Ian Jackson [Fri, 11 Jan 2019 18:01:30 +0000 (18:01 +0000)]
Merge xen (4.8.5+shim4.10.2+xsa282-1+deb9u11) import into refs/heads/workingbranch
Dongli Zhang [Tue, 4 Jul 2017 14:35:28 +0000 (22:35 +0800)]
gitignore: add tools/misc/xen-diag to .gitignore
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
(cherry picked from commit
d23afa6399a78ca7d0ed3294119632535828c9d8)
Gbp-Pq: Name 0031-gitignore-add-tools-misc-xen-diag-to-.gitignore.patch
Dongli Zhang [Sun, 2 Jul 2017 23:34:13 +0000 (07:34 +0800)]
tools: utility to dump guest grant table info
As both xen-netfront and xen-blkfront support multi-queue, they would
consume a lot of grant table references when there are many paravirtual
devices and vcpus assigned to guest. Guest domU might panic or hang due to
grant allocation failure when nr_grant_frames in guest has reached its max
value.
This utility would help the administrators to diagnose xen issue. There is
only one command gnttab_query_size so far to monitor the guest grant table
frame usage on dom0 side so that it is not required to debug on guest
kernel side for crash/hang analysis anymore.
It is extensible for adding new commands for more diagnostic functions and
the framework of xen-diag.c is from xen-livepatch.c.
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
(cherry picked from commit
df36d82e3fc91bee2ff1681fd438c815fa324b6a)
Gbp-Pq: Name 0030-tools-utility-to-dump-guest-grant-table-info.patch
Ian Jackson [Wed, 7 Feb 2018 17:05:53 +0000 (17:05 +0000)]
Copy README.pti and README.comet from the XSA-254 advisory
We would like these to be installed with the Debian Xen packages
because they contain usage instructions too.
Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0029-Copy-README.pti-and-README.comet-from-the-XSA-254-ad.patch
Ian Jackson [Tue, 1 Nov 2016 16:20:27 +0000 (16:20 +0000)]
tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc on x86_32
The current build fails with GCC6 on Debian sid i386 (unstable):
/tmp/ccqjaueF.s: Assembler messages:
/tmp/ccqjaueF.s:3713: Error: missing or invalid displacement expression `vmovd_to_reg_len@GOT'
This is due to the combination of GCC6, and Debian's decision to
enable some hardening flags by default (to try to make runtime
addresses less predictable):
https://wiki.debian.org/Hardening/PIEByDefaultTransition
This is of no benefit for the x86 instruction emulator test, which is
a rebuild of the emulator code for testing purposes only. So pass
options to disable this.
These options will be no-ops if they are the same as the compiler
default.
On amd64, the -fno-pic breaks the build in a different way. So do
this only on i386.
Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
squash! tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc
Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0028-tools-tests-x86_emulator-Pass-no-pie-fno-pic-to-gcc-.patch
Ubuntu Developers [Thu, 6 Oct 2016 13:24:46 +0000 (14:24 +0100)]
ubuntu-tools-libs-abiname
Gbp-Pq: Name ubuntu-tools-libs-abiname.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:36 +0000 (11:47 +0200)]
tools-xenstore-compatibility.diff
Patch-Name: tools-xenstore-compatibility.diff
Gbp-Pq: Name tools-xenstore-compatibility.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:31 +0000 (11:47 +0200)]
tools-xenmon-install.diff
Patch-Name: tools-xenmon-install.diff
Gbp-Pq: Name tools-xenmon-install.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:30 +0000 (11:47 +0200)]
tools-include-install.diff
Patch-Name: tools-include-install.diff
Gbp-Pq: Name tools-include-install.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:29 +0000 (11:47 +0200)]
Remove static solaris support from pygrub
Patch-Name: tools-pygrub-remove-static-solaris-support
Gbp-Pq: Name tools-pygrub-remove-static-solaris-support
Bastian Blank [Sat, 5 Jul 2014 09:47:14 +0000 (11:47 +0200)]
tools-xentrace-prefix.diff
Patch-Name: tools-xentrace-prefix.diff
