it also.
++ * Merge utils packages.
++ * Install blktap support.
++ * Install pygrub.
++ * Install xenfb tools.
++ * xenconsoled startup is racy, wait a little bit.
++
++ -- Bastian Blank <waldi@debian.org> Mon, 20 Aug 2007 15:05:08 +0000
++
++xen-3.0 (3.0.4-1-1) unstable; urgency=low
++
++ [ Bastian Blank ]
++ * New upstream version (closes: #394411)
++
++ [ Guido Trotter ]
++ * Actually try to build and release xen 3.0.4
++ * Update build dependencies
++
++ -- Guido Trotter <ultrotter@debian.org> Wed, 23 May 2007 11:57:29 +0100
++
++xen-3.0 (3.0.3-0-2) unstable; urgency=medium
++
++ [Bastian Blank]
++ * Remove device recreate code.
++ * Remove build dependency on linux-support-X
++
++ [ Guido Trotter ]
++ * Add missing build dependency on zlib1g-dev (closes: #396557)
++ * Add missing build dependencies on libncurses5-dev and x11proto-core-dev
++ (closes: #396561, #396567)
++
++ -- Guido Trotter <ultrotter@debian.org> Thu, 2 Nov 2006 16:38:02 +0000
++
++xen-3.0 (3.0.3-0-1) unstable; urgency=low
++
++ * New upstream version.
++
++ -- Bastian Blank <waldi@debian.org> Fri, 20 Oct 2006 11:04:35 +0000
++
++xen-3.0 (3.0.3~rc4+hg11760-1) unstable; urgency=low
++
++ * New upstream snapshot.
++ * Ignore update-grub errors. (closes: #392534)
++
++ -- Bastian Blank <waldi@debian.org> Sat, 14 Oct 2006 13:09:53 +0000
++
++xen-3.0 (3.0.3~rc1+hg11686-1) unstable; urgency=low
++
++ * New upstream snapshot.
++ * Rename ioemu package to include the complete version.
++ * Fix name of hypervisor. (closes: #391771)
++
++ -- Bastian Blank <waldi@debian.org> Mon, 9 Oct 2006 12:48:13 +0000
++
++xen-3.0 (3.0.2-3+hg9762-1) unstable; urgency=low
++
++ * New upstream snapshot.
++ * Rename hypervisor and utils packages to include the complete version.
++ * Redo build environment.
++
++ -- Bastian Blank <waldi@debian.org> Mon, 4 Sep 2006 18:43:12 +0000
++
++xen-3.0 (3.0.2+hg9697-2) unstable; urgency=low
++
++ [ Guido Trotter ]
++ * Update xen-utils' README.Debian (closes: #372524)
++
++ [ Bastian Blank ]
++ * Adopt new python policy. (closes: #380990)
++ * Add patch to make new kernels working on the hypervisor.
++
++ -- Bastian Blank <waldi@debian.org> Tue, 15 Aug 2006 19:20:08 +0000
++
++xen-3.0 (3.0.2+hg9697-1) unstable; urgency=low
++
++ [ Guido Trotter ]
++ * Update Standards Version
++ * Merge upstream fixes trunk (upstream 3.0.2-3 + a couple of fixes)
++
++ [ Bastian Blank ]
++ * Add xen-ioemu-3.0 package to support HVM guests (closes: #368496)
++
++ -- Guido Trotter <ultrotter@debian.org> Wed, 31 May 2006 10:50:05 +0200
++
++xen-3.0 (3.0.2+hg9681-1) unstable; urgency=low
++
++ * Update xen-hypervisor-3.0-i386 and xen-hypervisor-3.0-i386-pae
++ descriptions, specifying what the difference between the two packages is
++ (closes: #366019)
++ * Merge upstream fixes trunk
++
++ -- Guido Trotter <ultrotter@debian.org> Thu, 18 May 2006 15:25:02 +0200
++
++xen-3.0 (3.0.2+hg9656-1) unstable; urgency=low
++
++ * Merge upstream fixes trunk
++ - This includes a fix for CVE-2006-1056
++
++ -- Guido Trotter <ultrotter@debian.org> Thu, 27 Apr 2006 17:34:03 +0200
++
++xen-3.0 (3.0.2+hg9651-1) unstable; urgency=low
++
++ * Merge upstream fixes trunk
++ * Fix PAE disabled in pae build (Closes: #364875)
++
++ -- Julien Danjou <acid@debian.org> Wed, 26 Apr 2006 13:19:39 +0200
++
++xen-3.0 (3.0.2+hg9646-1) unstable; urgency=low
++
++ [ Guido Trotter ]
++ * Merge upstream fixes trunk
++
++ [ Bastian Blank ]
++ * debian/patches/libdir.dpatch: Update to make xm save work
++
++ -- Julien Danjou <acid@debian.org> Mon, 24 Apr 2006 18:02:07 +0200
++
++xen-3.0 (3.0.2+hg9611-1) unstable; urgency=low
++
++ * Merge upstream bug fixes
++ * Fix bug with xend init.d script
++
++ -- Julien Danjou <acid@debian.org> Wed, 12 Apr 2006 17:35:35 +0200
++
++xen-3.0 (3.0.2+hg9598-1) unstable; urgency=low
++
++ * New upstream release
++ * Fix copyright file
++
++ -- Julien Danjou <acid@debian.org> Mon, 10 Apr 2006 17:02:55 +0200
++
++xen-3.0 (3.0.1+hg8762-1) unstable; urgency=low
++
++ * The "preserve our homes" release
++ * Now cooperatively maintained by the Debian Xen Team
++ * New upstream release (closes: #327493, #342249)
++ * Build depend on transfig (closes: #321157)
++ * Use gcc rather than gcc-3.4 to compile (closes: #323698)
++ * Split xen-hypervisor-3.0 and xen-utils-3.0
++ * Build both normal and pae hypervisor packages
++ * Change maintainer and add uploaders field
++ * Add force-reload support for init script xendomains
++ * Remove dependency against bash
++ * Bump standards version to 3.6.2.2
++ * xen-utils-3.0 conflicts and replaces xen
++ * Add dpatch structure to the package
++ * Remove build-dependency on gcc (it's build essential anyway)
++ * Make SrvServer.py not executable
++ * Create NEWS.Debian file with important upgrade notices
++ * Update copyright file
++ * Remove the linux-patch-xen package
++ * Removed useless build-dependencies: libncurses5-dev, wget
++ * Changed xendomains config path to /etc/default
++ * xen-utils-3.0 now provides xen-utils and xen-hypervisor-3.0-i386 &
++ xen-hypervisor-3.0-i386-pae & xen-hypervizor-amd64 now provide
++ xen-hypervisor
++ * Made xen-utils-3.0.postinst more fault-tolerant, so that upgrading
++ xen2 -> xen3 don't fail because of a running xen2 hypervisor
++ * Updated the "Replaces & Conflicts"
++ * Install only and correctly udev files
++ * Compile date is no more in current locale
++ * Add patch which add the debian version and maintainer in the version
++ string and removes the banner.
++ * Don't install unusable cruft in xen-utils
++ * Remove libxen packages (no stable API/ABI)
++
++ -- Julien Danjou <acid@debian.org> Wed, 5 Apr 2006 16:05:07 +0200
++
++xen (2.0.6-1) unstable; urgency=low
++
++ * Patches applied upstream: non-xen-init-exit.patch, add-build.patch,
++ python-install.patch, disable-html-docs.patch.
++ * New upstream released. Closes: #311336.
++ * Remove comparison to UML from xen short description. Closes: #317066.
++ * Make packages conflicts with 1.2 doc debs. Closes: #304285.
++ * Add iproute to xen depends, as it uses /bin/ip. Closes: #300488,
++ #317468.
++
++ -- Adam Heath <doogie@brainfood.com> Wed, 06 Jul 2005 12:35:50 -0500
++
++xen (2.0.5-3) experimental; urgency=low
++
++ * Change priority/section to match the overrides file.
++
++ -- Adam Heath <doogie@brainfood.com> Fri, 18 Mar 2005 12:43:50 -0600
++
++xen (2.0.5-2) experimental; urgency=low
++
++ * Mike McCallister <mike+debian@metalogue.com>,
++ Tommi Virtanen <tv@debian.org>, Tom Hibbert <tom@nsp.co.nz>:
++ Fix missing '.' in update-rc.d call in xen.postinst. Closes: #299384
++
++ -- Adam Heath <doogie@brainfood.com> Fri, 18 Mar 2005 11:39:56 -0600
++
++xen (2.0.5-1) experimental; urgency=low
++
++ * New upstream.
++ * Remove pic-lib.patch, tools-misc-TARGETS.patch, and clean-mttr.patch
++ as they have been applied upstream(in various forms).
++ * xend now starts at priority 20, stops at 21, while xendomains starts
++ at 21, and stops at 20.
++
++ -- Adam Heath <doogie@brainfood.com> Fri, 11 Mar 2005 14:33:33 -0600
++
++xen (2.0.4-4) experimental; urgency=low
++
++ * Bah, major booboo. Add /boot to debian/xen.install, so xen.gz will
++ get shipped. Reported by Clint Adams <schizo@debian.org>.
++
++ -- Adam Heath <doogie@brainfood.com> Tue, 15 Feb 2005 13:00:57 -0600
++
++xen (2.0.4-3) experimental; urgency=low
++
++ * Fix file overlap(/usr/share/doc/xen/examples/*) between xen and
++ xen-docs. Reported by Tupshin Harper <tupshin@tupshin.com>.
++
++ -- Adam Heath <doogie@brainfood.com> Sun, 06 Feb 2005 01:22:45 -0600
++
++xen (2.0.4-2) experimental; urgency=low
++
++ * Fix kernel patch generation. It was broken when I integrated with
++ debian's kernel source. I used a symlink, and diff doesn't follow
++ those.
++
++ -- Adam Heath <doogie@brainfood.com> Sat, 05 Feb 2005 18:16:35 -0600
++
++xen (2.0.4-1) experimental; urgency=low
++
++ * New upstream.
++ * xen.deb can now install on a plain kernel; that is, the init scripts
++ exit successfully if /proc/xen/privcmd doesn't exist. This allows
++ for dual-boot setups.
++ * Manpages do not yet exist xend, xenperf, xensv, xfrd, nor xm. xend
++ xfrd are daemons, and take little if any options. I've not had a need
++ to use xenperf nor xensv yet. xm has nice built in help(xm help).
++ * Upstream now requires either linux 2.4.29, or 2.6.10. Since 2.4.29 is
++ not yet in debian, disable the 2.4 patch generation. Closes: #271245.
++ * Not certain how the kernel-patch-xen was empty. It's not now, with
++ the repackaging. Closes: #272299.
++ * Xen no longer produces kernel images, so problems about missing features
++ are no longer valid. Closes: #253924.
++ * Acknowledge nmu bugs:
++ * No longer build-depend on gcc 3.3, as the default gcc works. Closes:
++ #243048.
++
++ -- Adam Heath <doogie@brainfood.com> Sat, 05 Feb 2005 18:04:27 -0600
++
++xen (2.0.3-0.1) unstable; urgency=low
++
++ * Changes from Tommi Virtanen:
++ * Added dh-kpatches and libcurl3-dev to Build-Depends.
++ * Add /etc/xen/sv/params.py and /etc/xen/xend/params.py.
++ * Add xmexample1 and xmexample2 to xen/doc/examples.
++
++ -- Adam Heath <doogie@brainfood.com> Wed, 26 Jan 2005 10:55:07 -0600
++
++xen (2.0.3-0) unstable; urgency=low
++
++ * New upstream. Closes: #280733.
++ * Repackaged from scratch.
++ * Using unreleased patch management system. See debian/README.build.
++ * After extracting the .dsc, there are no special steps needed
++ * Those wanting to change the source, use the normal procedures for
++ any package, including using interdiff(or other tool) to send a
++ patch to me or the bts.
++ * No longer try to do anything fancy with regard to the layout of the
++ built kernels. Now, only patches are distributed. Please make use of
++ the xen support in kernel-package.
++ * Early preview release to #debian-devel.
++
++ -- Adam Heath <doogie@brainfood.com> Tue, 25 Jan 2005 13:24:54 -0600
++
++xen (1.2-4.1) unstable; urgency=high
++
++ * NMU
++ * Remove gcc-3.2 from Build-Depends as isn't used during build
++ (Closes: #243048)
++
++ -- Frank Lichtenheld <djpig@debian.org> Sat, 21 Aug 2004 17:42:28 +0200
++
++xen (1.2-4) unstable; urgency=low
++
++ * Added xen-docs.README.Debian, which explains the kernel image layout,
++ and contains references on the locations differ from what is mentioned
++ by the upstream documentation. Closes: #230345.
++
++ -- Adam Heath <doogie@brainfood.com> Fri, 26 Mar 2004 17:36:41 -0600
++
++xen (1.2-3) unstable; urgency=low
++
++ * Add kernel-source-2.4.25 and kernel-patch-debian-2.4.25 to
++ Build-Depends-Indep.
++
++ -- Adam Heath <doogie@brainfood.com> Tue, 23 Mar 2004 20:14:39 -0600
++
++xen (1.2-2) unstable; urgency=low
++
++ * xen: moved /boot/xen.gz to /usr/lib/kernels/xen-i386/images/vmlinuz
++ * kernel-image, kernel-modules: swapped i386/xeno to xeno/i386 in
++ /usr/lib/kernels.
++ * Add kernel-patch-nfs-swap deb.
++ * Apply additional patches to kernel-image-xen:
++ * nfs-group
++ * nfs-swap
++
++ -- Adam Heath <doogie@brainfood.com> Thu, 04 Mar 2004 12:47:47 -0600
++
++xen (1.2-1) unstable; urgency=low
++
++ * Initial version.
++
++ -- Adam Heath <doogie@brainfood.com> Tue, 02 Mar 2004 13:21:52 -0600
--- /dev/null
--- /dev/null
++9
--- /dev/null
--- /dev/null
++Source: xen
++Section: kernel
++Priority: optional
++Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
++Uploaders: Guido Trotter <ultrotter@debian.org>, Bastian Blank <waldi@debian.org>, Ian Jackson <ian.jackson@eu.citrix.com>
++Standards-Version: 3.9.4
++Build-Depends: autotools-dev, debhelper (>> 9), dpkg-dev (>= 1.16.0~), lsb-release, python-dev, bcc [i386 amd64], gcc-multilib [i386 amd64], e2fslibs-dev, iasl, seabios (>= 1.7.4-2~) [i386 amd64], libaio-dev, libfdt-dev [armhf arm64], libglib2.0-dev, liblzma-dev, libncurses5-dev, libpixman-1-dev, libyajl-dev, pkg-config, uuid-dev, zlib1g-dev
++XS-Python-Version: current
++
++Package: libxen-4.8
++Architecture: amd64 arm64 armhf i386
++Section: libs
++Depends: ${shlibs:Depends}, ${misc:Depends}
++Description: Public libs for Xen
++ This package contains the shared toolstack libraries for Xen.
++Multi-Arch: same
++
++Package: libxenstore3.0
++Architecture: amd64 arm64 armhf i386
++Section: libs
++Depends: ${shlibs:Depends}, ${misc:Depends}
++Description: Xenstore communications library for Xen
++ This package contains the client library interface to XenStore. .
++Multi-Arch: same
++
++Package: libxen-dev
++Architecture: amd64 arm64 armhf i386
++Section: libdevel
++Depends: libxen-4.8 (= ${binary:Version}), libxenstore3.0 (= ${binary:Version}), ${misc:Depends}
++Description: Public headers and libs for Xen
++ This package contains the public headers and static libraries for Xen.
++ .
++ The libxenlight library is intended as a common base for all Xen toolstack
++ developers. The libxlutil library contains additional helpers which may
++ be useful to toolstack developers.
++ .
++ The libxenstore library allows userspace processes to interact with the
++ XenStore database. XenStore is a shared database used for interdomain
++ communication of configuration and status information. It is accessible
++ to all domains running on the same Xen host. See
++ http://wiki.xen.org/wiki/XenStore for more information.
++ .
++ The libxenctrl and libxenguest libraries are internal libraries intended
++ for use by the Xen toolstack and are not intended to be used directly.
++ Toolstack authors should use libxenlight.
++Multi-Arch: same
++
++Package: xenstore-utils
++Architecture: amd64 arm64 armhf i386
++Section: admin
++Depends: ${shlibs:Depends}, ${misc:Depends}
++Replaces: xen-utils-common (<= 3.1.0-1)
++Conflicts: xen-utils-common (<= 3.1.0-1)
++Description: Xenstore command line utilities for Xen
++ This package contains command line utilities for interacting with
++ XenStore.
++ .
++ XenStore is a shared database used for interdomain communication of
++ configuration and status information. It is accessible to all domains
++ running on the same Xen host. See http://wiki.xen.org/wiki/XenStore for
++ more information.
++ .
++ In the common case these tools are used by the Xen toolstack running in
++ domain0 (or a driver domain) however they may also be used in a guest
++ domain to support local scripting which wants to communicate via XenStore.
++
++Package: xen-utils-common
++Architecture: all
++Depends: lsb-base, python, udev, xenstore-utils, ${misc:Depends}
++Description: Xen administrative tools - common files
++ The userspace tools to manage a system virtualized through the Xen virtual
++ machine monitor.
++ .
++ This package is only required on the host system (Domain 0) and not on the
++ virtual guest systems (Domain U).
++
++Package: xen-utils-4.8
++Architecture: amd64 arm64 armhf i386
++Provides: xen-utils
++Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, xen-utils-common (>= ${source:Version})
++Recommends: bridge-utils, libc6-xen [i386], xen-hypervisor-4.8, qemu-system-x86, grub-xen-host [i386 amd64]
++Suggests: qemu-utils [i386 amd64], seabios [i386 amd64]
++Description: XEN administrative tools
++ The userspace tools to manage a system virtualized through the XEN virtual
++ machine monitor.
++ .
++ qemu-utils and seabios are neded for "Xen HVM" (amd64 and i386)
++Built-Using: ${misc:Built-Using}
++
++Package: xen-hypervisor-4.8-amd64
++Architecture: amd64 i386
++Provides: xen-hypervisor, xen-hypervisor-4.8, xen-hypervisor-amd64
++Depends: ${misc:Depends}
++Recommends: xen-utils-4.8
++Description: Xen Hypervisor on AMD64
++ The hypervisor is the "core" for XEN itself. It gets booted by the boot
++ loader and controls cpu and memory, sharing them between your
++ administrative domain (Domain 0) and the virtual guest systems.
++ .
++ In order to boot a XEN system along with this package you also need a
++ kernel specifically crafted to work as the Domain 0, mediating hardware
++ access for XEN itself.
++
++Package: xen-system-amd64
++Architecture: amd64 i386
++Provides: xen-system
++Depends: xen-hypervisor-4.8-amd64, xen-utils-4.8, ${misc:Depends}
++Description: Xen System on AMD64 (meta-package)
++ This package depends on the latest Xen hypervisor for use on AMD64 and the
++ Xen utils.
++
++Package: xen-hypervisor-4.8-arm64
++Architecture: arm64
++Provides: xen-hypervisor, xen-hypervisor-4.8, xen-hypervisor-arm64
++Depends: ${misc:Depends}
++Recommends: xen-utils-4.8
++Description: Xen Hypervisor on ARM64
++ The hypervisor is the "core" for XEN itself. It gets booted by the boot
++ loader and controls cpu and memory, sharing them between your
++ administrative domain (Domain 0) and the virtual guest systems.
++ .
++ In order to boot a XEN system along with this package you also need a
++ kernel specifically crafted to work as the Domain 0, mediating hardware
++ access for XEN itself.
++
++Package: xen-system-arm64
++Architecture: arm64
++Provides: xen-system
++Depends: xen-hypervisor-4.8-arm64, xen-utils-4.8, ${misc:Depends}
++Description: Xen System on ARM64 (meta-package)
++ This package depends on the latest Xen hypervisor for use on ARM64 and the
++ Xen utils.
++
++Package: xen-hypervisor-4.8-armhf
++Architecture: armhf
++Provides: xen-hypervisor, xen-hypervisor-4.8, xen-hypervisor-armhf
++Depends: ${misc:Depends}
++Recommends: xen-utils-4.8
++Description: Xen Hypervisor on ARMHF
++ The hypervisor is the "core" for XEN itself. It gets booted by the boot
++ loader and controls cpu and memory, sharing them between your
++ administrative domain (Domain 0) and the virtual guest systems.
++ .
++ In order to boot a XEN system along with this package you also need a
++ kernel specifically crafted to work as the Domain 0, mediating hardware
++ access for XEN itself.
++
++Package: xen-system-armhf
++Architecture: armhf
++Provides: xen-system
++Depends: xen-hypervisor-4.8-armhf, xen-utils-4.8, ${misc:Depends}
++Description: Xen System on ARMHF (meta-package)
++ This package depends on the latest Xen hypervisor for use on ARMHF and the
++ Xen utils.
++
--- /dev/null
--- /dev/null
++414390ca652da67ac85ebd905500eb66 debian/changelog
++dc7b5d9f0538e3180af4e9aff9b0bd57 debian/bin/gencontrol.py
++20e336dbea44b1641802eff0dde9569b debian/templates/control.main.in
++a15fa64ce6deead28d33c1581b14dba7 debian/templates/xen-hypervisor.postinst.in
++fe9f3e8a9c9b716f7b4c5b7d7aec3128 debian/templates/control.system.latest.in
++03f63e67cf2d915bfbb535f8c9d9e2e4 debian/templates/xen-utils.postinst.in
++63ad8a975156f7bf2327f0e1dc7fc9e2 debian/templates/control.source.in
++22492e0565a4754b5e008ca7cac871da debian/templates/xen-hypervisor.postrm.in
++a4fad0ec66d977759a362165bf8aa31d debian/templates/control.hypervisor.in
++df5a318ff90cd0ca3ac7f1a8976bae39 debian/templates/control.utils.in
++dcabf82578122540e0534f72750698d5 debian/templates/xen-utils.lintian-overrides.in
++b6acd21c3924e6ec6f9c547afbbc7d9e debian/templates/xen-utils.prerm.in
++f48f31b0af755ff8b08b4575e94d6390 debian/arch/defines
++bda767ffd62b57de88b50731794f1374 debian/arch/i386/defines
++06efb201e83233c4607b13c8dad5c031 debian/arch/armhf/defines
++afd11afd204a8929340d194894572353 debian/arch/amd64/defines
++b6a35272efc8545fafab547e1cf492cb debian/arch/arm64/defines
--- /dev/null
--- /dev/null
++This work was downloaded from
++
++ http://xenbits.xensource.com/
++
++Copyright:
++
++ Copyright (C) 1998-2005 Hewlett-Packard Co
++ 1999-2006 Silicon Graphics, Inc
++ 2001-2006 IBM Corporation
++ 2005-2006 XenSource Inc
++ 2006-2010 Citrix Systems Inc.
++ and many others
++
++License:
++
++ This package is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation.
++
++ This package is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>
++
++On Debian systems, the complete text of the GNU General
++Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
++
++The bundled qemu is:
++
++ Copyright (C) 2007 Alexander Graf
++ 2005,2007 Alex Beregszaszi
++ 2005-2008 Andrzej Zaborowski <balrog@zabor.org>
++ 2005-2007 Anthony Liguori <anthony@codemonkey.ws>
++ 2004 Antony T Curtis
++ 2007 Arastra, Inc.
++ 2007 Armin Kuster <akuster@kama-aina.net> or
++ 1999 AT&T Laboratories Cambridge
++ 2006,2007 Aurelien Jarno
++ 2007-2008 AXIS Communications AB
++ 2007-2008 Bull S.A.S.
++ 2006 Christian Limpach
++ 2008 Citrix Systems, Inc.
++ 2005-2008 CodeSourcery
++ 2007 Dan Aloni
++ 1995,1996 Danny Gasparovski
++ 2000-2003 David McCullough <davidm@snapgear.com>
++ 2008 Dmitry Baryshkov
++ 2007-2009 Edgar E. Iglesias, Axis Communications AB.
++ 1996-1999 Eduardo Horvath
++ 1998,2003-2008 Fabrice Bellard
++ 2005 Filip Navara
++ 2006 Frederick Reeve
++ 2009 Freescale Semiconductor
++ 1986-2007 Free Software Foundation, Inc.
++ 2004 Gianni Tedesco
++ 2008 Gleb Natapov
++ 2002 Greg Ungerer <gerg@snapgear.com>
++ 2007-2009 Hervé Poussineau
++ 2005,2007,2008 IBM Corporation
++ 2008 IBM Corporation
++ 2006 Igor Kovalenko
++ 2006 InnoTek Systemberatung GmbH
++ 1999-2008 Intel Corporation
++ 2009 Isaku Yamahata
++ 2003-2004 James Yonan
++ 2008 Jan Kiszka
++ 2006 Joachim Henke
++ 2003-2007 Jocelyn Mayer
++ 2004,2005 Johannes E. Schindelin
++ 2005 Julian Chesterfield and Andrew Warfield.
++ 2008 Kamala Narasimhan
++ 1998 Kenneth Albanowski <kjahds@kjahds.com>
++ 2008 Kevin Wolf
++ 2009 Kevin Wolf <kwolf@suse.de>
++ 2009 Laurent Vivier
++ 2007-2008 Lauro Ramos Venancio <lauro.venancio@indt.org.br>
++ 2000,2001 Lineo, by David McCullough <davidm@lineo.com>
++ 1991,1992,1996 Linus Torvalds
++ 2006 Lonnie Mendez
++ 2008 Lubomir Rintel
++ 2004,2007 Magnus Damm
++ 2004 Makoto Suzuki (suzu)
++ 2002-2006 Marcel Holtmann <marcel@holtmann.org>
++ 2006 Marius Groeger (FPU operations)
++ 2007 Marko Kohtala
++ 2002-2003 Maxim Krasnyansky <maxk@qualcomm.com>
++ 2008 Max Krasnyansky
++ 2005,2008 Mike Kronenberg
++ 2007 MontaVista Software, Inc
++ 2007 Neocleus Corporation.
++ 2007-2008 Nokia Corporation
++ 2001 OKTET Ltd., St.-Petersburg, Russia
++ 2006-2008 Openedhand Ltd.
++ 2007-2008 OpenMoko, Inc.
++ 1996 Paul Mackerras.
++ 2008 Paul Mundt
++ 2006 Pierre d'Herbemont
++ 2000-2001 Qualcomm Incorporated
++ 2006-2008 Qumranet Technologies
++ 1997-1999,2001,2009 Red Hat, Inc.
++ 1988,1989,1990,1991,1992 Richard Outerbridge
++ 2007 Robert Reif
++ 1998-2004 Samuel Rydh (samuel@ibrium.se)
++ 2005 Samuel Tardieu
++ 2007,2008 Samuel Thibault
++ 2008 Semihalf
++ 2008 Shin-ichiro KAWASAKI
++ 2002 SnapGear, by Paul Dale <pauli@snapgear.com>
++ 2006-2007 Stefan Weil
++ 2008 Takashi YOSHII
++ 1999,2000 Tatsuyuki Satoh , MultiArcadeMachineEmurator development
++ 1993 Theodore Ts'o
++ 2006,2007 Thiemo Seufer
++ 2003 Thomas M. Ogrisegg <tom@fnord.at>
++ 2006 Thomas Sailer
++ 1998-2001,2003 Thomas Sailer (t.sailer@alumni.ethz.ch)
++ 2006,2007 Thorsten Zitterell
++ 2000-2007 Tibor "TS" Schütz
++ 2008 TJ <linux@tjworld.net>
++ 2002-2005 Vassili Karpov (malc)
++ 2005 Vassili Karpov (malc)
++ 2007 Vladimir Ananiev <vovan888@gmail.com>
++ 2006 XenSource
++
++The Debian packaging is:
++
++ Copyright (C) 2008-2010 Bastian Blank <waldi@debian.org>
++
++you can redistribute it and/or modify
++it under the terms of the GNU General Public License as published by
++the Free Software Foundation; either version 2 of the License, or
++(at your option) any later version.
++
++The following parts are subject of a different license:
++* tools/firmware/vgabios
++* tools/libaio
++* tools/libxen
++* tools/xenstat/libxenstat
++* tools/xenstore
++
++ This package is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ This package is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>.
++
++On Debian systems, the complete text of the GNU Lesser General
++Public License can be found in "/usr/share/common-licenses/LGPL-2".
++
++Files in xen/include/public are subject to the following license:
++
++ Permission is hereby granted, free of charge, to any person obtaining a
++ copy of this software and associated documentation files (the "Software"),
++ to deal in the Software without restriction, including without limitation
++ the rights to use, copy, modify, merge, publish, distribute, sublicense,
++ and/or sell copies of the Software, and to permit persons to whom the
++ Software is furnished to do so, subject to the following conditions:
++
++ The above copyright notice and this permission notice shall be included in
++ all copies or substantial portions of the Software.
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
++ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
++ DEALINGS IN THE SOFTWARE.
++
++Files in extra/mini-os are subject to the following license:
++
++ Redistribution and use in source and binary forms, with or without
++ modification, are permitted provided that the following conditions are met:
++ 1. Redistributions of source code must retain the above copyright notice,
++ this list of conditions and the following disclaimer.
++ 2. Redistributions in binary form must reproduce the above copyright
++ notice, this list of conditions and the following disclaimer in the
++ documentation and/or other materials provided with the distribution.
++
++ THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
++ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
++ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ SUCH DAMAGE.
++
++Files in tools/vtpm_manager are subject to the following license:
++
++ Redistribution and use in source and binary forms, with or without
++ modification, are permitted provided that the following conditions
++ are met:
++
++ * Redistributions of source code must retain the above copyright
++ notice, this list of conditions and the following disclaimer.
++ * Redistributions in binary form must reproduce the above
++ copyright notice, this list of conditions and the following
++ disclaimer in the documentation and/or other materials provided
++ with the distribution.
++ * Neither the name of Intel Corporation nor the names of its
++ contributors may be used to endorse or promote products derived
++ from this software without specific prior written permission.
++
++ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
++ FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
++ COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
++ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ OF THE POSSIBILITY OF SUCH DAMAGE.
++
++File tools/python/test.py is subject to the following license:
++
++ This software is Copyright (c) Zope Corporation (tm) and
++ Contributors. All rights reserved.
++
++ This license has been certified as open source. It has also
++ been designated as GPL compatible by the Free Software
++ Foundation (FSF).
++
++ Redistribution and use in source and binary forms, with or
++ without modification, are permitted provided that the
++ following conditions are met:
++
++ 1. Redistributions in source code must retain the above
++ copyright notice, this list of conditions, and the following
++ disclaimer.
++
++ 2. Redistributions in binary form must reproduce the above
++ copyright notice, this list of conditions, and the following
++ disclaimer in the documentation and/or other materials
++ provided with the distribution.
++
++ 3. The name Zope Corporation (tm) must not be used to
++ endorse or promote products derived from this software
++ without prior written permission from Zope Corporation.
++
++ 4. The right to distribute this software or to use it for
++ any purpose does not give you the right to use Servicemarks
++ (sm) or Trademarks (tm) of Zope Corporation. Use of them is
++ covered in a separate agreement (see
++ http://www.zope.com/Marks).
++
++ 5. If any files are modified, you must cause the modified
++ files to carry prominent notices stating that you changed
++ the files and the date of any change.
++
++ Disclaimer
++
++ THIS SOFTWARE IS PROVIDED BY ZOPE CORPORATION ``AS IS''
++ AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT
++ NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
++ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
++ NO EVENT SHALL ZOPE CORPORATION OR ITS CONTRIBUTORS BE
++ LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
++ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
++ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
++ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
++ DAMAGE.
++
++ This software consists of contributions made by Zope
++ Corporation and many individuals on behalf of Zope
++ Corporation. Specific attributions are listed in the
++ accompanying credits file.
++
++Files in tools/python/logging are subject to the following license:
++
++ Copyright (C) 2001-2004 by Vinay Sajip. All Rights Reserved.
++
++ Permission to use, copy, modify, and distribute this software and its
++ documentation for any purpose and without fee is hereby granted,
++ provided that the above copyright notice appear in all copies and that
++ both that copyright notice and this permission notice appear in
++ supporting documentation, and that the name of Vinay Sajip
++ not be used in advertising or publicity pertaining to distribution
++ of the software without specific, written prior permission.
++
++ VINAY SAJIP DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
++ ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
++ VINAY SAJIP BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
++ ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
++ AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
++ IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
--- /dev/null
--- /dev/null
++def _setup():
++ import os.path, sys
++ version = None
++ rules = os.path.join(__path__[0], "../../../rules.defs")
++ f = open(rules)
++ for l in f:
++ l = l.strip().split()
++ if l[0] == 'KERNELVERSION':
++ version = l[-1]
++ f.close()
++ if version is None:
++ raise RuntimeError("Can't find KERNELVERSION setting")
++ global support
++ support = '/usr/src/linux-support-%s' % version
++ if not os.path.exists(support):
++ raise RuntimeError("Can't find %s, please install the linux-support-%s package" % (support, version))
++ sys.path.append('%s/lib/python' % support)
++
++_setup()
--- /dev/null
--- /dev/null
++import re
++from debian_linux.debian import Version
++
++
++class VersionXen(Version):
++ _version_xen_rules = r"""
++^
++(?P<version>
++ \d+\.\d+
++)
++(?:
++ \.\d+
++ (?:
++ ~rc\d+
++ )?
++ (?:
++ \+hg-\d+.[a-z0-9]+
++ )?
++ (?:
++ ~pre\.\d{4,}\.\d{2}\.\d{2}(?:\b[-+0-9a-z])?
++ )?
++ |
++ ~hg-\d+.[a-z0-9]+
++)
++-
++(?:[^-]+)
++$
++"""
++ _version_xen_re = re.compile(_version_xen_rules, re.X)
++
++ def __init__(self, version):
++ super(VersionXen, self).__init__(version)
++ match = self._version_xen_re.match(version)
++ if match is None:
++ raise ValueError("Invalid debian xen version")
++ d = match.groupdict()
++ self.xen_version = d['version']
++
--- /dev/null
--- /dev/null
++usr/lib/*/libxenctrl.a
++usr/lib/*/libxenctrl.so
++usr/lib/*/libxenguest.a
++usr/lib/*/libxenguest.so
++usr/lib/*/libxenlight.a
++usr/lib/*/libxenlight.so
++usr/lib/*/libxenstore.a
++usr/lib/*/libxenstore.so
++usr/lib/*/libxlutil.a
++usr/lib/*/libxlutil.so
++usr/lib/*/libxencall.a
++usr/lib/*/libxencall.so
++usr/lib/*/libxenevtchn.a
++usr/lib/*/libxenevtchn.so
++usr/lib/*/libxenforeignmemory.a
++usr/lib/*/libxenforeignmemory.so
++usr/lib/*/libxengnttab.a
++usr/lib/*/libxengnttab.so
++usr/lib/*/libxentoollog.a
++usr/lib/*/libxentoollog.so
++usr/include/_libxl*.h
++usr/include/libxl*.h
++usr/include/xenctrl.h
++usr/include/xenguest.h
++usr/include/xenstore*.h
++usr/include/xenstore-compat/xs* usr/include
++usr/include/xentoollog.h
++usr/include/xen
++usr/lib/*/pkgconfig/*.pc
++# New headers in xen-4.8
++#usr/include/fsimage_grub.h
++#usr/include/fsimage.h
++#usr/include/fsimage_plugin.h
++#usr/include/libxenvchan.h
++usr/include/xencall.h
++usr/include/xenctrl_compat.h
++usr/include/xenevtchn.h
++usr/include/xenforeignmemory.h
++usr/include/xengnttab.h
++usr/include/xenstat.h
--- /dev/null
--- /dev/null
++usr/lib/*/libxenstore.so.*
--- /dev/null
--- /dev/null
++libxenstore.so.3.0 libxenstore3.0 #MINVER#
++ expanding_buffer_ensure@Base 3.2.0
++ sanitise_value@Base 3.2.0
++ unsanitise_value@Base 3.2.0
++ xprintf@Base 3.2.0
++ xs_check_watch@Base 4.2~
++ xs_close@Base 4.1.0~rc6
++ xs_count_strings@Base 3.2.0
++ xs_daemon_close@Base 3.2.0
++ xs_daemon_destroy_postfork@Base 4.0.1~rc4
++ xs_daemon_open@Base 3.2.0
++ xs_daemon_open_readonly@Base 3.2.0
++ xs_daemon_rootdir@Base 3.2.0
++ xs_daemon_rundir@Base 3.2.0
++ xs_daemon_socket@Base 3.2.0
++ xs_daemon_socket_ro@Base 3.2.0
++ xs_daemon_tdb@Base 3.2.0
++ xs_debug_command@Base 3.2.0
++ xs_directory@Base 3.2.0
++ xs_domain_dev@Base 3.2.0
++ xs_domain_open@Base 3.2.0
++ xs_fileno@Base 3.2.0
++ xs_get_domain_path@Base 3.2.0
++ xs_get_permissions@Base 3.2.0
++ xs_introduce_domain@Base 3.2.0
++ xs_is_domain_introduced@Base 3.2.0
++ xs_mkdir@Base 3.2.0
++ xs_open@Base 4.1.0~rc6
++ xs_path_is_subpath@Base 4.2~
++ xs_perm_to_string@Base 3.2.0
++ xs_read@Base 3.2.0
++ xs_read_watch@Base 3.2.0
++ xs_release_domain@Base 3.2.0
++ xs_restrict@Base 4.1.0~rc6
++ xs_resume_domain@Base 3.2.0
++ xs_rm@Base 3.2.0
++ xs_set_permissions@Base 3.2.0
++ xs_set_target@Base 3.4.0
++ xs_strings_to_perms@Base 3.2.0
++ xs_suspend_evtchn_port@Base 3.4.0
++ xs_transaction_end@Base 3.2.0
++ xs_transaction_start@Base 3.2.0
++ xs_unwatch@Base 3.2.0
++ xs_watch@Base 3.2.0
++ xs_write@Base 3.2.0
++ xs_write_all@Base 3.2.0
--- /dev/null
--- /dev/null
++From: Julien Grall <julien.grall@arm.com>
++Date: Tue, 20 Jun 2017 13:24:47 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 eb44d9032d2f1917d6eee889df7a37602435b483
++Subject: arm: vgic: Don't update the LR when the IRQ is not enabled
++
++gic_raise_inflight_irq will be called if the IRQ is already inflight
++(i.e the IRQ is injected to the guest). If the IRQ is already already in
++the LRs, then the associated LR will be updated.
++
++To know if the interrupt is already in the LR, the function check if the
++interrupt is queued. However, if the interrupt is not enabled then the
++interrupt may not be queued nor in the LR. So gic_update_one_lr may be
++called (if we inject on the current vCPU) and read the LR.
++
++Because the interrupt is not in the LR, Xen will either read:
++ * LR 0 if the interrupt was never injected before
++ * LR 255 (GIC_INVALID_LR) if the interrupt was injected once. This
++ is because gic_update_one_lr will reset p->lr.
++
++Reading LR 0 will result to potentially update the wrong interrupt and
++not keep the LRs in sync with Xen.
++
++Reading LR 255 will result to:
++ * Crash Xen on GICv3 as the LR index is bigger than supported (see
++ gicv3_ich_read_lr).
++ * Read/write always GICH_LR + 255 * 4 that is not part of the memory
++ mapped.
++
++The problem can be prevented by checking whether the interrupt is
++enabled in gic_raise_inflight_irq before calling gic_update_one_lr.
++
++A follow-up of this patch is expected to mitigate the issue in the
++future.
++
++This is XSA-223.
++
++Reported-by: Julien Grall <julien.grall@arm.com>
++Signed-off-by: Julien Grall <julien.grall@arm.com>
++Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
++
++---
++
++--- xen-4.8.1.orig/xen/arch/arm/gic.c
+++++ xen-4.8.1/xen/arch/arm/gic.c
++@@ -418,6 +418,10 @@ void gic_raise_inflight_irq(struct vcpu
++
++ ASSERT(spin_is_locked(&v->arch.vgic.lock));
++
+++ /* Don't try to update the LR if the interrupt is disabled */
+++ if ( !test_bit(GIC_IRQ_GUEST_ENABLED, &n->status) )
+++ return;
+++
++ if ( list_empty(&n->lr_queue) )
++ {
++ if ( v == current )
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Thu, 7 Sep 2017 18:19:26 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u3 6cb32448a8e4317a97b8aa1fbd5e28de71febb5a
++Subject: arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
++
++Commit 55021ff9ab ("xen/arm: add_to_physmap_one: Avoid to map mfn 0 if
++an error occurs") introduced error paths not releasing the grant table
++lock. Replace them by a suitable check after the lock was dropped.
++
++This is XSA-235.
++
++Reported-by: Wei Liu <wei.liu2@citrix.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++Reviewed-by: Julien Grall <julien.grall@arm.com>
++
++---
++
++--- xen-4.8.1.orig/xen/arch/arm/mm.c
+++++ xen-4.8.1/xen/arch/arm/mm.c
++@@ -1112,7 +1112,7 @@ int xenmem_add_to_physmap_one(
++ if ( idx < nr_status_frames(d->grant_table) )
++ mfn = virt_to_mfn(d->grant_table->status[idx]);
++ else
++- return -EINVAL;
+++ mfn = mfn_x(INVALID_MFN);
++ }
++ else
++ {
++@@ -1123,14 +1123,21 @@ int xenmem_add_to_physmap_one(
++ if ( idx < nr_grant_frames(d->grant_table) )
++ mfn = virt_to_mfn(d->grant_table->shared_raw[idx]);
++ else
++- return -EINVAL;
+++ mfn = mfn_x(INVALID_MFN);
++ }
++
++- d->arch.grant_table_gfn[idx] = gfn;
+++ if ( mfn != mfn_x(INVALID_MFN) )
+++ {
+++ d->arch.grant_table_gfn[idx] = gfn;
++
++- t = p2m_ram_rw;
+++ t = p2m_ram_rw;
+++ }
++
++ grant_write_unlock(d->grant_table);
+++
+++ if ( mfn == mfn_x(INVALID_MFN) )
+++ return -EINVAL;
+++
++ break;
++ case XENMAPSPACE_shared_info:
++ if ( idx != 0 )
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:46:45 +0200
++X-Dgit-Generated: 4.8.1-1 a376dc60f2926c349685de141c3993c7d791a494
++Subject: config-prefix.diff
++
++Patch-Name: config-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/Config.mk
+++++ xen-4.8.1/Config.mk
++@@ -82,7 +82,7 @@ EXTRA_LIB += $(EXTRA_PREFIX)/lib
++ endif
++
++ PYTHON ?= python
++-PYTHON_PREFIX_ARG ?= --prefix="$(prefix)"
+++PYTHON_PREFIX_ARG ?= --home="$(LIBEXEC)"
++ # The above requires that prefix contains *no spaces*. This variable is here
++ # to permit the user to set PYTHON_PREFIX_ARG to '' to workaround this bug:
++ # https://bugs.launchpad.net/ubuntu/+bug/362570
++--- xen-4.8.1.orig/config/Paths.mk.in
+++++ xen-4.8.1/config/Paths.mk.in
++@@ -13,6 +13,7 @@
++ # http://wiki.xen.org/wiki/Category:Host_Configuration#System_wide_xen_configuration
++
++ PACKAGE_TARNAME := @PACKAGE_TARNAME@
+++PACKAGE_VERSION := @PACKAGE_VERSION@
++ prefix := @prefix@
++ bindir := @bindir@
++ sbindir := @sbindir@
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Tue, 20 Jun 2017 13:24:06 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 bd58decc7c116363753450f3c281c6b7f6b3c721
++Subject: evtchn: avoid NULL derefs
++
++Commit fbbd5009e6 ("evtchn: refactor low-level event channel port ops")
++added a de-reference of the struct evtchn pointer for a port without
++first making sure the bucket pointer is non-NULL. This de-reference is
++actually entirely unnecessary, as all relevant callers (beyond the
++problematic do_poll()) already hold the port number in their hands, and
++the actual leaf functions need nothing else.
++
++For FIFO event channels there's a second problem in that the ordering
++of reads and updates to ->num_evtchns and ->event_array[] was so far
++undefined (the read side isn't always holding the domain's event lock).
