December 2018 - openSUSE Commits - openSUSE Mailing Lists

commit cifs-utils for openSUSE:Factory
by root 03 Dec '18

03 Dec '18

Hello community, here is the log from the commit of package cifs-utils for openSUSE:Factory checked in at 2018-12-03 10:05:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cifs-utils (Old) and /work/SRC/openSUSE:Factory/.cifs-utils.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "cifs-utils" Mon Dec 3 10:05:08 2018 rev:54 rq:652194 version:6.8 Changes: -------- --- /work/SRC/openSUSE:Factory/cifs-utils/cifs-utils.changes 2018-03-20 21:50:18.555396163 +0100 +++ /work/SRC/openSUSE:Factory/.cifs-utils.new.19453/cifs-utils.changes 2018-12-03 10:05:26.267982262 +0100 @@ -1,0 +2,24 @@ +Mon Sep 10 12:29:37 UTC 2018 - aaptel(a)suse.com + +- Update to cifs-utils 6.8. + + document more mount options + + man pages now generated from RST files + + add python-docutils build dependency + + update keyring to check tarball signature + + remove 0001-manpage-correct-typos-and-spelling-mistakes.patch + + remove 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch +- Add typo corrections, better doc and configure fixes from upstream + + add 0001-docs-cleanup-rst-formating.patch + + add 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch + + add 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch + + add 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch + + add 0005-mount.cifs.rst-document-missing-options-correct-wron.patch + + add 0006-cifs-utils-support-rst2man-3.patch + + add 0007-checkopts-report-duplicated-options-in-man-page.patch + + add 0008-mount.cifs.rst-more-cleanups.patch + + add 0009-mount.cifs.rst-document-vers-3-mount-option.patch + + add 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch +- Cleanup spec file + * assume SUSE vendor and SLE >= 11 + +------------------------------------------------------------------- @@ -4,0 +29,9 @@ + +------------------------------------------------------------------- +Sun Feb 18 08:21:58 UTC 2018 - avindra(a)opensuse.org + +- update to 6.7: + * mount.cifs cleanups +- includes 6.6: + * cleanup/overhaul of cifs.upcall krb5 credcache handling +- partial cleanup with spec-cleaner Old: ---- 0001-manpage-correct-typos-and-spelling-mistakes.patch 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch cifs-utils-6.5.tar.bz2 cifs-utils-6.5.tar.bz2.asc New: ---- 0001-docs-cleanup-rst-formating.patch 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch 0005-mount.cifs.rst-document-missing-options-correct-wron.patch 0006-cifs-utils-support-rst2man-3.patch 0007-checkopts-report-duplicated-options-in-man-page.patch 0008-mount.cifs.rst-more-cleanups.patch 0009-mount.cifs.rst-document-vers-3-mount-option.patch 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch cifs-utils-6.8.tar.bz2 cifs-utils-6.8.tar.bz2.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cifs-utils.spec ++++++ --- /var/tmp/diff_new_pack.yQzvm7/_old 2018-12-03 10:05:26.927981658 +0100 +++ /var/tmp/diff_new_pack.yQzvm7/_new 2018-12-03 10:05:26.931981654 +0100 @@ -17,27 +17,40 @@ Name: cifs-utils -Version: 6.5 +Version: 6.8 Release: 0 Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem License: GPL-3.0-or-later Group: System/Filesystems Url: http://www.samba.org/linux-cifs/cifs-utils/ +# origin git://git.samba.org/cifs-utils.git +# for-next https://github.com/piastry/cifs-utils.git Source: https://ftp.samba.org/pub/linux-cifs/%{name}/%{name}-%{version}.tar.bz2 Source5: https://ftp.samba.org/pub/linux-cifs/%{name}/%{name}-%{version}.tar.bz2.asc # http://ftp.samba.org/pub/linux-cifs/cifs-utils/cifs-utils-pubkey_70F3B981.a… Source6: cifs-utils.keyring Source100: README.cifstab.migration -%if "%{_vendor}" == "suse" -%define NET_CFGDIR network -%else -%define NET_CFGDIR network-scripts -%endif Source1: cifs.init -# fate#322075 -Patch0: 0001-manpage-correct-typos-and-spelling-mistakes.patch -Patch1: 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch +Patch0: 0001-docs-cleanup-rst-formating.patch +Patch1: 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch +Patch2: 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch +Patch3: 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch +Patch4: 0005-mount.cifs.rst-document-missing-options-correct-wron.patch +Patch5: 0006-cifs-utils-support-rst2man-3.patch +Patch6: 0007-checkopts-report-duplicated-options-in-man-page.patch +Patch7: 0008-mount.cifs.rst-more-cleanups.patch +Patch8: 0009-mount.cifs.rst-document-vers-3-mount-option.patch +Patch9: 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch + +# cifs-utils 6.8 switched to python for man page generation +# we need to require either py2 or py3 package +# some products do not have a py2/py3 versions +%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150000 +BuildRequires: python3-docutils +%else +BuildRequires: python-docutils +%endif %if 0%{?suse_version} >= 1221 %define systemd 1 @@ -45,19 +58,17 @@ %define systemd 0 %endif -%if 0%{?suse_version} && 0%{?suse_version} < 1221 +%if 0%{?suse_version} < 1221 PreReq: insserv %{?fillup_prereq} %endif %define initdir %{_sysconfdir}/init.d Provides: cifs-mount = %{version} Obsoletes: cifs-mount < %{version} -%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1140 +%if 0%{?suse_version} > 1140 BuildRequires: autoconf %endif BuildRequires: automake -%if 0%{?suse_version} > 1020 BuildRequires: keyutils-devel -%endif BuildRequires: krb5-devel %if 0%{?suse_version} > 1120 BuildRequires: libcap-ng-devel @@ -69,25 +80,14 @@ %if 0%{?suse_version} > 1110 BuildRequires: fdupes %endif -%if 0%{?mandriva_version} -BuildRequires: libkeyutils-devel -%endif -%if 0%{?centos_version} > 599 || 0%{?fedora_version} > 14 || 0%{?rhel_version} > 599 || 0%{?suse_version} > 1020 BuildRequires: libwbclient-devel -%endif BuildRequires: pam-devel -%if 0%{?suse_version} > 1020 BuildRequires: pkg-config -%else -BuildRequires: pkgconfig -%endif Requires: keyutils %if ! %{defined _rundir} %define _rundir %{_localstatedir}/run %endif -BuildRoot: %{_tmppath}/%{name}-%{version}-build - %description The cifs-utils package consist of utilities for doing and managing mounts of the Linux CIFS filesystem. @@ -120,79 +120,76 @@ cp -a ${RPM_SOURCE_DIR}/README.cifstab.migration . %patch0 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 %build -export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -fpie" +export CFLAGS="%{optflags} -D_GNU_SOURCE -fpie" export LDFLAGS="-pie" autoreconf -i -%{configure} \ +%configure \ --with-pamdir=/%{_lib}/security -%{__make} %{?_smp_mflags} +make %{?_smp_mflags} %install %if ! %{systemd} -mkdir -p \ - ${RPM_BUILD_ROOT}/%{_sysconfdir}/init.d +mkdir -p %{buildroot}/%{_sysconfdir}/init.d %endif -%{__make} install \ - DESTDIR=${RPM_BUILD_ROOT} -%if 0%{?centos_version} > 599 || 0%{?fedora_version} > 14 || 0%{?mandriva_version} > 201100 || 0%{?rhel_version} > 599 || 0%{?suse_version} > 1020 +%make_install mkdir -p %{buildroot}%{_sysconfdir}/%{name} ln -s %{_libdir}/%{name}/idmapwb.so %{buildroot}%{_sysconfdir}/%{name}/idmap-plugin -%endif mkdir -p %{buildroot}%{_sysconfdir}/request-key.d install -m 644 -p contrib/request-key.d/cifs.idmap.conf %{buildroot}%{_sysconfdir}/request-key.d install -m 644 -p contrib/request-key.d/cifs.spnego.conf %{buildroot}%{_sysconfdir}/request-key.d -%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1221 +%if 0%{?suse_version} > 1221 mkdir -p \ - ${RPM_BUILD_ROOT}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d \ - ${RPM_BUILD_ROOT}/%{_sysconfdir}/samba \ - ${RPM_BUILD_ROOT}/%{_sbindir} \ - ${RPM_BUILD_ROOT}/%{_rundir} + %{buildroot}/%{_sysconfdir}/sysconfig/network/if-{down,up}.d \ + %{buildroot}/%{_sysconfdir}/samba \ + %{buildroot}/%{_sbindir} \ + %{buildroot}/%{_rundir} %if ! %{systemd} -install -m 0755 -p ${RPM_SOURCE_DIR}/cifs.init ${RPM_BUILD_ROOT}/%{_sysconfdir}/init.d/cifs -ln -s service ${RPM_BUILD_ROOT}/%{_sbindir}/rccifs +install -m 0755 -p ${RPM_SOURCE_DIR}/cifs.init %{buildroot}/%{_sysconfdir}/init.d/cifs +ln -s service %{buildroot}/%{_sbindir}/rccifs %endif -touch ${RPM_BUILD_ROOT}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d/${script} \ - ${RPM_BUILD_ROOT}%{_rundir}/cifs +touch %{buildroot}/%{_sysconfdir}/sysconfig/network/if-{down,up}.d/${script} \ + %{buildroot}%{_rundir}/cifs %endif # Hardlink duplicate files %if 0%{?suse_version} > 1110 -%fdupes ${RPM_BUILD_ROOT} +%fdupes %{buildroot} %endif %files -%defattr(-,root,root) /sbin/mount.cifs -%if 0%{?centos_version} > 599 || 0%{?fedora_version} > 14 || 0%{?mandriva_version} > 201100 || 0%{?rhel_version} > 599 || 0%{?suse_version} > 1020 %{_bindir}/getcifsacl %{_bindir}/setcifsacl %{_sbindir}/cifs.idmap -%{_mandir}/man1/getcifsacl.1.* -%{_mandir}/man1/setcifsacl.1.* -%{_mandir}/man8/cifs.idmap.8.* -%endif -%if 0%{?centos_version} > 499 || 0%{?fedora_version} > 14 || 0%{?mandriva_version} > 201100 || 0%{?rhel_version} > 499 || 0%{?suse_version} > 1020 +%{_mandir}/man1/getcifsacl.1%{ext_man} +%{_mandir}/man1/setcifsacl.1%{ext_man} +%{_mandir}/man8/cifs.idmap.8%{ext_man} %{_bindir}/cifscreds %{_sbindir}/cifs.upcall -%{_mandir}/man1/cifscreds.1.* -%{_mandir}/man8/cifs.upcall.8.* -%endif -%{_mandir}/man8/mount.cifs.8.* +%{_mandir}/man1/cifscreds.1%{ext_man} +%{_mandir}/man8/cifs.upcall.8%{ext_man} +%{_mandir}/man8/mount.cifs.8%{ext_man} %dir %{_sysconfdir}/request-key.d %config(noreplace) %{_sysconfdir}/request-key.d/cifs.idmap.conf %config(noreplace) %{_sysconfdir}/request-key.d/cifs.spnego.conf -%if 0%{?centos_version} > 599 || 0%{?fedora_version} > 14 || 0%{?mandriva_version} > 201100 || 0%{?rhel_version} > 599 || 0%{?suse_version} > 1020 %dir %{_libdir}/cifs-utils %dir %{_sysconfdir}/cifs-utils %config(noreplace) %{_sysconfdir}/cifs-utils/idmap-plugin %{_libdir}/%{name}/idmapwb.so -%{_mandir}/man8/idmapwb.8.* -%endif -%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1221 +%{_mandir}/man8/idmapwb.8%{ext_man} +%if 0%{?suse_version} > 1221 %if ! %{systemd} %attr(0754,root,root) %config %{_sysconfdir}/init.d/cifs %{_sbindir}/rccifs @@ -203,12 +200,10 @@ %doc README.cifstab.migration %files devel -%defattr(-,root,root) %{_includedir}/cifsidmap.h %files -n pam_cifscreds -%defattr(-,root,root) /%{_lib}/security/pam_cifscreds.so -%{_mandir}/man8/pam_cifscreds.8.* +%{_mandir}/man8/pam_cifscreds.8%{ext_man} %changelog ++++++ 0001-docs-cleanup-rst-formating.patch ++++++ ++++ 1120 lines (skipped) ++++++ 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch ++++++ >From bfcbfaa27a6bcfea3d463e793feff5a983f344a5 Mon Sep 17 00:00:00 2001 From: Aurelien Aptel <aaptel(a)suse.com> Date: Tue, 15 May 2018 10:40:48 +0200 Subject: [PATCH 02/10] mount.cifs.rst: document new (no)handlecache mount option Signed-off-by: Aurelien Aptel <aaptel(a)suse.com> Reviewed-by: Steve French <smfrench(a)gmail.com> Reviewed-by: Pavel Shilovsky <piastryyy(a)gmail.com> --- mount.cifs.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/mount.cifs.rst b/mount.cifs.rst index c0f0bdb..405c459 100644 --- a/mount.cifs.rst +++ b/mount.cifs.rst @@ -237,6 +237,16 @@ cache=arg The default in kernels prior to 3.7 was ``loose``. As of kernel 3.7 the default is ``strict``. +handlecache + (default) In SMB2 and above, the client often has to open the root + of the share (empty path) in various places during mount, path + revalidation and the statfs(2) system call. This option cuts + redundant round trip traffic (opens and closes) by simply keeping + the directory handle for the root around once opened. + +nohandlecache + Disable caching of the share root directory handle. + directio Do not do inode data caching on files opened on this mount. This precludes mmaping files on this mount. In some cases with fast -- 2.13.7 ++++++ 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch ++++++ >From 03a3296c79f8195f94c43a3b4feb09df75d9b90e Mon Sep 17 00:00:00 2001 From: Kenneth Dsouza <kdsouza(a)redhat.com> Date: Fri, 13 Jul 2018 23:49:59 +0530 Subject: [PATCH 03/10] manpage: update mount.cifs manpage with info about rdma option Signed-off-by: Kenneth Dsouza <kdsouza(a)redhat.com> --- mount.cifs.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/mount.cifs.rst b/mount.cifs.rst index 405c459..56c1bf9 100644 --- a/mount.cifs.rst +++ b/mount.cifs.rst @@ -403,6 +403,11 @@ echo_interval=n If this option is not given then the default value of 60 seconds is used. The minimum tunable value is 1 second and maximum can go up to 600 seconds. +rdma + Use to connect to SMB Direct, only applicable when specified with + vers=3 or vers=3.x. + Here 3.x can be 3.0, 3.02 or 3.1.1. + serverino Use inode numbers (unique persistent file identifiers) returned by the server instead of automatically generating temporary inode numbers on -- 2.13.7 ++++++ 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch ++++++ >From 97209a56d13b8736579a58cccf00d2da4e4a0e5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Aptel?= <aaptel(a)suse.com> Date: Tue, 10 Jul 2018 17:50:42 +0200 Subject: [PATCH 04/10] checkopts: add python script to cross check mount options Signed-off-by: Aurelien Aptel <aaptel(a)suse.com> --- checkopts | 240 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 240 insertions(+) create mode 100755 checkopts diff --git a/checkopts b/checkopts new file mode 100755 index 0000000..26ca271 --- /dev/null +++ b/checkopts @@ -0,0 +1,240 @@ +#!/usr/bin/env python3 +# +# Script to check for inconsistencies between documented mount options +# and implemented kernel options. +# Copyright (C) 2018 Aurelien Aptel (aaptel(a)suse.com) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os +import sys +import re +import subprocess +import argparse +from pprint import pprint as P + +def extract_canonical_opts(s): + """ + Return list of option names present in s. + e.g "opt1=a|opt2=d" => ["opt1", "opt2"]) + """ + opts = s.split("|") + res = [] + for o in opts: + x = o.split("=") + res.append(x[0]) + return res + +def extract_kernel_opts(fn): + STATE_BASE = 0 + STATE_DEF = 1 + STATE_USE = 2 + STATE_EXIT = 3 + + state = STATE_BASE + fmt2enum = {} + enum2code = {} + code = '' + current_opt = '' + rx = RX() + + def code_add(s): + if current_opt != '': + if current_opt not in enum2code: + enum2code[current_opt] = '' + enum2code[current_opt] += s + + with open(fn) as f: + for s in f.readlines(): + if state == STATE_EXIT: + break + + elif state == STATE_BASE: + if rx.search(r'cifs_mount_option_tokens.*\{', s): + state = STATE_DEF + elif rx.search(r'^cifs_parse_mount_options', s): + state = STATE_USE + + elif state == STATE_DEF: + if rx.search(r'(Opt_[a-zA-Z0-9_]+)\s*,\s*"([^"]+)"', s): + fmt = rx.group(2) + opts = extract_canonical_opts(fmt) + assert(len(opts) == 1) + name = opts[0] + fmt2enum[name] = {'enum':rx.group(1), 'fmt':fmt} + elif rx.search(r'^};', s): + state = STATE_BASE + + elif state == STATE_USE: + if rx.search(r'^\s*case (Opt_[a-zA-Z0-9_]+)', s): + current_opt = rx.group(1) + elif current_opt != '' and rx.search(r'^\s*default:', s): + state = STATE_EXIT + else: + code_add(s) + return fmt2enum, enum2code + +def chomp(s): + if s[-1] == '\n': + return s[:-1] + return s + +def extract_man_opts(fn): + STATE_EXIT = 0 + STATE_BASE = 1 + STATE_OPT = 2 + + state = STATE_BASE + rx = RX() + opts = {} + + with open(fn) as f: + for s in f.readlines(): + if state == STATE_EXIT: + break + + elif state == STATE_BASE: + if rx.search(r'^OPTION', s): + state = STATE_OPT + + elif state == STATE_OPT: + if rx.search('^[a-z]', s) and len(s) < 50: + s = chomp(s) + names = extract_canonical_opts(s) + for name in names: + opts[name] = s + elif rx.search(r'^[A-Z]+', s): + state = STATE_EXIT + return opts + +def format_code(s): + # remove common indent in the block + min_indent = None + for ln in s.split("\n"): + indent = 0 + for c in ln: + if c == '\t': indent += 1 + else: break + if min_indent is None: + min_indent = indent + elif indent > 0: + min_indent = min(indent, min_indent) + out = '' + lines = s.split("\n") + if lines[-1].strip() == '': + lines.pop() + for ln in lines: + out += "| %s\n" % ln[min_indent:] + return out + +def sortedset(s): + return sorted(list(s), key=lambda x: re.sub('^no', '', x)) + +def opt_neg(opt): + if opt.startswith("no"): + return opt[2:] + else: + return "no"+opt + +def main(): + ap = argparse.ArgumentParser(description="Cross-check mount options from cifs.ko/man page") + ap.add_argument("cfile", help="path to connect.c") + ap.add_argument("rstfile", help="path to mount.cifs.rst") + args = ap.parse_args() + + fmt2enum, enum2code = extract_kernel_opts(args.cfile) + manopts = extract_man_opts(args.rstfile) + + kernel_opts_set = set(fmt2enum.keys()) + man_opts_set = set(manopts.keys()) + + def opt_alias_is_doc(o): + enum = fmt2enum[o]['enum'] + aliases = [] + for k,v in fmt2enum.items(): + if k != o and v['enum'] == enum: + if opt_is_doc(k): + return k + return None + + def opt_exists(o): + return o in fmt2enum + + def opt_is_doc(o): + return o in manopts + + + print('UNDOCUMENTED OPTIONS') + print('====================') + + undoc_opts = kernel_opts_set - man_opts_set + # group opts and their negations together + for opt in sortedset(undoc_opts): + fmt = fmt2enum[opt]['fmt'] + enum = fmt2enum[opt]['enum'] + code = format_code(enum2code[enum]) + neg = opt_neg(opt) + + if enum == 'Opt_ignore': + print("# skipping %s (Opt_ignore)\n"%opt) + continue + + if opt_exists(neg) and opt_is_doc(neg): + print("# skipping %s (%s is documented)\n"%(opt, neg)) + continue + + alias = opt_alias_is_doc(opt) + if alias: + print("# skipping %s (alias %s is documented)\n"%(opt, alias)) + continue + + print('OPTION %s ("%s" -> %s):\n%s'%(opt, fmt, enum, code)) + + print('') + print('DOCUMENTED BUT NON-EXISTING OPTIONS') + print('===================================') + + unex_opts = man_opts_set - kernel_opts_set + # group opts and their negations together + for opt in sortedset(unex_opts): + fmt = manopts[opt] + print('OPTION %s ("%s")' % (opt, fmt)) + + + print('') + print('NEGATIVE OPTIONS WITHOUT POSITIVE') + print('=================================') + + for opt in sortedset(kernel_opts_set): + if not opt.startswith('no'): + continue + + neg = opt[2:] + if not opt_exists(neg): + print("OPTION %s exists but not %s"%(opt,neg)) + +# little helper to test AND store result at the same time so you can +# do if/elsif easily instead of nesting them when you need to do +# captures +class RX: + def __init__(self): + pass + def search(self, rx, s, flags=0): + self.r = re.search(rx, s, flags) + return self.r + def group(self, n): + return self.r.group(n) + +if __name__ == '__main__': + main() -- 2.13.7 ++++++ 0005-mount.cifs.rst-document-missing-options-correct-wron.patch ++++++ >From 7325a01abc529d68756bae90cf23233392626939 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Aptel?= <aaptel(a)suse.com> Date: Tue, 10 Jul 2018 17:50:43 +0200 Subject: [PATCH 05/10] mount.cifs.rst: document missing options, correct wrong ones Signed-off-by: Aurelien Aptel <aaptel(a)suse.com> --- mount.cifs.rst | 111 ++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 79 insertions(+), 32 deletions(-) diff --git a/mount.cifs.rst b/mount.cifs.rst index 56c1bf9..13b3a1e 100644 --- a/mount.cifs.rst +++ b/mount.cifs.rst @@ -123,6 +123,11 @@ forcegid of the gid= option. See the section on `FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS`_ below for more information. +idsfromsid + Extract uid/gid from special SID instead of mapping it. See the + section on `FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS`_ below for + more information. + port=arg sets the port number on which the client will attempt to contact the CIFS server. If this value is specified, look for an existing @@ -133,8 +138,9 @@ port=arg try to connect on port 445 first and then port 139 if that fails. Return an error if both fail. -servernetbiosname=arg - Specify the server netbios name (RFC1001 name) to use when attempting + +netbiosname=arg + Specify the client netbios name (RFC1001 name) to use when attempting to setup a session to the server. Although rarely needed for mounting to newer servers, this option is needed for mounting to some older servers (such as OS/2 or Windows 98 and Windows ME) since when @@ -143,7 +149,8 @@ servernetbiosname=arg characters long and is usually uppercased. servern=arg - Synonym for ``servernetbiosname`` + Similarl to ``netbiosname`` except it specifies the netbios name of + the server instead of the client. netbiosname=arg When mounting to servers via port 139, specifies the RFC1001 source @@ -166,6 +173,10 @@ ip=arg|addr=arg domain=arg|dom=arg|workgroup=arg sets the domain (workgroup) of the user. +domainauto + When using NTLMv2 authentification and not providing a domain via + ``domain``, guess the domain from the server NTLM challenge. + guest don't prompt for a password. @@ -237,6 +248,9 @@ cache=arg The default in kernels prior to 3.7 was ``loose``. As of kernel 3.7 the default is ``strict``. +nostrictsync + Do not flush to the server on fsync(). + handlecache (default) In SMB2 and above, the client often has to open the root of the share (empty path) in various places during mount, path @@ -247,32 +261,6 @@ handlecache nohandlecache Disable caching of the share root directory handle. -directio - Do not do inode data caching on files opened on this mount. This - precludes mmaping files on this mount. In some cases with fast - networks and little or no caching benefits on the client (e.g. when - the application is doing large sequential reads bigger than page size - without rereading the same data) this can provide better performance - than the default behavior which caches reads (readahead) and writes - (writebehind) through the local Linux client pagecache if oplock - (caching token) is granted and held. Note that direct allows write - operations larger than page size to be sent to the server. On some - kernels this requires the cifs.ko module to be built with the - ``CIFS_EXPERIMENTAL`` configure option. - - This option is will be deprecated in 3.7. Users should use - ``cache=none`` instead on more recent kernels. - -strictcache - Use for switching on strict cache mode. In this mode the client reads - from the cache all the time it has *Oplock Level II* , otherwise - - read from the server. As for write - the client stores a data in the - cache in *Exclusive Oplock* case, otherwise - write directly to the - server. - - This option is will be deprecated in 3.7. Users should use - ``cache=strict`` instead on more recent kernels. - rwpidforward Forward pid of a process who opened a file to any read or write operation on that file. This prevent applications like wine(1) from @@ -283,7 +271,7 @@ mapchars including the colon, question mark, pipe, asterik, greater than and less than characters) to the remap range (above 0xF000), which also allows the CIFS client to recognize files created with such characters - by Windows's POSIX emulation. This can also be useful when mounting to + by Windows's Services for Mac. This can also be useful when mounting to most versions of Samba (which also forbids creating and opening files whose names contain any of these seven characters). This has no effect if the server does not support Unicode on the wire. Please note that @@ -293,6 +281,10 @@ mapchars nomapchars (default) Do not translate any of these seven characters. +mapposix + Translate reserved characters similarly to ``mapchars`` but use the + mapping from Microsoft "Services For Unix". + intr currently unimplemented. @@ -370,12 +362,42 @@ seal Request encryption at the SMB layer. Encryption is only supported in SMBv3 and above. The encryption algorithm used is AES-128-CCM. +rdma + Connect directly to the server using SMB Direct via a RDMA adapter. + +resilienthandles + Enable resilient handles. If the server supports it, keep opened + files across reconenctions. Requires SMB2.1. + +noresilienthandles + (default) Disable resilient handles. + +persistenthandles + Enable persistent handles. If the server supports it, keep opened + files across reconnections. Persistent handles are also valid across + servers in a cluser and have stronger guarantees than resilient + handles. Requires SMB3 or above. + +nopersistenthandles + (default) Disable persistent handles. + +snapshot=time + Mount a specific snapshot of the remote share. ``time`` must be a + positive integer identifying the snapshot requested. + nobrl Do not send byte range lock requests to the server. This is necessary for certain applications that break with cifs style mandatory byte range locks (and most cifs servers do not yet support requesting advisory byte range locks). +forcemandatorylock + Do not use POSIX locks even when available via unix + extensions. Always use cifs style mandatory locks. + +locallease + Check cache leases locally instead of querying the server. + sfu When the CIFS Unix Extensions are not negotiated, attempt to create device files and fifos in a format compatible with Services for Unix @@ -431,8 +453,12 @@ noserverino See section `INODE NUMBERS`_ for more information. -nounix - Disable the CIFS Unix Extensions for this mount. This can be useful in +unix|linux + (default) Enable Unix Extensions for this mount. Requires CIFS + (vers=1.0) or SMB3.1.1 (vers=3.1.1) and a server supporting them. + +nounix|nolinux + Disable the Unix Extensions for this mount. This can be useful in order to turn off multiple settings at once. This includes POSIX acls, POSIX locks, POSIX paths, symlink support and retrieving uids/gids/mode from the server. This can also be useful to work around @@ -444,6 +470,23 @@ nouser_xattr Do not allow getfattr/setfattr to get/set xattrs, even if server would support it otherwise. The default is for xattr support to be enabled. +nodfs + Do not follow Distributed FileSystem referals. IO on a file not + stored on the server will fail instead of connecting to the target + server transparently. + +noautotune + Use fixed size for kernel recv/send socket buffers. + +nosharesock + Do not try to reuse sockets if the system is already connected to + the server via an existing mount point. This will make the client + always make a new connection to the server no matter what he is + already connected to. + +noblocksend + Send data on the socket using non blocking operations (MSG_DONTWAIT flag). + rsize=bytes Maximum amount of data that the kernel will request in a read request in bytes. Prior to kernel 3.2.0, the default was 16k, and the maximum @@ -472,6 +515,10 @@ wsize=bytes this value isn't specified or it's greater or equal than the existing one. +max_credits=n + Maximum credits the SMB2 client can have. Default is 32000. Must be + set to a number between 20 and 60000. + fsc Enable local disk caching using FS-Cache for CIFS. This option could be useful to improve performance on a slow link, heavily loaded server -- 2.13.7 ++++++ 0006-cifs-utils-support-rst2man-3.patch ++++++ >From a389756f51916995d27819ea1807ab03f36d8dd7 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <ab(a)samba.org> Date: Tue, 17 Jul 2018 13:12:44 +0300 Subject: [PATCH 06/10] cifs-utils: support rst2man-3 Python3 version of rst2man is called rst2man-3 Signed-off-by: Alexander Bokovoy <ab(a)samba.org> Reviewed-by: Aurelien Aptel <aaptel(a)suse.com> --- Makefile.am | 2 +- configure.ac | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index 30658e3..f37c9ae 100644 --- a/Makefile.am +++ b/Makefile.am @@ -16,7 +16,7 @@ man_MANS= SUFFIXES = .rst .1 .8 -RST2MAN = rst2man --syntax-highlight=none $< $@ +RST2MAN = $(have_rst2man) --syntax-highlight=none $< $@ .rst.1: $(RST2MAN) diff --git a/configure.ac b/configure.ac index b0bc2b9..8e3d6ce 100644 --- a/configure.ac +++ b/configure.ac @@ -252,12 +252,12 @@ fi # if docs are not disabled, check if rst2man is available if test $enable_man != "no"; then - AC_CHECK_PROG(have_rst2man, rst2man, yes, no) + AC_CHECK_PROGS(have_rst2man, rst2man-3.6 rst2man-3.4 rst2man-3 rst2man, no) if test $have_rst2man = "no"; then if test $enable_man = "yes"; then - AC_MSG_ERROR([rst2man not found: cannot generate man pages, consider installing perl.]) + AC_MSG_ERROR([rst2man not found: cannot generate man pages, consider installing python{2,3}-docutils.]) else - AC_MSG_WARN([rst2man not found: cannot generate man pages, consider installing perl. Disabling man page generation.]) + AC_MSG_WARN([rst2man not found: cannot generate man pages, consider installing python{2,3}-docutils. Disabling man page generation.]) enable_man="no" fi else -- 2.13.7 ++++++ 0007-checkopts-report-duplicated-options-in-man-page.patch ++++++ >From 77b028c11fee787d1235a08fd06c8b60d20eb9c0 Mon Sep 17 00:00:00 2001 From: Aurelien Aptel <aaptel(a)suse.com> Date: Wed, 8 Aug 2018 11:38:15 +0200 Subject: [PATCH 07/10] checkopts: report duplicated options in man page Signed-off-by: Aurelien Aptel <aaptel(a)suse.com> --- checkopts | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/checkopts b/checkopts index 26ca271..88e70b1 100755 --- a/checkopts +++ b/checkopts @@ -98,9 +98,12 @@ def extract_man_opts(fn): state = STATE_BASE rx = RX() opts = {} + ln = 0 with open(fn) as f: for s in f.readlines(): + ln += 1 + if state == STATE_EXIT: break @@ -113,7 +116,9 @@ def extract_man_opts(fn): s = chomp(s) names = extract_canonical_opts(s) for name in names: - opts[name] = s + if name not in opts: + opts[name] = [] + opts[name].append({'ln':ln, 'fmt':s}) elif rx.search(r'^[A-Z]+', s): state = STATE_EXIT return opts @@ -174,6 +179,14 @@ def main(): def opt_is_doc(o): return o in manopts + print('DUPLICATED DOC OPTIONS') + print('======================') + + for opt in sortedset(man_opts_set): + if len(manopts[opt]) > 1: + lines = ", ".join([str(x['ln']) for x in manopts[opt]]) + print("OPTION %-20.20s (lines %s)"%(opt, lines)) + print() print('UNDOCUMENTED OPTIONS') print('====================') @@ -208,8 +221,8 @@ def main(): unex_opts = man_opts_set - kernel_opts_set # group opts and their negations together for opt in sortedset(unex_opts): - fmt = manopts[opt] - print('OPTION %s ("%s")' % (opt, fmt)) + man = manopts[opt][0] + print('OPTION %s ("%s") line %d' % (opt, man['fmt'], man['ln'])) print('') -- 2.13.7 ++++++ 0008-mount.cifs.rst-more-cleanups.patch ++++++ >From 06503ef4490a3dde4e8297cf1c5cb336ba43aafa Mon Sep 17 00:00:00 2001 From: Aurelien Aptel <aaptel(a)suse.com> Date: Wed, 8 Aug 2018 11:38:16 +0200 Subject: [PATCH 08/10] mount.cifs.rst: more cleanups * remove duplicates (netbiosname, rdma) * remove snapshot * document nostrictsync, domain, domainauto better * point to vers= when talking about version requirements * typos Signed-off-by: Aurelien Aptel <aaptel(a)suse.com> --- mount.cifs.rst | 61 ++++++++++++++++++++++++++++------------------------------ 1 file changed, 29 insertions(+), 32 deletions(-) diff --git a/mount.cifs.rst b/mount.cifs.rst index 13b3a1e..3504477 100644 --- a/mount.cifs.rst +++ b/mount.cifs.rst @@ -138,25 +138,20 @@ port=arg try to connect on port 445 first and then port 139 if that fails. Return an error if both fail. - netbiosname=arg - Specify the client netbios name (RFC1001 name) to use when attempting - to setup a session to the server. Although rarely needed for mounting + When mounting to servers via port 139, specifies the RFC1001 source + name to use to represent the client netbios machine during the netbios + session initialization. + +servern=arg + Similar to ``netbiosname`` except it specifies the netbios name of + the server instead of the client. Although rarely needed for mounting to newer servers, this option is needed for mounting to some older servers (such as OS/2 or Windows 98 and Windows ME) since when connecting over port 139 they, unlike most newer servers, do not support a default server name. A server name can be up to 15 characters long and is usually uppercased. -servern=arg - Similarl to ``netbiosname`` except it specifies the netbios name of - the server instead of the client. - -netbiosname=arg - When mounting to servers via port 139, specifies the RFC1001 source - name to use to represent the client netbios machine name when doing - the RFC1001 netbios session initialize. - file_mode=arg If the server does not support the CIFS Unix extensions this overrides the default file mode. @@ -171,11 +166,14 @@ ip=arg|addr=arg rarely needs to be specified by the user. domain=arg|dom=arg|workgroup=arg - sets the domain (workgroup) of the user. + Sets the domain (workgroup) of the user. If no domains are given, + the empty domain will be used. Use ``domainauto`` to automatically + guess the domain of the server you are connecting to. domainauto - When using NTLMv2 authentification and not providing a domain via + When using NTLM authentication and not providing a domain via ``domain``, guess the domain from the server NTLM challenge. + This behavior used to be the default on kernels older than 2.6.36. guest don't prompt for a password. @@ -249,7 +247,14 @@ cache=arg default is ``strict``. nostrictsync - Do not flush to the server on fsync(). + Do not ask the server to flush on fsync(). + Some servers perform non-buffered writes by default in which case + flushing is redundant. In workloads where a client is performing a + lot of small write + fsync combinations and where network latency is + much higher than the server latency, this brings a 2x performance + improvement. + This option is also a good candidate in scenarios where we want + performance over consistency. handlecache (default) In SMB2 and above, the client often has to open the root @@ -359,15 +364,16 @@ sec=arg automatically if it's enabled in */proc/fs/cifs/SecurityFlags*. seal - Request encryption at the SMB layer. Encryption is only supported in - SMBv3 and above. The encryption algorithm used is AES-128-CCM. + Request encryption at the SMB layer. The encryption algorithm used + is AES-128-CCM. Requires SMB3 or above (see ``vers``). rdma - Connect directly to the server using SMB Direct via a RDMA adapter. + Connect directly to the server using SMB Direct via a RDMA + adapter. Requires SMB3 or above (see ``vers``). resilienthandles Enable resilient handles. If the server supports it, keep opened - files across reconenctions. Requires SMB2.1. + files across reconnections. Requires SMB2.1 (see ``vers``). noresilienthandles (default) Disable resilient handles. @@ -375,16 +381,12 @@ noresilienthandles persistenthandles Enable persistent handles. If the server supports it, keep opened files across reconnections. Persistent handles are also valid across - servers in a cluser and have stronger guarantees than resilient - handles. Requires SMB3 or above. + servers in a cluster and have stronger guarantees than resilient + handles. Requires SMB3 or above (see ``vers``). nopersistenthandles (default) Disable persistent handles. -snapshot=time - Mount a specific snapshot of the remote share. ``time`` must be a - positive integer identifying the snapshot requested. - nobrl Do not send byte range lock requests to the server. This is necessary for certain applications that break with cifs style mandatory byte @@ -396,7 +398,7 @@ forcemandatorylock extensions. Always use cifs style mandatory locks. locallease - Check cache leases locally instead of querying the server. + Check cached leases locally instead of querying the server. sfu When the CIFS Unix Extensions are not negotiated, attempt to create @@ -425,11 +427,6 @@ echo_interval=n If this option is not given then the default value of 60 seconds is used. The minimum tunable value is 1 second and maximum can go up to 600 seconds. -rdma - Use to connect to SMB Direct, only applicable when specified with - vers=3 or vers=3.x. - Here 3.x can be 3.0, 3.02 or 3.1.1. - serverino Use inode numbers (unique persistent file identifiers) returned by the server instead of automatically generating temporary inode numbers on @@ -471,7 +468,7 @@ nouser_xattr support it otherwise. The default is for xattr support to be enabled. nodfs - Do not follow Distributed FileSystem referals. IO on a file not + Do not follow Distributed FileSystem referrals. IO on a file not stored on the server will fail instead of connecting to the target server transparently. -- 2.13.7 ++++++ 0009-mount.cifs.rst-document-vers-3-mount-option.patch ++++++ >From 439cd76f72a2dd3c65fd7d30ece460cde6b9675d Mon Sep 17 00:00:00 2001 From: Pavel Shilovsky <pshilov(a)microsoft.com> Date: Fri, 17 Aug 2018 11:08:58 -0700 Subject: [PATCH 09/10] mount.cifs.rst: document vers=3 mount option Signed-off-by: Pavel Shilovsky <pshilov(a)microsoft.com> --- mount.cifs.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/mount.cifs.rst b/mount.cifs.rst index 3504477..6587e16 100644 --- a/mount.cifs.rst +++ b/mount.cifs.rst @@ -592,6 +592,7 @@ vers=arg - 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2. - 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012. - 3.1.1 or 3.11 - The SMBv3.1.1 protocol that was introduced in Microsoft Windows Server 2016. + - 3 - The SMBv3.0 protocol version and above. Note too that while this option governs the protocol version used, not all features of each version are available. -- 2.13.7 ++++++ 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch ++++++ >From 3c7e8c3663f50c2d2df6158cc4d22c4fccdc8ae8 Mon Sep 17 00:00:00 2001 From: Pavel Shilovsky <pshilov(a)microsoft.com> Date: Fri, 17 Aug 2018 11:13:45 -0700 Subject: [PATCH 10/10] mount.cifs.rst: document vers=3.02 mount option Signed-off-by: Pavel Shilovsky <pshilov(a)microsoft.com> --- mount.cifs.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/mount.cifs.rst b/mount.cifs.rst index 6587e16..a0faf7f 100644 --- a/mount.cifs.rst +++ b/mount.cifs.rst @@ -591,6 +591,7 @@ vers=arg different dialect (2.000) that is not supported. - 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2. - 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012. + - 3.02 - The SMBv3.0.2 protocol that was introduced in Microsoft Windows 8.1 and Windows Server 2012R2. - 3.1.1 or 3.11 - The SMBv3.1.1 protocol that was introduced in Microsoft Windows Server 2016. - 3 - The SMBv3.0 protocol version and above. -- 2.13.7 ++++++ cifs-utils-6.5.tar.bz2 -> cifs-utils-6.8.tar.bz2 ++++++ ++++ 9920 lines of diff (skipped) ++++++ cifs-utils.keyring ++++++ --- /var/tmp/diff_new_pack.yQzvm7/_old 2018-12-03 10:05:27.323981295 +0100 +++ /var/tmp/diff_new_pack.yQzvm7/_new 2018-12-03 10:05:27.323981295 +0100 @@ -1,32 +1,52 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.14 (GNU/Linux) +Version: GnuPG v2 -mQENBEuqp6ABCADf+tS1rZDdQaUfp7yUWTW+H8OqOXCjuCohHUZFoYF6K/pxhtsY -YUXt5NcXNTioOgJ18S9AL80KS2LTEyr8Z0mfGw1Rld4MClGnnIVNjKUKFaSeEOZG -eSIgjY/gYSP361mwo4PCcieeEO5V0g0agIrYOjkEUSSWb503Ma/NSLwlc3HjvL7i -woosfBpdGyr8dUjb9Tz0HtVw+2wqWl4zMNMYilgoZV0sGO0HssrU40yR/DjuXX5u -Yj+JpffKltKD9iKQ2c29yDXcVoYgAmKu7lNTEGafJHqSWWf2Cvuc+VGTLKrCKxCB -jlN4FKZO3pKFMLX3a0pMEn/ee645wH4mccMJABEBAAG0P2NpZnMtdXRpbHMgRGlz -dHJpYnV0aW9uIFZlcmlmaWNhdGlvbiBLZXkgPGNpZnMtdXRpbHNAc2FtYmEub3Jn -PokBOAQTAQIAIgUCS6qnoAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ -Wv2/snDzuYFT3wgAo3mjI7HpDd6oywObMF+NDJC55lmMOZE3r0YuLg59aPeOI+PG -hhjx1UcCMWtx4Bu2j3I96bgwwoe+/ZxYjJZIqa8ClF6JulMDksI06eITSLOXaJVV -1OP8Rtq5aUyN9DsBrLhnpC1QkyBtiIKWDr9H/HSm8uYd3xOjcbhg3hYSBzCSEcTA -lVnk575rZRZ7kgwm6R5aCy/QNtmfbLWvI7ZA50q+zrE3/cDQ2ZLjktueOXufCQLg -cTivreji4aiU3p3dxRvZ+GFWnRyFu6o88DYZlT8M2mHdro5EW7S31ccs0tKdFrcw -vpkPi0TdWPp072UOeDogxuGdozpWuDB62n9TX4hGBBARAgAGBQJLqq6pAAoJEMj9 -IMUDHcyA1wkAnj4i4n33+JHh42fMDJojYGPxpnFnAJ9SXLONLJoFwQkaOjLNGYtQ -YH67ALkBDQRLqqegAQgA9Hco9TDoYOu3s7FePHqXxKClrHMswjfmD6WQ0k26j3lq -RS1KpSbGSiF8zXrKGKC0yO/INQ+WJGqDuVTwELE8hYcJeY0M5scSY6qAc+iCcTRn -B4Mf6Esnz/a6J0YebiojFrAgChGGUk/cZdwu8UOV//MbFSKCC49PcjNEjv2OXp5F -h/5gl/dSElHzSI9HykqhCECvcWSBdUXsIogIXJoQ0XX7WyPNKt0FeD0hGdYtDlzg -ZGjqhj/l8XHbFtNdJ/YOue8gBJ//4c2q7yrFMWf7lsJv/qaBDJECR1pV/O2juFZn -CxJ05WWnyqMbS30dVGM+VDf6HAfownc6NLX6KgANkQARAQABiQEfBBgBAgAJBQJL -qqegAhsMAAoJEFr9v7Jw87mBEZ8H/jxs/oyggM4VE0LSrZ3mmCJeNpAkk+rQlCRv -lqkIpn8xwllSCFVm7yET+Eo6G07J1vsGX7+hrtxC1UxB7UYwU3OMMciWpQyz32Zi -DO+eZwrWLg74Jy0Y6rvBlqhTQoRBeWhMzeMxfjtsBkBX3d3RWtuLGiA14pIw73+h -6NE0EbxIuXC5elEWdzm1A9LDH1B6XU9O5e/h5M/7KeKVW+wfydy0PGN/cQ7CLG/x -Rznvy631YcU03NN0PTO9aimbu67H27UIbj+ONoteeqklxmzVkriuYhJoSYkZloIz -ZuM2e2o9RtZwfOLOVR2fMspSGyvKq9NqOSOfz/2VFJI/7LYuJRM= -=hbsp +mQINBFqjC5IBEAC3B4MkmRj4X5Mee747zLbuNdggBctPsWe/sGlYtsF6SimssI5g +eypWuOOjq5CyPIg9K8lfYhdQTaHcR6OWRDrJEtn5Er6qaf6aziAkD8CPFx+9cxI9 +/3uhYKQY+haaRfOylgAHdeZW1sEN6GOzdELFSNU2ofjUEnywPOuKpPIfvQeiM0oZ +KCrL6+02gpSSlTBwe+NZtIbZArCmSRgekqh5gbdcGWWdSg2UNrfGH4dR61cTa0bX +PZ798du2NwjiAYVGqh/uPhbvDEJbu4sOvuUQroeXyAZ33JhLRLbUJ1seVXM8u597 +/hk2Nnm5kgCnCiI2EAPMmoL6bVdJu48M8T20cxwSVb6Qn4uOGXfw4tYA9ZqbA6q/ +rYc43lDI3Qmg56FZ0EJWOfMM08RDvSFCbqYHdhFKVza5yqPKL/VnvIUESOtBcSy8 +es9tEyZhnZ067BWfWtt81uHoMzl0MlEgm6hBthzuJZ9Lcy+LJJ5aAQnk3N+m013q +Pn2bsnAmgE4jT8RsD0P7QY5qM9aoIRfPsUkjz3OJP4QNbjQoEDF78F1FQWh2yMjo +omqoESdrDpSeIK94s7KIOn0CHOpXCK8GRqEYR/YOI/MCHK60agT1xJVQJszStQbP +InOtg3BIqtDBtEpRTvpYfBZkHIefh54JVz8H0ML70mjehz5+JGD6NUyskwARAQAB +tD9jaWZzLXV0aWxzIERpc3RyaWJ1dGlvbiBWZXJpZmljYXRpb24gS2V5IDxjaWZz +LXV0aWxzQHNhbWJhLm9yZz6JAjgEEwECACIFAlqjC5ICGwMGCwkIBwMCBhUIAgkK +CwQWAgMBAh4BAheAAAoJEN9bqdMGQtWgKuYP/R4p2X8dr2b2n6PQuuuA9RD5VreL +/FRbqyxl1Elxj07rbQG4r8m/YCZUebmojPVnpzLHKSkBi0ePcpaiZLT+v6kPd3Hu +T/6GjbIYh5WPC8N12l9e2Gc/kaIa8zMboAUx1A57x4e0eSJ62PWbzBOdT+n9Qwc8 +at8YRKvJrM6w+/c6mf1gkN7DINqAWgyXoCbAeq6heIp4cnVzEQkjfgmw5zai/g1O +7UebVh0L6b1KLghDUBsJ40hi5fSvLPOF3FRV+JWx2YUymFHJN6oyVytZ0ghJgH7a +rbcV8H5CZ/JhHvPl3vE2XTMoJ+DH4tOr7VR40LQrTG7/IMh5HKJ1a+zXgZliPaSm +7BfyTL1DxSBeCN2zbYUCuAOKhBZpSW+D4mPNW2DeAYSwCcrb1SGyTFGz0N+zIcqI +s32g5MhWvwMPoc+YaJMqW45sbff887kbVOMZwXXmCn5qgRxNTkHXKf4JrU29i4N6 +SlpwLuv6OhRV9jlVF9+fpVfQ0dbQXaSxU/IlVUpLKC7WxroTHA3FQP7RZdkR3ePe +ZVSEUNOLxFDkoLxYtrxrBOPqpPwPa7BAjClQZh2+nQfU3dxBnTyh9jNPT1ruteka +nrJVgdwZZuan08UTbhae35jLHCxpw9TYhKOpbAmZ2jLn7zk5D+Ffpss3minXurlI +nvolG4P/z9DiIiwLuQINBFqjC5IBEADVaLoHLmT9trPaTxGDpz8ZnbfJ1SPHcf8F +/mL31FWxRxotxNoLHuK25heTju6siE/SEPgZ2NIo/1pUgDVXTZbQO25qMcBxmoNH +ZJhEOruK10ZkJf6+f555v3One9uLoIMAMuVrnLFsdjqzeV4SswHgr/TjCAYZe9aA +hKF/TEE6c7ZwnWYAlRrm4eIrR3U7gzlen8z1DPzYcsaWLE7BXiQaPCbD3mrQQPlR +2sPrwO+qOq09Xm2Kgu6V6e604Q/LYB+RgRXQ3rXKX0hXeI/2Z7tcepeTCdyCjVG8 +pRADCe8ED189adGru5s79hQmDVY4Fsa8s9atibuoo1fg0VDqf2GEblpxG6DTJ7IE +36Jx10CjvAcenE/2IWRmb1TL7wUXcbGb+jdYSbow5XKesjItXWcLyZJKmwdH2BQL +zFkeCyWdw9gVrWYuYmW8BdUjJK59nCO3wdNCJFHSKP/8m1m1NM96MmoaU1Wq8pop +tm54nqO9pb15mAJQQw9KazgNeCgximBayrfR1K0+KyTjE145sn+RZrNSLXrXx87C +p7fHKpqBZrM/nxtdXW8CrwwgydCLjDuTngEuLq+Jr92Bz+Z71YiJKTKF4c21fQD8 +7+wyEpu7H793yXft9+Ku0c2b0R3SiYyA8P/yBbN73HDsH2ya+L90pjGglS3zClkP +ZyU95vhWVQARAQABiQIfBBgBAgAJBQJaowuSAhsMAAoJEN9bqdMGQtWgCCcP/3pW +eayAOG060ASE/0C6s306HAiJKePHkWRV2rZHbO3eIfTYOFv7sjW/GCFaVfWSArAn +dtxQO8udqzzHEeAx3Wp3i3kiGjs6VH0qtWEMNgxKjNMc5tFrdYl70Vvnva4Bp7RV +V8c6VIxyW4rd+OYZ3vxK+xo5+TwXoT9wKUIeHDmVHB5mVGJzvQDA2YJJeBnWkBnl +ovJ9kHLU7oPAA4XYqAl8TWc3731Ag19teaA1AGqbSEWlOGVIkWVGfl3BynbHgfqN +XbUSmmOOGqp/A9mMDIimdOWtUPQq05YvO8xmeQPNHaOEVzbPp6U0kMnz9K9X+PDS +6VK+xTekF8QTS4fsWneq5DQpKBHtiUTbSz3I52xO3vWCM6q9I7DI7ZGYaJKPwN5d +2u6yrGuq1wGMRsr36GIaRzN/7SKwWInItxFu4eH9BF3lcwv1v76nHp1mX4ObycAo +STJS5m4NGJIwuE/yPvUVy43i8jrTSOnqv0cjEr7AcoAQIUybZG09igeBHTGJ5FnL +SEJ4Cm9aJQ7ry+pclSFqzrS8iEIEES4GmYmLp6onvi+TV7YlC9w0GDikWg0Uk3xf +cwEFFZGeCvgM4bqdIHCEq37ZPDNbZ4I3P6kWblYgrnIhPfKfVkKY5mybRA+uiNkq +kwcfWNBaJWVaFFiM+ol3YE0wiTy/lyL6oHQ/iZLz +=+QS8 -----END PGP PUBLIC KEY BLOCK-----