Gbp-Pq: Name tools-xentrace-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:12 +0000 (11:47 +0200)]
tools-xenstore-prefix.diff
Patch-Name: tools-xenstore-prefix.diff
Gbp-Pq: Name tools-xenstore-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:09 +0000 (11:47 +0200)]
tools-xenstat-prefix.diff
Patch-Name: tools-xenstat-prefix.diff
Gbp-Pq: Name tools-xenstat-prefix.diff
Bastian Blank [Sat, 13 Dec 2014 18:37:02 +0000 (19:37 +0100)]
tools-xenpmd-prefix.diff
Patch-Name: tools-xenpmd-prefix.diff
Gbp-Pq: Name tools-xenpmd-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:08 +0000 (11:47 +0200)]
tools-xenpaging-prefix.diff
Patch-Name: tools-xenpaging-prefix.diff
Gbp-Pq: Name tools-xenpaging-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:06 +0000 (11:47 +0200)]
tools-xenmon-prefix.diff
Patch-Name: tools-xenmon-prefix.diff
Gbp-Pq: Name tools-xenmon-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:05 +0000 (11:47 +0200)]
tools-xcutils-rpath.diff
Patch-Name: tools-xcutils-rpath.diff
Gbp-Pq: Name tools-xcutils-rpath.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:02 +0000 (11:47 +0200)]
tools-python-prefix.diff
Patch-Name: tools-python-prefix.diff
Gbp-Pq: Name tools-python-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:01 +0000 (11:47 +0200)]
tools-pygrub-prefix.diff
Patch-Name: tools-pygrub-prefix.diff
Gbp-Pq: Name tools-pygrub-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:59 +0000 (11:46 +0200)]
tools-misc-prefix.diff
Patch-Name: tools-misc-prefix.diff
Gbp-Pq: Name tools-misc-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:57 +0000 (11:46 +0200)]
tools-libxl-prefix.diff
Patch-Name: tools-libxl-prefix.diff
Gbp-Pq: Name tools-libxl-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:55 +0000 (11:46 +0200)]
tools-libfsimage-prefix.diff
Patch-Name: tools-libfsimage-prefix.diff
Gbp-Pq: Name tools-libfsimage-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:54 +0000 (11:46 +0200)]
tools-console-prefix.diff
Patch-Name: tools-console-prefix.diff
Gbp-Pq: Name tools-console-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:53 +0000 (11:46 +0200)]
tools-blktap2-prefix.diff
Patch-Name: tools-blktap2-prefix.diff
Gbp-Pq: Name tools-blktap2-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:51 +0000 (11:46 +0200)]
tools-rpath.diff
Patch-Name: tools-rpath.diff
Gbp-Pq: Name tools-rpath.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:50 +0000 (11:46 +0200)]
tools-xenstat-abiname.diff
Patch-Name: tools-xenstat-abiname.diff
Gbp-Pq: Name tools-xenstat-abiname.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:49 +0000 (11:46 +0200)]
tools-libxl-abiname.diff
Patch-Name: tools-libxl-abiname.diff
Gbp-Pq: Name tools-libxl-abiname.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:48 +0000 (11:46 +0200)]
tools-libxc-abiname.diff
Patch-Name: tools-libxc-abiname.diff
Gbp-Pq: Name tools-libxc-abiname.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:47 +0000 (11:46 +0200)]
tools-libfsimage-abiname.diff
Patch-Name: tools-libfsimage-abiname.diff
Gbp-Pq: Name tools-libfsimage-abiname.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:45 +0000 (11:46 +0200)]
config-prefix.diff
Patch-Name: config-prefix.diff
Gbp-Pq: Name config-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:43 +0000 (11:46 +0200)]
version
Patch-Name: version.diff
Gbp-Pq: Name version.diff
Ian Jackson [Fri, 28 Oct 2016 13:52:13 +0000 (14:52 +0100)]
Rerun autogen.sh (stretch)
Using autoconf 2.69-10 (amd64)
Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0001-Rerun-autogen.sh-stretch.patch
Ian Jackson [Fri, 11 Jan 2019 18:01:30 +0000 (18:01 +0000)]
xen (4.8.5+shim4.10.2+xsa282-1+deb9u11) stretch-security; urgency=medium
* Update to new upstream versions:
* Main tree updated to Xen 4.8.5
* Shim updated to current upstream stable-4.10 branch, to
avoid errors trying to cherry-pick security patches.
