Date: Sun, 28 Feb 2016 00:31:01 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r409707 - in branches/2016Q1: emulators/xen emulators/xen-kernel emulators/xen-kernel/files sysutils/xen-tools sysutils/xen-tools/files Message-ID: <201602280031.u1S0V1YI099861@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Sun Feb 28 00:31:01 2016 New Revision: 409707 URL: https://svnweb.freebsd.org/changeset/ports/409707 Log: MFH: r409604 xen: update port and apply security fixes * Apply the following Xen security fixes (XSAs): 167, 168, 170. * Update SeaBIOS version to 1.8.2, and apply build fix so it builds with ELF toolchain objcopy [0]. * Perform the backport of two functional changes to the Xen kernel in order to improve PVH Dom0 hardware support [1]. Security: CVE-2016-1570 Security: CVE-2016-1571 Security: CVE-2016-2271 Security: https://vuxml.FreeBSD.org/freebsd/7ed7c36f-ddaf-11e5-b2bd-002590263bf5.html Security: https://vuxml.FreeBSD.org/freebsd/80adc394-ddaf-11e5-b2bd-002590263bf5.html Security: https://vuxml.FreeBSD.org/freebsd/81f9d6a4-ddaf-11e5-b2bd-002590263bf5.html Sponsored by: Citrix Systems R&D Requested by: Gustau P?rez <gperez@entel.upc.edu> [1] PR: 207170 [0] Approved by: bapt Approved by: ports-secteam (with hat) Differential revision: https://reviews.freebsd.org/D5420 Added: branches/2016Q1/emulators/xen-kernel/files/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch - copied unchanged from r409604, head/emulators/xen-kernel/files/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch branches/2016Q1/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch - copied unchanged from r409604, head/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch branches/2016Q1/emulators/xen-kernel/files/xsa167-4.6.patch - copied unchanged from r409604, head/emulators/xen-kernel/files/xsa167-4.6.patch branches/2016Q1/emulators/xen-kernel/files/xsa168.patch - copied unchanged from r409604, head/emulators/xen-kernel/files/xsa168.patch branches/2016Q1/emulators/xen-kernel/files/xsa170-4.5.patch - copied unchanged from r409604, head/emulators/xen-kernel/files/xsa170-4.5.patch branches/2016Q1/sysutils/xen-tools/files/0001-build-fix-.text-section-address-alignment.patch - copied unchanged from r409604, head/sysutils/xen-tools/files/0001-build-fix-.text-section-address-alignment.patch Modified: branches/2016Q1/emulators/xen-kernel/Makefile branches/2016Q1/emulators/xen/Makefile branches/2016Q1/sysutils/xen-tools/Makefile branches/2016Q1/sysutils/xen-tools/distinfo branches/2016Q1/sysutils/xen-tools/files/patch-tools_firmware_seabios-dir_scripts_buildversion.sh Directory Properties: branches/2016Q1/ (props changed) Modified: branches/2016Q1/emulators/xen-kernel/Makefile ============================================================================== --- branches/2016Q1/emulators/xen-kernel/Makefile Sun Feb 28 00:29:10 2016 (r409706) +++ branches/2016Q1/emulators/xen-kernel/Makefile Sun Feb 28 00:31:01 2016 (r409707) @@ -3,7 +3,7 @@ PORTNAME= xen PKGNAMESUFFIX= -kernel PORTVERSION= 4.5.2 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= emulators MASTER_SITES= http://bits.xensource.com/oss-xen/release/${PORTVERSION}/ @@ -31,10 +31,15 @@ EXTRA_PATCHES= ${FILESDIR}/0001-introduc ${FILESDIR}/0005-x86-rework-paging_log_dirty_op-to-work-with-hvm-gues.patch:-p2 \ ${FILESDIR}/0006-xen-pvh-enable-mmu_update-hypercall.patch:-p2 \ ${FILESDIR}/0007-iommu-fix-usage-of-shared-EPT-IOMMU-page-tables-on-P.patch:-p2 \ + ${FILESDIR}/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch:-p2 \ + ${FILESDIR}/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch:-p2 \ ${FILESDIR}/xsa156-4.5.patch:-p2 \ ${FILESDIR}/xsa159.patch:-p2 \ ${FILESDIR}/xsa165-4.5.patch:-p2 \ - ${FILESDIR}/xsa166-4.5.patch:-p2 + ${FILESDIR}/xsa166-4.5.patch:-p2 \ + ${FILESDIR}/xsa167-4.6.patch:-p2 \ + ${FILESDIR}/xsa168.patch:-p2 \ + ${FILESDIR}/xsa170-4.5.patch:-p2 .include <bsd.port.options.mk> Copied: branches/2016Q1/emulators/xen-kernel/files/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch (from r409604, head/emulators/xen-kernel/files/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q1/emulators/xen-kernel/files/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch Sun Feb 28 00:31:01 2016 (r409707, copy of r409604, head/emulators/xen-kernel/files/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch) @@ -0,0 +1,197 @@ +From 8ddb99287cd18da99a95a9f70904a97b52893599 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> +Date: Wed, 20 May 2015 13:26:43 +0200 +Subject: [PATCH 1/2] x86/pvh: use a custom IO bitmap for PVH hardware domains +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since a PVH hardware domain has access to the physical hardware create a +custom more permissive IO bitmap. The permissions set on the bitmap are +populated based on the contents of the ioports rangeset. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +--- + xen/arch/x86/hvm/hvm.c | 24 ++++++++++++++++++++++-- + xen/arch/x86/hvm/svm/vmcb.c | 2 +- + xen/arch/x86/hvm/vmx/vmcs.c | 4 ++-- + xen/arch/x86/setup.c | 28 ++++++++++++++++++++++++++++ + xen/common/domain.c | 3 +++ + xen/include/asm-x86/hvm/domain.h | 2 ++ + xen/include/asm-x86/setup.h | 1 + + 7 files changed, 59 insertions(+), 5 deletions(-) + +diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c +index 689e402..89423fa 100644 +--- a/xen/arch/x86/hvm/hvm.c ++++ b/xen/arch/x86/hvm/hvm.c +@@ -77,9 +77,13 @@ integer_param("hvm_debug", opt_hvm_debug_level); + + struct hvm_function_table hvm_funcs __read_mostly; + +-/* I/O permission bitmap is globally shared by all HVM guests. */ ++/* ++ * The I/O permission bitmap is globally shared by all HVM guests except ++ * the hardware domain which needs a more permissive one. ++ */ ++#define HVM_IOBITMAP_SIZE (3 * PAGE_SIZE) + unsigned long __attribute__ ((__section__ (".bss.page_aligned"))) +- hvm_io_bitmap[3*PAGE_SIZE/BYTES_PER_LONG]; ++ hvm_io_bitmap[HVM_IOBITMAP_SIZE / BYTES_PER_LONG]; + + /* Xen command-line option to enable HAP */ + static bool_t __initdata opt_hap_enabled = 1; +@@ -1461,6 +1465,20 @@ int hvm_domain_initialise(struct domain *d) + goto fail1; + d->arch.hvm_domain.io_handler->num_slot = 0; + ++ /* Set the default IO Bitmap. */ ++ if ( is_hardware_domain(d) ) ++ { ++ d->arch.hvm_domain.io_bitmap = _xmalloc(HVM_IOBITMAP_SIZE, PAGE_SIZE); ++ if ( d->arch.hvm_domain.io_bitmap == NULL ) ++ { ++ rc = -ENOMEM; ++ goto fail1; ++ } ++ memset(d->arch.hvm_domain.io_bitmap, ~0, HVM_IOBITMAP_SIZE); ++ } ++ else ++ d->arch.hvm_domain.io_bitmap = hvm_io_bitmap; ++ + if ( is_pvh_domain(d) ) + { + register_portio_handler(d, 