1 0

commit python-python-xlib for openSUSE:Factory
by root 03 Dec '18

03 Dec '18

Hello community, here is the log from the commit of package python-python-xlib for openSUSE:Factory checked in at 2018-12-03 10:04:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-python-xlib (Old) and /work/SRC/openSUSE:Factory/.python-python-xlib.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-python-xlib" Mon Dec 3 10:04:55 2018 rev:2 rq:652147 version:0.23 Changes: -------- --- /work/SRC/openSUSE:Factory/python-python-xlib/python-python-xlib.changes 2017-09-04 12:35:27.730771292 +0200 +++ /work/SRC/openSUSE:Factory/.python-python-xlib.new.19453/python-python-xlib.changes 2018-12-03 10:05:00.468005863 +0100 @@ -1,0 +2,26 @@ +Tue Nov 27 11:21:53 UTC 2018 - Tomáš Chvátal <tchvatal(a)suse.com> + +- Make sure the tests are run + +------------------------------------------------------------------- +Tue Nov 27 09:04:39 UTC 2018 - sor.alexei(a)meowr.ru + +- Update to version 0.23 (changes since 0.19): + * Fix unclosed file in Xauth implementation. + * Fix support for Window.set_wm_transient_for. + * Fix support for Drawable.put_image / Drawable.get_image. + * Use Latin-1 for decoding strings in Python 3 (same as Python 2). + * Fix Python 3 warnings about array.tostring() (deprecated). + * When DISPLAY does not specify a protocol, and the implicit Unix + socket connection fails, fallback to TCP (mimicking XCB's + behaviour). + * Fix Display.change_pointer_control implementation. + * Fix Drawable.put_pil_image implementation. + * Don't bundle a copy of texi2html to build the HTML + documentation, but use the currently installed version instead. + * Improve response processing performance: reduce the number of + `socket.recv` calls needed to receive a full response. +- Remove python-xlib-0.14-increase-receiving-buffer.patch: no + longer needed, see commit 1958a82. + +------------------------------------------------------------------- Old: ---- python-xlib-0.14-increase-receiving-buffer.patch python-xlib-0.19.tar.bz2 New: ---- python-xlib-0.23.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-python-xlib.spec ++++++ --- /var/tmp/diff_new_pack.Uey6LT/_old 2018-12-03 10:05:01.432004981 +0100 +++ /var/tmp/diff_new_pack.Uey6LT/_new 2018-12-03 10:05:01.432004981 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-python-xlib # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,34 +12,30 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %{?!python_module:%define python_module() python-%{**} python3-%{**}} -%bcond_with test -%define X_display ":98" %define oldpython python Name: python-python-xlib -Version: 0.19 +Version: 0.23 Release: 0 Summary: Python X11 interface -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: Development/Libraries/Python -Url: https://github.com/python-xlib/python-xlib +URL: https://github.com/python-xlib/python-xlib Source: https://files.pythonhosted.org/packages/source/p/python-xlib/python-xlib-%{… -# PATCH-FIX-UPSTREAM python-xlib-0.14-increase-receiving-buffer.patch deb#357507 -Patch0: python-xlib-0.14-increase-receiving-buffer.patch -BuildRequires: %{python_module devel} -BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module mock} +BuildRequires: %{python_module nose} BuildRequires: %{python_module setuptools_scm} +BuildRequires: %{python_module setuptools} BuildRequires: %{python_module six >= 1.10.0} BuildRequires: fdupes BuildRequires: python-rpm-macros -%if %{with test} -BuildRequires: xorg-x11-server -%endif +BuildRequires: xvfb-run Requires: python-six >= 1.10.0 +BuildArch: noarch %ifpython2 Provides: %{oldpython}-xlib = %{version} Obsoletes: %{oldpython}-xlib < %{version} @@ -48,8 +44,6 @@ Provides: python3-xlib = %{version} Obsoletes: python3-xlib < %{version} %endif -BuildArch: noarch - %python_subpackages %description @@ -58,29 +52,21 @@ %prep %setup -q -n python-xlib-%{version} -%patch0 -p1 %build -export CFLAGS="%{optflags}" %python_build %install %python_install %python_expand %fdupes %{buildroot}%{$python_sitelib} -%if %{with test} %check -export DISPLAY=%{X_display} -Xvfb %{X_display} >& Xvfb.log & -trap "kill $! || true" EXIT -sleep 10 -%python_exec runtests.py -%endif +%python_expand xvfb-run --server-args "-screen 0 1920x1080x24" $python runtests.py %files %{python_files} -%defattr(-,root,root) -%doc LICENSE README.rst NEWS TODO +%license LICENSE +%doc CHANGELOG.md README.rst TODO %{python_sitelib}/Xlib/ -%{python_sitelib}/python_xlib-*py*.egg-info +%{python_sitelib}/python_xlib-* %changelog ++++++ python-xlib-0.19.tar.bz2 -> python-xlib-0.23.tar.bz2 ++++++ ++++ 16605 lines of diff (skipped)

1 0

commit skopeo for openSUSE:Factory
by root 03 Dec '18

03 Dec '18

Hello community, here is the log from the commit of package skopeo for openSUSE:Factory checked in at 2018-12-03 10:04:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/skopeo (Old) and /work/SRC/openSUSE:Factory/.skopeo.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "skopeo" Mon Dec 3 10:04:49 2018 rev:11 rq:652143 version:0.1.32 Changes: -------- --- /work/SRC/openSUSE:Factory/skopeo/skopeo.changes 2018-11-20 22:23:35.310908578 +0100 +++ /work/SRC/openSUSE:Factory/.skopeo.new.19453/skopeo.changes 2018-12-03 10:04:52.988012702 +0100 @@ -1,0 +2,7 @@ +Tue Nov 27 10:51:19 UTC 2018 - Marco Vedovati <mvedovati(a)suse.com> + +- Disable ostree repository types for SLE, as this feature requires libostree + that is not yet available in the Server Application module where skopeo is + located. + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ skopeo.spec ++++++ --- /var/tmp/diff_new_pack.jrGH7B/_old 2018-12-03 10:04:53.832011930 +0100 +++ /var/tmp/diff_new_pack.jrGH7B/_new 2018-12-03 10:04:53.836011927 +0100 @@ -19,8 +19,8 @@ %define project github.com/containers/skopeo -%if 0%{?suse_version} >= 1500 -# Build with libostree-devel in Tumbleweed, Leap 15 and SLES 15 +%if 0%{?is_opensuse} && 0%{?suse_version} >= 1500 +# Build with libostree-devel for openSUSE Tumbleweed and Leap 15 %define with_libostree 1 %endif Name: skopeo

1 0

commit polkit-default-privs for openSUSE:Factory
by root 03 Dec '18

03 Dec '18

Hello community, here is the log from the commit of package polkit-default-privs for openSUSE:Factory checked in at 2018-12-03 10:04:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/polkit-default-privs (Old) and /work/SRC/openSUSE:Factory/.polkit-default-privs.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "polkit-default-privs" Mon Dec 3 10:04:37 2018 rev:151 rq:652137 version:13.2 Changes: -------- --- /work/SRC/openSUSE:Factory/polkit-default-privs/polkit-default-privs.changes 2018-11-26 10:17:35.317923705 +0100 +++ /work/SRC/openSUSE:Factory/.polkit-default-privs.new.19453/polkit-default-privs.changes 2018-12-03 10:04:47.096018087 +0100 @@ -1,0 +2,5 @@ +Tue Nov 27 10:18:20 UTC 2018 - matthias.gerstner(a)suse.com + +- chkstat: adjust DO NOT EDIT banner in generated rules file (bsc#1099754) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ polkit-default-privs-13.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-13.2/chkstat-polkit new/polkit-default-privs-13.2/chkstat-polkit --- old/polkit-default-privs-13.2/chkstat-polkit 2018-11-15 18:22:26.000000000 +0100 +++ new/polkit-default-privs-13.2/chkstat-polkit 2018-11-27 11:16:29.000000000 +0100 @@ -86,10 +86,15 @@ rename($file.'.new', $file) or die "can't rename $file.new: $!\n"; __END__ -/************************************\ -* AUTOMATICALY GENERATED DO NOT EDIT * -* see man set_polkit_default_privs * -\************************************/ +/*******************************************\ +* DO NOT EDIT * +* This file was automatically generated. * +* To add custom rules edit * +* /etc/polkit-default-privs.local * +* instead. * +* Also see 'man set_polkit_default_privs' * +\*******************************************/ + polkit.addRule(function(action, subject) { // set to true for debugging var debug = false; @@ -102,8 +107,8 @@ i = 2; } else { i = 1; - } - } + } + } if (debug) polkit.log(subject);