* This includes fixes to:
XSA-282 CVE-2018-19967 Xen 4.8 and 4.10 shim
XSA-280 CVE-2018-19966 Xen 4.8 and 4.10 shim
XSA-279 CVE-2018-19965 Xen 4.8 and 4.10 shim
XSA-275 CVE-2018-19961 CVE-2018-19962 Xen 4.8 and 4.10 shim
XSA-278 CVE-2018-18883 Xen 4.10 shim only
* For completeness, the following fixes are not applicable:
XSA-274 CVE-2018-14678 Bug is in Linux
XSA-270 CVE-2018-15471 Bug is in Linux
XSA-271 CVE-2018-14007 Bug is in XAPI (not in Debian)
XSA-277 CVE-2018-19964 Bug not in either 4.8 or 4.10
XSA-276 CVE-2018-19963 Bug not in either 4.8 or 4.10
* Added CVEs to previous changelog entries:
4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10
4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
[dgit import unpatched xen 4.8.5+shim4.10.2+xsa282-1+deb9u11]
Ian Jackson [Fri, 11 Jan 2019 18:01:30 +0000 (18:01 +0000)]
Import xen_4.8.5+shim4.10.2+xsa282.orig.tar.xz
[dgit import orig xen_4.8.5+shim4.10.2+xsa282.orig.tar.xz]
Ian Jackson [Fri, 11 Jan 2019 18:01:30 +0000 (18:01 +0000)]
Import xen_4.8.5+shim4.10.2+xsa282.orig-shim.tar.xz
[dgit import orig xen_4.8.5+shim4.10.2+xsa282.orig-shim.tar.xz]
Ian Jackson [Fri, 11 Jan 2019 18:01:30 +0000 (18:01 +0000)]
Import xen_4.8.5+shim4.10.2+xsa282-1+deb9u11.debian.tar.xz
[dgit import tarball xen 4.8.5+shim4.10.2+xsa282-1+deb9u11 xen_4.8.5+shim4.10.2+xsa282-1+deb9u11.debian.tar.xz]
Wolodja Wentland [Wed, 15 Aug 2018 22:51:28 +0000 (23:51 +0100)]
Merge xen (4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10) import into refs/heads/workingbranch
Dongli Zhang [Tue, 4 Jul 2017 14:35:28 +0000 (22:35 +0800)]
gitignore: add tools/misc/xen-diag to .gitignore
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
(cherry picked from commit
d23afa6399a78ca7d0ed3294119632535828c9d8)
Gbp-Pq: Name 0031-gitignore-add-tools-misc-xen-diag-to-.gitignore.patch
Dongli Zhang [Sun, 2 Jul 2017 23:34:13 +0000 (07:34 +0800)]
tools: utility to dump guest grant table info
As both xen-netfront and xen-blkfront support multi-queue, they would
consume a lot of grant table references when there are many paravirtual
devices and vcpus assigned to guest. Guest domU might panic or hang due to
grant allocation failure when nr_grant_frames in guest has reached its max
value.
This utility would help the administrators to diagnose xen issue. There is
only one command gnttab_query_size so far to monitor the guest grant table
frame usage on dom0 side so that it is not required to debug on guest
kernel side for crash/hang analysis anymore.
It is extensible for adding new commands for more diagnostic functions and
the framework of xen-diag.c is from xen-livepatch.c.
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
(cherry picked from commit
df36d82e3fc91bee2ff1681fd438c815fa324b6a)
Gbp-Pq: Name 0030-tools-utility-to-dump-guest-grant-table-info.patch
Ian Jackson [Wed, 7 Feb 2018 17:05:53 +0000 (17:05 +0000)]
Copy README.pti and README.comet from the XSA-254 advisory
We would like these to be installed with the Debian Xen packages
because they contain usage instructions too.
Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0029-Copy-README.pti-and-README.comet-from-the-XSA-254-ad.patch
Ian Jackson [Tue, 1 Nov 2016 16:20:27 +0000 (16:20 +0000)]
tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc on x86_32
The current build fails with GCC6 on Debian sid i386 (unstable):
/tmp/ccqjaueF.s: Assembler messages:
/tmp/ccqjaueF.s:3713: Error: missing or invalid displacement expression `vmovd_to_reg_len@GOT'
This is due to the combination of GCC6, and Debian's decision to
enable some hardening flags by default (to try to make runtime
addresses less predictable):
https://wiki.debian.org/Hardening/PIEByDefaultTransition
This is of no benefit for the x86 instruction emulator test, which is
a rebuild of the emulator code for testing purposes only. So pass
options to disable this.
