pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/sysutils Upgrade Xen 4.11 packages to 4.11.2. CHANGES ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ed2e7d4bc1ce
branches:  trunk
changeset: 338765:ed2e7d4bc1ce
user:      bouyer <bouyer%pkgsrc.org@localhost>
date:      Fri Aug 30 13:16:27 2019 +0000

description:
Upgrade Xen 4.11 packages to 4.11.2. CHANGES since 4.11.1:
- include security patches up to and including XSA297
- various performances improvements, code cleanup and bug fixes

diffstat:

 sysutils/xenkernel411/Makefile               |    6 +-
 sysutils/xenkernel411/distinfo               |   21 +-
 sysutils/xenkernel411/patches/patch-XSA284   |   33 --
 sysutils/xenkernel411/patches/patch-XSA285   |   45 ---
 sysutils/xenkernel411/patches/patch-XSA287   |  330 ---------------------------
 sysutils/xenkernel411/patches/patch-XSA288   |  310 -------------------------
 sysutils/xenkernel411/patches/patch-XSA290-1 |  239 -------------------
 sysutils/xenkernel411/patches/patch-XSA290-2 |   73 -----
 sysutils/xenkernel411/patches/patch-XSA291   |   55 ----
 sysutils/xenkernel411/patches/patch-XSA292   |   97 -------
 sysutils/xenkernel411/patches/patch-XSA293-1 |  319 --------------------------
 sysutils/xenkernel411/patches/patch-XSA293-2 |  262 ---------------------
 sysutils/xenkernel411/patches/patch-XSA294   |   73 -----
 sysutils/xentools411/Makefile                |    7 +-
 sysutils/xentools411/distinfo                |   10 +-
 15 files changed, 16 insertions(+), 1864 deletions(-)

diffs (truncated from 1967 to 300 lines):

diff -r eb5abecd924f -r ed2e7d4bc1ce sysutils/xenkernel411/Makefile
--- a/sysutils/xenkernel411/Makefile    Fri Aug 30 13:00:56 2019 +0000
+++ b/sysutils/xenkernel411/Makefile    Fri Aug 30 13:16:27 2019 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.7 2019/07/15 16:24:18 nia Exp $
+# $NetBSD: Makefile,v 1.8 2019/08/30 13:16:27 bouyer Exp $
 
-VERSION=       4.11.1
-PKGREVISION=   3
+VERSION=       4.11.2
+#PKGREVISION=  0
 DISTNAME=      xen-${VERSION}
 PKGNAME=       xenkernel411-${VERSION}
 CATEGORIES=    sysutils
diff -r eb5abecd924f -r ed2e7d4bc1ce sysutils/xenkernel411/distinfo
--- a/sysutils/xenkernel411/distinfo    Fri Aug 30 13:00:56 2019 +0000
+++ b/sysutils/xenkernel411/distinfo    Fri Aug 30 13:16:27 2019 +0000
@@ -1,21 +1,10 @@
-$NetBSD: distinfo,v 1.4 2019/03/25 15:28:13 bouyer Exp $
+$NetBSD: distinfo,v 1.5 2019/08/30 13:16:27 bouyer Exp $
 