1 0

commit xen for openSUSE:Factory
by root 03 Dec '18

03 Dec '18

Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-12-03 10:04:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "xen" Mon Dec 3 10:04:05 2018 rev:257 rq:652068 version:4.11.0_09 Changes: -------- --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-11-13 16:23:56.974832220 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.19453/xen.changes 2018-12-03 10:04:29.840033854 +0100 @@ -1,0 +2,58 @@ +Wed Nov 21 15:44:39 MST 2018 - carnold(a)suse.com + +- bsc#1116524 - Package xen-tools-4.11.0_09-2.1.x86_64 broken: + Missing /bin/domu-xenstore. This was broken because "make + package build reproducible" change. (boo#1047218, boo#1062303) + This fix reverses the change to this patch. + tmp_build.patch + +------------------------------------------------------------------- +Mon Nov 12 09:47:39 MST 2018 - carnold(a)suse.com + +- bsc#1115040 - VUL-0: xen: insufficient TLB flushing / improper + large page mappings with AMD IOMMUs (XSA-275) + xsa275-1.patch + xsa275-2.patch +- bsc#1115043 - VUL-0: xen: resource accounting issues in x86 IOREQ + server handling (XSA-276) + xsa276-1.patch + xsa276-2.patch +- bsc#1115044 - VUL-0: xen: x86: incorrect error handling for guest + p2m page removals (XSA-277) + xsa277.patch +- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even + when disabled (XSA-278) + 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch +- bsc#1115045 - VUL-0: xen: x86: DoS from attempting to use INVPCID + with a non-canonical addresses (XSA-279) + xsa279.patch +- bsc#1115047 - VUL-0: xen: Fix for XSA-240 conflicts with shadow + paging (XSA-280) + xsa280-1.patch + xsa280-2.patch +- bsc#1114988 - VUL-0: xen: guest use of HLE constructs may lock up + host (XSA-282) + 5be2a308-x86-extend-get_platform_badpages.patch + 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch +- bsc#1108940 - L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV + 5bdc31d5-VMX-fix-vmx_handle_eoi.patch +- Upstream bug fixes (bsc#1027519) + 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch + 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch + 5bacae4b-x86-boot-allocate-extra-module-slot.patch + 5bae44ce-x86-silence-false-log-messages.patch + 5bb60c12-x86-split-opt_xpti.patch + 5bb60c4f-x86-split-opt_pv_l1tf.patch + 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch + 5bcf0722-x86-boot-enable-NMIs.patch + 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch + 5bd076e9-x86-boot-init-debug-regs-correctly.patch + 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch + 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch + +------------------------------------------------------------------- +Wed Oct 24 20:08:24 UTC 2018 - ohering(a)suse.de + +- Use SMBIOS_REL_DATE instead of SMBIOS_DATE for reproducible binaries + +------------------------------------------------------------------- New: ---- 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch 5bacae4b-x86-boot-allocate-extra-module-slot.patch 5bae44ce-x86-silence-false-log-messages.patch 5bb60c12-x86-split-opt_xpti.patch 5bb60c4f-x86-split-opt_pv_l1tf.patch 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch 5bcf0722-x86-boot-enable-NMIs.patch 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch 5bd076e9-x86-boot-init-debug-regs-correctly.patch 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch 5bdc31d5-VMX-fix-vmx_handle_eoi.patch 5be2a308-x86-extend-get_platform_badpages.patch 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch xsa275-1.patch xsa275-2.patch xsa276-1.patch xsa276-2.patch xsa277.patch xsa279.patch xsa280-1.patch xsa280-2.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xen.spec ++++++ --- /var/tmp/diff_new_pack.1BrBU4/_old 2018-12-03 10:04:31.752032107 +0100 +++ /var/tmp/diff_new_pack.1BrBU4/_new 2018-12-03 10:04:31.760032101 +0100 @@ -205,18 +205,42 @@ Patch41: 5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch Patch42: 5b72fbbf-xl.conf-Add-global-affinity-masks.patch Patch43: 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch -Patch44: 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch -Patch45: 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch -Patch46: 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch -Patch47: 5b8d5832-x86-assorted-array_index_nospec-insertions.patch -Patch48: 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch -Patch49: 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch -Patch50: 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch -Patch51: 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch -Patch52: 5b9784d2-x86-HVM-add-known_gla-helper.patch -Patch53: 5b9784f2-x86-HVM-split-page-straddling-accesses.patch -Patch98: xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch -Patch99: xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch +Patch44: 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch +Patch45: 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch +Patch46: 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch +Patch47: 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch +Patch48: 5b8d5832-x86-assorted-array_index_nospec-insertions.patch +Patch49: 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch +Patch50: 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch +Patch51: 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch +Patch52: 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch +Patch53: 5b9784d2-x86-HVM-add-known_gla-helper.patch +Patch54: 5b9784f2-x86-HVM-split-page-straddling-accesses.patch +Patch55: 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch +Patch56: 5bacae4b-x86-boot-allocate-extra-module-slot.patch +Patch57: 5bae44ce-x86-silence-false-log-messages.patch +Patch58: 5bb60c12-x86-split-opt_xpti.patch +Patch59: 5bb60c4f-x86-split-opt_pv_l1tf.patch +Patch60: 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch +Patch61: 5bcf0722-x86-boot-enable-NMIs.patch +Patch62: 5bd076e9-x86-boot-init-debug-regs-correctly.patch +Patch63: 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch +Patch64: 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch +Patch65: 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch +Patch66: 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch +Patch67: 5bdc31d5-VMX-fix-vmx_handle_eoi.patch +Patch68: 5be2a308-x86-extend-get_platform_badpages.patch +Patch69: 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch +Patch70: xsa275-1.patch +Patch71: xsa275-2.patch +Patch72: xsa276-1.patch +Patch73: xsa276-2.patch +Patch74: xsa277.patch +Patch75: xsa279.patch +Patch76: xsa280-1.patch +Patch77: xsa280-2.patch +Patch78: xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch +Patch79: xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch # Our platform specific patches Patch400: xen-destdir.patch Patch401: vif-bridge-no-iptables.patch @@ -465,8 +489,32 @@ %patch51 -p1 %patch52 -p1 %patch53 -p1 -%patch98 -p1 -%patch99 -p1 +%patch54 -p1 +%patch55 -p1 +%patch56 -p1 +%patch57 -p1 +%patch58 -p1 +%patch59 -p1 +%patch60 -p1 +%patch61 -p1 +%patch62 -p1 +%patch63 -p1 +%patch64 -p1 +%patch65 -p1 +%patch66 -p1 +%patch67 -p1 +%patch68 -p1 +%patch69 -p1 +%patch70 -p1 +%patch71 -p1 +%patch72 -p1 +%patch73 -p1 +%patch74 -p1 +%patch75 -p1 +%patch76 -p1 +%patch77 -p1 +%patch78 -p1 +%patch79 -p1 # Our platform specific patches %patch400 -p1 %patch401 -p1 @@ -540,13 +588,13 @@ XEN_FULLVERSION="$XEN_VERSION.$XEN_SUBVERSION.$XEN_EXTRAVERSION" XEN_BUILD_DATE="`date -u -d '1970-01-01'`" XEN_BUILD_TIME="`date -u -d '1970-01-01' +%%T`" -SMBIOS_DATE="`date -u -d '1970-01-01' +%%m/%%d/%%Y`" +SMBIOS_REL_DATE="`date -u -d '1970-01-01' +%%m/%%d/%%Y`" RELDATE="`date -u -d '1970-01-01' '+%%d %%b %%Y'`" if test -r %{S:9} then XEN_BUILD_DATE="` date -u -d \"$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\" `" XEN_BUILD_TIME="` date -u -d \"$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\" +%%T`" - SMBIOS_DATE="` date -u -d \"$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\" +%%m/%%d/%%Y`" + SMBIOS_REL_DATE="` date -u -d \"$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\" +%%m/%%d/%%Y`" RELDATE="` date -u -d \"$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\" '+%%d %%b %%Y'`" fi cat > .our_xenversion <<_EOV_ @@ -555,7 +603,7 @@ export GIT=$(type -P false) export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS" export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS" -export SMBIOS_REL_DATE="$SMBIOS_DATE" +export SMBIOS_REL_DATE="$SMBIOS_REL_DATE" export RELDATE="$RELDATE" XEN_VERSION=$XEN_VERSION XEN_SUBVERSION=$XEN_SUBVERSION ++++++ 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch ++++++ # Commit 7626edeaca972e3e823535dcc44338f6b2f0b21f # Date 2018-08-16 09:27:30 +0200 # Author Paul Durrant <paul.durrant(a)citrix.com> # Committer Jan Beulich <jbeulich(a)suse.com> x86/hvm/emulate: make sure rep I/O emulation does not cross GFN boundaries When emulating a rep I/O operation it is possible that the ioreq will describe a single operation that spans multiple GFNs. This is fine as long as all those GFNs fall within an MMIO region covered by a single device model, but unfortunately the higher levels of the emulation code do not guarantee that. This is something that should almost certainly be fixed, but in the meantime this patch makes sure that MMIO is truncated at GFN boundaries and hence the appropriate device model is re-evaluated for each target GFN. NOTE: This patch does not deal with the case of a single MMIO operation spanning a GFN boundary. That is more complex to deal with and is deferred to a subsequent patch. Signed-off-by: Paul Durrant <paul.durrant(a)citrix.com> Convert calculations to be 32-bit only. Signed-off-by: Jan Beulich <jbeulich(a)suse.com> --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c @@ -184,6 +184,24 @@ static int hvmemul_do_io( hvmtrace_io_assist(&p); } + /* + * Make sure that we truncate rep MMIO at any GFN boundary. This is + * necessary to ensure that the correct device model is targetted + * or that we correctly handle a rep op spanning MMIO and RAM. + */ + if ( unlikely(p.count > 1) && p.type == IOREQ_TYPE_COPY ) + { + unsigned int off = p.addr & ~PAGE_MASK; + unsigned int tail = PAGE_SIZE - off; + + if ( tail < p.size ) /* single rep spans GFN */ + p.count = 1; + else + p.count = min(p.count, + (p.df ? (off + p.size) : tail) / p.size); + } + ASSERT(p.count); + vio->io_req = p; rc = hvm_io_intercept(&p); ++++++ 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch ++++++ --- /var/tmp/diff_new_pack.1BrBU4/_old 2018-12-03 10:04:31.932031943 +0100 +++ /var/tmp/diff_new_pack.1BrBU4/_new 2018-12-03 10:04:31.932031943 +0100 @@ -17,7 +17,7 @@ --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c -@@ -1046,6 +1046,8 @@ static int __hvmemul_read( +@@ -1064,6 +1064,8 @@ static int __hvmemul_read( pfec |= PFEC_implicit; else if ( hvmemul_ctxt->seg_reg[x86_seg_ss].dpl == 3 ) pfec |= PFEC_user_mode; @@ -26,7 +26,7 @@ rc = hvmemul_virtual_to_linear( seg, offset, bytes, &reps, access_type, hvmemul_ctxt, &addr); -@@ -1057,9 +1059,7 @@ static int __hvmemul_read( +@@ -1075,9 +1077,7 @@ static int __hvmemul_read( (vio->mmio_gla == (addr & PAGE_MASK)) ) return hvmemul_linear_mmio_read(addr, bytes, p_data, pfec, hvmemul_ctxt, 1); @@ -37,7 +37,7 @@ switch ( rc ) { -@@ -2498,9 +2498,10 @@ void hvm_emulate_init_per_insn( +@@ -2516,9 +2516,10 @@ void hvm_emulate_init_per_insn( hvm_access_insn_fetch, &hvmemul_ctxt->seg_reg[x86_seg_cs], &addr) && ++++++ 5b9784d2-x86-HVM-add-known_gla-helper.patch ++++++ --- /var/tmp/diff_new_pack.1BrBU4/_old 2018-12-03 10:04:31.948031929 +0100 +++ /var/tmp/diff_new_pack.1BrBU4/_new 2018-12-03 10:04:31.948031929 +0100 @@ -14,7 +14,7 @@ --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c -@@ -1027,6 +1027,26 @@ static inline int hvmemul_linear_mmio_wr +@@ -1045,6 +1045,26 @@ static inline int hvmemul_linear_mmio_wr pfec, hvmemul_ctxt, translate); } @@ -41,7 +41,7 @@ static int __hvmemul_read( enum x86_segment seg, unsigned long offset, -@@ -1035,11 +1055,9 @@ static int __hvmemul_read( +@@ -1053,11 +1073,9 @@ static int __hvmemul_read( enum hvm_access_type access_type, struct hvm_emulate_ctxt *hvmemul_ctxt) { @@ -53,7 +53,7 @@ int rc; if ( is_x86_system_segment(seg) ) -@@ -1053,10 +1071,7 @@ static int __hvmemul_read( +@@ -1071,10 +1089,7 @@ static int __hvmemul_read( seg, offset, bytes, &reps, access_type, hvmemul_ctxt, &addr); if ( rc != X86EMUL_OKAY || !bytes ) return rc; @@ -65,7 +65,7 @@ return hvmemul_linear_mmio_read(addr, bytes, p_data, pfec, hvmemul_ctxt, 1); rc = hvm_copy_from_guest_linear(p_data, addr, bytes, pfec, &pfinfo); -@@ -1157,10 +1172,8 @@ static int hvmemul_write( +@@ -1175,10 +1190,8 @@ static int hvmemul_write( { struct hvm_emulate_ctxt *hvmemul_ctxt = container_of(ctxt, struct hvm_emulate_ctxt, ctxt); @@ -76,7 +76,7 @@ int rc; void *mapping; -@@ -1174,8 +1187,7 @@ static int hvmemul_write( +@@ -1192,8 +1205,7 @@ static int hvmemul_write( if ( rc != X86EMUL_OKAY || !bytes ) return rc; @@ -86,7 +86,7 @@ return hvmemul_linear_mmio_write(addr, bytes, p_data, pfec, hvmemul_ctxt, 1); mapping = hvmemul_map_linear_addr(addr, bytes, pfec, hvmemul_ctxt); -@@ -1204,7 +1216,6 @@ static int hvmemul_rmw( +@@ -1222,7 +1234,6 @@ static int hvmemul_rmw( container_of(ctxt, struct hvm_emulate_ctxt, ctxt); unsigned long addr, reps = 1; uint32_t pfec = PFEC_page_present | PFEC_write_access; @@ -94,7 +94,7 @@ int rc; void *mapping; -@@ -1230,8 +1241,7 @@ static int hvmemul_rmw( +@@ -1248,8 +1259,7 @@ static int hvmemul_rmw( else { unsigned long data = 0; ++++++ 5b9784f2-x86-HVM-split-page-straddling-accesses.patch ++++++ --- /var/tmp/diff_new_pack.1BrBU4/_old 2018-12-03 10:04:31.956031921 +0100 +++ /var/tmp/diff_new_pack.1BrBU4/_new 2018-12-03 10:04:31.956031921 +0100 @@ -26,7 +26,7 @@ --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c -@@ -1044,7 +1044,91 @@ static bool known_gla(unsigned long addr +@@ -1062,7 +1062,91 @@ static bool known_gla(unsigned long addr else if ( !vio->mmio_access.read_access ) return false; @@ -119,7 +119,7 @@ } static int __hvmemul_read( -@@ -1055,7 +1139,6 @@ static int __hvmemul_read( +@@ -1073,7 +1157,6 @@ static int __hvmemul_read( enum hvm_access_type access_type, struct hvm_emulate_ctxt *hvmemul_ctxt) { @@ -127,7 +127,7 @@ unsigned long addr, reps = 1; uint32_t pfec = PFEC_page_present; int rc; -@@ -1071,31 +1154,8 @@ static int __hvmemul_read( +@@ -1089,31 +1172,8 @@ static int __hvmemul_read( seg, offset, bytes, &reps, access_type, hvmemul_ctxt, &addr); if ( rc != X86EMUL_OKAY || !bytes ) return rc; @@ -160,7 +160,7 @@ } static int hvmemul_read( -@@ -1175,7 +1235,7 @@ static int hvmemul_write( +@@ -1193,7 +1253,7 @@ static int hvmemul_write( unsigned long addr, reps = 1; uint32_t pfec = PFEC_page_present | PFEC_write_access; int rc; @@ -169,7 +169,7 @@ if ( is_x86_system_segment(seg) ) pfec |= PFEC_implicit; -@@ -1187,15 +1247,15 @@ static int hvmemul_write( +@@ -1205,15 +1265,15 @@ static int hvmemul_write( if ( rc != X86EMUL_OKAY || !bytes ) return rc; @@ -192,7 +192,7 @@ memcpy(mapping, p_data, bytes); -@@ -1217,7 +1277,7 @@ static int hvmemul_rmw( +@@ -1235,7 +1295,7 @@ static int hvmemul_rmw( unsigned long addr, reps = 1; uint32_t pfec = PFEC_page_present | PFEC_write_access; int rc; @@ -201,7 +201,7 @@ rc = hvmemul_virtual_to_linear( seg, offset, bytes, &reps, hvm_access_write, hvmemul_ctxt, &addr); -@@ -1229,9 +1289,12 @@ static int hvmemul_rmw( +@@ -1247,9 +1307,12 @@ static int hvmemul_rmw( else if ( hvmemul_ctxt->seg_reg[x86_seg_ss].dpl == 3 ) pfec |= PFEC_user_mode; @@ -217,7 +217,7 @@ if ( mapping ) { -@@ -1241,17 +1304,14 @@ static int hvmemul_rmw( +@@ -1259,17 +1322,14 @@ static int hvmemul_rmw( else { unsigned long data = 0; ++++++ 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch ++++++ # Commit 6e395f477fb854f11de83a951a070d3aacb6dc59 # Date 2018-09-18 16:50:44 +0100 # Author Dario Faggioli <dfaggioli(a)suse.com> # Committer George Dunlap <george.dunlap(a)citrix.com> xen: sched/Credit2: fix bug when moving CPUs between two Credit2 cpupools Whether or not a CPU is assigned to a runqueue (and, if yes, to which one) within a Credit2 scheduler instance must be both a per-cpu and per-scheduler instance one. In fact, when we move a CPU between cpupools, we first setup its per-cpu data in the new pool, and then cleanup its per-cpu data from the old pool. In Credit2, when there currently is no per-scheduler, per-cpu data (as the cpu-to-runqueue map is stored on a per-cpu basis only), this means that the cleanup of the old per-cpu data can mess with the new per-cpu data, leading to crashes like this: https://www.mail-archive.com/xen-devel@lists.xenproject.org/msg23306.html https://www.mail-archive.com/xen-devel@lists.xenproject.org/msg23350.html Basically, when csched2_deinit_pdata() is called for CPU 13, for fully removing the CPU from Pool-0, per_cpu(13,runq_map) already contain the id of the runqueue to which the CPU has been assigned in the scheduler of Pool-1, which means wrong runqueue manipulations happen in Pool-0's scheduler. Furthermore, at the end of such call, that same runq_map is updated with -1, which is what causes the BUG_ON in csched2_schedule(), on CPU 13, to trigger. So, instead of reverting a2c4e5ab59d "xen: credit2: make the cpu to runqueue map per-cpu" (as we don't want to go back to having the huge array in struct csched2_private) add a per-cpu scheduler specific data structure, like, for instance, Credit1 has already. That (for now) only contains one field: the id of the runqueue the CPU is assigned to. Signed-off-by: Dario Faggioli <dfaggioli(a)suse.com> Reviewed-by: Juergen Gross <jgross(a)suse.com> Reviewed-by: George Dunlap <george.dunlap(a)citrix.com> --- a/xen/common/sched_credit2.c +++ b/xen/common/sched_credit2.c @@ -508,11 +508,10 @@ struct csched2_private { /* * Physical CPU - * - * The only per-pCPU information we need to maintain is of which runqueue - * each CPU is part of. */ -static DEFINE_PER_CPU(int, runq_map); +struct csched2_pcpu { + int runq_id; +}; /* * Virtual CPU @@ -571,6 +570,11 @@ static inline struct csched2_private *cs return ops->sched_data; } +static inline struct csched2_pcpu *csched2_pcpu(unsigned int cpu) +{ + return per_cpu(schedule_data, cpu).sched_priv; +} + static inline struct csched2_vcpu *csched2_vcpu(const struct vcpu *v) { return v->sched_priv; @@ -584,7 +588,7 @@ static inline struct csched2_dom *csched /* CPU to runq_id macro */ static inline int c2r(unsigned int cpu) { - return per_cpu(runq_map, cpu); + return csched2_pcpu(cpu)->runq_id; } /* CPU to runqueue struct macro */ @@ -3778,31 +3782,45 @@ csched2_dump(const struct scheduler *ops #undef cpustr } +static void * +csched2_alloc_pdata(const struct scheduler *ops, int cpu) +{ + struct csched2_pcpu *spc; + + spc = xzalloc(struct csched2_pcpu); + if ( spc == NULL ) + return ERR_PTR(-ENOMEM); + + /* Not in any runqueue yet */ + spc->runq_id = -1; + + return spc; +} + /* Returns the ID of the runqueue the cpu is assigned to. */ static unsigned -init_pdata(struct csched2_private *prv, unsigned int cpu) +init_pdata(struct csched2_private *prv, struct csched2_pcpu *spc, + unsigned int cpu) { - unsigned rqi; struct csched2_runqueue_data *rqd; ASSERT(rw_is_write_locked(&prv->lock)); ASSERT(!cpumask_test_cpu(cpu, &prv->initialized)); + /* CPU data needs to be allocated, but still uninitialized. */ + ASSERT(spc && spc->runq_id == -1); /* Figure out which runqueue to put it in */ - rqi = cpu_to_runqueue(prv, cpu); + spc->runq_id = cpu_to_runqueue(prv, cpu); - rqd = prv->rqd + rqi; + rqd = prv->rqd + spc->runq_id; - printk(XENLOG_INFO "Adding cpu %d to runqueue %d\n", cpu, rqi); - if ( ! cpumask_test_cpu(rqi, &prv->active_queues) ) + printk(XENLOG_INFO "Adding cpu %d to runqueue %d\n", cpu, spc->runq_id); + if ( ! cpumask_test_cpu(spc->runq_id, &prv->active_queues) ) { printk(XENLOG_INFO " First cpu on runqueue, activating\n"); - activate_runqueue(prv, rqi); + activate_runqueue(prv, spc->runq_id); } - /* Set the runqueue map */ - per_cpu(runq_map, cpu) = rqi; - __cpumask_set_cpu(cpu, &rqd->idle); __cpumask_set_cpu(cpu, &rqd->active); __cpumask_set_cpu(cpu, &prv->initialized); @@ -3811,7 +3829,7 @@ init_pdata(struct csched2_private *prv, if ( cpumask_weight(&rqd->active) == 1 ) rqd->pick_bias = cpu; - return rqi; + return spc->runq_id; } static void @@ -3822,16 +3840,10 @@ csched2_init_pdata(const struct schedule unsigned long flags; unsigned rqi; - /* - * pdata contains what alloc_pdata returned. But since we don't (need to) - * implement alloc_pdata, either that's NULL, or something is very wrong! - */ - ASSERT(!pdata); - write_lock_irqsave(&prv->lock, flags); old_lock = pcpu_schedule_lock(cpu); - rqi = init_pdata(prv, cpu); + rqi = init_pdata(prv, pdata, cpu); /* Move the scheduler lock to the new runq lock. */ per_cpu(schedule_data, cpu).schedule_lock = &prv->rqd[rqi].lock; @@ -3849,7 +3861,7 @@ csched2_switch_sched(struct scheduler *n struct csched2_vcpu *svc = vdata; unsigned rqi; - ASSERT(!pdata && svc && is_idle_vcpu(svc->vcpu)); + ASSERT(pdata && svc && is_idle_vcpu(svc->vcpu)); /* * We own one runqueue lock already (from schedule_cpu_switch()). This @@ -3864,7 +3876,7 @@ csched2_switch_sched(struct scheduler *n idle_vcpu[cpu]->sched_priv = vdata; - rqi = init_pdata(prv, cpu); + rqi = init_pdata(prv, pdata, cpu); /* * Now that we know what runqueue we'll go in, double check what's said @@ -3875,7 +3887,7 @@ csched2_switch_sched(struct scheduler *n ASSERT(per_cpu(schedule_data, cpu).schedule_lock != &prv->rqd[rqi].lock); per_cpu(scheduler, cpu) = new_ops; - per_cpu(schedule_data, cpu).sched_priv = NULL; /* no pdata */ + per_cpu(schedule_data, cpu).sched_priv = pdata; /* * (Re?)route the lock to the per pCPU lock as /last/ thing. In fact, @@ -3894,7 +3906,7 @@ csched2_deinit_pdata(const struct schedu unsigned long flags; struct csched2_private *prv = csched2_priv(ops); struct csched2_runqueue_data *rqd; - int rqi; + struct csched2_pcpu *spc = pcpu; write_lock_irqsave(&prv->lock, flags); @@ -3902,17 +3914,24 @@ csched2_deinit_pdata(const struct schedu * alloc_pdata is not implemented, so pcpu must be NULL. On the other * hand, init_pdata must have been called for this pCPU. */ - ASSERT(!pcpu && cpumask_test_cpu(cpu, &prv->initialized)); + /* + * Scheduler specific data for this pCPU must still be there and and be + * valid. In fact, if we are here: + * 1. alloc_pdata must have been called for this cpu, and free_pdata + * must not have been called on it before us, + * 2. init_pdata must have been called on this cpu, and deinit_pdata + * (us!) must not have been called on it already. + */ + ASSERT(spc && spc->runq_id != -1); + ASSERT(cpumask_test_cpu(cpu, &prv->initialized)); /* Find the old runqueue and remove this cpu from it */ - rqi = per_cpu(runq_map, cpu); - - rqd = prv->rqd + rqi; + rqd = prv->rqd + spc->runq_id; /* No need to save IRQs here, they're already disabled */ spin_lock(&rqd->lock); - printk(XENLOG_INFO "Removing cpu %d from runqueue %d\n", cpu, rqi); + printk(XENLOG_INFO "Removing cpu %d from runqueue %d\n", cpu, spc->runq_id); __cpumask_clear_cpu(cpu, &rqd->idle); __cpumask_clear_cpu(cpu, &rqd->smt_idle); @@ -3921,12 +3940,12 @@ csched2_deinit_pdata(const struct schedu if ( cpumask_empty(&rqd->active) ) { printk(XENLOG_INFO " No cpus left on runqueue, disabling\n"); - deactivate_runqueue(prv, rqi); + deactivate_runqueue(prv, spc->runq_id); } else if ( rqd->pick_bias == cpu ) rqd->pick_bias = cpumask_first(&rqd->active); - per_cpu(runq_map, cpu) = -1; + spc->runq_id = -1; spin_unlock(&rqd->lock); @@ -3937,6 +3956,24 @@ csched2_deinit_pdata(const struct schedu return; } +static void +csched2_free_pdata(const struct scheduler *ops, void *pcpu, int cpu) +{ + struct csched2_pcpu *spc = pcpu; + + /* + * pcpu either points to a valid struct csched2_pcpu, or is NULL (if + * CPU bringup failed, and we're beeing called from CPU_UP_CANCELLED). + * xfree() does not really mind, but we want to be sure that either + * init_pdata has never been called, or deinit_pdata has been called + * already. + */ + ASSERT(!pcpu || spc->runq_id == -1); + ASSERT(!cpumask_test_cpu(cpu, &csched2_priv(ops)->initialized)); + + xfree(pcpu); +} + static int csched2_init(struct scheduler *ops) { @@ -4052,8 +4089,10 @@ static const struct scheduler sched_cred .deinit = csched2_deinit, .alloc_vdata = csched2_alloc_vdata, .free_vdata = csched2_free_vdata, + .alloc_pdata = csched2_alloc_pdata, .init_pdata = csched2_init_pdata, .deinit_pdata = csched2_deinit_pdata, + .free_pdata = csched2_free_pdata, .switch_sched = csched2_switch_sched, .alloc_domdata = csched2_alloc_domdata, .free_domdata = csched2_free_domdata, ++++++ 5bacae4b-x86-boot-allocate-extra-module-slot.patch ++++++ # Commit 4c5f9dbebc0bd2afee1ecd936c74ffe65756950f # Date 2018-09-27 11:17:47 +0100 # Author Daniel Kiper <daniel.kiper(a)oracle.com> # Committer Andrew Cooper <andrew.cooper3(a)citrix.com> x86/boot: Allocate one extra module slot for Xen image placement Commit 9589927 (x86/mb2: avoid Xen image when looking for module/crashkernel position) fixed relocation issues for Multiboot2 protocol. Unfortunately it missed to allocate module slot for Xen image placement in early boot path. So, let's fix it right now. Reported-by: Wei Liu <wei.liu2(a)citrix.com> Signed-off-by: Daniel Kiper <daniel.kiper(a)oracle.com> Acked-by: Andrew Cooper <andrew.cooper3(a)citrix.com> --- a/xen/arch/x86/boot/reloc.c +++ b/xen/arch/x86/boot/reloc.c @@ -177,7 +177,12 @@ static multiboot_info_t *mbi2_reloc(u32 if ( mbi_out->mods_count ) { mbi_out->flags |= MBI_MODULES; - mbi_out->mods_addr = alloc_mem(mbi_out->mods_count * sizeof(*mbi_out_mods)); + /* + * We have to allocate one more module slot here. At some point + * __start_xen() may put Xen image placement into it. + */ + mbi_out->mods_addr = alloc_mem((mbi_out->mods_count + 1) * + sizeof(*mbi_out_mods)); mbi_out_mods = _p(mbi_out->mods_addr); } ++++++ 5bae44ce-x86-silence-false-log-messages.patch ++++++ # Commit 2fb57e4beefeda923446b73f88b392e59b07d847 # Date 2018-09-28 17:12:14 +0200 # Author Jan Beulich <jbeulich(a)suse.com> # Committer Jan Beulich <jbeulich(a)suse.com> x86: silence false log messages for plain "xpti" / "pv-l1tf" While commit 2a3b34ec47 ("x86/spec-ctrl: Yet more fixes for xpti= parsing") claimed to have got rid of the 'parameter "xpti" has invalid value "", rc=-22!' log message for "xpti" alone on the command line, this wasn't the case (the option took effect nevertheless). Fix this there as well as for plain "pv-l1tf". Signed-off-by: Jan Beulich <jbeulich(a)suse.com> Acked-by: Andrew Cooper <andrew.cooper3(a)citrix.com> --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -256,7 +256,7 @@ static __init int parse_pv_l1tf(const ch else if ( (val = parse_boolean("domu", s, ss)) >= 0 ) opt_pv_l1tf = ((opt_pv_l1tf & ~OPT_PV_L1TF_DOMU) | (val ? OPT_PV_L1TF_DOMU : 0)); - else + else if ( *s ) rc = -EINVAL; break; } @@ -707,7 +707,7 @@ static __init int parse_xpti(const char else if ( (val = parse_boolean("domu", s, ss)) >= 0 ) opt_xpti = (opt_xpti & ~OPT_XPTI_DOMU) | (val ? OPT_XPTI_DOMU : 0); - else + else if ( *s ) rc = -EINVAL; break; } ++++++ 5bb60c12-x86-split-opt_xpti.patch ++++++ # Commit 51e0cb45932d80d4eeb59994ee2c3f3c597b0212 # Date 2018-10-04 14:48:18 +0200 # Author Jan Beulich <jbeulich(a)suse.com> # Committer Jan Beulich <jbeulich(a)suse.com> x86: split opt_xpti Use separate tracking variables for the hardware domain and DomU-s. No functional change intended. Signed-off-by: Jan Beulich <jbeulich(a)suse.com> Acked-by: Andrew Cooper <andrew.cooper3(a)citrix.com> --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -259,8 +259,8 @@ int pv_domain_initialise(struct domain * /* 64-bit PV guest by default. */ d->arch.is_32bit_pv = d->arch.has_32bit_shinfo = 0; - d->arch.pv_domain.xpti = opt_xpti & (is_hardware_domain(d) - ? OPT_XPTI_DOM0 : OPT_XPTI_DOMU); + d->arch.pv_domain.xpti = is_hardware_domain(d) ? opt_xpti_hwdom + : opt_xpti_domu; if ( !is_pv_32bit_domain(d) && use_invpcid && cpu_has_pcid ) switch ( opt_pcid ) --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -134,8 +134,10 @@ static int __init parse_spec_ctrl(const opt_eager_fpu = 0; - if ( opt_xpti < 0 ) - opt_xpti = 0; + if ( opt_xpti_hwdom < 0 ) + opt_xpti_hwdom = 0; + if ( opt_xpti_domu < 0 ) + opt_xpti_domu = 0; if ( opt_smt < 0 ) opt_smt = 1; @@ -343,8 +345,8 @@ static void __init print_details(enum in opt_eager_fpu ? " EAGER_FPU" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s\n", - opt_xpti & OPT_XPTI_DOM0 ? "enabled" : "disabled", - opt_xpti & OPT_XPTI_DOMU ? "enabled" : "disabled"); + opt_xpti_hwdom ? "enabled" : "disabled", + opt_xpti_domu ? "enabled" : "disabled"); printk(" PV L1TF shadowing: Dom0 %s, DomU %s\n", opt_pv_l1tf & OPT_PV_L1TF_DOM0 ? "enabled" : "disabled", @@ -657,7 +659,8 @@ static __init void l1tf_calculations(uin : (3ul << (paddr_bits - 2)))); } -int8_t __read_mostly opt_xpti = -1; +int8_t __read_mostly opt_xpti_hwdom = -1; +int8_t __read_mostly opt_xpti_domu = -1; static __init void xpti_init_default(uint64_t caps) { @@ -665,9 +668,19 @@ static __init void xpti_init_default(uin caps = ARCH_CAPABILITIES_RDCL_NO; if ( caps & ARCH_CAPABILITIES_RDCL_NO ) - opt_xpti = 0; + { + if ( opt_xpti_hwdom < 0 ) + opt_xpti_hwdom = 0; + if ( opt_xpti_domu < 0 ) + opt_xpti_domu = 0; + } else - opt_xpti = OPT_XPTI_DOM0 | OPT_XPTI_DOMU; + { + if ( opt_xpti_hwdom < 0 ) + opt_xpti_hwdom = 1; + if ( opt_xpti_domu < 0 ) + opt_xpti_domu = 1; + } } static __init int parse_xpti(const char *s) @@ -676,12 +689,14 @@ static __init int parse_xpti(const char int val, rc = 0; /* Inhibit the defaults as an explicit choice has been given. */ - if ( opt_xpti == -1 ) - opt_xpti = 0; + if ( opt_xpti_hwdom == -1 ) + opt_xpti_hwdom = 0; + if ( opt_xpti_domu == -1 ) + opt_xpti_domu = 0; /* Interpret 'xpti' alone in its positive boolean form. */ if ( *s == '\0' ) - opt_xpti = OPT_XPTI_DOM0 | OPT_XPTI_DOMU; + opt_xpti_hwdom = opt_xpti_domu = 1; do { ss = strchr(s, ','); @@ -691,22 +706,20 @@ static __init int parse_xpti(const char switch ( parse_bool(s, ss) ) { case 0: - opt_xpti = 0; + opt_xpti_hwdom = opt_xpti_domu = 0; break; case 1: - opt_xpti = OPT_XPTI_DOM0 | OPT_XPTI_DOMU; + opt_xpti_hwdom = opt_xpti_domu = 1; break; default: if ( !strcmp(s, "default") ) - opt_xpti = -1; + opt_xpti_hwdom = opt_xpti_domu = -1; else if ( (val = parse_boolean("dom0", s, ss)) >= 0 ) - opt_xpti = (opt_xpti & ~OPT_XPTI_DOM0) | - (val ? OPT_XPTI_DOM0 : 0); + opt_xpti_hwdom = val; else if ( (val = parse_boolean("domu", s, ss)) >= 0 ) - opt_xpti = (opt_xpti & ~OPT_XPTI_DOMU) | - (val ? OPT_XPTI_DOMU : 0); + opt_xpti_domu = val; else if ( *s ) rc = -EINVAL; break; @@ -862,10 +875,9 @@ void __init init_speculation_mitigations if ( default_xen_spec_ctrl ) setup_force_cpu_cap(X86_FEATURE_SC_MSR_IDLE); - if ( opt_xpti == -1 ) - xpti_init_default(caps); + xpti_init_default(caps); - if ( opt_xpti == 0 ) + if ( !opt_xpti_hwdom && !opt_xpti_domu ) setup_force_cpu_cap(X86_FEATURE_NO_XPTI); else setup_clear_cpu_cap(X86_FEATURE_NO_XPTI); --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -35,9 +35,7 @@ extern bool bsp_delay_spec_ctrl; extern uint8_t default_xen_spec_ctrl; extern uint8_t default_spec_ctrl_flags; -extern int8_t