These options will be no-ops if they are the same as the compiler
default.
On amd64, the -fno-pic breaks the build in a different way. So do
this only on i386.
Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
squash! tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc
Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0028-tools-tests-x86_emulator-Pass-no-pie-fno-pic-to-gcc-.patch
Ubuntu Developers [Thu, 6 Oct 2016 13:24:46 +0000 (14:24 +0100)]
ubuntu-tools-libs-abiname
Gbp-Pq: Name ubuntu-tools-libs-abiname.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:36 +0000 (11:47 +0200)]
tools-xenstore-compatibility.diff
Patch-Name: tools-xenstore-compatibility.diff
Gbp-Pq: Name tools-xenstore-compatibility.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:31 +0000 (11:47 +0200)]
tools-xenmon-install.diff
Patch-Name: tools-xenmon-install.diff
Gbp-Pq: Name tools-xenmon-install.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:30 +0000 (11:47 +0200)]
tools-include-install.diff
Patch-Name: tools-include-install.diff
Gbp-Pq: Name tools-include-install.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:29 +0000 (11:47 +0200)]
Remove static solaris support from pygrub
Patch-Name: tools-pygrub-remove-static-solaris-support
Gbp-Pq: Name tools-pygrub-remove-static-solaris-support
Bastian Blank [Sat, 5 Jul 2014 09:47:14 +0000 (11:47 +0200)]
tools-xentrace-prefix.diff
Patch-Name: tools-xentrace-prefix.diff
Gbp-Pq: Name tools-xentrace-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:12 +0000 (11:47 +0200)]
tools-xenstore-prefix.diff
Patch-Name: tools-xenstore-prefix.diff
Gbp-Pq: Name tools-xenstore-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:09 +0000 (11:47 +0200)]
tools-xenstat-prefix.diff
Patch-Name: tools-xenstat-prefix.diff
Gbp-Pq: Name tools-xenstat-prefix.diff
Bastian Blank [Sat, 13 Dec 2014 18:37:02 +0000 (19:37 +0100)]
tools-xenpmd-prefix.diff
Patch-Name: tools-xenpmd-prefix.diff
Gbp-Pq: Name tools-xenpmd-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:08 +0000 (11:47 +0200)]
tools-xenpaging-prefix.diff
Patch-Name: tools-xenpaging-prefix.diff
Gbp-Pq: Name tools-xenpaging-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:06 +0000 (11:47 +0200)]
tools-xenmon-prefix.diff
Patch-Name: tools-xenmon-prefix.diff
Gbp-Pq: Name tools-xenmon-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:05 +0000 (11:47 +0200)]
tools-xcutils-rpath.diff
Patch-Name: tools-xcutils-rpath.diff
Gbp-Pq: Name tools-xcutils-rpath.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:02 +0000 (11:47 +0200)]
tools-python-prefix.diff
Patch-Name: tools-python-prefix.diff
Gbp-Pq: Name tools-python-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:01 +0000 (11:47 +0200)]
tools-pygrub-prefix.diff
Patch-Name: tools-pygrub-prefix.diff
Gbp-Pq: Name tools-pygrub-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:59 +0000 (11:46 +0200)]
tools-misc-prefix.diff
Patch-Name: tools-misc-prefix.diff
Gbp-Pq: Name tools-misc-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:57 +0000 (11:46 +0200)]
tools-libxl-prefix.diff
Patch-Name: tools-libxl-prefix.diff
Gbp-Pq: Name tools-libxl-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:55 +0000 (11:46 +0200)]
tools-libfsimage-prefix.diff
Patch-Name: tools-libfsimage-prefix.diff
Gbp-Pq: Name tools-libfsimage-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:54 +0000 (11:46 +0200)]
tools-console-prefix.diff
Patch-Name: tools-console-prefix.diff
Gbp-Pq: Name tools-console-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:53 +0000 (11:46 +0200)]
tools-blktap2-prefix.diff
Patch-Name: tools-blktap2-prefix.diff
Gbp-Pq: Name tools-blktap2-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:51 +0000 (11:46 +0200)]