++Add respective barriers.
++
++This is XSA-221.
++
++Reported-by: Ankur Arora <ankur.a.arora@oracle.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++
++---
++
++--- xen-4.8.1.orig/xen/arch/x86/irq.c
+++++ xen-4.8.1/xen/arch/x86/irq.c
++@@ -1487,7 +1487,7 @@ int pirq_guest_unmask(struct domain *d)
++ {
++ pirq = pirqs[i]->pirq;
++ if ( pirqs[i]->masked &&
++- !evtchn_port_is_masked(d, evtchn_from_port(d, pirqs[i]->evtchn)) )
+++ !evtchn_port_is_masked(d, pirqs[i]->evtchn) )
++ pirq_guest_eoi(pirqs[i]);
++ }
++ } while ( ++pirq < d->nr_pirqs && n == ARRAY_SIZE(pirqs) );
++@@ -2245,7 +2245,6 @@ static void dump_irqs(unsigned char key)
++ int i, irq, pirq;
++ struct irq_desc *desc;
++ irq_guest_action_t *action;
++- struct evtchn *evtchn;
++ struct domain *d;
++ const struct pirq *info;
++ unsigned long flags;
++@@ -2288,11 +2287,10 @@ static void dump_irqs(unsigned char key)
++ d = action->guest[i];
++ pirq = domain_irq_to_pirq(d, irq);
++ info = pirq_info(d, pirq);
++- evtchn = evtchn_from_port(d, info->evtchn);
++ printk("%u:%3d(%c%c%c)",
++ d->domain_id, pirq,
++- (evtchn_port_is_pending(d, evtchn) ? 'P' : '-'),
++- (evtchn_port_is_masked(d, evtchn) ? 'M' : '-'),
+++ evtchn_port_is_pending(d, info->evtchn) ? 'P' : '-',
+++ evtchn_port_is_masked(d, info->evtchn) ? 'M' : '-',
++ (info->masked ? 'M' : '-'));
++ if ( i != action->nr_guests )
++ printk(",");
++--- xen-4.8.1.orig/xen/common/event_2l.c
+++++ xen-4.8.1/xen/common/event_2l.c
++@@ -62,16 +62,20 @@ static void evtchn_2l_unmask(struct doma
++ }
++ }
++
++-static bool_t evtchn_2l_is_pending(struct domain *d,
++- const struct evtchn *evtchn)
+++static bool_t evtchn_2l_is_pending(struct domain *d, evtchn_port_t port)
++ {
++- return test_bit(evtchn->port, &shared_info(d, evtchn_pending));
+++ unsigned int max_ports = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d);
+++
+++ ASSERT(port < max_ports);
+++ return port < max_ports && test_bit(port, &shared_info(d, evtchn_pending));
++ }
++
++-static bool_t evtchn_2l_is_masked(struct domain *d,
++- const struct evtchn *evtchn)
+++static bool_t evtchn_2l_is_masked(struct domain *d, evtchn_port_t port)
++ {
++- return test_bit(evtchn->port, &shared_info(d, evtchn_mask));
+++ unsigned int max_ports = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d);
+++
+++ ASSERT(port < max_ports);
+++ return port >= max_ports || test_bit(port, &shared_info(d, evtchn_mask));
++ }
++
++ static void evtchn_2l_print_state(struct domain *d,
++--- xen-4.8.1.orig/xen/common/event_channel.c
+++++ xen-4.8.1/xen/common/event_channel.c
++@@ -1381,8 +1381,8 @@ static void domain_dump_evtchn_info(stru
++
++ printk(" %4u [%d/%d/",
++ port,
++- !!evtchn_port_is_pending(d, chn),
++- !!evtchn_port_is_masked(d, chn));
+++ evtchn_port_is_pending(d, port),
+++ evtchn_port_is_masked(d, port));
++ evtchn_port_print_state(d, chn);
++ printk("]: s=%d n=%d x=%d",
++ chn->state, chn->notify_vcpu_id, chn->xen_consumer);
++--- xen-4.8.1.orig/xen/common/event_fifo.c
+++++ xen-4.8.1/xen/common/event_fifo.c
++@@ -28,6 +28,12 @@ static inline event_word_t *evtchn_fifo_
++ if ( unlikely(port >= d->evtchn_fifo->num_evtchns) )
++ return NULL;
++
+++ /*
+++ * Callers aren't required to hold d->event_lock, so we need to synchronize
+++ * with add_page_to_event_array().
+++ */
+++ smp_rmb();
+++
++ p = port / EVTCHN_FIFO_EVENT_WORDS_PER_PAGE;
++ w = port % EVTCHN_FIFO_EVENT_WORDS_PER_PAGE;
++
++@@ -288,24 +294,22 @@ static void evtchn_fifo_unmask(struct do
++ evtchn_fifo_set_pending(v, evtchn);
++ }
++
++-static bool_t evtchn_fifo_is_pending(struct domain *d,
++- const struct evtchn *evtchn)
+++static bool_t evtchn_fifo_is_pending(struct domain *d, evtchn_port_t port)
++ {
++ event_word_t *word;
++
++- word = evtchn_fifo_word_from_port(d, evtchn->port);
+++ word = evtchn_fifo_word_from_port(d, port);
++ if ( unlikely(!word) )
++ return 0;
++
++ return test_bit(EVTCHN_FIFO_PENDING, word);
++ }
++
++-static bool_t evtchn_fifo_is_masked(struct domain *d,
++- const struct evtchn *evtchn)
+++static bool_t evtchn_fifo_is_masked(struct domain *d, evtchn_port_t port)
++ {
++ event_word_t *word;
++
++- word = evtchn_fifo_word_from_port(d, evtchn->port);
+++ word = evtchn_fifo_word_from_port(d, port);
++ if ( unlikely(!word) )
++ return 1;
++
++@@ -594,6 +598,10 @@ static int add_page_to_event_array(struc
++ return rc;
++
++ d->evtchn_fifo->event_array[slot] = virt;
+++
+++ /* Synchronize with evtchn_fifo_word_from_port(). */
+++ smp_wmb();
+++
++ d->evtchn_fifo->num_evtchns += EVTCHN_FIFO_EVENT_WORDS_PER_PAGE;
++
++ /*
++--- xen-4.8.1.orig/xen/common/schedule.c
+++++ xen-4.8.1/xen/common/schedule.c
++@@ -955,7 +955,7 @@ static long do_poll(struct sched_poll *s
++ goto out;
++
++ rc = 0;
++- if ( evtchn_port_is_pending(d, evtchn_from_port(d, port)) )
+++ if ( evtchn_port_is_pending(d, port) )
++ goto out;
++ }
++
++--- xen-4.8.1.orig/xen/include/xen/event.h
+++++ xen-4.8.1/xen/include/xen/event.h
++@@ -137,8 +137,8 @@ struct evtchn_port_ops {
++ void (*set_pending)(struct vcpu *v, struct evtchn *evtchn);
++ void (*clear_pending)(struct domain *d, struct evtchn *evtchn);
++ void (*unmask)(struct domain *d, struct evtchn *evtchn);
++- bool_t (*is_pending)(struct domain *d, const struct evtchn *evtchn);
++- bool_t (*is_masked)(struct domain *d, const struct evtchn *evtchn);
+++ bool_t (*is_pending)(struct domain *d, evtchn_port_t port);
+++ bool_t (*is_masked)(struct domain *d, evtchn_port_t port);
++ /*
++ * Is the port unavailable because it's still being cleaned up
++ * after being closed?
++@@ -175,15 +175,15 @@ static inline void evtchn_port_unmask(st
++ }
++
++ static inline bool_t evtchn_port_is_pending(struct domain *d,
++- const struct evtchn *evtchn)
+++ evtchn_port_t port)
++ {
++- return d->evtchn_port_ops->is_pending(d, evtchn);
+++ return d->evtchn_port_ops->is_pending(d, port);
++ }
++
++ static inline bool_t evtchn_port_is_masked(struct domain *d,
++- const struct evtchn *evtchn)
+++ evtchn_port_t port)
++ {
++- return d->evtchn_port_ops->is_masked(d, evtchn);
+++ return d->evtchn_port_ops->is_masked(d, port);
++ }
++
++ static inline bool_t evtchn_port_is_busy(struct domain *d, evtchn_port_t port)
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Thu, 15 Jun 2017 16:25:27 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 82a12bfd92a12b98d861585a1b3b2dee64495b6a
++Subject: gnttab: __gnttab_unmap_common_complete() is all-or-nothing
++
++All failures have to be detected in __gnttab_unmap_common(), the
++completion function must not skip part of its processing. In particular
++the GNTMAP_device_map related putting of page references and adjustment
++of pin count must not occur if __gnttab_unmap_common() signaled an
++error. Furthermore the function must not make adjustments to global
++state (here: clearing GNTTAB_device_map) before all possibly failing
++operations have been performed.
++
++There's one exception for IOMMU related failures: As IOMMU manipulation
++occurs after GNTMAP_*_map have been cleared already, the related page
++reference and pin count adjustments need to be done nevertheless. A
++fundamental requirement for the correctness of this is that
++iommu_{,un}map_page() crash any affected DomU in case of failure.
++
++The version check appears to be pointless (or could perhaps be a
++BUG_ON() or ASSERT()), but for the moment also move it.
++
++This is part of XSA-224.
++
++Reported-by: Jan Beulich <jbeulich@suse.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++
++---
++
++--- xen-4.8.1.orig/xen/common/grant_table.c
+++++ xen-4.8.1/xen/common/grant_table.c
++@@ -96,7 +96,7 @@ struct gnttab_unmap_common {
++ int16_t status;
++
++ /* Shared state beteen *_unmap and *_unmap_complete */
++- u16 flags;
+++ u16 done;
++ unsigned long frame;
++ struct domain *rd;
++ grant_ref_t ref;
++@@ -948,7 +948,8 @@ __gnttab_map_grant_ref(
++ refcnt++;
++ }
++
++- if ( gnttab_host_mapping_get_page_type(op, ld, rd) )
+++ if ( gnttab_host_mapping_get_page_type(op->flags & GNTMAP_readonly,
+++ ld, rd) )
++ {
++ if ( (owner == dom_cow) ||
++ !get_page_type(pg, PGT_writable_page) )
++@@ -1095,6 +1096,7 @@ __gnttab_unmap_common(
++ struct active_grant_entry *act;
++ s16 rc = 0;
++ struct grant_mapping *map;
+++ unsigned int flags;
++ bool put_handle = false;
++
++ ld = current->domain;
++@@ -1145,6 +1147,20 @@ __gnttab_unmap_common(
++
++ grant_read_lock(rgt);
++
+++ if ( rgt->gt_version == 0 )
+++ {
+++ /*
+++ * This ought to be impossible, as such a mapping should not have
+++ * been established (see the nr_grant_entries(rgt) bounds check in
+++ * __gnttab_map_grant_ref()). Doing this check only in
+++ * __gnttab_unmap_common_complete() - as it used to be done - would,
+++ * however, be too late.
+++ */
+++ rc = GNTST_bad_gntref;
+++ flags = 0;
+++ goto unlock_out;
+++ }
+++
++ op->rd = rd;
++ op->ref = map->ref;
++
++@@ -1160,6 +1176,7 @@ __gnttab_unmap_common(
++ {
++ gdprintk(XENLOG_WARNING, "Unstable handle %u\n", op->handle);
++ rc = GNTST_bad_handle;
+++ flags = 0;
++ goto unlock_out;
++ }
++
++@@ -1173,9 +1190,9 @@ __gnttab_unmap_common(
++ * hold anyway; see docs/misc/grant-tables.txt's "Locking" section.
++ */
++
++- op->flags = read_atomic(&map->flags);
+++ flags = read_atomic(&map->flags);
++ smp_rmb();
++- if ( unlikely(!op->flags) || unlikely(map->domid != dom) ||
+++ if ( unlikely(!flags) || unlikely(map->domid != dom) ||
++ unlikely(map->ref != op->ref) )
++ {
++ gdprintk(XENLOG_WARNING, "Unstable handle %#x\n", op->handle);
++@@ -1185,24 +1202,27 @@ __gnttab_unmap_common(
++
++ op->frame = act->frame;
++
++- if ( op->dev_bus_addr )
++- {
++- if ( unlikely(op->dev_bus_addr != pfn_to_paddr(act->frame)) )
++- PIN_FAIL(act_release_out, GNTST_general_error,
++- "Bus address doesn't match gntref (%"PRIx64" != %"PRIpaddr")\n",
++- op->dev_bus_addr, pfn_to_paddr(act->frame));
++-
++- map->flags &= ~GNTMAP_device_map;
++- }
+++ if ( op->dev_bus_addr &&
+++ unlikely(op->dev_bus_addr != pfn_to_paddr(act->frame)) )
+++ PIN_FAIL(act_release_out, GNTST_general_error,
+++ "Bus address doesn't match gntref (%"PRIx64" != %"PRIpaddr")\n",
+++ op->dev_bus_addr, pfn_to_paddr(act->frame));
++
++- if ( (op->host_addr != 0) && (op->flags & GNTMAP_host_map) )
+++ if ( op->host_addr && (flags & GNTMAP_host_map) )
++ {
++ if ( (rc = replace_grant_host_mapping(op->host_addr,
++ op->frame, op->new_addr,
++- op->flags)) < 0 )
+++ flags)) < 0 )
++ goto act_release_out;
++
++ map->flags &= ~GNTMAP_host_map;
+++ op->done |= GNTMAP_host_map | (flags & GNTMAP_readonly);
+++ }
+++
+++ if ( op->dev_bus_addr && (flags & GNTMAP_device_map) )
+++ {
+++ map->flags &= ~GNTMAP_device_map;
+++ op->done |= GNTMAP_device_map | (flags & GNTMAP_readonly);
++ }
++
++ if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) )
++@@ -1239,7 +1259,7 @@ __gnttab_unmap_common(
++ }
++
++ /* If just unmapped a writable mapping, mark as dirtied */
++- if ( rc == GNTST_okay && !(op->flags & GNTMAP_readonly) )
+++ if ( rc == GNTST_okay && !(flags & GNTMAP_readonly) )
++ gnttab_mark_dirty(rd, op->frame);
++
++ op->status = rc;
++@@ -1256,13 +1276,9 @@ __gnttab_unmap_common_complete(struct gn
++ struct page_info *pg;
++ uint16_t *status;
++
++- if ( rd == NULL )
+++ if ( !op->done )
++ {
++- /*
++- * Suggests that __gntab_unmap_common failed in
++- * rcu_lock_domain_by_id() or earlier, and so we have nothing
++- * to complete
++- */
+++ /* __gntab_unmap_common() didn't do anything - nothing to complete. */
++ return;
++ }
++
++@@ -1272,8 +1288,6 @@ __gnttab_unmap_common_complete(struct gn
++ rgt = rd->grant_table;
++
++ grant_read_lock(rgt);
++- if ( rgt->gt_version == 0 )
++- goto unlock_out;
++
++ act = active_entry_acquire(rgt, op->ref);
++ sha = shared_entry_header(rgt, op->ref);
++@@ -1283,72 +1297,50 @@ __gnttab_unmap_common_complete(struct gn
++ else
++ status = &status_entry(rgt, op->ref);
++
++- if ( op->dev_bus_addr &&
++- unlikely(op->dev_bus_addr != pfn_to_paddr(act->frame)) )
++- {
++- /*
++- * Suggests that __gntab_unmap_common failed early and so
++- * nothing further to do
++- */
++- goto act_release_out;
++- }
++-
++ pg = mfn_to_page(op->frame);
++
++- if ( op->dev_bus_addr && (op->flags & GNTMAP_device_map) )
+++ if ( op->done & GNTMAP_device_map )
++ {
++ if ( !is_iomem_page(act->frame) )
++ {
++- if ( op->flags & GNTMAP_readonly )
+++ if ( op->done & GNTMAP_readonly )
++ put_page(pg);
++ else
++ put_page_and_type(pg);
++ }
++
++ ASSERT(act->pin & (GNTPIN_devw_mask | GNTPIN_devr_mask));
++- if ( op->flags & GNTMAP_readonly )
+++ if ( op->done & GNTMAP_readonly )
++ act->pin -= GNTPIN_devr_inc;
++ else
++ act->pin -= GNTPIN_devw_inc;
++ }
++
++- if ( (op->host_addr != 0) && (op->flags & GNTMAP_host_map) )
+++ if ( op->done & GNTMAP_host_map )
++ {
++- if ( op->status != 0 )
+++ if ( !is_iomem_page(op->frame) )
++ {
++- /*
++- * Suggests that __gntab_unmap_common failed in
++- * replace_grant_host_mapping() or IOMMU handling, so nothing
++- * further to do (short of re-establishing the mapping in the
++- * latter case).
++- */
++- goto act_release_out;
++- }
++-
++- if ( !is_iomem_page(op->frame) )
++- {
++- if ( gnttab_host_mapping_get_page_type(op, ld, rd) )
+++ if ( gnttab_host_mapping_get_page_type(op->done & GNTMAP_readonly,
+++ ld, rd) )
++ put_page_type(pg);
++ put_page(pg);
++ }
++
++ ASSERT(act->pin & (GNTPIN_hstw_mask | GNTPIN_hstr_mask));
++- if ( op->flags & GNTMAP_readonly )
+++ if ( op->done & GNTMAP_readonly )
++ act->pin -= GNTPIN_hstr_inc;
++ else
++ act->pin -= GNTPIN_hstw_inc;
++ }
++
++ if ( ((act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask)) == 0) &&
++- !(op->flags & GNTMAP_readonly) )
+++ !(op->done & GNTMAP_readonly) )
++ gnttab_clear_flag(_GTF_writing, status);
++
++ if ( act->pin == 0 )
++ gnttab_clear_flag(_GTF_reading, status);
++
++- act_release_out:
++ active_entry_release(act);
++- unlock_out:
++ grant_read_unlock(rgt);
++
++ rcu_unlock_domain(rd);
++@@ -1364,6 +1356,7 @@ __gnttab_unmap_grant_ref(
++ common->handle = op->handle;
++
++ /* Intialise these in case common contains old state */
+++ common->done = 0;
++ common->new_addr = 0;
++ common->rd = NULL;
++ common->frame = 0;
++@@ -1429,6 +1422,7 @@ __gnttab_unmap_and_replace(
++ common->handle = op->handle;
++
++ /* Intialise these in case common contains old state */
+++ common->done = 0;
++ common->dev_bus_addr = 0;
++ common->rd = NULL;
++ common->frame = 0;
++@@ -3388,7 +3382,9 @@ gnttab_release_mappings(
++ if ( gnttab_release_host_mappings(d) &&
++ !is_iomem_page(act->frame) )
++ {
++- if ( gnttab_host_mapping_get_page_type(map, d, rd) )
+++ if ( gnttab_host_mapping_get_page_type((map->flags &
+++ GNTMAP_readonly),
+++ d, rd) )
++ put_page_type(pg);
++ put_page(pg);
++ }
++--- xen-4.8.1.orig/xen/include/asm-arm/grant_table.h
+++++ xen-4.8.1/xen/include/asm-arm/grant_table.h
++@@ -9,7 +9,7 @@ void gnttab_clear_flag(unsigned long nr,
++ int create_grant_host_mapping(unsigned long gpaddr,
++ unsigned long mfn, unsigned int flags, unsigned int
++ cache_flags);
++-#define gnttab_host_mapping_get_page_type(op, d, rd) (0)
+++#define gnttab_host_mapping_get_page_type(ro, ld, rd) (0)
++ int replace_grant_host_mapping(unsigned long gpaddr, unsigned long mfn,
++ unsigned long new_gpaddr, unsigned int flags);
++ void gnttab_mark_dirty(struct domain *d, unsigned long l);
++--- xen-4.8.1.orig/xen/include/asm-x86/grant_table.h
+++++ xen-4.8.1/xen/include/asm-x86/grant_table.h
++@@ -58,9 +58,8 @@ static inline void gnttab_clear_flag(uns
++ }
++
++ /* Foreign mappings of HHVM-guest pages do not modify the type count. */
++-#define gnttab_host_mapping_get_page_type(op, ld, rd) \
++- (!((op)->flags & GNTMAP_readonly) && \
++- (((ld) == (rd)) || !paging_mode_external(rd)))
+++#define gnttab_host_mapping_get_page_type(ro, ld, rd) \
+++ (!(ro) && (((ld) == (rd)) || !paging_mode_external(rd)))
++
++ /* Done implicitly when page tables are destroyed. */
++ #define gnttab_release_host_mappings(domain) ( paging_mode_external(domain) )
--- /dev/null
--- /dev/null
++From: George Dunlap <george.dunlap@citrix.com>
++Date: Thu, 15 Jun 2017 12:05:14 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 e1db06b5ebcafb09b16cf9c77d7d453a5d05a805
++Subject: gnttab: Avoid potential double-put of maptrack entry
++
++Each grant mapping for a particular domain is tracked by an in-Xen
++"maptrack" entry. This entry is is referenced by a "handle", which is
++given to the guest when it calls gnttab_map_grant_ref().
++
++There are two types of mapping a particular handle can refer to:
++GNTMAP_host_map and GNTMAP_device_map. A given
++gnttab_unmap_grant_ref() call can remove either only one or both of
++these entries. When a particular handle has no entries left, it must
++be freed.
++
++gnttab_unmap_grant_ref() loops through its grant unmap request list
++twice. It first removes entries from any host pagetables and (if
++appropraite) iommus; then it does a single domain TLB flush; then it
++does the clean-up, including telling the granter that entries are no
++longer being used (if appropriate).
++
++At the moment, it's during the first pass that the maptrack flags are
++cleared, but the second pass that the maptrack entry is freed.
++
++Unfortunately this allows the following race, which results in a
++double-free:
++
++ A: (pass 1) clear host_map
++ B: (pass 1) clear device_map
++ A: (pass 2) See that maptrack entry has no mappings, free it
++ B: (pass 2) See that maptrack entry has no mappings, free it #
++
++Unfortunately, unlike the active entry pinning update, we can't simply
++move the maptrack flag changes to the second half, because the
++maptrack flags are used to determine if iommu entries need to be
++added: a domain's iommu must never have fewer permissions than the
++maptrack flags indicate, or a subsequent map_grant_ref() might fail to
++add the necessary iommu entries.
++
++Instead, free the maptrack entry in the first pass if there are no
++further mappings.
++
++This is part of XSA-218.
++
++Reported-by: Jan Beulich <jbeulich.com>
++Signed-off-by: George Dunlap <george.dunlap@citrix.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++
++---
++
++--- xen-4.8.1.orig/xen/common/grant_table.c
+++++ xen-4.8.1/xen/common/grant_table.c
++@@ -98,8 +98,8 @@ struct gnttab_unmap_common {
++ /* Shared state beteen *_unmap and *_unmap_complete */
++ u16 flags;
++ unsigned long frame;
++- struct grant_mapping *map;
++ struct domain *rd;
+++ grant_ref_t ref;
++ };
++
++ /* Number of unmap operations that are done between each tlb flush */
++@@ -1079,6 +1079,8 @@ __gnttab_unmap_common(
++ struct grant_table *lgt, *rgt;
++ struct active_grant_entry *act;
++ s16 rc = 0;
+++ struct grant_mapping *map;
+++ bool put_handle = false;
++
++ ld = current->domain;
++ lgt = ld->grant_table;
++@@ -1092,11 +1094,11 @@ __gnttab_unmap_common(
++ return;
++ }
++
++- op->map = &maptrack_entry(lgt, op->handle);
+++ map = &maptrack_entry(lgt, op->handle);
++
++ grant_read_lock(lgt);
++
++- if ( unlikely(!read_atomic(&op->map->flags)) )
+++ if ( unlikely(!read_atomic(&map->flags)) )
++ {
++ grant_read_unlock(lgt);
++ gdprintk(XENLOG_INFO, "Zero flags for handle (%d).\n", op->handle);
++@@ -1104,7 +1106,7 @@ __gnttab_unmap_common(
++ return;
++ }
++
++- dom = op->map->domid;
+++ dom = map->domid;
++ grant_read_unlock(lgt);
++
++ if ( unlikely((rd = rcu_lock_domain_by_id(dom)) == NULL) )
++@@ -1129,16 +1131,43 @@ __gnttab_unmap_common(
++
++ grant_read_lock(rgt);
++
++- op->flags = read_atomic(&op->map->flags);
++- if ( unlikely(!op->flags) || unlikely(op->map->domid != dom) )
+++ op->rd = rd;
+++ op->ref = map->ref;
+++
+++ /*
+++ * We can't assume there was no racing unmap for this maptrack entry,
+++ * and hence we can't assume map->ref is valid for rd. While the checks
+++ * below (with the active entry lock held) will reject any such racing
+++ * requests, we still need to make sure we don't attempt to acquire an
+++ * invalid lock.
+++ */
+++ smp_rmb();
+++ if ( unlikely(op->ref >= nr_grant_entries(rgt)) )
++ {
++ gdprintk(XENLOG_WARNING, "Unstable handle %u\n", op->handle);
++ rc = GNTST_bad_handle;
++- goto unmap_out;
+++ goto unlock_out;
++ }
++
++- op->rd = rd;
++- act = active_entry_acquire(rgt, op->map->ref);
+++ act = active_entry_acquire(rgt, op->ref);
+++
+++ /*
+++ * Note that we (ab)use the active entry lock here to protect against
+++ * multiple unmaps of the same mapping here. We don't want to hold lgt's
+++ * lock, and we only hold rgt's lock for reading (but the latter wouldn't
+++ * be the right one anyway). Hence the easiest is to rely on a lock we
+++ * hold anyway; see docs/misc/grant-tables.txt's "Locking" section.
+++ */
+++
+++ op->flags = read_atomic(&map->flags);
+++ smp_rmb();
+++ if ( unlikely(!op->flags) || unlikely(map->domid != dom) ||
+++ unlikely(map->ref != op->ref) )
+++ {
+++ gdprintk(XENLOG_WARNING, "Unstable handle %#x\n", op->handle);
+++ rc = GNTST_bad_handle;
+++ goto act_release_out;
+++ }
++
++ if ( op->frame == 0 )
++ {
++@@ -1151,7 +1180,7 @@ __gnttab_unmap_common(
++ "Bad frame number doesn't match gntref. (%lx != %lx)\n",
++ op->frame, act->frame);
++
++- op->map->flags &= ~GNTMAP_device_map;
+++ map->flags &= ~GNTMAP_device_map;
++ }
++
++ if ( (op->host_addr != 0) && (op->flags & GNTMAP_host_map) )
++@@ -1161,14 +1190,23 @@ __gnttab_unmap_common(
++ op->flags)) < 0 )
++ goto act_release_out;
++
++- op->map->flags &= ~GNTMAP_host_map;
+++ map->flags &= ~GNTMAP_host_map;
+++ }
+++
+++ if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) )
+++ {
+++ map->flags = 0;
+++ put_handle = true;
++ }
++
++ act_release_out:
++ active_entry_release(act);
++- unmap_out:
+++ unlock_out:
++ grant_read_unlock(rgt);
++
+++ if ( put_handle )
+++ put_maptrack_handle(lgt, op->handle);
+++
++ if ( rc == GNTST_okay && gnttab_need_iommu_mapping(ld) )
++ {
++ unsigned int kind;
++@@ -1205,7 +1243,6 @@ __gnttab_unmap_common_complete(struct gn
++ grant_entry_header_t *sha;
++ struct page_info *pg;
++ uint16_t *status;
++- bool_t put_handle = 0;
++
++ if ( rd == NULL )
++ {
++@@ -1226,13 +1263,13 @@ __gnttab_unmap_common_complete(struct gn
++ if ( rgt->gt_version == 0 )
++ goto unlock_out;
++
++- act = active_entry_acquire(rgt, op->map->ref);
++- sha = shared_entry_header(rgt, op->map->ref);
+++ act = active_entry_acquire(rgt, op->ref);
+++ sha = shared_entry_header(rgt, op->ref);
++
++ if ( rgt->gt_version == 1 )
++ status = &sha->flags;
++ else
++- status = &status_entry(rgt, op->map->ref);
+++ status = &status_entry(rgt, op->ref);
++
++ if ( unlikely(op->frame != act->frame) )
++ {
++@@ -1289,9 +1326,6 @@ __gnttab_unmap_common_complete(struct gn
++ act->pin -= GNTPIN_hstw_inc;
++ }
++
++- if ( (op->map->flags & (GNTMAP_device_map|GNTMAP_host_map)) == 0 )
++- put_handle = 1;
++-
++ if ( ((act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask)) == 0) &&
++ !(op->flags & GNTMAP_readonly) )
++ gnttab_clear_flag(_GTF_writing, status);
++@@ -1304,11 +1338,6 @@ __gnttab_unmap_common_complete(struct gn
++ unlock_out:
++ grant_read_unlock(rgt);
++
++- if ( put_handle )
++- {
++- op->map->flags = 0;
++- put_maptrack_handle(ld->grant_table, op->handle);
++- }
++ rcu_unlock_domain(rd);
++ }
++
--- /dev/null
--- /dev/null
++From: George Dunlap <george.dunlap@citrix.com>
++Date: Fri, 2 Jun 2017 15:21:27 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 3561a445755b055d940e91df7fdaff18d2613fd5
++Subject: gnttab: correct logic to get page references during map requests
++
++The rules for reference counting are somewhat complicated:
++
++* Each of GNTTAB_host_map and GNTTAB_device_map need their own
++reference count
++
++* If the mapping is writeable:
++ - GNTTAB_host_map needs a type count under only some conditions
++ - GNTTAB_device_map always needs a type count
++
++If the mapping succeeds, we need to keep all of these; if the mapping
++fails, we need to release whatever references we have acquired so far.
++
++Additionally, the code that does a lot of this calculation "inherits"
++a reference as part of the process of finding out who the owner is.
++
++Finally, if the grant is mapped as writeable (without the
++GNTMAP_readonly flag), but the hypervisor cannot grab a
++PGT_writeable_page type, the entire operation should fail.
++
++Unfortunately, the current code has several logic holes:
++
++* If a grant is mapped only GNTTAB_device_map, and with a writeable
++ mapping, but in conditions where a *host* type count is not
++ necessary, the code will fail to grab the necessary type count.
++
++* If a grant is mapped both GNTTAB_device_map and GNTTAB_host_map,
++ with a writeable mapping, in conditions where the host type count is
++ not necessary, *and* where the page cannot be changed to type
++ PGT_writeable, the condition will not be detected.
++
++In both cases, this means that on success, the type count will be
++erroneously reduced when the grant is unmapped. In the second case,
++the type count will be erroneously reduced on the failure path as
++well. (In the first case the failure path logic has the same hole
++as the reference grabbing logic.)
++
++Additionally, the return value of get_page() is not checked; but this
++may fail even if the first get_page() succeeded due to a reference
++counting overflow.
++
++First of all, simplify the restoration logic by explicitly counting
++the reference and type references acquired.
++
++Consider each mapping type separately, explicitly marking the
++'incoming' reference as used so we know when we need to grab a second
++one.
++
++Finally, always check the return value of get_page[_type]() and go to
++the failure path if appropriate.
++
++This is part of XSA-224.
++
++Reported-by: Jan Beulich <jbeulich@suse.com>
++Signed-off-by: George Dunlap <george.dunlap@citrix.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++
++---
++
++--- xen-4.8.1.orig/xen/common/grant_table.c
+++++ xen-4.8.1/xen/common/grant_table.c
++@@ -758,12 +758,12 @@ __gnttab_map_grant_ref(
++ struct grant_table *lgt, *rgt;
++ struct vcpu *led;
++ int handle;
++- unsigned long frame = 0, nr_gets = 0;
+++ unsigned long frame = 0;
++ struct page_info *pg = NULL;
++ int rc = GNTST_okay;
++ u32 old_pin;
++ u32 act_pin;
++- unsigned int cache_flags;
+++ unsigned int cache_flags, refcnt = 0, typecnt = 0;
++ struct active_grant_entry *act = NULL;
++ struct grant_mapping *mt;
++ grant_entry_header_t *shah;
++@@ -889,11 +889,17 @@ __gnttab_map_grant_ref(
++ else
++ owner = page_get_owner(pg);
++
+++ if ( owner )
+++ refcnt++;
+++
++ if ( !pg || (owner == dom_io) )
++ {
++ /* Only needed the reference to confirm dom_io ownership. */
++ if ( pg )
+++ {
++ put_page(pg);
+++ refcnt--;
+++ }
++
++ if ( paging_mode_external(ld) )
++ {
++@@ -921,27 +927,38 @@ __gnttab_map_grant_ref(
++ }
++ else if ( owner == rd || owner == dom_cow )
++ {
++- if ( gnttab_host_mapping_get_page_type(op, ld, rd) )
+++ if ( (op->flags & GNTMAP_device_map) && !(op->flags & GNTMAP_readonly) )
++ {
++ if ( (owner == dom_cow) ||
++ !get_page_type(pg, PGT_writable_page) )
++ goto could_not_pin;
+++ typecnt++;
++ }
++
++- nr_gets++;
++ if ( op->flags & GNTMAP_host_map )
++ {
++- rc = create_grant_host_mapping(op->host_addr, frame, op->flags, 0);
++- if ( rc != GNTST_okay )
++- goto undo_out;
++-
+++ /*
+++ * Only need to grab another reference if device_map claimed
+++ * the other one.
+++ */
++ if ( op->flags & GNTMAP_device_map )
++ {
++- nr_gets++;
++- (void)get_page(pg, rd);
++- if ( !(op->flags & GNTMAP_readonly) )
++- get_page_type(pg, PGT_writable_page);
+++ if ( !get_page(pg, rd) )
+++ goto could_not_pin;
+++ refcnt++;
++ }
+++
+++ if ( gnttab_host_mapping_get_page_type(op, ld, rd) )
+++ {
+++ if ( (owner == dom_cow) ||
+++ !get_page_type(pg, PGT_writable_page) )
+++ goto could_not_pin;
+++ typecnt++;
+++ }
+++
+++ rc = create_grant_host_mapping(op->host_addr, frame, op->flags, 0);
+++ if ( rc != GNTST_okay )
+++ goto undo_out;
++ }
++ }
++ else
++@@ -950,8 +967,6 @@ __gnttab_map_grant_ref(
++ if ( !rd->is_dying )
++ gdprintk(XENLOG_WARNING, "Could not pin grant frame %lx\n",
++ frame);
++- if ( owner != NULL )
++- put_page(pg);
++ rc = GNTST_general_error;
++ goto undo_out;
++ }
++@@ -1014,18 +1029,11 @@ __gnttab_map_grant_ref(
++ return;
++
++ undo_out:
++- if ( nr_gets > 1 )
++- {
++- if ( !(op->flags & GNTMAP_readonly) )
++- put_page_type(pg);
++- put_page(pg);
++- }
++- if ( nr_gets > 0 )
++- {
++- if ( gnttab_host_mapping_get_page_type(op, ld, rd) )
++- put_page_type(pg);
+++ while ( typecnt-- )
+++ put_page_type(pg);
+++
+++ while ( refcnt-- )
++ put_page(pg);
++- }
++
++ grant_read_lock(rgt);
++
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Thu, 15 Jun 2017 12:05:29 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 4303b5a04eb8c48bba4b7082c4c441b404b82474
++Subject: gnttab: correct maptrack table accesses
++
++In order to observe a consistent (limit,pointer-table) pair, the reader
++needs to either hold the maptrack lock (in line with documentation) or
++both sides need to order their accesses suitably (the writer side
++barrier was removed by commit dff515dfea ["gnttab: use per-VCPU
++maptrack free lists"], and a read side barrier has never been there).
++
++Make the writer publish a new table page before limit (for bounds
++checks to work), and new list head last (for racing maptrack_entry()
++invocations to work). At the same time add read barriers to lockless
++readers.
++
++Additionally get_maptrack_handle() must not assume ->maptrack_head to
++not change behind its back: Another handle may be put (updating only
++->maptrack_tail) and then got or stolen (updating ->maptrack_head).
++
++This is part of XSA-218.
++
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++Reviewed-by: George Dunlap <george.dunlap@citrix.com>
++
++---
++
++--- xen-4.8.1.orig/xen/common/grant_table.c
+++++ xen-4.8.1/xen/common/grant_table.c
++@@ -395,7 +395,7 @@ get_maptrack_handle(
++ struct grant_table *lgt)
++ {
++ struct vcpu *curr = current;
++- int i;
+++ unsigned int i, head;
++ grant_handle_t handle;
++ struct grant_mapping *new_mt;
++
++@@ -451,17 +451,20 @@ get_maptrack_handle(
++ new_mt[i].ref = handle + i + 1;
++ new_mt[i].vcpu = curr->vcpu_id;
++ }
++- new_mt[i - 1].ref = curr->maptrack_head;
++
++ /* Set tail directly if this is the first page for this VCPU. */
++ if ( curr->maptrack_tail == MAPTRACK_TAIL )
++ curr->maptrack_tail = handle + MAPTRACK_PER_PAGE - 1;
++
++- write_atomic(&curr->maptrack_head, handle + 1);
++-
++ lgt->maptrack[nr_maptrack_frames(lgt)] = new_mt;
+++ smp_wmb();
++ lgt->maptrack_limit += MAPTRACK_PER_PAGE;
++
+++ do {
+++ new_mt[i - 1].ref = read_atomic(&curr->maptrack_head);
+++ head = cmpxchg(&curr->maptrack_head, new_mt[i - 1].ref, handle + 1);
+++ } while ( head != new_mt[i - 1].ref );
+++
++ spin_unlock(&lgt->maptrack_lock);
++
++ return handle;
++@@ -727,6 +730,7 @@ static unsigned int mapkind(
++ for ( handle = 0; !(kind & MAPKIND_WRITE) &&
++ handle < lgt->maptrack_limit; handle++ )
++ {
+++ smp_rmb();
++ map = &maptrack_entry(lgt, handle);
++ if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ||
++ map->domid != rd->domain_id )
++@@ -1094,6 +1098,7 @@ __gnttab_unmap_common(
++ return;
++ }
++
+++ smp_rmb();
++ map = &maptrack_entry(lgt, op->handle);
++
++ grant_read_lock(lgt);
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Thu, 7 Sep 2017 18:18:50 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u3 56b8a16f699a8d83ef40fef740ffe6f85e9d70b8
++Subject: gnttab: correct pin status fixup for copy
++
++Regardless of copy operations only setting GNTPIN_hst*, GNTPIN_dev*
++also need to be taken into account when deciding whether to clear
++_GTF_{read,writ}ing. At least for consistency with code elsewhere the
++read part better doesn't use any mask at all.
++
++This is XSA-230.
++
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
++
++---
++
++--- xen-4.8.1.orig/xen/common/grant_table.c
+++++ xen-4.8.1/xen/common/grant_table.c
++@@ -2110,10 +2110,10 @@ __release_grant_for_copy(
++ static void __fixup_status_for_copy_pin(const struct active_grant_entry *act,
++ uint16_t *status)
++ {
++- if ( !(act->pin & GNTPIN_hstw_mask) )
+++ if ( !(act->pin & (GNTPIN_hstw_mask | GNTPIN_devw_mask)) )
++ gnttab_clear_flag(_GTF_writing, status);
++
++- if ( !(act->pin & GNTPIN_hstr_mask) )
+++ if ( !act->pin )
++ gnttab_clear_flag(_GTF_reading, status);
++ }
++
++@@ -2348,7 +2348,7 @@ __acquire_grant_for_copy(
++
++ unlock_out_clear:
++ if ( !(readonly) &&
++- !(act->pin & GNTPIN_hstw_mask) )
+++ !(act->pin & (GNTPIN_hstw_mask | GNTPIN_devw_mask)) )
++ gnttab_clear_flag(_GTF_writing, status);
++
++ if ( !act->pin )
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Thu, 7 Sep 2017 18:16:55 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u3 d8321a710e81b0569620e8d380f906be3b66f287
++Subject: gnttab: don't use possibly unbounded tail calls
++
++There is no guarantee that the compiler would actually translate them
++to branches instead of calls, so only ones with a known recursion limit
++are okay:
++- __release_grant_for_copy() can call itself only once, as
++ __acquire_grant_for_copy() won't permit use of multi-level transitive
++ grants,
++- __acquire_grant_for_copy() is fine to call itself with the last
++ argument false, as that prevents further recursion,
++- __acquire_grant_for_copy() must not call itself to recover from an
++ observed change to the active entry's pin count
++
++This is part of CVE-2017-12135 / XSA-226.
++
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++
++---
++
++--- xen-4.8.1.orig/xen/common/compat/grant_table.c
+++++ xen-4.8.1/xen/common/compat/grant_table.c
++@@ -258,9 +258,9 @@ int compat_grant_table_op(unsigned int c
++ rc = gnttab_copy(guest_handle_cast(nat.uop, gnttab_copy_t), n);
++ if ( rc > 0 )
++ {
++- ASSERT(rc < n);
++- i -= n - rc;
++- n = rc;
+++ ASSERT(rc <= n);
+++ i -= rc;
+++ n -= rc;
++ }
++ if ( rc >= 0 )
++ {
++--- xen-4.8.1.orig/xen/common/grant_table.c
+++++ xen-4.8.1/xen/common/grant_table.c
++@@ -2086,8 +2086,10 @@ __release_grant_for_copy(
++
++ if ( td != rd )
++ {
++- /* Recursive calls, but they're tail calls, so it's
++- okay. */
+++ /*
+++ * Recursive calls, but they're bounded (acquire permits only a single
+++ * level of transitivity), so it's okay.
+++ */
++ if ( released_write )
++ __release_grant_for_copy(td, trans_gref, 0);
++ else if ( released_read )
++@@ -2238,10 +2240,11 @@ __acquire_grant_for_copy(
++ return rc;
++ }
++
++- /* We dropped the lock, so we have to check that nobody
++- else tried to pin (or, for that matter, unpin) the
++- reference in *this* domain. If they did, just give up
++- and try again. */
+++ /*
+++ * We dropped the lock, so we have to check that nobody else tried
+++ * to pin (or, for that matter, unpin) the reference in *this*
+++ * domain. If they did, just give up and tell the caller to retry.
+++ */
++ if ( act->pin != old_pin )
++ {
++ __fixup_status_for_copy_pin(act, status);
++@@ -2249,9 +2252,8 @@ __acquire_grant_for_copy(
++ active_entry_release(act);
++ grant_read_unlock(rgt);
++ put_page(*page);
++- return __acquire_grant_for_copy(rd, gref, ldom, readonly,
++- frame, page, page_off, length,
++- allow_transitive);
+++ *page = NULL;
+++ return ERESTART;
++ }
++
++ /* The actual remote remote grant may or may not be a
++@@ -2557,7 +2559,7 @@ static int gnttab_copy_one(const struct
++ {
++ gnttab_copy_release_buf(src);
++ rc = gnttab_copy_claim_buf(op, &op->source, src, GNTCOPY_source_gref);
++- if ( rc < 0 )
+++ if ( rc )
++ goto out;
++ }
++
++@@ -2567,7 +2569,7 @@ static int gnttab_copy_one(const struct
++ {
++ gnttab_copy_release_buf(dest);
++ rc = gnttab_copy_claim_buf(op, &op->dest, dest, GNTCOPY_dest_gref);
++- if ( rc < 0 )
+++ if ( rc )
++ goto out;
++ }
++
++@@ -2576,6 +2578,14 @@ static int gnttab_copy_one(const struct
++ return rc;
++ }
++
+++/*
+++ * gnttab_copy(), other than the various other helpers of
+++ * do_grant_table_op(), returns (besides possible error indicators)
+++ * "count - i" rather than "i" to ensure that even if no progress
+++ * was made at all (perhaps due to gnttab_copy_one() returning a
+++ * positive value) a non-zero value is being handed back (zero needs
+++ * to be avoided, as that means "success, all done").