0, 0x10003, handle_pvh_io); +@@ -1496,6 +1514,8 @@ int hvm_domain_initialise(struct domain *d) + stdvga_deinit(d); + vioapic_deinit(d); + fail1: ++ if ( is_hardware_domain(d) ) ++ xfree(d->arch.hvm_domain.io_bitmap); + xfree(d->arch.hvm_domain.io_handler); + xfree(d->arch.hvm_domain.params); + fail0: +diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c +index 21292bb..6339d2a 100644 +--- a/xen/arch/x86/hvm/svm/vmcb.c ++++ b/xen/arch/x86/hvm/svm/vmcb.c +@@ -118,7 +118,7 @@ static int construct_vmcb(struct vcpu *v) + svm_disable_intercept_for_msr(v, MSR_AMD64_LWP_CBADDR); + + vmcb->_msrpm_base_pa = (u64)virt_to_maddr(arch_svm->msrpm); +- vmcb->_iopm_base_pa = (u64)virt_to_maddr(hvm_io_bitmap); ++ vmcb->_iopm_base_pa = __pa(v->domain->arch.hvm_domain.io_bitmap); + + /* Virtualise EFLAGS.IF and LAPIC TPR (CR8). */ + vmcb->_vintr.fields.intr_masking = 1; +diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c +index 3123706..355d1b5 100644 +--- a/xen/arch/x86/hvm/vmx/vmcs.c ++++ b/xen/arch/x86/hvm/vmx/vmcs.c +@@ -1032,8 +1032,8 @@ static int construct_vmcs(struct vcpu *v) + } + + /* I/O access bitmap. */ +- __vmwrite(IO_BITMAP_A, virt_to_maddr((char *)hvm_io_bitmap + 0)); +- __vmwrite(IO_BITMAP_B, virt_to_maddr((char *)hvm_io_bitmap + PAGE_SIZE)); ++ __vmwrite(IO_BITMAP_A, __pa(d->arch.hvm_domain.io_bitmap)); ++ __vmwrite(IO_BITMAP_B, __pa(d->arch.hvm_domain.io_bitmap) + PAGE_SIZE); + + if ( cpu_has_vmx_virtual_intr_delivery ) + { +diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c +index 2b9787a..cd333f9 100644 +--- a/xen/arch/x86/setup.c ++++ b/xen/arch/x86/setup.c +@@ -1446,6 +1446,8 @@ void __init noreturn __start_xen(unsigned long mbi_p) + + dmi_end_boot(); + ++ setup_io_bitmap(dom0); ++ + system_state = SYS_STATE_active; + + domain_unpause_by_systemcontroller(dom0); +@@ -1509,6 +1511,32 @@ int __hwdom_init xen_in_range(unsigned long mfn) + return 0; + } + ++static int __hwdom_init io_bitmap_cb(unsigned long s, unsigned long e, ++ void *ctx) ++{ ++ struct domain *d = ctx; ++ unsigned int i; ++ ++ ASSERT(e <= INT_MAX); ++ for ( i = s; i <= e; i++ ) ++ __clear_bit(i, d->arch.hvm_domain.io_bitmap); ++ ++ return 0; ++} ++ ++void __hwdom_init setup_io_bitmap(struct domain *d) ++{ ++ int rc; ++ ++ if ( has_hvm_container_domain(d) ) ++ { ++ bitmap_fill(d->arch.hvm_domain.io_bitmap, 0x10000); ++ rc = rangeset_report_ranges(d->arch.ioport_caps, 0, 0x10000, ++ io_bitmap_cb, d); ++ BUG_ON(rc); ++ } ++} ++ + /* + * Local variables: + * mode: C +diff --git a/xen/common/domain.c b/xen/common/domain.c +index 6803c4d..b0e83f5 100644 +--- a/xen/common/domain.c ++++ b/xen/common/domain.c +@@ -42,6 +42,7 @@ + #include <xsm/xsm.h> + #include <xen/trace.h> + #include <xen/tmem.h> ++#include <asm/setup.h> + + /* Linux config option: propageted to domain0 */ + /* xen_processor_pmbits: xen control Cx, Px, ... */ +@@ -219,6 +220,8 @@ static int late_hwdom_init(struct domain *d) + rangeset_swap(d->iomem_caps, dom0->iomem_caps); + #ifdef CONFIG_X86 + rangeset_swap(d->arch.ioport_caps, dom0->arch.ioport_caps); ++ setup_io_bitmap(d); ++ setup_io_bitmap(dom0); + #endif + + rcu_unlock_domain(dom0); +diff --git a/xen/include/asm-x86/hvm/domain.h b/xen/include/asm-x86/hvm/domain.h +index 0f8b19a..bdab45d 100644 +--- a/xen/include/asm-x86/hvm/domain.h ++++ b/xen/include/asm-x86/hvm/domain.h +@@ -141,6 +141,8 @@ struct hvm_domain { + */ + uint64_t sync_tsc; + ++ unsigned long *io_bitmap; ++ + union { + struct vmx_domain vmx; + struct svm_domain svm; +diff --git a/xen/include/asm-x86/setup.h b/xen/include/asm-x86/setup.h +index 08bc23a..381d9f8 100644 +--- a/xen/include/asm-x86/setup.h ++++ b/xen/include/asm-x86/setup.h +@@ -32,6 +32,7 @@ int construct_dom0( + module_t *initrd, + void *(*bootstrap_map)(const module_t *), + char *cmdline); ++void setup_io_bitmap(struct domain *d); + + unsigned long initial_images_nrpages(nodeid_t node); + void discard_initial_images(void); +-- +2.5.4 (Apple Git-61) + Copied: branches/2016Q1/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch (from r409604, head/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q1/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch Sun Feb 28 00:31:01 2016 (r409707, copy of r409604, head/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch) @@ -0,0 +1,52 @@ +From 72d5acdc1d5b83107066e25054f9119e7771cf70 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> +Date: Wed, 20 May 2015 13:27:23 +0200 +Subject: [PATCH 2/2] x86/pvh: trap access to sensitive IO ports +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This is needed so Xen can properly trap 4 byte accesses to 0xcf8 in order to +keep consistency with accesses to 0xcfc. + +The access to RTC ports also needs to be trapped in order to keep +consistency, this includes RTC_PORT(0) and RTC_PORT(1) (0x70 and 0x71 +respectively). + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +--- + xen/arch/x86/setup.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c +index cd333f9..2cc9185 100644 +--- a/xen/arch/x86/setup.c ++++ b/xen/arch/x86/setup.c +@@ -49,6 +49,7 @@ + #include <xen/cpu.h> + #include <asm/nmi.h> + #include <asm/alternative.h> ++#include <asm/mc146818rtc.h> + + /* opt_nosmp: If true, secondary processors are ignored. */ + static bool_t __initdata opt_nosmp; +@@ -1534,6 +1535,16 @@ void __hwdom_init setup_io_bitmap(struct domain *d) + rc = rangeset_report_ranges(d->arch.ioport_caps, 0, 0x10000, + io_bitmap_cb, d); + BUG_ON(rc); ++ /* ++ * NB: we need to trap accesses to 0xcf8 in order to intercept ++ * 4 byte accesses, that need to be handled by Xen in order to ++ * keep consistency. ++ * Access to 1 byte RTC ports also needs to be trapped in order ++ * to keep consistency with PV. ++ */ ++ __set_bit(0xcf8, d->arch.hvm_domain.io_bitmap); ++ __set_bit(RTC_PORT(0), d->arch.hvm_domain.io_bitmap); ++ __set_bit(RTC_PORT(1), d->arch.hvm_domain.io_bitmap); + } + } + +-- +2.5.4 (Apple Git-61) + Copied: branches/2016Q1/emulators/xen-kernel/files/xsa167-4.6.patch (from r409604, head/emulators/xen-kernel/files/xsa167-4.6.patch) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q1/emulators/xen-kernel/files/xsa167-4.6.patch Sun Feb 28 00:31:01 2016 (r409707, copy of r409604, head/emulators/xen-kernel/files/xsa167-4.6.patch) @@ -0,0 +1,77 @@ +x86/mm: PV superpage handling lacks sanity checks + +MMUEXT_{,UN}MARK_SUPER fail to check the input MFN for validity before +dereferencing pointers into the superpage frame table. + +get_superpage() has a similar issue. + +This is XSA-167. + +Reported-by: Qinghao Tang <luodalongde@gmail.com> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Ian Campbell <ian.campbell@citrix.com> + +--- a/xen/arch/x86/mm.c ++++ b/xen/arch/x86/mm.c +@@ -2624,6 +2624,9 @@ int get_superpage(unsigned long mfn, str + + ASSERT(opt_allow_superpage); + ++ if ( !mfn_valid(mfn | (L1_PAGETABLE_ENTRIES - 1)) ) ++ return -EINVAL; ++ + spage = mfn_to_spage(mfn); + y = spage->type_info; + do { +@@ -3401,42 +3404,26 @@ long do_mmuext_op( + } + + case MMUEXT_MARK_SUPER: ++ case MMUEXT_UNMARK_SUPER: + { + unsigned long mfn = op.arg1.mfn; + +- if ( unlikely(d != pg_owner) ) +- rc = -EPERM; +- else if ( mfn & (L1_PAGETABLE_ENTRIES-1) ) +- { +- MEM_LOG("Unaligned superpage reference mfn %lx", mfn); +- okay = 0; +- } +- else if ( !opt_allow_superpage ) ++ if ( !opt_allow_superpage ) + { + MEM_LOG("Superpages disallowed"); + rc = -ENOSYS; + } +- else +- rc = mark_superpage(mfn_to_spage(mfn), d); +- break; +- } +- +- case MMUEXT_UNMARK_SUPER: +- { +- unsigned long mfn = op.arg1.mfn; +- +- if ( unlikely(d != pg_owner) ) ++ else if ( unlikely(d != pg_owner) ) + rc = -EPERM; +- else if ( mfn & (L1_PAGETABLE_ENTRIES-1) ) ++ else if ( mfn & (L1_PAGETABLE_ENTRIES - 1) ) + { + MEM_LOG("Unaligned superpage reference mfn %lx", mfn); +- okay = 0; +- } +- else if ( !opt_allow_superpage ) +- { +- MEM_LOG("Superpages disallowed"); +- rc = -ENOSYS; ++ rc = -EINVAL; + } ++ else if ( !mfn_valid(mfn | (L1_PAGETABLE_ENTRIES - 1)) ) ++ rc = -EINVAL; ++ else if ( op.cmd == MMUEXT_MARK_SUPER ) ++ rc = mark_superpage(mfn_to_spage(mfn), d); + else + rc = unmark_superpage(mfn_to_spage(mfn)); + break; Copied: branches/2016Q1/emulators/xen-kernel/files/xsa168.patch (from r409604, head/emulators/xen-kernel/files/xsa168.patch) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q1/emulators/xen-kernel/files/xsa168.patch Sun Feb 28 00:31:01 2016 (r409707, copy of r409604, head/emulators/xen-kernel/files/xsa168.patch) @@ -0,0 +1,27 @@ +x86/VMX: prevent INVVPID failure due to non-canonical guest address + +While INVLPG (and on SVM INVLPGA) don't fault on non-canonical +addresses, INVVPID fails (in the "individual address" case) when passed +such an address. + +Since such intercepted INVLPG are effectively no-ops anyway, don't fix +this in vmx_invlpg_intercept(), but instead have paging_invlpg() never +return true in such a case. + +This is XSA-168. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> +Acked-by: Ian Campbell <ian.campbell@citrix.com> + +--- a/xen/include/asm-x86/paging.h ++++ b/xen/include/asm-x86/paging.h +@@ -245,7 +245,7 @@ paging_fault(unsigned long va, struct cp + * or 0 if it's safe not to do so. */ + static inline int paging_invlpg(struct vcpu *v, unsigned long va) + { +- return paging_get_hostmode(v)->invlpg(v, va); ++ return is_canonical_address(va) && paging_get_hostmode(v)->invlpg(v, va); + } + + /* Translate a guest virtual address to the frame number that the Copied: branches/2016Q1/emulators/xen-kernel/files/xsa170-4.5.patch (from r409604, head/emulators/xen-kernel/files/xsa170-4.5.patch) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q1/emulators/xen-kernel/files/xsa170-4.5.patch Sun Feb 28 00:31:01 2016 (r409707, copy of r409604, head/emulators/xen-kernel/files/xsa170-4.5.patch) @@ -0,0 +1,79 @@ +x86/VMX: sanitize rIP before re-entering guest + +... to prevent guest