tools-rpath.diff
Patch-Name: tools-rpath.diff
Gbp-Pq: Name tools-rpath.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:50 +0000 (11:46 +0200)]
tools-xenstat-abiname.diff
Patch-Name: tools-xenstat-abiname.diff
Gbp-Pq: Name tools-xenstat-abiname.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:49 +0000 (11:46 +0200)]
tools-libxl-abiname.diff
Patch-Name: tools-libxl-abiname.diff
Gbp-Pq: Name tools-libxl-abiname.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:48 +0000 (11:46 +0200)]
tools-libxc-abiname.diff
Patch-Name: tools-libxc-abiname.diff
Gbp-Pq: Name tools-libxc-abiname.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:47 +0000 (11:46 +0200)]
tools-libfsimage-abiname.diff
Patch-Name: tools-libfsimage-abiname.diff
Gbp-Pq: Name tools-libfsimage-abiname.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:45 +0000 (11:46 +0200)]
config-prefix.diff
Patch-Name: config-prefix.diff
Gbp-Pq: Name config-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:43 +0000 (11:46 +0200)]
version
Patch-Name: version.diff
Gbp-Pq: Name version.diff
Ian Jackson [Fri, 28 Oct 2016 13:52:13 +0000 (14:52 +0100)]
Rerun autogen.sh (stretch)
Using autoconf 2.69-10 (amd64)
Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0001-Rerun-autogen.sh-stretch.patch
Wolodja Wentland [Wed, 15 Aug 2018 22:51:28 +0000 (23:51 +0100)]
xen (4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10) stretch-security; urgency=medium
* Update to new upstream version 4.8.4+xsa273+shim4.10.1+xsa273.
XSA-273 (CVE-2018-3620,CVE-2018-3646)
XSA-272 (no CVE yet)
XSA-269 (no CVE yet)
XSA-268 (no CVE yet)
This version is, again, a combination of staging-4.8 and staging-4.10
for Xen and shim respectively as in previous versions.
[dgit import unpatched xen 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10]
Wolodja Wentland [Wed, 15 Aug 2018 22:51:28 +0000 (23:51 +0100)]
Import xen_4.8.4+xsa273+shim4.10.1+xsa273.orig.tar.gz
[dgit import orig xen_4.8.4+xsa273+shim4.10.1+xsa273.orig.tar.gz]
Wolodja Wentland [Wed, 15 Aug 2018 22:51:28 +0000 (23:51 +0100)]
Import xen_4.8.4+xsa273+shim4.10.1+xsa273.orig-shim.tar.gz
[dgit import orig xen_4.8.4+xsa273+shim4.10.1+xsa273.orig-shim.tar.gz]
Wolodja Wentland [Wed, 15 Aug 2018 22:51:28 +0000 (23:51 +0100)]
Import xen_4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10.debian.tar.xz
[dgit import tarball xen 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10 xen_4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10.debian.tar.xz]
Ian Jackson [Fri, 22 Jun 2018 15:38:39 +0000 (16:38 +0100)]
Merge xen (4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9) import into refs/heads/workingbranch
Ian Jackson [Wed, 13 Jun 2018 14:54:53 +0000 (15:54 +0100)]
libxl: restore passing "readonly=" to qemu for SCSI disks
A read-only check was introduced for XSA-142, commit
ef6cb76026 ("libxl:
relax readonly check introduced by XSA-142 fix") added the passing of
the extra setting, but commit
dab0539568 ("Introduce COLO mode and
refactor relevant function") dropped the passing of the setting again,
quite likely due to improper re-basing.
Restore the readonly= parameter to SCSI disks. For IDE disks this is
supposed to be rejected; add an assert. And there is a bare ad-hoc
disk drive string in libxl__build_device_model_args_new, which we also
update.
This is XSA-266.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Gbp-Pq: Name libxl-restore-passing-readonly=-to-qemu-.patch
Ian Jackson [Wed, 13 Jun 2018 14:51:36 +0000 (15:51 +0100)]
libxl: qemu_disk_scsi_drive_string: Break out common parts of disk config
The generated configurations are identical apart from, in some cases,
reordering of the id=%s element. So, overall, no functional change.