+++ */
++ static long gnttab_copy(
++ XEN_GUEST_HANDLE_PARAM(gnttab_copy_t) uop, unsigned int count)
++ {
++@@ -2589,7 +2599,7 @@ static long gnttab_copy(
++ {
++ if ( i && hypercall_preempt_check() )
++ {
++- rc = i;
+++ rc = count - i;
++ break;
++ }
++
++@@ -2599,13 +2609,20 @@ static long gnttab_copy(
++ break;
++ }
++
++- op.status = gnttab_copy_one(&op, &dest, &src);
++- if ( op.status != GNTST_okay )
+++ rc = gnttab_copy_one(&op, &dest, &src);
+++ if ( rc > 0 )
+++ {
+++ rc = count - i;
+++ break;
+++ }
+++ if ( rc != GNTST_okay )
++ {
++ gnttab_copy_release_buf(&src);
++ gnttab_copy_release_buf(&dest);
++ }
++
+++ op.status = rc;
+++ rc = 0;
++ if ( unlikely(__copy_field_to_guest(uop, &op, status)) )
++ {
++ rc = -EFAULT;
++@@ -3143,6 +3160,7 @@ do_grant_table_op(
++ rc = gnttab_copy(copy, count);
++ if ( rc > 0 )
++ {
+++ rc = count - rc;
++ guest_handle_add_offset(copy, rc);
++ uop = guest_handle_cast(copy, void);
++ }
--- /dev/null
--- /dev/null
++From: George Dunlap <george.dunlap@citrix.com>
++Date: Thu, 15 Jun 2017 16:24:02 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 0a915357527121342ded8480e68c63c8395cb8ca
++Subject: gnttab: Fix handling of dev_bus_addr during unmap
++
++If a grant has been mapped with the GNTTAB_device_map flag, calling
++grant_unmap_ref() with dev_bus_addr set to zero should cause the
++GNTTAB_device_map part of the mapping to be left alone.
++
++Unfortunately, at the moment, op->dev_bus_addr is implicitly checked
++before clearing the map and adjusting the pin count, but only the bits
++above 12; and it is not checked at all before dropping page
++references. This means a guest can repeatedly make such a call to
++cause the reference count to drop to zero, causing the page to be
++freed and re-used, even though it's still mapped in its pagetables.
++
++To fix this, always check op->dev_bus_addr explicitly for being
++non-zero, as well as op->flag & GNTMAP_device_map, before doing
++operations on the device_map.
++
++While we're here, make the logic a bit cleaner:
++
++* Always initialize op->frame to zero and set it from act->frame, to reduce the
++chance of untrusted input being used
++
++* Explicitly check the full dev_bus_addr against act->frame <<
++ PAGE_SHIFT, rather than ignoring the lower 12 bits
++
++This is part of XSA-224.
++
++Reported-by: Jan Beulich <jbeulich@suse.com>
++Signed-off-by: George Dunlap <george.dunlap@citrix.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++
++---
++
++--- xen-4.8.1.orig/xen/common/grant_table.c
+++++ xen-4.8.1/xen/common/grant_table.c
++@@ -1089,8 +1089,6 @@ __gnttab_unmap_common(
++ ld = current->domain;
++ lgt = ld->grant_table;
++
++- op->frame = (unsigned long)(op->dev_bus_addr >> PAGE_SHIFT);
++-
++ if ( unlikely(op->handle >= lgt->maptrack_limit) )
++ {
++ gdprintk(XENLOG_INFO, "Bad handle (%d).\n", op->handle);
++@@ -1174,16 +1172,14 @@ __gnttab_unmap_common(
++ goto act_release_out;
++ }
++
++- if ( op->frame == 0 )
++- {
++- op->frame = act->frame;
++- }
++- else
+++ op->frame = act->frame;
+++
+++ if ( op->dev_bus_addr )
++ {
++- if ( unlikely(op->frame != act->frame) )
+++ if ( unlikely(op->dev_bus_addr != pfn_to_paddr(act->frame)) )
++ PIN_FAIL(act_release_out, GNTST_general_error,
++- "Bad frame number doesn't match gntref. (%lx != %lx)\n",
++- op->frame, act->frame);
+++ "Bus address doesn't match gntref (%"PRIx64" != %"PRIpaddr")\n",
+++ op->dev_bus_addr, pfn_to_paddr(act->frame));
++
++ map->flags &= ~GNTMAP_device_map;
++ }
++@@ -1276,7 +1272,8 @@ __gnttab_unmap_common_complete(struct gn
++ else
++ status = &status_entry(rgt, op->ref);
++
++- if ( unlikely(op->frame != act->frame) )
+++ if ( op->dev_bus_addr &&
+++ unlikely(op->dev_bus_addr != pfn_to_paddr(act->frame)) )
++ {
++ /*
++ * Suggests that __gntab_unmap_common failed early and so
++@@ -1287,7 +1284,7 @@ __gnttab_unmap_common_complete(struct gn
++
++ pg = mfn_to_page(op->frame);
++
++- if ( op->flags & GNTMAP_device_map )
+++ if ( op->dev_bus_addr && (op->flags & GNTMAP_device_map) )
++ {
++ if ( !is_iomem_page(act->frame) )
++ {
++@@ -1358,6 +1355,7 @@ __gnttab_unmap_grant_ref(
++ /* Intialise these in case common contains old state */
++ common->new_addr = 0;
++ common->rd = NULL;
+++ common->frame = 0;
++
++ __gnttab_unmap_common(common);
++ op->status = common->status;
++@@ -1422,6 +1420,7 @@ __gnttab_unmap_and_replace(
++ /* Intialise these in case common contains old state */
++ common->dev_bus_addr = 0;
++ common->rd = NULL;
+++ common->frame = 0;
++
++ __gnttab_unmap_common(common);
++ op->status = common->status;
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Thu, 7 Sep 2017 18:16:58 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u3 e8d7c64f2ab550185429d3462ac5c031d443ec6c
++Subject: gnttab: fix transitive grant handling
++
++Processing of transitive grants must not use the fast path, or else
++reference counting breaks due to the skipped recursive call to
++__acquire_grant_for_copy() (its __release_grant_for_copy()
++counterpart occurs independent of original pin count). Furthermore
++after re-acquiring temporarily dropped locks we need to verify no grant
++properties changed if the original pin count was non-zero; checking
++just the pin counts is sufficient only for well-behaved guests. As a
++result, __release_grant_for_copy() needs to mirror that new behavior.
++
++Furthermore a __release_grant_for_copy() invocation was missing on the
++retry path of __acquire_grant_for_copy(), and gnttab_set_version() also
++needs to bail out upon encountering a transitive grant.
++
++This is part of CVE-2017-12135 / XSA-226.
++
++Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
++
++---
++
++--- xen-4.8.1.orig/xen/common/grant_table.c
+++++ xen-4.8.1/xen/common/grant_table.c
++@@ -2033,13 +2033,8 @@ __release_grant_for_copy(
++ unsigned long r_frame;
++ uint16_t *status;
++ grant_ref_t trans_gref;
++- int released_read;
++- int released_write;
++ struct domain *td;
++
++- released_read = 0;
++- released_write = 0;
++-
++ grant_read_lock(rgt);
++
++ act = active_entry_acquire(rgt, gref);
++@@ -2069,17 +2064,11 @@ __release_grant_for_copy(
++
++ act->pin -= GNTPIN_hstw_inc;
++ if ( !(act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask)) )
++- {
++- released_write = 1;
++ gnttab_clear_flag(_GTF_writing, status);
++- }
++ }
++
++ if ( !act->pin )
++- {
++ gnttab_clear_flag(_GTF_reading, status);
++- released_read = 1;
++- }
++
++ active_entry_release(act);
++ grant_read_unlock(rgt);
++@@ -2087,13 +2076,10 @@ __release_grant_for_copy(
++ if ( td != rd )
++ {
++ /*
++- * Recursive calls, but they're bounded (acquire permits only a single
+++ * Recursive call, but it is bounded (acquire permits only a single
++ * level of transitivity), so it's okay.
++ */
++- if ( released_write )
++- __release_grant_for_copy(td, trans_gref, 0);
++- else if ( released_read )
++- __release_grant_for_copy(td, trans_gref, 1);
+++ __release_grant_for_copy(td, trans_gref, readonly);
++
++ rcu_unlock_domain(td);
++ }
++@@ -2167,8 +2153,108 @@ __acquire_grant_for_copy(
++ act->domid, ldom, act->pin);
++
++ old_pin = act->pin;
++- if ( !act->pin ||
++- (!readonly && !(act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask))) )
+++ if ( sha2 && (shah->flags & GTF_type_mask) == GTF_transitive )
+++ {
+++ if ( (!old_pin || (!readonly &&
+++ !(old_pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask)))) &&
+++ (rc = _set_status_v2(ldom, readonly, 0, shah, act,
+++ status)) != GNTST_okay )
+++ goto unlock_out;
+++
+++ if ( !allow_transitive )
+++ PIN_FAIL(unlock_out_clear, GNTST_general_error,
+++ "transitive grant when transitivity not allowed\n");
+++
+++ trans_domid = sha2->transitive.trans_domid;
+++ trans_gref = sha2->transitive.gref;
+++ barrier(); /* Stop the compiler from re-loading
+++ trans_domid from shared memory */
+++ if ( trans_domid == rd->domain_id )
+++ PIN_FAIL(unlock_out_clear, GNTST_general_error,
+++ "transitive grants cannot be self-referential\n");
+++
+++ /*
+++ * We allow the trans_domid == ldom case, which corresponds to a
+++ * grant being issued by one domain, sent to another one, and then
+++ * transitively granted back to the original domain. Allowing it
+++ * is easy, and means that you don't need to go out of your way to
+++ * avoid it in the guest.
+++ */
+++
+++ /* We need to leave the rrd locked during the grant copy. */
+++ td = rcu_lock_domain_by_id(trans_domid);
+++ if ( td == NULL )
+++ PIN_FAIL(unlock_out_clear, GNTST_general_error,
+++ "transitive grant referenced bad domain %d\n",
+++ trans_domid);
+++
+++ /*
+++ * __acquire_grant_for_copy() could take the lock on the
+++ * remote table (if rd == td), so we have to drop the lock
+++ * here and reacquire.
+++ */
+++ active_entry_release(act);
+++ grant_read_unlock(rgt);
+++
+++ rc = __acquire_grant_for_copy(td, trans_gref, rd->domain_id,
+++ readonly, &grant_frame, page,
+++ &trans_page_off, &trans_length, 0);
+++
+++ grant_read_lock(rgt);
+++ act = active_entry_acquire(rgt, gref);
+++
+++ if ( rc != GNTST_okay )
+++ {
+++ __fixup_status_for_copy_pin(act, status);
+++ rcu_unlock_domain(td);
+++ active_entry_release(act);
+++ grant_read_unlock(rgt);
+++ return rc;
+++ }
+++
+++ /*
+++ * We dropped the lock, so we have to check that the grant didn't
+++ * change, and that nobody else tried to pin/unpin it. If anything
+++ * changed, just give up and tell the caller to retry.
+++ */
+++ if ( rgt->gt_version != 2 ||
+++ act->pin != old_pin ||
+++ (old_pin && (act->domid != ldom || act->frame != grant_frame ||
+++ act->start != trans_page_off ||
+++ act->length != trans_length ||
+++ act->trans_domain != td ||
+++ act->trans_gref != trans_gref ||
+++ !act->is_sub_page)) )
+++ {
+++ __release_grant_for_copy(td, trans_gref, readonly);
+++ __fixup_status_for_copy_pin(act, status);
+++ rcu_unlock_domain(td);
+++ active_entry_release(act);
+++ grant_read_unlock(rgt);
+++ put_page(*page);
+++ *page = NULL;
+++ return ERESTART;
+++ }
+++
+++ if ( !old_pin )
+++ {
+++ act->domid = ldom;
+++ act->start = trans_page_off;
+++ act->length = trans_length;
+++ act->trans_domain = td;
+++ act->trans_gref = trans_gref;
+++ act->frame = grant_frame;
+++ act->gfn = -1ul;
+++ /*
+++ * The actual remote remote grant may or may not be a sub-page,
+++ * but we always treat it as one because that blocks mappings of
+++ * transitive grants.
+++ */
+++ act->is_sub_page = 1;
+++ }
+++ }
+++ else if ( !old_pin ||
+++ (!readonly && !(old_pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask))) )
++ {
++ if ( (rc = _set_status(rgt->gt_version, ldom,
++ readonly, 0, shah, act,
++@@ -2189,79 +2275,6 @@ __acquire_grant_for_copy(
++ trans_page_off = 0;
++ trans_length = PAGE_SIZE;
++ }
++- else if ( (shah->flags & GTF_type_mask) == GTF_transitive )
++- {
++- if ( !allow_transitive )
++- PIN_FAIL(unlock_out_clear, GNTST_general_error,
++- "transitive grant when transitivity not allowed\n");
++-
++- trans_domid = sha2->transitive.trans_domid;
++- trans_gref = sha2->transitive.gref;
++- barrier(); /* Stop the compiler from re-loading
++- trans_domid from shared memory */
++- if ( trans_domid == rd->domain_id )
++- PIN_FAIL(unlock_out_clear, GNTST_general_error,
++- "transitive grants cannot be self-referential\n");
++-
++- /* We allow the trans_domid == ldom case, which
++- corresponds to a grant being issued by one domain, sent
++- to another one, and then transitively granted back to
++- the original domain. Allowing it is easy, and means
++- that you don't need to go out of your way to avoid it
++- in the guest. */
++-
++- /* We need to leave the rrd locked during the grant copy */
++- td = rcu_lock_domain_by_id(trans_domid);
++- if ( td == NULL )
++- PIN_FAIL(unlock_out_clear, GNTST_general_error,
++- "transitive grant referenced bad domain %d\n",
++- trans_domid);
++-
++- /*
++- * __acquire_grant_for_copy() could take the lock on the
++- * remote table (if rd == td), so we have to drop the lock
++- * here and reacquire
++- */
++- active_entry_release(act);
++- grant_read_unlock(rgt);
++-
++- rc = __acquire_grant_for_copy(td, trans_gref, rd->domain_id,
++- readonly, &grant_frame, page,
++- &trans_page_off, &trans_length, 0);
++-
++- grant_read_lock(rgt);
++- act = active_entry_acquire(rgt, gref);
++-
++- if ( rc != GNTST_okay ) {
++- __fixup_status_for_copy_pin(act, status);
++- rcu_unlock_domain(td);
++- active_entry_release(act);
++- grant_read_unlock(rgt);
++- return rc;
++- }
++-
++- /*
++- * We dropped the lock, so we have to check that nobody else tried
++- * to pin (or, for that matter, unpin) the reference in *this*
++- * domain. If they did, just give up and tell the caller to retry.
++- */
++- if ( act->pin != old_pin )
++- {
++- __fixup_status_for_copy_pin(act, status);
++- rcu_unlock_domain(td);
++- active_entry_release(act);
++- grant_read_unlock(rgt);
++- put_page(*page);
++- *page = NULL;
++- return ERESTART;
++- }
++-
++- /* The actual remote remote grant may or may not be a
++- sub-page, but we always treat it as one because that
++- blocks mappings of transitive grants. */
++- is_sub_page = 1;
++- act->gfn = -1ul;
++- }
++ else if ( !(sha2->hdr.flags & GTF_sub_page) )
++ {
++ rc = __get_paged_frame(sha2->full_page.frame, &grant_frame, page, readonly, rd);
++@@ -2693,10 +2706,13 @@ gnttab_set_version(XEN_GUEST_HANDLE_PARA
++ case 2:
++ for ( i = 0; i < GNTTAB_NR_RESERVED_ENTRIES; i++ )
++ {
++- if ( ((shared_entry_v2(gt, i).hdr.flags & GTF_type_mask) ==
++- GTF_permit_access) &&
++- (shared_entry_v2(gt, i).full_page.frame >> 32) )
+++ switch ( shared_entry_v2(gt, i).hdr.flags & GTF_type_mask )
++ {
+++ case GTF_permit_access:
+++ if ( !(shared_entry_v2(gt, i).full_page.frame >> 32) )
+++ break;
+++ /* fall through */
+++ case GTF_transitive:
++ gdprintk(XENLOG_WARNING,
++ "tried to change grant table version to 1 with non-representable entries\n");
++ res = -ERANGE;
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Fri, 2 Jun 2017 12:22:42 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 cbe9168b320ecaa96a2a3f42d8783eb6eb27b18b
++Subject: gnttab: fix unmap pin accounting race
++
++Once all {writable} mappings of a grant entry have been unmapped, the
++hypervisor informs the guest that the grant entry has been released by
++clearing the _GTF_{reading,writing} usage flags in the guest's grant
++table as appropriate.
++
++Unfortunately, at the moment, the code that updates the accounting
++happens in a different critical section than the one which updates the
++usage flags; this means that under the right circumstances, there may be
++a window in time after the hypervisor reported the grant as being free
++during which the grant referee still had access to the page.
++
++Move the grant accounting code into the same critical section as the
++reporting code to make sure this kind of race can't happen.
++
++This is part of XSA-218.
++
++Reported-by: Jann Horn <jannh.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++
++---
++
++--- xen-4.8.1.orig/xen/common/grant_table.c
+++++ xen-4.8.1/xen/common/grant_table.c
++@@ -1150,15 +1150,8 @@ __gnttab_unmap_common(
++ PIN_FAIL(act_release_out, GNTST_general_error,
++ "Bad frame number doesn't match gntref. (%lx != %lx)\n",
++ op->frame, act->frame);
++- if ( op->flags & GNTMAP_device_map )
++- {
++- ASSERT(act->pin & (GNTPIN_devw_mask | GNTPIN_devr_mask));
++- op->map->flags &= ~GNTMAP_device_map;
++- if ( op->flags & GNTMAP_readonly )
++- act->pin -= GNTPIN_devr_inc;
++- else
++- act->pin -= GNTPIN_devw_inc;
++- }
+++
+++ op->map->flags &= ~GNTMAP_device_map;
++ }
++
++ if ( (op->host_addr != 0) && (op->flags & GNTMAP_host_map) )
++@@ -1168,12 +1161,7 @@ __gnttab_unmap_common(
++ op->flags)) < 0 )
++ goto act_release_out;
++
++- ASSERT(act->pin & (GNTPIN_hstw_mask | GNTPIN_hstr_mask));
++ op->map->flags &= ~GNTMAP_host_map;
++- if ( op->flags & GNTMAP_readonly )
++- act->pin -= GNTPIN_hstr_inc;
++- else
++- act->pin -= GNTPIN_hstw_inc;
++ }
++
++ act_release_out:
++@@ -1266,6 +1254,12 @@ __gnttab_unmap_common_complete(struct gn
++ else
++ put_page_and_type(pg);
++ }
+++
+++ ASSERT(act->pin & (GNTPIN_devw_mask | GNTPIN_devr_mask));
+++ if ( op->flags & GNTMAP_readonly )
+++ act->pin -= GNTPIN_devr_inc;
+++ else
+++ act->pin -= GNTPIN_devw_inc;
++ }
++
++ if ( (op->host_addr != 0) && (op->flags & GNTMAP_host_map) )
++@@ -1274,7 +1268,9 @@ __gnttab_unmap_common_complete(struct gn
++ {
++ /*
++ * Suggests that __gntab_unmap_common failed in
++- * replace_grant_host_mapping() so nothing further to do
+++ * replace_grant_host_mapping() or IOMMU handling, so nothing
+++ * further to do (short of re-establishing the mapping in the
+++ * latter case).
++ */
++ goto act_release_out;
++ }
++@@ -1285,6 +1281,12 @@ __gnttab_unmap_common_complete(struct gn
++ put_page_type(pg);
++ put_page(pg);
++ }
+++
+++ ASSERT(act->pin & (GNTPIN_hstw_mask | GNTPIN_hstr_mask));
+++ if ( op->flags & GNTMAP_readonly )
+++ act->pin -= GNTPIN_hstr_inc;
+++ else
+++ act->pin -= GNTPIN_hstw_inc;
++ }
++
++ if ( (op->map->flags & (GNTMAP_device_map|GNTMAP_host_map)) == 0 )
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Fri, 2 Jun 2017 15:21:27 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 3ee63df99edde59558357cd3452f5fca184cec56
++Subject: gnttab: never create host mapping unless asked to
++
++We shouldn't create a host mapping unless asked to even in the case of
++mapping a granted MMIO page. In particular the mapping wouldn't be torn
++down when processing the matching unmap request.
++
++This is part of XSA-224.
++
++Reported-by: Jan Beulich <jbeulich@suse.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++
++---
++
++--- xen-4.8.1.orig/xen/common/grant_table.c
+++++ xen-4.8.1/xen/common/grant_table.c
++@@ -911,10 +911,13 @@ __gnttab_map_grant_ref(
++ goto undo_out;
++ }
++
++- rc = create_grant_host_mapping(
++- op->host_addr, frame, op->flags, cache_flags);
++- if ( rc != GNTST_okay )
++- goto undo_out;
+++ if ( op->flags & GNTMAP_host_map )
+++ {
+++ rc = create_grant_host_mapping(op->host_addr, frame, op->flags,
+++ cache_flags);
+++ if ( rc != GNTST_okay )
+++ goto undo_out;
+++ }
++ }
++ else if ( owner == rd || owner == dom_cow )
++ {
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Mon, 31 Jul 2017 15:17:56 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u3 84a862297be91da9afefeda853b8414205d44fa8
++Subject: gnttab: split maptrack lock to make it fulfill its purpose again
++
++The way the lock is currently being used in get_maptrack_handle(), it
++protects only the maptrack limit: The function acts on current's list
++only, so races on list accesses are impossible even without the lock.
++
++Otoh list access races are possible between __get_maptrack_handle() and
++put_maptrack_handle(), due to the invocation of the former for other
++than current from steal_maptrack_handle(). Introduce a per-vCPU lock
++for list accesses to become race free again. This lock will be
++uncontended except when it becomes necessary to take the steal path,
++i.e. in the common case there should be no meaningful performance
++impact.
++
++When in get_maptrack_handle adds a stolen entry to a fresh, empty,
++freelist, we think that there is probably no concurrency. However,
++this is not a fast path and adding the locking there makes the code
++clearly correct.
++
++Also, while we are here: the stolen maptrack_entry's tail pointer was
++not properly set. Set it.
++
++This is XSA-228.
++
++Reported-by: Ian Jackson <ian.jackson@eu.citrix.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
++
++---
++
++--- xen-4.8.1.orig/docs/misc/grant-tables.txt
+++++ xen-4.8.1/docs/misc/grant-tables.txt
++@@ -87,7 +87,8 @@ is complete.
++ inconsistent grant table state such as current
++ version, partially initialized active table pages,
++ etc.
++- grant_table->maptrack_lock : spinlock used to protect the maptrack free list
+++ grant_table->maptrack_lock : spinlock used to protect the maptrack limit
+++ v->maptrack_freelist_lock : spinlock used to protect the maptrack free list
++ active_grant_entry->lock : spinlock used to serialize modifications to
++ active entries
++
++@@ -102,6 +103,10 @@ is complete.
++ The maptrack free list is protected by its own spinlock. The maptrack
++ lock may be locked while holding the grant table lock.
++
+++ The maptrack_freelist_lock is an innermost lock. It may be locked
+++ while holding other locks, but no other locks may be acquired within
+++ it.
+++
++ Active entries are obtained by calling active_entry_acquire(gt, ref).
++ This function returns a pointer to the active entry after locking its
++ spinlock. The caller must hold the grant table read lock before
++--- xen-4.8.1.orig/xen/common/grant_table.c
+++++ xen-4.8.1/xen/common/grant_table.c
++@@ -304,11 +304,16 @@ __get_maptrack_handle(
++ {
++ unsigned int head, next, prev_head;
++
+++ spin_lock(&v->maptrack_freelist_lock);
+++
++ do {
++ /* No maptrack pages allocated for this VCPU yet? */
++ head = read_atomic(&v->maptrack_head);
++ if ( unlikely(head == MAPTRACK_TAIL) )
+++ {
+++ spin_unlock(&v->maptrack_freelist_lock);
++ return -1;
+++ }
++
++ /*
++ * Always keep one entry in the free list to make it easier to
++@@ -316,12 +321,17 @@ __get_maptrack_handle(
++ */
++ next = read_atomic(&maptrack_entry(t, head).ref);
++ if ( unlikely(next == MAPTRACK_TAIL) )
+++ {
+++ spin_unlock(&v->maptrack_freelist_lock);
++ return -1;
+++ }
++
++ prev_head = head;
++ head = cmpxchg(&v->maptrack_head, prev_head, next);
++ } while ( head != prev_head );
++
+++ spin_unlock(&v->maptrack_freelist_lock);
+++
++ return head;
++ }
++
++@@ -380,6 +390,8 @@ put_maptrack_handle(
++ /* 2. Add entry to the tail of the list on the original VCPU. */
++ v = currd->vcpu[maptrack_entry(t, handle).vcpu];
++
+++ spin_lock(&v->maptrack_freelist_lock);
+++
++ cur_tail = read_atomic(&v->maptrack_tail);
++ do {
++ prev_tail = cur_tail;
++@@ -388,6 +400,8 @@ put_maptrack_handle(
++
++ /* 3. Update the old tail entry to point to the new entry. */
++ write_atomic(&maptrack_entry(t, prev_tail).ref, handle);
+++
+++ spin_unlock(&v->maptrack_freelist_lock);
++ }
++
++ static inline int
++@@ -411,10 +425,6 @@ get_maptrack_handle(
++ */
++ if ( nr_maptrack_frames(lgt) >= max_maptrack_frames )
++ {
++- /*
++- * Can drop the lock since no other VCPU can be adding a new
++- * frame once they've run out.
++- */
++ spin_unlock(&lgt->maptrack_lock);
++
++ /*
++@@ -426,8 +436,12 @@ get_maptrack_handle(
++ handle = steal_maptrack_handle(lgt, curr);
++ if ( handle == -1 )
++ return -1;
+++ spin_lock(&curr->maptrack_freelist_lock);
+++ maptrack_entry(lgt, handle).ref = MAPTRACK_TAIL;
++ curr->maptrack_tail = handle;
++- write_atomic(&curr->maptrack_head, handle);
+++ if ( curr->maptrack_head == MAPTRACK_TAIL )
+++ write_atomic(&curr->maptrack_head, handle);
+++ spin_unlock(&curr->maptrack_freelist_lock);
++ }
++ return steal_maptrack_handle(lgt, curr);
++ }
++@@ -460,12 +474,15 @@ get_maptrack_handle(
++ smp_wmb();
++ lgt->maptrack_limit += MAPTRACK_PER_PAGE;
++
+++ spin_unlock(&lgt->maptrack_lock);
+++ spin_lock(&curr->maptrack_freelist_lock);
+++
++ do {
++ new_mt[i - 1].ref = read_atomic(&curr->maptrack_head);
++ head = cmpxchg(&curr->maptrack_head, new_mt[i - 1].ref, handle + 1);
++ } while ( head != new_mt[i - 1].ref );
++
++- spin_unlock(&lgt->maptrack_lock);
+++ spin_unlock(&curr->maptrack_freelist_lock);
++
++ return handle;
++ }
++@@ -3508,6 +3525,7 @@ grant_table_destroy(
++
++ void grant_table_init_vcpu(struct vcpu *v)
++ {
+++ spin_lock_init(&v->maptrack_freelist_lock);
++ v->maptrack_head = MAPTRACK_TAIL;
++ v->maptrack_tail = MAPTRACK_TAIL;
++ }
++--- xen-4.8.1.orig/xen/include/xen/grant_table.h
+++++ xen-4.8.1/xen/include/xen/grant_table.h
++@@ -78,7 +78,7 @@ struct grant_table {
++ /* Mapping tracking table per vcpu. */
++ struct grant_mapping **maptrack;
++ unsigned int maptrack_limit;
++- /* Lock protecting the maptrack page list, head, and limit */
+++ /* Lock protecting the maptrack limit */
++ spinlock_t maptrack_lock;
++ /* The defined versions are 1 and 2. Set to 0 if we don't know
++ what version to use yet. */
++--- xen-4.8.1.orig/xen/include/xen/sched.h
+++++ xen-4.8.1/xen/include/xen/sched.h
++@@ -223,6 +223,7 @@ struct vcpu
++ int controller_pause_count;
++
++ /* Maptrack */
+++ spinlock_t maptrack_freelist_lock;
++ unsigned int maptrack_head;
++ unsigned int maptrack_tail;
++
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Tue, 20 Jun 2017 13:24:40 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 639e3990fb7a1ca84665400f258eca0ef04d001b
++Subject: guest_physmap_remove_page() needs its return value checked
++
++Callers, namely such subsequently freeing the page, must not blindly
++assume success - the function may namely fail when needing to shatter a
++super page, but there not being memory available for the then needed
++intermediate page table.
++
++As it happens, guest_remove_page() callers now also all check the
++return value.
++
++Furthermore a missed put_gfn() on an error path in gnttab_transfer() is
++also being taken care of.
++
++This is part of XSA-222.
++
++Reported-by: Julien Grall <julien.grall@arm.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++Signed-off-by: Julien Grall <julien.grall@arm.com>
++Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
++
++---
++
++--- xen-4.8.1.orig/xen/arch/arm/mm.c
+++++ xen-4.8.1/xen/arch/arm/mm.c
++@@ -1340,13 +1340,14 @@ int replace_grant_host_mapping(unsigned
++ {
++ gfn_t gfn = _gfn(addr >> PAGE_SHIFT);
++ struct domain *d = current->domain;
+++ int rc;
++
++ if ( new_addr != 0 || (flags & GNTMAP_contains_pte) )
++ return GNTST_general_error;
++
++- guest_physmap_remove_page(d, gfn, _mfn(mfn), 0);
+++ rc = guest_physmap_remove_page(d, gfn, _mfn(mfn), 0);
++
++- return GNTST_okay;
+++ return rc ? GNTST_general_error : GNTST_okay;
++ }
++
++ int is_iomem_page(unsigned long mfn)
++--- xen-4.8.1.orig/xen/arch/arm/p2m.c
+++++ xen-4.8.1/xen/arch/arm/p2m.c
++@@ -1211,11 +1211,10 @@ int guest_physmap_add_entry(struct domai
++ return p2m_insert_mapping(d, gfn, (1 << page_order), mfn, t);
++ }
++
++-void guest_physmap_remove_page(struct domain *d,
++- gfn_t gfn,
++- mfn_t mfn, unsigned int page_order)
+++int guest_physmap_remove_page(struct domain *d, gfn_t gfn, mfn_t mfn,
+++ unsigned int page_order)
++ {
++- p2m_remove_mapping(d, gfn, (1 << page_order), mfn);
+++ return p2m_remove_mapping(d, gfn, (1 << page_order), mfn);
++ }
++
++ static int p2m_alloc_table(struct domain *d)
++--- xen-4.8.1.orig/xen/arch/x86/domain.c
+++++ xen-4.8.1/xen/arch/x86/domain.c
++@@ -808,7 +808,15 @@ int arch_domain_soft_reset(struct domain
++ ret = -ENOMEM;
++ goto exit_put_gfn;
++ }
++- guest_physmap_remove_page(d, _gfn(gfn), _mfn(mfn), PAGE_ORDER_4K);
+++
+++ ret = guest_physmap_remove_page(d, _gfn(gfn), _mfn(mfn), PAGE_ORDER_4K);
+++ if ( ret )
+++ {
+++ printk(XENLOG_G_ERR "Failed to remove Dom%d's shared_info frame %lx\n",
+++ d->domain_id, gfn);
+++ free_domheap_page(new_page);
+++ goto exit_put_gfn;
+++ }
++
++ ret = guest_physmap_add_page(d, _gfn(gfn), _mfn(page_to_mfn(new_page)),
++ PAGE_ORDER_4K);
++--- xen-4.8.1.orig/xen/arch/x86/domain_build.c
+++++ xen-4.8.1/xen/arch/x86/domain_build.c
++@@ -427,7 +427,9 @@ static __init void pvh_add_mem_mapping(s
++ if ( !iomem_access_permitted(d, mfn + i, mfn + i) )
++ {
++ omfn = get_gfn_query_unlocked(d, gfn + i, &t);
++- guest_physmap_remove_page(d, _gfn(gfn + i), omfn, PAGE_ORDER_4K);
+++ if ( guest_physmap_remove_page(d, _gfn(gfn + i), omfn,
+++ PAGE_ORDER_4K) )
+++ /* nothing, best effort only */;
++ continue;
++ }
++
++--- xen-4.8.1.orig/xen/arch/x86/hvm/ioreq.c
+++++ xen-4.8.1/xen/arch/x86/hvm/ioreq.c
++@@ -267,8 +267,9 @@ bool_t is_ioreq_server_page(struct domai
++ static void hvm_remove_ioreq_gmfn(
++ struct domain *d, struct hvm_ioreq_page *iorp)
++ {
++- guest_physmap_remove_page(d, _gfn(iorp->gmfn),
++- _mfn(page_to_mfn(iorp->page)), 0);
+++ if ( guest_physmap_remove_page(d, _gfn(iorp->gmfn),
+++ _mfn(page_to_mfn(iorp->page)), 0) )
+++ domain_crash(d);
++ clear_page(iorp->va);
++ }
++
++--- xen-4.8.1.orig/xen/arch/x86/mm.c
+++++ xen-4.8.1/xen/arch/x86/mm.c
++@@ -4276,7 +4276,11 @@ static int replace_grant_p2m_mapping(
++ type, mfn_x(old_mfn), frame);
++ return GNTST_general_error;
++ }
++- guest_physmap_remove_page(d, _gfn(gfn), _mfn(frame), PAGE_ORDER_4K);
+++ if ( guest_physmap_remove_page(d, _gfn(gfn), _mfn(frame), PAGE_ORDER_4K) )
+++ {
+++ put_gfn(d, gfn);
+++ return GNTST_general_error;
+++ }
++
++ put_gfn(d, gfn);
++ return GNTST_okay;
++@@ -4801,7 +4805,7 @@ int xenmem_add_to_physmap_one(
++ struct page_info *page = NULL;
++ unsigned long gfn = 0; /* gcc ... */
++ unsigned long prev_mfn, mfn = 0, old_gpfn;
++- int rc;
+++ int rc = 0;
++ p2m_type_t p2mt;
++
++ switch ( space )
++@@ -4875,25 +4879,30 @@ int xenmem_add_to_physmap_one(
++ {
++ if ( is_xen_heap_mfn(prev_mfn) )
++ /* Xen heap frames are simply unhooked from this phys slot. */
++- guest_physmap_remove_page(d, gpfn, _mfn(prev_mfn), PAGE_ORDER_4K);
+++ rc = guest_physmap_remove_page(d, gpfn, _mfn(prev_mfn), PAGE_ORDER_4K);
++ else
++ /* Normal domain memory is freed, to avoid leaking memory. */
++- guest_remove_page(d, gfn_x(gpfn));
+++ rc = guest_remove_page(d, gfn_x(gpfn));
++ }
++ /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */
++ put_gfn(d, gfn_x(gpfn));
++
+++ if ( rc )
+++ goto put_both;
+++
++ /* Unmap from old location, if any. */
++ old_gpfn = get_gpfn_from_mfn(mfn);
++ ASSERT( old_gpfn != SHARED_M2P_ENTRY );
++ if ( space == XENMAPSPACE_gmfn || space == XENMAPSPACE_gmfn_range )
++ ASSERT( old_gpfn == gfn );
++ if ( old_gpfn != INVALID_M2P_ENTRY )
++- guest_physmap_remove_page(d, _gfn(old_gpfn), _mfn(mfn), PAGE_ORDER_4K);
+++ rc = guest_physmap_remove_page(d, _gfn(old_gpfn), _mfn(mfn), PAGE_ORDER_4K);
++
++ /* Map at new location. */
++- rc = guest_physmap_add_page(d, gpfn, _mfn(mfn), PAGE_ORDER_4K);
+++ if ( !rc )
+++ rc = guest_physmap_add_page(d, gpfn, _mfn(mfn), PAGE_ORDER_4K);
++
+++ put_both:
++ /* In the XENMAPSPACE_gmfn, we took a ref of the gfn at the top */
++ if ( space == XENMAPSPACE_gmfn || space == XENMAPSPACE_gmfn_range )
++ put_gfn(d, gfn);
++--- xen-4.8.1.orig/xen/arch/x86/mm/p2m.c
+++++ xen-4.8.1/xen/arch/x86/mm/p2m.c
++@@ -2925,10 +2925,12 @@ int p2m_add_foreign(struct domain *tdom,
++ {
++ if ( is_xen_heap_mfn(mfn_x(prev_mfn)) )
++ /* Xen heap frames are simply unhooked from this phys slot */
++- guest_physmap_remove_page(tdom, _gfn(gpfn), prev_mfn, 0);
+++ rc = guest_physmap_remove_page(tdom, _gfn(gpfn), prev_mfn, 0);
++ else
++ /* Normal domain memory is freed, to avoid leaking memory. */
++- guest_remove_page(tdom, gpfn);
+++ rc = guest_remove_page(tdom, gpfn);
+++ if ( rc )
+++ goto put_both;
++ }
++ /*
++ * Create the new mapping. Can't use guest_physmap_add_page() because it
++@@ -2941,6 +2943,7 @@ int p2m_add_foreign(struct domain *tdom,
++ "gpfn:%lx mfn:%lx fgfn:%lx td:%d fd:%d\n",
++ gpfn, mfn_x(mfn), fgfn, tdom->domain_id, fdom->domain_id);
++
+++ put_both:
++ put_page(page);
++
++ /*
++--- xen-4.8.1.orig/xen/common/grant_table.c
+++++ xen-4.8.1/xen/common/grant_table.c
++@@ -1804,6 +1804,7 @@ gnttab_transfer(
++ for ( i = 0; i < count; i++ )
++ {
++ bool_t okay;
+++ int rc;
++
++ if (i && hypercall_preempt_check())
++ return i;
++@@ -1854,27 +1855,33 @@ gnttab_transfer(
++ goto copyback;
++ }
++
++- guest_physmap_remove_page(d, _gfn(gop.mfn), _mfn(mfn), 0);
+++ rc = guest_physmap_remove_page(d, _gfn(gop.mfn), _mfn(mfn), 0);
++ gnttab_flush_tlb(d);
+++ if ( rc )
+++ {
+++ gdprintk(XENLOG_INFO,
+++ "gnttab_transfer: can't remove GFN %"PRI_xen_pfn" (MFN %lx)\n",
+++ gop.mfn, mfn);
+++ gop.status = GNTST_general_error;
+++ goto put_gfn_and_copyback;
+++ }
++
++ /* Find the target domain. */
++ if ( unlikely((e = rcu_lock_domain_by_id(gop.domid)) == NULL) )
++ {
++- put_gfn(d, gop.mfn);
++ gdprintk(XENLOG_INFO, "gnttab_transfer: can't find domain %d\n",
++ gop.domid);
++- page->count_info &= ~(PGC_count_mask|PGC_allocated);
++- free_domheap_page(page);
++ gop.status = GNTST_bad_domain;
++- goto copyback;
+++ goto put_gfn_and_copyback;
++ }
++
++ if ( xsm_grant_transfer(XSM_HOOK, d, e) )
++ {
++- put_gfn(d, gop.mfn);
++ gop.status = GNTST_permission_denied;
++ unlock_and_copyback:
++ rcu_unlock_domain(e);
+++ put_gfn_and_copyback:
+++ put_gfn(d, gop.mfn);
++ page->count_info &= ~(PGC_count_mask|PGC_allocated);
++ free_domheap_page(page);
++ goto copyback;
++@@ -1923,12 +1930,8 @@ gnttab_transfer(
++ "Transferee (d%d) has no headroom (tot %u, max %u)\n",
++ e->domain_id, e->tot_pages, e->max_pages);
++
++- rcu_unlock_domain(e);
++- put_gfn(d, gop.mfn);
++- page->count_info &= ~(PGC_count_mask|PGC_allocated);
++- free_domheap_page(page);
++ gop.status = GNTST_general_error;
++- goto copyback;
+++ goto unlock_and_copyback;
++ }
++
++ /* Okay, add the page to 'e'. */
++@@ -1957,13 +1960,8 @@ gnttab_transfer(
++
++ if ( drop_dom_ref )
++ put_domain(e);
++- rcu_unlock_domain(e);
++-
++- put_gfn(d, gop.mfn);
++- page->count_info &= ~(PGC_count_mask|PGC_allocated);
++- free_domheap_page(page);
++ gop.status = GNTST_general_error;
++- goto copyback;
+++ goto unlock_and_copyback;
++ }
++
++ page_list_add_tail(page, &e->page_list);
++--- xen-4.8.1.orig/xen/common/memory.c
+++++ xen-4.8.1/xen/common/memory.c
++@@ -270,8 +270,12 @@ int guest_remove_page(struct domain *d,
++ mfn = get_gfn_query(d, gmfn, &p2mt);
++ if ( unlikely(p2m_is_paging(p2mt)) )
++ {
++- guest_physmap_remove_page(d, _gfn(gmfn), mfn, 0);
+++ rc = guest_physmap_remove_page(d, _gfn(gmfn), mfn, 0);
++ put_gfn(d, gmfn);
+++
+++ if ( rc )
+++ return rc;
+++
++ /* If the page hasn't yet been paged out, there is an
++ * actual page that needs to be released. */
++ if ( p2mt == p2m_ram_paging_out )
++@@ -335,7 +339,9 @@ int guest_remove_page(struct domain *d,
++ return -ENXIO;
++ }
++
++- if ( test_and_clear_bit(_PGT_pinned, &page->u.inuse.type_info) )
+++ rc = guest_physmap_remove_page(d, _gfn(gmfn), mfn, 0);
+++
+++ if ( !rc && test_and_clear_bit(_PGT_pinned, &page->u.inuse.type_info) )
++ put_page_and_type(page);
++
++ /*
++@@ -346,16 +352,14 @@ int guest_remove_page(struct domain *d,
++ * For this purpose (and to match populate_physmap() behavior), the page
++ * is kept allocated.