user mode arranging for a guest crash (due to +failed VM entry). (On the AMD system I checked, hardware is doing +exactly the canonicalization being added here.) + +Note that fixing this in an architecturally correct way would be quite +a bit more involved: Making the x86 instruction emulator check all +branch targets for validity, plus dealing with invalid rIP resulting +from update_guest_eip() or incoming directly during a VM exit. The only +way to get the latter right would be by not having hardware do the +injection. + +Note further that there are a two early returns from +vmx_vmexit_handler(): One (through vmx_failed_vmentry()) leads to +domain_crash() anyway, and the other covers real mode only and can +neither occur with a non-canonical rIP nor result in an altered rIP, +so we don't need to force those paths through the checking logic. + +This is XSA-170. + +Reported-by: 刘令 <liuling-it@360.cn> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> +Tested-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/hvm/vmx/vmx.c ++++ b/xen/arch/x86/hvm/vmx/vmx.c +@@ -2675,7 +2675,7 @@ void vmx_handle_EOI_induced_exit(struct + void vmx_vmexit_handler(struct cpu_user_regs *regs) + { + unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0; +- unsigned int vector = 0; ++ unsigned int vector = 0, mode; + struct vcpu *v = current; + + __vmread(GUEST_RIP, ®s->rip); +@@ -3219,6 +3219,41 @@ void vmx_vmexit_handler(struct cpu_user_ + out: + if ( nestedhvm_vcpu_in_guestmode(v) ) + nvmx_idtv_handling(); ++ ++ /* ++ * VM entry will fail (causing the guest to get crashed) if rIP (and ++ * rFLAGS, but we don't have an issue there) doesn't meet certain ++ * criteria. As we must not allow less than fully privileged mode to have ++ * such an effect on the domain, we correct rIP in that case (accepting ++ * this not being architecturally correct behavior, as the injected #GP ++ * fault will then not see the correct [invalid] return address). ++ * And since we know the guest will crash, we crash it right away if it ++ * already is in most privileged mode. ++ */ ++ mode = vmx_guest_x86_mode(v); ++ if ( mode == 8 ? !is_canonical_address(regs->rip) ++ : regs->rip != regs->_eip ) ++ { ++ struct segment_register ss; ++ ++ gdprintk(XENLOG_WARNING, "Bad rIP %lx for mode %u\n", regs->rip, mode); ++ ++ vmx_get_segment_register(v, x86_seg_ss, &ss); ++ if ( ss.attr.fields.dpl ) ++ { ++ __vmread(VM_ENTRY_INTR_INFO, &intr_info); ++ if ( !(intr_info & INTR_INFO_VALID_MASK) ) ++ hvm_inject_hw_exception(TRAP_gp_fault, 0); ++ /* Need to fix rIP nevertheless. */ ++ if ( mode == 8 ) ++ regs->rip = (long)(regs->rip << (64 - VADDR_BITS)) >> ++ (64 - VADDR_BITS); ++ else ++ regs->rip = regs->_eip; ++ } ++ else ++ domain_crash(v->domain); ++ } + } + + void vmx_vmenter_helper(const struct cpu_user_regs *regs) Modified: branches/2016Q1/emulators/xen/Makefile ============================================================================== --- branches/2016Q1/emulators/xen/Makefile Sun Feb 28 00:29:10 2016 (r409706) +++ branches/2016Q1/emulators/xen/Makefile Sun Feb 28 00:31:01 2016 (r409707) @@ -2,7 +2,7 @@ PORTNAME= xen PORTVERSION= 4.5.2 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= emulators MAINTAINER= royger@FreeBSD.org Modified: branches/2016Q1/sysutils/xen-tools/Makefile ============================================================================== --- branches/2016Q1/sysutils/xen-tools/Makefile Sun Feb 28 00:29:10 2016 (r409706) +++ branches/2016Q1/sysutils/xen-tools/Makefile Sun Feb 28 00:31:01 2016 (r409707) @@ -2,7 +2,7 @@ PORTNAME= xen PORTVERSION= 4.5.2 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= sysutils emulators MASTER_SITES= http://bits.xensource.com/oss-xen/release/${PORTVERSION}/ \ http://code.coreboot.org/p/seabios/downloads/get/:seabios @@ -24,7 +24,7 @@ OPTIONS_DEFINE= DOCS ONLY_FOR_ARCHS= amd64 ONLY_FOR_ARCHS_REASON= "not yet ported to anything other than amd64" -SEABIOSVERSION= 1.8.1 +SEABIOSVERSION= 1.8.2 DISTFILES+= ${DISTNAME}.tar.gz \ seabios-${SEABIOSVERSION}.tar.gz:seabios @@ -49,6 +49,7 @@ QEMU_ARGS= --disable-gtk \ --cxx=c++ EXTRA_PATCHES= ${FILESDIR}/0002-libxc-fix-xc_dom_load_elf_symtab.patch:-p1 \ + ${FILESDIR}/0001-build-fix-.text-section-address-alignment.patch:-p1 \ ${FILESDIR}/xsa160-4.6.patch:-p1 CONFIGURE_ARGS+= --with-extra-qemuu-configure-args="${QEMU_ARGS}" @@ -77,9 +78,9 @@ post-patch: ${WRKSRC}/tools/qemu-xen-traditional/i386-dm/helper2.c \ ${WRKSRC}/docs/man/* @for p in ${FILESDIR}/*qemuu*.patch; do \ - ${ECHO_CMD} "====> Applying $${p##*/}" ; \ - ${PATCH} -s -p1 -i $${p} -d ${WRKSRC}/tools/qemu-xen ; \ - done + ${ECHO_CMD} "====> Applying $${p##*/}" ; \ + ${PATCH} -s -p1 -i $${p} -d ${WRKSRC}/tools/qemu-xen ; \ + done post-install: ${MKDIR} ${STAGEDIR}/var/run/xen Modified: branches/2016Q1/sysutils/xen-tools/distinfo ============================================================================== --- branches/2016Q1/sysutils/xen-tools/distinfo Sun Feb 28 00:29:10 2016 (r409706) +++ branches/2016Q1/sysutils/xen-tools/distinfo Sun Feb 28 00:31:01 2016 (r409707) @@ -1,4 +1,4 @@ SHA256 (xen-4.5.2.tar.gz) = 4c9e5dac4eea484974e9f76da2756c8e0973b4e884d28d37e955df9ebf00e7e8 SIZE (xen-4.5.2.tar.gz) = 18416220 -SHA256 (seabios-1.8.1.tar.gz) = 283bd848f5ce9d4bc52add973a856347e02c9ce89a9e6bc92c99359b87c9871d -SIZE (seabios-1.8.1.tar.gz) = 537712 +SHA256 (seabios-1.8.2.tar.gz) = f59479307fdae840de398b75aacb2333c8eba24a5964d68c77e32ca6c987ee61 +SIZE (seabios-1.8.2.tar.gz) = 538497 Copied: branches/2016Q1/sysutils/xen-tools/files/0001-build-fix-.text-section-address-alignment.patch (from r409604, head/sysutils/xen-tools/files/0001-build-fix-.text-section-address-alignment.patch) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q1/sysutils/xen-tools/files/0001-build-fix-.text-section-address-alignment.patch Sun Feb 28 00:31:01 2016 (r409707, copy of r409604, head/sysutils/xen-tools/files/0001-build-fix-.text-section-address-alignment.patch) @@ -0,0 +1,71 @@ +From 70a912f04dec2b556f37a60d1f596fcedb13f8a8 Mon Sep 17 00:00:00 2001 +From: Kevin O'Connor <kevin@koconnor.net> +Date: Wed, 24 Feb 2016 11:45:55 +0100 +Subject: [PATCH] build: fix .text section address alignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some linkers verify that sections have a start address that is aligned +with the minimum alignment of that section. Add extra padding to the +".text" section to ensure it is always aligned with the maximum +alignment of any section placed in ".text". + +Signed-off-by: Kevin O'Connor <kevin@koconnor.net> +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reported