This is part of XSA-266.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Gbp-Pq: Name libxl-qemu_disk_scsi_drive_string-break-.patch
Andrew Cooper [Tue, 19 Jun 2018 14:11:52 +0000 (15:11 +0100)]
x86: Refine checks in #DB handler for faulting conditions
One of the fix for XSA-260 (c/s
75d6828bc2 "x86/traps: Fix handling of #DB
exceptions in hypervisor context") added some safety checks to help avoid
livelocks of #DB faults.
While a General Detect #DB exception does have fault semantics, hardware
clears %dr7.gd on entry to the handler, meaning that it is actually safe to
return to. Furthermore, %dr6.gd is guest controlled and sticky (never cleared
by hardware). A malicious PV guest can therefore trigger the fatal_trap() and
crash Xen.
Instruction breakpoints are more tricky. The breakpoint match bits in %dr6
are not sticky, but the Intel manual warns that they may be set for
non-enabled breakpoints, so add a breakpoint enabled check.
Beyond that, because of the restriction on the linear addresses PV guests can
set, and the fault (rather than trap) nature of instruction breakpoints
(i.e. can't be deferred by a MovSS shadow), there should be no way to
encounter an instruction breakpoint in Xen context. However, for extra
robustness, deal with this situation by clearing the breakpoint configuration,
rather than crashing.
This is XSA-265
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Gbp-Pq: Name x86-refine-checks-in-db-handler-for-faul.patch
Jan Beulich [Tue, 19 Jun 2018 14:11:44 +0000 (15:11 +0100)]
x86/mm: don't bypass preemption checks
While unlikely, it is not impossible for a multi-vCPU guest to leverage
bypasses of preemption checks to drive Xen into an unbounded loop.
This is XSA-264.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Gbp-Pq: Name x86mm-dont-bypass-preemption-checks.patch
Dongli Zhang [Tue, 4 Jul 2017 14:35:28 +0000 (22:35 +0800)]
gitignore: add tools/misc/xen-diag to .gitignore
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
(cherry picked from commit
d23afa6399a78ca7d0ed3294119632535828c9d8)
Gbp-Pq: Name 0031-gitignore-add-tools-misc-xen-diag-to-.gitignore.patch
Dongli Zhang [Sun, 2 Jul 2017 23:34:13 +0000 (07:34 +0800)]
tools: utility to dump guest grant table info
As both xen-netfront and xen-blkfront support multi-queue, they would
consume a lot of grant table references when there are many paravirtual
devices and vcpus assigned to guest. Guest domU might panic or hang due to
grant allocation failure when nr_grant_frames in guest has reached its max
value.
This utility would help the administrators to diagnose xen issue. There is
only one command gnttab_query_size so far to monitor the guest grant table
frame usage on dom0 side so that it is not required to debug on guest
kernel side for crash/hang analysis anymore.
It is extensible for adding new commands for more diagnostic functions and
the framework of xen-diag.c is from xen-livepatch.c.
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
(cherry picked from commit
df36d82e3fc91bee2ff1681fd438c815fa324b6a)
Gbp-Pq: Name 0030-tools-utility-to-dump-guest-grant-table-info.patch
Ian Jackson [Wed, 7 Feb 2018 17:05:53 +0000 (17:05 +0000)]
Copy README.pti and README.comet from the XSA-254 advisory
We would like these to be installed with the Debian Xen packages
because they contain usage instructions too.
Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0029-Copy-README.pti-and-README.comet-from-the-XSA-254-ad.patch
Ian Jackson [Tue, 1 Nov 2016 16:20:27 +0000 (16:20 +0000)]
tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc on x86_32
The current build fails with GCC6 on Debian sid i386 (unstable):
/tmp/ccqjaueF.s: Assembler messages:
/tmp/ccqjaueF.s:3713: Error: missing or invalid displacement expression `vmovd_to_reg_len@GOT'
This is due to the combination of GCC6, and Debian's decision to
enable some hardening flags by default (to try to make runtime
addresses less predictable):
https://wiki.debian.org/Hardening/PIEByDefaultTransition
This is of no benefit for the x86 instruction emulator test, which is
a rebuild of the emulator code for testing purposes only. So pass
options to disable this.