++ */
++- if ( !is_domain_direct_mapped(d) &&
+++ if ( !rc && !is_domain_direct_mapped(d) &&
++ test_and_clear_bit(_PGC_allocated, &page->count_info) )
++ put_page(page);
++
++- guest_physmap_remove_page(d, _gfn(gmfn), mfn, 0);
++-
++ put_page(page);
++ put_gfn(d, gmfn);
++
++- return 0;
+++ return rc;
++ }
++
++ static void decrease_reservation(struct memop_args *a)
++@@ -590,7 +594,8 @@ static long memory_exchange(XEN_GUEST_HA
++ gfn = mfn_to_gmfn(d, mfn);
++ /* Pages were unshared above */
++ BUG_ON(SHARED_M2P(gfn));
++- guest_physmap_remove_page(d, _gfn(gfn), _mfn(mfn), 0);
+++ if ( guest_physmap_remove_page(d, _gfn(gfn), _mfn(mfn), 0) )
+++ domain_crash(d);
++ put_page(page);
++ }
++
++@@ -1146,8 +1151,8 @@ long do_memory_op(unsigned long cmd, XEN
++ page = get_page_from_gfn(d, xrfp.gpfn, NULL, P2M_ALLOC);
++ if ( page )
++ {
++- guest_physmap_remove_page(d, _gfn(xrfp.gpfn),
++- _mfn(page_to_mfn(page)), 0);
+++ rc = guest_physmap_remove_page(d, _gfn(xrfp.gpfn),
+++ _mfn(page_to_mfn(page)), 0);
++ put_page(page);
++ }
++ else
++--- xen-4.8.1.orig/xen/drivers/passthrough/arm/smmu.c
+++++ xen-4.8.1/xen/drivers/passthrough/arm/smmu.c
++@@ -2786,9 +2786,7 @@ static int __must_check arm_smmu_unmap_p
++ if ( !is_domain_direct_mapped(d) )
++ return -EINVAL;
++
++- guest_physmap_remove_page(d, _gfn(gfn), _mfn(gfn), 0);
++-
++- return 0;
+++ return guest_physmap_remove_page(d, _gfn(gfn), _mfn(gfn), 0);
++ }
++
++ static const struct iommu_ops arm_smmu_iommu_ops = {
++--- xen-4.8.1.orig/xen/include/asm-arm/p2m.h
+++++ xen-4.8.1/xen/include/asm-arm/p2m.h
++@@ -268,10 +268,6 @@ static inline int guest_physmap_add_page
++ return guest_physmap_add_entry(d, gfn, mfn, page_order, p2m_ram_rw);
++ }
++
++-void guest_physmap_remove_page(struct domain *d,
++- gfn_t gfn,
++- mfn_t mfn, unsigned int page_order);
++-
++ mfn_t gfn_to_mfn(struct domain *d, gfn_t gfn);
++
++ /*
++--- xen-4.8.1.orig/xen/include/asm-x86/p2m.h
+++++ xen-4.8.1/xen/include/asm-x86/p2m.h
++@@ -561,10 +561,6 @@ static inline int guest_physmap_add_page
++ return guest_physmap_add_entry(d, gfn, mfn, page_order, p2m_ram_rw);
++ }
++
++-/* Remove a page from a domain's p2m table */
++-int guest_physmap_remove_page(struct domain *d,
++- gfn_t gfn, mfn_t mfn, unsigned int page_order);
++-
++ /* Set a p2m range as populate-on-demand */
++ int guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn,
++ unsigned int order);
++--- xen-4.8.1.orig/xen/include/xen/mm.h
+++++ xen-4.8.1/xen/include/xen/mm.h
++@@ -554,7 +554,7 @@ int xenmem_add_to_physmap_one(struct dom
++ unsigned long idx, gfn_t gfn);
++
++ /* Returns 0 on success, or negative on error. */
++-int guest_remove_page(struct domain *d, unsigned long gmfn);
+++int __must_check guest_remove_page(struct domain *d, unsigned long gmfn);
++
++ #define RAM_TYPE_CONVENTIONAL 0x00000001
++ #define RAM_TYPE_RESERVED 0x00000002
++--- xen-4.8.1.orig/xen/include/xen/p2m-common.h
+++++ xen-4.8.1/xen/include/xen/p2m-common.h
++@@ -1,6 +1,7 @@
++ #ifndef _XEN_P2M_COMMON_H
++ #define _XEN_P2M_COMMON_H
++
+++#include <xen/mm.h>
++ #include <public/vm_event.h>
++
++ /*
++@@ -33,6 +34,11 @@ typedef enum {
++ /* NOTE: Assumed to be only 4 bits right now on x86. */
++ } p2m_access_t;
++
+++/* Remove a page from a domain's p2m table */
+++int __must_check
+++guest_physmap_remove_page(struct domain *d, gfn_t gfn, mfn_t mfn,
+++ unsigned int page_order);
+++
++ /* Map MMIO regions in the p2m: start_gfn and nr describe the range in
++ * * the guest physical address space to map, starting from the machine
++ * * frame number mfn. */
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Tue, 2 May 2017 12:18:35 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u1 993a6534cae6d9ca2793799cfe369c9b3694ee1e
++Subject: multicall: deal with early exit conditions
++
++In particular changes to guest privilege level require the multicall
++sequence to be aborted, as hypercalls are permitted from kernel mode
++only. While likely not very useful in a multicall, also properly handle
++the return value in the HYPERVISOR_iret case (which should be the guest
++specified value).
++
++This is XSA-213.
++
++Reported-by: Jann Horn <jannh@google.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
++Acked-by: Julien Grall <julien.grall@arm.com>
++
++---
++
++--- xen-4.8.1.orig/xen/arch/arm/traps.c
+++++ xen-4.8.1/xen/arch/arm/traps.c
++@@ -1531,7 +1531,7 @@ static bool_t check_multicall_32bit_clea
++ return true;
++ }
++
++-void arch_do_multicall_call(struct mc_state *state)
+++enum mc_disposition arch_do_multicall_call(struct mc_state *state)
++ {
++ struct multicall_entry *multi = &state->call;
++ arm_hypercall_fn_t call = NULL;
++@@ -1539,23 +1539,26 @@ void arch_do_multicall_call(struct mc_st
++ if ( multi->op >= ARRAY_SIZE(arm_hypercall_table) )
++ {
++ multi->result = -ENOSYS;
++- return;
+++ return mc_continue;
++ }
++
++ call = arm_hypercall_table[multi->op].fn;
++ if ( call == NULL )
++ {
++ multi->result = -ENOSYS;
++- return;
+++ return mc_continue;
++ }
++
++ if ( is_32bit_domain(current->domain) &&
++ !check_multicall_32bit_clean(multi) )
++- return;
+++ return mc_continue;
++
++ multi->result = call(multi->args[0], multi->args[1],
++ multi->args[2], multi->args[3],
++ multi->args[4]);
+++
+++ return likely(!psr_mode_is_user(guest_cpu_user_regs()))
+++ ? mc_continue : mc_preempt;
++ }
++
++ /*
++--- xen-4.8.1.orig/xen/arch/x86/hypercall.c
+++++ xen-4.8.1/xen/arch/x86/hypercall.c
++@@ -255,15 +255,19 @@ void pv_hypercall(struct cpu_user_regs *
++ perfc_incr(hypercalls);
++ }
++
++-void arch_do_multicall_call(struct mc_state *state)
+++enum mc_disposition arch_do_multicall_call(struct mc_state *state)
++ {
++- if ( !is_pv_32bit_vcpu(current) )
+++ struct vcpu *curr = current;
+++ unsigned long op;
+++
+++ if ( !is_pv_32bit_vcpu(curr) )
++ {
++ struct multicall_entry *call = &state->call;
++
++- if ( (call->op < ARRAY_SIZE(pv_hypercall_table)) &&
++- pv_hypercall_table[call->op].native )
++- call->result = pv_hypercall_table[call->op].native(
+++ op = call->op;
+++ if ( (op < ARRAY_SIZE(pv_hypercall_table)) &&
+++ pv_hypercall_table[op].native )
+++ call->result = pv_hypercall_table[op].native(
++ call->args[0], call->args[1], call->args[2],
++ call->args[3], call->args[4], call->args[5]);
++ else
++@@ -274,15 +278,21 @@ void arch_do_multicall_call(struct mc_st
++ {
++ struct compat_multicall_entry *call = &state->compat_call;
++
++- if ( (call->op < ARRAY_SIZE(pv_hypercall_table)) &&
++- pv_hypercall_table[call->op].compat )
++- call->result = pv_hypercall_table[call->op].compat(
+++ op = call->op;
+++ if ( (op < ARRAY_SIZE(pv_hypercall_table)) &&
+++ pv_hypercall_table[op].compat )
+++ call->result = pv_hypercall_table[op].compat(
++ call->args[0], call->args[1], call->args[2],
++ call->args[3], call->args[4], call->args[5]);
++ else
++ call->result = -ENOSYS;
++ }
++ #endif
+++
+++ return unlikely(op == __HYPERVISOR_iret)
+++ ? mc_exit
+++ : likely(guest_kernel_mode(curr, guest_cpu_user_regs()))
+++ ? mc_continue : mc_preempt;
++ }
++
++ /*
++--- xen-4.8.1.orig/xen/common/multicall.c
+++++ xen-4.8.1/xen/common/multicall.c
++@@ -40,6 +40,7 @@ do_multicall(
++ struct mc_state *mcs = ¤t->mc_state;
++ uint32_t i;
++ int rc = 0;
+++ enum mc_disposition disp = mc_continue;
++
++ if ( unlikely(__test_and_set_bit(_MCSF_in_multicall, &mcs->flags)) )
++ {
++@@ -50,7 +51,7 @@ do_multicall(
++ if ( unlikely(!guest_handle_okay(call_list, nr_calls)) )
++ rc = -EFAULT;
++
++- for ( i = 0; !rc && i < nr_calls; i++ )
+++ for ( i = 0; !rc && disp == mc_continue && i < nr_calls; i++ )
++ {
++ if ( i && hypercall_preempt_check() )
++ goto preempted;
++@@ -63,7 +64,7 @@ do_multicall(
++
++ trace_multicall_call(&mcs->call);
++
++- arch_do_multicall_call(mcs);
+++ disp = arch_do_multicall_call(mcs);
++
++ #ifndef NDEBUG
++ {
++@@ -77,7 +78,14 @@ do_multicall(
++ }
++ #endif
++
++- if ( unlikely(__copy_field_to_guest(call_list, &mcs->call, result)) )
+++ if ( unlikely(disp == mc_exit) )
+++ {
+++ if ( __copy_field_to_guest(call_list, &mcs->call, result) )
+++ /* nothing, best effort only */;
+++ rc = mcs->call.result;
+++ }
+++ else if ( unlikely(__copy_field_to_guest(call_list, &mcs->call,
+++ result)) )
++ rc = -EFAULT;
++ else if ( mcs->flags & MCSF_call_preempted )
++ {
++@@ -93,6 +101,9 @@ do_multicall(
++ guest_handle_add_offset(call_list, 1);
++ }
++
+++ if ( unlikely(disp == mc_preempt) && i < nr_calls )
+++ goto preempted;
+++
++ perfc_incr(calls_to_multicall);
++ perfc_add(calls_from_multicall, i);
++ mcs->flags = 0;
++--- xen-4.8.1.orig/xen/include/xen/multicall.h
+++++ xen-4.8.1/xen/include/xen/multicall.h
++@@ -24,6 +24,10 @@ struct mc_state {
++ };
++ };
++
++-void arch_do_multicall_call(struct mc_state *mc);
+++enum mc_disposition {
+++ mc_continue,
+++ mc_exit,
+++ mc_preempt,
+++} arch_do_multicall_call(struct mc_state *mc);
++
++ #endif /* __XEN_MULTICALL_H__ */
--- /dev/null
--- /dev/null
++From: Ian Jackson <ian.jackson@citrix.com>
++Date: Fri, 28 Oct 2016 14:52:13 +0100
++X-Dgit-Generated: 4.8.1-1 b1ceff30c4420ee49c49761e183b4ee2a66e3ed4
++Subject: Rerun autogen.sh (stretch)
++
++Using autoconf 2.69-10 (amd64)
++
++Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
++
++---
++
++--- xen-4.8.1.orig/configure
+++++ xen-4.8.1/configure
++@@ -641,6 +641,7 @@ infodir
++ docdir
++ oldincludedir
++ includedir
+++runstatedir
++ localstatedir
++ sharedstatedir
++ sysconfdir
++@@ -717,6 +718,7 @@ datadir='${datarootdir}'
++ sysconfdir='${prefix}/etc'
++ sharedstatedir='${prefix}/com'
++ localstatedir='${prefix}/var'
+++runstatedir='${localstatedir}/run'
++ includedir='${prefix}/include'
++ oldincludedir='/usr/include'
++ docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
++@@ -969,6 +971,15 @@ do
++ | -silent | --silent | --silen | --sile | --sil)
++ silent=yes ;;
++
+++ -runstatedir | --runstatedir | --runstatedi | --runstated \
+++ | --runstate | --runstat | --runsta | --runst | --runs \
+++ | --run | --ru | --r)
+++ ac_prev=runstatedir ;;
+++ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+++ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+++ | --run=* | --ru=* | --r=*)
+++ runstatedir=$ac_optarg ;;
+++
++ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
++ ac_prev=sbindir ;;
++ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
++@@ -1106,7 +1117,7 @@ fi
++ for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
++ datadir sysconfdir sharedstatedir localstatedir includedir \
++ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
++- libdir localedir mandir
+++ libdir localedir mandir runstatedir
++ do
++ eval ac_val=\$$ac_var
++ # Remove trailing slashes.
++@@ -1259,6 +1270,7 @@ Fine tuning of the installation director
++ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
++ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
++ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+++ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
++ --libdir=DIR object code libraries [EPREFIX/lib]
++ --includedir=DIR C header files [PREFIX/include]
++ --oldincludedir=DIR C header files for non-gcc [/usr/include]
++--- xen-4.8.1.orig/docs/configure
+++++ xen-4.8.1/docs/configure
++@@ -632,6 +632,7 @@ infodir
++ docdir
++ oldincludedir
++ includedir
+++runstatedir
++ localstatedir
++ sharedstatedir
++ sysconfdir
++@@ -707,6 +708,7 @@ datadir='${datarootdir}'
++ sysconfdir='${prefix}/etc'
++ sharedstatedir='${prefix}/com'
++ localstatedir='${prefix}/var'
+++runstatedir='${localstatedir}/run'
++ includedir='${prefix}/include'
++ oldincludedir='/usr/include'
++ docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
++@@ -959,6 +961,15 @@ do
++ | -silent | --silent | --silen | --sile | --sil)
++ silent=yes ;;
++
+++ -runstatedir | --runstatedir | --runstatedi | --runstated \
+++ | --runstate | --runstat | --runsta | --runst | --runs \
+++ | --run | --ru | --r)
+++ ac_prev=runstatedir ;;
+++ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+++ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+++ | --run=* | --ru=* | --r=*)
+++ runstatedir=$ac_optarg ;;
+++
++ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
++ ac_prev=sbindir ;;
++ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
++@@ -1096,7 +1107,7 @@ fi
++ for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
++ datadir sysconfdir sharedstatedir localstatedir includedir \
++ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
++- libdir localedir mandir
+++ libdir localedir mandir runstatedir
++ do
++ eval ac_val=\$$ac_var
++ # Remove trailing slashes.
++@@ -1249,6 +1260,7 @@ Fine tuning of the installation director
++ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
++ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
++ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+++ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
++ --libdir=DIR object code libraries [EPREFIX/lib]
++ --includedir=DIR C header files [PREFIX/include]
++ --oldincludedir=DIR C header files for non-gcc [/usr/include]
++--- xen-4.8.1.orig/stubdom/configure
+++++ xen-4.8.1/stubdom/configure
++@@ -659,6 +659,7 @@ infodir
++ docdir
++ oldincludedir
++ includedir
+++runstatedir
++ localstatedir
++ sharedstatedir
++ sysconfdir
++@@ -748,6 +749,7 @@ datadir='${datarootdir}'
++ sysconfdir='${prefix}/etc'
++ sharedstatedir='${prefix}/com'
++ localstatedir='${prefix}/var'
+++runstatedir='${localstatedir}/run'
++ includedir='${prefix}/include'
++ oldincludedir='/usr/include'
++ docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
++@@ -1000,6 +1002,15 @@ do
++ | -silent | --silent | --silen | --sile | --sil)
++ silent=yes ;;
++
+++ -runstatedir | --runstatedir | --runstatedi | --runstated \
+++ | --runstate | --runstat | --runsta | --runst | --runs \
+++ | --run | --ru | --r)
+++ ac_prev=runstatedir ;;
+++ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+++ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+++ | --run=* | --ru=* | --r=*)
+++ runstatedir=$ac_optarg ;;
+++
++ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
++ ac_prev=sbindir ;;
++ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
++@@ -1137,7 +1148,7 @@ fi
++ for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
++ datadir sysconfdir sharedstatedir localstatedir includedir \
++ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
++- libdir localedir mandir
+++ libdir localedir mandir runstatedir
++ do
++ eval ac_val=\$$ac_var
++ # Remove trailing slashes.
++@@ -1290,6 +1301,7 @@ Fine tuning of the installation director
++ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
++ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
++ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+++ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
++ --libdir=DIR object code libraries [EPREFIX/lib]
++ --includedir=DIR C header files [PREFIX/include]
++ --oldincludedir=DIR C header files for non-gcc [/usr/include]
++--- xen-4.8.1.orig/tools/configure
+++++ xen-4.8.1/tools/configure
++@@ -767,6 +767,7 @@ infodir
++ docdir
++ oldincludedir
++ includedir
+++runstatedir
++ localstatedir
++ sharedstatedir
++ sysconfdir
++@@ -889,6 +890,7 @@ datadir='${datarootdir}'
++ sysconfdir='${prefix}/etc'
++ sharedstatedir='${prefix}/com'
++ localstatedir='${prefix}/var'
+++runstatedir='${localstatedir}/run'
++ includedir='${prefix}/include'
++ oldincludedir='/usr/include'
++ docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
++@@ -1141,6 +1143,15 @@ do
++ | -silent | --silent | --silen | --sile | --sil)
++ silent=yes ;;
++
+++ -runstatedir | --runstatedir | --runstatedi | --runstated \
+++ | --runstate | --runstat | --runsta | --runst | --runs \
+++ | --run | --ru | --r)
+++ ac_prev=runstatedir ;;
+++ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+++ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+++ | --run=* | --ru=* | --r=*)
+++ runstatedir=$ac_optarg ;;
+++
++ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
++ ac_prev=sbindir ;;
++ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
++@@ -1278,7 +1289,7 @@ fi
++ for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
++ datadir sysconfdir sharedstatedir localstatedir includedir \
++ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
++- libdir localedir mandir
+++ libdir localedir mandir runstatedir
++ do
++ eval ac_val=\$$ac_var
++ # Remove trailing slashes.
++@@ -1431,6 +1442,7 @@ Fine tuning of the installation director
++ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
++ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
++ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+++ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
++ --libdir=DIR object code libraries [EPREFIX/lib]
++ --includedir=DIR C header files [PREFIX/include]
++ --oldincludedir=DIR C header files for non-gcc [/usr/include]
--- /dev/null
--- /dev/null
++rerun-autogen.sh-stretch
++version.diff
++config-prefix.diff
++tools-libfsimage-abiname.diff
++tools-libxc-abiname.diff
++tools-libxl-abiname.diff
++tools-xenstat-abiname.diff
++tools-rpath.diff
++tools-blktap2-prefix.diff
++tools-console-prefix.diff
++tools-libfsimage-prefix.diff
++tools-libxl-prefix.diff
++tools-misc-prefix.diff
++tools-pygrub-prefix.diff
++tools-python-prefix.diff
++tools-xcutils-rpath.diff
++tools-xenmon-prefix.diff
++tools-xenpaging-prefix.diff
++tools-xenpmd-prefix.diff
++tools-xenstat-prefix.diff
++tools-xenstore-prefix.diff
++tools-xentrace-prefix.diff
++tools-pygrub-remove-static-solaris-support
++tools-include-install.diff
++tools-xenmon-install.diff
++tools-xenstore-compatibility.diff
++ubuntu-tools-libs-abiname.diff
++toolstestsx86_emulator-pass--no-pie--fno
++multicall-deal-with-early-exit-condition
++x86-discard-type-information-when-steali
++x86mm-disallow-page-stealing-from-hvm-do
++gnttab-fix-unmap-pin-accounting-race
++gnttab-avoid-potential-double-put-of-map
++gnttab-correct-maptrack-table-accesses
++x86shadow-hold-references-for-the-durati
++x86-avoid-leaking-pkru-and-bnd-between-v
++evtchn-avoid-null-derefs
++xenmemory-fix-return-value-handing-of-gu
++guest_physmap_remove_page-needs-its-retu
++arm-vgic-dont-update-the-lr-when-the-irq
++gnttab-fix-handling-of-dev_bus_addr-duri
++gnttab-never-create-host-mapping-unless-
++gnttab-correct-logic-to-get-page-referen
++gnttab-__gnttab_unmap_common_complete-is
++xenarm-vgic-sanitize-target-mask-used-to
++gnttab-dont-use-possibly-unbounded-tail-
++gnttab-fix-transitive-grant-handling
++x86grant-disallow-misaligned-ptes
++gnttab-split-maptrack-lock-to-make-it-fu
++gnttab-correct-pin-status-fixup-for-copy
++armmm-release-grant-lock-on-xenmem_add_t
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:46:53 +0200
++X-Dgit-Generated: 4.8.1-1 ad82a5763c9d4ebeb72fa838c4abc77b72596370
++Subject: tools-blktap2-prefix.diff
++
++Patch-Name: tools-blktap2-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/tools/blktap2/control/Makefile
+++++ xen-4.8.1/tools/blktap2/control/Makefile
++@@ -1,10 +1,7 @@
++ XEN_ROOT := $(CURDIR)/../../../
++ include $(XEN_ROOT)/tools/Rules.mk
++
++-MAJOR = 1.0
++-MINOR = 0
++ LIBNAME = libblktapctl
++-LIBSONAME = $(LIBNAME).so.$(MAJOR)
++
++ IBIN = tap-ctl
++
++@@ -38,39 +35,32 @@ OBJS = $(CTL_OBJS) tap-ctl.o
++ PICS = $(CTL_PICS)
++
++ LIB_STATIC = $(LIBNAME).a
++-LIB_SHARED = $(LIBSONAME).$(MINOR)
+++LIB_SHARED = $(LIBNAME).so
++ IBIN = tap-ctl
++
++ all: build
++
++ build: $(IBIN) $(LIB_STATIC) $(LIB_SHARED)
++
++-$(LIBNAME).so: $(LIBSONAME)
++- ln -sf $< $@
++-
++-$(LIBSONAME): $(LIB_SHARED)
++- ln -sf $< $@
++-
++ tap-ctl: tap-ctl.o $(LIBNAME).so
++- $(CC) $(LDFLAGS) -o $@ $^ $(APPEND_LDFLAGS)
+++ $(CC) $(LDFLAGS) $(call LDFLAGS_RPATH,../lib) -o $@ $^ $(APPEND_LDFLAGS)
++
++ $(LIB_STATIC): $(CTL_OBJS)
++ $(AR) r $@ $^
++
++ $(LIB_SHARED): $(CTL_PICS)
++- $(CC) $(LDFLAGS) -fPIC -Wl,$(SONAME_LDFLAG) -Wl,$(LIBSONAME) $(SHLIB_LDFLAGS) -rdynamic $^ -o $@ $(APPEND_LDFLAGS)
+++ $(CC) $(LDFLAGS) -fPIC $(SHLIB_LDFLAGS) -rdynamic $^ -o $@ $(APPEND_LDFLAGS)
++
++ install: $(IBIN) $(LIB_STATIC) $(LIB_SHARED)
++- $(INSTALL_DIR) -p $(DESTDIR)$(sbindir)
++- $(INSTALL_PROG) $(IBIN) $(DESTDIR)$(sbindir)
+++ $(INSTALL_DIR) -p $(DESTDIR)$(libdir)
+++ $(INSTALL_DIR) -p $(DESTDIR)$(LIBEXEC_BIN)
+++ $(INSTALL_DIR) -p $(DESTDIR)$(LIBEXEC_LIB)
+++ $(INSTALL_PROG) $(IBIN) $(DESTDIR)$(LIBEXEC_BIN)
++ $(INSTALL_DATA) $(LIB_STATIC) $(DESTDIR)$(libdir)
++- $(INSTALL_PROG) $(LIB_SHARED) $(DESTDIR)$(libdir)
++- ln -sf $(LIBSONAME) $(DESTDIR)$(libdir)/$(LIBNAME).so
++- ln -sf $(LIB_SHARED) $(DESTDIR)$(libdir)/$(LIBSONAME)
+++ $(INSTALL_PROG) $(LIB_SHARED) $(DESTDIR)$(LIBEXEC_LIB)
++
++ clean:
++ rm -f $(OBJS) $(PICS) $(DEPS) $(IBIN) $(LIB_STATIC) $(LIB_SHARED)
++- rm -f $(LIBNAME).so $(LIBSONAME)
++ rm -f *~
++
++ distclean: clean
++--- xen-4.8.1.orig/tools/blktap2/vhd/Makefile
+++++ xen-4.8.1/tools/blktap2/vhd/Makefile
++@@ -12,6 +12,7 @@ CFLAGS += -Werror
++ CFLAGS += -Wno-unused
++ CFLAGS += -I../include
++ CFLAGS += -D_GNU_SOURCE
+++CFLAGS += $(CFLAGS_libxenctrl)
++
++ ifeq ($(CONFIG_X86_64),y)
++ CFLAGS += -fPIC
++--- xen-4.8.1.orig/tools/blktap2/vhd/lib/Makefile
+++++ xen-4.8.1/tools/blktap2/vhd/lib/Makefile
++@@ -2,25 +2,19 @@ XEN_ROOT=$(CURDIR)/../../../..
++ BLKTAP_ROOT := ../..
++ include $(XEN_ROOT)/tools/Rules.mk
++
++-LIBVHD-MAJOR = 1.0
++-LIBVHD-MINOR = 0
++-LIBVHD-SONAME = libvhd.so.$(LIBVHD-MAJOR)
++-
++ LVM-UTIL-OBJ := $(BLKTAP_ROOT)/lvm/lvm-util.o
++
++-LIBVHD-BUILD := libvhd.a
++-
++-INST-DIR = $(libdir)
++-
++ CFLAGS += -Werror
++ CFLAGS += -Wno-unused
++ CFLAGS += -I../../include
++ CFLAGS += -D_GNU_SOURCE
++ CFLAGS += -fPIC
+++CFLAGS += $(CFLAGS_libxenctrl)
++
++ ifeq ($(CONFIG_Linux),y)
++ LIBS := -luuid
++ endif
+++LDFLAGS += $(LDFLAGS_libxenctrl) $(call LDFLAGS_RPATH)
++
++ ifeq ($(CONFIG_LIBICONV),y)
++ LIBS += -liconv
++@@ -50,27 +44,22 @@ LIB-OBJS += $(LVM-UTIL-OBJ)
++
++ LIB-PICOBJS = $(patsubst %.o,%.opic,$(LIB-OBJS))
++
++-LIBVHD = libvhd.a libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR)
+++LIBVHD = libvhd.a libvhd.so
++
++ all: build
++
++-build: libvhd.a libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR)
+++build: libvhd.a libvhd.so
++
++ libvhd.a: $(LIB-OBJS)
++ $(AR) rc $@ $^
++
++-libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR): $(LIB-PICOBJS)
++- $(CC) -Wl,$(SONAME_LDFLAG),$(LIBVHD-SONAME) $(SHLIB_LDFLAGS) \
++- $(LDFLAGS) -o libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR) $^ $(LIBS)
++- ln -sf libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR) libvhd.so.$(LIBVHD-MAJOR)
++- ln -sf libvhd.so.$(LIBVHD-MAJOR) libvhd.so
+++libvhd.so: $(LIB-PICOBJS)
+++ $(CC) $(SHLIB_LDFLAGS) $(LDFLAGS) -o libvhd.so $^ $(LIBS)
++
++ install: all
++- $(INSTALL_DIR) -p $(DESTDIR)$(INST-DIR)
++- $(INSTALL_DATA) libvhd.a $(DESTDIR)$(INST-DIR)
++- $(INSTALL_PROG) libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR) $(DESTDIR)$(INST-DIR)
++- ln -sf libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR) $(DESTDIR)$(INST-DIR)/libvhd.so.$(LIBVHD-MAJOR)
++- ln -sf libvhd.so.$(LIBVHD-MAJOR) $(DESTDIR)$(INST-DIR)/libvhd.so
+++ $(INSTALL_DIR) -p $(DESTDIR)$(libdir)
+++ $(INSTALL_DATA) libvhd.a $(DESTDIR)$(libdir)
+++ $(INSTALL_PROG) libvhd.so $(DESTDIR)$(libdir)
++
++ clean:
++ rm -rf *.a *.so* *.o *.opic *~ $(DEPS) $(LIBVHD)
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:46:54 +0200
++X-Dgit-Generated: 4.8.1-1 54721627e1abd8f67827b3383ddfa6c174b572b9
++Subject: tools-console-prefix.diff
++
++Patch-Name: tools-console-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/tools/console/Makefile
+++++ xen-4.8.1/tools/console/Makefile
++@@ -8,6 +8,7 @@ CFLAGS += $(CFLAGS_libxenstore)
++ LDLIBS += $(LDLIBS_libxenctrl)
++ LDLIBS += $(LDLIBS_libxenstore)
++ LDLIBS += $(SOCKET_LIBS)
+++LDFLAGS += $(call LDFLAGS_RPATH,../lib)
++
++ LDLIBS_xenconsoled += $(UTIL_LIBS)
++ LDLIBS_xenconsoled += -lrt
++@@ -44,9 +45,7 @@ $(eval $(genpath-target))
++
++ .PHONY: install
++ install: $(BIN)
++- $(INSTALL_DIR) $(DESTDIR)/$(sbindir)
++- $(INSTALL_PROG) xenconsoled $(DESTDIR)/$(sbindir)
++ $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN)
++- $(INSTALL_PROG) xenconsole $(DESTDIR)$(LIBEXEC_BIN)
+++ $(INSTALL_PROG) xenconsole xenconsoled $(DESTDIR)$(LIBEXEC_BIN)
++
++ -include $(DEPS)
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:47:30 +0200
++X-Dgit-Generated: 4.8.1-1 732acd91e545566bca164b886afa82027df7c463
++Subject: tools-include-install.diff
++
++Patch-Name: tools-include-install.diff
++
++---
++
++--- xen-4.8.1.orig/tools/include/Makefile
+++++ xen-4.8.1/tools/include/Makefile
++@@ -14,7 +14,6 @@ xen-foreign:
++ xen/.dir:
++ @rm -rf xen
++ mkdir -p xen/libelf
++- ln -sf $(XEN_ROOT)/xen/include/public/COPYING xen
++ ln -sf $(wildcard $(XEN_ROOT)/xen/include/public/*.h) xen
++ ln -sf $(addprefix $(XEN_ROOT)/xen/include/public/,arch-x86 arch-arm hvm io xsm) xen
++ ln -sf ../xen-sys/$(XEN_OS) xen/sys
++@@ -43,7 +42,6 @@ install: all
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)/xen/io
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)/xen/sys
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)/xen/xsm
++- $(INSTALL_DATA) xen/COPYING $(DESTDIR)$(includedir)/xen
++ $(INSTALL_DATA) xen/*.h $(DESTDIR)$(includedir)/xen
++ $(INSTALL_DATA) xen/arch-x86/*.h $(DESTDIR)$(includedir)/xen/arch-x86
++ $(INSTALL_DATA) xen/arch-x86/hvm/*.h $(DESTDIR)$(includedir)/xen/arch-x86/hvm
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:46:47 +0200
++X-Dgit-Generated: 4.8.1-1 2a020aa59aec69c1d00f3fb8c86b188873e802ea
++Subject: tools-libfsimage-abiname.diff
++
++Patch-Name: tools-libfsimage-abiname.diff
++
++---
++
++--- xen-4.8.1.orig/tools/libfsimage/common/Makefile
+++++ xen-4.8.1/tools/libfsimage/common/Makefile
++@@ -1,9 +1,6 @@
++ XEN_ROOT = $(CURDIR)/../../..
++ include $(XEN_ROOT)/tools/libfsimage/Rules.mk
++
++-MAJOR = 1.0
++-MINOR = 0
++-
++ LDFLAGS-$(CONFIG_SunOS) = -Wl,-M -Wl,mapfile-SunOS
++ LDFLAGS-$(CONFIG_Linux) = -Wl,mapfile-GNU
++ LDFLAGS = $(LDFLAGS-y)
++@@ -15,7 +12,7 @@ LIB_SRCS-y = fsimage.c fsimage_plugin.c
++
++ PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y))
++
++-LIB = libfsimage.so libfsimage.so.$(MAJOR) libfsimage.so.$(MAJOR).$(MINOR)
+++LIB = libfsimage.so
++
++ .PHONY: all
++ all: $(LIB)
++@@ -24,9 +21,7 @@ all: $(LIB)
++ install: all
++ $(INSTALL_DIR) $(DESTDIR)$(libdir)
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)
++- $(INSTALL_PROG) libfsimage.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
++- ln -sf libfsimage.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libfsimage.so.$(MAJOR)
++- ln -sf libfsimage.so.$(MAJOR) $(DESTDIR)$(libdir)/libfsimage.so
+++ $(INSTALL_PROG) libfsimage.so $(DESTDIR)$(libdir)
++ $(INSTALL_DATA) fsimage.h $(DESTDIR)$(includedir)
++ $(INSTALL_DATA) fsimage_plugin.h $(DESTDIR)$(includedir)
++ $(INSTALL_DATA) fsimage_grub.h $(DESTDIR)$(includedir)
++@@ -34,13 +29,8 @@ install: all
++ clean distclean::
++ rm -f $(LIB)
++
++-libfsimage.so: libfsimage.so.$(MAJOR)
++- ln -sf $< $@
++-libfsimage.so.$(MAJOR): libfsimage.so.$(MAJOR).$(MINOR)
++- ln -sf $< $@
++-
++-libfsimage.so.$(MAJOR).$(MINOR): $(PIC_OBJS)
++- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libfsimage.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
+++libfsimage.so: $(PIC_OBJS)
+++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $^ $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
++
++ -include $(DEPS)
++
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:46:55 +0200
++X-Dgit-Generated: 4.8.1-1 0fc6ef9d31deed6668d7f18924664cbde155ea85
++Subject: tools-libfsimage-prefix.diff
++
++Patch-Name: tools-libfsimage-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/tools/libfsimage/Rules.mk
+++++ xen-4.8.1/tools/libfsimage/Rules.mk
++@@ -3,10 +3,11 @@ include $(XEN_ROOT)/tools/Rules.mk
++ CFLAGS += -Wno-unknown-pragmas -I$(XEN_ROOT)/tools/libfsimage/common/ -DFSIMAGE_FSDIR=\"$(FSDIR)\"
++ CFLAGS += -Werror -D_GNU_SOURCE
++ LDFLAGS += -L../common/
+++LDFLAGS += $(call LDFLAGS_RPATH,../..)
++
++ PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y))
++
++-FSDIR = $(libdir)/fs
+++FSDIR = $(LIBEXEC_LIB)/fs
++
++ FSLIB = fsimage.so
++
++--- xen-4.8.1.orig/tools/libfsimage/common/Makefile
+++++ xen-4.8.1/tools/libfsimage/common/Makefile
++@@ -1,6 +1,8 @@
++ XEN_ROOT = $(CURDIR)/../../..
++ include $(XEN_ROOT)/tools/libfsimage/Rules.mk
++
+++CFLAGS += -DFSDIR="\"$(LIBEXEC_LIB)/fs\""
+++
++ LDFLAGS-$(CONFIG_SunOS) = -Wl,-M -Wl,mapfile-SunOS
++ LDFLAGS-$(CONFIG_Linux) = -Wl,mapfile-GNU
++ LDFLAGS = $(LDFLAGS-y)
++@@ -19,9 +21,9 @@ all: $(LIB)
++
++ .PHONY: install
++ install: all
++- $(INSTALL_DIR) $(DESTDIR)$(libdir)
+++ $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_LIB)
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)
++- $(INSTALL_PROG) libfsimage.so $(DESTDIR)$(libdir)
+++ $(INSTALL_PROG) libfsimage.so $(DESTDIR)$(LIBEXEC_LIB)
++ $(INSTALL_DATA) fsimage.h $(DESTDIR)$(includedir)
++ $(INSTALL_DATA) fsimage_plugin.h $(DESTDIR)$(includedir)
++ $(INSTALL_DATA) fsimage_grub.h $(DESTDIR)$(includedir)
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:46:48 +0200
++X-Dgit-Generated: 4.8.1-1 45ad000e7e61a57a78bca482c464c78badbfeab5
++Subject: tools-libxc-abiname.diff
++
++Patch-Name: tools-libxc-abiname.diff
++
++---
++
++--- xen-4.8.1.orig/tools/libxc/Makefile
+++++ xen-4.8.1/tools/libxc/Makefile
++@@ -1,9 +1,6 @@
++ XEN_ROOT = $(CURDIR)/../..
++ include $(XEN_ROOT)/tools/Rules.mk
++
++-MAJOR = 4.8
++-MINOR = 0
++-
++ ifeq ($(CONFIG_LIBXC_MINIOS),y)
++ # Save/restore of a domain is currently incompatible with a stubdom environment
++ override CONFIG_MIGRATE := n
++@@ -132,12 +129,12 @@ $(CTRL_LIB_OBJS) $(CTRL_PIC_OBJS): CFLAG
++
++ LIB := libxenctrl.a
++ ifneq ($(nosharedlibs),y)
++-LIB += libxenctrl.so libxenctrl.so.$(MAJOR) libxenctrl.so.$(MAJOR).$(MINOR)
+++LIB += libxenctrl.so libxenctrl-$(PACKAGE_VERSION).so
++ endif
++
++ LIB += libxenguest.a
++ ifneq ($(nosharedlibs),y)
++-LIB += libxenguest.so libxenguest.so.$(MAJOR) libxenguest.so.$(MAJOR).$(MINOR)
+++LIB += libxenguest.so libxenguest-$(PACKAGE_VERSION).so
++ endif
++
++ genpath-target = $(call buildmakevars2header,_paths.h)
++@@ -171,15 +168,13 @@ libs: $(LIB)
++ install: build
++ $(INSTALL_DIR) $(DESTDIR)$(libdir)
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)
++- $(INSTALL_SHLIB) libxenctrl.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
+++ $(INSTALL_SHLIB) libxenctrl-$(PACKAGE_VERSION).so $(DESTDIR)$(libdir)
+++ $(SYMLINK_SHLIB) libxenctrl-$(PACKAGE_VERSION).so $(DESTDIR)$(libdir)/libxenctrl.so
++ $(INSTALL_DATA) libxenctrl.a $(DESTDIR)$(libdir)
++- $(SYMLINK_SHLIB) libxenctrl.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenctrl.so.$(MAJOR)
++- $(SYMLINK_SHLIB) libxenctrl.so.$(MAJOR) $(DESTDIR)$(libdir)/libxenctrl.so
++ $(INSTALL_DATA) include/xenctrl.h include/xenctrl_compat.h $(DESTDIR)$(includedir)
++- $(INSTALL_SHLIB) libxenguest.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
+++ $(INSTALL_SHLIB) libxenguest-$(PACKAGE_VERSION).so $(DESTDIR)$(libdir)
+++ $(SYMLINK_SHLIB) libxenguest-$(PACKAGE_VERSION).so $(DESTDIR)$(libdir)/libxenguest.so
++ $(INSTALL_DATA) libxenguest.a $(DESTDIR)$(libdir)
++- $(SYMLINK_SHLIB) libxenguest.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenguest.so.$(MAJOR)
++- $(SYMLINK_SHLIB) libxenguest.so.$(MAJOR) $(DESTDIR)$(libdir)/libxenguest.so
++ $(INSTALL_DATA) include/xenguest.h $(DESTDIR)$(includedir)
++
++ .PHONY: TAGS
++@@ -211,22 +206,18 @@ rpm: build
++ libxenctrl.a: $(CTRL_LIB_OBJS)
++ $(AR) rc $@ $^
++
++-libxenctrl.so: libxenctrl.so.$(MAJOR)
++- $(SYMLINK_SHLIB) $< $@
++-libxenctrl.so.$(MAJOR): libxenctrl.so.$(MAJOR).$(MINOR)
+++libxenctrl.so: libxenctrl-$(PACKAGE_VERSION).so
++ $(SYMLINK_SHLIB) $< $@
++
++-libxenctrl.so.$(MAJOR).$(MINOR): $(CTRL_PIC_OBJS)
++- $(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenctrl.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(LDLIBS_libxentoollog) $(LDLIBS_libxenevtchn) $(LDLIBS_libxengnttab) $(LDLIBS_libxengntshr) $(LDLIBS_libxencall) $(LDLIBS_libxenforeignmemory) $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
+++libxenctrl-$(PACKAGE_VERSION).so: $(CTRL_PIC_OBJS)
+++ $(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $^ $(LDLIBS_libxentoollog) $(LDLIBS_libxenevtchn) $(LDLIBS_libxengnttab) $(LDLIBS_libxengntshr) $(LDLIBS_libxencall) $(LDLIBS_libxenforeignmemory) $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
++
++ # libxenguest
++
++ libxenguest.a: $(GUEST_LIB_OBJS)
++ $(AR) rc $@ $^
++
++-libxenguest.so: libxenguest.so.$(MAJOR)
++- $(SYMLINK_SHLIB) $< $@
++-libxenguest.so.$(MAJOR): libxenguest.so.$(MAJOR).$(MINOR)
+++libxenguest.so: libxenguest-$(PACKAGE_VERSION).so
++ $(SYMLINK_SHLIB) $< $@
++
++ ifeq ($(CONFIG_MiniOS),y)
++@@ -238,9 +229,9 @@ endif
++ xc_dom_bzimageloader.o: CFLAGS += $(filter -D%,$(zlib-options))
++ xc_dom_bzimageloader.opic: CFLAGS += $(filter -D%,$(zlib-options))
++
++-libxenguest.so.$(MAJOR).$(MINOR): COMPRESSION_LIBS = $(filter -l%,$(zlib-options))
++-libxenguest.so.$(MAJOR).$(MINOR): $(GUEST_PIC_OBJS) libxenctrl.so
++- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenguest.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(GUEST_PIC_OBJS) $(COMPRESSION_LIBS) -lz $(LDLIBS_libxenevtchn) $(LDLIBS_libxenctrl) $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
+++libxenguest-$(PACKAGE_VERSION).so: COMPRESSION_LIBS = $(call zlib-options,l)
+++libxenguest-$(PACKAGE_VERSION).so: $(GUEST_PIC_OBJS) libxenctrl-$(PACKAGE_VERSION).so
+++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $(GUEST_PIC_OBJS) $(COMPRESSION_LIBS) -lz $(LDLIBS_libxenevtchn) $(LDLIBS_libxenctrl) $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
++
++ -include $(DEPS)
++
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:46:49 +0200
++X-Dgit-Generated: 4.8.1-1 b6860f8b5e4980eedd3e75e5e81be73343d92558
++Subject: tools-libxl-abiname.diff
++
++Patch-Name: tools-libxl-abiname.diff
++
++---
++
++--- xen-4.8.1.orig/tools/libxl/Makefile
+++++ xen-4.8.1/tools/libxl/Makefile
++@@ -5,12 +5,6 @@
++ XEN_ROOT = $(CURDIR)/../..