by: Ed Maste <emaste@FreeBSD.org> +--- + scripts/layoutrom.py | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/tools/firmware/seabios-dir/scripts/layoutrom.py b/tools/firmware/seabios-dir/scripts/layoutrom.py +index dd770fe..c7e406c 100755 +--- a/tools/firmware/seabios-dir/scripts/layoutrom.py ++++ b/tools/firmware/seabios-dir/scripts/layoutrom.py +@@ -34,18 +34,22 @@ COMMONTRAILER = """ + # Determine section locations + ###################################################################### + +-# Align 'pos' to 'alignbytes' offset ++# Align 'pos' up to 'alignbytes' offset + def alignpos(pos, alignbytes): + mask = alignbytes - 1 + return (pos + mask) & ~mask + ++# Align 'pos' down to 'alignbytes' offset ++def aligndown(pos, alignbytes): ++ mask = alignbytes - 1 ++ return pos & ~mask ++ + # Determine the final addresses for a list of sections that end at an + # address. + def setSectionsStart(sections, endaddr, minalign=1, segoffset=0): + totspace = 0 + for section in sections: +- if section.align > minalign: +- minalign = section.align ++ minalign = max(minalign, section.align) + totspace = alignpos(totspace, section.align) + section.size + startaddr = int((endaddr - totspace) / minalign) * minalign + curaddr = startaddr +@@ -267,7 +271,7 @@ def doLayout(sections, config, genreloc): + final_sec32low_end = BUILD_LOWRAM_END + zonelow_base = final_sec32low_end - 64*1024 + relocdelta = final_sec32low_end - sec32low_end +- li.sec32low_start, li.sec32low_align = setSectionsStart( ++ li.sec32low_start, sec32low_align = setSectionsStart( + sections32low, sec32low_end, 16 + , segoffset=zonelow_base - relocdelta) + li.sec32low_end = sec32low_end +@@ -399,6 +403,8 @@ def writeLinkerScripts(li, out16, out32seg, out32flat): + filesections32flat = getSectionsFileid(li.sections, '32flat') + out = outXRefs([], exportsyms=li.varlowsyms + , forcedelta=li.final_sec32low_start-li.sec32low_start) ++ sec32all_align = max([section.align for section in li.sections]) ++ sec32all_start = aligndown(sec32all_start, sec32all_align) + out += outXRefs(filesections32flat, exportsyms=[li.entrysym]) + """ + _reloc_min_align = 0x%x ; + zonefseg_start = 0x%x ; +-- +2.5.4 (Apple Git-61) + Modified: branches/2016Q1/sysutils/xen-tools/files/patch-tools_firmware_seabios-dir_scripts_buildversion.sh ============================================================================== --- branches/2016Q1/sysutils/xen-tools/files/patch-tools_firmware_seabios-dir_scripts_buildversion.sh Sun Feb 28 00:29:10 2016 (r409706) +++ branches/2016Q1/sysutils/xen-tools/files/patch-tools_firmware_seabios-dir_scripts_buildversion.sh Sun Feb 28 00:31:01 2016 (r409707) @@ -1,11 +1,11 @@ --- tools/firmware/seabios-dir/scripts/buildversion.sh.orig 2015-03-13 09:02:17 UTC +++ tools/firmware/seabios-dir/scripts/buildversion.sh -@@ -11,7 +11,7 @@ elif [ -f .version ]; then +@@ -12,7 +12,7 @@ if [ -z "$BUILD_VERSION" ]; then + else + VERSION="?" + fi +- VERSION="${VERSION}-`date +"%Y%m%d_%H%M%S"`-`hostname`" ++ VERSION="${VERSION}" else - VERSION="?" + VERSION="$BUILD_VERSION" fi --VERSION="${VERSION}-`date +"%Y%m%d_%H%M%S"`-`hostname`" -+VERSION="${VERSION}" - echo "Version: ${VERSION}" - - # Build header file
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201602280031.u1S0V1YI099861>