These options will be no-ops if they are the same as the compiler
default.
On amd64, the -fno-pic breaks the build in a different way. So do
this only on i386.
Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
squash! tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc
Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0028-tools-tests-x86_emulator-Pass-no-pie-fno-pic-to-gcc-.patch
Ubuntu Developers [Thu, 6 Oct 2016 13:24:46 +0000 (14:24 +0100)]
ubuntu-tools-libs-abiname
Gbp-Pq: Name ubuntu-tools-libs-abiname.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:36 +0000 (11:47 +0200)]
tools-xenstore-compatibility.diff
Patch-Name: tools-xenstore-compatibility.diff
Gbp-Pq: Name tools-xenstore-compatibility.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:31 +0000 (11:47 +0200)]
tools-xenmon-install.diff
Patch-Name: tools-xenmon-install.diff
Gbp-Pq: Name tools-xenmon-install.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:30 +0000 (11:47 +0200)]
tools-include-install.diff
Patch-Name: tools-include-install.diff
Gbp-Pq: Name tools-include-install.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:29 +0000 (11:47 +0200)]
Remove static solaris support from pygrub
Patch-Name: tools-pygrub-remove-static-solaris-support
Gbp-Pq: Name tools-pygrub-remove-static-solaris-support
Bastian Blank [Sat, 5 Jul 2014 09:47:14 +0000 (11:47 +0200)]
tools-xentrace-prefix.diff
Patch-Name: tools-xentrace-prefix.diff
Gbp-Pq: Name tools-xentrace-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:12 +0000 (11:47 +0200)]
tools-xenstore-prefix.diff
Patch-Name: tools-xenstore-prefix.diff
Gbp-Pq: Name tools-xenstore-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:09 +0000 (11:47 +0200)]
tools-xenstat-prefix.diff
Patch-Name: tools-xenstat-prefix.diff
Gbp-Pq: Name tools-xenstat-prefix.diff
Bastian Blank [Sat, 13 Dec 2014 18:37:02 +0000 (19:37 +0100)]
tools-xenpmd-prefix.diff
Patch-Name: tools-xenpmd-prefix.diff
Gbp-Pq: Name tools-xenpmd-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:08 +0000 (11:47 +0200)]
tools-xenpaging-prefix.diff
Patch-Name: tools-xenpaging-prefix.diff
Gbp-Pq: Name tools-xenpaging-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:06 +0000 (11:47 +0200)]
tools-xenmon-prefix.diff
Patch-Name: tools-xenmon-prefix.diff
Gbp-Pq: Name tools-xenmon-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:05 +0000 (11:47 +0200)]
tools-xcutils-rpath.diff
Patch-Name: tools-xcutils-rpath.diff
Gbp-Pq: Name tools-xcutils-rpath.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:02 +0000 (11:47 +0200)]
tools-python-prefix.diff
Patch-Name: tools-python-prefix.diff
Gbp-Pq: Name tools-python-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:47:01 +0000 (11:47 +0200)]
tools-pygrub-prefix.diff
Patch-Name: tools-pygrub-prefix.diff
Gbp-Pq: Name tools-pygrub-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:59 +0000 (11:46 +0200)]
tools-misc-prefix.diff
Patch-Name: tools-misc-prefix.diff
Gbp-Pq: Name tools-misc-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:57 +0000 (11:46 +0200)]
tools-libxl-prefix.diff
Patch-Name: tools-libxl-prefix.diff
Gbp-Pq: Name tools-libxl-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:55 +0000 (11:46 +0200)]
tools-libfsimage-prefix.diff
Patch-Name: tools-libfsimage-prefix.diff
Gbp-Pq: Name tools-libfsimage-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:54 +0000 (11:46 +0200)]
tools-console-prefix.diff
Patch-Name: tools-console-prefix.diff
Gbp-Pq: Name tools-console-prefix.diff
Bastian Blank [Sat, 5 Jul 2014 09:46:53 +0000 (11:46 +0200)]
tools-blktap2-prefix.diff
Patch-Name: tools-blktap2-prefix.diff
Gbp-Pq: Name tools-blktap2-prefix.diff
projects / xen.git / log