++ include $(XEN_ROOT)/tools/Rules.mk
++
++-MAJOR = 4.8
++-MINOR = 0
++-
++-XLUMAJOR = 4.8
++-XLUMINOR = 0
++-
++ CFLAGS += -Werror -Wno-format-zero-length -Wmissing-declarations \
++ -Wno-declaration-after-statement -Wformat-nonliteral
++ CFLAGS += -I. -fPIC
++@@ -258,29 +252,23 @@ _libxl_type%.h _libxl_type%_json.h _libx
++ $(call move-if-changed,__libxl_type$*_json.h,_libxl_type$*_json.h)
++ $(call move-if-changed,__libxl_type$*.c,_libxl_type$*.c)
++
++-libxenlight.so: libxenlight.so.$(MAJOR)
++- $(SYMLINK_SHLIB) $< $@
++-
++-libxenlight.so.$(MAJOR): libxenlight.so.$(MAJOR).$(MINOR)
+++libxenlight.so: libxenlight-$(PACKAGE_VERSION).so
++ $(SYMLINK_SHLIB) $< $@
++
++-libxenlight.so.$(MAJOR).$(MINOR): $(LIBXL_OBJS)
++- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenlight.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXL_LIBS) $(APPEND_LDFLAGS)
+++libxenlight-$(PACKAGE_VERSION).so: $(LIBXL_OBJS)
+++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXL_LIBS) $(APPEND_LDFLAGS)
++
++ libxenlight_test.so: $(LIBXL_OBJS) $(LIBXL_TEST_OBJS)
++- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenlight.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXL_LIBS) $(APPEND_LDFLAGS)
+++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXL_LIBS) $(APPEND_LDFLAGS)
++
++ libxenlight.a: $(LIBXL_OBJS)
++ $(AR) rcs libxenlight.a $^
++
++-libxlutil.so: libxlutil.so.$(XLUMAJOR)
++- $(SYMLINK_SHLIB) $< $@
++-
++-libxlutil.so.$(XLUMAJOR): libxlutil.so.$(XLUMAJOR).$(XLUMINOR)
+++libxlutil.so: libxlutil-$(PACKAGE_VERSION).so
++ $(SYMLINK_SHLIB) $< $@
++
++-libxlutil.so.$(XLUMAJOR).$(XLUMINOR): $(LIBXLU_OBJS) libxenlight.so
++- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxlutil.so.$(XLUMAJOR) $(SHLIB_LDFLAGS) -o $@ $(LIBXLU_OBJS) $(LIBXLU_LIBS) $(APPEND_LDFLAGS)
+++libxlutil-$(PACKAGE_VERSION).so: $(LIBXLU_OBJS) libxenlight.so
+++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $(LIBXLU_OBJS) $(LIBXLU_LIBS) $(APPEND_LDFLAGS)
++
++ libxlutil.a: $(LIBXLU_OBJS)
++ $(AR) rcs libxlutil.a $^
++@@ -298,7 +286,7 @@ testidl: testidl.o libxlutil.so libxenli
++ $(CC) $(LDFLAGS) -o $@ testidl.o libxlutil.so $(LDLIBS_libxenlight) $(LDLIBS_libxentoollog) $(APPEND_LDFLAGS)
++
++ $(PKG_CONFIG): % : %.in Makefile
++- @sed -e 's/@@version@@/$(MAJOR).$(MINOR)/g' < $< > $@.new
+++ @sed -e 's/@@version@@/$(PACKAGE_VERSION)/g' < $< > $@.new
++ @mv -f $@.new $@
++
++ .PHONY: install
++@@ -311,13 +299,11 @@ install: all
++ $(INSTALL_DIR) $(DESTDIR)$(PKG_INSTALLDIR)
++ $(INSTALL_PROG) xl $(DESTDIR)$(sbindir)
++ $(INSTALL_PROG) libxl-save-helper $(DESTDIR)$(LIBEXEC_BIN)
++- $(INSTALL_SHLIB) libxenlight.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
++- $(SYMLINK_SHLIB) libxenlight.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenlight.so.$(MAJOR)
++- $(SYMLINK_SHLIB) libxenlight.so.$(MAJOR) $(DESTDIR)$(libdir)/libxenlight.so
+++ $(INSTALL_SHLIB) libxenlight-$(PACKAGE_VERSION).so $(DESTDIR)$(libdir)
+++ $(SYMLINK_SHLIB) libxenlight-$(PACKAGE_VERSION).so $(DESTDIR)$(libdir)/libxenlight.so
++ $(INSTALL_DATA) libxenlight.a $(DESTDIR)$(libdir)
++- $(INSTALL_SHLIB) libxlutil.so.$(XLUMAJOR).$(XLUMINOR) $(DESTDIR)$(libdir)
++- $(SYMLINK_SHLIB) libxlutil.so.$(XLUMAJOR).$(XLUMINOR) $(DESTDIR)$(libdir)/libxlutil.so.$(XLUMAJOR)
++- $(SYMLINK_SHLIB) libxlutil.so.$(XLUMAJOR) $(DESTDIR)$(libdir)/libxlutil.so
+++ $(INSTALL_SHLIB) libxlutil-$(PACKAGE_VERSION).so $(DESTDIR)$(libdir)
+++ $(SYMLINK_SHLIB) libxlutil-$(PACKAGE_VERSION).so $(DESTDIR)$(libdir)/libxlutil.so
++ $(INSTALL_DATA) libxlutil.a $(DESTDIR)$(libdir)
++ $(INSTALL_DATA) libxl.h libxl_event.h libxl_json.h _libxl_types.h _libxl_types_json.h _libxl_list.h libxl_utils.h libxl_uuid.h libxlutil.h $(DESTDIR)$(includedir)
++ $(INSTALL_DATA) bash-completion $(DESTDIR)$(BASH_COMPLETION_DIR)/xl.sh
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:46:57 +0200
++X-Dgit-Generated: 4.8.1-1 0c590f711182ecc6c0aaee5fc0bf89f384c98fce
++Subject: tools-libxl-prefix.diff
++
++Patch-Name: tools-libxl-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/tools/libxl/Makefile
+++++ xen-4.8.1/tools/libxl/Makefile
++@@ -12,6 +12,8 @@ CFLAGS += -I. -fPIC
++ ifeq ($(CONFIG_Linux),y)
++ LIBUUID_LIBS += -luuid
++ endif
+++LDFLAGS_XL = $(call LDFLAGS_RPATH,../lib)
+++LDFLAGS_LIBXL = $(call LDFLAGS_RPATH)
++
++ LIBXL_LIBS =
++ LIBXL_LIBS = $(LDLIBS_libxentoollog) $(LDLIBS_libxenevtchn) $(LDLIBS_libxenctrl) $(LDLIBS_libxenguest) $(LDLIBS_libxenstore) $(LDLIBS_libblktapctl) $(PTYFUNCS_LIBS) $(LIBUUID_LIBS)
++@@ -256,7 +258,7 @@ libxenlight.so: libxenlight-$(PACKAGE_VE
++ $(SYMLINK_SHLIB) $< $@
++
++ libxenlight-$(PACKAGE_VERSION).so: $(LIBXL_OBJS)
++- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXL_LIBS) $(APPEND_LDFLAGS)
+++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(LDFLAGS_LIBXL) $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXL_LIBS) $(APPEND_LDFLAGS)
++
++ libxenlight_test.so: $(LIBXL_OBJS) $(LIBXL_TEST_OBJS)
++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXL_LIBS) $(APPEND_LDFLAGS)
++@@ -274,7 +276,7 @@ libxlutil.a: $(LIBXLU_OBJS)
++ $(AR) rcs libxlutil.a $^
++
++ xl: $(XL_OBJS) libxlutil.so libxenlight.so
++- $(CC) $(LDFLAGS) -o $@ $(XL_OBJS) libxlutil.so $(LDLIBS_libxenlight) $(LDLIBS_libxentoollog) -lyajl $(APPEND_LDFLAGS)
+++ $(CC) $(LDFLAGS) $(LDFLAGS_XL) -o $@ $(XL_OBJS) libxlutil.so $(LDLIBS_libxenlight) $(LDLIBS_libxentoollog) -lyajl $(APPEND_LDFLAGS)
++
++ test_%: test_%.o test_common.o libxlutil.so libxenlight_test.so
++ $(CC) $(LDFLAGS) -o $@ $^ $(filter-out %libxenlight.so, $(LDLIBS_libxenlight)) $(LDLIBS_libxentoollog) -lyajl $(APPEND_LDFLAGS)
++@@ -291,13 +293,12 @@ $(PKG_CONFIG): % : %.in Makefile
++
++ .PHONY: install
++ install: all
++- $(INSTALL_DIR) $(DESTDIR)$(sbindir)
++ $(INSTALL_DIR) $(DESTDIR)$(libdir)
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)
++ $(INSTALL_DIR) $(DESTDIR)$(BASH_COMPLETION_DIR)
++ $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN)
++ $(INSTALL_DIR) $(DESTDIR)$(PKG_INSTALLDIR)
++- $(INSTALL_PROG) xl $(DESTDIR)$(sbindir)
+++ $(INSTALL_PROG) xl $(DESTDIR)$(LIBEXEC_BIN)
++ $(INSTALL_PROG) libxl-save-helper $(DESTDIR)$(LIBEXEC_BIN)
++ $(INSTALL_SHLIB) libxenlight-$(PACKAGE_VERSION).so $(DESTDIR)$(libdir)
++ $(SYMLINK_SHLIB) libxenlight-$(PACKAGE_VERSION).so $(DESTDIR)$(libdir)/libxenlight.so
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:46:59 +0200
++X-Dgit-Generated: 4.8.1-1 92bd9e6a61c01d45b42463d3097f87935167e731
++Subject: tools-misc-prefix.diff
++
++Patch-Name: tools-misc-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/tools/misc/Makefile
+++++ xen-4.8.1/tools/misc/Makefile
++@@ -54,12 +54,8 @@ all build: $(TARGETS_BUILD)
++
++ .PHONY: install
++ install: build
++- $(INSTALL_DIR) $(DESTDIR)$(bindir)
++- $(INSTALL_DIR) $(DESTDIR)$(sbindir)
++ $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN)
++- $(INSTALL_PYTHON_PROG) $(INSTALL_BIN) $(DESTDIR)$(bindir)
++- $(INSTALL_PYTHON_PROG) $(INSTALL_SBIN) $(DESTDIR)$(sbindir)
++- $(INSTALL_PYTHON_PROG) $(INSTALL_PRIVBIN) $(DESTDIR)$(LIBEXEC_BIN)
+++ $(INSTALL_PYTHON_PROG) $(INSTALL_BIN) $(INSTALL_SBIN) $(INSTALL_PRIVBIN) $(DESTDIR)$(LIBEXEC_BIN)
++
++ .PHONY: clean
++ clean:
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:47:01 +0200
++X-Dgit-Generated: 4.8.1-1 e11fc351a6d75288200f781c656599ec3547c484
++Subject: tools-pygrub-prefix.diff
++
++Patch-Name: tools-pygrub-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/tools/pygrub/Makefile
+++++ xen-4.8.1/tools/pygrub/Makefile
++@@ -16,11 +16,6 @@ install: all
++ CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDFLAGS="$(PY_LDFLAGS)" $(PYTHON) \
++ setup.py install $(PYTHON_PREFIX_ARG) --root="$(DESTDIR)" \
++ --install-scripts=$(LIBEXEC_BIN) --force
++- set -e; if [ $(bindir) != $(LIBEXEC_BIN) -a \
++- "`readlink -f $(DESTDIR)/$(bindir)`" != \
++- "`readlink -f $(LIBEXEC_BIN)`" ]; then \
++- ln -sf $(LIBEXEC_BIN)/pygrub $(DESTDIR)/$(bindir); \
++- fi
++
++ .PHONY: clean
++ clean:
++--- xen-4.8.1.orig/tools/pygrub/setup.py
+++++ xen-4.8.1/tools/pygrub/setup.py
++@@ -4,11 +4,13 @@ import os
++ import sys
++
++ extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ]
+++extra_link_args = [ "-Wl,-rpath,${ORIGIN}/.." ]
++
++ XEN_ROOT = "../.."
++
++ fsimage = Extension("fsimage",
++ extra_compile_args = extra_compile_args,
+++ extra_link_args = extra_link_args,
++ include_dirs = [ XEN_ROOT + "/tools/libfsimage/common/" ],
++ library_dirs = [ XEN_ROOT + "/tools/libfsimage/common/" ],
++ libraries = ["fsimage"],
++--- xen-4.8.1.orig/tools/pygrub/src/pygrub
+++++ xen-4.8.1/tools/pygrub/src/pygrub
++@@ -21,6 +21,8 @@ import xen.lowlevel.xc
++ import curses, _curses, curses.wrapper, curses.textpad, curses.ascii
++ import getopt
++
+++sys.path.insert(1, sys.path[0] + '/../lib/python')
+++
++ import fsimage
++ import grub.GrubConf
++ import grub.LiloConf
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:47:29 +0200
++X-Dgit-Generated: 4.8.1-1 00315ed8c451173d0d212d55a831023166f3b212
++Subject: Remove static solaris support from pygrub
++
++Patch-Name: tools-pygrub-remove-static-solaris-support
++
++---
++
++--- xen-4.8.1.orig/tools/pygrub/src/pygrub
+++++ xen-4.8.1/tools/pygrub/src/pygrub
++@@ -16,7 +16,6 @@ import os, sys, string, struct, tempfile
++ import copy
++ import logging
++ import platform
++-import xen.lowlevel.xc
++
++ import curses, _curses, curses.wrapper, curses.textpad, curses.ascii
++ import getopt
++@@ -668,51 +667,6 @@ def run_grub(file, entry, fs, cfg_args):
++
++ return grubcfg
++
++-def supports64bitPVguest():
++- xc = xen.lowlevel.xc.xc()
++- caps = xc.xeninfo()['xen_caps'].split(" ")
++- for cap in caps:
++- if cap == "xen-3.0-x86_64":
++- return True
++- return False
++-
++-# If nothing has been specified, look for a Solaris domU. If found, perform the
++-# necessary tweaks.
++-def sniff_solaris(fs, cfg):
++- if not fs.file_exists("/platform/i86xpv/kernel/unix") and \
++- not fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
++- return cfg
++-
++- if not cfg["kernel"]:
++- if supports64bitPVguest() and \
++- fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
++- cfg["kernel"] = "/platform/i86xpv/kernel/amd64/unix"
++- cfg["ramdisk"] = "/platform/i86pc/amd64/boot_archive"
++- elif fs.file_exists("/platform/i86xpv/kernel/unix"):
++- cfg["kernel"] = "/platform/i86xpv/kernel/unix"
++- cfg["ramdisk"] = "/platform/i86pc/boot_archive"
++- else:
++- return cfg
++-
++- # Unpleasant. Typically we'll have 'root=foo -k' or 'root=foo /kernel -k',
++- # and we need to maintain Xen properties (root= and ip=) and the kernel
++- # before any user args.
++-
++- xenargs = ""
++- userargs = ""
++-
++- if not cfg["args"]:
++- cfg["args"] = cfg["kernel"]
++- else:
++- for arg in cfg["args"].split():
++- if re.match("^root=", arg) or re.match("^ip=", arg):
++- xenargs += arg + " "
++- elif arg != cfg["kernel"]:
++- userargs += arg + " "
++- cfg["args"] = xenargs + " " + cfg["kernel"] + " " + userargs
++-
++- return cfg
++-
++ def sniff_netware(fs, cfg):
++ if not fs.file_exists("/nwserver/xnloader.sys"):
++ return cfg
++@@ -901,10 +855,7 @@ if __name__ == "__main__":
++ try:
++ fs = fsimage.open(file, offset, bootfsoptions)
++
++- chosencfg = sniff_solaris(fs, incfg)
++-
++- if not chosencfg["kernel"]:
++- chosencfg = sniff_netware(fs, incfg)
+++ chosencfg = sniff_netware(fs, incfg)
++
++ if not chosencfg["kernel"]:
++ chosencfg = run_grub(file, entry, fs, incfg["args"])
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:47:02 +0200
++X-Dgit-Generated: 4.8.1-1 5ea3aead5ce755e99c1e811dc3bdf74cec9e991f
++Subject: tools-python-prefix.diff
++
++Patch-Name: tools-python-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/tools/python/setup.py
+++++ xen-4.8.1/tools/python/setup.py
++@@ -5,6 +5,7 @@ import os, sys
++ XEN_ROOT = "../.."
++
++ extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ]
+++extra_link_args = [ "-Wl,-rpath,${ORIGIN}/../../.." ]
++
++ PATH_XEN = XEN_ROOT + "/tools/include"
++ PATH_LIBXENTOOLLOG = XEN_ROOT + "/tools/libs/toollog"
++@@ -23,11 +24,12 @@ xc = Extension("xc",
++ library_dirs = [ PATH_LIBXC ],
++ libraries = [ "xenctrl", "xenguest" ],
++ depends = [ PATH_LIBXC + "/libxenctrl.so", PATH_LIBXC + "/libxenguest.so" ],
++- extra_link_args = [ "-Wl,-rpath-link="+PATH_LIBXENTOOLLOG ],
+++ extra_link_args = extra_link_args + [ "-Wl,-rpath-link="+PATH_LIBXENTOOLLOG ],
++ sources = [ "xen/lowlevel/xc/xc.c" ])
++
++ xs = Extension("xs",
++ extra_compile_args = extra_compile_args,
+++ extra_link_args = extra_link_args,
++ include_dirs = [ PATH_XEN, PATH_XENSTORE + "/include", "xen/lowlevel/xs" ],
++ library_dirs = [ PATH_XENSTORE ],
++ libraries = [ "xenstore" ],
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:46:51 +0200
++X-Dgit-Generated: 4.8.1-1 31f508fde90e729a0f734dc00d0c75213f075a2e
++Subject: tools-rpath.diff
++
++Patch-Name: tools-rpath.diff
++
++---
++
++--- xen-4.8.1.orig/tools/Rules.mk
+++++ xen-4.8.1/tools/Rules.mk
++@@ -9,6 +9,8 @@ include $(XEN_ROOT)/Config.mk
++ export _INSTALL := $(INSTALL)
++ INSTALL = $(XEN_ROOT)/tools/cross-install
++
+++LDFLAGS_RPATH = -Wl,-rpath,'$${ORIGIN}$(if $(1),/$(1))'
+++
++ XEN_INCLUDE = $(XEN_ROOT)/tools/include
++ XEN_LIBXENTOOLLOG = $(XEN_ROOT)/tools/libs/toollog
++ XEN_LIBXENEVTCHN = $(XEN_ROOT)/tools/libs/evtchn
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:47:05 +0200
++X-Dgit-Generated: 4.8.1-1 845c9126f103d039326ba1cc06575de8a2d32d39
++Subject: tools-xcutils-rpath.diff
++
++Patch-Name: tools-xcutils-rpath.diff
++
++---
++
++--- xen-4.8.1.orig/tools/xcutils/Makefile
+++++ xen-4.8.1/tools/xcutils/Makefile
++@@ -19,6 +19,8 @@ CFLAGS += -Werror
++ CFLAGS_readnotes.o := $(CFLAGS_libxenevtchn) $(CFLAGS_libxenctrl) $(CFLAGS_libxenguest) -I$(XEN_ROOT)/tools/libxc $(CFLAGS_libxencall)
++ CFLAGS_lsevtchn.o := $(CFLAGS_libxenevtchn) $(CFLAGS_libxenctrl)
++
+++APPEND_LDFLAGS += $(call LDFLAGS_RPATH,../lib)
+++
++ .PHONY: all
++ all: build
++
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:47:31 +0200
++X-Dgit-Generated: 4.8.1-1 75dded97d0701561959c2fab12f0328058078b40
++Subject: tools-xenmon-install.diff
++
++Patch-Name: tools-xenmon-install.diff
++
++---
++
++--- xen-4.8.1.orig/tools/xenmon/Makefile
+++++ xen-4.8.1/tools/xenmon/Makefile
++@@ -13,6 +13,10 @@
++ XEN_ROOT=$(CURDIR)/../..
++ include $(XEN_ROOT)/tools/Rules.mk
++
+++DEFAULT_PYTHON_PATH := $(shell $(XEN_ROOT)/tools/python/get-path)
+++PYTHON_PATH ?= $(DEFAULT_PYTHON_PATH)
+++INSTALL_PYTHON_PROG = $(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH)" $(INSTALL_PROG)
+++
++ CFLAGS += -Werror
++ CFLAGS += $(CFLAGS_libxenevtchn)
++ CFLAGS += $(CFLAGS_libxenctrl)
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:47:06 +0200
++X-Dgit-Generated: 4.8.1-1 3c1dc49f92bcdb9e031a419f3c0014b57fcb96a9
++Subject: tools-xenmon-prefix.diff
++
++Patch-Name: tools-xenmon-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/tools/xenmon/Makefile
+++++ xen-4.8.1/tools/xenmon/Makefile
++@@ -18,6 +18,7 @@ CFLAGS += $(CFLAGS_libxenevtchn)
++ CFLAGS += $(CFLAGS_libxenctrl)
++ LDLIBS += $(LDLIBS_libxenctrl)
++ LDLIBS += $(LDLIBS_libxenevtchn)
+++LDFLAGS += $(call LDFLAGS_RPATH,../lib)
++
++ SCRIPTS = xenmon.py
++
++@@ -29,10 +30,10 @@ build: xentrace_setmask xenbaked
++
++ .PHONY: install
++ install: build
++- $(INSTALL_DIR) $(DESTDIR)$(sbindir)
++- $(INSTALL_PROG) xenbaked $(DESTDIR)$(sbindir)/xenbaked
++- $(INSTALL_PROG) xentrace_setmask $(DESTDIR)$(sbindir)/xentrace_setmask
++- $(INSTALL_PROG) xenmon.py $(DESTDIR)$(sbindir)/xenmon.py
+++ $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN)
+++ $(INSTALL_PROG) xenbaked $(DESTDIR)$(LIBEXEC_BIN)/xenbaked
+++ $(INSTALL_PROG) xentrace_setmask $(DESTDIR)$(LIBEXEC_BIN)/xentrace_setmask
+++ $(INSTALL_PROG) xenmon.py $(DESTDIR)$(LIBEXEC_BIN)/xenmon.py
++
++ .PHONY: clean
++ clean:
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:47:08 +0200
++X-Dgit-Generated: 4.8.1-1 6b66a39ea6db832a88d94c4d8e256f77e08fe1a3
++Subject: tools-xenpaging-prefix.diff
++
++Patch-Name: tools-xenpaging-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/tools/xenpaging/Makefile
+++++ xen-4.8.1/tools/xenpaging/Makefile
++@@ -4,7 +4,7 @@ include $(XEN_ROOT)/tools/Rules.mk
++ # xenpaging.c and file_ops.c incorrectly use libxc internals
++ CFLAGS += $(CFLAGS_libxentoollog) $(CFLAGS_libxenevtchn) $(CFLAGS_libxenctrl) $(CFLAGS_libxenstore) $(PTHREAD_CFLAGS) -I$(XEN_ROOT)/tools/libxc $(CFLAGS_libxencall)
++ LDLIBS += $(LDLIBS_libxentoollog) $(LDLIBS_libxenevtchn) $(LDLIBS_libxenctrl) $(LDLIBS_libxenstore) $(PTHREAD_LIBS)
++-LDFLAGS += $(PTHREAD_LDFLAGS)
+++LDFLAGS += $(PTHREAD_LDFLAGS) $(call LDFLAGS_RPATH,../lib)
++
++ POLICY = default
++
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 13 Dec 2014 19:37:02 +0100
++X-Dgit-Generated: 4.8.1-1 abbd6a5b077ff2f14d6e715c7f342f02f3b78ef8
++Subject: tools-xenpmd-prefix.diff
++
++Patch-Name: tools-xenpmd-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/tools/xenpmd/Makefile
+++++ xen-4.8.1/tools/xenpmd/Makefile
++@@ -11,8 +11,8 @@ all: xenpmd
++
++ .PHONY: install
++ install: all
++- $(INSTALL_DIR) $(DESTDIR)$(sbindir)
++- $(INSTALL_PROG) xenpmd $(DESTDIR)$(sbindir)
+++ $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN)
+++ $(INSTALL_PROG) xenpmd $(DESTDIR)$(LIBEXEC_BIN)
++
++ .PHONY: clean
++ clean:
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:46:50 +0200
++X-Dgit-Generated: 4.8.1-1 a968429393f380a5bf1eab604bd1720f31369fcd
++Subject: tools-xenstat-abiname.diff
++
++Patch-Name: tools-xenstat-abiname.diff
++
++---
++
++--- xen-4.8.1.orig/tools/xenstat/libxenstat/Makefile
+++++ xen-4.8.1/tools/xenstat/libxenstat/Makefile
++@@ -18,18 +18,14 @@ include $(XEN_ROOT)/tools/Rules.mk
++ LDCONFIG=ldconfig
++ MAKE_LINK=ln -sf
++
++-MAJOR=0
++-MINOR=0
++-
++ LIB=src/libxenstat.a
++-SHLIB=src/libxenstat.so.$(MAJOR).$(MINOR)
++-SHLIB_LINKS=src/libxenstat.so.$(MAJOR) src/libxenstat.so
++-OBJECTS-y=src/xenstat.o src/xenstat_qmp.o
+++SHLIB=src/libxenstat.so
+++OBJECTS-y=src/xenstat.o
++ OBJECTS-$(CONFIG_Linux) += src/xenstat_linux.o
++ OBJECTS-$(CONFIG_SunOS) += src/xenstat_solaris.o
++ OBJECTS-$(CONFIG_NetBSD) += src/xenstat_netbsd.o
++ OBJECTS-$(CONFIG_FreeBSD) += src/xenstat_freebsd.o
++-SONAME_FLAGS=-Wl,$(SONAME_LDFLAG) -Wl,libxenstat.so.$(MAJOR)
+++SONAME_FLAGS=-Wl,$(SONAME_LDFLAG),libxenstat.so
++
++ CFLAGS+=-fPIC
++ CFLAGS+=-Isrc $(CFLAGS_libxenctrl) $(CFLAGS_libxenstore) $(CFLAGS_xeninclude) -include $(XEN_ROOT)/tools/config.h
++@@ -38,7 +34,7 @@ LDLIBS-y = $(LDLIBS_libxenstore) $(LDLIB
++ LDLIBS-$(CONFIG_SunOS) += -lkstat
++
++ .PHONY: all
++-all: $(LIB) $(SHLIB) $(SHLIB_LINKS)
+++all: $(LIB) $(SHLIB)
++
++ $(OBJECTS-y): src/_paths.h
++
++@@ -50,19 +46,11 @@ $(SHLIB): $(OBJECTS-y)
++ $(CC) $(LDFLAGS) $(SONAME_FLAGS) $(SHLIB_LDFLAGS) -o $@ \
++ $(OBJECTS-y) $(LDLIBS-y) $(APPEND_LDFLAGS)
++
++-src/libxenstat.so.$(MAJOR): $(SHLIB)
++- $(MAKE_LINK) $(<F) $@
++-
++-src/libxenstat.so: src/libxenstat.so.$(MAJOR)
++- $(MAKE_LINK) $(<F) $@
++-
++ .PHONY: install
++ install: all
++ $(INSTALL_DATA) src/xenstat.h $(DESTDIR)$(includedir)
++ $(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/libxenstat.a
++- $(INSTALL_PROG) src/libxenstat.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
++- ln -sf libxenstat.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenstat.so.$(MAJOR)
++- ln -sf libxenstat.so.$(MAJOR) $(DESTDIR)$(libdir)/libxenstat.so
+++ $(INSTALL_PROG) src/libxenstat.so $(DESTDIR)$(libdir)
++
++ PYLIB=bindings/swig/python/_xenstat.so
++ PYMOD=bindings/swig/python/xenstat.py
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:47:09 +0200
++X-Dgit-Generated: 4.8.1-1 fa062a38ebfa9a8d1e52ee698c72aff4cb39e969
++Subject: tools-xenstat-prefix.diff
++
++Patch-Name: tools-xenstat-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/tools/xenstat/libxenstat/Makefile
+++++ xen-4.8.1/tools/xenstat/libxenstat/Makefile
++@@ -20,7 +20,7 @@ MAKE_LINK=ln -sf
++
++ LIB=src/libxenstat.a
++ SHLIB=src/libxenstat.so
++-OBJECTS-y=src/xenstat.o
+++OBJECTS-y=src/xenstat.o src/xenstat_qmp.o
++ OBJECTS-$(CONFIG_Linux) += src/xenstat_linux.o
++ OBJECTS-$(CONFIG_SunOS) += src/xenstat_solaris.o
++ OBJECTS-$(CONFIG_NetBSD) += src/xenstat_netbsd.o
++@@ -48,9 +48,11 @@ $(SHLIB): $(OBJECTS-y)
++
++ .PHONY: install
++ install: all
+++ $(INSTALL_DIR) $(DESTDIR)$(includedir)
+++ $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_LIB)
++ $(INSTALL_DATA) src/xenstat.h $(DESTDIR)$(includedir)
++ $(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/libxenstat.a
++- $(INSTALL_PROG) src/libxenstat.so $(DESTDIR)$(libdir)
+++ $(INSTALL_PROG) src/libxenstat.so $(DESTDIR)$(LIBEXEC_LIB)
++
++ PYLIB=bindings/swig/python/_xenstat.so
++ PYMOD=bindings/swig/python/xenstat.py
++--- xen-4.8.1.orig/tools/xenstat/xentop/Makefile
+++++ xen-4.8.1/tools/xenstat/xentop/Makefile
++@@ -19,7 +19,9 @@ all install xentop:
++ else
++
++ CFLAGS += -DGCC_PRINTF -Werror $(CFLAGS_libxenstat)
+++LDFLAGS += $(call LDFLAGS_RPATH,../lib)
++ LDLIBS += $(LDLIBS_libxenstat) $(CURSES_LIBS) $(TINFO_LIBS) $(SOCKET_LIBS) -lm -lyajl
+++LDLIBS += $(LDLIBS_libxenctrl) $(LDLIBS_libxenstore)
++ CFLAGS += -DHOST_$(XEN_OS)
++
++ # Include configure output (config.h)
++@@ -31,8 +33,8 @@ all: xentop
++
++ .PHONY: install
++ install: xentop
++- $(INSTALL_DIR) $(DESTDIR)$(sbindir)
++- $(INSTALL_PROG) xentop $(DESTDIR)$(sbindir)/xentop
+++ $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN)
+++ $(INSTALL_PROG) xentop $(DESTDIR)$(LIBEXEC_BIN)/xentop
++
++ endif
++
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:47:36 +0200
++X-Dgit-Generated: 4.8.1-1 e0deca5e873be2aeb99ad58aed95eaa9c7c8ce35
++Subject: tools-xenstore-compatibility.diff
++
++Patch-Name: tools-xenstore-compatibility.diff
++
++---
++
++--- xen-4.8.1.orig/tools/xenstore/include/xenstore.h
+++++ xen-4.8.1/tools/xenstore/include/xenstore.h
++@@ -25,6 +25,7 @@
++
++ #define XS_OPEN_READONLY 1UL<<0
++ #define XS_OPEN_SOCKETONLY 1UL<<1
+++#define XS_OPEN_DOMAINONLY 1UL<<2
++
++ /*
++ * Setting XS_UNWATCH_FILTER arranges that after xs_unwatch, no
++--- xen-4.8.1.orig/tools/xenstore/xenstore_client.c
+++++ xen-4.8.1/tools/xenstore/xenstore_client.c
++@@ -636,7 +636,7 @@ main(int argc, char **argv)
++ max_width = ws.ws_col - 2;
++ }
++
++- xsh = xs_open(socket ? XS_OPEN_SOCKETONLY : 0);
+++ xsh = xs_open(socket ? XS_OPEN_SOCKETONLY : XS_OPEN_DOMAINONLY);
++ if (xsh == NULL) err(1, "xs_open");
++
++ again:
++--- xen-4.8.1.orig/tools/xenstore/xs.c
+++++ xen-4.8.1/tools/xenstore/xs.c
++@@ -281,17 +281,19 @@ struct xs_handle *xs_daemon_open_readonl
++
++ struct xs_handle *xs_domain_open(void)
++ {
++- return xs_open(0);
+++ return xs_open(XS_OPEN_DOMAINONLY);
++ }
++
++ struct xs_handle *xs_open(unsigned long flags)
++ {
++ struct xs_handle *xsh = NULL;
++
+++ if (!(flags & XS_OPEN_DOMAINONLY)) {
++ if (flags & XS_OPEN_READONLY)
++ xsh = get_handle(xs_daemon_socket_ro());
++ else
++ xsh = get_handle(xs_daemon_socket());
+++ }
++
++ if (!xsh && !(flags & XS_OPEN_SOCKETONLY))
++ xsh = get_handle(xs_domain_dev());
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:47:12 +0200
++X-Dgit-Generated: 4.8.1-1 dda6e65fe8f36391534f781ebdf0bc9f9e58192a
++Subject: tools-xenstore-prefix.diff
++
++Patch-Name: tools-xenstore-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/tools/helpers/Makefile
+++++ xen-4.8.1/tools/helpers/Makefile
++@@ -31,7 +31,7 @@ xen-init-dom0: $(XEN_INIT_DOM0_OBJS)
++ $(INIT_XENSTORE_DOMAIN_OBJS): _paths.h
++
++ init-xenstore-domain: $(INIT_XENSTORE_DOMAIN_OBJS)
++- $(CC) $(LDFLAGS) -o $@ $(INIT_XENSTORE_DOMAIN_OBJS) $(LDLIBS_libxentoollog) $(LDLIBS_libxenstore) $(LDLIBS_libxenctrl) $(LDLIBS_libxenguest) $(LDLIBS_libxenlight) $(APPEND_LDFLAGS)
+++ $(CC) $(LDFLAGS) -o $@ $(INIT_XENSTORE_DOMAIN_OBJS) $(LDLIBS_libxentoollog) $(LDLIBS_libxenstore) $(LDLIBS_libxenctrl) $(LDLIBS_libxenguest) $(LDLIBS_libxenlight) $(call LDFLAGS_RPATH,../lib) $(APPEND_LDFLAGS)
++
++ .PHONY: install
++ install: all
++--- xen-4.8.1.orig/tools/xenstore/Makefile
+++++ xen-4.8.1/tools/xenstore/Makefile
++@@ -20,6 +20,8 @@ LDFLAGS-$(CONFIG_SYSTEMD) += $(SYSTEMD_L
++ CFLAGS += $(CFLAGS-y)
++ LDFLAGS += $(LDFLAGS-y)
++
+++LDFLAGS_libxenctrl += $(call LDFLAGS_RPATH,../lib)
+++
++ CLIENTS := xenstore-exists xenstore-list xenstore-read xenstore-rm xenstore-chmod
++ CLIENTS += xenstore-write xenstore-ls xenstore-watch
++
++@@ -74,7 +76,7 @@ endif
++ $(XENSTORED_OBJS): CFLAGS += $(CFLAGS_libxengnttab)
++
++ xenstored: $(XENSTORED_OBJS)
++- $(CC) $^ $(LDFLAGS) $(LDLIBS_libxenevtchn) $(LDLIBS_libxengnttab) $(LDLIBS_libxenctrl) $(LDLIBS_xenstored) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
+++ $(CC) $^ $(LDFLAGS) $(LDLIBS_libxenevtchn) $(LDLIBS_libxengnttab) $(LDLIBS_libxenctrl) $(SOCKET_LIBS) $(LDLIBS_xenstored) $(call LDFLAGS_RPATH,../lib) -o $@ $(APPEND_LDFLAGS)
++
++ xenstored.a: $(XENSTORED_OBJS)
++ $(AR) cr $@ $^
++@@ -127,13 +129,13 @@ tarball: clean
++ install: all
++ $(INSTALL_DIR) $(DESTDIR)$(bindir)
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)
+++ $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN)
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)/xenstore-compat
++ ifeq ($(XENSTORE_XENSTORED),y)
++- $(INSTALL_DIR) $(DESTDIR)$(sbindir)
++ $(INSTALL_DIR) $(DESTDIR)$(XEN_LIB_STORED)
++- $(INSTALL_PROG) xenstored $(DESTDIR)$(sbindir)
+++ $(INSTALL_PROG) xenstored $(DESTDIR)$(LIBEXEC_BIN)
++ endif
++- $(INSTALL_PROG) xenstore-control $(DESTDIR)$(bindir)
+++ $(INSTALL_PROG) xenstore-control $(DESTDIR)$(LIBEXEC_BIN)
++ $(INSTALL_PROG) xenstore $(DESTDIR)$(bindir)
++ set -e ; for c in $(CLIENTS) ; do \
++ ln -f $(DESTDIR)$(bindir)/xenstore $(DESTDIR)$(bindir)/$${c} ; \
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:47:14 +0200
++X-Dgit-Generated: 4.8.1-1 bded2269fb168938a662711d0a632d9d644bfc30
++Subject: tools-xentrace-prefix.diff
++
++Patch-Name: tools-xentrace-prefix.diff
++
++---
++
++--- xen-4.8.1.orig/tools/xentrace/Makefile
+++++ xen-4.8.1/tools/xentrace/Makefile
++@@ -8,6 +8,7 @@ CFLAGS += $(CFLAGS_libxenctrl)
++ LDLIBS += $(LDLIBS_libxenevtchn)
++ LDLIBS += $(LDLIBS_libxenctrl)
++ LDLIBS += $(ARGP_LDFLAGS)
+++LDFLAGS += $(call LDFLAGS_RPATH,../lib)
++
++ BIN-$(CONFIG_X86) = xenalyze
++ BIN = $(BIN-y)
++@@ -23,15 +24,9 @@ build: $(BIN) $(SBIN) $(LIBBIN)
++
++ .PHONY: install
++ install: build
++- $(INSTALL_DIR) $(DESTDIR)$(bindir)
++- $(INSTALL_DIR) $(DESTDIR)$(sbindir)
++- [ -z "$(LIBBIN)" ] || $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN)
++-ifneq ($(BIN),)
++- $(INSTALL_PROG) $(BIN) $(DESTDIR)$(bindir)
++-endif
++- $(INSTALL_PROG) $(SBIN) $(DESTDIR)$(sbindir)
++- $(INSTALL_PYTHON_PROG) $(SCRIPTS) $(DESTDIR)$(bindir)
++- [ -z "$(LIBBIN)" ] || $(INSTALL_PROG) $(LIBBIN) $(DESTDIR)$(LIBEXEC_BIN)
+++ $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN)
+++ $(INSTALL_PROG) $(BIN) $(SBIN) $(LIBBIN) $(DESTDIR)$(LIBEXEC_BIN)
+++ $(INSTALL_PYTHON_PROG) $(SCRIPTS) $(DESTDIR)$(LIBEXEC_BIN)
++
++ .PHONY: clean
++ clean:
--- /dev/null
--- /dev/null
++From: Ian Jackson <ian.jackson@citrix.com>
++Date: Tue, 1 Nov 2016 16:20:27 +0000
++X-Dgit-Generated: 4.8.1-1 0b669a48e4ac450fded811b1ea297d644044d179
++Subject: tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc on x86_32
++
++The current build fails with GCC6 on Debian sid i386 (unstable):
++
++ /tmp/ccqjaueF.s: Assembler messages:
++ /tmp/ccqjaueF.s:3713: Error: missing or invalid displacement expression `vmovd_to_reg_len@GOT'
++
++This is due to the combination of GCC6, and Debian's decision to
++enable some hardening flags by default (to try to make runtime
++addresses less predictable):
++ https://wiki.debian.org/Hardening/PIEByDefaultTransition
++
++This is of no benefit for the x86 instruction emulator test, which is
++a rebuild of the emulator code for testing purposes only. So pass
++options to disable this.
++
++These options will be no-ops if they are the same as the compiler
++default.
++
++On amd64, the -fno-pic breaks the build in a different way. So do
++this only on i386.