opt_xpti; -#define OPT_XPTI_DOM0 0x01 -#define OPT_XPTI_DOMU 0x02 +extern int8_t opt_xpti_hwdom, opt_xpti_domu; extern int8_t opt_pv_l1tf; #define OPT_PV_L1TF_DOM0 0x01 ++++++ 5bb60c4f-x86-split-opt_pv_l1tf.patch ++++++ # Commit 0b89643ef6ef14e2c2b731ca675d23e405ed69b1 # Date 2018-10-04 14:49:19 +0200 # Author Jan Beulich <jbeulich(a)suse.com> # Committer Jan Beulich <jbeulich(a)suse.com> x86: split opt_pv_l1tf Use separate tracking variables for the hardware domain and DomU-s. No functional change intended, but adjust the comment in init_speculation_mitigations() to match prior as well as resulting code. Signed-off-by: Jan Beulich <jbeulich(a)suse.com> Acked-by: Andrew Cooper <andrew.cooper3(a)citrix.com> --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -142,8 +142,10 @@ static int __init parse_spec_ctrl(const if ( opt_smt < 0 ) opt_smt = 1; - if ( opt_pv_l1tf < 0 ) - opt_pv_l1tf = 0; + if ( opt_pv_l1tf_hwdom < 0 ) + opt_pv_l1tf_hwdom = 0; + if ( opt_pv_l1tf_domu < 0 ) + opt_pv_l1tf_domu = 0; disable_common: opt_rsb_pv = false; @@ -221,7 +223,8 @@ static int __init parse_spec_ctrl(const } custom_param("spec-ctrl", parse_spec_ctrl); -int8_t __read_mostly opt_pv_l1tf = -1; +int8_t __read_mostly opt_pv_l1tf_hwdom = -1; +int8_t __read_mostly opt_pv_l1tf_domu = -1; static __init int parse_pv_l1tf(const char *s) { @@ -229,12 +232,14 @@ static __init int parse_pv_l1tf(const ch int val, rc = 0; /* Inhibit the defaults as an explicit choice has been given. */ - if ( opt_pv_l1tf == -1 ) - opt_pv_l1tf = 0; + if ( opt_pv_l1tf_hwdom == -1 ) + opt_pv_l1tf_hwdom = 0; + if ( opt_pv_l1tf_domu == -1 ) + opt_pv_l1tf_domu = 0; /* Interpret 'pv-l1tf' alone in its positive boolean form. */ if ( *s == '\0' ) - opt_pv_l1tf = OPT_PV_L1TF_DOM0 | OPT_PV_L1TF_DOMU; + opt_pv_l1tf_hwdom = opt_pv_l1tf_domu = 1; do { ss = strchr(s, ','); @@ -244,20 +249,18 @@ static __init int parse_pv_l1tf(const ch switch ( parse_bool(s, ss) ) { case 0: - opt_pv_l1tf = 0; + opt_pv_l1tf_hwdom = opt_pv_l1tf_domu = 0; break; case 1: - opt_pv_l1tf = OPT_PV_L1TF_DOM0 | OPT_PV_L1TF_DOMU; + opt_pv_l1tf_hwdom = opt_pv_l1tf_domu = 1; break; default: if ( (val = parse_boolean("dom0", s, ss)) >= 0 ) - opt_pv_l1tf = ((opt_pv_l1tf & ~OPT_PV_L1TF_DOM0) | - (val ? OPT_PV_L1TF_DOM0 : 0)); + opt_pv_l1tf_hwdom = val; else if ( (val = parse_boolean("domu", s, ss)) >= 0 ) - opt_pv_l1tf = ((opt_pv_l1tf & ~OPT_PV_L1TF_DOMU) | - (val ? OPT_PV_L1TF_DOMU : 0)); + opt_pv_l1tf_domu = val; else if ( *s ) rc = -EINVAL; break; @@ -320,7 +323,7 @@ static void __init print_details(enum in opt_l1d_flush ? " L1D_FLUSH" : ""); /* L1TF diagnostics, printed if vulnerable or PV shadowing is in use. */ - if ( cpu_has_bug_l1tf || opt_pv_l1tf ) + if ( cpu_has_bug_l1tf || opt_pv_l1tf_hwdom || opt_pv_l1tf_domu ) printk(" L1TF: believed%s vulnerable, maxphysaddr L1D %u, CPUID %u" ", Safe address %"PRIx64"\n", cpu_has_bug_l1tf ? "" : " not", @@ -349,8 +352,8 @@ static void __init print_details(enum in opt_xpti_domu ? "enabled" : "disabled"); printk(" PV L1TF shadowing: Dom0 %s, DomU %s\n", - opt_pv_l1tf & OPT_PV_L1TF_DOM0 ? "enabled" : "disabled", - opt_pv_l1tf & OPT_PV_L1TF_DOMU ? "enabled" : "disabled"); + opt_pv_l1tf_hwdom ? "enabled" : "disabled", + opt_pv_l1tf_domu ? "enabled" : "disabled"); } /* Calculate whether Retpoline is known-safe on this CPU. */ @@ -891,13 +894,10 @@ void __init init_speculation_mitigations * In shim mode, SHADOW is expected to be compiled out, and a malicious * guest kernel can only attack the shim Xen, not the host Xen. */ - if ( opt_pv_l1tf == -1 ) - { - if ( pv_shim || !cpu_has_bug_l1tf ) - opt_pv_l1tf = 0; - else - opt_pv_l1tf = OPT_PV_L1TF_DOMU; - } + if ( opt_pv_l1tf_hwdom == -1 ) + opt_pv_l1tf_hwdom = 0; + if ( opt_pv_l1tf_domu == -1 ) + opt_pv_l1tf_domu = !pv_shim && cpu_has_bug_l1tf; /* * By default, enable L1D_FLUSH on L1TF-vulnerable hardware, unless --- a/xen/include/asm-x86/shadow.h +++ b/xen/include/asm-x86/shadow.h @@ -224,9 +224,8 @@ void pv_l1tf_tasklet(unsigned long data) static inline void pv_l1tf_domain_init(struct domain *d) { - d->arch.pv_domain.check_l1tf = - opt_pv_l1tf & (is_hardware_domain(d) - ? OPT_PV_L1TF_DOM0 : OPT_PV_L1TF_DOMU); + d->arch.pv_domain.check_l1tf = is_hardware_domain(d) ? opt_pv_l1tf_hwdom + : opt_pv_l1tf_domu; #if defined(CONFIG_SHADOW_PAGING) && defined(CONFIG_PV) tasklet_init(&d->arch.paging.shadow.pv_l1tf_tasklet, --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -37,9 +37,7 @@ extern uint8_t default_spec_ctrl_flags; extern int8_t opt_xpti_hwdom, opt_xpti_domu; -extern int8_t opt_pv_l1tf; -#define OPT_PV_L1TF_DOM0 0x01 -#define OPT_PV_L1TF_DOMU 0x02 +extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu; /* * The L1D address mask, which might be wider than reported in CPUID, and the ++++++ 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch ++++++ # Commit 8743d2dea539617e237c77556a91dc357098a8af # Date 2018-10-04 14:49:56 +0200 # Author Jan Beulich <jbeulich(a)suse.com> # Committer Jan Beulich <jbeulich(a)suse.com> x86: fix "xpti=" and "pv-l1tf=" yet again While commit 2a3b34ec47 ("x86/spec-ctrl: Yet more fixes for xpti= parsing") indeed fixed "xpti=dom0", it broke "xpti=no-dom0", in that this then became equivalent to "xpti=no". In particular, the presence of "xpti=" alone on the command line means nothing as to which default is to be overridden; "xpti=no-dom0", for example, ought to have no effect for DomU-s, as this is distinct from both "xpti=no-dom0,domu" and "xpti=no-dom0,no-domu". Signed-off-by: Jan Beulich <jbeulich(a)suse.com> Acked-by: Andrew Cooper <andrew.cooper3(a)citrix.com> --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -231,12 +231,6 @@ static __init int parse_pv_l1tf(const ch const char *ss; int val, rc = 0; - /* Inhibit the defaults as an explicit choice has been given. */ - if ( opt_pv_l1tf_hwdom == -1 ) - opt_pv_l1tf_hwdom = 0; - if ( opt_pv_l1tf_domu == -1 ) - opt_pv_l1tf_domu = 0; - /* Interpret 'pv-l1tf' alone in its positive boolean form. */ if ( *s == '\0' ) opt_pv_l1tf_hwdom = opt_pv_l1tf_domu = 1; @@ -691,12 +685,6 @@ static __init int parse_xpti(const char const char *ss; int val, rc = 0; - /* Inhibit the defaults as an explicit choice has been given. */ - if ( opt_xpti_hwdom == -1 ) - opt_xpti_hwdom = 0; - if ( opt_xpti_domu == -1 ) - opt_xpti_domu = 0; - /* Interpret 'xpti' alone in its positive boolean form. */ if ( *s == '\0' ) opt_xpti_hwdom = opt_xpti_domu = 1; ++++++ 5bcf0722-x86-boot-enable-NMIs.patch ++++++ # Commit 072e054359a4d4a4f6c3fa09585667472c4f0f1d # Date 2018-10-23 12:33:54 +0100 # Author Sergey Dyasli <sergey.dyasli(a)citrix.com> # Committer Andrew Cooper <andrew.cooper3(a)citrix.com> x86/boot: enable NMIs after traps init In certain scenarios, NMIs might be disabled during Xen boot process. Such situation will cause alternative_instructions() to: panic("Timed out waiting for alternatives self-NMI to hit\n"); This bug was originally seen when using Tboot to boot Xen 4.11 To prevent this from happening, enable NMIs during cpu_init() and during __start_xen() for BSP. Signed-off-by: Sergey Dyasli <sergey.dyasli(a)citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3(a)citrix.com> --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -831,6 +831,9 @@ void cpu_init(void) #define CD(register) asm volatile ( "mov %0,%%db" #register : : "r"(0UL) ); CD(0); CD(1); CD(2); CD(3); /* no db4 and db5 */; CD(6); CD(7); #undef CD + + /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ + enable_nmis(); } void cpu_uninit(unsigned int cpu) --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -702,6 +702,9 @@ void __init noreturn __start_xen(unsigne /* Full exception support from here on in. */ + /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ + enable_nmis(); + if ( pvh_boot ) { ASSERT(mbi_p == 0); ++++++ 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch ++++++ # Commit 46029da12e5efeca6d957e5793bd34f2965fa0a1 # Date 2018-10-24 14:43:05 +0100 # Author Andrew Cooper <andrew.cooper3(a)citrix.com> # Committer Andrew Cooper <andrew.cooper3(a)citrix.com> tools/dombuilder: Initialise vcpu debug registers correctly In particular, initialising %dr6 with the value 0 is buggy, because on hardware supporting Transactional Memory, it will cause the sticky RTM bit to be asserted, even though a debug exception from a transaction hasn't actually been observed. Signed-off-by: Andrew Cooper <andrew.cooper3(a)citrix.com> Reviewed-by: Jan Beulich <jbeulich(a)suse.com> Reviewed-by: Roger Pau Monné <roger.pau(a)citrix.com> Acked-by: Wei Liu <wei.liu2(a)citrix.com> --- a/tools/libxc/xc_dom_x86.c +++ b/tools/libxc/xc_dom_x86.c @@ -53,6 +53,9 @@ #define X86_CR0_PE 0x01 #define X86_CR0_ET 0x10 +#define X86_DR6_DEFAULT 0xffff0ff0u +#define X86_DR7_DEFAULT 0x00000400u + #define SPECIALPAGE_PAGING 0 #define SPECIALPAGE_ACCESS 1 #define SPECIALPAGE_SHARING 2 @@ -860,6 +863,9 @@ static int vcpu_x86_32(struct xc_dom_ima dom->parms.virt_base + (dom->start_info_pfn) * PAGE_SIZE_X86; ctxt->user_regs.eflags = 1 << 9; /* Interrupt Enable */ + ctxt->debugreg[6] = X86_DR6_DEFAULT; + ctxt->debugreg[7] = X86_DR7_DEFAULT; + ctxt->flags = VGCF_in_kernel_X86_32 | VGCF_online_X86_32; if ( dom->parms.pae == XEN_PAE_EXTCR3 || dom->parms.pae == XEN_PAE_BIMODAL ) @@ -907,6 +913,9 @@ static int vcpu_x86_64(struct xc_dom_ima dom->parms.virt_base + (dom->start_info_pfn) * PAGE_SIZE_X86; ctxt->user_regs.rflags = 1 << 9; /* Interrupt Enable */ + ctxt->debugreg[6] = X86_DR6_DEFAULT; + ctxt->debugreg[7] = X86_DR7_DEFAULT; + ctxt->flags = VGCF_in_kernel_X86_64 | VGCF_online_X86_64; cr3_pfn = xc_dom_p2m(dom, dom->pgtables_seg.pfn); ctxt->ctrlreg[3] = xen_pfn_to_cr3_x86_64(cr3_pfn); @@ -1011,6 +1020,9 @@ static int vcpu_hvm(struct xc_dom_image /* Set the IP. */ bsp_ctx.cpu.rip = dom->parms.phys_entry; + bsp_ctx.cpu.dr6 = X86_DR6_DEFAULT; + bsp_ctx.cpu.dr7 = X86_DR7_DEFAULT; + if ( dom->start_info_seg.pfn ) bsp_ctx.cpu.rbx = dom->start_info_seg.pfn << PAGE_SHIFT; ++++++ 5bd076e9-x86-boot-init-debug-regs-correctly.patch ++++++ # Commit 721da6d41a70fe08b3fcd9c31a62f6709a54c6ba # Date 2018-10-24 14:43:05 +0100 # Author Andrew Cooper <andrew.cooper3(a)citrix.com> # Committer Andrew Cooper <andrew.cooper3(a)citrix.com> x86/boot: Initialise the debug registers correctly In particular, initialising %dr6 with the value 0 is buggy, because on hardware supporting Transactional Memory, it will cause the sticky RTM bit to be asserted, even though a debug exception from a transaction hasn't actually been observed. Move X86_DR6_DEFAULT into x86-defns.h along with the other architectural register constants, and introduce a new X86_DR7_DEFAULT. Use the existing write_debugreg() helper, rather than opencoded inline assembly. Signed-off-by: Andrew Cooper <andrew.cooper3(a)citrix.com> Reviewed-by: Jan Beulich <jbeulich(a)suse.com> Reviewed-by: Roger Pau Monné <roger.pau(a)citrix.com> --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -3,6 +3,7 @@ #include <xen/delay.h> #include <xen/smp.h> #include <asm/current.h> +#include <asm/debugreg.h> #include <asm/processor.h> #include <asm/xstate.h> #include <asm/msr.h> @@ -827,10 +828,13 @@ void cpu_init(void) /* Ensure FPU gets initialised for each domain. */ stts(); - /* Clear all 6 debug registers: */ -#define CD(register) asm volatile ( "mov %0,%%db" #register : : "r"(0UL) ); - CD(0); CD(1); CD(2); CD(3); /* no db4 and db5 */; CD(6); CD(7); -#undef CD + /* Reset debug registers: */ + write_debugreg(0, 0); + write_debugreg(1, 0); + write_debugreg(2, 0); + write_debugreg(3, 0); + write_debugreg(6, X86_DR6_DEFAULT); + write_debugreg(7, X86_DR7_DEFAULT); /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); --- a/xen/include/asm-x86/debugreg.h +++ b/xen/include/asm-x86/debugreg.h @@ -24,8 +24,6 @@ #define DR_STATUS_RESERVED_ZERO (~0xffffeffful) /* Reserved, read as zero */ #define DR_STATUS_RESERVED_ONE 0xffff0ff0ul /* Reserved, read as one */ -#define X86_DR6_DEFAULT 0xffff0ff0ul /* Default %dr6 value. */ - /* Now define a bunch of things for manipulating the control register. The top two bytes of the control register consist of 4 fields of 4 bits - each field corresponds to one of the four debug registers, --- a/xen/include/asm-x86/x86-defns.h +++ b/xen/include/asm-x86/x86-defns.h @@ -97,4 +97,14 @@ #define X86_XCR0_LWP_POS 62 #define X86_XCR0_LWP (1ULL << X86_XCR0_LWP_POS) +/* + * Debug status flags in DR6. + */ +#define X86_DR6_DEFAULT 0xffff0ff0 /* Default %dr6 value. */ + +/* + * Debug control flags in DR7. + */ +#define X86_DR7_DEFAULT 0x00000400 /* Default %dr7 value. */ + #endif /* __XEN_X86_DEFNS_H__ */ ++++++ 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch ++++++ # Commit dfba4d2e91f63a8f40493c4fc2db03fd8287f6cb # Date 2018-10-24 14:43:05 +0100 # Author Andrew Cooper <andrew.cooper3(a)citrix.com> # Committer Andrew Cooper <andrew.cooper3(a)citrix.com> x86/domain: Initialise vcpu debug registers correctly In particular, initialising %dr6 with the value 0 is buggy, because on hardware supporting Transactional Memory, it will cause the sticky RTM bit to be asserted, even though a debug exception from a transaction hasn't actually been observed. Introduce arch_vcpu_regs_init() to set various architectural defaults, and reuse this in the hvm_vcpu_reset_state() path. Architecturally, %edx's init state contains the processors model information, and 0xf looks to be a remnant of the old Intel processors. We clearly have no software which cares, seeing as it is wrong for the last decade's worth of Intel hardware and for all other vendors, so lets use the value 0 for simplicity. Signed-off-by: Andrew Cooper <andrew.cooper3(a)citrix.com> Reviewed-by: Jan Beulich <jbeulich(a)suse.com> Reviewed-by: Roger Pau Monné <roger.pau(a)citrix.com> # Commit 0a1fa635029d100d4b6b7eddb31d49603217cab7 # Date 2018-10-30 13:26:21 +0000 # Author Andrew Cooper <andrew.cooper3(a)citrix.com> # Committer Andrew Cooper <andrew.cooper3(a)citrix.com> x86/domain: Fix build with GCC 4.3.x GCC 4.3.x can't initialise the user_regs structure like this. Reported-by: Jan Beulich <JBeulich(a)suse.com> Signed-off-by: Andrew Cooper <andrew.cooper3(a)citrix.com> Reviewed-by: Wei Liu <wei.liu2(a)citrix.com> Acked-by: Jan Beulich <jbeulich(a)suse.com> --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -323,6 +323,17 @@ void free_vcpu_struct(struct vcpu *v) free_xenheap_page(v); } +/* Initialise various registers to their architectural INIT/RESET state. */ +void arch_vcpu_regs_init(struct vcpu *v) +{ + memset(&v->arch.user_regs, 0, sizeof(v->arch.user_regs)); + v->arch.user_regs.eflags = X86_EFLAGS_MBS; + + memset(v->arch.debugreg, 0, sizeof(v->arch.debugreg)); + v->arch.debugreg[6] = X86_DR6_DEFAULT; + v->arch.debugreg[7] = X86_DR7_DEFAULT; +} + int vcpu_initialise(struct vcpu *v) { struct domain *d = v->domain; @@ -342,6 +353,8 @@ int vcpu_initialise(struct vcpu *v) return rc; vmce_init_vcpu(v); + + arch_vcpu_regs_init(v); } else if ( (rc = xstate_alloc_save_area(v)) != 0 ) return rc; --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -3896,11 +3896,9 @@ void hvm_vcpu_reset_state(struct vcpu *v } v->arch.vgc_flags = VGCF_online; - memset(&v->arch.user_regs, 0, sizeof(v->arch.user_regs)); - v->arch.user_regs.rflags = X86_EFLAGS_MBS; - v->arch.user_regs.rdx = 0x00000f00; + + arch_vcpu_regs_init(v); v->arch.user_regs.rip = ip; - memset(&v->arch.debugreg, 0, sizeof(v->arch.debugreg)); v->arch.hvm_vcpu.guest_cr[0] = X86_CR0_ET; hvm_update_guest_cr(v, 0); --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -633,6 +633,8 @@ static inline void free_vcpu_guest_conte vfree(vgc); } +void arch_vcpu_regs_init(struct vcpu *v); + struct vcpu_hvm_context; int arch_set_info_hvm_guest(struct vcpu *v, const struct vcpu_hvm_context *ctx); ++++++ 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch ++++++ # Commit 35cd5ba367515ffbd274ca529c5e946447f4ba48 # Date 2018-10-24 22:16:11 +0100 # Author Andrew Cooper <andrew.cooper3(a)citrix.com> # Committer Andrew Cooper <andrew.cooper3(a)citrix.com> x86/vvmx: Disallow the use of VT-x instructions when nested virt is disabled c/s ac6a4500b "vvmx: set vmxon_region_pa of vcpu out of VMX operation to an invalid address" was a real bugfix as described, but has a very subtle bug which results in all VT-x instructions being usable by a guest. The toolstack constructs a guest by issuing: XEN_DOMCTL_createdomain XEN_DOMCTL_max_vcpus and optionally later, HVMOP_set_param to enable nested virt. As a result, the call to nvmx_vcpu_initialise() in hvm_vcpu_initialise() (which is what makes the above patch look correct during review) is actually dead code. In practice, nvmx_vcpu_initialise() first gets called when nested virt is enabled, which is typically never. As a result, the zeroed memory of struct vcpu causes nvmx_vcpu_in_vmx() to return true before nested virt is enabled for the guest. Fixing the order of initialisation is a work in progress for other reasons, but not viable for security backports. A compounding factor is that the vmexit handlers for all instructions, other than VMXON, pass 0 into vmx_inst_check_privilege()'s vmxop_check parameter, which skips the CR4.VMXE check. (This is one of many reasons why nested virt isn't a supported feature yet.) However, the overall result is that when nested virt is not enabled by the toolstack (i.e. the default configuration for all production guests), the VT-x instructions (other than VMXON) are actually usable, and Xen very quickly falls over the fact that the nvmx structure is uninitialised. In order to fail safe in the supported case, re-implement all the VT-x instruction handling using a single function with a common prologue, covering all the checks which should cause #UD or #GP faults. This deliberately doesn't use any state from the nvmx structure, in case there are other lurking issues. This is XSA-278 Reported-by: Sergey Dyasli <sergey.dyasli(a)citrix.com> Signed-off-by: Andrew Cooper <andrew.cooper3(a)citrix.com> Reviewed-by: Sergey Dyasli <sergey.dyasli(a)citrix.com> --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3982,57 +3982,17 @@ void vmx_vmexit_handler(struct cpu_user_ break; case EXIT_REASON_VMXOFF: - if ( nvmx_handle_vmxoff(regs) == X86EMUL_OKAY ) - update_guest_eip(); - break; - case EXIT_REASON_VMXON: - if ( nvmx_handle_vmxon(regs) == X86EMUL_OKAY ) - update_guest_eip(); - break; - case EXIT_REASON_VMCLEAR: - if ( nvmx_handle_vmclear(regs) == X86EMUL_OKAY ) - update_guest_eip(); - break; - case EXIT_REASON_VMPTRLD: - if ( nvmx_handle_vmptrld(regs) == X86EMUL_OKAY ) - update_guest_eip(); - break; - case EXIT_REASON_VMPTRST: - if ( nvmx_handle_vmptrst(regs) == X86EMUL_OKAY ) - update_guest_eip(); - break; - case EXIT_REASON_VMREAD: - if ( nvmx_handle_vmread(regs) == X86EMUL_OKAY ) - update_guest_eip(); - break; - case EXIT_REASON_VMWRITE: - if ( nvmx_handle_vmwrite(regs) == X86EMUL_OKAY ) - update_guest_eip(); - break; - case EXIT_REASON_VMLAUNCH: - if ( nvmx_handle_vmlaunch(regs) == X86EMUL_OKAY ) - update_guest_eip(); - break; - case EXIT_REASON_VMRESUME: - if ( nvmx_handle_vmresume(regs) == X86EMUL_OKAY ) - update_guest_eip(); - break; - case EXIT_REASON_INVEPT: - if ( nvmx_handle_invept(regs) == X86EMUL_OKAY ) - update_guest_eip(); - break; - case EXIT_REASON_INVVPID: - if ( nvmx_handle_invvpid(regs) == X86EMUL_OKAY ) + if ( nvmx_handle_vmx_insn(regs, exit_reason) == X86EMUL_OKAY ) update_guest_eip(); break; --- a/xen/arch/x86/hvm/vmx/vvmx.c +++ b/xen/arch/x86/hvm/vmx/vvmx.c @@ -1470,7 +1470,7 @@ void nvmx_switch_guest(void) * VMX instructions handling */ -int nvmx_handle_vmxon(struct cpu_user_regs *regs) +static int nvmx_handle_vmxon(struct cpu_user_regs *regs) { struct vcpu *v=current; struct nestedvmx *nvmx = &vcpu_2_nvmx(v); @@ -1522,7 +1522,7 @@ int nvmx_handle_vmxon(struct cpu_user_re return X86EMUL_OKAY; } -int nvmx_handle_vmxoff(struct cpu_user_regs *regs) +static int nvmx_handle_vmxoff(struct cpu_user_regs *regs) { struct vcpu *v=current; struct nestedvmx *nvmx = &vcpu_2_nvmx(v); @@ -1611,7 +1611,7 @@ static int nvmx_vmresume(struct vcpu *v, return X86EMUL_OKAY; } -int nvmx_handle_vmresume(struct cpu_user_regs *regs) +static int nvmx_handle_vmresume(struct cpu_user_regs *regs) { bool_t launched; struct vcpu *v = current; @@ -1645,7 +1645,7 @@ int nvmx_handle_vmresume(struct cpu_user return nvmx_vmresume(v,regs); } -int nvmx_handle_vmlaunch(struct cpu_user_regs *regs) +static int nvmx_handle_vmlaunch(struct cpu_user_regs *regs) { bool_t launched; struct vcpu *v = current; @@ -1688,7 +1688,7 @@ int nvmx_handle_vmlaunch(struct cpu_user return rc; } -int nvmx_handle_vmptrld(struct cpu_user_regs *regs) +static int nvmx_handle_vmptrld(struct cpu_user_regs *regs) { struct vcpu *v = current; struct vmx_inst_decoded decode; @@ -1759,7 +1759,7 @@ out: return X86EMUL_OKAY; } -int nvmx_handle_vmptrst(struct cpu_user_regs *regs) +static int nvmx_handle_vmptrst(struct cpu_user_regs *regs) { struct vcpu *v = current; struct vmx_inst_decoded decode; @@ -1784,7 +1784,7 @@ int nvmx_handle_vmptrst(struct cpu_user_ return X86EMUL_OKAY; } -int nvmx_handle_vmclear(struct cpu_user_regs *regs) +static int nvmx_handle_vmclear(struct cpu_user_regs *regs) { struct vcpu *v = current; struct vmx_inst_decoded decode; @@ -1836,7 +1836,7 @@ int nvmx_handle_vmclear(struct cpu_user_ return X86EMUL_OKAY; } -int nvmx_handle_vmread(struct cpu_user_regs *regs) +static int nvmx_handle_vmread(struct cpu_user_regs *regs) { struct vcpu *v = current; struct vmx_inst_decoded decode; @@ -1878,7 +1878,7 @@ int nvmx_handle_vmread(struct cpu_user_r return X86EMUL_OKAY; } -int nvmx_handle_vmwrite(struct cpu_user_regs *regs) +static int nvmx_handle_vmwrite(struct cpu_user_regs *regs) { struct vcpu *v = current; struct vmx_inst_decoded decode; @@ -1926,7 +1926,7 @@ int nvmx_handle_vmwrite(struct cpu_user_ return X86EMUL_OKAY; } -int nvmx_handle_invept(struct cpu_user_regs *regs) +static int nvmx_handle_invept(struct cpu_user_regs *regs) { struct vmx_inst_decoded decode; unsigned long eptp; @@ -1954,7 +1954,7 @@ int nvmx_handle_invept(struct cpu_user_r return X86EMUL_OKAY; } -int nvmx_handle_invvpid(struct cpu_user_regs *regs) +static int nvmx_handle_invvpid(struct cpu_user_regs *regs) { struct vmx_inst_decoded decode; unsigned long vpid; @@ -1980,6 +1980,81 @@ int nvmx_handle_invvpid(struct cpu_user_ return X86EMUL_OKAY; } +int nvmx_handle_vmx_insn(struct cpu_user_regs *regs, unsigned int exit_reason) +{ + struct vcpu *curr = current; + int ret; + + if ( !(curr->arch.hvm_vcpu.guest_cr[4] & X86_CR4_VMXE) || + !nestedhvm_enabled(curr->domain) || + (vmx_guest_x86_mode(curr) < (hvm_long_mode_active(curr) ? 8 : 2)) ) + { + hvm_inject_hw_exception(TRAP_invalid_op, X86_EVENT_NO_EC); + return X86EMUL_EXCEPTION; + } + + if ( vmx_get_cpl() > 0 ) + { + hvm_inject_hw_exception(TRAP_gp_fault, 0); + return X86EMUL_EXCEPTION; + } + + switch ( exit_reason ) + { + case EXIT_REASON_VMXOFF: + ret = nvmx_handle_vmxoff(regs); + break; + + case EXIT_REASON_VMXON: + ret = nvmx_handle_vmxon(regs); + break; + + case EXIT_REASON_VMCLEAR: + ret = nvmx_handle_vmclear(regs); + break; + + case EXIT_REASON_VMPTRLD: + ret = nvmx_handle_vmptrld(regs); + break; + + case EXIT_REASON_VMPTRST: + ret = nvmx_handle_vmptrst(regs); + break; + + case EXIT_REASON_VMREAD: + ret = nvmx_handle_vmread(regs); + break; + + case EXIT_REASON_VMWRITE: + ret = nvmx_handle_vmwrite(regs); + break; + + case EXIT_REASON_VMLAUNCH: + ret = nvmx_handle_vmlaunch(regs); + break; + + case EXIT_REASON_VMRESUME: + ret = nvmx_handle_vmresume(regs); + break; + + case EXIT_REASON_INVEPT: + ret = nvmx_handle_invept(regs); + break; + + case EXIT_REASON_INVVPID: + ret = nvmx_handle_invvpid(regs); + break; + + default: + ASSERT_UNREACHABLE(); + domain_crash(curr->domain); + ret = X86EMUL_UNHANDLEABLE; + break; + } + + return ret; +} + #define __emul_value(enable1, default1) \ ((enable1 | default1) << 32 | (default1)) --- a/xen/include/asm-x86/hvm/vmx/vvmx.h +++ b/xen/include/asm-x86/hvm/vmx/vvmx.h @@ -94,9 +94,6 @@ void nvmx_domain_relinquish_resources(st bool_t nvmx_ept_enabled(struct vcpu *v); -int nvmx_handle_vmxon(struct cpu_user_regs *regs); -int nvmx_handle_vmxoff(struct cpu_user_regs *regs); - #define EPT_TRANSLATE_SUCCEED 0 #define EPT_TRANSLATE_VIOLATION 1 #define EPT_TRANSLATE_MISCONFIG 2 @@ -191,15 +188,7 @@ enum vmx_insn_errno set_vvmcs_real_safe( uint64_t get_shadow_eptp(struct vcpu *v); void nvmx_destroy_vmcs(struct vcpu *v); -int nvmx_handle_vmptrld(struct cpu_user_regs *regs); -int nvmx_handle_vmptrst(struct cpu_user_regs *regs); -int nvmx_handle_vmclear(struct cpu_user_regs *regs); -int nvmx_handle_vmread(struct cpu_user_regs *regs); -int nvmx_handle_vmwrite(struct cpu_user_regs *regs); -int nvmx_handle_vmresume(struct cpu_user_regs *regs); -int nvmx_handle_vmlaunch(struct cpu_user_regs *regs); -int nvmx_handle_invept(struct cpu_user_regs *regs); -int nvmx_handle_invvpid(struct cpu_user_regs *regs); +int nvmx_handle_vmx_insn(struct cpu_user_regs *regs, unsigned int exit_reason); int nvmx_msr_read_intercept(unsigned int msr, u64 *msr_content); ++++++ 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch ++++++ # Commit f993c3e90728705dacd834b49a6e5608c1360409 # Date 2018-10-30 13:26:21 +0000 # Author Andrew Cooper <andrew.cooper3(a)citrix.com> # Committer Andrew Cooper <andrew.cooper3(a)citrix.com> x86/pv: Fix crash when using `xl set-parameter pcid=...` "pcid=" is registered as a runtime parameter, which means that parse_pcid() must not reside in .init, or the following happens when parse_params() tries to call an unmapped function pointer. (XEN) ----[ Xen-4.12-unstable x86_64 debug=y Not tainted ]---- (XEN) CPU: 0 (XEN) RIP: e008:[<ffff82d080407fb3>] ffff82d080407fb3 (XEN) RFLAGS: 0000000000010292 CONTEXT: hypervisor (d0v1) (XEN) rax: ffff82d080407fb3 rbx: ffff82d0803cf270 rcx: 0000000000000000 (XEN) rdx: ffff8300abe67fff rsi: 000000000000000a rdi: ffff8300abe67bfd (XEN) rbp: ffff8300abe67ca8 rsp: ffff8300abe67ba0 r8: ffff83084d980000 (XEN) r9: 0000000000000000 r10: 0000000000000000 r11: 0000000000000000 (XEN) r12: ffff8300abe67bfd r13: ffff82d0803cb628 r14: 0000000000000000 (XEN) r15: ffff8300abe67bf8 cr0: 0000000080050033 cr4: 0000000000172660 (XEN) cr3: 0000000828efd000 cr2: ffff82d080407fb3 (XEN) fsb: 00007fb810d4b780 gsb: ffff88007ce20000 gss: 0000000000000000 (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: e010 cs: e008 (XEN) Xen code around <ffff82d080407fb3> (ffff82d080407fb3) [fault on access]: (XEN) -- -- -- -- -- -- -- -- <--> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- (XEN) Xen stack trace from rsp=ffff8300abe67ba0: (XEN) ffff82d080217f61 ffff830826db0f09 ffff8300abe67bf8 ffff82d0803cf1e0 (XEN) 00007cff54198409 ffff8300abe67bf0 010001d000000000 0000000000000000 (XEN) ffff82d0803cf288 ffff8300abe67c88 ffff82d0805a09c0 616c620064696370 (XEN) 00000000aaaa0068 0000000000000296 ffff82d08023d60e aaaaaaaaaaaaaaaa (XEN) ffff83084d9b4000 ffff8300abe67c68 ffff82d08024940e ffff83083736e000 (XEN) 0000000000000080 000000000000007a 000000000000000a ffff82d08045e61c (XEN) ffff82d080573d80 ffff8300abe67cb8 ffff82d080249805 80000007fce54067 (XEN) fffffffffffffff2 ffff830826db0f00 ffff8300abfa7000 ffff82d08045e61c (XEN) ffff82d080573d80 ffff8300abe67cb8 ffff82d08021801e ffff8300abe67e48 (XEN) ffff82d08023f60a ffff83083736e000 0000000000000000 ffff8300abe67d58 (XEN) ffff82d080293d90 0000000000000092 ffff82d08023d60e ffff820040006ae0 (XEN) 0000000000000000 0000000000000000 00007fb810d5c010 ffff83083736e248 (XEN) 0000000000000286 ffff8300abe67d58 0000000000000000 ffff82e010521b00 (XEN) 0000000000000206 0000000000000000 0000000000000000 ffff8300abe67e48 (XEN) ffff82d080295270 00000000ffffffff ffff83083736e000 ffff8300abe67e48 (XEN) ffff820040006ae0 ffff8300abe67d98 000000120000001c 00007fb810d5d010 (XEN) 0000000000000009 0000000000000002 0000000000000001 00007fb810b53260 (XEN) 0000000000000001 0000000000000000 0000000000638bc0 00007fb81066a748 (XEN) 00007ffe11087881 0000000000000002 0000000000000001 00007fb810b53260 (XEN) 0000000000638b60 0000000000000000 00007fb8100322a0 ffff82d08035d444 (XEN) Xen call trace: (XEN) [<ffff82d080217f61>] kernel.c#parse_params+0x34a/0x3eb (XEN) [<ffff82d08021801e>] runtime_parse+0x1c/0x1e (XEN) [<ffff82d08023f60a>] do_sysctl+0x108d/0x1241 (XEN) [<ffff82d0803535cb>] pv_hypercall+0x1ac/0x4c5 (XEN) [<ffff82d08035d4a2>] lstar_enter+0x112/0x120 (XEN) (XEN) Pagetable walk from ffff82d080407fb3: (XEN) L4[0x105] = 00000000abe5c063 ffffffffffffffff (XEN) L3[0x142] = 00000000abe59063 ffffffffffffffff (XEN) L2[0x002] = 000000084d9bf063 ffffffffffffffff (XEN) L1[0x007] = 0000000000000000 ffffffffffffffff (XEN) (XEN) **************************************** (XEN) Panic on CPU 0: (XEN) FATAL PAGE FAULT (XEN) [error_code=0010] (XEN) Faulting linear address: ffff82d080407fb3 (XEN) **************************************** Signed-off-by: Andrew Cooper <andrew.cooper3(a)citrix.com> Reviewed-by: Jan Beulich <jbeulich(a)suse.com> --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -22,7 +22,7 @@ static __read_mostly enum { PCID_NOXPTI } opt_pcid = PCID_XPTI; -static __init int parse_pcid(const char *s) +static int parse_pcid(const char *s) { int rc = 0; ++++++ 5bdc31d5-VMX-fix-vmx_handle_eoi.patch ++++++ References: bsc#1108940 # Commit 45cb9a4123b5550eb1f84846fe5482acae1c13a3 # Date 2018-11-02 12:15:33 +0100 # Author Jan Beulich <jbeulich(a)suse.com> # Committer Jan Beulich <jbeulich(a)suse.com> VMX: fix vmx_handle_eoi() In commit 303066fdb1e ("VMX: fix interaction of APIC-V and Viridian emulation") I screwed up: Instead of clearing SVI, other ISR bits should be taken into account. Introduce a new helper set_svi(), split out of vmx_process_isr(), and use it also from vmx_handle_eoi(). Following the problems in vmx_intr_assist() (see the still present big block of debugging code there) also warn (once) if EOI'd vector and original SVI don't match. Signed-off-by: Jan Beulich <jbeulich(a)suse.com> Reviewed-by: Chao Gao <chao.gao(a)intel.com> Acked-by: Kevin Tian <kevin.tian(a)intel.com> Acked-by: Andrew Cooper <andrew.cooper3(a)citrix.com> --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -448,7 +448,7 @@ void vlapic_EOI_set(struct vlapic *vlapi vlapic_clear_vector(vector, &vlapic->regs->data[APIC_ISR]); if ( hvm_funcs.handle_eoi ) - hvm_funcs.handle_eoi(vector); + hvm_funcs.handle_eoi(vector, vlapic_find_highest_isr(vlapic)); vlapic_handle_EOI(vlapic, vector); --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -1915,17 +1915,14 @@ static int vmx_virtual_intr_delivery_ena return cpu_has_vmx_virtual_intr_delivery; } -static void vmx_process_isr(int isr, struct vcpu *v) +static u8 set_svi(int isr) { unsigned long status; u8 old; - unsigned int i; - const struct vlapic *vlapic = vcpu_vlapic(v); if ( isr < 0 ) isr = 0; - vmx_vmcs_enter(v); __vmread(GUEST_INTR_STATUS, &status); old = status >> VMX_GUEST_INTR_STATUS_SVI_OFFSET; if ( isr != old ) @@ -1935,6 +1932,18 @@ static void vmx_process_isr(int isr, str __vmwrite(GUEST_INTR_STATUS, status); } + return old; +} + +static void vmx_process_isr(int isr, struct vcpu *v) +{ + unsigned int i; + const struct vlapic *vlapic = vcpu_vlapic(v); + + vmx_vmcs_enter(v); + + set_svi(isr); + /* * Theoretically, only level triggered interrupts can have their * corresponding bits set in the eoi exit bitmap. That is, the bits @@ -2085,14 +2094,13 @@ static bool vmx_test_pir(const struct vc return pi_test_pir(vec, &v->arch.hvm_vmx.pi_desc); } -static void vmx_handle_eoi(u8 vector) +static void vmx_handle_eoi(uint8_t vector, int isr) { - unsigned long status; + uint8_t old_svi = set_svi(isr); + static bool warned; - /* We need to clear the SVI field. */ - __vmread(GUEST_INTR_STATUS, &status); - status &= VMX_GUEST_INTR_STATUS_SUBFIELD_BITMASK; - __vmwrite(GUEST_INTR_STATUS, status); + if ( vector != old_svi && !test_and_set_bool(warned) ) + printk(XENLOG_WARNING "EOI for %02x but SVI=%02x\n", vector, old_svi); } static void vmx_enable_msr_interception(struct domain *d, uint32_t msr) --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -200,7 +200,7 @@ struct hvm_function_table { void (*deliver_posted_intr)(struct vcpu *v, u8 vector); void (*sync_pir_to_irr)(struct vcpu *v); bool (*test_pir)(const struct vcpu *v, uint8_t vector); - void (*handle_eoi)(u8 vector); + void (*handle_eoi)(uint8_t vector, int isr); /*Walk nested p2m */ int (*nhvm_hap_walk_L1_p2m)(struct vcpu *v, paddr_t L2_gpa, ++++++ 5be2a308-x86-extend-get_platform_badpages.patch ++++++ # Commit 8617e69fb8307b372eeff41d55ec966dbeba36eb # Date 2018-11-07 09:32:08 +0100 # Author Jan Beulich <jbeulich(a)suse.com> # Committer Jan Beulich <jbeulich(a)suse.com> x86: extend get_platform_badpages() interface Use a structure so along with an address (now frame number) an order can also be specified. This is part of XSA-282. Signed-off-by: Jan Beulich <jbeulich(a)suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3(a)citrix.com> --- a/xen/arch/x86/guest/xen.c +++ b/xen/arch/x86/guest/xen.c @@ -40,7 +40,7 @@ bool __read_mostly xen_guest; static __read_mostly uint32_t xen_cpuid_base; extern char hypercall_page[]; static struct rangeset *mem; -static unsigned long __initdata reserved_pages[2]; +static struct platform_bad_page __initdata reserved_pages[2]; DEFINE_PER_CPU(unsigned int, vcpu_id); @@ -326,7 +326,7 @@ void __init hypervisor_fixup_e820(struct panic("Unable to get " #p); \ mark_pfn_as_ram(e820, pfn); \ ASSERT(i < ARRAY_SIZE(reserved_pages)); \ - reserved_pages[i++] = pfn << PAGE_SHIFT; \ + reserved_pages[i++].mfn = pfn; \ }) MARK_PARAM_RAM(HVM_PARAM_STORE_PFN); if ( !pv_console ) @@ -334,7 +334,7 @@ void __init hypervisor_fixup_e820(struct #undef MARK_PARAM_RAM } -const unsigned long *__init hypervisor_reserved_pages(unsigned int *size) +const struct platform_bad_page *__init hypervisor_reserved_pages(unsigned int *size) { ASSERT(xen_guest); --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -5769,23 +5769,23 @@ void arch_dump_shared_mem_info(void) mem_sharing_get_nr_saved_mfns()); } -const unsigned long *__init get_platform_badpages(unsigned int *array_size) +const struct platform_bad_page *__init get_platform_badpages(unsigned int *array_size) { u32 igd_id; - static unsigned long __initdata bad_pages[] = { - 0x20050000, - 0x20110000, - 0x20130000, - 0x20138000, - 0x40004000, + static const struct platform_bad_page __initconst snb_bad_pages[] = { + { .mfn = 0x20050000 >> PAGE_SHIFT }, + { .mfn = 0x20110000 >> PAGE_SHIFT }, + { .mfn = 0x20130000 >> PAGE_SHIFT }, + { .mfn = 0x20138000 >> PAGE_SHIFT }, + { .mfn = 0x40004000 >> PAGE_SHIFT }, }; - *array_size = ARRAY_SIZE(bad_pages); + *array_size = ARRAY_SIZE(snb_bad_pages); igd_id = pci_conf_read32(0, 0, 2, 0, 0); - if ( !IS_SNB_GFX(igd_id) ) - return NULL; + if ( IS_SNB_GFX(igd_id) ) + return snb_bad_pages; - return bad_pages; + return NULL; } void paging_invlpg(struct vcpu *v, unsigned long va) --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -270,7 +270,7 @@ void __init init_boot_pages(paddr_t ps, unsigned long bad_spfn, bad_epfn; const char *p; #ifdef CONFIG_X86 - const unsigned long *badpage = NULL; + const struct platform_bad_page *badpage; unsigned int i, array_size; BUILD_BUG_ON(8 * sizeof(frame_table->u.free.first_dirty) < @@ -299,8 +299,8 @@ void __init init_boot_pages(paddr_t ps, { for ( i = 0; i < array_size; i++ ) { - bootmem_region_zap(*badpage >> PAGE_SHIFT, - (*badpage >> PAGE_SHIFT) + 1); + bootmem_region_zap(badpage->mfn, + badpage->mfn + (1U << badpage->order)); badpage++; } } @@ -312,8 +312,8 @@ void __init init_boot_pages(paddr_t ps, { for ( i = 0; i < array_size; i++ ) { - bootmem_region_zap(*badpage >> PAGE_SHIFT, - (*badpage >> PAGE_SHIFT) + 1); + bootmem_region_zap(badpage->mfn, + badpage->mfn + (1U << badpage->order)); badpage++; } } --- a/xen/include/asm-x86/guest/xen.h +++ b/xen/include/asm-x86/guest/xen.h @@ -37,7 +37,7 @@ void hypervisor_ap_setup(void); int hypervisor_alloc_unused_page(mfn_t *mfn); int hypervisor_free_unused_page(mfn_t mfn); void hypervisor_fixup_e820(struct e820map *e820); -const unsigned long *hypervisor_reserved_pages(unsigned int *size); +const struct platform_bad_page *hypervisor_reserved_pages(unsigned int *size); uint32_t hypervisor_cpuid_base(void); void hypervisor_resume(void); @@ -65,7 +65,7 @@ static inline void hypervisor_fixup_e820 ASSERT_UNREACHABLE(); } -static inline const unsigned long *hypervisor_reserved_pages(unsigned int *size) +static inline const struct platform_bad_page *hypervisor_reserved_pages(unsigned int *size) { ASSERT_UNREACHABLE(); return NULL; --- a/xen/include/asm-x86/mm.h +++ b/xen/include/asm-x86/mm.h @@ -341,7 +341,13 @@ void zap_ro_mpt(mfn_t mfn); bool is_iomem_page(mfn_t mfn); -const unsigned long *get_platform_badpages(unsigned int *array_size); +struct platform_bad_page { + unsigned long mfn; + unsigned int order; +}; + +const struct platform_bad_page *get_platform_badpages(unsigned int *array_size); + /* Per page locks: * page_lock() is used for two purposes: pte serialization, and memory sharing. * ++++++ 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch ++++++ # Commit cc76410d20aff2cc07b268b0713dc1d2740c6e12 # Date 2018-11-07 09:33:24 +0100 # Author Jan Beulich <jbeulich(a)suse.com> # Committer Jan Beulich <jbeulich(a)suse.com> x86: work around HLE host lockup erratum XACQUIRE prefixed accesses to the 4Mb range of memory starting at 1Gb are liable to lock up the processor. Disallow use of this memory range. Unfortunately the available Core Gen7 and Gen8 spec updates are pretty old, so I can only guess that they're similarly affected when Core Gen6 is and the Xeon counterparts are, too. This is part of XSA-282. Signed-off-by: Jan Beulich <jbeulich(a)suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3(a)citrix.com> --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -5779,6 +5779,22 @@ const struct platform_bad_page *__init g { .mfn = 0x20138000 >> PAGE_SHIFT }, { .mfn = 0x40004000 >> PAGE_SHIFT }, }; + static const struct platform_bad_page __initconst hle_bad_page = { + .mfn = 0x40000000 >> PAGE_SHIFT, .order = 10 + }; + + switch ( cpuid_eax(1) & 0x000f3ff0 ) + { + case 0x000406e0: /* erratum SKL167 */ + case 0x00050650: /* erratum SKZ63 */ + case 0x000506e0: /* errata SKL167 / SKW159 */ + case 0x000806e0: /* erratum KBL??? */ + case 0x000906e0: /* errata KBL??? / KBW114 / CFW103 */ + *array_size = (cpuid_eax(0) >= 7 && + !(cpuid_ecx(1) & cpufeat_mask(X86_FEATURE_HYPERVISOR)) && + (cpuid_count_ebx(7, 0) & cpufeat_mask(X86_FEATURE_HLE))); + return &hle_bad_page; + } *array_size = ARRAY_SIZE(snb_bad_pages); igd_id = pci_conf_read32(0, 0, 2, 0, 0); ++++++ reproducible.patch ++++++ --- /var/tmp/diff_new_pack.1BrBU4/_old 2018-12-03 10:04:32.276031629 +0100 +++ /var/tmp/diff_new_pack.1BrBU4/_new 2018-12-03 10:04:32.276031629 +0100 @@ -11,10 +11,10 @@ Signed-off-by: Bernhard M. Wiedemann <bwiedemann(a)suse.de> -diff --git a/Config.mk b/Config.mk -index 9b13e75a3e..46b064bcae 100644 ---- a/Config.mk -+++ b/Config.mk +Index: xen-4.11.0-testing/Config.mk +=================================================================== +--- xen-4.11.0-testing.orig/Config.mk ++++ xen-4.11.0-testing/Config.mk @@ -151,6 +151,14 @@ export XEN_HAS_BUILD_ID=y build_id_linker := --build-id=sha1 endif @@ -30,11 +30,11 @@ ifndef XEN_HAS_CHECKPOLICY CHECKPOLICY ?= checkpolicy XEN_HAS_CHECKPOLICY := $(shell $(CHECKPOLICY) -h 2>&1 | grep -q xen && echo y || echo n) -diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile -index 162b0b94c0..866125a8ac 100644 ---- a/xen/arch/x86/Makefile -+++ b/xen/arch/x86/Makefile -@@ -158,6 +158,7 @@ note.o: $(TARGET)-syms +Index: xen-4.11.0-testing/xen/arch/x86/Makefile +=================================================================== +--- xen-4.11.0-testing.orig/xen/arch/x86/Makefile ++++ xen-4.11.0-testing/xen/arch/x86/Makefile +@@ -157,6 +157,7 @@ note.o: $(TARGET)-syms EFI_LDFLAGS = $(patsubst -m%,-mi386pep,$(LDFLAGS)) --subsystem=10 EFI_LDFLAGS += --image-base=$(1) --stack=0,0 --heap=0,0 --strip-debug ++++++ tmp_build.patch ++++++ --- /var/tmp/diff_new_pack.1BrBU4/_old 2018-12-03 10:04:32.312031596 +0100 +++ /var/tmp/diff_new_pack.1BrBU4/_new 2018-12-03 10:04:32.312031596 +0100 @@ -22,7 +22,7 @@ xenstore: xenstore_client.o $(LIBXENSTORE) $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS) -+ $(CC) $< $(CFLAGS) $(LDFLAGS) -Wl,--build-id=sha1 -L. -lxenstore $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o domu-$@ ++ $(CC) $< $(CFLAGS) $(LDFLAGS) -Wl,--build-id=uuid -L. -lxenstore $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o domu-$@ xenstore-control: xenstore_control.o $(LIBXENSTORE) $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS) ++++++ xsa275-1.patch ++++++ amd/iommu: fix flush checks Flush checking for AMD IOMMU didn't check whether the previous entry was present, or whether the flags (writable/readable) changed in order to decide whether a flush should be executed. Fix this by taking the writable/readable/next-level fields into account, together with the present bit. Along these lines the flushing in amd_iommu_map_page() must not be omitted for PV domains. The comment there was simply wrong: Mappings may very well change, both their addresses and their permissions. Ultimately this should honor iommu_dont_flush_iotlb, but to achieve this amd_iommu_ops first needs to gain an .iotlb_flush hook. Also make clear_iommu_pte_present() static, to demonstrate there's no caller omitting the (subsequent) flush. This is part of XSA-275. Signed-off-by: Roger Pau Monné <roger.pau(a)citrix.com> Signed-off-by: Jan Beulich <jbeulich(a)suse.com> --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -35,7 +35,7 @@ static unsigned int pfn_to_pde_idx(unsig return idx; } -void clear_iommu_pte_present(unsigned long l1_mfn, unsigned long gfn) +static void clear_iommu_pte_present(unsigned long l1_mfn, unsigned long gfn) { u64 *table, *pte; @@ -49,23 +49,42 @@ static bool_t set_iommu_pde_present(u32 unsigned int next_level, bool_t iw, bool_t ir) { - u64 addr_lo, addr_hi, maddr_old, maddr_next; + uint64_t addr_lo, addr_hi, maddr_next; u32 entry; - bool_t need_flush = 0; + bool need_flush = false, old_present; maddr_next = (u64)next_mfn << PAGE_SHIFT; - addr_hi = get_field_from_reg_u32(pde[1], - IOMMU_PTE_ADDR_HIGH_MASK, - IOMMU_PTE_ADDR_HIGH_SHIFT); - addr_lo = get_field_from_reg_u32(pde[0], - IOMMU_PTE_ADDR_LOW_MASK, - IOMMU_PTE_ADDR_LOW_SHIFT); - - maddr_old = (addr_hi << 32) | (addr_lo << PAGE_SHIFT); - - if ( maddr_old != maddr_next ) - need_flush = 1; + old_present = get_field_from_reg_u32(pde[0], IOMMU_PTE_PRESENT_MASK, + IOMMU_PTE_PRESENT_SHIFT); + if ( old_present ) + { + bool old_r, old_w; + unsigned int old_level; + uint64_t maddr_old; + + addr_hi = get_field_from_reg_u32(pde[1], + IOMMU_PTE_ADDR_HIGH_MASK, + IOMMU_PTE_ADDR_HIGH_SHIFT); + addr_lo = get_field_from_reg_u32(pde[0], + IOMMU_PTE_ADDR_LOW_MASK, + IOMMU_PTE_ADDR_LOW_SHIFT); + old_level = get_field_from_reg_u32(pde[0], + IOMMU_PDE_NEXT_LEVEL_MASK, + IOMMU_PDE_NEXT_LEVEL_SHIFT); + old_w = get_field_from_reg_u32(pde[1], + IOMMU_PTE_IO_WRITE_PERMISSION_MASK, + IOMMU_PTE_IO_WRITE_PERMISSION_SHIFT); + old_r = get_field_from_reg_u32(pde[1], + IOMMU_PTE_IO_READ_PERMISSION_MASK, + IOMMU_PTE_IO_READ_PERMISSION_SHIFT); + + maddr_old = (addr_hi << 32) | (addr_lo << PAGE_SHIFT); + + if ( maddr_old != maddr_next || iw != old_w || ir != old_r || + old_level != next_level ) + need_flush = true; + } addr_lo = maddr_next & DMA_32BIT_MASK; addr_hi = maddr_next >> 32; @@ -687,10 +706,7 @@ int amd_iommu_map_page(struct domain *d, if ( !need_flush ) goto out; - /* 4K mapping for PV guests never changes, - * no need to flush if we trust non-present bits */ - if ( is_hvm_domain(d) ) - amd_iommu_flush_pages(d, gfn, 0); + amd_iommu_flush_pages(d, gfn, 0); for ( merge_level = IOMMU_PAGING_MODE_LEVEL_2; merge_level <= hd->arch.paging_mode; merge_level++ ) ++++++ xsa275-2.patch ++++++ AMD/IOMMU: suppress PTE merging after initial table creation The logic is not fit for this purpose, so simply disable its use until it can be fixed / replaced. Note that this re-enables merging for the table creation case, which was disabled as a (perhaps unintended) side effect of the earlier "amd/iommu: fix flush checks". It relies on no page getting mapped more than once (with different properties) in this process, as that would still be beyond what the merging logic can cope with. But arch_iommu_populate_page_table() guarantees this afaict. This is part of XSA-275. Signed-off-by: Jan Beulich <jbeulich(a)suse.com> --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -702,11 +702,24 @@ int amd_iommu_map_page(struct domain *d, !!(flags & IOMMUF_writable), !!(flags & IOMMUF_readable)); - /* Do not increase pde count if io mapping has not been changed */ - if ( !need_flush ) - goto out; + if ( need_flush ) + { + amd_iommu_flush_pages(d, gfn, 0); + /* No further merging, as the logic doesn't cope. */ + hd->arch.no_merge = true; + } - amd_iommu_flush_pages(d, gfn, 0); + /* + * Suppress merging of non-R/W mappings or after initial table creation, + * as the merge logic does not cope with this. + */ + if ( hd->arch.no_merge || flags != (IOMMUF_writable | IOMMUF_readable) ) + goto out; + if ( d->creation_finished ) + { + hd->arch.no_merge = true; + goto out; + } for ( merge_level = IOMMU_PAGING_MODE_LEVEL_2; merge_level <= hd->arch.paging_mode; merge_level++ ) @@ -780,6 +793,10 @@ int amd_iommu_unmap_page(struct domain * /* mark PTE as 'page not present' */ clear_iommu_pte_present(pt_mfn[1], gfn); + + /* No further merging in amd_iommu_map_page(), as the logic doesn't cope. */ + hd->arch.no_merge = true; + spin_unlock(&hd->arch.mapping_lock); amd_iommu_flush_pages(d, gfn, 0); --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -40,6 +40,7 @@ struct arch_iommu /* amd iommu support */ int paging_mode; + bool no_merge; struct page_info *root_table; struct guest_iommu *g_iommu; }; ++++++ xsa276-1.patch ++++++ x86/hvm/ioreq: fix page referencing The code does not take a page reference in hvm_alloc_ioreq_mfn(), only a type reference. This can lead to a situation where a malicious domain with XSM_DM_PRIV can engineer a sequence as follows: - create IOREQ server: no pages as yet. - acquire resource: page allocated, total 0. - decrease reservation: -1 ref, total -1. This will cause Xen to hit a BUG_ON() in free_domheap_pages(). This patch fixes the issue by changing the call to get_page_type() in hvm_alloc_ioreq_mfn() to a call to get_page_and_type(). This change in turn requires an extra put_page() in hvm_free_ioreq_mfn() in the case that _PGC_allocated is still set (i.e. a decrease reservation has not occurred) to avoid the page being leaked. This is part of XSA-276. Signed-off-by: Paul Durrant <paul.durrant(a)citrix.com> Signed-off-by: Jan Beulich <jbeulich(a)suse.com> --- a/xen/arch/x86/hvm/ioreq.c +++ b/xen/arch/x86/hvm/ioreq.c @@ -327,6 +327,7 @@ static int hvm_map_ioreq_gfn(struct hvm_ static int hvm_alloc_ioreq_mfn(struct hvm_ioreq_server *s, bool buf) { struct hvm_ioreq_page *iorp = buf ? &s->bufioreq : &s->ioreq; + struct page_info *page; if ( iorp->page ) { @@ -349,27 +350,33 @@ static int hvm_alloc_ioreq_mfn(struct hv * could fail if the emulating domain has already reached its * maximum allocation. */ - iorp->page = alloc_domheap_page(s->emulator, MEMF_no_refcount); + page = alloc_domheap_page(s->emulator, MEMF_no_refcount); - if ( !iorp->page ) + if ( !page ) return -ENOMEM; - if ( !get_page_type(iorp->page, PGT_writable_page) ) - goto fail1; + if ( !get_page_and_type(page, s->emulator, PGT_writable_page) ) + { + /* + * The domain can't possibly know about this page yet, so failure + * here is a clear indication of something fishy going on. + */ + domain_crash(s->emulator); + return -ENODATA; + } - iorp->va = __map_domain_page_global(iorp->page); + iorp->va = __map_domain_page_global(page); if ( !iorp->va ) - goto fail2; + goto fail; + iorp->page = page; clear_page(iorp->va); return 0; - fail2: - put_page_type(iorp->page); - - fail1: - put_page(iorp->page); - iorp->page = NULL; + fail: + if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) + put_page(page); + put_page_and_type(page); return -ENOMEM; } @@ -377,15 +384,24 @@ static int hvm_alloc_ioreq_mfn(struct hv static void hvm_free_ioreq_mfn(struct hvm_ioreq_server *s, bool buf) { struct hvm_ioreq_page *iorp = buf ? &s->bufioreq : &s->ioreq; + struct page_info *page = iorp->page; - if ( !iorp->page ) + if ( !page ) return; + iorp->page = NULL; + unmap_domain_page_global(iorp->va); iorp->va = NULL; - put_page_and_type(iorp->page); - iorp->page = NULL; + /* + * Check whether we need to clear the allocation reference before + * dropping the explicit references taken by get_page_and_type(). + */ + if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) + put_page(page); + + put_page_and_type(page); } bool is_ioreq_server_page(struct domain *d, const struct page_info *page) ++++++ xsa276-2.patch ++++++ x86/hvm/ioreq: use ref-counted target-assigned shared Passing MEMF_no_refcount to alloc_domheap_pages() will allocate, as expected, a page that is assigned to the specified domain but is not accounted for in tot_pages. Unfortunately there is no logic for tracking such allocations and avoiding any adjustment to tot_pages when the page is freed. The only caller of alloc_domheap_pages() that passes MEMF_no_refcount is hvm_alloc_ioreq_mfn() so this patch removes use of the flag from that call-site to avoid the possibility of a domain using an ioreq server as a means to adjust its tot_pages and hence allocate more memory than it should be able to. However, the reason for using the flag in the first place was to avoid the allocation failing if the emulator domain is already at its maximum memory limit. Hence this patch switches to allocating memory from the target domain instead of the emulator domain. There is already an extra memory allowance of 2MB (LIBXL_HVM_EXTRA_MEMORY) applied to HVM guests, which is sufficient to cover the pages required by the supported configuration of a single IOREQ server for QEMU. (Stub-domains do not, so far, use resource mapping). It also also the case the QEMU will have mapped the IOREQ server pages before the guest boots, hence it is not possible for the guest to inflate its balloon to consume these pages. Signed-off-by: Paul Durrant <paul.durrant(a)citrix.com> --- a/xen/arch/x86/hvm/ioreq.c +++ b/xen/arch/x86/hvm/ioreq.c @@ -342,20 +342,12 @@ static int hvm_alloc_ioreq_mfn(struct hv return 0; } - /* - * Allocated IOREQ server pages are assigned to the emulating - * domain, not the target domain. This is safe because the emulating - * domain cannot be destroyed until the ioreq server is destroyed. - * Also we must use MEMF_no_refcount otherwise page allocation - * could fail if the emulating domain has already reached its - * maximum allocation. - */ - page = alloc_domheap_page(s->emulator, MEMF_no_refcount); + page = alloc_domheap_page(s->target, 0); if ( !page ) return -ENOMEM; - if ( !get_page_and_type(page, s->emulator, PGT_writable_page) ) + if ( !get_page_and_type(page, s->target, PGT_writable_page) ) { /* * The domain can't possibly know about this page yet, so failure --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4396,12 +4396,6 @@ int arch_acquire_resource(struct domain mfn_list[i] = mfn_x(mfn); } - - /* - * The frames will have been assigned to the domain that created - * the ioreq server. - */ - *flags |= XENMEM_rsrc_acq_caller_owned; break; } ++++++ xsa277.patch ++++++ x86/mm: Put the gfn on all paths after get_gfn_query() get_gfn_query() internally takes the p2m lock, and must be matched with a put_gfn() call later. This is XSA-277. Signed-off-by: Andrew Cooper <andrew.cooper3(a)citrix.com> Reviewed-by: Jan Beulich <jbeulich(a)suse.com> --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -696,7 +696,7 @@ int arch_domain_soft_reset(struct domain printk(XENLOG_G_ERR "Failed to get Dom%d's shared_info GFN (%lx)\n", d->domain_id, gfn); ret = -EINVAL; - goto exit_put_page; + goto exit_put_gfn; } new_page = alloc_domheap_page(d, 0); --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -303,7 +303,11 @@ int guest_remove_page(struct domain *d, #ifdef CONFIG_X86 mfn = get_gfn_query(d, gmfn, &p2mt); if ( unlikely(p2mt == p2m_invalid) || unlikely(p2mt == p2m_mmio_dm) ) + { + put_gfn(d, gmfn); + return -ENOENT; + } if ( unlikely(p2m_is_paging(p2mt)) ) { --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -432,10 +432,7 @@ static inline mfn_t __nonnull(3) get_gfn return get_gfn_type_access(p2m_get_hostp2m(d), gfn, t, &a, q, NULL); } -/* Syntactic sugar: most callers will use one of these. - * N.B. get_gfn_query() is the _only_ one guaranteed not to take the - * p2m lock; none of the others can be called with the p2m or paging - * lock held. */ +/* Syntactic sugar: most callers will use one of these. */ #define get_gfn(d, g, t) get_gfn_type((d), (g), (t), P2M_ALLOC) #define get_gfn_query(d, g, t) get_gfn_type((d), (g), (t), 0) #define get_gfn_unshare(d, g, t) get_gfn_type((d), (g), (t), \ ++++++ xsa279.patch ++++++ x86/mm: Don't perform flush after failing to update a guests L1e If the L1e update hasn't occured, the flush cannot do anything useful. This skips the potentially expensive vcpumask_to_pcpumask() conversion, and broadcast TLB shootdown. More importantly however, we might be in the error path due to a bad va parameter from the guest, and this should not propagate into the TLB flushing logic. The INVPCID instruction for example raises #GP for a non-canonical address. This is XSA-279. Signed-off-by: Andrew Cooper <andrew.cooper3(a)citrix.com> Reviewed-by: Jan Beulich <jbeulich(a)suse.com> --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4089,6 +4089,14 @@ static int __do_update_va_mapping( if ( pl1e ) unmap_domain_page(pl1e); + /* + * Any error at this point means that we haven't change the l1e. Skip the + * flush, as it won't do anything useful. Furthermore, va is guest + * controlled and not necesserily audited by this point. + */ + if ( rc ) + return rc; + switch ( flags & UVMF_FLUSHTYPE_MASK ) { case UVMF_TLB_FLUSH: ++++++ xsa280-1.patch ++++++ x86/shadow: move OOS flag bit positions In preparation of reducing struct page_info's shadow_flags field to 16 bits, lower the bit positions used for SHF_out_of_sync and SHF_oos_may_write. Instead of also adjusting the open coded use in _get_page_type(), introduce shadow_prepare_page_type_change() to contain knowledge of the bit positions to shadow code. This is part of XSA-280. Signed-off-by: Jan Beulich <jbeulich(a)suse.com> Reviewed-by: Tim Deegan <tim(a)xen.org> --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -2654,17 +2654,8 @@ static int _get_page_type(struct page_in { struct domain *d = page_get_owner(page); - /* - * Normally we should never let a page go from type count 0 - * to type count 1 when it is shadowed. One exception: - * out-of-sync shadowed pages are allowed to become - * writeable. - */ - if ( d && shadow_mode_enabled(d) - && (page->count_info & PGC_page_table) - && !((page->shadow_flags & (1u<<29)) - && type == PGT_writable_page) ) - shadow_remove_all_shadows(d, page_to_mfn(page)); + if ( d && shadow_mode_enabled(d) ) + shadow_prepare_page_type_change(d, page, type); ASSERT(!(x & PGT_pae_xen_l2)); if ( (x & PGT_type_mask) != type ) --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -990,6 +990,9 @@ int sh_unsync(struct vcpu *v, mfn_t gmfn || !v->domain->arch.paging.shadow.oos_active ) return 0; + BUILD_BUG_ON(!(typeof(pg->shadow_flags))SHF_out_of_sync); + BUILD_BUG_ON(!(typeof(pg->shadow_flags))SHF_oos_may_write); + pg->shadow_flags |= SHF_out_of_sync|SHF_oos_may_write; oos_hash_add(v, gmfn); perfc_incr(shadow_unsync); @@ -2930,6 +2933,26 @@ void sh_remove_shadows(struct domain *d, paging_unlock(d); } +void shadow_prepare_page_type_change(struct domain *d, struct page_info *page, + unsigned long new_type) +{ + if ( !(page->count_info & PGC_page_table) ) + return; + +#if (SHADOW_OPTIMIZATIONS & SHOPT_OUT_OF_SYNC) + /* + * Normally we should never let a page go from type count 0 to type + * count 1 when it is shadowed. One exception: out-of-sync shadowed + * pages are allowed to become writeable. + */ + if ( (page->shadow_flags & SHF_oos_may_write) && + new_type == PGT_writable_page ) + return; +#endif + + shadow_remove_all_shadows(d, page_to_mfn(page)); +} + static void sh_remove_all_shadows_and_parents(struct domain *d, mfn_t gmfn) /* Even harsher: this is a HVM page that we thing is no longer a pagetable. --- a/xen/arch/x86/mm/shadow/private.h +++ b/xen/arch/x86/mm/shadow/private.h @@ -287,8 +287,8 @@ static inline void sh_terminate_list(str * codepath is called during that time and is sensitive to oos issues, it may * need to use the second flag. */ -#define SHF_out_of_sync (1u<<30) -#define SHF_oos_may_write (1u<<29) +#define SHF_out_of_sync (1u << (SH_type_max_shadow + 1)) +#define SHF_oos_may_write (1u << (SH_type_max_shadow + 2)) #endif /* (SHADOW_OPTIMIZATIONS & SHOPT_OUT_OF_SYNC) */ --- a/xen/include/asm-x86/shadow.h +++ b/xen/include/asm-x86/shadow.h @@ -81,6 +81,10 @@ void shadow_final_teardown(struct domain void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all); +/* Adjust shadows ready for a guest page to change its type. */ +void shadow_prepare_page_type_change(struct domain *d, struct page_info *page, + unsigned long new_type); + /* Discard _all_ mappings from the domain's shadows. */ void shadow_blow_tables_per_domain(struct domain *d); @@ -105,6 +109,10 @@ int shadow_set_allocation(struct domain static inline void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all) {} +static inline void shadow_prepare_page_type_change(struct domain *d, + struct page_info *page, + unsigned long new_type) {} + static inline void shadow_blow_tables_per_domain(struct domain *d) {} static inline int shadow_domctl(struct domain *d, ++++++ xsa280-2.patch ++++++ x86/shadow: shrink struct page_info's shadow_flags to 16 bits This is to avoid it overlapping the linear_pt_count field needed for PV domains. Introduce a separate, HVM-only pagetable_dying field to replace the sole one left in the upper 16 bits. Note that the accesses to ->shadow_flags in shadow_{pro,de}mote() get switched to non-atomic, non-bitops operations, as {test,set,clear}_bit() are not allowed on uint16_t fields and hence their use would have required ugly casts. This is fine because all updates of the field ought to occur with the paging lock held, and other updates of it use |= and &= as well (i.e. using atomic operations here didn't really guard against potentially racing updates elsewhere). This is part of XSA-280. Signed-off-by: Jan Beulich <jbeulich(a)suse.com> Reviewed-by: Tim Deegan <tim(a)xen.org> --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -1028,10 +1028,14 @@ void shadow_promote(struct domain *d, mf /* Is the page already shadowed? */ if ( !test_and_set_bit(_PGC_page_table, &page->count_info) ) + { page->shadow_flags = 0; + if ( is_hvm_domain(d) ) + page->pagetable_dying = false; + } - ASSERT(!test_bit(type, &page->shadow_flags)); - set_bit(type, &page->shadow_flags); + ASSERT(!(page->shadow_flags & (1u << type))); + page->shadow_flags |= 1u << type; TRACE_SHADOW_PATH_FLAG(TRCE_SFLAG_PROMOTE); } @@ -1040,9 +1044,9 @@ void shadow_demote(struct domain *d, mfn struct page_info *page = mfn_to_page(gmfn); ASSERT(test_bit(_PGC_page_table, &page->count_info)); - ASSERT(test_bit(type, &page->shadow_flags)); + ASSERT(page->shadow_flags & (1u << type)); - clear_bit(type, &page->shadow_flags); + page->shadow_flags &= ~(1u << type); if ( (page->shadow_flags & SHF_page_type_mask) == 0 ) { @@ -2921,7 +2925,7 @@ void sh_remove_shadows(struct domain *d, if ( !fast && all && (pg->count_info & PGC_page_table) ) { SHADOW_ERROR("can't find all shadows of mfn %"PRI_mfn" " - "(shadow_flags=%08x)\n", + "(shadow_flags=%04x)\n", mfn_x(gmfn), pg->shadow_flags); domain_crash(d); } --- a/xen/arch/x86/mm/shadow/multi.c +++ b/xen/arch/x86/mm/shadow/multi.c @@ -3299,8 +3299,8 @@ static int sh_page_fault(struct vcpu *v, /* Unshadow if we are writing to a toplevel pagetable that is * flagged as a dying process, and that is not currently used. */ - if ( sh_mfn_is_a_page_table(gmfn) - && (mfn_to_page(gmfn)->shadow_flags & SHF_pagetable_dying) ) + if ( sh_mfn_is_a_page_table(gmfn) && is_hvm_domain(d) && + mfn_to_page(gmfn)->pagetable_dying ) { int used = 0; struct vcpu *tmp; @@ -4254,9 +4254,9 @@ int sh_rm_write_access_from_sl1p(struct ASSERT(mfn_valid(smfn)); /* Remember if we've been told that this process is being torn down */ - if ( curr->domain == d ) + if ( curr->domain == d && is_hvm_domain(d) ) curr->arch.paging.shadow.pagetable_dying - = !!(mfn_to_page(gmfn)->shadow_flags & SHF_pagetable_dying); + = mfn_to_page(gmfn)->pagetable_dying; sp = mfn_to_page(smfn); @@ -4572,10 +4572,10 @@ static void sh_pagetable_dying(struct vc : shadow_hash_lookup(d, mfn_x(gmfn), SH_type_l2_pae_shadow); } - if ( mfn_valid(smfn) ) + if ( mfn_valid(smfn) && is_hvm_domain(d) ) { gmfn = _mfn(mfn_to_page(smfn)->v.sh.back); - mfn_to_page(gmfn)->shadow_flags |= SHF_pagetable_dying; + mfn_to_page(gmfn)->pagetable_dying = true; shadow_unhook_mappings(d, smfn, 1/* user pages only */); flush = 1; } @@ -4612,9 +4612,9 @@ static void sh_pagetable_dying(struct vc smfn = shadow_hash_lookup(d, mfn_x(gmfn), SH_type_l4_64_shadow); #endif - if ( mfn_valid(smfn) ) + if ( mfn_valid(smfn) && is_hvm_domain(d) ) { - mfn_to_page(gmfn)->shadow_flags |= SHF_pagetable_dying; + mfn_to_page(gmfn)->pagetable_dying = true; shadow_unhook_mappings(d, smfn, 1/* user pages only */); /* Now flush the TLB: we removed toplevel mappings. */ flush_tlb_mask(d->dirty_cpumask); --- a/xen/arch/x86/mm/shadow/private.h +++ b/xen/arch/x86/mm/shadow/private.h @@ -292,8 +292,6 @@ static inline void sh_terminate_list(str #endif /* (SHADOW_OPTIMIZATIONS & SHOPT_OUT_OF_SYNC) */ -#define SHF_pagetable_dying (1u<<31) - static inline int sh_page_has_multiple_shadows(struct page_info *pg) { u32 shadows; --- a/xen/include/asm-x86/mm.h +++ b/xen/include/asm-x86/mm.h @@ -259,8 +259,15 @@ struct page_info * Guest pages with a shadow. This does not conflict with * tlbflush_timestamp since page table pages are explicitly not * tracked for TLB-flush avoidance when a guest runs in shadow mode. + * + * pagetable_dying is used for HVM domains only. The layout here has + * to avoid re-use of the space used by linear_pt_count, which (only) + * PV guests use. */ - u32 shadow_flags; + struct { + uint16_t shadow_flags; + bool pagetable_dying; + }; /* When in use as a shadow, next shadow in this hash chain. */ __pdx_t next_shadow;