-SHA1 (xen411/xen-4.11.1.tar.gz) = aeb45f3b05aaa73dd2ef3a0c533a975495b58c17
-RMD160 (xen411/xen-4.11.1.tar.gz) = c0eaf57cfbd4f762e8367bcf88e99912d2089084
-SHA512 (xen411/xen-4.11.1.tar.gz) = c1655c5decdaed95a2b9a99652318cfc72f6cfdae957cfe60d635f7787e8850f33e8fafc4c4b8d61fb579c9b9d93028a6382903e71808a0418b931e76d72a649
-Size (xen411/xen-4.11.1.tar.gz) = 25152217 bytes
+SHA1 (xen411/xen-4.11.2.tar.gz) = 82766db0eca7ce65962732af8a31bb5cce1eb7ce
+RMD160 (xen411/xen-4.11.2.tar.gz) = 6dcb1ac3e72381474912607b30b59fa55d87d38b
+SHA512 (xen411/xen-4.11.2.tar.gz) = 48d3d926d35eb56c79c06d0abc6e6be2564fadb43367cc7f46881c669a75016707672179c2cca1c4cfb14af2cefd46e2e7f99470cddf7df2886d8435a2de814e
+Size (xen411/xen-4.11.2.tar.gz) = 25164925 bytes
 SHA1 (patch-Config.mk) = 9372a09efd05c9fbdbc06f8121e411fcb7c7ba65
-SHA1 (patch-XSA284) = dfab3d5f51cef2ac2e201988e2c8ffbe6066ad89
-SHA1 (patch-XSA285) = 99b2864579d7a09b2d3c911f2d4f4bae23f9e42e
-SHA1 (patch-XSA287) = 834156c50c47d683e64793a5e6874a21b2999b94
-SHA1 (patch-XSA288) = 8551dc11ecb1a3912b5708b0db65533038f60390
-SHA1 (patch-XSA290-1) = 21bcc513e9ff1aa10fa62fcf1aca1e5f3558622c
-SHA1 (patch-XSA290-2) = be394879eeb98917690d284c10e04ee432e83df3
-SHA1 (patch-XSA291) = 00b2949e1d2567e5d9bf823bdd69c31be2300800
-SHA1 (patch-XSA292) = a887098d4b38567d0c8ab3170c15a08b47cbe835
-SHA1 (patch-XSA293-1) = 7e46dab8b44cc1b129e5717502e26094f96e67b9
-SHA1 (patch-XSA293-2) = 02eeb9533fa22ee99699319cc0194045fa26fef5
-SHA1 (patch-XSA294) = 8f7dd8ba100c3b93cb6f48c72b403a3cf43c09e7
 SHA1 (patch-xen_Makefile) = 465388d80de414ca3bb84faefa0f52d817e423a6
 SHA1 (patch-xen_Rules.mk) = c743dc63f51fc280d529a7d9e08650292c171dac
 SHA1 (patch-xen_arch_x86_Rules.mk) = 0bedfc53a128a87b6a249ae04fbdf6a053bfb70b
diff -r eb5abecd924f -r ed2e7d4bc1ce sysutils/xenkernel411/patches/patch-XSA284
--- a/sysutils/xenkernel411/patches/patch-XSA284        Fri Aug 30 13:00:56 2019 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,33 +0,0 @@
-$NetBSD: patch-XSA284,v 1.1 2019/03/07 11:13:26 bouyer Exp $
-
-From: Jan Beulich <jbeulich%suse.com@localhost>
-Subject: gnttab: set page refcount for copy-on-grant-transfer
-
-Commit 5cc77f9098 ("32-on-64: Fix domain address-size clamping,
-implement"), which introduced this functionality, took care of clearing
-the old page's PGC_allocated, but failed to set the bit (and install the
-associated reference) on the newly allocated one. Furthermore the "mfn"
-local variable was never updated, and hence the wrong MFN was passed to
-guest_physmap_add_page() (and back to the destination domain) in this
-case, leading to an IOMMU mapping into an unowned page.
-
-Ideally the code would use assign_pages(), but the call to
-gnttab_prepare_for_transfer() sits in the middle of the actions
-mirroring that function.
-
-This is XSA-284.
-
-Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
-Acked-by: George Dunlap <george.dunlap%citrix.com@localhost>
-
---- xen/common/grant_table.c.orig
-+++ xen/common/grant_table.c
-@@ -2183,6 +2183,8 @@ gnttab_transfer(
-             page->count_info &= ~(PGC_count_mask|PGC_allocated);
-             free_domheap_page(page);
-             page = new_page;
-+            page->count_info = PGC_allocated | 1;
-+            mfn = page_to_mfn(page);
-         }
- 
-         spin_lock(&e->page_alloc_lock);
diff -r eb5abecd924f -r ed2e7d4bc1ce sysutils/xenkernel411/patches/patch-XSA285
--- a/sysutils/xenkernel411/patches/patch-XSA285        Fri Aug 30 13:00:56 2019 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,45 +0,0 @@
-$NetBSD: patch-XSA285,v 1.1 2019/03/07 11:13:26 bouyer Exp $
-
-From: Jan Beulich <jbeulich%suse.com@localhost>
-Subject: IOMMU/x86: fix type ref-counting race upon IOMMU page table construction
-
-When arch_iommu_populate_page_table() gets invoked for an already
-running guest, simply looking at page types once isn't enough, as they
-may change at any time. Add logic to re-check the type after having
-mapped the page, unmapping it again if needed.
-
-This is XSA-285.
-
-Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
-Tentatively-Acked-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-