++
++Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
++CC: Jan Beulich <jbeulich@suse.com>
++CC: Andrew Cooper <andrew.cooper3@citrix.com>
++
++squash! tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc
++
++Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
++
++---
++
++--- xen-4.8.1.orig/tools/tests/x86_emulator/Makefile
+++++ xen-4.8.1/tools/tests/x86_emulator/Makefile
++@@ -45,6 +45,10 @@ x86_emulate/x86_emulate.c x86_emulate/x8
++
++ HOSTCFLAGS += $(CFLAGS_xeninclude)
++
+++ifeq ($(XEN_TARGET_ARCH),x86_32)
+++HOSTCFLAGS += -no-pie -fno-pic
+++endif
+++
++ x86_emulate.o: x86_emulate.c x86_emulate/x86_emulate.c x86_emulate/x86_emulate.h
++ $(HOSTCC) $(HOSTCFLAGS) -c -g -o $@ $<
++
--- /dev/null
--- /dev/null
++From: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++Date: Thu, 6 Oct 2016 14:24:46 +0100
++X-Dgit-Generated: 4.8.1-1 a80895b1222bf96c423953a78171ca38ee847a9f
++Subject: ubuntu-tools-libs-abiname
++
++
++---
++
++--- xen-4.8.1.orig/tools/libs/call/Makefile
+++++ xen-4.8.1/tools/libs/call/Makefile
++@@ -39,22 +39,22 @@ headers.chk: $(wildcard include/*.h)
++ libxencall.a: $(LIB_OBJS)
++ $(AR) rc $@ $^
++
++-libxencall.so: libxencall.so.$(MAJOR)
+++libxencall.so: libxencall-$(PACKAGE_VERSION).so.$(MAJOR)
++ $(SYMLINK_SHLIB) $< $@
++-libxencall.so.$(MAJOR): libxencall.so.$(MAJOR).$(MINOR)
+++libxencall-$(PACKAGE_VERSION).so.$(MAJOR): libxencall-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR)
++ $(SYMLINK_SHLIB) $< $@
++
++-libxencall.so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxencall.map
++- $(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxencall.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(APPEND_LDFLAGS)
+++libxencall-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxencall.map
+++ $(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxencall-$(PACKAGE_VERSION).so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(APPEND_LDFLAGS)
++
++ .PHONY: install
++ install: build
++ $(INSTALL_DIR) $(DESTDIR)$(libdir)
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)
++- $(INSTALL_SHLIB) libxencall.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
+++ $(INSTALL_SHLIB) libxencall-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
++ $(INSTALL_DATA) libxencall.a $(DESTDIR)$(libdir)
++- $(SYMLINK_SHLIB) libxencall.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxencall.so.$(MAJOR)
++- $(SYMLINK_SHLIB) libxencall.so.$(MAJOR) $(DESTDIR)$(libdir)/libxencall.so
+++ $(SYMLINK_SHLIB) libxencall-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxencall-$(PACKAGE_VERSION).so.$(MAJOR)
+++ $(SYMLINK_SHLIB) libxencall-$(PACKAGE_VERSION).so.$(MAJOR) $(DESTDIR)$(libdir)/libxencall.so
++ $(INSTALL_DATA) include/xencall.h $(DESTDIR)$(includedir)
++
++ .PHONY: TAGS
++@@ -64,7 +64,7 @@ TAGS:
++ .PHONY: clean
++ clean:
++ rm -rf *.rpm $(LIB) *~ $(DEPS) $(LIB_OBJS) $(PIC_OBJS)
++- rm -f libxencall.so.$(MAJOR).$(MINOR) libxencall.so.$(MAJOR)
+++ rm -f libxencall-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) libxencall-$(PACKAGE_VERSION).so.$(MAJOR)
++ rm -f headers.chk
++
++ .PHONY: distclean
++--- xen-4.8.1.orig/tools/libs/evtchn/Makefile
+++++ xen-4.8.1/tools/libs/evtchn/Makefile
++@@ -39,22 +39,22 @@ headers.chk: $(wildcard include/*.h)
++ libxenevtchn.a: $(LIB_OBJS)
++ $(AR) rc $@ $^
++
++-libxenevtchn.so: libxenevtchn.so.$(MAJOR)
+++libxenevtchn.so: libxenevtchn-$(PACKAGE_VERSION).so.$(MAJOR)
++ $(SYMLINK_SHLIB) $< $@
++-libxenevtchn.so.$(MAJOR): libxenevtchn.so.$(MAJOR).$(MINOR)
+++libxenevtchn-$(PACKAGE_VERSION).so.$(MAJOR): libxenevtchn-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR)
++ $(SYMLINK_SHLIB) $< $@
++
++-libxenevtchn.so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxenevtchn.map
++- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenevtchn.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(APPEND_LDFLAGS)
+++libxenevtchn-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxenevtchn.map
+++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenevtchn-$(PACKAGE_VERSION).so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(APPEND_LDFLAGS)
++
++ .PHONY: install
++ install: build
++ $(INSTALL_DIR) $(DESTDIR)$(libdir)
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)
++- $(INSTALL_SHLIB) libxenevtchn.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
+++ $(INSTALL_SHLIB) libxenevtchn-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
++ $(INSTALL_DATA) libxenevtchn.a $(DESTDIR)$(libdir)
++- $(SYMLINK_SHLIB) libxenevtchn.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenevtchn.so.$(MAJOR)
++- $(SYMLINK_SHLIB) libxenevtchn.so.$(MAJOR) $(DESTDIR)$(libdir)/libxenevtchn.so
+++ $(SYMLINK_SHLIB) libxenevtchn-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenevtchn-$(PACKAGE_VERSION).so.$(MAJOR)
+++ $(SYMLINK_SHLIB) libxenevtchn-$(PACKAGE_VERSION).so.$(MAJOR) $(DESTDIR)$(libdir)/libxenevtchn.so
++ $(INSTALL_DATA) include/xenevtchn.h $(DESTDIR)$(includedir)
++
++ .PHONY: TAGS
++@@ -64,7 +64,7 @@ TAGS:
++ .PHONY: clean
++ clean:
++ rm -rf *.rpm $(LIB) *~ $(DEPS) $(LIB_OBJS) $(PIC_OBJS)
++- rm -f libxenevtchn.so.$(MAJOR).$(MINOR) libxenevtchn.so.$(MAJOR)
+++ rm -f libxenevtchn-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) libxenevtchn-$(PACKAGE_VERSION).so.$(MAJOR)
++ rm -f headers.chk
++
++ .PHONY: distclean
++--- xen-4.8.1.orig/tools/libs/foreignmemory/Makefile
+++++ xen-4.8.1/tools/libs/foreignmemory/Makefile
++@@ -39,22 +39,22 @@ headers.chk: $(wildcard include/*.h)
++ libxenforeignmemory.a: $(LIB_OBJS)
++ $(AR) rc $@ $^
++
++-libxenforeignmemory.so: libxenforeignmemory.so.$(MAJOR)
+++libxenforeignmemory.so: libxenforeignmemory-$(PACKAGE_VERSION).so.$(MAJOR)
++ $(SYMLINK_SHLIB) $< $@
++-libxenforeignmemory.so.$(MAJOR): libxenforeignmemory.so.$(MAJOR).$(MINOR)
+++libxenforeignmemory-$(PACKAGE_VERSION).so.$(MAJOR): libxenforeignmemory-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR)
++ $(SYMLINK_SHLIB) $< $@
++
++-libxenforeignmemory.so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxenforeignmemory.map
++- $(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenforeignmemory.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(APPEND_LDFLAGS)
+++libxenforeignmemory-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxenforeignmemory.map
+++ $(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenforeignmemory-$(PACKAGE_VERSION).so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(APPEND_LDFLAGS)
++
++ .PHONY: install
++ install: build
++ $(INSTALL_DIR) $(DESTDIR)$(libdir)
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)
++- $(INSTALL_SHLIB) libxenforeignmemory.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
+++ $(INSTALL_SHLIB) libxenforeignmemory-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
++ $(INSTALL_DATA) libxenforeignmemory.a $(DESTDIR)$(libdir)
++- $(SYMLINK_SHLIB) libxenforeignmemory.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenforeignmemory.so.$(MAJOR)
++- $(SYMLINK_SHLIB) libxenforeignmemory.so.$(MAJOR) $(DESTDIR)$(libdir)/libxenforeignmemory.so
+++ $(SYMLINK_SHLIB) libxenforeignmemory-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenforeignmemory-$(PACKAGE_VERSION).so.$(MAJOR)
+++ $(SYMLINK_SHLIB) libxenforeignmemory-$(PACKAGE_VERSION).so.$(MAJOR) $(DESTDIR)$(libdir)/libxenforeignmemory.so
++ $(INSTALL_DATA) include/xenforeignmemory.h $(DESTDIR)$(includedir)
++
++ .PHONY: TAGS
++@@ -64,7 +64,7 @@ TAGS:
++ .PHONY: clean
++ clean:
++ rm -rf *.rpm $(LIB) *~ $(DEPS) $(LIB_OBJS) $(PIC_OBJS)
++- rm -f libxenforeignmemory.so.$(MAJOR).$(MINOR) libxenforeignmemory.so.$(MAJOR)
+++ rm -f libxenforeignmemory-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) libxenforeignmemory-$(PACKAGE_VERSION).so.$(MAJOR)
++ rm -f headers.chk
++
++ .PHONY: distclean
++--- xen-4.8.1.orig/tools/libs/gnttab/Makefile
+++++ xen-4.8.1/tools/libs/gnttab/Makefile
++@@ -41,22 +41,22 @@ headers.chk: $(wildcard include/*.h)
++ libxengnttab.a: $(LIB_OBJS)
++ $(AR) rc $@ $^
++
++-libxengnttab.so: libxengnttab.so.$(MAJOR)
+++libxengnttab.so: libxengnttab-$(PACKAGE_VERSION).so.$(MAJOR)
++ $(SYMLINK_SHLIB) $< $@
++-libxengnttab.so.$(MAJOR): libxengnttab.so.$(MAJOR).$(MINOR)
+++libxengnttab-$(PACKAGE_VERSION).so.$(MAJOR): libxengnttab-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR)
++ $(SYMLINK_SHLIB) $< $@
++
++-libxengnttab.so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxengnttab.map
++- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxengnttab.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(APPEND_LDFLAGS)
+++libxengnttab-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxengnttab.map
+++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxengnttab-$(PACKAGE_VERSION).so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(APPEND_LDFLAGS)
++
++ .PHONY: install
++ install: build
++ $(INSTALL_DIR) $(DESTDIR)$(libdir)
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)
++- $(INSTALL_SHLIB) libxengnttab.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
+++ $(INSTALL_SHLIB) libxengnttab-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
++ $(INSTALL_DATA) libxengnttab.a $(DESTDIR)$(libdir)
++- $(SYMLINK_SHLIB) libxengnttab.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxengnttab.so.$(MAJOR)
++- $(SYMLINK_SHLIB) libxengnttab.so.$(MAJOR) $(DESTDIR)$(libdir)/libxengnttab.so
+++ $(SYMLINK_SHLIB) libxengnttab-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxengnttab-$(PACKAGE_VERSION).so.$(MAJOR)
+++ $(SYMLINK_SHLIB) libxengnttab-$(PACKAGE_VERSION).so.$(MAJOR) $(DESTDIR)$(libdir)/libxengnttab.so
++ $(INSTALL_DATA) include/xengnttab.h $(DESTDIR)$(includedir)
++
++ .PHONY: TAGS
++@@ -66,7 +66,7 @@ TAGS:
++ .PHONY: clean
++ clean:
++ rm -rf *.rpm $(LIB) *~ $(DEPS) $(LIB_OBJS) $(PIC_OBJS)
++- rm -f libxengnttab.so.$(MAJOR).$(MINOR) libxengnttab.so.$(MAJOR)
+++ rm -f libxengnttab-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) libxengnttab-$(PACKAGE_VERSION).so.$(MAJOR)
++ rm -f headers.chk
++
++ .PHONY: distclean
++--- xen-4.8.1.orig/tools/libs/toollog/Makefile
+++++ xen-4.8.1/tools/libs/toollog/Makefile
++@@ -34,22 +34,22 @@ headers.chk: $(wildcard include/*.h)
++ libxentoollog.a: $(LIB_OBJS)
++ $(AR) rc $@ $^
++
++-libxentoollog.so: libxentoollog.so.$(MAJOR)
+++libxentoollog.so: libxentoollog-$(PACKAGE_VERSION).so.$(MAJOR)
++ $(SYMLINK_SHLIB) $< $@
++-libxentoollog.so.$(MAJOR): libxentoollog.so.$(MAJOR).$(MINOR)
+++libxentoollog-$(PACKAGE_VERSION).so.$(MAJOR): libxentoollog-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR)
++ $(SYMLINK_SHLIB) $< $@
++
++-libxentoollog.so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxentoollog.map
++- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxentoollog.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(APPEND_LDFLAGS)
+++libxentoollog-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxentoollog.map
+++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxentoollog-$(PACKAGE_VERSION).so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(APPEND_LDFLAGS)
++
++ .PHONY: install
++ install: build
++ $(INSTALL_DIR) $(DESTDIR)$(libdir)
++ $(INSTALL_DIR) $(DESTDIR)$(includedir)
++- $(INSTALL_SHLIB) libxentoollog.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
+++ $(INSTALL_SHLIB) libxentoollog-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
++ $(INSTALL_DATA) libxentoollog.a $(DESTDIR)$(libdir)
++- $(SYMLINK_SHLIB) libxentoollog.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxentoollog.so.$(MAJOR)
++- $(SYMLINK_SHLIB) libxentoollog.so.$(MAJOR) $(DESTDIR)$(libdir)/libxentoollog.so
+++ $(SYMLINK_SHLIB) libxentoollog-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxentoollog-$(PACKAGE_VERSION).so.$(MAJOR)
+++ $(SYMLINK_SHLIB) libxentoollog-$(PACKAGE_VERSION).so.$(MAJOR) $(DESTDIR)$(libdir)/libxentoollog.so
++ $(INSTALL_DATA) include/xentoollog.h $(DESTDIR)$(includedir)
++
++ .PHONY: TAGS
++@@ -59,7 +59,7 @@ TAGS:
++ .PHONY: clean
++ clean:
++ rm -rf *.rpm $(LIB) *~ $(DEPS) $(LIB_OBJS) $(PIC_OBJS)
++- rm -f libxentoollog.so.$(MAJOR).$(MINOR) libxentoollog.so.$(MAJOR)
+++ rm -f libxentoollog-$(PACKAGE_VERSION).so.$(MAJOR).$(MINOR) libxentoollog-$(PACKAGE_VERSION).so.$(MAJOR)
++ rm -f headers.chk
++
++ .PHONY: distclean
--- /dev/null
--- /dev/null
++From: Bastian Blank <waldi@debian.org>
++Date: Sat, 5 Jul 2014 11:46:43 +0200
++X-Dgit-Generated: 4.8.1-1 adc50830f6c334569f54255310fc489d139d542f
++Subject: version
++
++Patch-Name: version.diff
++
++---
++
++--- xen-4.8.1.orig/xen/Makefile
+++++ xen-4.8.1/xen/Makefile
++@@ -160,7 +160,7 @@ delete-unfresh-files:
++ @mv -f $@.tmp $@
++
++ # compile.h contains dynamic build info. Rebuilt on every 'make' invocation.
++-include/xen/compile.h: include/xen/compile.h.in .banner
+++include/xen/compile.h: include/xen/compile.h.in
++ @sed -e 's/@@date@@/$(XEN_BUILD_DATE)/g' \
++ -e 's/@@time@@/$(XEN_BUILD_TIME)/g' \
++ -e 's/@@whoami@@/$(XEN_WHOAMI)/g' \
++@@ -171,9 +171,11 @@ include/xen/compile.h: include/xen/compi
++ -e 's/@@subversion@@/$(XEN_SUBVERSION)/g' \
++ -e 's/@@extraversion@@/$(XEN_EXTRAVERSION)/g' \
++ -e 's!@@changeset@@!$(shell tools/scmversion $(XEN_ROOT) || echo "unavailable")!g' \
+++ -e 's/@@system_distribution@@/$(shell lsb_release -is)/g' \
+++ -e 's/@@system_maintainer_domain@@/$(shell cd ../../../..; dpkg-parsechangelog | sed -ne 's,^Maintainer: .[^<]*<[^@>]*@\([^>]*\)>,\1,p')/g' \
+++ -e 's/@@system_maintainer_local@@/$(shell cd ../../../..; dpkg-parsechangelog | sed -ne 's,^Maintainer: .[^<]*<\([^@>]*\)@.*>,\1,p')/g' \
+++ -e 's/@@system_version@@/$(shell cd ../../../..; dpkg-parsechangelog | awk '/^Version:/ {print $$2}')/g' \
++ < include/xen/compile.h.in > $@.new
++- @cat .banner
++- @$(PYTHON) tools/fig-to-oct.py < .banner >> $@.new
++ @mv -f $@.new $@
++
++ include/asm-$(TARGET_ARCH)/asm-offsets.h: arch/$(TARGET_ARCH)/asm-offsets.s
++--- xen-4.8.1.orig/xen/common/kernel.c
+++++ xen-4.8.1/xen/common/kernel.c
++@@ -252,8 +252,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDL
++
++ memset(&info, 0, sizeof(info));
++ safe_strcpy(info.compiler, deny ? xen_deny() : xen_compiler());
++- safe_strcpy(info.compile_by, deny ? xen_deny() : xen_compile_by());
++- safe_strcpy(info.compile_domain, deny ? xen_deny() : xen_compile_domain());
+++ safe_strcpy(info.compile_by, deny ? xen_deny() : xen_compile_system_maintainer_local());
+++ safe_strcpy(info.compile_domain, deny ? xen_deny() : xen_compile_system_maintainer_domain());
++ safe_strcpy(info.compile_date, deny ? xen_deny() : xen_compile_date());
++ if ( copy_to_guest(arg, &info, 1) )
++ return -EFAULT;
++--- xen-4.8.1.orig/xen/common/version.c
+++++ xen-4.8.1/xen/common/version.c
++@@ -20,19 +20,24 @@ const char *xen_compile_time(void)
++ return XEN_COMPILE_TIME;
++ }
++
++-const char *xen_compile_by(void)
+++const char *xen_compile_system_distribution(void)
++ {
++- return XEN_COMPILE_BY;
+++ return XEN_COMPILE_SYSTEM_DISTRIBUTION;
++ }
++
++-const char *xen_compile_domain(void)
+++const char *xen_compile_system_maintainer_local(void)
++ {
++- return XEN_COMPILE_DOMAIN;
+++ return XEN_COMPILE_SYSTEM_MAINTAINER_LOCAL;
++ }
++
++-const char *xen_compile_host(void)
+++const char *xen_compile_system_maintainer_domain(void)
++ {
++- return XEN_COMPILE_HOST;
+++ return XEN_COMPILE_SYSTEM_MAINTAINER_DOMAIN;
+++}
+++
+++const char *xen_compile_system_version(void)
+++{
+++ return XEN_COMPILE_SYSTEM_VERSION;
++ }
++
++ const char *xen_compiler(void)
++@@ -60,11 +65,6 @@ const char *xen_changeset(void)
++ return XEN_CHANGESET;
++ }
++
++-const char *xen_banner(void)
++-{
++- return XEN_BANNER;
++-}
++-
++ const char *xen_deny(void)
++ {
++ return "<denied>";
++--- xen-4.8.1.orig/xen/drivers/char/console.c
+++++ xen-4.8.1/xen/drivers/char/console.c
++@@ -732,14 +732,11 @@ void __init console_init_preirq(void)
++ serial_set_rx_handler(sercon_handle, serial_rx);
++
++ /* HELLO WORLD --- start-of-day banner text. */
++- spin_lock(&console_lock);
++- __putstr(xen_banner());
++- spin_unlock(&console_lock);
++- printk("Xen version %d.%d%s (%s@%s) (%s) debug=%c " gcov_string " %s\n",
+++ printk("Xen version %d.%d%s (%s %s) (%s@%s) (%s) debug=%c " gcov_string " %s\n",
++ xen_major_version(), xen_minor_version(), xen_extra_version(),
++- xen_compile_by(), xen_compile_domain(),
+++ xen_compile_system_distribution(), xen_compile_system_version(),
+++ xen_compile_system_maintainer_local(), xen_compile_system_maintainer_domain(),
++ xen_compiler(), debug_build() ? 'y' : 'n', xen_compile_date());
++- printk("Latest ChangeSet: %s\n", xen_changeset());
++
++ if ( opt_sync_console )
++ {
++--- xen-4.8.1.orig/xen/include/xen/compile.h.in
+++++ xen-4.8.1/xen/include/xen/compile.h.in
++@@ -1,8 +1,9 @@
++ #define XEN_COMPILE_DATE "@@date@@"
++ #define XEN_COMPILE_TIME "@@time@@"
++-#define XEN_COMPILE_BY "@@whoami@@"
++-#define XEN_COMPILE_DOMAIN "@@domain@@"
++-#define XEN_COMPILE_HOST "@@hostname@@"
+++#define XEN_COMPILE_SYSTEM_DISTRIBUTION "@@system_distribution@@"
+++#define XEN_COMPILE_SYSTEM_MAINTAINER_DOMAIN "@@system_maintainer_domain@@"
+++#define XEN_COMPILE_SYSTEM_MAINTAINER_LOCAL "@@system_maintainer_local@@"
+++#define XEN_COMPILE_SYSTEM_VERSION "@@system_version@@"
++ #define XEN_COMPILER "@@compiler@@"
++
++ #define XEN_VERSION @@version@@
++@@ -10,4 +11,3 @@
++ #define XEN_EXTRAVERSION "@@extraversion@@"
++
++ #define XEN_CHANGESET "@@changeset@@"
++-#define XEN_BANNER \
++--- xen-4.8.1.orig/xen/include/xen/version.h
+++++ xen-4.8.1/xen/include/xen/version.h
++@@ -6,9 +6,10 @@
++
++ const char *xen_compile_date(void);
++ const char *xen_compile_time(void);
++-const char *xen_compile_by(void);
++-const char *xen_compile_domain(void);
++-const char *xen_compile_host(void);
+++const char *xen_compile_system_distribution(void);
+++const char *xen_compile_system_maintainer_domain(void);
+++const char *xen_compile_system_maintainer_local(void);
+++const char *xen_compile_system_version(void);
++ const char *xen_compiler(void);
++ unsigned int xen_major_version(void);
++ unsigned int xen_minor_version(void);
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Tue, 20 Jun 2017 13:24:03 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 ad4cf7024d6fc069ad59913b70ccdd3db291e93e
++Subject: x86: avoid leaking PKRU and BND* between vCPU-s
++
++PKRU is explicitly "XSAVE-managed but not XSAVE-enabled", so guests
++might access the register (via {RD,WR}PKRU) without setting XCR0.PKRU.
++Force context switching as well as migrating the register as soon as
++CR4.PKE is being set the first time.
++
++For MPX (BND<n>, BNDCFGU, and BNDSTATUS) the situation is less clear,
++and the SDM has not entirely consistent information for that case.
++While experimentally the instructions don't change register state as
++long as the two XCR0 bits aren't both 1, be on the safe side and enable
++both if BNDCFGS.EN is being set the first time.
++
++This is XSA-220.
++
++Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
++
++---
++
++--- xen-4.8.1.orig/xen/arch/x86/hvm/hvm.c
+++++ xen-4.8.1/xen/arch/x86/hvm/hvm.c
++@@ -311,10 +311,39 @@ int hvm_set_guest_pat(struct vcpu *v, u6
++
++ bool hvm_set_guest_bndcfgs(struct vcpu *v, u64 val)
++ {
++- return hvm_funcs.set_guest_bndcfgs &&
++- is_canonical_address(val) &&
++- !(val & IA32_BNDCFGS_RESERVED) &&
++- hvm_funcs.set_guest_bndcfgs(v, val);
+++ if ( !hvm_funcs.set_guest_bndcfgs ||
+++ !is_canonical_address(val) ||
+++ (val & IA32_BNDCFGS_RESERVED) )
+++ return false;
+++
+++ /*
+++ * While MPX instructions are supposed to be gated on XCR0.BND*, let's
+++ * nevertheless force the relevant XCR0 bits on when the feature is being
+++ * enabled in BNDCFGS.
+++ */
+++ if ( (val & IA32_BNDCFGS_ENABLE) &&
+++ !(v->arch.xcr0_accum & (XSTATE_BNDREGS | XSTATE_BNDCSR)) )
+++ {
+++ uint64_t xcr0 = get_xcr0();
+++ int rc;
+++
+++ if ( v != current )
+++ return false;
+++
+++ rc = handle_xsetbv(XCR_XFEATURE_ENABLED_MASK,
+++ xcr0 | XSTATE_BNDREGS | XSTATE_BNDCSR);
+++
+++ if ( rc )
+++ {
+++ HVM_DBG_LOG(DBG_LEVEL_1, "Failed to force XCR0.BND*: %d", rc);
+++ return false;
+++ }
+++
+++ if ( handle_xsetbv(XCR_XFEATURE_ENABLED_MASK, xcr0) )
+++ /* nothing, best effort only */;
+++ }
+++
+++ return hvm_funcs.set_guest_bndcfgs(v, val);
++ }
++
++ /*
++@@ -2477,6 +2506,27 @@ int hvm_set_cr4(unsigned long value, boo
++ paging_update_paging_modes(v);
++ }
++
+++ /*
+++ * {RD,WR}PKRU are not gated on XCR0.PKRU and hence an oddly behaving
+++ * guest may enable the feature in CR4 without enabling it in XCR0. We
+++ * need to context switch / migrate PKRU nevertheless.
+++ */
+++ if ( (value & X86_CR4_PKE) && !(v->arch.xcr0_accum & XSTATE_PKRU) )
+++ {
+++ int rc = handle_xsetbv(XCR_XFEATURE_ENABLED_MASK,
+++ get_xcr0() | XSTATE_PKRU);
+++
+++ if ( rc )
+++ {
+++ HVM_DBG_LOG(DBG_LEVEL_1, "Failed to force XCR0.PKRU: %d", rc);
+++ goto gpf;
+++ }
+++
+++ if ( handle_xsetbv(XCR_XFEATURE_ENABLED_MASK,
+++ get_xcr0() & ~XSTATE_PKRU) )
+++ /* nothing, best effort only */;
+++ }
+++
++ return X86EMUL_OKAY;
++
++ gpf:
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Tue, 2 May 2017 12:18:38 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u1 8733567025e5095d178d6d294dbf0405d2250e37
++Subject: x86: discard type information when stealing pages
++
++While a page having just a single general reference left necessarily
++has a zero type reference count too, its type may still be valid (and
++in validated state; at present this is only possible and relevant for
++PGT_seg_desc_page, as page tables have their type forcibly zapped when
++their type reference count drops to zero, and
++PGT_{writable,shared}_page pages don't require any validation). In
++such a case when the page is being re-used with the same type again,
++validation is being skipped. As validation criteria differ between
++32- and 64-bit guests, pages to be transferred between guests need to
++have their validation indicator zapped (and with it we zap all other
++type information at once).
++
++This is XSA-214.
++
++Reported-by: Jann Horn <jannh@google.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
++
++---
++
++--- xen-4.8.1.orig/xen/arch/x86/mm.c
+++++ xen-4.8.1/xen/arch/x86/mm.c
++@@ -4422,6 +4422,17 @@ int steal_page(
++ y = cmpxchg(&page->count_info, x, x & ~PGC_count_mask);
++ } while ( y != x );
++
+++ /*
+++ * With the sole reference dropped temporarily, no-one can update type
+++ * information. Type count also needs to be zero in this case, but e.g.
+++ * PGT_seg_desc_page may still have PGT_validated set, which we need to
+++ * clear before transferring ownership (as validation criteria vary
+++ * depending on domain type).
+++ */
+++ BUG_ON(page->u.inuse.type_info & (PGT_count_mask | PGT_locked |
+++ PGT_pinned));
+++ page->u.inuse.type_info = 0;
+++
++ /* Swizzle the owner then reinstate the PGC_allocated reference. */
++ page_set_owner(page, NULL);
++ y = page->count_info;
--- /dev/null
--- /dev/null
++From: Andrew Cooper <andrew.cooper3@citrix.com>
++Date: Tue, 20 Jun 2017 19:18:54 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u3 e6773ea71538f92159ed24856e32d3a1dffb8408
++Subject: x86/grant: Disallow misaligned PTEs
++
++Pagetable entries must be aligned to function correctly. Disallow attempts
++from the guest to have a grant PTE created at a misaligned address, which
++would result in corruption of the L1 table with largely-guest-controlled
++values.
++
++This is XSA-227
++
++Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
++Reviewed-by: Jan Beulich <jbeulich@suse.com>
++
++---
++
++--- xen-4.8.1.orig/xen/arch/x86/mm.c
+++++ xen-4.8.1/xen/arch/x86/mm.c
++@@ -3965,6 +3965,9 @@ static int create_grant_pte_mapping(
++ l1_pgentry_t ol1e;
++ struct domain *d = v->domain;
++
+++ if ( !IS_ALIGNED(pte_addr, sizeof(nl1e)) )
+++ return GNTST_general_error;
+++
++ adjust_guest_l1e(nl1e, d);
++
++ gmfn = pte_addr >> PAGE_SHIFT;
++@@ -4022,6 +4025,16 @@ static int destroy_grant_pte_mapping(
++ struct page_info *page;
++ l1_pgentry_t ol1e;
++
+++ /*
+++ * addr comes from Xen's active_entry tracking so isn't guest controlled,
+++ * but it had still better be PTE-aligned.
+++ */
+++ if ( !IS_ALIGNED(addr, sizeof(ol1e)) )
+++ {
+++ ASSERT_UNREACHABLE();
+++ return GNTST_general_error;
+++ }
+++
++ gmfn = addr >> PAGE_SHIFT;
++ page = get_page_from_gfn(d, gmfn, NULL, P2M_ALLOC);
++
--- /dev/null
--- /dev/null
++From: Jan Beulich <jbeulich@suse.com>
++Date: Tue, 20 Jun 2017 13:15:54 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 2def9142bbe2459adff422239ba2a3436936f442
++Subject: x86/mm: disallow page stealing from HVM domains
++
++The operation's success can't be controlled by the guest, as the device
++model may have an active mapping of the page. If we nevertheless
++permitted this operation, we'd have to add further TLB flushing to
++prevent scenarios like
++
++"Domains A (HVM), B (PV), C (PV); B->target==A
++ Steps:
++ 1. B maps page X from A as writable
++ 2. B unmaps page X without a TLB flush
++ 3. A sends page X to C via GNTTABOP_transfer
++ 4. C maps page X as pagetable (potentially causing a TLB flush in C,
++ but not in B)
++
++ At this point, X would be mapped as a pagetable in C while being
++ writable through a stale TLB entry in B."
++
++A similar scenario could be constructed for A using XENMEM_exchange and
++some arbitrary PV domain C then having this page allocated.
++
++This is XSA-217.
++
++Reported-by: Jann Horn <jannh@google.com>
++Signed-off-by: Jan Beulich <jbeulich@suse.com>
++Acked-by: George Dunlap <george.dunlap@citrix.com>
++Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
++
++---
++
++--- xen-4.8.1.orig/xen/arch/x86/mm.c
+++++ xen-4.8.1/xen/arch/x86/mm.c
++@@ -4405,6 +4405,9 @@ int steal_page(
++ bool_t drop_dom_ref = 0;
++ const struct domain *owner = dom_xen;
++
+++ if ( paging_mode_external(d) )
+++ return -1;
+++
++ spin_lock(&d->page_alloc_lock);
++
++ if ( is_xen_heap_page(page) || ((owner = page_get_owner(page)) != d) )
--- /dev/null
--- /dev/null
++From: Andrew Cooper <andrew.cooper3@citrix.com>
++Date: Thu, 11 May 2017 14:47:00 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 6aaae51f0315661c4d79fc57594a4cf6bec2b307
++Subject: x86/shadow: Hold references for the duration of emulated writes
++
++The (misnamed) emulate_gva_to_mfn() function translates a linear address to an
++mfn, but releases its page reference before returning the mfn to its caller.
++
++sh_emulate_map_dest() uses the results of one or two translations to construct
++a virtual mapping to the underlying frames, completes an emulated
++write/cmpxchg, then unmaps the virtual mappings.
++
++The page references need holding until the mappings are unmapped, or the
++frames can change ownership before the writes occurs.
++
++This is XSA-219
++
++Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
++Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
++Reviewed-by: Jan Beulich <jbeulich@suse.com>
++Reviewed-by: Tim Deegan <tim@xen.org>
++
++---
++
++--- xen-4.8.1.orig/xen/arch/x86/mm/shadow/common.c
+++++ xen-4.8.1/xen/arch/x86/mm/shadow/common.c
++@@ -1703,7 +1703,10 @@ static unsigned int shadow_get_allocatio
++ /**************************************************************************/
++ /* Handling guest writes to pagetables. */
++
++-/* Translate a VA to an MFN, injecting a page-fault if we fail. */
+++/*
+++ * Translate a VA to an MFN, injecting a page-fault if we fail. If the
+++ * mapping succeeds, a reference will be held on the underlying page.
+++ */
++ #define BAD_GVA_TO_GFN (~0UL)
++ #define BAD_GFN_TO_MFN (~1UL)
++ #define READONLY_GFN (~2UL)
++@@ -1751,16 +1754,15 @@ static mfn_t emulate_gva_to_mfn(struct v
++ ASSERT(mfn_valid(mfn));
++
++ v->arch.paging.last_write_was_pt = !!sh_mfn_is_a_page_table(mfn);
++- /*
++- * Note shadow cannot page out or unshare this mfn, so the map won't
++- * disappear. Otherwise, caller must hold onto page until done.
++- */
++- put_page(page);
++
++ return mfn;
++ }
++
++-/* Check that the user is allowed to perform this write. */
+++/*
+++ * Check that the user is allowed to perform this write. If a mapping is
+++ * returned, page references will be held on sh_ctxt->mfn[0] and
+++ * sh_ctxt->mfn[1] iff !INVALID_MFN.
+++ */
++ void *sh_emulate_map_dest(struct vcpu *v, unsigned long vaddr,
++ unsigned int bytes,
++ struct sh_emulate_ctxt *sh_ctxt)
++@@ -1768,13 +1770,6 @@ void *sh_emulate_map_dest(struct vcpu *v
++ struct domain *d = v->domain;
++ void *map;
++
++- sh_ctxt->mfn[0] = emulate_gva_to_mfn(v, vaddr, sh_ctxt);
++- if ( !mfn_valid(sh_ctxt->mfn[0]) )
++- return ((mfn_x(sh_ctxt->mfn[0]) == BAD_GVA_TO_GFN) ?
++- MAPPING_EXCEPTION :
++- (mfn_x(sh_ctxt->mfn[0]) == READONLY_GFN) ?
++- MAPPING_SILENT_FAIL : MAPPING_UNHANDLEABLE);
++-
++ #ifndef NDEBUG
++ /* We don't emulate user-mode writes to page tables. */
++ if ( has_hvm_container_domain(d)
++@@ -1787,6 +1782,17 @@ void *sh_emulate_map_dest(struct vcpu *v
++ }
++ #endif
++
+++ sh_ctxt->mfn[0] = emulate_gva_to_mfn(v, vaddr, sh_ctxt);
+++ if ( !mfn_valid(sh_ctxt->mfn[0]) )
+++ {
+++ switch ( mfn_x(sh_ctxt->mfn[0]) )
+++ {
+++ case BAD_GVA_TO_GFN: return MAPPING_EXCEPTION;
+++ case READONLY_GFN: return MAPPING_SILENT_FAIL;
+++ default: return MAPPING_UNHANDLEABLE;
+++ }
+++ }
+++
++ /* Unaligned writes mean probably this isn't a pagetable. */
++ if ( vaddr & (bytes - 1) )
++ sh_remove_shadows(d, sh_ctxt->mfn[0], 0, 0 /* Slow, can fail. */ );
++@@ -1803,6 +1809,7 @@ void *sh_emulate_map_dest(struct vcpu *v
++ * Cross-page emulated writes are only supported for HVM guests;
++ * PV guests ought to know better.
++ */
+++ put_page(mfn_to_page(sh_ctxt->mfn[0]));
++ return MAPPING_UNHANDLEABLE;
++ }
++ else
++@@ -1810,17 +1817,26 @@ void *sh_emulate_map_dest(struct vcpu *v
++ /* This write crosses a page boundary. Translate the second page. */
++ sh_ctxt->mfn[1] = emulate_gva_to_mfn(v, vaddr + bytes - 1, sh_ctxt);
++ if ( !mfn_valid(sh_ctxt->mfn[1]) )
++- return ((mfn_x(sh_ctxt->mfn[1]) == BAD_GVA_TO_GFN) ?
++- MAPPING_EXCEPTION :
++- (mfn_x(sh_ctxt->mfn[1]) == READONLY_GFN) ?
++- MAPPING_SILENT_FAIL : MAPPING_UNHANDLEABLE);
+++ {
+++ put_page(mfn_to_page(sh_ctxt->mfn[0]));
+++ switch ( mfn_x(sh_ctxt->mfn[1]) )
+++ {
+++ case BAD_GVA_TO_GFN: return MAPPING_EXCEPTION;
+++ case READONLY_GFN: return MAPPING_SILENT_FAIL;
+++ default: return MAPPING_UNHANDLEABLE;
+++ }
+++ }
++
++ /* Cross-page writes mean probably not a pagetable. */
++ sh_remove_shadows(d, sh_ctxt->mfn[1], 0, 0 /* Slow, can fail. */ );
++
++ map = vmap(sh_ctxt->mfn, 2);
++ if ( !map )
+++ {
+++ put_page(mfn_to_page(sh_ctxt->mfn[0]));
+++ put_page(mfn_to_page(sh_ctxt->mfn[1]));
++ return MAPPING_UNHANDLEABLE;
+++ }
++ map += (vaddr & ~PAGE_MASK);
++ }
++
++@@ -1890,10 +1906,12 @@ void sh_emulate_unmap_dest(struct vcpu *
++ }
++
++ paging_mark_dirty(v->domain, mfn_x(sh_ctxt->mfn[0]));
+++ put_page(mfn_to_page(sh_ctxt->mfn[0]));
++
++ if ( unlikely(mfn_valid(sh_ctxt->mfn[1])) )
++ {
++ paging_mark_dirty(v->domain, mfn_x(sh_ctxt->mfn[1]));
+++ put_page(mfn_to_page(sh_ctxt->mfn[1]));
++ vunmap((void *)((unsigned long)addr & PAGE_MASK));
++ }
++ else
--- /dev/null
--- /dev/null
++From: Julien Grall <julien.grall@arm.com>
++Date: Tue, 6 Jun 2017 15:35:42 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 27fd4ccdf9c97f3943679f2bbb1dbd3f70d18d7e
++Subject: xen/arm: vgic: Sanitize target mask used to send SGI
++
++The current function vgic_to_sgi does not sanitize the target mask and
++may therefore get an invalid vCPU ID. This will result to an out of
++bound access of d->vcpu[...] as there is no check whether the vCPU ID is
++within the maximum supported by the guest.
++
++This was introduced by commit ea37fd2111 "xen/arm: split vgic driver
++into generic and vgic-v2 driver".
++
++Signed-off-by: Julien Grall <julien.grall@arm.com>
++Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
++
++---
++
++--- xen-4.8.1.orig/xen/arch/arm/vgic.c
+++++ xen-4.8.1/xen/arch/arm/vgic.c
++@@ -396,7 +396,8 @@ int vgic_to_sgi(struct vcpu *v, register
++ for_each_set_bit( i, &bitmap, sizeof(target->list) * 8 )
++ {
++ vcpuid = base + i;
++- if ( d->vcpu[vcpuid] == NULL || !is_vcpu_online(d->vcpu[vcpuid]) )
+++ if ( vcpuid >= d->max_vcpus || d->vcpu[vcpuid] == NULL ||
+++ !is_vcpu_online(d->vcpu[vcpuid]) )
++ {
++ gprintk(XENLOG_WARNING, "VGIC: write r=%"PRIregister" \
++ target->list=%hx, wrong CPUTargetList \n",
--- /dev/null
--- /dev/null
++From: Andrew Cooper <andrew.cooper3@citrix.com>
++Date: Tue, 20 Jun 2017 13:24:35 +0100
++X-Dgit-Generated: 4.8.1-1+deb9u2 0c353bae1b6a62c7c432aa7fb8f261ff3f2bf4a8
++Subject: xen/memory: Fix return value handing of guest_remove_page()
++
++Despite the description in mm.h, guest_remove_page() previously returned 0 for
++paging errors.
++
++Switch guest_remove_page() to having regular 0/-error semantics, and propagate
++the return values from clear_mmio_p2m_entry() and mem_sharing_unshare_page()
++to the callers (although decrease_reservation() is the only caller which
++currently cares).
++
++This is part of XSA-222.
++
++Reported-by: Julien Grall <julien.grall@arm.com>
++Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
++
++---
++
++--- xen-4.8.1.orig/xen/common/memory.c
+++++ xen-4.8.1/xen/common/memory.c
++@@ -264,6 +264,7 @@ int guest_remove_page(struct domain *d,
++ p2m_type_t p2mt;
++ #endif
++ mfn_t mfn;
+++ int rc;
++
++ #ifdef CONFIG_X86
++ mfn = get_gfn_query(d, gmfn, &p2mt);
++@@ -281,13 +282,15 @@ int guest_remove_page(struct domain *d,
++ put_page(page);
++ }
++ p2m_mem_paging_drop_page(d, gmfn, p2mt);
++- return 1;
+++
+++ return 0;
++ }
++ if ( p2mt == p2m_mmio_direct )
++ {
++- clear_mmio_p2m_entry(d, gmfn, mfn, 0);
+++ rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K);
++ put_gfn(d, gmfn);
++- return 1;
+++
+++ return rc;
++ }
++ #else
++ mfn = gfn_to_mfn(d, _gfn(gmfn));
++@@ -297,21 +300,25 @@ int guest_remove_page(struct domain *d,
++ put_gfn(d, gmfn);
++ gdprintk(XENLOG_INFO, "Domain %u page number %lx invalid\n",
++ d->domain_id, gmfn);
++- return 0;
+++
+++ return -EINVAL;
++ }
++
++ #ifdef CONFIG_X86
++ if ( p2m_is_shared(p2mt) )
++ {
++- /* Unshare the page, bail out on error. We unshare because
++- * we might be the only one using this shared page, and we
++- * need to trigger proper cleanup. Once done, this is
++- * like any other page. */
++- if ( mem_sharing_unshare_page(d, gmfn, 0) )
+++ /*
+++ * Unshare the page, bail out on error. We unshare because we
+++ * might be the only one using this shared page, and we need to
+++ * trigger proper cleanup. Once done, this is like any other page.
+++ */
+++ rc = mem_sharing_unshare_page(d, gmfn, 0);
+++ if ( rc )
++ {
++ put_gfn(d, gmfn);
++ (void)mem_sharing_notify_enomem(d, gmfn, 0);
++- return 0;
+++
+++ return rc;
++ }
++ /* Maybe the mfn changed */
++ mfn = get_gfn_query_unlocked(d, gmfn, &p2mt);
++@@ -324,7 +331,8 @@ int guest_remove_page(struct domain *d,
++ {
++ put_gfn(d, gmfn);
++ gdprintk(XENLOG_INFO, "Bad page free for domain %u\n", d->domain_id);
++- return 0;
+++
+++ return -ENXIO;
++ }
++
++ if ( test_and_clear_bit(_PGT_pinned, &page->u.inuse.type_info) )
++@@ -347,7 +355,7 @@ int guest_remove_page(struct domain *d,
++ put_page(page);
++ put_gfn(d, gmfn);
++
++- return 1;
+++ return 0;
++ }
++
++ static void decrease_reservation(struct memop_args *a)
++@@ -391,7 +399,7 @@ static void decrease_reservation(struct
++ continue;
++
++ for ( j = 0; j < (1 << a->extent_order); j++ )
++- if ( !guest_remove_page(a->domain, gmfn + j) )
+++ if ( guest_remove_page(a->domain, gmfn + j) )
++ goto out;
++ }
++
++--- xen-4.8.1.orig/xen/include/xen/mm.h
+++++ xen-4.8.1/xen/include/xen/mm.h
++@@ -553,9 +553,8 @@ int xenmem_add_to_physmap_one(struct dom
++ union xen_add_to_physmap_batch_extra extra,
++ unsigned long idx, gfn_t gfn);
++
++-/* Returns 1 on success, 0 on error, negative if the ring
++- * for event propagation is full in the presence of paging */
++-int guest_remove_page(struct domain *d, unsigned long gfn);
+++/* Returns 0 on success, or negative on error. */
+++int guest_remove_page(struct domain *d, unsigned long gmfn);
++
++ #define RAM_TYPE_CONVENTIONAL 0x00000001
++ #define RAM_TYPE_RESERVED 0x00000002
--- /dev/null
--- /dev/null
++2
--- /dev/null
--- /dev/null
++#!/usr/bin/make -f
++
++# Uncomment this to turn on verbose mode.
++#export DH_VERBOSE=1
++
++include /usr/share/dpkg/default.mk
++
++SOURCE := $(shell dpkg-parsechangelog | sed -ne 's,^Source: *\(.*\)$$,\1,p')
++VERSION_BINNMU := $(shell echo "$(DEB_VERSION)" | sed -ne 's,.*\+b\(.*\)$$,\1,p')
++
++include debian/rules.defs
++
++setup: debian/control
++ dh_testdir
++ $(MAKE) -f debian/rules.gen setup_$(DEB_HOST_ARCH)
++
++build: build-arch build-indep
++
++build-arch: setup
++ dh_testdir
++ $(MAKE) -f debian/rules.gen build-arch_$(DEB_HOST_ARCH)
++
++build-indep: setup
++ dh_testdir
++ $(MAKE) -f debian/rules.gen build-indep
++
++maintainerclean:
++ rm -f debian/control* debian/rules.gen debian/xen-hypervisor-* debian/xen-utils-[0-9]*
++
++clean: debian/control
++ dh_testdir
++ rm -rf $(BUILD_DIR) $(STAMPS_DIR) debian/lib/python/debian_xen/__pycache__
++ dh_clean
++
++binary-indep:
++ dh_testdir
++ $(MAKE) -f debian/rules.gen binary-indep
++
++binary-arch:
++ dh_testdir
++ $(MAKE) -f debian/rules.gen binary-arch_$(DEB_HOST_ARCH)
++
++binary: binary-indep binary-arch
++
++CONTROL_FILES += debian/changelog debian/bin/gencontrol.py $(wildcard debian/templates/*.in)
++CONTROL_FILES += $(wildcard debian/arch/defines) $(wildcard debian/arch/*/defines)
++GENCONTROL = $(__MODULES_DIR)gencontrol.py
++debian/control debian/rules.gen: $(CONTROL_FILES)
++ifeq ($(wildcard debian/control.md5sum),)
++ $(MAKE) -f debian/rules debian/control-real
++else ifeq ($(VERSION_BINNMU),)
++ md5sum --check debian/control.md5sum --status || \
++ $(MAKE) -f debian/rules debian/control-real
++else
++ grep -v debian/changelog debian/control.md5sum | md5sum --check - --status || \
++ $(MAKE) -f debian/rules debian/control-real
++endif
++
++debian/control-real: $(CONTROL_FILES)
++ debian/bin/gencontrol.py
++ md5sum $^ > debian/control.md5sum
++ @echo
++ @echo This target is made to fail intentionally, to make sure
++ @echo that it is NEVER run during the automated build. Please
++ @echo ignore the following error, the debian/control file has
++ @echo been generated SUCCESSFULLY.