1 0

commit libgcrypt for openSUSE:Factory
by root 03 Dec '18

03 Dec '18

Hello community, here is the log from the commit of package libgcrypt for openSUSE:Factory checked in at 2018-12-03 10:03:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old) and /work/SRC/openSUSE:Factory/.libgcrypt.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libgcrypt" Mon Dec 3 10:03:49 2018 rev:75 rq:652051 version:1.8.4 Changes: -------- --- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2018-11-08 09:41:06.657617045 +0100 +++ /work/SRC/openSUSE:Factory/.libgcrypt.new.19453/libgcrypt.changes 2018-12-03 10:04:00.724060437 +0100 @@ -1,0 +2,7 @@ +Mon Nov 26 17:09:47 UTC 2018 - Vítězslav Čížek <vcizek(a)suse.com> + +- Fail selftests when checksum file is missing in FIPS mode only + (bsc#1117355) + * add libgcrypt-binary_integrity_in_non-FIPS.patch + +------------------------------------------------------------------- New: ---- libgcrypt-binary_integrity_in_non-FIPS.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libgcrypt.spec ++++++ --- /var/tmp/diff_new_pack.0ddWZi/_old 2018-12-03 10:04:02.660058671 +0100 +++ /var/tmp/diff_new_pack.0ddWZi/_new 2018-12-03 10:04:02.664058667 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -57,6 +57,7 @@ Patch35: libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch #PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-verify Patch36: libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch +Patch37: libgcrypt-binary_integrity_in_non-FIPS.patch BuildRequires: automake >= 1.14 BuildRequires: fipscheck BuildRequires: libgpg-error-devel >= 1.25 @@ -149,6 +150,7 @@ %patch14 -p1 %patch35 -p1 %patch36 -p1 +%patch37 -p1 %build echo building with build_hmac256 set to %{build_hmac256} ++++++ libgcrypt-binary_integrity_in_non-FIPS.patch ++++++ Index: libgcrypt-1.8.4/src/fips.c =================================================================== --- libgcrypt-1.8.4.orig/src/fips.c 2018-11-26 17:30:28.040692529 +0100 +++ libgcrypt-1.8.4/src/fips.c 2018-11-26 17:59:04.130934181 +0100 @@ -663,7 +663,11 @@ check_binary_integrity (void) /* Open the file. */ fp = fopen (fname, "r"); if (!fp) - err = gpg_error_from_syserror (); + { + /* Missing checksum is a problem only in FIPS mode */ + if (fips_mode() || errno != ENOENT) + err = gpg_error_from_syserror (); + } else { /* A buffer of 64 bytes plus one for a LF and one to