---- xen/drivers/passthrough/x86/iommu.c.orig
-+++ xen/drivers/passthrough/x86/iommu.c
-@@ -68,6 +68,27 @@ int arch_iommu_populate_page_table(struct domain *d)
-                 rc = hd->platform_ops->map_page(d, gfn, mfn,
-                                                 IOMMUF_readable |
-                                                 IOMMUF_writable);
-+
-+                /*
-+                 * We may be working behind the back of a running guest, which
-+                 * may change the type of a page at any time.  We can't prevent
-+                 * this (for instance, by bumping the type count while mapping
-+                 * the page) without causing legitimate guest type-change
-+                 * operations to fail.  So after adding the page to the IOMMU,
-+                 * check again to make sure this is still valid.  NB that the
-+                 * writable entry in the iommu is harmless until later, when
-+                 * the actual device gets assigned.
-+                 */
-+                if ( !rc && !is_hvm_domain(d) &&
-+                     ((page->u.inuse.type_info & PGT_type_mask) !=
-+                      PGT_writable_page) )
-+                {
-+                    rc = hd->platform_ops->unmap_page(d, gfn);
-+                    /* If the type changed yet again, simply force a retry. */
-+                    if ( !rc && ((page->u.inuse.type_info & PGT_type_mask) ==
-+                                 PGT_writable_page) )
-+                        rc = -ERESTART;
-+                }
-             }
-             if ( rc )
-             {
diff -r eb5abecd924f -r ed2e7d4bc1ce sysutils/xenkernel411/patches/patch-XSA287
--- a/sysutils/xenkernel411/patches/patch-XSA287        Fri Aug 30 13:00:56 2019 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,330 +0,0 @@
-$NetBSD: patch-XSA287,v 1.1 2019/03/07 11:13:26 bouyer Exp $
-
-From 67620c1ccb13f7b58645f48248ba1f408b021fdc Mon Sep 17 00:00:00 2001
-From: George Dunlap <george.dunlap%citrix.com@localhost>
-Date: Fri, 18 Jan 2019 15:00:34 +0000
-Subject: [PATCH] steal_page: Get rid of bogus struct page states
-
-The original rules for `struct page` required the following invariants
-at all times:
-
-- refcount > 0 implies owner != NULL
-- PGC_allocated implies refcount > 0
-
-steal_page, in a misguided attempt to protect against unknown races,
-violates both of these rules, thus introducing other races:
-
-- Temporarily, the count_info has the refcount go to 0 while
-  PGC_allocated is set
-
-- It explicitly returns the page PGC_allocated set, but owner == NULL
-  and page not on the page_list.
-
-The second one meant that page_get_owner_and_reference() could return
-NULL even after having successfully grabbed a reference on the page,
-leading the caller to leak the reference (since "couldn't get ref" and
-"got ref but no owner" look the same).
-
-Furthermore, rather than grabbing a page reference to ensure that the
-owner doesn't change under its feet, it appears to rely on holding
-d->page_alloc lock to prevent this.
-
-Unfortunately, this is ineffective: page->owner remains non-NULL for
-some time after the count has been set to 0; meaning that it would be
-entirely possible for the page to be freed and re-allocated to a
-different domain between the page_get_owner() check and the count_info
-check.
-
-Modify steal_page to instead follow the appropriate access discipline,
-taking the page through series of states similar to being freed and
-then re-allocated with MEMF_no_owner:
-
-- Grab an extra reference to make sure we don't race with anyone else
-  freeing the page
-
-- Drop both references and PGC_allocated atomically, so that (if
-successful), anyone else trying to grab a reference will fail
-
-- Attempt to reset Xen's mappings
-
-- Reset the rest of the state.
-
-Then, modify the two callers appropriately:
-
-- Leave count_info alone (it's already been cleared)
-- Call free_domheap_page() directly if appropriate
-- Call assign_pages() rather than open-coding a partial assign
-
-With all callers to assign_pages() now passing in pages with the