++ @echo
++ exit 1
++
++.PHONY: clean build binary-indep binary-arch binary
--- /dev/null
--- /dev/null
++KERNELVERSION := 4.7.0-1
++BUILD_DIR = debian/build
++STAMPS_DIR = debian/stamps
++TEMPLATES_DIR = debian/templates
--- /dev/null
--- /dev/null
++.NOTPARALLEL:
++binary-arch: binary-arch_amd64 binary-arch_arm64 binary-arch_armhf binary-arch_i386
++binary-arch_amd64: binary-arch_amd64_none binary-arch_amd64_real
++binary-arch_amd64_none: binary-arch_amd64_none_amd64 binary-arch_amd64_none_real
++binary-arch_amd64_none_amd64:: binary-arch_amd64_none_amd64_real
++binary-arch_amd64_none_amd64::
++ $(MAKE) -f debian/rules.real binary-arch-flavour ARCH='amd64' FEATURESET='none' FLAVOUR='amd64' IMAGE_SUFFIX='.gz' VERSION='4.8' XEN_ARCH='x86_64'
++ $(MAKE) -f debian/rules.real install-dummy DH_OPTIONS='-pxen-system-amd64' ARCH='amd64' FEATURESET='none' FLAVOUR='amd64' IMAGE_SUFFIX='.gz' VERSION='4.8' XEN_ARCH='x86_64'
++binary-arch_amd64_none_amd64_real:
++binary-arch_amd64_none_real:
++binary-arch_amd64_real::
++ $(MAKE) -f debian/rules.real binary-arch-arch ARCH='amd64' VERSION='4.8' XEN_ARCH='x86_64'
++binary-arch_arm64: binary-arch_arm64_none binary-arch_arm64_real
++binary-arch_arm64_none: binary-arch_arm64_none_arm64 binary-arch_arm64_none_real
++binary-arch_arm64_none_arm64:: binary-arch_arm64_none_arm64_real
++binary-arch_arm64_none_arm64::
++ $(MAKE) -f debian/rules.real binary-arch-flavour ARCH='arm64' FEATURESET='none' FLAVOUR='arm64' IMAGE_SUFFIX='' VERSION='4.8' XEN_ARCH='arm64'
++ $(MAKE) -f debian/rules.real install-dummy DH_OPTIONS='-pxen-system-arm64' ARCH='arm64' FEATURESET='none' FLAVOUR='arm64' IMAGE_SUFFIX='' VERSION='4.8' XEN_ARCH='arm64'
++binary-arch_arm64_none_arm64_real:
++binary-arch_arm64_none_real:
++binary-arch_arm64_real::
++ $(MAKE) -f debian/rules.real binary-arch-arch ARCH='arm64' VERSION='4.8' XEN_ARCH='arm64'
++binary-arch_armhf: binary-arch_armhf_none binary-arch_armhf_real
++binary-arch_armhf_none: binary-arch_armhf_none_armhf binary-arch_armhf_none_real
++binary-arch_armhf_none_armhf:: binary-arch_armhf_none_armhf_real
++binary-arch_armhf_none_armhf::
++ $(MAKE) -f debian/rules.real binary-arch-flavour ARCH='armhf' FEATURESET='none' FLAVOUR='armhf' IMAGE_SUFFIX='' VERSION='4.8' XEN_ARCH='arm32'
++ $(MAKE) -f debian/rules.real install-dummy DH_OPTIONS='-pxen-system-armhf' ARCH='armhf' FEATURESET='none' FLAVOUR='armhf' IMAGE_SUFFIX='' VERSION='4.8' XEN_ARCH='arm32'
++binary-arch_armhf_none_armhf_real:
++binary-arch_armhf_none_real:
++binary-arch_armhf_real::
++ $(MAKE) -f debian/rules.real binary-arch-arch ARCH='armhf' VERSION='4.8' XEN_ARCH='arm32'
++binary-arch_i386: binary-arch_i386_none binary-arch_i386_real
++binary-arch_i386_none: binary-arch_i386_none_amd64 binary-arch_i386_none_real
++binary-arch_i386_none_amd64:: binary-arch_i386_none_amd64_real
++binary-arch_i386_none_amd64::
++ $(MAKE) -f debian/rules.real binary-arch-flavour ARCH='i386' FEATURESET='none' FLAVOUR='amd64' VERSION='4.8' XEN_ARCH='x86_64'
++ $(MAKE) -f debian/rules.real install-dummy DH_OPTIONS='-pxen-system-amd64' ARCH='i386' FEATURESET='none' FLAVOUR='amd64' VERSION='4.8' XEN_ARCH='x86_64'
++binary-arch_i386_none_amd64_real:
++binary-arch_i386_none_real:
++binary-arch_i386_real::
++ $(MAKE) -f debian/rules.real binary-arch-arch ARCH='i386' VERSION='4.8' XEN_ARCH='x86_32'
++binary-indep::
++ $(MAKE) -f debian/rules.real binary-indep VERSION='4.8'
++build-arch: build-arch_amd64 build-arch_arm64 build-arch_armhf build-arch_i386
++build-arch_amd64: build-arch_amd64_none build-arch_amd64_real
++build-arch_amd64_none: build-arch_amd64_none_amd64 build-arch_amd64_none_real
++build-arch_amd64_none_amd64:: build-arch_amd64_none_amd64_real
++build-arch_amd64_none_amd64::
++ $(MAKE) -f debian/rules.real build-arch-flavour ARCH='amd64' FEATURESET='none' FLAVOUR='amd64' IMAGE_SUFFIX='.gz' VERSION='4.8' XEN_ARCH='x86_64'
++build-arch_amd64_none_amd64_real:
++build-arch_amd64_none_real:
++build-arch_amd64_real::
++ $(MAKE) -f debian/rules.real build-arch-arch ARCH='amd64' VERSION='4.8' XEN_ARCH='x86_64'
++build-arch_arm64: build-arch_arm64_none build-arch_arm64_real
++build-arch_arm64_none: build-arch_arm64_none_arm64 build-arch_arm64_none_real
++build-arch_arm64_none_arm64:: build-arch_arm64_none_arm64_real
++build-arch_arm64_none_arm64::
++ $(MAKE) -f debian/rules.real build-arch-flavour ARCH='arm64' FEATURESET='none' FLAVOUR='arm64' IMAGE_SUFFIX='' VERSION='4.8' XEN_ARCH='arm64'
++build-arch_arm64_none_arm64_real:
++build-arch_arm64_none_real:
++build-arch_arm64_real::
++ $(MAKE) -f debian/rules.real build-arch-arch ARCH='arm64' VERSION='4.8' XEN_ARCH='arm64'
++build-arch_armhf: build-arch_armhf_none build-arch_armhf_real
++build-arch_armhf_none: build-arch_armhf_none_armhf build-arch_armhf_none_real
++build-arch_armhf_none_armhf:: build-arch_armhf_none_armhf_real
++build-arch_armhf_none_armhf::
++ $(MAKE) -f debian/rules.real build-arch-flavour ARCH='armhf' FEATURESET='none' FLAVOUR='armhf' IMAGE_SUFFIX='' VERSION='4.8' XEN_ARCH='arm32'
++build-arch_armhf_none_armhf_real:
++build-arch_armhf_none_real:
++build-arch_armhf_real::
++ $(MAKE) -f debian/rules.real build-arch-arch ARCH='armhf' VERSION='4.8' XEN_ARCH='arm32'
++build-arch_i386: build-arch_i386_none build-arch_i386_real
++build-arch_i386_none: build-arch_i386_none_amd64 build-arch_i386_none_real
++build-arch_i386_none_amd64:: build-arch_i386_none_amd64_real
++build-arch_i386_none_amd64::
++ $(MAKE) -f debian/rules.real build-arch-flavour ARCH='i386' FEATURESET='none' FLAVOUR='amd64' VERSION='4.8' XEN_ARCH='x86_64'
++build-arch_i386_none_amd64_real:
++build-arch_i386_none_real:
++build-arch_i386_real::
++ $(MAKE) -f debian/rules.real build-arch-arch ARCH='i386' VERSION='4.8' XEN_ARCH='x86_32'
++build-indep::
++ $(MAKE) -f debian/rules.real build-indep VERSION='4.8'
++setup: setup_amd64 setup_arm64 setup_armhf setup_i386
++setup_amd64: setup_amd64_none setup_amd64_real
++setup_amd64_none: setup_amd64_none_amd64 setup_amd64_none_real
++setup_amd64_none_amd64:: setup_amd64_none_amd64_real
++setup_amd64_none_amd64::
++ $(MAKE) -f debian/rules.real setup-flavour ARCH='amd64' FEATURESET='none' FLAVOUR='amd64' IMAGE_SUFFIX='.gz' VERSION='4.8' XEN_ARCH='x86_64'
++setup_amd64_none_amd64_real:
++setup_amd64_none_real:
++setup_amd64_real::
++ $(MAKE) -f debian/rules.real setup-arch ARCH='amd64' VERSION='4.8' XEN_ARCH='x86_64'
++setup_arm64: setup_arm64_none setup_arm64_real
++setup_arm64_none: setup_arm64_none_arm64 setup_arm64_none_real
++setup_arm64_none_arm64:: setup_arm64_none_arm64_real
++setup_arm64_none_arm64::
++ $(MAKE) -f debian/rules.real setup-flavour ARCH='arm64' FEATURESET='none' FLAVOUR='arm64' IMAGE_SUFFIX='' VERSION='4.8' XEN_ARCH='arm64'
++setup_arm64_none_arm64_real:
++setup_arm64_none_real:
++setup_arm64_real::
++ $(MAKE) -f debian/rules.real setup-arch ARCH='arm64' VERSION='4.8' XEN_ARCH='arm64'
++setup_armhf: setup_armhf_none setup_armhf_real
++setup_armhf_none: setup_armhf_none_armhf setup_armhf_none_real
++setup_armhf_none_armhf:: setup_armhf_none_armhf_real
++setup_armhf_none_armhf::
++ $(MAKE) -f debian/rules.real setup-flavour ARCH='armhf' FEATURESET='none' FLAVOUR='armhf' IMAGE_SUFFIX='' VERSION='4.8' XEN_ARCH='arm32'
++setup_armhf_none_armhf_real:
++setup_armhf_none_real:
++setup_armhf_real::
++ $(MAKE) -f debian/rules.real setup-arch ARCH='armhf' VERSION='4.8' XEN_ARCH='arm32'
++setup_i386: setup_i386_none setup_i386_real
++setup_i386_none: setup_i386_none_amd64 setup_i386_none_real
++setup_i386_none_amd64:: setup_i386_none_amd64_real
++setup_i386_none_amd64::
++ $(MAKE) -f debian/rules.real setup-flavour ARCH='i386' FEATURESET='none' FLAVOUR='amd64' VERSION='4.8' XEN_ARCH='x86_64'
++setup_i386_none_amd64_real:
++setup_i386_none_real:
++setup_i386_real::
++ $(MAKE) -f debian/rules.real setup-arch ARCH='i386' VERSION='4.8' XEN_ARCH='x86_32'
--- /dev/null
--- /dev/null
++include /usr/share/dpkg/default.mk
++
++export DH_OPTIONS
++
++setup_env := env -u ARCH -u FLAVOUR -u VERSION -u MAKEFLAGS
++
++MAKE_CLEAN = $(setup_env) $(MAKE) V=1
++MAKE_SELF = $(MAKE) -f debian/rules.real
++
++include debian/rules.defs
++
++stamp = [ -d $(dir $@) ] || mkdir $(dir $@); touch $@
++
++binary-arch-arch: install-libxen_$(ARCH)
++binary-arch-arch: install-libxen-dev_$(ARCH)
++binary-arch-arch: install-libxenstore_$(ARCH)
++binary-arch-arch: install-utils_$(ARCH)
++binary-arch-arch: install-xenstore-utils_$(ARCH)
++binary-arch-flavour: install-hypervisor_$(ARCH)_$(FLAVOUR)
++
++binary-indep: install-utils-common
++
++build-arch-arch: $(STAMPS_DIR)/build-utils_$(ARCH)
++build-arch-flavour: $(STAMPS_DIR)/build-hypervisor_$(ARCH)_$(FLAVOUR)
++
++build-indep: $(STAMPS_DIR)/build-docs
++
++setup-arch: $(STAMPS_DIR)/setup-utils_$(ARCH)
++setup-flavour: $(STAMPS_DIR)/setup-hypervisor_$(ARCH)_$(FLAVOUR)
++
++$(STAMPS_DIR)/setup-docs: SOURCE_FILES = $(filter-out debian, $(wildcard *))
++$(STAMPS_DIR)/setup-docs: DIR=$(BUILD_DIR)/build-docs
++$(STAMPS_DIR)/setup-docs:
++ @rm -rf $(DIR)
++ mkdir -p $(DIR)
++ cp -al $(SOURCE_FILES) $(DIR)
++ cp --remove-destination /usr/share/misc/config.guess /usr/share/misc/config.sub $(DIR)
++ cd $(DIR); \
++ WGET=/bin/false \
++ ./configure --disable-stubdom --disable-xen --prefix=/usr
++ @$(stamp)
++
++$(STAMPS_DIR)/setup-hypervisor_$(ARCH)_$(FLAVOUR): SOURCE_FILES = $(filter-out debian, $(wildcard *))
++$(STAMPS_DIR)/setup-hypervisor_$(ARCH)_$(FLAVOUR): DIR=$(BUILD_DIR)/build-hypervisor_$(ARCH)_$(FLAVOUR)
++$(STAMPS_DIR)/setup-hypervisor_$(ARCH)_$(FLAVOUR):
++ @rm -rf $(DIR)
++ mkdir -p $(DIR)
++ cp -al $(SOURCE_FILES) $(DIR)
++ echo "XEN_VENDORVERSION := $(EXTRAVERSION)" > $(DIR)/xen/xen-version
++ @$(stamp)
++
++$(STAMPS_DIR)/setup-utils_$(ARCH): SOURCE_FILES = $(filter-out debian, $(wildcard *))
++$(STAMPS_DIR)/setup-utils_$(ARCH): DIR=$(BUILD_DIR)/build-utils_$(ARCH)
++$(STAMPS_DIR)/setup-utils_$(ARCH):
++ @rm -rf $(DIR)
++ mkdir -p $(DIR)
++ cp -al $(SOURCE_FILES) $(DIR)
++ cp --remove-destination /usr/share/misc/config.guess /usr/share/misc/config.sub $(DIR)
++ cd $(DIR); \
++ WGET=/bin/false \
++ ./configure \
++ --disable-docs --disable-stubdom --disable-xen \
++ --prefix=/usr \
++ --includedir=/usr/include \
++ --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
++ --mandir=/usr/share/man \
++ --infodir=/usr/share/info \
++ --sysconfdir=/etc \
++ --localstatedir=/var \
++ --with-libexec-leaf-dir=xen-$(VERSION) \
++ --disable-blktap1 \
++ --disable-blktap2 \
++ --disable-ocamltools \
++ --disable-qemu-traditional --disable-rombios \
++ --with-system-qemu=/usr/bin/qemu-system-i386 \
++ --with-system-seabios=/usr/share/seabios/bios-256k.bin
++ @$(stamp)
++
++$(STAMPS_DIR)/build-docs: DIR=$(BUILD_DIR)/build-docs
++$(STAMPS_DIR)/build-docs: $(STAMPS_DIR)/setup-docs
++ +$(MAKE_CLEAN) -C $(DIR)/docs
++ touch $@
++
++# Adding LANG=C.UTF-8 to the build environment to work around a bug in grep
++# which causes it to switch into binary mode in the middle of a file.
++# (see http://bugs.launchpad.net/bugs/1547466)
++
++$(STAMPS_DIR)/build-hypervisor_$(ARCH)_$(FLAVOUR): DIR=$(BUILD_DIR)/build-hypervisor_$(ARCH)_$(FLAVOUR)
++$(STAMPS_DIR)/build-hypervisor_$(ARCH)_$(FLAVOUR): $(STAMPS_DIR)/setup-hypervisor_$(ARCH)_$(FLAVOUR)
++ +$(MAKE_CLEAN) -C $(DIR)/xen \
++ XEN_COMPILE_ARCH=$(XEN_ARCH) \
++ XEN_TARGET_ARCH=$(XEN_ARCH) \
++ LANG=C.UTF-8
++ touch $@
++
++$(STAMPS_DIR)/build-utils_$(ARCH) \
++$(STAMPS_DIR)/install-utils_$(ARCH): CONFIG = \
++ debug=n \
++ XEN_COMPILE_ARCH=$(XEN_ARCH) \
++ XEN_TARGET_ARCH=$(XEN_ARCH) \
++ EXTRA_CFLAGS_XEN_TOOLS="$(CFLAGS)" \
++ APPEND_CPPFLAGS="$(CPPFLAGS)" \
++ APPEND_LDFLAGS="$(LDFLAGS)" \
++ OCAMLDESTDIR=$(CURDIR)/$(BUILD_DIR)/install-utils_$(ARCH)/$(OCAML_STDLIB_DIR) \
++ PYTHON=$(shell pyversions -r) \
++ LANG=C.UTF-8
++
++$(STAMPS_DIR)/build-utils_$(ARCH): DIR=$(BUILD_DIR)/build-utils_$(ARCH)
++$(STAMPS_DIR)/build-utils_$(ARCH): $(STAMPS_DIR)/setup-utils_$(ARCH)
++ +$(MAKE_CLEAN) -C $(DIR)/tools $(CONFIG)
++ touch $@
++
++$(STAMPS_DIR)/install-utils_$(ARCH): DIR = $(BUILD_DIR)/build-utils_$(ARCH)
++$(STAMPS_DIR)/install-utils_$(ARCH): INSTALL_DIR = $(BUILD_DIR)/install-utils_$(ARCH)
++$(STAMPS_DIR)/install-utils_$(ARCH): $(STAMPS_DIR)/build-utils_$(ARCH)
++ @rm -rf $(INSTALL_DIR)
++ mkdir -p $(INSTALL_DIR)/$(OCAML_DLL_DIR)
++ +$(MAKE_CLEAN) -C $(DIR)/tools install DESTDIR=$(CURDIR)/$(INSTALL_DIR) $(CONFIG)
++ifneq ($(filter i386 amd64,$(ARCH)),)
++ # hvmloader
++ strip --remove-section=.comment --remove-section=.note $(INSTALL_DIR)/usr/lib/xen*/boot/*
++endif
++ touch $@
++
++$(STAMPS_DIR)/install-utils-common: DIR = $(BUILD_DIR)/build-docs
++$(STAMPS_DIR)/install-utils-common: INSTALL_DIR = $(BUILD_DIR)/install-utils-common
++$(STAMPS_DIR)/install-utils-common: export DESTDIR = $(CURDIR)/$(INSTALL_DIR)
++$(STAMPS_DIR)/install-utils-common: $(STAMPS_DIR)/build-docs
++ @rm -rf $(INSTALL_DIR)
++ +$(MAKE_CLEAN) -C $(SOURCE_DIR)/tools/examples install-configs
++ +$(MAKE_CLEAN) -C $(SOURCE_DIR)/tools/hotplug/common install-scripts
++ +$(MAKE_CLEAN) -C $(SOURCE_DIR)/tools/hotplug/Linux install-scripts
++ +$(MAKE_CLEAN) -C debian/scripts install
++ touch $@
++
++install-base:
++ dh_installchangelogs -XChangelog
++ dh_installdirs
++ dh_installdocs
++ dh_installexamples
++ dh_compress
++ dh_fixperms
++ dh_installdeb
++ dh_gencontrol -- $(GENCONTROL_ARGS)
++ dh_md5sums
++ dh_builddeb
++
++install-dummy:
++ dh_testdir
++ dh_testroot
++ dh_prep
++ +$(MAKE_SELF) install-base
++
++install-hypervisor_$(ARCH)_$(FLAVOUR): DIR=$(BUILD_DIR)/build-hypervisor_$(ARCH)_$(FLAVOUR)
++install-hypervisor_$(ARCH)_$(FLAVOUR): PACKAGE_NAME = xen-hypervisor-$(VERSION)-$(FLAVOUR)
++install-hypervisor_$(ARCH)_$(FLAVOUR): DH_OPTIONS = -p$(PACKAGE_NAME)
++install-hypervisor_$(ARCH)_$(FLAVOUR): $(STAMPS_DIR)/build-hypervisor_$(ARCH)_$(FLAVOUR)
++ dh_testdir
++ dh_testroot
++ dh_prep
++ dh_installdirs boot
++ # FIXME: Think of better solution (grub used for other arches?)
++ dh_installdirs etc/default/grub.d
++ install -D -m644 debian/xen-hypervisor-$(VERSION).xen.cfg \
++ debian/$(PACKAGE_NAME)/etc/default/grub.d/xen.cfg
++ dh_install debian/templates/xen-hypervisor.bug/* usr/share/bug/$(PACKAGE_NAME)
++ cp $(DIR)/xen/xen$(IMAGE_SUFFIX) debian/$(PACKAGE_NAME)/boot/xen-$(VERSION)-$(FLAVOUR)$(IMAGE_SUFFIX)
++ifeq ($(ARCH),amd64)
++ cp $(DIR)/xen/xen.efi debian/$(PACKAGE_NAME)/boot/xen-$(VERSION)-$(FLAVOUR).efi
++endif
++ +$(MAKE_SELF) install-base
++
++install-libxen_$(ARCH): DIR = $(BUILD_DIR)/install-utils_$(ARCH)
++install-libxen_$(ARCH): PACKAGE_NAME = libxen-$(VERSION)
++install-libxen_$(ARCH): DH_OPTIONS = -p$(PACKAGE_NAME)
++install-libxen_$(ARCH): $(STAMPS_DIR)/install-utils_$(ARCH) install-libxenstore_$(ARCH)
++ dh_testdir
++ dh_testroot
++ dh_prep
++ dh_install --sourcedir=$(DIR) usr/lib/*/lib*-$(VERSION).so*
++ dh_install debian/templates/libxen.bug/* usr/share/bug/$(PACKAGE_NAME)
++ dh_strip
++ dh_makeshlibs -V
++ dh_shlibdeps
++ +$(MAKE_SELF) install-base
++
++install-libxen-dev_$(ARCH): DIR = $(BUILD_DIR)/install-utils_$(ARCH)
++install-libxen-dev_$(ARCH): PACKAGE_NAME = libxen-dev
++install-libxen-dev_$(ARCH): DH_OPTIONS = -p$(PACKAGE_NAME)
++install-libxen-dev_$(ARCH): $(STAMPS_DIR)/install-utils_$(ARCH)
++ dh_testdir
++ dh_testroot
++ dh_prep
++ # Move pkgconfig into a multiarch compliant place
++ mv $(DIR)/usr/share/pkgconfig $(DIR)/usr/lib/$(DEB_HOST_MULTIARCH)/
++ dh_install --sourcedir=$(DIR)
++ dh_strip
++ dh_shlibdeps
++ +$(MAKE_SELF) install-base
++
++install-libxenstore_$(ARCH): DIR = $(BUILD_DIR)/install-utils_$(ARCH)
++install-libxenstore_$(ARCH): PACKAGE_NAME = libxenstore3.0
++install-libxenstore_$(ARCH): DH_OPTIONS = -p$(PACKAGE_NAME)
++install-libxenstore_$(ARCH): $(STAMPS_DIR)/install-utils_$(ARCH)
++ dh_testdir
++ dh_testroot
++ dh_prep
++ dh_install --sourcedir=$(DIR)
++ dh_strip
++ dh_makeshlibs -V
++ dh_shlibdeps
++ +$(MAKE_SELF) install-base
++
++install-utils_$(ARCH): SOURCE_DIR = $(BUILD_DIR)/build-utils_$(ARCH)
++install-utils_$(ARCH): DIR = $(BUILD_DIR)/install-utils_$(ARCH)
++install-utils_$(ARCH): PACKAGE_NAME = xen-utils-$(VERSION)
++install-utils_$(ARCH): PACKAGE_DIR = debian/$(PACKAGE_NAME)
++install-utils_$(ARCH): DH_OPTIONS = -p$(PACKAGE_NAME)
++install-utils_$(ARCH): $(STAMPS_DIR)/install-utils_$(ARCH) install-libxen_$(ARCH)
++ dh_testdir
++ dh_testroot
++ dh_prep
++ install -D -m644 debian/xen-utils.NEWS $(PACKAGE_DIR)/usr/share/doc/$(PACKAGE_NAME)/NEWS
++ install -D -m644 debian/xen-utils.README.Debian $(PACKAGE_DIR)/usr/share/doc/$(PACKAGE_NAME)/README.Debian
++ dh_install --sourcedir=$(DIR) usr/lib/xen-$(VERSION)
++ dh_install debian/templates/xen-utils.bug/* usr/share/bug/$(PACKAGE_NAME)
++ dh_lintian
++ ( echo -n "misc:Built-Using="; dpkg-query -f='$${source:Package} (= $${source:Version}), ' -W ipxe-qemu seabios; echo ) >> debian/$(PACKAGE_NAME).substvars
++ dh_python2 -V$(shell pyversions -rv) /usr/lib/xen-$(VERSION)
++ dh_strip
++ dh_makeshlibs -V
++ dh_shlibdeps
++ +$(MAKE_SELF) install-base
++
++install-utils-common: SOURCE_DIR = $(BUILD_DIR)/build-docs
++install-utils-common: DIR = $(BUILD_DIR)/install-utils-common
++install-utils-common: PACKAGE_NAME = xen-utils-common
++install-utils-common: DH_OPTIONS = -p$(PACKAGE_NAME)
++install-utils-common: $(STAMPS_DIR)/install-utils-common
++ dh_testdir
++ dh_testroot
++ dh_prep
++ dh_install -X .svn --sourcedir=$(DIR)
++ dh_installinit --name xen -- defaults 20 21
++ dh_installinit --name xend
++ dh_installinit --name xendomains --no-start -- defaults 21 20
++ dh_installman \
++ $(SOURCE_DIR)/docs/man1/* \
++ $(SOURCE_DIR)/docs/man5/* \
++ $(SOURCE_DIR)/docs/man8/*
++ dh_installdocs $(SOURCE_DIR)/docs/txt/misc
++ dh_link
++ dh_ucf
++ +$(MAKE_SELF) install-base
++
++install-xenstore-utils_$(ARCH): DIR = $(BUILD_DIR)/install-utils_$(ARCH)
++install-xenstore-utils_$(ARCH): PACKAGE_NAME = xenstore-utils
++install-xenstore-utils_$(ARCH): DH_OPTIONS = -p$(PACKAGE_NAME)
++install-xenstore-utils_$(ARCH): $(STAMPS_DIR)/install-utils_$(ARCH) install-libxenstore_$(ARCH)
++ dh_testdir
++ dh_testroot
++ dh_prep
++ dh_install --sourcedir=$(DIR)
++ dh_strip
++ dh_shlibdeps
++ +$(MAKE_SELF) install-base
++
++# vim: filetype=make
--- /dev/null
--- /dev/null
++ETC_SCRIPTS = \
++ qemu-ifup
++
++GLOBAL_SCRIPTS = \
++ xen
++
++GLOBAL_TOOLSTACK_LINKS = \
++ xl \
++ xm
++
++GLOBAL_TOOLSTACK_WRAPPER = xen-toolstack-wrapper
++
++GLOBAL_UTILS_LINKS = \
++ xenperf \
++ xenpm \
++ xentop \
++ xentrace \
++ xentrace_format \
++ xentrace_setmask \
++ xentrace_setsize
++
++GLOBAL_UTILS_WRAPPER = xen-utils-wrapper
++
++PRIVATE_SCRIPTS = \
++ xen-dir \
++ xen-init-list \
++ xen-init-name \
++ xen-toolstack \
++ xen-version \
++ $(GLOBAL_TOOLSTACK_WRAPPER) \
++ $(GLOBAL_UTILS_WRAPPER)
++
++ETC_SCRIPTS_DIR = /etc/xen/scripts
++GLOBAL_SCRIPTS_DIR = /usr/sbin
++PRIVATE_SCRIPTS_DIR = /usr/lib/xen-common/bin
++
++install:
++ install -d $(DESTDIR)$(ETC_SCRIPTS_DIR)
++ install $(ETC_SCRIPTS) $(DESTDIR)$(ETC_SCRIPTS_DIR)
++ install -d $(DESTDIR)$(GLOBAL_SCRIPTS_DIR)
++ install $(GLOBAL_SCRIPTS) $(DESTDIR)$(GLOBAL_SCRIPTS_DIR)
++ @for i in $(GLOBAL_TOOLSTACK_LINKS); do \
++ echo ln -s $(PRIVATE_SCRIPTS_DIR)/$(GLOBAL_TOOLSTACK_WRAPPER) $(DESTDIR)$(GLOBAL_SCRIPTS_DIR)/$$i; \
++ ln -s $(PRIVATE_SCRIPTS_DIR)/$(GLOBAL_TOOLSTACK_WRAPPER) $(DESTDIR)$(GLOBAL_SCRIPTS_DIR)/$$i || exit 1; \
++ done
++ @for i in $(GLOBAL_UTILS_LINKS); do \
++ echo ln -s $(PRIVATE_SCRIPTS_DIR)/$(GLOBAL_UTILS_WRAPPER) $(DESTDIR)$(GLOBAL_SCRIPTS_DIR)/$$i; \
++ ln -s $(PRIVATE_SCRIPTS_DIR)/$(GLOBAL_UTILS_WRAPPER) $(DESTDIR)$(GLOBAL_SCRIPTS_DIR)/$$i || exit 1; \
++ done
++ install -d $(DESTDIR)$(PRIVATE_SCRIPTS_DIR)
++ install $(PRIVATE_SCRIPTS) $(DESTDIR)$(PRIVATE_SCRIPTS_DIR)
++
--- /dev/null
--- /dev/null
++#!/bin/sh
++
++echo -c 'config qemu network with xen bridge for '
++echo $*
++
++# Initialise a dummy MAC address. We choose the numerically
++# largest non-broadcast address to prevent the address getting
++# stolen by an Ethernet bridge for STP purposes.
++# (FE:FF:FF:FF:FF:FF)
++ip link set $1 address fe:ff:ff:ff:ff:ff || true
++
++ifconfig $1 0.0.0.0 up
++brctl addif $2 $1
--- /dev/null
--- /dev/null
++#!/bin/sh -e
++
++COMMAND="$(basename $0)"
++TOOLSTACK=$(. /usr/lib/xen-common/bin/xen-toolstack); RET=$?; [ $RET -eq 0 ] || exit $RET
++
++exec "$TOOLSTACK" "$@"
--- /dev/null
--- /dev/null
++#!/bin/sh -e
++
++VERSION=$(. /usr/lib/xen-common/bin/xen-version); RET=$?; [ $RET -eq 0 ] || exit $RET
++
++if [ -d "/usr/lib/xen-$VERSION" ]; then
++ echo "/usr/lib/xen-$VERSION"
++else
++ echo "ERROR: Can't find version $VERSION of xen utils, bailing out!" >&2
++ exit 127
++fi
--- /dev/null
--- /dev/null
++#!/usr/bin/python
++
++import json
++import re
++import sys
++import subprocess
++
++
++class SXPParser(object):
++ tokenizer_rules = r""" (?P<open> \( ) | (?P<close> \) ) | (?P<whitespace> \s+ ) | [^()^\s]+ """
++ tokenizer_re = re.compile(tokenizer_rules, re.X)
++
++ @classmethod
++ def loads(cls, input):
++ data = []
++ stack = []
++ for match in cls.tokenizer_re.finditer(input):
++ if match.group('open'):
++ stack.append([])
++ elif match.group('close'):
++ top = stack.pop()
++ if stack:
++ stack[-1].append(top)
++ else:
++ data.append(top)
++ elif match.group('whitespace'):
++ pass
++ else:
++ if stack:
++ stack[-1].append(match.group())
++ return data
++
++
++class Data(object):
++ def __call__(self, out):
++ for domid, info in sorted(self.data.iteritems(), reverse=True):
++ if domid == 0:
++ continue
++ out.write('{!s} {}\n'.format(domid, *info))
++
++
++class DataJSON(Data):
++ def __init__(self, p):
++ s = json.loads(p)
++ self.data = d = {}
++ for i in s:
++ domid = i['domid']
++ name = i['config']['c_info']['name']
++ d[domid] = (name, )
++
++
++class DataSXP(Data):
++ def __init__(self, p):
++ s = SXPParser.loads(p)
++ self.data = d = {}
++ for i in s:
++ if i and i[0] == 'domain':
++ try:
++ data = dict(j for j in i if len(j) == 2)
++ domid = int(data['domid'])
++ name = data['name']
++ d[domid] = (name, )
++ except (KeyError, ValueError) as e:
++ pass
++
++
++if __name__ == '__main__':
++ p = subprocess.check_output(('xen', 'list', '-l'))
++ if p[0] == '(':
++ d = DataSXP(p)
++ else:
++ d = DataJSON(p)
++ d(sys.stdout)
--- /dev/null
--- /dev/null
++#!/usr/bin/python
++
++import json
++import re
++import sys
++import subprocess
++
++
++class SXPParser(object):
++ tokenizer_rules = r""" (?P<open> \( ) | (?P<close> \) ) | (?P<whitespace> \s+ ) | [^()^\s]+ """
++ tokenizer_re = re.compile(tokenizer_rules, re.X)
++
++ @classmethod
++ def loads(cls, input):
++ data = []
++ stack = []
++ for match in cls.tokenizer_re.finditer(input):
++ if match.group('open'):
++ stack.append([])
++ elif match.group('close'):
++ top = stack.pop()
++ if stack:
++ stack[-1].append(top)
++ else:
++ data.append(top)
++ elif match.group('whitespace'):
++ pass
++ else:
++ if stack:
++ stack[-1].append(match.group())
++ return data
++
++
++class Data(object):
++ def __call__(self, out):
++ out.write('{}\n'.format(self.name))
++
++
++class DataJSON(Data):
++ def __init__(self, p):
++ s = json.loads(p)
++ self.name = s['c_info']['name']
++
++
++class DataSXP(Data):
++ def __init__(self, p):
++ s = SXPParser.loads(p)
++ for i in s:
++ if i and i[0] == 'domain':
++ data = dict(j for j in i if len(j) == 2)
++ self.name = data['name']
++ break
++
++
++if __name__ == '__main__':
++ p = subprocess.check_output(('xen', 'create', '--quiet', '--dryrun', '--defconfig', sys.argv[1]))
++ if p[0] == '(':
++ d = DataSXP(p)
++ else:
++ d = DataJSON(p)
++ d(sys.stdout)
--- /dev/null
--- /dev/null
++#!/bin/sh -e
++
++configfile=/etc/default/xen
++
++dir=$(. /usr/lib/xen-common/bin/xen-dir); ret=$?; [ $ret -eq 0 ] || exit $ret
++
++check() {
++ local PATH
++ if [ "$1" = xm ] || [ "$1" = xl ]; then
++ PATH="$dir/bin"
++ else
++ PATH="$dir/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
++ fi
++ command -v "$1" || :
++}
++
++if [ -e $configfile ]; then
++ . $configfile || true
++fi
++
++if [ "$TOOLSTACK" ]; then
++ cmd=$(check "$TOOLSTACK")
++ if [ "$cmd" ]; then
++ echo "$cmd"
++ else
++ echo "WARING: Can't find toolstack $TOOLSTACK, fallback to default!" >&2
++ TOOLSTACK=
++ fi
++fi
++
++if [ -z "$TOOLSTACK" ]; then
++ cmd_xm=$(check xm)
++ cmd_xl=$(check xl)
++ if [ "$cmd_xm" ]; then
++ echo "$cmd_xm"
++ elif [ "$cmd_xl" ]; then
++ echo "$cmd_xl"
++ else
++ echo "ERROR: Toolstack not specifed and nothing detected, bailing out!" >&2
++ exit 127
++ fi
++fi
--- /dev/null
--- /dev/null
++#!/bin/sh -e
++
++COMMAND="$(basename $0)"
++TOOLSTACK=$(. /usr/lib/xen-common/bin/xen-toolstack); RET=$?; [ $RET -eq 0 ] || exit $RET
++
++if [ "$(basename "$TOOLSTACK")" != "$COMMAND" ]; then
++ echo "ERROR: A different toolstack ($(basename "$TOOLSTACK")) have been selected!" >&2
++ exit 1
++fi
++
++exec "$TOOLSTACK" "$@"
--- /dev/null
--- /dev/null
++#!/bin/sh -e
++
++COMMAND="$(basename $0)"
++DIR=$(/usr/lib/xen-common/bin/xen-dir)
++
++exec "$DIR/bin/$COMMAND" "$@"
--- /dev/null
--- /dev/null
++#!/bin/sh -e
++
++error() {
++ echo "ERROR: " "$@" >&2
++ exit 1
++}
++
++if [ -e "/sys/hypervisor/type" ]; then
++ type="$(cat /sys/hypervisor/type)"
++ if [ "$type" = xen ]; then
++ DIR=/sys/hypervisor/version
++ VERSION="$(cat $DIR/major).$(cat $DIR/minor)"
++ elif [ -z "$type" ]; then
++ error "Can't read hypervisor type from sysfs!"
++ else
++ error "Hypervisor is not xen but '$type'!"
++ fi
++else
++ error "Can't find hypervisor information in sysfs!"
++fi
++
++echo "$VERSION"
--- /dev/null
--- /dev/null
++3.0 (quilt)
--- /dev/null
--- /dev/null
++Package: xen-hypervisor-@version@@localversion@
++Depends: ${misc:Depends}
++Provides: xen-hypervisor, xen-hypervisor-@version@, xen-hypervisor@localversion@
++Recommends: xen-utils-@version@
++Description: Xen Hypervisor on @class@
++ The hypervisor is the "core" for XEN itself. It gets booted by the boot loader
++ and controls cpu and memory, sharing them between your administrative domain
++ (Domain 0) and the virtual guest systems.
++ .
++ @desc@
++ .
++ In order to boot a XEN system along with this package you also need a kernel
++ specifically crafted to work as the Domain 0, mediating hardware access for
++ XEN itself.
++
--- /dev/null
--- /dev/null
++Package: libxen-@version@
++Section: libs
++Depends: ${shlibs:Depends}, ${misc:Depends}
++Multi-Arch: same
++Description: Public libs for Xen
++ This package contains the shared toolstack libraries for Xen.
++
++Package: libxenstore3.0
++Section: libs
++Depends: ${shlibs:Depends}, ${misc:Depends}
++Multi-Arch: same
++Description: Xenstore communications library for Xen
++ This package contains the client library interface to XenStore.
++ .
++
++Package: libxen-dev
++Section: libdevel
++Multi-Arch: same
++Depends: libxen-@version@ (= ${binary:Version}), libxenstore3.0 (= ${binary:Version}), ${misc:Depends}
++Description: Public headers and libs for Xen
++ This package contains the public headers and static libraries for Xen.
++ .
++ The libxenlight library is intended as a common base for all Xen toolstack
++ developers. The libxlutil library contains additional helpers which may be
++ useful to toolstack developers.
++ .
++ The libxenstore library allows userspace processes to interact with the
++ XenStore database. XenStore is a shared database used for interdomain
++ communication of configuration and status information. It is accessible to all
++ domains running on the same Xen host. See http://wiki.xen.org/wiki/XenStore
++ for more information.
++ .
++ The libxenctrl and libxenguest libraries are internal libraries intended for
++ use by the Xen toolstack and are not intended to be used directly. Toolstack
++ authors should use libxenlight.
++
++Package: xenstore-utils
++Section: admin
++Depends: ${shlibs:Depends}, ${misc:Depends}
++Conflicts: xen-utils-common (<= 3.1.0-1)
++Replaces: xen-utils-common (<= 3.1.0-1)
++Description: Xenstore command line utilities for Xen
++ This package contains command line utilities for interacting with XenStore.
++ .
++ XenStore is a shared database used for interdomain communication of
++ configuration and status information. It is accessible to all domains running
++ on the same Xen host. See http://wiki.xen.org/wiki/XenStore for more information.
++ .
++ In the common case these tools are used by the Xen toolstack running in
++ domain0 (or a driver domain) however they may also be used in a guest domain
++ to support local scripting which wants to communicate via XenStore.
++
++Package: xen-utils-common
++Architecture: all
++Depends: lsb-base, python, udev, xenstore-utils, ${misc:Depends}
++Description: Xen administrative tools - common files
++ The userspace tools to manage a system virtualized through the Xen virtual
++ machine monitor.
++ .
++ This package is only required on the host system (Domain 0) and not on
++ the virtual guest systems (Domain U).
--- /dev/null
--- /dev/null
++Section: kernel
++Priority: optional
++Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
++Uploaders: Guido Trotter <ultrotter@debian.org>, Bastian Blank <waldi@debian.org>, Ian Jackson <ian.jackson@eu.citrix.com>
++Build-Depends:
++ autotools-dev,
++ debhelper (>> 9),
++ dpkg-dev (>= 1.16.0~),
++ lsb-release,
++ python-dev,
++ bcc [i386 amd64],
++ gcc-multilib [i386 amd64],
++ e2fslibs-dev,
++ iasl,
++ seabios (>= 1.7.4-2~) [i386 amd64],
++ libaio-dev,
++ libfdt-dev [armhf arm64],
++ libglib2.0-dev,
++ liblzma-dev,
++ libncurses5-dev,
++ libpixman-1-dev,
++ libyajl-dev,
++ pkg-config,
++ uuid-dev,
++ zlib1g-dev,
++Standards-Version: 3.9.4
++XS-Python-Version: current
++
--- /dev/null
--- /dev/null
++Package: xen-system@localversion@
++Depends: xen-hypervisor-@version@@localversion@, xen-utils-@version@, ${misc:Depends}
++Provides: xen-system
++Description: Xen System on @class@ (meta-package)
++ This package depends on the latest Xen hypervisor for use on @class@ and the Xen utils.
++ .
++ @desc@
++
--- /dev/null
--- /dev/null
++Package: xen-utils-@version@
++Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, xen-utils-common (>= ${source:Version})
++Recommends: bridge-utils, libc6-xen [i386], xen-hypervisor-@version@, qemu-system-x86, grub-xen-host [i386 amd64]
++Suggests: qemu-utils [i386 amd64], seabios [i386 amd64]
++Provides: xen-utils
++Built-Using: ${misc:Built-Using}
++Description: XEN administrative tools
++ The userspace tools to manage a system virtualized through the XEN virtual
++ machine monitor.
++ .
++ qemu-utils and seabios are neded for "Xen HVM" (amd64 and i386)
++
--- /dev/null
--- /dev/null
++Submit-As: src:xen
--- /dev/null
--- /dev/null
++Submit-As: src:xen
--- /dev/null
--- /dev/null
++#!/bin/bash
++
++set -e
++
++case "$1" in
++ configure)
++ if command -v update-grub > /dev/null && [ -d /boot/grub ]; then
++ update-grub || :
++ fi
++ ;;
++
++ abort-upgrade|abort-remove|abort-deconfigure)
++ ;;
++
++ *)
++ echo "postinst called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++#!/bin/bash
++
++set -e
++
++case "$1" in
++ remove)
++ if command -v update-grub > /dev/null && [ -d /boot/grub ]; then
++ update-grub || :
++ fi
++ ;;
++
++ purge|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
++ ;;
++
++ *)
++ echo "postrm called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++Submit-As: src:xen
--- /dev/null
--- /dev/null
++statically-linked-binary usr/lib/xen-@version@/boot/hvmloader
--- /dev/null
--- /dev/null
++#!/bin/sh
++
++set -e
++
++case "$1" in
++ configure)
++ update-alternatives --remove xen-default /usr/lib/xen-@version@
++ if [ -x "/etc/init.d/xen" ]; then
++ invoke-rc.d xen start || exit $?
++ fi
++ ;;
++
++ abort-upgrade|abort-remove|abort-deconfigure)
++ ;;
++
++ *)
++ echo "postinst called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++#!/bin/bash
++
++set -e
++
++case "$1" in
++ remove|upgrade)
++ update-alternatives --remove xen-default /usr/lib/xen-@version@
++ if [ -x "/etc/init.d/xen" ]; then
++ invoke-rc.d xen stop || exit $?
++ fi
++ ;;
++
++ deconfigure|failed-upgrade)
++ ;;
++
++ *)
++ echo "prerm called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++# -*- sh -*-
++
++#
++# Xend configuration file.
++#
++
++# This example configuration is appropriate for an installation that
++# utilizes a bridged network configuration. Access to xend via http
++# is disabled.
++
++# Commented out entries show the default for that entry, unless otherwise
++# specified.
++
++#(logfile /var/log/xen/xend.log)
++#(loglevel DEBUG)
++
++# Uncomment the line below. Set the value to flask, acm, or dummy to
++# select a security module.
++
++#(xsm_module_name dummy)
++
++# The Xen-API server configuration.
++#
++# This value configures the ports, interfaces, and access controls for the
++# Xen-API server. Each entry in the list starts with either unix, a port
++# number, or an address:port pair. If this is "unix", then a UDP socket is
++# opened, and this entry applies to that. If it is a port, then Xend will
++# listen on all interfaces on that TCP port, and if it is an address:port
++# pair, then Xend will listen on the specified port, using the interface with
++# the specified address.
++#
++# The subsequent string configures the user-based access control for the
++# listener in question. This can be one of "none" or "pam", indicating either
++# that users should be allowed access unconditionally, or that the local
++# Pluggable Authentication Modules configuration should be used. If this
++# string is missing or empty, then "pam" is used.
++#
++# The final string gives the host-based access control for that listener. If
++# this is missing or empty, then all connections are accepted. Otherwise,
++# this should be a space-separated sequence of regular expressions; any host
++# with a fully-qualified domain name or an IP address that matches one of
++# these regular expressions will be accepted.
++#
++# Example: listen on TCP port 9363 on all interfaces, accepting connections
++# only from machines in example.com or localhost, and allow access through
++# the unix domain socket unconditionally:
++#
++# (xen-api-server ((9363 pam '^localhost$ example\\.com$')
++# (unix none)))
++#
++# Optionally, the TCP Xen-API server can use SSL by specifying the private
++# key and certificate location:
++#
++# (9367 pam '' xen-api.key xen-api.crt)
++#
++# Default:
++# (xen-api-server ((unix)))
++
++
++#(xend-http-server no)
++#(xend-unix-server no)
++#(xend-tcp-xmlrpc-server no)
++#(xend-unix-xmlrpc-server yes)
++#(xend-relocation-server no)
++#(xend-relocation-ssl-server no)
++#(xend-udev-event-server no)
++
++#(xend-unix-path /var/lib/xend/xend-socket)
++
++
++# Address and port xend should use for the legacy TCP XMLRPC interface,
++# if xend-tcp-xmlrpc-server is set.
++#(xend-tcp-xmlrpc-server-address 'localhost')
++#(xend-tcp-xmlrpc-server-port 8006)
++
++# SSL key and certificate to use for the legacy TCP XMLRPC interface.
++# Setting these will mean that this port serves only SSL connections as
++# opposed to plaintext ones.
++#(xend-tcp-xmlrpc-server-ssl-key-file xmlrpc.key)
++#(xend-tcp-xmlrpc-server-ssl-cert-file xmlrpc.crt)
++
++
++# Port xend should use for the HTTP interface, if xend-http-server is set.
++#(xend-port 8000)
++
++# Port xend should use for the relocation interface, if xend-relocation-server
++# is set.
++#(xend-relocation-port 8002)
++
++# Port xend should use for the ssl relocation interface, if
++# xend-relocation-ssl-server is set.
++#(xend-relocation-ssl-port 8003)
++
++# SSL key and certificate to use for the ssl relocation interface, if
++# xend-relocation-ssl-server is set.
++#(xend-relocation-server-ssl-key-file xmlrpc.key)
++#(xend-relocation-server-ssl-cert-file xmlrpc.crt)
++
++# Whether to use ssl as default when relocating.
++#(xend-relocation-ssl no)
++
++# Address xend should listen on for HTTP connections, if xend-http-server is
++# set.
++# Specifying 'localhost' prevents remote connections.
++# Specifying the empty string '' (the default) allows all connections.