1 0

commit ldb for openSUSE:Factory
by root 03 Dec '18

03 Dec '18

Hello community, here is the log from the commit of package ldb for openSUSE:Factory checked in at 2018-12-03 10:03:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ldb (Old) and /work/SRC/openSUSE:Factory/.ldb.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ldb" Mon Dec 3 10:03:42 2018 rev:41 rq:652050 version:1.4.3 Changes: -------- --- /work/SRC/openSUSE:Factory/ldb/ldb.changes 2018-10-04 18:59:53.955303600 +0200 +++ /work/SRC/openSUSE:Factory/.ldb.new.19453/ldb.changes 2018-12-03 10:03:45.220074582 +0100 @@ -1,0 +2,6 @@ +Mon Nov 12 17:33:03 UTC 2018 - Samuel Cabrero <scabrero(a)suse.de> + +- Update to 1.4.3 + + Python: Ensure ldb.Dn can accept utf8 encoded unicode (bug 13616) + +------------------------------------------------------------------- @@ -9 +15 @@ -+- Update to 1.4.2 +- Update to 1.4.2 Old: ---- ldb-1.4.2.tar.asc ldb-1.4.2.tar.gz New: ---- ldb-1.4.3.tar.asc ldb-1.4.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ldb.spec ++++++ --- /var/tmp/diff_new_pack.GaF7Qx/_old 2018-12-03 10:03:45.680074163 +0100 +++ /var/tmp/diff_new_pack.GaF7Qx/_new 2018-12-03 10:03:45.684074159 +0100 @@ -66,7 +66,7 @@ BuildRequires: lmdb-devel >= %{lmdb_version} %endif Url: https://ldb.samba.org/ -Version: 1.4.2 +Version: 1.4.3 Release: 0 Summary: An LDAP-like embedded database License: LGPL-3.0-or-later ++++++ ldb-1.4.2.tar.gz -> ldb-1.4.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ldb-1.4.2/ABI/ldb-1.4.3.sigs new/ldb-1.4.3/ABI/ldb-1.4.3.sigs --- old/ldb-1.4.2/ABI/ldb-1.4.3.sigs 1970-01-01 01:00:00.000000000 +0100 +++ new/ldb-1.4.3/ABI/ldb-1.4.3.sigs 2018-11-08 09:07:41.000000000 +0100 @@ -0,0 +1,279 @@ +ldb_add: int (struct ldb_context *, const struct ldb_message *) +ldb_any_comparison: int (struct ldb_context *, void *, ldb_attr_handler_t, const struct ldb_val *, const struct ldb_val *) +ldb_asprintf_errstring: void (struct ldb_context *, const char *, ...) +ldb_attr_casefold: char *(TALLOC_CTX *, const char *) +ldb_attr_dn: int (const char *) +ldb_attr_in_list: int (const char * const *, const char *) +ldb_attr_list_copy: const char **(TALLOC_CTX *, const char * const *) +ldb_attr_list_copy_add: const char **(TALLOC_CTX *, const char * const *, const char *) +ldb_base64_decode: int (char *) +ldb_base64_encode: char *(TALLOC_CTX *, const char *, int) +ldb_binary_decode: struct ldb_val (TALLOC_CTX *, const char *) +ldb_binary_encode: char *(TALLOC_CTX *, struct ldb_val) +ldb_binary_encode_string: char *(TALLOC_CTX *, const char *) +ldb_build_add_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_del_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_extended_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const char *, void *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_mod_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_rename_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_search_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, const char *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_search_req_ex: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, struct ldb_parse_tree *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_casefold: char *(struct ldb_context *, TALLOC_CTX *, const char *, size_t) +ldb_casefold_default: char *(void *, TALLOC_CTX *, const char *, size_t) +ldb_check_critical_controls: int (struct ldb_control **) +ldb_comparison_binary: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) +ldb_comparison_fold: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) +ldb_connect: int (struct ldb_context *, const char *, unsigned int, const char **) +ldb_control_to_string: char *(TALLOC_CTX *, const struct ldb_control *) +ldb_controls_except_specified: struct ldb_control **(struct ldb_control **, TALLOC_CTX *, struct ldb_control *) +ldb_debug: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) +ldb_debug_add: void (struct ldb_context *, const char *, ...) +ldb_debug_end: void (struct ldb_context *, enum ldb_debug_level) +ldb_debug_set: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) +ldb_delete: int (struct ldb_context *, struct ldb_dn *) +ldb_dn_add_base: bool (struct ldb_dn *, struct ldb_dn *) +ldb_dn_add_base_fmt: bool (struct ldb_dn *, const char *, ...) +ldb_dn_add_child: bool (struct ldb_dn *, struct ldb_dn *) +ldb_dn_add_child_fmt: bool (struct ldb_dn *, const char *, ...) +ldb_dn_alloc_casefold: char *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_alloc_linearized: char *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_canonical_ex_string: char *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_canonical_string: char *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_check_local: bool (struct ldb_module *, struct ldb_dn *) +ldb_dn_check_special: bool (struct ldb_dn *, const char *) +ldb_dn_compare: int (struct ldb_dn *, struct ldb_dn *) +ldb_dn_compare_base: int (struct ldb_dn *, struct ldb_dn *) +ldb_dn_copy: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_escape_value: char *(TALLOC_CTX *, struct ldb_val) +ldb_dn_extended_add_syntax: int (struct ldb_context *, unsigned int, const struct ldb_dn_extended_syntax *) +ldb_dn_extended_filter: void (struct ldb_dn *, const char * const *) +ldb_dn_extended_syntax_by_name: const struct ldb_dn_extended_syntax *(struct ldb_context *, const char *) +ldb_dn_from_ldb_val: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const struct ldb_val *) +ldb_dn_get_casefold: const char *(struct ldb_dn *) +ldb_dn_get_comp_num: int (struct ldb_dn *) +ldb_dn_get_component_name: const char *(struct ldb_dn *, unsigned int) +ldb_dn_get_component_val: const struct ldb_val *(struct ldb_dn *, unsigned int) +ldb_dn_get_extended_comp_num: int (struct ldb_dn *) +ldb_dn_get_extended_component: const struct ldb_val *(struct ldb_dn *, const char *) +ldb_dn_get_extended_linearized: char *(TALLOC_CTX *, struct ldb_dn *, int) +ldb_dn_get_ldb_context: struct ldb_context *(struct ldb_dn *) +ldb_dn_get_linearized: const char *(struct ldb_dn *) +ldb_dn_get_parent: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_get_rdn_name: const char *(struct ldb_dn *) +ldb_dn_get_rdn_val: const struct ldb_val *(struct ldb_dn *) +ldb_dn_has_extended: bool (struct ldb_dn *) +ldb_dn_is_null: bool (struct ldb_dn *) +ldb_dn_is_special: bool (struct ldb_dn *) +ldb_dn_is_valid: bool (struct ldb_dn *) +ldb_dn_map_local: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) +ldb_dn_map_rebase_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) +ldb_dn_map_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) +ldb_dn_minimise: bool (struct ldb_dn *) +ldb_dn_new: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *) +ldb_dn_new_fmt: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *, ...) +ldb_dn_remove_base_components: bool (struct ldb_dn *, unsigned int) +ldb_dn_remove_child_components: bool (struct ldb_dn *, unsigned int) +ldb_dn_remove_extended_components: void (struct ldb_dn *) +ldb_dn_replace_components: bool (struct ldb_dn *, struct ldb_dn *) +ldb_dn_set_component: int (struct ldb_dn *, int, const char *, const struct ldb_val) +ldb_dn_set_extended_component: int (struct ldb_dn *, const char *, const struct ldb_val *) +ldb_dn_update_components: int (struct ldb_dn *, const struct ldb_dn *) +ldb_dn_validate: bool (struct ldb_dn *) +ldb_dump_results: void (struct ldb_context *, struct ldb_result *, FILE *) +ldb_error_at: int (struct ldb_context *, int, const char *, const char *, int) +ldb_errstring: const char *(struct ldb_context *) +ldb_extended: int (struct ldb_context *, const char *, void *, struct ldb_result **) +ldb_extended_default_callback: int (struct ldb_request *, struct ldb_reply *) +ldb_filter_from_tree: char *(TALLOC_CTX *, const struct ldb_parse_tree *) +ldb_get_config_basedn: struct ldb_dn *(struct ldb_context *) +ldb_get_create_perms: unsigned int (struct ldb_context *) +ldb_get_default_basedn: struct ldb_dn *(struct ldb_context *) +ldb_get_event_context: struct tevent_context *(struct ldb_context *) +ldb_get_flags: unsigned int (struct ldb_context *) +ldb_get_opaque: void *(struct ldb_context *, const char *) +ldb_get_root_basedn: struct ldb_dn *(struct ldb_context *) +ldb_get_schema_basedn: struct ldb_dn *(struct ldb_context *) +ldb_global_init: int (void) +ldb_handle_get_event_context: struct tevent_context *(struct ldb_handle *) +ldb_handle_new: struct ldb_handle *(TALLOC_CTX *, struct ldb_context *) +ldb_handle_use_global_event_context: void (struct ldb_handle *) +ldb_handler_copy: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) +ldb_handler_fold: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) +ldb_init: struct ldb_context *(TALLOC_CTX *, struct tevent_context *) +ldb_ldif_message_redacted_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) +ldb_ldif_message_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) +ldb_ldif_parse_modrdn: int (struct ldb_context *, const struct ldb_ldif *, TALLOC_CTX *, struct ldb_dn **, struct ldb_dn **, bool *, struct ldb_dn **, struct ldb_dn **) +ldb_ldif_read: struct ldb_ldif *(struct ldb_context *, int (*)(void *), void *) +ldb_ldif_read_file: struct ldb_ldif *(struct ldb_context *, FILE *) +ldb_ldif_read_file_state: struct ldb_ldif *(struct ldb_context *, struct ldif_read_file_state *) +ldb_ldif_read_free: void (struct ldb_context *, struct ldb_ldif *) +ldb_ldif_read_string: struct ldb_ldif *(struct ldb_context *, const char **) +ldb_ldif_write: int (struct ldb_context *, int (*)(void *, const char *, ...), void *, const struct ldb_ldif *) +ldb_ldif_write_file: int (struct ldb_context *, FILE *, const struct ldb_ldif *) +ldb_ldif_write_redacted_trace_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) +ldb_ldif_write_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) +ldb_load_modules: int (struct ldb_context *, const char **) +ldb_map_add: int (struct ldb_module *, struct ldb_request *) +ldb_map_delete: int (struct ldb_module *, struct ldb_request *) +ldb_map_init: int (struct ldb_module *, const struct ldb_map_attribute *, const struct ldb_map_objectclass *, const char * const *, const char *, const char *) +ldb_map_modify: int (struct ldb_module *, struct ldb_request *) +ldb_map_rename: int (struct ldb_module *, struct ldb_request *) +ldb_map_search: int (struct ldb_module *, struct ldb_request *) +ldb_match_message: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, enum ldb_scope, bool *) +ldb_match_msg: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope) +ldb_match_msg_error: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope, bool *) +ldb_match_msg_objectclass: int (const struct ldb_message *, const char *) +ldb_mod_register_control: int (struct ldb_module *, const char *) +ldb_modify: int (struct ldb_context *, const struct ldb_message *) +ldb_modify_default_callback: int (struct ldb_request *, struct ldb_reply *) +ldb_module_call_chain: char *(struct ldb_request *, TALLOC_CTX *) +ldb_module_connect_backend: int (struct ldb_context *, const char *, const char **, struct ldb_module **) +ldb_module_done: int (struct ldb_request *, struct ldb_control **, struct ldb_extended *, int) +ldb_module_flags: uint32_t (struct ldb_context *) +ldb_module_get_ctx: struct ldb_context *(struct ldb_module *) +ldb_module_get_name: const char *(struct ldb_module *) +ldb_module_get_ops: const struct ldb_module_ops *(struct ldb_module *) +ldb_module_get_private: void *(struct ldb_module *) +ldb_module_init_chain: int (struct ldb_context *, struct ldb_module *) +ldb_module_load_list: int (struct ldb_context *, const char **, struct ldb_module *, struct ldb_module **) +ldb_module_new: struct ldb_module *(TALLOC_CTX *, struct ldb_context *, const char *, const struct ldb_module_ops *) +ldb_module_next: struct ldb_module *(struct ldb_module *) +ldb_module_popt_options: struct poptOption **(struct ldb_context *) +ldb_module_send_entry: int (struct ldb_request *, struct ldb_message *, struct ldb_control **) +ldb_module_send_referral: int (struct ldb_request *, char *) +ldb_module_set_next: void (struct ldb_module *, struct ldb_module *) +ldb_module_set_private: void (struct ldb_module *, void *) +ldb_modules_hook: int (struct ldb_context *, enum ldb_module_hook_type) +ldb_modules_list_from_string: const char **(struct ldb_context *, TALLOC_CTX *, const char *) +ldb_modules_load: int (const char *, const char *) +ldb_msg_add: int (struct ldb_message *, const struct ldb_message_element *, int) +ldb_msg_add_empty: int (struct ldb_message *, const char *, int, struct ldb_message_element **) +ldb_msg_add_fmt: int (struct ldb_message *, const char *, const char *, ...) +ldb_msg_add_linearized_dn: int (struct ldb_message *, const char *, struct ldb_dn *) +ldb_msg_add_steal_string: int (struct ldb_message *, const char *, char *) +ldb_msg_add_steal_value: int (struct ldb_message *, const char *, struct ldb_val *) +ldb_msg_add_string: int (struct ldb_message *, const char *, const char *) +ldb_msg_add_value: int (struct ldb_message *, const char *, const struct ldb_val *, struct ldb_message_element **) +ldb_msg_canonicalize: struct ldb_message *(struct ldb_context *, const struct ldb_message *) +ldb_msg_check_string_attribute: int (const struct ldb_message *, const char *, const char *) +ldb_msg_copy: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) +ldb_msg_copy_attr: int (struct ldb_message *, const char *, const char *) +ldb_msg_copy_shallow: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) +ldb_msg_diff: struct ldb_message *(struct ldb_context *, struct ldb_message *, struct ldb_message *) +ldb_msg_difference: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message *, struct ldb_message *, struct ldb_message **) +ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *) +ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *) +ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *) +ldb_msg_find_attr_as_bool: int (const struct ldb_message *, const char *, int) +ldb_msg_find_attr_as_dn: struct ldb_dn *(struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, const char *) +ldb_msg_find_attr_as_double: double (const struct ldb_message *, const char *, double) +ldb_msg_find_attr_as_int: int (const struct ldb_message *, const char *, int) +ldb_msg_find_attr_as_int64: int64_t (const struct ldb_message *, const char *, int64_t) +ldb_msg_find_attr_as_string: const char *(const struct ldb_message *, const char *, const char *) +ldb_msg_find_attr_as_uint: unsigned int (const struct ldb_message *, const char *, unsigned int) +ldb_msg_find_attr_as_uint64: uint64_t (const struct ldb_message *, const char *, uint64_t) +ldb_msg_find_common_values: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message_element *, struct ldb_message_element *, uint32_t) +ldb_msg_find_duplicate_val: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message_element *, struct ldb_val **, uint32_t) +ldb_msg_find_element: struct ldb_message_element *(const struct ldb_message *, const char *) +ldb_msg_find_ldb_val: const struct ldb_val *(const struct ldb_message *, const char *) +ldb_msg_find_val: struct ldb_val *(const struct ldb_message_element *, struct ldb_val *) +ldb_msg_new: struct ldb_message *(TALLOC_CTX *) +ldb_msg_normalize: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_message **) +ldb_msg_remove_attr: void (struct ldb_message *, const char *) +ldb_msg_remove_element: void (struct ldb_message *, struct ldb_message_element *) +ldb_msg_rename_attr: int (struct ldb_message *, const char *, const char *) +ldb_msg_sanity_check: int (struct ldb_context *, const struct ldb_message *) +ldb_msg_sort_elements: void (struct ldb_message *) +ldb_next_del_trans: int (struct ldb_module *) +ldb_next_end_trans: int (struct ldb_module *) +ldb_next_init: int (struct ldb_module *) +ldb_next_prepare_commit: int (struct ldb_module *) +ldb_next_read_lock: int (struct ldb_module *) +ldb_next_read_unlock: int (struct ldb_module *) +ldb_next_remote_request: int (struct ldb_module *, struct ldb_request *) +ldb_next_request: int (struct ldb_module *, struct ldb_request *) +ldb_next_start_trans: int (struct ldb_module *) +ldb_op_default_callback: int (struct ldb_request *, struct ldb_reply *) +ldb_options_find: const char *(struct ldb_context *, const char **, const char *) +ldb_pack_data: int (struct ldb_context *, const struct ldb_message *, struct ldb_val *) +ldb_parse_control_from_string: struct ldb_control *(struct ldb_context *, TALLOC_CTX *, const char *) +ldb_parse_control_strings: struct ldb_control **(struct ldb_context *, TALLOC_CTX *, const char **) +ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *) +ldb_parse_tree_attr_replace: void (struct ldb_parse_tree *, const char *, const char *) +ldb_parse_tree_copy_shallow: struct ldb_parse_tree *(TALLOC_CTX *, const struct ldb_parse_tree *) +ldb_parse_tree_walk: int (struct ldb_parse_tree *, int (*)(struct ldb_parse_tree *, void *), void *) +ldb_qsort: void (void * const, size_t, size_t, void *, ldb_qsort_cmp_fn_t) +ldb_register_backend: int (const char *, ldb_connect_fn, bool) +ldb_register_extended_match_rule: int (struct ldb_context *, const struct ldb_extended_match_rule *) +ldb_register_hook: int (ldb_hook_fn) +ldb_register_module: int (const struct ldb_module_ops *) +ldb_rename: int (struct ldb_context *, struct ldb_dn *, struct ldb_dn *) +ldb_reply_add_control: int (struct ldb_reply *, const char *, bool, void *) +ldb_reply_get_control: struct ldb_control *(struct ldb_reply *, const char *) +ldb_req_get_custom_flags: uint32_t (struct ldb_request *) +ldb_req_is_untrusted: bool (struct ldb_request *) +ldb_req_location: const char *(struct ldb_request *) +ldb_req_mark_trusted: void (struct ldb_request *) +ldb_req_mark_untrusted: void (struct ldb_request *) +ldb_req_set_custom_flags: void (struct ldb_request *, uint32_t) +ldb_req_set_location: void (struct ldb_request *, const char *) +ldb_request: int (struct ldb_context *, struct ldb_request *) +ldb_request_add_control: int (struct ldb_request *, const char *, bool, void *) +ldb_request_done: int (struct ldb_request *, int) +ldb_request_get_control: struct ldb_control *(struct ldb_request *, const char *) +ldb_request_get_status: int (struct ldb_request *) +ldb_request_replace_control: int (struct ldb_request *, const char *, bool, void *) +ldb_request_set_state: void (struct ldb_request *, int) +ldb_reset_err_string: void (struct ldb_context *) +ldb_save_controls: int (struct ldb_control *, struct ldb_request *, struct ldb_control ***) +ldb_schema_attribute_add: int (struct ldb_context *, const char *, unsigned int, const char *) +ldb_schema_attribute_add_with_syntax: int (struct ldb_context *, const char *, unsigned int, const struct ldb_schema_syntax *) +ldb_schema_attribute_by_name: const struct ldb_schema_attribute *(struct ldb_context *, const char *) +ldb_schema_attribute_fill_with_syntax: int (struct ldb_context *, TALLOC_CTX *, const char *, unsigned int, const struct ldb_schema_syntax *, struct ldb_schema_attribute *) +ldb_schema_attribute_remove: void (struct ldb_context *, const char *) +ldb_schema_attribute_remove_flagged: void (struct ldb_context *, unsigned int) +ldb_schema_attribute_set_override_handler: void (struct ldb_context *, ldb_attribute_handler_override_fn_t, void *) +ldb_schema_set_override_GUID_index: void (struct ldb_context *, const char *, const char *) +ldb_schema_set_override_indexlist: void (struct ldb_context *, bool) +ldb_search: int (struct ldb_context *, TALLOC_CTX *, struct ldb_result **, struct ldb_dn *, enum ldb_scope, const char * const *, const char *, ...) +ldb_search_default_callback: int (struct ldb_request *, struct ldb_reply *) +ldb_sequence_number: int (struct ldb_context *, enum ldb_sequence_type, uint64_t *) +ldb_set_create_perms: void (struct ldb_context *, unsigned int) +ldb_set_debug: int (struct ldb_context *, void (*)(void *, enum ldb_debug_level, const char *, va_list), void *) +ldb_set_debug_stderr: int (struct ldb_context *) +ldb_set_default_dns: void (struct ldb_context *) +ldb_set_errstring: void (struct ldb_context *, const char *) +ldb_set_event_context: void (struct ldb_context *, struct tevent_context *) +ldb_set_flags: void (struct ldb_context *, unsigned int) +ldb_set_modules_dir: void (struct ldb_context *, const char *) +ldb_set_opaque: int (struct ldb_context *, const char *, void *) +ldb_set_require_private_event_context: void (struct ldb_context *) +ldb_set_timeout: int (struct ldb_context *, struct ldb_request *, int) +ldb_set_timeout_from_prev_req: int (struct ldb_context *, struct ldb_request *, struct ldb_request *) +ldb_set_utf8_default: void (struct ldb_context *) +ldb_set_utf8_fns: void (struct ldb_context *, void *, char *(*)(void *, void *, const char *, size_t)) +ldb_setup_wellknown_attributes: int (struct ldb_context *) +ldb_should_b64_encode: int (struct ldb_context *, const struct ldb_val *) +ldb_standard_syntax_by_name: const struct ldb_schema_syntax *(struct ldb_context *, const char *) +ldb_strerror: const char *(int) +ldb_string_to_time: time_t (const char *) +ldb_string_utc_to_time: time_t (const char *) +ldb_timestring: char *(TALLOC_CTX *, time_t) +ldb_timestring_utc: char *(TALLOC_CTX *, time_t) +ldb_transaction_cancel: int (struct ldb_context *) +ldb_transaction_cancel_noerr: int (struct ldb_context *) +ldb_transaction_commit: int (struct ldb_context *) +ldb_transaction_prepare_commit: int (struct ldb_context *) +ldb_transaction_start: int (struct ldb_context *) +ldb_unpack_data: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *) +ldb_unpack_data_only_attr_list: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int *) +ldb_unpack_data_only_attr_list_flags: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int, unsigned int *) +ldb_val_dup: struct ldb_val (TALLOC_CTX *, const struct ldb_val *) +ldb_val_equal_exact: int (const struct ldb_val *, const struct ldb_val *) +ldb_val_map_local: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) +ldb_val_map_remote: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) +ldb_val_string_cmp: int (const struct ldb_val *, const char *) +ldb_val_to_time: int (const struct ldb_val *, time_t *) +ldb_valid_attr_name: int (const char *) +ldb_vdebug: void (struct ldb_context *, enum ldb_debug_level, const char *, va_list) +ldb_wait: int (struct ldb_handle *, enum ldb_wait_type) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ldb-1.4.2/ABI/pyldb-util-1.4.3.sigs new/ldb-1.4.3/ABI/pyldb-util-1.4.3.sigs --- old/ldb-1.4.2/ABI/pyldb-util-1.4.3.sigs 1970-01-01 01:00:00.000000000 +0100 +++ new/ldb-1.4.3/ABI/pyldb-util-1.4.3.sigs 2018-11-08 09:07:41.000000000 +0100 @@ -0,0 +1,2 @@ +pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) +pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ldb-1.4.2/ABI/pyldb-util.py3-1.4.3.sigs new/ldb-1.4.3/ABI/pyldb-util.py3-1.4.3.sigs --- old/ldb-1.4.2/ABI/pyldb-util.py3-1.4.3.sigs 1970-01-01 01:00:00.000000000 +0100 +++ new/ldb-1.4.3/ABI/pyldb-util.py3-1.4.3.sigs 2018-11-08 09:07:41.000000000 +0100 @@ -0,0 +1,2 @@ +pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) +pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ldb-1.4.2/buildtools/wafsamba/samba_abi.py new/ldb-1.4.3/buildtools/wafsamba/samba_abi.py --- old/ldb-1.4.2/buildtools/wafsamba/samba_abi.py 2018-08-14 21:24:37.000000000 +0200 +++ new/ldb-1.4.3/buildtools/wafsamba/samba_abi.py 2018-11-08 09:07:41.000000000 +0100 @@ -192,10 +192,12 @@ f.write("\t\t%s;\n" % x) else: f.write("\t\t*;\n") - if abi_match != ["*"]: - f.write("\tlocal:\n") - for x in local_abi: - f.write("\t\t%s;\n" % x[1:]) + # Always hide symbols that must be local if exist + local_abi.extend(["!_end", "!__bss_start", "!_edata"]) + f.write("\tlocal:\n") + for x in local_abi: + f.write("\t\t%s;\n" % x[1:]) + if global_abi != ["*"]: if len(global_abi) > 0: f.write("\t\t*;\n") f.write("};\n") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ldb-1.4.2/buildtools/wafsamba/samba_autoconf.py new/ldb-1.4.3/buildtools/wafsamba/samba_autoconf.py --- old/ldb-1.4.2/buildtools/wafsamba/samba_autoconf.py 2018-08-14 17:34:20.000000000 +0200 +++ new/ldb-1.4.3/buildtools/wafsamba/samba_autoconf.py 2018-11-08 09:07:41.000000000 +0100 @@ -674,23 +674,42 @@ return # we need to build real code that can't be optimized away to test - if conf.check(fragment=''' - #include <stdio.h> + stack_protect_list = ['-fstack-protector-strong', '-fstack-protector'] + for stack_protect_flag in stack_protect_list: + flag_supported = conf.check(fragment=''' + #include <stdio.h> - int main(void) - { - char t[100000]; - while (fgets(t, sizeof(t), stdin)); - return 0; - } - ''', - execute=0, - ccflags='-fstack-protector', - ldflags='-fstack-protector', - mandatory=False, - msg='Checking if toolchain accepts -fstack-protector'): - conf.ADD_CFLAGS('-fstack-protector') - conf.ADD_LDFLAGS('-fstack-protector') + int main(void) + { + char t[100000]; + while (fgets(t, sizeof(t), stdin)); + return 0; + } + ''', + execute=0, + ccflags=[ '-Werror', '-Wp,-D_FORTIFY_SOURCE=2', stack_protect_flag], + mandatory=False, + msg='Checking if compiler accepts %s' % (stack_protect_flag)) + if flag_supported: + conf.ADD_CFLAGS('-Wp,-D_FORTIFY_SOURCE=2 %s' % (stack_protect_flag)) + break + + flag_supported = conf.check(fragment=''' + #include <stdio.h> + + int main(void) + { + char t[100000]; + while (fgets(t, sizeof(t), stdin)); + return 0; + } + ''', + execute=0, + ccflags=[ '-Werror', '-fstack-clash-protection'], + mandatory=False, + msg='Checking if compiler accepts -fstack-clash-protection') + if flag_supported: + conf.ADD_CFLAGS('-fstack-clash-protection') if Options.options.debug: conf.ADD_CFLAGS('-g', testflags=True) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ldb-1.4.2/buildtools/wafsamba/samba_utils.py new/ldb-1.4.3/buildtools/wafsamba/samba_utils.py --- old/ldb-1.4.2/buildtools/wafsamba/samba_utils.py 2017-02-27 20:23:11.000000000 +0100 +++ new/ldb-1.4.3/buildtools/wafsamba/samba_utils.py 2018-11-08 09:07:41.000000000 +0100 @@ -467,6 +467,7 @@ if makeflags is None: return jobs_set = False + jobs = None # we need to use shlex.split to cope with the escaping of spaces # in makeflags for opt in shlex.split(makeflags): @@ -489,17 +490,21 @@ setattr(Options.options, opt[0:loc], opt[loc+1:]) elif opt[0] != '-': for v in opt: - if v == 'j': + if re.search(r'j[0-9]*$', v): jobs_set = True + jobs = opt.strip('j') elif v == 'k': Options.options.keep = True - elif opt == '-j': + elif re.search(r'-j[0-9]*$', opt): jobs_set = True + jobs = opt.strip('-j') elif opt == '-k': Options.options.keep = True if not jobs_set: # default to one job Options.options.jobs = 1 + elif jobs_set and jobs: + Options.options.jobs = int(jobs) Build.BuildContext.CHECK_MAKEFLAGS = CHECK_MAKEFLAGS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ldb-1.4.2/buildtools/wafsamba/tests/test_abi.py new/ldb-1.4.3/buildtools/wafsamba/tests/test_abi.py --- old/ldb-1.4.2/buildtools/wafsamba/tests/test_abi.py 2018-08-14 21:24:37.000000000 +0200 +++ new/ldb-1.4.3/buildtools/wafsamba/tests/test_abi.py 2018-11-08 09:07:41.000000000 +0100 @@ -66,6 +66,10 @@ 1.0 { \tglobal: \t\t*; +\tlocal: +\t\t_end; +\t\t__bss_start; +\t\t_edata; }; """) @@ -84,6 +88,10 @@ 1.0 { \tglobal: \t\t*; +\tlocal: +\t\t_end; +\t\t__bss_start; +\t\t_edata; }; """) @@ -99,6 +107,9 @@ \t\t*; \tlocal: \t\texc_*; +\t\t_end; +\t\t__bss_start; +\t\t_edata; }; """) @@ -115,6 +126,9 @@ \t\tpub_*; \tlocal: \t\texc_*; +\t\t_end; +\t\t__bss_start; +\t\t_edata; \t\t*; }; """) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ldb-1.4.2/lib/tevent/test_req.c new/ldb-1.4.3/lib/tevent/test_req.c --- old/ldb-1.4.2/lib/tevent/test_req.c 2018-08-14 17:34:20.000000000 +0200 +++ new/ldb-1.4.3/lib/tevent/test_req.c 2018-11-08 09:07:42.000000000 +0100 @@ -170,6 +170,7 @@ pid_t pid1, pid2; enum tevent_req_state state1, state2; uint64_t err1, err2; + char *printstring; ssize_t pack_len; int err; bool ok; @@ -189,7 +190,12 @@ TALLOC_FREE(req); TALLOC_FREE(ev); - tevent_req_profile_print(p1, stdout, 0, UINT_MAX); + printstring = tevent_req_profile_string(tctx, p1, 0, UINT_MAX); + torture_assert_not_null( + tctx, + printstring, + "tevent_req_profile_string failed\n"); + printf("%s\n", printstring); pack_len = tevent_req_profile_pack(p1, NULL, 0); torture_assert(tctx, pack_len>0, "profile_pack failed\n"); @@ -212,7 +218,12 @@ "profile_unpack failed\n"); } - tevent_req_profile_print(p2, stdout, 0, UINT_MAX); + printstring = tevent_req_profile_string(tctx, p2, 0, UINT_MAX); + torture_assert_not_null( + tctx, + printstring, + "tevent_req_profile_string failed\n"); + printf("%s\n", printstring); tevent_req_profile_get_name(p1, &str1); tevent_req_profile_get_name(p2, &str2); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ldb-1.4.2/pyldb.c new/ldb-1.4.3/pyldb.c --- old/ldb-1.4.2/pyldb.c 2018-08-14 21:24:37.000000000 +0200 +++ new/ldb-1.4.3/pyldb.c 2018-11-08 09:07:41.000000000 +0100 @@ -857,22 +857,22 @@ static PyObject *py_ldb_dn_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) { - struct ldb_dn *ret; - char *str; - PyObject *py_ldb; - struct ldb_context *ldb_ctx; - TALLOC_CTX *mem_ctx; - PyLdbDnObject *py_ret; + struct ldb_dn *ret = NULL; + char *str = NULL; + PyObject *py_ldb = NULL; + struct ldb_context *ldb_ctx = NULL; + TALLOC_CTX *mem_ctx = NULL; + PyLdbDnObject *py_ret = NULL; const char * const kwnames[] = { "ldb", "dn", NULL }; - if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Os", + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Oes", discard_const_p(char *, kwnames), - &py_ldb, &str)) - return NULL; + &py_ldb, "utf8", &str)) + goto out; if (!PyLdb_Check(py_ldb)) { PyErr_SetString(PyExc_TypeError, "Expected Ldb"); - return NULL; + goto out; } ldb_ctx = pyldb_Ldb_AsLdbContext(py_ldb); @@ -880,24 +880,28 @@ mem_ctx = talloc_new(NULL); if (mem_ctx == NULL) { PyErr_NoMemory(); - return NULL; + goto out; } ret = ldb_dn_new(mem_ctx, ldb_ctx, str); if (!ldb_dn_validate(ret)) { talloc_free(mem_ctx); PyErr_SetString(PyExc_ValueError, "unable to parse dn string"); - return NULL; + goto out; } py_ret = (PyLdbDnObject *)type->tp_alloc(type, 0); - if (ret == NULL) { + if (py_ret == NULL) { talloc_free(mem_ctx); PyErr_NoMemory(); - return NULL; + goto out; } py_ret->mem_ctx = mem_ctx; py_ret->dn = ret; +out: + if (str != NULL) { + PyMem_Free(discard_const_p(char, str)); + } return (PyObject *)py_ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ldb-1.4.2/tests/python/api.py new/ldb-1.4.3/tests/python/api.py --- old/ldb-1.4.2/tests/python/api.py 2018-08-14 17:34:20.000000000 +0200 +++ new/ldb-1.4.3/tests/python/api.py 2018-11-08 09:07:41.000000000 +0100 @@ -137,6 +137,10 @@ l = ldb.Ldb(self.url(), flags=self.flags()) self.assertEqual(len(l.search(controls=["paged_results:0:5"])), 0) + def test_utf8_ldb_Dn(self): + l = ldb.Ldb(self.url(), flags=self.flags()) + dn = ldb.Dn(l, (b'a=' + b'\xc4\x85\xc4\x87\xc4\x99\xc5\x82\xc5\x84\xc3\xb3\xc5\x9b\xc5\xba\xc5\xbc').decode('utf8')) + def test_search_attrs(self): l = ldb.Ldb(self.url(), flags=self.flags()) self.assertEqual(len(l.search(ldb.Dn(l, ""), ldb.SCOPE_SUBTREE, "(dc=*)", ["dc"])), 0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ldb-1.4.2/wscript new/ldb-1.4.3/wscript --- old/ldb-1.4.2/wscript 2018-08-14 21:24:37.000000000 +0200 +++ new/ldb-1.4.3/wscript 2018-11-08 09:07:41.000000000 +0100 @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'ldb' -VERSION = '1.4.2' +VERSION = '1.4.3' blddir = 'bin'