-type_info field clear, tighten the respective assertion there.
-
-This is XSA-287.
-
-Signed-off-by: George Dunlap <george.dunlap%citrix.com@localhost>
-Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
----
- xen/arch/x86/mm.c        | 84 ++++++++++++++++++++++++++++------------
- xen/common/grant_table.c | 20 +++++-----
- xen/common/memory.c      | 19 +++++----
- xen/common/page_alloc.c  |  2 +-
- 4 files changed, 83 insertions(+), 42 deletions(-)
-
-diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
-index 6509035a5c..d8ff58c901 100644
---- xen/arch/x86/mm.c.orig
-+++ xen/arch/x86/mm.c
-@@ -3966,70 +3966,106 @@ int donate_page(
-     return -EINVAL;
- }
- 
-+/*
-+ * Steal page will attempt to remove `page` from domain `d`.  Upon
-+ * return, `page` will be in a state similar to the state of a page
-+ * returned from alloc_domheap_page() with MEMF_no_owner set:
-+ * - refcount 0
-+ * - type count cleared
-+ * - owner NULL
-+ * - page caching attributes cleaned up
-+ * - removed from the domain's page_list
-+ *
-+ * If MEMF_no_refcount is not set, the domain's tot_pages will be
-+ * adjusted.  If this results in the page count falling to 0,
-+ * put_domain() will be called.
-+ *
-+ * The caller should either call free_domheap_page() to free the
-+ * page, or assign_pages() to put it back on some domain's page list.
-+ */
- int steal_page(
-     struct domain *d, struct page_info *page, unsigned int memflags)
- {
-     unsigned long x, y;
-     bool drop_dom_ref = false;
--    const struct domain *owner = dom_xen;
-+    const struct domain *owner;
-+    int rc;
- 
-     if ( paging_mode_external(d) )
-         return -EOPNOTSUPP;
- 
--    spin_lock(&d->page_alloc_lock);
--
--    if ( is_xen_heap_page(page) || ((owner = page_get_owner(page)) != d) )
-+    /* Grab a reference to make sure the page doesn't change under our feet */
-+    rc = -EINVAL;
-+    if ( !(owner = page_get_owner_and_reference(page)) )
-         goto fail;
- 
-+    if ( owner != d || is_xen_heap_page(page) )
-+        goto fail_put;
-+
-     /*
--     * We require there is just one reference (PGC_allocated). We temporarily
--     * drop this reference now so that we can safely swizzle the owner.
-+     * We require there are exactly two references -- the one we just
-+     * took, and PGC_allocated. We temporarily drop both these
-+     * references so that the page becomes effectively non-"live" for
-+     * the domain.
-      */
-     y = page->count_info;
-     do {
-         x = y;
--        if ( (x & (PGC_count_mask|PGC_allocated)) != (1 | PGC_allocated) )
--            goto fail;
--        y = cmpxchg(&page->count_info, x, x & ~PGC_count_mask);
-+        if ( (x & (PGC_count_mask|PGC_allocated)) != (2 | PGC_allocated) )
-+            goto fail_put;
-+        y = cmpxchg(&page->count_info, x, x & ~(PGC_count_mask|PGC_allocated));
-     } while ( y != x );
- 
-     /*
--     * With the sole reference dropped temporarily, no-one can update type
--     * information. Type count also needs to be zero in this case, but e.g.
--     * PGT_seg_desc_page may still have PGT_validated set, which we need to
--     * clear before transferring ownership (as validation criteria vary
--     * depending on domain type).
-+     * NB this is safe even if the page ends up being given back to
-+     * the domain, because the count is zero: subsequent mappings will
-+     * cause the cache attributes to be re-instated inside
-+     * get_page_from_l1e().
-+     */
-+    if ( (rc = cleanup_page_cacheattr(page)) )
-+    {
-+        /*
-+         * Couldn't fixup Xen's mappings; put things the way we found
-+         * it and return an error
-+         */
-+        page->count_info |= PGC_allocated | 1;
-+        goto fail;
-+    }
-+
-+    /*
-+     * With the reference count now zero, nobody can grab references
-+     * to do anything else with the page.  Return the page to a state
-+     * that it might be upon return from alloc_domheap_pages with
-+     * MEMF_no_owner set.
-      */
-+    spin_lock(&d->page_alloc_lock);



Home | Main Index | Thread Index | Old Index