++#(xend-address '')
++#(xend-address localhost)
++
++# Address xend should listen on for relocation-socket connections, if
++# xend-relocation-server is set.
++# Meaning and default as for xend-address above.
++# Also, interface name is allowed (e.g. eth0) there to get the
++# relocation address to be bound on.
++#(xend-relocation-address '')
++
++# The hosts allowed to talk to the relocation port. If this is empty (the
++# default), then all connections are allowed (assuming that the connection
++# arrives on a port and interface on which we are listening; see
++# xend-relocation-port and xend-relocation-address above). Otherwise, this
++# should be a space-separated sequence of regular expressions. Any host with
++# a fully-qualified domain name or an IP address that matches one of these
++# regular expressions will be accepted.
++#
++# For example:
++# (xend-relocation-hosts-allow '^localhost$ ^.*\\.example\\.org$')
++#
++#(xend-relocation-hosts-allow '')
++
++# The limit (in kilobytes) on the size of the console buffer
++#(console-limit 1024)
++
++##
++# NOTE:
++# Please read /usr/share/doc/xen-utils-common/README.Debian for Debian specific
++# informations about the network setup.
++
++##
++# To bridge network traffic, like this:
++#
++# dom0: ----------------- bridge -> real eth0 -> the network
++# |
++# domU: fake eth0 -> vifN.0 -+
++#
++# use
++#
++# (network-script network-bridge)
++#
++# Your default ethernet device is used as the outgoing interface, by default.
++# To use a different one (e.g. eth1) use
++#
++# (network-script 'network-bridge netdev=eth1')
++#
++# The bridge is named eth0, by default (yes, really!)
++#
++
++# It is normally much better to create the bridge yourself in
++# /etc/network/interfaces. network-bridge start does nothing if you
++# already have a bridge, and network-bridge stop does nothing if the
++# default bridge name (normally eth0) is not a bridge. See
++# bridge-utils-interfaces(5) for full information on the syntax in
++# /etc/network/interfaces, but you probably want something like this:
++# iface xenbr0 inet static
++# address [etc]
++# netmask [etc]
++# [etc]
++# bridge_ports eth0
++#
++# To have network-bridge create a differently-named bridge, use:
++# (network-script 'network-bridge bridge=<name>')
++#
++# It is possible to use the network-bridge script in more complicated
++# scenarios, such as having two outgoing interfaces, with two bridges, and
++# two fake interfaces per guest domain. To do things like this, write
++# yourself a wrapper script, and call network-bridge from it, as appropriate.
++#
++
++# The script used to control virtual interfaces. This can be overridden on a
++# per-vif basis when creating a domain or a configuring a new vif. The
++# vif-bridge script is designed for use with the network-bridge script, or
++# similar configurations.
++#
++# If you have overridden the bridge name using
++# (network-script 'network-bridge bridge=<name>') then you may wish to do the
++# same here. The bridge name can also be set when creating a domain or
++# configuring a new vif, but a value specified here would act as a default.
++#
++# If you are using only one bridge, the vif-bridge script will discover that,
++# so there is no need to specify it explicitly. The default is to use
++# the bridge which is listed first in the output from brctl.
++#
++(vif-script vif-bridge)
++
++
++## Use the following if network traffic is routed, as an alternative to the
++# settings for bridged networking given above.
++#(network-script network-route)
++#(vif-script vif-route)
++
++
++## Use the following if network traffic is routed with NAT, as an alternative
++# to the settings for bridged networking given above.
++#(network-script network-nat)
++#(vif-script vif-nat)
++
++# dom0-min-mem is the lowest permissible memory level (in MB) for dom0.
++# This is a minimum both for auto-ballooning (as enabled by
++# enable-dom0-ballooning below) and for xm mem-set when applied to dom0.
++(dom0-min-mem 196)
++
++# Whether to enable auto-ballooning of dom0 to allow domUs to be created.
++# If enable-dom0-ballooning = no, dom0 will never balloon out.
++(enable-dom0-ballooning yes)
++
++# 32-bit paravirtual domains can only consume physical
++# memory below 168GB. On systems with memory beyond that address,
++# they'll be confined to memory below 128GB.
++# Using total_available_memory (in GB) to specify the amount of memory reserved
++# in the memory pool exclusively for 32-bit paravirtual domains.
++# Additionally you should use dom0_mem = <-Value> as a parameter in
++# xen kernel to reserve the memory for 32-bit paravirtual domains, default
++# is "0" (0GB).
++(total_available_memory 0)
++
++# In SMP system, dom0 will use dom0-cpus # of CPUS
++# If dom0-cpus = 0, dom0 will take all cpus available
++(dom0-cpus 0)
++
++# Whether to enable core-dumps when domains crash.
++#(enable-dump no)
++
++# The tool used for initiating virtual TPM migration
++#(external-migration-tool '')
++
++# The interface for VNC servers to listen on. Defaults
++# to 127.0.0.1 To restore old 'listen everywhere' behaviour
++# set this to 0.0.0.0
++#(vnc-listen '127.0.0.1')
++
++# The default password for VNC console on HVM domain.
++# Empty string is no authentication.
++(vncpasswd '')
++
++# The VNC server can be told to negotiate a TLS session
++# to encryption all traffic, and provide x509 cert to
++# clients enabling them to verify server identity. The
++# GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt
++# all support the VNC extension for TLS used in QEMU. The
++# TightVNC/RealVNC/UltraVNC clients do not.
++#
++# To enable this create x509 certificates / keys in the
++# directory ${XEN_CONFIG_DIR} + vnc
++#
++# ca-cert.pem - The CA certificate
++# server-cert.pem - The Server certificate signed by the CA
++# server-key.pem - The server private key
++#
++# and then uncomment this next line
++# (vnc-tls 1)
++
++# The certificate dir can be pointed elsewhere..
++#
++# (vnc-x509-cert-dir vnc)
++
++# The server can be told to request & validate an x509
++# certificate from the client. Only clients with a cert
++# signed by the trusted CA will be able to connect. This
++# is more secure the password auth alone. Passwd auth can
++# used at the same time if desired. To enable client cert
++# checking uncomment this:
++#
++# (vnc-x509-verify 1)
++
++# The default keymap to use for the VM's virtual keyboard
++# when not specififed in VM's configuration
++#(keymap 'en-us')
++
++# Script to run when the label of a resource has changed.
++#(resource-label-change-script '')
++
++# Rotation count of qemu-dm log file.
++#(qemu-dm-logrotate-count 10)
++
++# Path where persistent domain configuration is stored.
++# Default is /var/lib/xend/domains/
++#(xend-domains-path /var/lib/xend/domains)
++
++# Number of seconds xend will wait for device creation and
++# destruction
++#(device-create-timeout 100)
++#(device-destroy-timeout 100)
++
++# When assigning device to HVM guest, we use the strict check for HVM guest by
++# default. (For PV guest, we use loose check automatically if necessary.)
++# When we assign device to HVM guest, if we meet with the co-assignment
++# issues or the ACS issue, we could try changing the option to 'no' -- however,
++# we have to realize this may incur security issue and we can't make sure the
++# device assignment could really work properly even after we do this.
++#(pci-passthrough-strict-check yes)
++
++# If we have a very big scsi device configuration, start of xend is slow,
++# because xend scans all the device paths to build its internal PSCSI device
++# list. If we need only a few devices for assigning to a guest, we can reduce
++# the scan to this device. Set list list of device paths in same syntax like in
++# command lsscsi, e.g. ('16:0:0:0' '15:0')
++# (pscsi-device-mask ('*'))
++
--- /dev/null
--- /dev/null
++###############################################################################
++# Configuration file for granting quiry PCI devices full write access to their
++# configuration space. This file should only be used when you are unable to
++# determine the exact registers required by your device. Even so, it should
++# be used only temporarily.
++#
++# SEND A MESSAGE TO xen-devel@lists.xensource.com IF YOU USE THIS FILE.
++#
++# Using this file should NOT be necessary. If you must use it to make some
++# device work, send a message to the above list with as much information about
++# your device as possible so the developers can make accomodations for it.
++# Once developers make the necessary updates you can remove the corresponding
++# entry for your device.
++###############################################################################
++# Entries are formated as follows: <vendor>:<device>[:<subvendor>:<subdevice>]
++#
++# Example: Appending to an existing list
++#
++# (unconstrained_dev_ids
++# ('XXXX:XXXX:XXXX:XXXX' # existing entry
++# 'YYYY:YYYY:YYYY:YYYY' # new entry 1
++# 'ZZZZ:ZZZZ') # new entry 2
++# )
++###############################################################################
++(unconstrained_dev_ids
++ #('0123:4567:89AB:CDEF')
++)
--- /dev/null
--- /dev/null
++###############################################################################
++# Configuration file for quirky PCI devices that require write-access to
++# parts of the configuration space. Use this file to specific PCI device
++# IDs and the configuration space fields to which those devices must be
++# able to write.
++#
++# Length is important, so be sure to match new entries with the
++# lengths of comparable existing entries.
++#
++# Additions to this file take effect as soon as a new domain with a
++# matching device is started. However, to remove a field that was
++# previously applied to a device you must unbind the device from
++# pciback.
++###############################################################################
++# This is a bogus entry to show how a new device would be added to the list
++#
++# (new_quirky_dev_name
++# (pci_ids
++# ('0123:4567:890A:BCEF')
++# )
++#
++# (pci_config_space_fields
++# ('12345678:1:00000000')
++# )
++# )
++###############################################################################
++
++(tg3
++ (pci_ids
++ # Entries are formated as follows:
++ # <vendor>:<device>[:<subvendor>:<subdevice>]
++ ('14e4:1644' # Broadcom Tigon3 5700
++ '14e4:1645' # Broadcom Tigon3 5701
++ '14e4:1646' # Broadcom Tigon3 5702
++ '14e4:1647' # Broadcom Tigon3 5703
++ '14e4:1648' # Broadcom Tigon3 5704
++ '14e4:164d' # Broadcom Tigon3 5702FE
++ '14e4:1653' # Broadcom Tigon3 5705
++ '14e4:1654' # Broadcom Tigon3 5705_2
++ '14e4:165d' # Broadcom Tigon3 5705M
++ '14e4:165e' # Broadcom Tigon3 5705M_2
++ '14e4:16a6' # Broadcom Tigon3 5702X
++ '14e4:16a7' # Broadcom Tigon3 5703X
++ '14e4:16a8' # Broadcom Tigon3 5704S
++ '14e4:16c6' # Broadcom Tigon3 5702A3
++ '14e4:16c7' # Broadcom Tigon3 5703A3
++ '14e4:1696' # Broadcom Tigon3 5782
++ '14e4:169c' # Broadcom Tigon3 5788
++ '14e4:169d' # Broadcom Tigon3 5789
++ '14e4:170d' # Broadcom Tigon3 5901
++ '14e4:1649' # Broadcom Tigon3 5704S_2
++ '14e4:166e' # Broadcom Tigon3 5705F
++ '14e4:1658' # Broadcom Tigon3 5720
++ '14e4:1659' # Broadcom Tigon3 5721
++ '14e4:1676' # Broadcom Tigon3 5750
++ '14e4:1677' # Broadcom Tigon3 5751
++ '14e4:167c' # Broadcom Tigon3 5750M
++ '14e4:167d' # Broadcom Tigon3 5751M
++ '14e4:167e' # Broadcom Tigon3 5751F
++ '14e4:1600' # Broadcom Tigon3 5752
++ '14e4:1601' # Broadcom Tigon3 5752M
++ '14e4:16f7' # Broadcom Tigon3 5753
++ '14e4:16fd' # Broadcom Tigon3 5753M
++ '14e4:16fe' # Broadcom Tigon3 5753F
++ '14e4:1668' # Broadcom Tigon3 5714
++ '14e4:1678' # Broadcom Tigon3 5715
++ '14e4:166a' # Broadcom Tigon3 5780
++ '14e4:166b' # Broadcom Tigon3 5780S
++ '14e4:16dd' # Broadcom Tigon3 5781
++ '1148:4400' # Syskonnect 9DXX
++ '1148:4500' # Syskonnect 9MXX
++ '173b:03e8' # Altima AC1000
++ '173b:03e9' # Altima AC1001
++ '173b:03eb' # Altima AC1003
++ '173b:03ea' # Altima AC9100
++ '106b:1645') # Apple Tigon3
++ )
++
++ (pci_config_space_fields
++ # Entries are formated as follows:
++ # <register>:<size>:<mask>
++ # size is measured in bytes (1,2,4 are valid sizes)
++ # mask is currently unused; use all zero's
++ ('00000078:4:00000000' # TG3PCI_REG_BASE_ADDR
++ '0000007c:4:00000000' # TG3PCI_MEM_WIN_BASE_ADDR
++ '00000080:4:00000000' # TG3PCI_REG_DATA
++ '00000084:4:00000000' # TG3PCI_MEM_WIN_DATA
++ '00000090:4:00000000' # TG3PCI_MISC_LOCAL_CTRL
++ '00000068:4:00000000' # TG3PCI_MISC_HOST_CTRL
++ '0000009C:4:00000000' # TG3PCI_STD_RING_PROD_IDX + TG3_64BIT_REG_LOW
++ '00000098:4:00000000' # TG3PCI_STD_RING_PROD_IDX + TG3_64BIT_REG_HIGH
++ '000000a4:4:00000000' # TG3PCI_RCV_RET_RING_CON_IDX + TG3_64BIT_REG_LOW
++ '000000a0:4:00000000' # TG3PCI_RCV_RET_RING_CON_IDX + TG3_64BIT_REG_HIGH
++ '00000070:4:00000000') # TG3PCI_PCISTATE
++ )
++)
--- /dev/null
--- /dev/null
++# Configuration for Xen system
++# ----------------------------
++
++# There exists several tool stacks to configure a Xen system.
++# xl: This is the new toolstack using libxenlight/libxl (default)
++# xm: Was the old toolstack (xend) which is no longer supported!
++#
++# Attention: You need to reboot after changing this!
++TOOLSTACK=
--- /dev/null
--- /dev/null
++#!/bin/bash
++
++set -e
++
++case "$1" in
++ configure)
++ if command -v update-grub > /dev/null && [ -d /boot/grub ]; then
++ update-grub || :
++ fi
++ ;;
++
++ abort-upgrade|abort-remove|abort-deconfigure)
++ ;;
++
++ *)
++ echo "postinst called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++#!/bin/bash
++
++set -e
++
++case "$1" in
++ remove)
++ if command -v update-grub > /dev/null && [ -d /boot/grub ]; then
++ update-grub || :
++ fi
++ ;;
++
++ purge|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
++ ;;
++
++ *)
++ echo "postrm called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++#!/bin/bash
++
++set -e
++
++case "$1" in
++ configure)
++ if command -v update-grub > /dev/null && [ -d /boot/grub ]; then
++ update-grub || :
++ fi
++ ;;
++
++ abort-upgrade|abort-remove|abort-deconfigure)
++ ;;
++
++ *)
++ echo "postinst called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++#!/bin/bash
++
++set -e
++
++case "$1" in
++ remove)
++ if command -v update-grub > /dev/null && [ -d /boot/grub ]; then
++ update-grub || :
++ fi
++ ;;
++
++ purge|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
++ ;;
++
++ *)
++ echo "postrm called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++#!/bin/bash
++
++set -e
++
++case "$1" in
++ configure)
++ if command -v update-grub > /dev/null && [ -d /boot/grub ]; then
++ update-grub || :
++ fi
++ ;;
++
++ abort-upgrade|abort-remove|abort-deconfigure)
++ ;;
++
++ *)
++ echo "postinst called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++#!/bin/bash
++
++set -e
++
++case "$1" in
++ remove)
++ if command -v update-grub > /dev/null && [ -d /boot/grub ]; then
++ update-grub || :
++ fi
++ ;;
++
++ purge|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
++ ;;
++
++ *)
++ echo "postrm called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++#
++# Uncomment the following variable and set to 0 or 1 to avoid warning.
++#
++#XEN_OVERRIDE_GRUB_DEFAULT=0
++
++echo "Including Xen overrides from /etc/default/grub.d/xen.cfg"
++
++#
++# When running update-grub with the Xen hypervisor installed, there are
++# some additional variables that can be used to pass options to the
++# hypervisor or the dom0 kernel.
++
++# The following two are used to generate arguments for the hypervisor:
++#
++#GRUB_CMDLINE_XEN_DEFAULT=""
++#GRUB_CMDLINE_XEN=""
++#
++# For example:
++#
++# dom0_mem=<size>[M]:max=<size>[M]
++# Sets the amount of memory dom0 uses (max prevents balloning for more)
++# com[12]=<speed>,<data bits><parity><stopbits>
++# Initialize a serial console from in the hypervisor (eg. 115200,8n1)
++# Note that com1 would be ttyS0 in Linux.
++# console=<dev>[,<dev> ...]
++# Redirects Xen hypervisor console (eg. com1,vga)
++
++#
++# The next two lines are used for creating kernel arguments for the dom0
++# kernel. This allows to have different options for the same kernel used
++# natively or as dom0 kernel.
++#
++#GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT"
++#GRUB_CMDLINE_LINUX_XEN_REPLACE="$GRUB_CMDLINE_LINUX"
++#
++# For example:
++#
++# earlyprintk=xenboot
++# Allows to send early printk messages to the Xen hypervisor console
++# console=hvc0
++# Redirects the Linux console to the hypervisor console
++
++#
++# Make booting into Xen the default if not changed above. Finding the
++# current string for it always has been a problem.
++#
++if [ "$XEN_OVERRIDE_GRUB_DEFAULT" = "" ]; then
++ echo "WARNING: GRUB_DEFAULT changed to boot into Xen by default!"
++ echo " Edit /etc/default/grub.d/xen.cfg to avoid this warning."
++ XEN_OVERRIDE_GRUB_DEFAULT=1
++fi
++if [ "$XEN_OVERRIDE_GRUB_DEFAULT" = "1" ]; then
++ GRUB_DEFAULT="Debian GNU/Linux, with Xen hypervisor"
++fi
--- /dev/null
--- /dev/null
++statically-linked-binary usr/lib/xen-4.8/boot/hvmloader
--- /dev/null
--- /dev/null
++#!/bin/sh
++
++set -e
++
++case "$1" in
++ configure)
++ update-alternatives --remove xen-default /usr/lib/xen-4.8
++ if [ -x "/etc/init.d/xen" ]; then
++ invoke-rc.d xen start || exit $?
++ fi
++ ;;
++
++ abort-upgrade|abort-remove|abort-deconfigure)
++ ;;
++
++ *)
++ echo "postinst called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++#!/bin/bash
++
++set -e
++
++case "$1" in
++ remove|upgrade)
++ update-alternatives --remove xen-default /usr/lib/xen-4.8
++ if [ -x "/etc/init.d/xen" ]; then
++ invoke-rc.d xen stop || exit $?
++ fi
++ ;;
++
++ deconfigure|failed-upgrade)
++ ;;
++
++ *)
++ echo "prerm called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++Xen for Debian
++==============
++
++Config behaviour
++----------------
++
++The Debian packages changes the behaviour of some config options.
++
++The options "kernel", "initrd" and "loader" searches in the Xen private boot
++directory (/usr/lib/xen-$version/boot) first. "bootloader" and "device_model"
++also searches the Xen private bin directory (/usr/lib/xen-$version/bin). This
++means that the following entries will properly find anything:
++ loader = 'hvmloader'
++ bootloader = 'pygrub'
++
++Network setup
++-------------
++
++The Debian package of Xen don't change the network setup in any way. This
++differs from the upstream version, which overwrites the main network card
++(eth0) with a bridge setup and may break the network at this point..
++
++To setup a bridge please follow the instructions in the manpage for
++bridge-utils-interfaces(5).
++
++You can also change the /etc/xen/xend-config.sxp file and re-enable the Xen
++included network setup by adding
++ (network-script network-bridge)
++to the file. But please note that this may or may not work.
--- /dev/null
--- /dev/null
++var/lib/xen
--- /dev/null
--- /dev/null
++debian/tmp/etc/xen/cpupool*
++debian/tmp/etc/xen/xm*
--- /dev/null
--- /dev/null
++etc/xen/scripts
++etc/xen/xl*
++usr/lib/xen-common
++usr/sbin
++../../tree/xen-utils-common/* /
--- /dev/null
--- /dev/null
++#!/bin/sh
++
++set -e
++
++case "$1" in
++configure)
++ install -d -m 2750 -g adm /var/log/xen
++ ;;
++
++abort-upgrade|abort-remove|abort-deconfigure)
++ ;;
++
++*)
++ echo "postinst called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++dpkg-maintscript-helper mv_conffile /etc/init.d/xend /etc/init.d/xen 4.1.2-4~ -- "$@"
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++#!/bin/sh
++
++set -e
++
++case "$1" in
++purge)
++ rmdir --ignore-fail-on-non-empty /var/log/xen
++ ;;
++
++remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
++ ;;
++
++*)
++ echo "postrm called with unknown argument \`$1'" >&2
++ exit
++ ;;
++esac
++
++dpkg-maintscript-helper mv_conffile /etc/init.d/xend /etc/init.d/xen 4.1.2-4~ -- "$@"
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++#!/bin/sh
++
++set -e
++
++case "$1" in
++install|upgrade)
++ ;;
++
++abort-upgrade)
++ ;;
++
++*)
++ echo "preinst called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++dpkg-maintscript-helper mv_conffile /etc/init.d/xend /etc/init.d/xen 4.1.2-4~ -- "$@"
++update-rc.d -f xend remove >/dev/null
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++/usr/share/xen-utils-common/default.xen /etc/default/xen
--- /dev/null
--- /dev/null
++#!/bin/sh
++### BEGIN INIT INFO
++# Provides: xen xend
++# Required-Start: $syslog $remote_fs
++# Required-Stop: $syslog $remote_fs
++# Default-Start: 2 3 4 5
++# Default-Stop: 0 1 6
++# Short-Description: Xen daemons
++# Description: Xen daemons
++### END INIT INFO
++
++. /lib/init/vars.sh
++. /lib/lsb/init-functions
++
++# Default variables
++XENSTORED_DIR="/var/run/xenstored"
++
++[ -r /etc/default/xen ] && . /etc/default/xen
++[ -r /etc/default/xend ] && . /etc/default/xend
++
++PATH=/sbin:/bin:/usr/sbin:/usr/bin
++DESC="Xen daemons"
++
++ROOT=$(/usr/lib/xen-common/bin/xen-dir 2>/dev/null)
++if [ $? -ne 0 ]; then
++ log_warning_msg "Not running within Xen or no compatible utils"
++ exit 0
++fi
++TOOLSTACK=$(/usr/lib/xen-common/bin/xen-toolstack 2>/dev/null)
++if [ $? -ne 0 ]; then
++ log_warning_msg "No usable Xen toolstack selected"
++ exit 0
++fi
++
++[ -e "$ROOT"/bin/xend ] && XEND="$ROOT"/bin/xend
++XENCONSOLED="$ROOT"/bin/xenconsoled
++XENCONSOLED_PIDFILE="/var/run/xenconsoled.pid"
++XENSTORED="$ROOT"/bin/xenstored
++XENSTORED_PIDFILE="/var/run/xenstore.pid"
++QEMU=/usr/bin/qemu-system-i386
++QEMU_PIDFILE="/var/run/qemu-dom0.pid"
++QEMU_ARGS="-xen-domid 0 -xen-attach -name dom0 -nographic -M xenpv -daemonize -monitor /dev/null -serial /dev/null -parallel /dev/null"
++
++modules_setup()
++{
++ modprobe xenfs 2>/dev/null
++ modprobe xen-evtchn 2>/dev/null
++ modprobe xen-gntdev 2>/dev/null
++}
++
++xenfs_setup()
++{
++ [ -e "/proc/xen/capabilities" ] && return 0
++ log_progress_msg "xenfs"
++ [ -d "/proc/xen" ] || return 1
++ mount -t xenfs xenfs /proc/xen || return 1
++ return 0
++}
++
++capability_check()
++{
++ [ -e "/proc/xen/capabilities" ] || return 1
++ grep -q "control_d" /proc/xen/capabilities || return 1
++ return 0
++}
++
++env_setup()
++{
++ [ -d /run/xen ] && return 0
++
++ mkdir -m 700 /run/xen
++ [ -x /sbin/restorecon ] && /sbin/restorecon /run/xen
++}
++
++xend_start()
++{
++ if [ -z "$XEND" ] || [ "$(basename "$TOOLSTACK")" != xm ]; then
++ return 0
++ fi
++
++ log_progress_msg "xend"
++ xend_start_real
++ return $?
++}
++
++xend_stop()
++{
++ if [ -z "$XEND" ] || [ "$(basename "$TOOLSTACK")" != xm ]; then
++ return 0
++ fi
++
++ log_progress_msg "xend"
++ xend_stop_real
++ return $?
++}
++
++xend_restart()
++{
++ if [ -z "$XEND" ] || [ "$(basename "$TOOLSTACK")" != xm ]; then
++ return 0
++ fi
++
++ log_progress_msg "xend"
++ xend_stop_real
++ case "$?" in
++ 0|1)
++ xend_start_real
++ case "$?" in
++ 0) ;;
++ *) return 2 ;;
++ esac
++ ;;
++ *) return 2 ;;
++ esac
++ return 0
++}
++
++xend_start_real()
++{
++ $XEND status && return 1
++ $XEND start || return 2
++
++ i=0
++ while [ $i -lt 10 ]; do
++ $XEND status && return 0 || true
++ i=$(($i + 1))
++ sleep 1
++ done
++ return 2
++}
++
++xend_stop_real()
++{
++ log_progress_msg "xend"
++ $XEND status || return 0
++ $XEND stop || return 1
++}
++
++xenconsoled_start()
++{
++ log_progress_msg "xenconsoled"
++ xenconsoled_start_real
++ return $?
++}
++
++xenconsoled_stop()
++{
++ log_progress_msg "xenconsoled"
++ xenconsoled_stop_real
++ return $?
++}
++
++xenconsoled_restart()
++{
++ log_progress_msg "xenconsoled"
++ xenconsoled_stop_real
++ case "$?" in
++ 0|1)
++ xenconsoled_start_real
++ case "$?" in
++ 0) ;;
++ *) return 2 ;;
++ esac
++ ;;
++ *) return 2 ;;
++ esac
++ return 0
++}
++
++xenconsoled_start_real()
++{
++ start-stop-daemon --start --quiet --pidfile "$XENCONSOLED_PIDFILE" --exec "$XENCONSOLED" --test > /dev/null \
++ || return 1
++ start-stop-daemon --start --quiet --pidfile "$XENCONSOLED_PIDFILE" --exec "$XENCONSOLED" -- \
++ $XENCONSOLED_ARGS --pid-file="$XENCONSOLED_PIDFILE" \
++ || return 2
++}
++
++xenconsoled_stop_real()
++{
++ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile "$XENCONSOLED_PIDFILE" --name xenconsoled
++ RETVAL="$?"
++ [ "$RETVAL" = 2 ] && return 2
++ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec "$XENCONSOLED"
++ [ "$?" = 2 ] && return 2
++ rm -f $XENCONSOLED_PIDFILE
++ return "$RETVAL"
++}
++
++qemu_start()
++{
++ [ -x $QEMU ] || return 0
++ log_progress_msg "qemu"
++ qemu_start_real
++ return $?
++}
++
++qemu_stop()
++{
++ [ -x $QEMU ] || return 0
++ log_progress_msg "qemu"
++ qemu_stop_real
++ return $?
++}
++
++qemu_restart()
++{
++ [ -x $QEMU ] || return 0
++ log_progress_msg "qemu"
++ qemu_stop_real
++ case "$?" in
++ 0|1)
++ qemu_start_real
++ case "$?" in
++ 0) ;;
++ *) return 2 ;;
++ esac
++ ;;
++ *) return 2 ;;
++ esac
++ return 0
++}
++
++qemu_start_real()
++{
++ start-stop-daemon --start --quiet --pidfile "$QEMU_PIDFILE" --exec "$QEMU" --test > /dev/null \
++ || return 1
++ start-stop-daemon --start --quiet --pidfile "$QEMU_PIDFILE" --exec "$QEMU" -- \
++ $QEMU_ARGS -pidfile "$QEMU_PIDFILE" \
++ || return 2
++}
++
++qemu_stop_real()
++{
++ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile "$QEMU_PIDFILE" --exec "$QEMU"
++ RETVAL="$?"
++ [ "$RETVAL" = 2 ] && return 2
++ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec "$QEMU"
++ [ "$?" = 2 ] && return 2
++ rm -f $QEMU_PIDFILE
++ return "$RETVAL"
++}
++
++
++xenstored_start()
++{
++ log_progress_msg "xenstored"
++ start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec "$XENSTORED" --test > /dev/null \
++ || return 1
++ [ -d "$XENSTORED_DIR" ] || mkdir -p "$XENSTORED_DIR"
++ [ -x /sbin/restorecon ] && /sbin/restorecon "$XENSTORED_DIR"
++ export XENSTORED_ROOTDIR="$XENSTORED_DIR"
++ start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec "$XENSTORED" -- \
++ $XENSTORED_ARGS --pid-file="$XENSTORED_PIDFILE" \
++ || return 2
++
++ # Wait for xenstored to actually come up, timing out after 30 seconds
++ local time=0
++ local timeout=30
++ while [ $time -lt $timeout ] && ! `xenstore-read -s / >/dev/null 2>&1` ; do
++ time=$(( $time+1 ))
++ sleep 1
++ done
++
++ # Exit if we timed out
++ if ! [ $time -lt $timeout ] ; then
++ return 2
++ fi
++}
++
++init_dom0()
++{
++ log_progress_msg "init-dom0"
++ if [ -e $ROOT/bin/xen-init-dom0 ] ; then
++ $ROOT/bin/xen-init-dom0 > /dev/null
++ else
++ xenstore-write "/local/domain/0/name" "Domain-0"
++ xenstore-write "/local/domain/0/domid" "0"
++ fi
++}
++
++case "$1" in
++ start)
++ log_daemon_msg "Starting $DESC"
++ modules_setup
++ xenfs_setup
++ case "$?" in
++ 0) ;;
++ *) log_end_msg 1; exit ;;
++ esac
++ capability_check
++ case "$?" in
++ 0) ;;
++ *) log_end_msg 255; exit ;;
++ esac
++ env_setup
++ xenstored_start
++ case "$?" in
++ 0|1) ;;
++ *) log_end_msg 1; exit ;;
++ esac
++ xenconsoled_start
++ case "$?" in
++ 0|1) ;;
++ *) log_end_msg 1; exit ;;
++ esac
++ xend_start
++ case "$?" in
++ 0|1) ;;
++ *) log_end_msg 1; exit ;;
++ esac
++ init_dom0
++ case "$?" in
++ 0|1) ;;
++ *) log_end_msg 1; exit ;;
++ esac
++ qemu_start
++ case "$?" in
++ 0|1) ;;
++ *) log_end_msg 1; exit ;;
++ esac
++ log_end_msg 0
++ ;;
++ stop)
++ capability_check
++ case "$?" in
++ 0) ;;
++ *) exit ;;
++ esac
++ log_daemon_msg "Stopping $DESC"
++ ret=0
++ qemu_stop
++ case "$?" in
++ 0|1) ;;
++ *) ret=1 ;;
++ esac
++ xend_stop
++ case "$?" in
++ 0|1) ;;
++ *) ret=1 ;;
++ esac
++ xenconsoled_stop
++ case "$?" in
++ 0|1) ;;
++ *) ret=1 ;;
++ esac
++ log_end_msg $ret
++ ;;
++ restart|force-reload)
++ capability_check
++ case "$?" in
++ 0) ;;
++ *) exit ;;
++ esac
++ log_daemon_msg "Restarting $DESC"
++ ret=0
++ qemu_restart
++ case "$?" in
++ 0|1) ;;
++ *) ret=1 ;;
++ esac
++ xend_restart
++ case "$?" in
++ 0|1) ;;
++ *) ret=1 ;;
++ esac
++ xenconsoled_restart
++ case "$?" in
++ 0|1) ;;
++ *) ret=1 ;;
++ esac
++ log_end_msg $ret
++ ;;
++ *)
++ echo "Usage: $0 {start|stop|restart|force-reload}" >&2
++ exit 3
++ ;;
++esac
++
++exit 0
--- /dev/null
--- /dev/null
++XENCONSOLED_ARGS=
++XENSTORED_ARGS=
--- /dev/null
--- /dev/null
++# The xendomains script can send SysRq requests to domains on shutdown.
++# If you don't want to MIGRATE, SAVE, or SHUTDOWN, this may be a possibility
++# to do a quick and dirty shutdown ("s e i u o") or at least sync the disks
++# of the domains ("s").
++#
++# XENDOMAINS_SYSRQ=
++
++# Set this to a non-empty string if you want to migrate virtual machines
++# on shutdown. The string will be passed to the xm migrate DOMID command
++# as is: It should contain the target IP address of the physical machine
++# to migrate to and optionally parameters like --live. Leave empty if
++# you don't want to try virtual machine relocation on shutdown.
++# If migration succeeds, neither SAVE nor SHUTDOWN will be executed for
++# that domain.
++#
++# XENDOMAINS_MIGRATE=
++
++# Directory to save running domains to when the system (dom0) is
++# shut down. Will also be used to restore domains from if # XENDOMAINS_RESTORE
++# is set (see below). Leave empty to disable domain saving on shutdown
++# (e.g. because you rather shut domains down).
++# If domain saving does succeed, SHUTDOWN will not be executed.
++#
++XENDOMAINS_SAVE=/var/lib/xen/save
++
++# This variable determines whether saved domains from XENDOMAINS_SAVE
++# will be restored on system startup.
++#
++XENDOMAINS_RESTORE=true
++
++# This variable sets the directory where domains configurations
++# are stored that should be started on system startup automatically.
++# Leave empty if you don't want to start domains automatically
++# (or just don't place any xen domain config files in that dir).
++# Note that the script tries to be clever if both RESTORE and AUTO are
++# set: It will first restore saved domains and then only start domains
++# in AUTO which are not running yet.
++# Note that the name matching is somewhat fuzzy.
++#
++XENDOMAINS_AUTO=/etc/xen/auto
++
++# On xendomains stop, a number of xm commands (xm migrate, save, shutdown,
++# shutdown --all) may be executed. In the worst case, these commands may
++# stall forever, which will prevent a successful shutdown of the machine.
++# If this variable is non-zero, the script will set up a watchdog timer
++# for every of these xm commands and time it out after the number of seconds
++# specified by this variable.
++# Note that SHUTDOWN_ALL will not be called if no virtual machines or only
++# zombies are still running, so you don't need to enable this timeout just
++# for the zombie case.
++# The setting should be large enough to make sure that migrate/save/shutdown
++# can succeed. If you do live migrations, keep in mind that live migration
++# of a 1GB machine over Gigabit ethernet may actually take something like
++# 100s (assuming that live migration uses 10% of the network # bandwidth).
++# Depending on the virtual machine, a shutdown may also require a significant
++# amount of time. So better setup this variable to a huge number and hope the
++# watchdog never fires.
++#
++XENDOMAINS_STOP_MAXWAIT=300
++
--- /dev/null
--- /dev/null
++#!/bin/bash
++### BEGIN INIT INFO
++# Provides: xendomains
++# Required-Start: $syslog $remote_fs xen
++# Required-Stop: $syslog $remote_fs xen
++# Should-Start: drbd iscsi openvswitch-switch
++# Should-Stop: drbd iscsi openvswitch-switch
++# X-Start-Before: corosync heartbeat libvirtd
++# X-Stop-After: corosync heartbeat libvirtd
++# Default-Start: 2 3 4 5
++# Default-Stop: 0 1 6
++# Short-Description: Start/stop secondary xen domains
++# Description: Start / stop domains automatically when domain 0
++# boots / shuts down.
++### END INIT INFO
++
++. /lib/init/vars.sh
++. /lib/lsb/init-functions
++
++xen list &> /dev/null
++if test $? -ne 0
++then
++ exit 0;
++fi
++
++TOOLSTACK=$(/usr/lib/xen-common/bin/xen-toolstack 2>/dev/null)
++if [ $? -ne 0 ]; then
++ log_warning_msg "No usable Xen toolstack selected"
++ exit 0
++fi
++if [ "$(basename "$TOOLSTACK")" != xm ] && [ "$(basename "$TOOLSTACK")" != xl ]; then
++ exit 0
++fi
++
++if ! [ -e /proc/xen/privcmd ]; then
++ exit 0
++fi
++
++[ -r /etc/default/xendomains ] && . /etc/default/xendomains
++
++shopt -s nullglob
++
++check_config_name()
++{
++ /usr/lib/xen-common/bin/xen-init-name "$1" 2>/dev/null
++}
++
++check_running()
++{
++ xen domid "$1" > /dev/null 2>&1
++ return $?
++}
++
++timeout_coproc()
++{
++ local TIMEOUT=$1
++ shift
++
++ coproc "$@" 2>&1 1>/dev/null
++
++ local COPROC_OUT
++ exec {COPROC_OUT}<&"${COPROC[0]}"
++ local PID="$COPROC_PID"
++
++ for no in $(seq 0 $TIMEOUT); do
++ if [ -z "$COPROC_PID" ]; then break; fi
++ sleep 1
++ log_action_cont_msg
++ done
++
++ kill -INT "$COPROC_PID" >/dev/null 2>&1
++ wait $PID
++ local rc=$?
++ log_action_end_msg $rc
++
++ [ $rc -gt 0 ] && cat <&$COPROC_OUT
++ exec <&$COPROC_OUT-
++}
++
++timeout_domain()
++{
++ name="$1"
++ TIMEOUT="$2"
++ for no in $(seq 0 $TIMEOUT); do
++ if ! check_running "$name"; then return 0; fi
++ sleep 1
++ log_action_cont_msg
++ done
++ return 1
++}
++
++do_start_restore()
++{
++ [ -n "$XENDOMAINS_SAVE" ] || return
++ [ -d "$XENDOMAINS_SAVE" ] || return
++ [ -n "$XENDOMAINS_RESTORE" ] || return
++
++ for file in $XENDOMAINS_SAVE/*; do
++ if [ -f $file ] ; then
++ name="${file##*/}"
++ log_action_begin_msg "Restoring Xen domain $name (from $file)"
++
++ out=$(xen restore "$file" 2>&1 1>/dev/null)
++ case "$?" in
++ 0)
++ rm "$file"
++ domains[$name]='started'
++ log_action_end_msg 0
++ ;;
++ *)
++ domains[$name]='failed'
++ log_action_end_msg 1
++ echo "$out"
++ ;;
++ esac
++ fi
++ done
++}
++
++do_start_auto()
++{
++ [ -n "$XENDOMAINS_AUTO" ] || return
++ [ -d "$XENDOMAINS_AUTO" ] || return
++
++ for file in $XENDOMAINS_AUTO/*; do
++ name="$(check_config_name $file)"
++
++ if [ "${domains[$name]}" = started ]; then
++ :
++ elif check_running "$name"; then
++ log_action_msg "Xen domain $name already running"
++ else
++ log_action_begin_msg "Starting Xen domain $name (from $file)"
++
++ if [ "${domains[$name]}" = failed ]; then
++ log_action_end_msg 1 "restore failed"
++ else
++ out=$(xen create --quiet --defconfig "$file" 2>&1 1>/dev/null)
++ case "$?" in
++ 0)
++ log_action_end_msg 0
++ ;;
++ *)
++ log_action_end_msg 1
++ echo "$out"
++ ;;
++ esac
++ fi
++ fi
++ done
++}
++
++do_start()
++{
++ declare -A domains
++
++ do_start_restore
++ do_start_auto
++}
++
++do_stop_migrate()
++{
++ [ -n "$XENDOMAINS_MIGRATE" ] || return
++
++ while read id name rest; do
++ log_action_begin_msg "Migrating Xen domain $name ($id)"
++ (timeout_coproc "$XENDOMAINS_STOP_MAXWAIT" xen migrate $id $XENDOMAINS_MIGRATE)
++ done < <(/usr/lib/xen-common/bin/xen-init-list)
++}
++
++do_stop_save()
++{
++ [ -n "$XENDOMAINS_SAVE" ] || return
++ [ -d "$XENDOMAINS_SAVE" ] || mkdir -m 0700 -p "$XENDOMAINS_SAVE"
++
++ while read id name rest; do
++ log_action_begin_msg "Saving Xen domain $name ($id)"
++ (timeout_coproc "$XENDOMAINS_STOP_MAXWAIT" xen save $id $XENDOMAINS_SAVE/$name)
++ done < <(/usr/lib/xen-common/bin/xen-init-list)
++}
++
++do_stop_shutdown()
++{
++ while read id name rest; do
++ log_action_begin_msg "Shutting down Xen domain $name ($id)"
++ xen shutdown $id 2>&1 1>/dev/null
++ log_action_end_msg $?
++ done < <(/usr/lib/xen-common/bin/xen-init-list)
++ while read id name rest; do
++ log_action_begin_msg "Waiting for Xen domain $name ($id) to shut down"
++ timeout_domain "$name" "$XENDOMAINS_STOP_MAXWAIT"
++ log_action_end_msg $?
++ done < <(/usr/lib/xen-common/bin/xen-init-list)
++}
++
++do_stop()
++{
++ do_stop_migrate
++ do_stop_save
++ do_stop_shutdown
++}
++
++case "$1" in
++ start)
++ do_start
++ ;;
++
++ stop)
++ do_stop
++ ;;
++
++ restart)
++ do_stop
++ do_start
++ ;;
++
++ reload|force-reload)
++ do_stop
++ do_start
++ ;;
++
++ *)
++ echo "Usage: $0 {start|stop|restart|reload|force-reload}"
++ exit 3
++ ;;
++esac
++
++exit 0
--- /dev/null
--- /dev/null
++xen-3.0 (3.4.0-1) UNRELEASED; urgency=low
++
++ This version does not longer ship the ioemu part, aka the patched qemu.
++ So it does not support
++ * full virtualized domains and
++ * virtual console support for paravirtualized domains.
++
++ -- Bastian Blank <waldi@debian.org> Sat, 18 Jul 2009 15:05:31 +0200
--- /dev/null
--- /dev/null
++Xen for Debian
++==============
++
++Config behaviour
++----------------
++
++The Debian packages changes the behaviour of some config options.
++
++The options "kernel", "initrd" and "loader" searches in the Xen private boot
++directory (/usr/lib/xen-$version/boot) first. "bootloader" and "device_model"
++also searches the Xen private bin directory (/usr/lib/xen-$version/bin). This
++means that the following entries will properly find anything:
++ loader = 'hvmloader'
++ bootloader = 'pygrub'
++
++Network setup
++-------------
++
++The Debian package of Xen don't change the network setup in any way. This
++differs from the upstream version, which overwrites the main network card
++(eth0) with a bridge setup and may break the network at this point..
++
++To setup a bridge please follow the instructions in the manpage for
++bridge-utils-interfaces(5).
++
++You can also change the /etc/xen/xend-config.sxp file and re-enable the Xen
++included network setup by adding
++ (network-script network-bridge)
++to the file. But please note that this may or may not work.
++
++Loop devices
++------------
++
++If you plan hosting virtual domains with file backed block devices (ie. the
++ones xen-tools creates by default) be careful about two issues:
++
++1. Maximum number of loop devices
++ By default the loop driver supports a maximum of 8 loop devices. Of
++ course since every Xen domain uses at least two (one for the data and one
++ for the swap) this number is absolutely insufficient. You should increase
++ it by adding a file named local-loop in /etc/modprobe.d containing the
++ string "options loop max_loop=128", if the loop driver is compiled as a
++ module, or by appending the string max_loop=128 to your kernel parameters
++ if the driver is in-kernel. Of course you can increase or decrease the
++ number 128 as you see fit.
++
++2. Driver loading (only if loop is compiled as a module)
++ Normally the loop driver gets loaded when the first loop device is
++ accessed. When using udev, though, the loop devices get created only
++ after the driver gets loaded. This means that Xen will fail if the loop
++ driver is not already loaded when it tries to start a file-backed virtual
++ domain. To fix this just add "loop" in your /etc/modules file, thus
++ forcing it to be loaded at boot time.
--- /dev/null
--- /dev/null
++usr/bin/xenstore-*
projects / xen.git / commitdiff