1 0

commit ncurses for openSUSE:Factory
by root 03 Dec '18

03 Dec '18

Hello community, here is the log from the commit of package ncurses for openSUSE:Factory checked in at 2018-12-03 10:03:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ncurses (Old) and /work/SRC/openSUSE:Factory/.ncurses.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ncurses" Mon Dec 3 10:03:36 2018 rev:149 rq:651982 version:6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/ncurses/ncurses.changes 2018-11-12 09:49:39.572443443 +0100 +++ /work/SRC/openSUSE:Factory/.ncurses.new.19453/ncurses.changes 2018-12-03 10:03:39.464079831 +0100 @@ -1,0 +2,30 @@ +Wed Nov 21 11:37:09 UTC 2018 - Dr. Werner Fink <werner(a)suse.de> + +- Remove screen.xterm from terminfo data base (boo#1103320) as with + this screen uses fallback TERM=screen + +------------------------------------------------------------------- +Mon Nov 19 10:57:18 UTC 2018 - Dr. Werner Fink <werner(a)suse.de> + +- Add ncurses patch 20181117 + + ignore the hex/b64 $TERMINFO in toe's listing. + + correct a status-check in _nc_read_tic_entry() so that if reading + a hex/b64 $TERMINFO, and the $TERM does not match, fall-through to + the compiled-in search list. + +------------------------------------------------------------------- +Mon Nov 12 14:44:30 UTC 2018 - Dr. Werner Fink <werner(a)suse.de> + +- For screen.xterm remove also `rep' feature (repeat char) this + might help on boo#1103320 + +------------------------------------------------------------------- +Mon Nov 12 07:56:07 UTC 2018 - Dr. Werner Fink <werner(a)suse.de> + +- Add ncurses patch 20181110 + + several workarounds to ensure proper C compiler used in parts of + Ada95 tree. + + update config.guess, config.sub from + http://git.savannah.gnu.org/cgit/config.git + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ncurses.spec ++++++ --- /var/tmp/diff_new_pack.Yqs29u/_old 2018-12-03 10:03:40.236079127 +0100 +++ /var/tmp/diff_new_pack.Yqs29u/_new 2018-12-03 10:03:40.236079127 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -963,11 +963,11 @@ # Better screen support and workaround about missing terminfo entries # might be help on boo#812067 as well as on boo#935736 but may cause # boo#940459 (which should be fixed by screen its self!) + rm -vf %{buildroot}%{terminfo s/screen.xterm} (cat > screen.list) <<-EOF %{terminfo s/screen.gnome} %{terminfo s/screen.konsole} %{terminfo s/screen.linux} - %{terminfo s/screen.xterm} EOF (cat > iterm.list) <<-EOF %{terminfo i/iTerm.app} ++++++ ncurses-6.1-patches.tar.bz2 ++++++ ++++ 17245 lines of diff (skipped) ++++++ ncurses-6.1.dif ++++++ --- /var/tmp/diff_new_pack.Yqs29u/_old 2018-12-03 10:03:40.928078496 +0100 +++ /var/tmp/diff_new_pack.Yqs29u/_new 2018-12-03 10:03:40.928078496 +0100 @@ -152,7 +152,7 @@ done --- configure +++ configure 2018-10-29 10:24:12.319041330 +0000 -@@ -5484,7 +5484,7 @@ echo $ECHO_N "checking for an rpath opti +@@ -5485,7 +5485,7 @@ echo $ECHO_N "checking for an rpath opti fi ;; (linux*|gnu*|k*bsd*-gnu|freebsd*) @@ -161,7 +161,7 @@ ;; (openbsd[2-9].*|mirbsd*) LD_RPATH_OPT="-Wl,-rpath," -@@ -13561,12 +13561,15 @@ cat >>$cf_edit_man <<CF_EOF +@@ -13562,12 +13562,15 @@ cat >>$cf_edit_man <<CF_EOF echo '? missing rename for '\$cf_source cf_target="\$cf_source" fi @@ -179,7 +179,7 @@ sed -f $cf_man_alias \\ CF_EOF -@@ -13576,7 +13579,7 @@ cat >>$cf_edit_man <<CF_EOF +@@ -13577,7 +13580,7 @@ cat >>$cf_edit_man <<CF_EOF CF_EOF else cat >>$cf_edit_man <<CF_EOF @@ -188,7 +188,7 @@ CF_EOF fi -@@ -13616,7 +13619,7 @@ cat >>$cf_edit_man <<CF_EOF +@@ -13617,7 +13620,7 @@ cat >>$cf_edit_man <<CF_EOF mv \$TMP.$cf_so_strip \$TMP fi fi @@ -197,7 +197,7 @@ CF_EOF fi -@@ -13625,23 +13628,23 @@ case "$MANPAGE_FORMAT" in +@@ -13626,23 +13629,23 @@ case "$MANPAGE_FORMAT" in cat >>$cf_edit_man <<CF_EOF if test \$form = format ; then # BSDI installs only .0 suffixes in the cat directories @@ -227,7 +227,7 @@ for cf_alias in \$aliases do if test \$section = 1 ; then -@@ -13650,7 +13653,7 @@ cat >>$cf_edit_man <<CF_EOF +@@ -13651,7 +13654,7 @@ cat >>$cf_edit_man <<CF_EOF if test "$MANPAGE_SYMLINKS" = yes ; then if test -f \$cf_alias\${suffix} ; then @@ -236,7 +236,7 @@ then continue fi -@@ -13660,18 +13663,18 @@ CF_EOF +@@ -13661,18 +13664,18 @@ CF_EOF case "x$LN_S" in (*-f) cat >>$cf_edit_man <<CF_EOF @@ -258,7 +258,7 @@ echo ".so \$cf_source" >\$TMP CF_EOF if test -n "$cf_compress" ; then -@@ -13691,9 +13694,9 @@ cat >>$cf_edit_man <<CF_EOF +@@ -13692,9 +13695,9 @@ cat >>$cf_edit_man <<CF_EOF ) ) elif test \$verb = removing ; then @@ -271,7 +271,7 @@ ) test -d \$cf_subdir\${section} && test -n "\$aliases" && ( -@@ -13713,6 +13716,7 @@ cat >>$cf_edit_man <<CF_EOF +@@ -13714,6 +13717,7 @@ cat >>$cf_edit_man <<CF_EOF # echo ".hy 0" cat \$TMP fi @@ -279,7 +279,7 @@ ;; esac done -@@ -24175,6 +24179,7 @@ if test "$with_termlib" != no ; then +@@ -24189,6 +24193,7 @@ if test "$with_termlib" != no ; then TINFO_LDFLAGS="-L${LIB_DIR}" SHLIB_LIST="$SHLIB_LIST -l${TINFO_LIB_SUFFIX}" fi @@ -733,7 +733,7 @@ #: use=screen.xterm-new, +screen.xterm|screen customized for modern xterm, + bce@, bw, -+ invis@, kIC@, kNXT@, kPRV@, meml@, memu@, ++ invis@, kIC@, kNXT@, kPRV@, meml@, memu@, rep@, + sgr=%?%p9%t\E(0%e\E(B%;\E[0%?%p6%t;1%;%?%p2%t;4%;%?%p1%p3%| + %t;7%;%?%p4%t;5%;%?%p5%t;2%;m, + E3@, use=screen+italics, use=screen+fkeys, ++++++ ncurses-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.Yqs29u/_old 2018-12-03 10:03:40.944078482 +0100 +++ /var/tmp/diff_new_pack.Yqs29u/_new 2018-12-03 10:03:40.944078482 +0100 @@ -2,3 +2,4 @@ addFilter(".*shared-lib-calls-exit.*") addFilter(".*non-etc-or-var-file-marked-as-conffile.*") addFilter(".*macro-in-comment.*jobs.*") +addFilter(".*W:.*no-version-in-last-changelog.*")

1 0

commit syslinux for openSUSE:Factory
by root 03 Dec '18

03 Dec '18

Hello community, here is the log from the commit of package syslinux for openSUSE:Factory checked in at 2018-12-03 10:03:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/syslinux (Old) and /work/SRC/openSUSE:Factory/.syslinux.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "syslinux" Mon Dec 3 10:03:12 2018 rev:65 rq:652611 version:4.04 Changes: -------- --- /work/SRC/openSUSE:Factory/syslinux/syslinux.changes 2018-11-08 09:41:32.837586702 +0100 +++ /work/SRC/openSUSE:Factory/.syslinux.new.19453/syslinux.changes 2018-12-03 10:03:13.636103374 +0100 @@ -1,0 +2,6 @@ +Wed Nov 28 09:03:05 UTC 2018 - Martin Liška <mliska(a)suse.cz> + +- Add remove-note-gnu-section.patch: strip a newly added section + in order to fulfil ELF size limits expected. + +------------------------------------------------------------------- New: ---- remove-note-gnu-section.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ syslinux.spec ++++++ --- /var/tmp/diff_new_pack.sRsQzW/_old 2018-12-03 10:03:15.880101329 +0100 +++ /var/tmp/diff_new_pack.sRsQzW/_new 2018-12-03 10:03:15.884101325 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -60,6 +60,7 @@ Patch19: syslinux-4.04-reproducible.patch Patch20: %{name}-%{version}-python3.diff Patch21: sysmacros.patch +Patch22: remove-note-gnu-section.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -97,6 +98,7 @@ %patch19 -p1 %patch20 -p0 %patch21 -p1 +%patch22 -p1 %build cp %{SOURCE2} . ++++++ remove-note-gnu-section.patch ++++++ diff --git a/mbr/Makefile b/mbr/Makefile index be2bded7..59e06915 100644 --- a/mbr/Makefile +++ b/mbr/Makefile @@ -36,7 +36,7 @@ $(LD) $(LDFLAGS) -T mbr.ld -e _start -o $@ $< %.bin: %.elf checksize.pl - $(OBJCOPY) -O binary $< $@ + $(OBJCOPY) -O binary --remove-section .note.gnu.property $< $@ $(PERL) checksize.pl $@ $(CHMOD) -x $@

1 0

commit binutils for openSUSE:Factory
by root 03 Dec '18

03 Dec '18

Hello community, here is the log from the commit of package binutils for openSUSE:Factory checked in at 2018-12-03 10:02:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/binutils (Old) and /work/SRC/openSUSE:Factory/.binutils.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "binutils" Mon Dec 3 10:02:55 2018 rev:130 rq:652180 version:2.31 Changes: -------- --- /work/SRC/openSUSE:Factory/binutils/binutils.changes 2018-08-13 09:53:41.290752780 +0200 +++ /work/SRC/openSUSE:Factory/.binutils.new.19453/binutils.changes 2018-12-03 10:03:04.212111958 +0100 @@ -1,0 +2,51 @@ +Tue Nov 27 12:43:42 UTC 2018 - Martin Liška <mliska(a)suse.cz> + +- Add handle-ELF-compressed-header-alignment-correctly-by-.patch: + PR23919. + +------------------------------------------------------------------- +Tue Aug 28 14:07:15 UTC 2018 - matz(a)suse.com + +- Update to binutils-2_31-branch @e51abf7e3, minor bugfixes in + the support for the X86_ISA_1_* notes. Adds + patch binutils-2.31-branch.diff.gz . +- Add binutils-revert-plt32-in-branches.diff on anything older + than Tumbleweed to not break old tools not expecting + PLT32 instead of PC32 relocs on x86_64. +- Includes fixes for these CVEs: + * from 2.30: + bnc#1065643 aka CVE-2017-15996 aka PR22361 + bnc#1065689 aka CVE-2017-15939 aka PR22205 + bnc#1065693 aka CVE-2017-15938 aka PR22209 + bnc#1068640 aka CVE-2017-16826 aka PR22376 + bnc#1068643 aka CVE-2017-16832 aka PR22373 + bnc#1068887 aka CVE-2017-16831 aka PR22385 + bnc#1068888 aka CVE-2017-16830 aka PR22384 + bnc#1068950 aka CVE-2017-16829 aka PR22307 + bnc#1069176 aka CVE-2017-16828 aka PR22386 + bnc#1069202 aka CVE-2017-16827 aka PR22306 + * from 2.31: + bnc#1077745 aka CVE-2018-6323 aka PR22746 + bnc#1079103 aka CVE-2018-6543 aka PR22769 + bnc#1079741 aka CVE-2018-6759 aka PR22794 + bnc#1080556 aka CVE-2018-6872 aka PR22788 + bnc#1081527 aka CVE-2018-7208 aka PR22741 + bnc#1083528 aka CVE-2018-7570 aka PR22881 + bnc#1083532 aka CVE-2018-7569 aka PR22895 + bnc#1086608 aka CVE-2018-8945 aka PR22809 + bnc#1086784 aka CVE-2018-7643 aka PR22905 + bnc#1086786 aka CVE-2018-7642 aka PR22887 + bnc#1086788 aka CVE-2018-7568 aka PR22894 + bnc#1090997 aka CVE-2018-10373 aka PR23065 + bnc#1091015 aka CVE-2018-10372 aka PR23064 + bnc#1091365 aka CVE-2018-10535 aka PR23113 + bnc#1091368 aka CVE-2018-10534 aka PR23110 +- Removes binutils-fix-pr21964.diff as it's included in 2.31. + Rebase testsuite.diff and aarch64-common-pagesize.patch . + +------------------------------------------------------------------- +Tue Jul 31 11:45:27 UTC 2018 - rguenther(a)suse.com + +- Disable -z separate-code everywhere but in Tumbleweed. + +------------------------------------------------------------------- @@ -45,0 +97,9 @@ + +------------------------------------------------------------------- +Tue Apr 3 14:56:44 UTC 2018 - matz(a)suse.com + +- Fix pacemaker libqb problem with section start/stop + symbols, aka PR21964. [bnc#1075418] + Adds binutils-fix-pr21964.diff . +(this is a change from SLE12, that was already included in 2.31 +binutils tree, mentioned for completeness to not loose tracking) cross-aarch64-binutils.changes: same change cross-arm-binutils.changes: same change cross-avr-binutils.changes: same change cross-epiphany-binutils.changes: same change cross-hppa-binutils.changes: same change cross-hppa64-binutils.changes: same change cross-i386-binutils.changes: same change cross-ia64-binutils.changes: same change cross-m68k-binutils.changes: same change cross-mips-binutils.changes: same change cross-ppc-binutils.changes: same change cross-ppc64-binutils.changes: same change cross-ppc64le-binutils.changes: same change cross-riscv64-binutils.changes: same change cross-rx-binutils.changes: same change cross-s390-binutils.changes: same change cross-s390x-binutils.changes: same change cross-sparc-binutils.changes: same change cross-sparc64-binutils.changes: same change cross-spu-binutils.changes: same change cross-x86_64-binutils.changes: same change New: ---- binutils-2.31-branch.diff.gz binutils-revert-plt32-in-branches.diff handle-ELF-compressed-header-alignment-correctly-by-.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ binutils.spec ++++++ --- /var/tmp/diff_new_pack.t3bKj6/_old 2018-12-03 10:03:12.184104696 +0100 +++ /var/tmp/diff_new_pack.t3bKj6/_new 2018-12-03 10:03:12.188104692 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -79,7 +79,7 @@ Source1: pre_checkin.sh Source2: README.First-for.SuSE.packagers Source3: baselibs.conf -#Patch: binutils-2.31-branch.diff +Patch: binutils-2.31-branch.diff.gz Patch3: binutils-skip-rpaths.patch Patch4: s390-biarch.diff Patch5: x86-64-biarch.patch @@ -93,6 +93,8 @@ Patch22: binutils-bfd_h.patch Patch34: aarch64-common-pagesize.patch Patch36: binutils-pr22868.diff +Patch37: binutils-revert-plt32-in-branches.diff +Patch38: handle-ELF-compressed-header-alignment-correctly-by-.patch Patch90: cross-avr-nesc-as.patch Patch92: cross-avr-omit_section_dynsym.patch Patch93: cross-avr-size.patch @@ -148,7 +150,7 @@ %setup -q -n binutils-%{version} # Patch is outside test_vanilla because it's supposed to be the # patch bringing the tarball to the newest upstream version -#%patch -p1 +%patch -p1 %if !%{test_vanilla} %patch3 %patch4 @@ -163,6 +165,10 @@ %patch22 %patch34 -p1 %patch36 -p1 +%if %{suse_version} < 1550 +%patch37 -p1 +%endif +%patch38 -p1 %if "%{TARGET}" == "avr" cp gas/config/tc-avr.h gas/config/tc-avr-nesc.h %patch90 @@ -239,6 +245,9 @@ %if %{suse_version} > 1320 --enable-compressed-debug-sections=gas \ %endif +%if %{suse_version} < 1550 + --disable-separate-code \ +%endif --enable-new-dtags \ %if "%{TARGET}" != "mips" --enable-default-hash-style=both \ ++++++ cross-aarch64-binutils.spec ++++++ --- /var/tmp/diff_new_pack.t3bKj6/_old 2018-12-03 10:03:12.208104674 +0100 +++ /var/tmp/diff_new_pack.t3bKj6/_new 2018-12-03 10:03:12.212104670 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -82,7 +82,7 @@ Source1: pre_checkin.sh Source2: README.First-for.SuSE.packagers Source3: baselibs.conf -#Patch: binutils-2.31-branch.diff +Patch: binutils-2.31-branch.diff.gz Patch3: binutils-skip-rpaths.patch Patch4: s390-biarch.diff Patch5: x86-64-biarch.patch @@ -96,6 +96,8 @@ Patch22: binutils-bfd_h.patch Patch34: aarch64-common-pagesize.patch Patch36: binutils-pr22868.diff +Patch37: binutils-revert-plt32-in-branches.diff +Patch38: handle-ELF-compressed-header-alignment-correctly-by-.patch Patch90: cross-avr-nesc-as.patch Patch92: cross-avr-omit_section_dynsym.patch Patch93: cross-avr-size.patch @@ -151,7 +153,7 @@ %setup -q -n binutils-%{version} # Patch is outside test_vanilla because it's supposed to be the # patch bringing the tarball to the newest upstream version -#%patch -p1 +%patch -p1 %if !%{test_vanilla} %patch3 %patch4 @@ -166,6 +168,10 @@ %patch22 %patch34 -p1 %patch36 -p1 +%if %{suse_version} < 1550 +%patch37 -p1 +%endif +%patch38 -p1 %if "%{TARGET}" == "avr" cp gas/config/tc-avr.h gas/config/tc-avr-nesc.h %patch90 @@ -242,6 +248,9 @@ %if %{suse_version} > 1320 --enable-compressed-debug-sections=gas \ %endif +%if %{suse_version} < 1550 + --disable-separate-code \ +%endif --enable-new-dtags \ %if "%{TARGET}" != "mips" --enable-default-hash-style=both \ cross-arm-binutils.spec: same change cross-avr-binutils.spec: same change cross-epiphany-binutils.spec: same change cross-hppa-binutils.spec: same change cross-hppa64-binutils.spec: same change cross-i386-binutils.spec: same change cross-ia64-binutils.spec: same change cross-m68k-binutils.spec: same change cross-mips-binutils.spec: same change cross-ppc-binutils.spec: same change cross-ppc64-binutils.spec: same change cross-ppc64le-binutils.spec: same change cross-riscv64-binutils.spec: same change cross-rx-binutils.spec: same change cross-s390-binutils.spec: same change cross-s390x-binutils.spec: same change cross-sparc-binutils.spec: same change cross-sparc64-binutils.spec: same change cross-spu-binutils.spec: same change cross-x86_64-binutils.spec: same change ++++++ binutils-2.31-branch.diff.gz ++++++ ++++ 18162 lines (skipped) ++++++ binutils-revert-plt32-in-branches.diff ++++++ This reverts the below commit to not generate PLT32 relocs on branches by default. Used for old distros to not have to update several packages/tools that can't handle them. I.e. a compatibility patch. The changes in nop-[345].d and pr22842b.S are followups to not break the testsuite because of this revert. commit bd7ab16b4537788ad53521c45469a1bdae84ad4a Author: H.J. Lu <hjl.tools(a)gmail.com> Date: Tue Feb 13 07:34:22 2018 -0800 x86-64: Generate branch with PLT32 relocation Since there is no need to prepare for PLT branch on x86-64, generate R_X86_64_PLT32, instead of R_X86_64_PC32, if possible, which can be used as a marker for 32-bit PC-relative branches. To compile Linux kernel, this patch: From: "H.J. Lu" <hjl.tools(a)gmail.com> Subject: [PATCH] x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 On i386, there are 2 types of PLTs, PIC and non-PIC. PIE and shared objects must use PIC PLT. To use PIC PLT, you need to load _GLOBAL_OFFSET_TABLE_ into EBX first. There is no need for that on x86-64 since x86-64 uses PC-relative PLT. On x86-64, for 32-bit PC-relative branches, we can generate PLT32 relocation, instead of PC32 relocation, which can also be used as a marker for 32-bit PC-relative branches. Linker can always reduce PLT32 relocation to PC32 if function is defined locally. Local functions should use PC32 relocation. As far as Linux kernel is concerned, R_X86_64_PLT32 can be treated the same as R_X86_64_PC32 since Linux kernel doesn't use PLT. is needed. It is available on hjl/plt32/master branch at https://github.com/hjl-tools/linux bfd/ PR gas/22791 * elf64-x86-64.c (is_32bit_relative_branch): Removed. (elf_x86_64_relocate_section): Check PIC relocations in PIE. Remove is_32bit_relative_branch usage. Disallow PC32 reloc against protected function in shared object. gas/ PR gas/22791 * config/tc-i386.c (need_plt32_p): New function. (output_jump): Generate BFD_RELOC_X86_64_PLT32 if possible. (md_estimate_size_before_relax): Likewise. * testsuite/gas/i386/reloc64.d: Updated. * testsuite/gas/i386/x86-64-jump.d: Likewise. * testsuite/gas/i386/x86-64-mpx-branch-1.d: Likewise. * testsuite/gas/i386/x86-64-mpx-branch-2.d: Likewise. * testsuite/gas/i386/x86-64-relax-2.d: Likewise. * testsuite/gas/i386/x86-64-relax-3.d: Likewise. * testsuite/gas/i386/ilp32/reloc64.d: Likewise. * testsuite/gas/i386/ilp32/x86-64-branch.d: Likewise. ld/ PR gas/22791 * testsuite/ld-x86-64/mpx1c.rd: Updated. * testsuite/ld-x86-64/pr22791-1.err: New file. * testsuite/ld-x86-64/pr22791-1a.c: Likewise. * testsuite/ld-x86-64/pr22791-1b.s: Likewise. * testsuite/ld-x86-64/pr22791-2.rd: Likewise. * testsuite/ld-x86-64/pr22791-2a.s: Likewise. * testsuite/ld-x86-64/pr22791-2b.c: Likewise. * testsuite/ld-x86-64/pr22791-2c.s: Likewise. * testsuite/ld-x86-64/x86-64.exp: Run PR ld/22791 tests. Index: binutils-2.31/bfd/elf64-x86-64.c =================================================================== --- binutils-2.31.orig/bfd/elf64-x86-64.c 2018-07-05 09:15:08.000000000 +0200 +++ binutils-2.31/bfd/elf64-x86-64.c 2018-08-28 15:31:31.000000000 +0200 @@ -2359,6 +2359,24 @@ elf_x86_64_tpoff (struct bfd_link_info * return address - static_tls_size - htab->tls_sec->vma; } +/* Is the instruction before OFFSET in CONTENTS a 32bit relative + branch? */ + +static bfd_boolean +is_32bit_relative_branch (bfd_byte *contents, bfd_vma offset) +{ + /* Opcode Instruction + 0xe8 call + 0xe9 jump + 0x0f 0x8x conditional jump */ + return ((offset > 0 + && (contents [offset - 1] == 0xe8 + || contents [offset - 1] == 0xe9)) + || (offset > 1 + && contents [offset - 2] == 0x0f + && (contents [offset - 1] & 0xf0) == 0x80)); +} + /* Relocate an x86_64 ELF section. */ static bfd_boolean @@ -3067,18 +3085,14 @@ use_plt: case R_X86_64_PC32: case R_X86_64_PC32_BND: /* Don't complain about -fPIC if the symbol is undefined when - building executable unless it is unresolved weak symbol, - references a dynamic definition in PIE or -z nocopyreloc - is used. */ + building executable unless it is unresolved weak symbol or + -z nocopyreloc is used. */ if ((input_section->flags & SEC_ALLOC) != 0 && (input_section->flags & SEC_READONLY) != 0 && h != NULL && ((bfd_link_executable (info) && ((h->root.type == bfd_link_hash_undefweak && !resolved_to_zero) - || (bfd_link_pie (info) - && !h->def_regular - && h->def_dynamic) || ((info->nocopyreloc || (eh->def_protected && elf_has_no_copy_on_protected (h->root.u.def.section->owner))) @@ -3087,21 +3101,26 @@ use_plt: || bfd_link_dll (info))) { bfd_boolean fail = FALSE; + bfd_boolean branch + = ((r_type == R_X86_64_PC32 + || r_type == R_X86_64_PC32_BND) + && is_32bit_relative_branch (contents, rel->r_offset)); + if (SYMBOL_REFERENCES_LOCAL_P (info, h)) { /* Symbol is referenced locally. Make sure it is - defined locally. */ - fail = !(h->def_regular || ELF_COMMON_DEF_P (h)); + defined locally or for a branch. */ + fail = (!(h->def_regular || ELF_COMMON_DEF_P (h)) + && !branch); } else if (!(bfd_link_pie (info) && (h->needs_copy || eh->needs_copy))) { /* Symbol doesn't need copy reloc and isn't referenced - locally. Address of protected function may not be - reachable at run-time. */ - fail = (ELF_ST_VISIBILITY (h->other) == STV_DEFAULT - || (ELF_ST_VISIBILITY (h->other) == STV_PROTECTED - && h->type == STT_FUNC)); + locally. We only allow branch to symbol with + non-default visibility. */ + fail = (!branch + || ELF_ST_VISIBILITY (h->other) == STV_DEFAULT); } if (fail) Index: binutils-2.31/gas/config/tc-i386.c =================================================================== --- binutils-2.31.orig/gas/config/tc-i386.c 2018-08-28 15:31:17.000000000 +0200 +++ binutils-2.31/gas/config/tc-i386.c 2018-08-28 15:31:31.000000000 +0200 @@ -7415,46 +7415,12 @@ output_branch (void) frag_var (rs_machine_dependent, 5, i.reloc[0], subtype, sym, off, p); } -#if defined (OBJ_ELF) || defined (OBJ_MAYBE_ELF) -/* Return TRUE iff PLT32 relocation should be used for branching to - symbol S. */ - -static bfd_boolean -need_plt32_p (symbolS *s) -{ - /* PLT32 relocation is ELF only. */ - if (!IS_ELF) - return FALSE; - - /* Since there is no need to prepare for PLT branch on x86-64, we - can generate R_X86_64_PLT32, instead of R_X86_64_PC32, which can - be used as a marker for 32-bit PC-relative branches. */ - if (!object_64bit) - return FALSE; - - /* Weak or undefined symbol need PLT32 relocation. */ - if (S_IS_WEAK (s) || !S_IS_DEFINED (s)) - return TRUE; - - /* Non-global symbol doesn't need PLT32 relocation. */ - if (! S_IS_EXTERNAL (s)) - return FALSE; - - /* Other global symbols need PLT32 relocation. NB: Symbol with - non-default visibilities are treated as normal global symbol - so that PLT32 relocation can be used as a marker for 32-bit - PC-relative branches. It is useful for linker relaxation. */ - return TRUE; -} -#endif - static void output_jump (void) { char *p; int size; fixS *fixP; - bfd_reloc_code_real_type jump_reloc = i.reloc[0]; if (i.tm.opcode_modifier.jumpbyte) { @@ -7522,17 +7488,8 @@ output_jump (void) abort (); } -#if defined (OBJ_ELF) || defined (OBJ_MAYBE_ELF) - if (size == 4 - && jump_reloc == NO_RELOC - && need_plt32_p (i.op[0].disps->X_add_symbol)) - jump_reloc = BFD_RELOC_X86_64_PLT32; -#endif - - jump_reloc = reloc (size, 1, 1, jump_reloc); - fixP = fix_new_exp (frag_now, p - frag_now->fr_literal, size, - i.op[0].disps, 1, jump_reloc); + i.op[0].disps, 1, reloc (size, 1, 1, i.reloc[0])); /* All jumps handled here are signed, but don't use a signed limit check for 32 and 16 bit jumps as we want to allow wrap around at @@ -9757,10 +9714,6 @@ md_estimate_size_before_relax (fragS *fr reloc_type = (enum bfd_reloc_code_real) fragP->fr_var; else if (size == 2) reloc_type = BFD_RELOC_16_PCREL; -#if defined (OBJ_ELF) || defined (OBJ_MAYBE_ELF) - else if (need_plt32_p (fragP->fr_symbol)) - reloc_type = BFD_RELOC_X86_64_PLT32; -#endif else reloc_type = BFD_RELOC_32_PCREL; Index: binutils-2.31/gas/testsuite/gas/i386/ilp32/reloc64.d =================================================================== --- binutils-2.31.orig/gas/testsuite/gas/i386/ilp32/reloc64.d 2018-06-24 20:38:57.000000000 +0200 +++ binutils-2.31/gas/testsuite/gas/i386/ilp32/reloc64.d 2018-08-28 15:31:31.000000000 +0200 @@ -16,7 +16,7 @@ Disassembly of section \.text: .*[ ]+R_X86_64_PC8[ ]+xtrn\+0x0*1 .*[ ]+R_X86_64_PC32[ ]+xtrn-0x0*4 .*[ ]+R_X86_64_PC32[ ]+xtrn-0x0*4 -.*[ ]+R_X86_64_PLT32[ ]+xtrn-0x0*4 +.*[ ]+R_X86_64_PC32[ ]+xtrn-0x0*4 .*[ ]+R_X86_64_PC8[ ]+xtrn-0x0*1 .*[ ]+R_X86_64_GOT32[ ]+xtrn .*[ ]+R_X86_64_GOT32[ ]+xtrn Index: binutils-2.31/gas/testsuite/gas/i386/ilp32/x86-64-branch.d =================================================================== --- binutils-2.31.orig/gas/testsuite/gas/i386/ilp32/x86-64-branch.d 2018-06-24 20:38:57.000000000 +0200 +++ binutils-2.31/gas/testsuite/gas/i386/ilp32/x86-64-branch.d 2018-08-28 15:31:31.000000000 +0200 @@ -20,9 +20,9 @@ Disassembly of section .text: [ ]*[a-f0-9]+: 66 ff 20 data16 jmpq \*$%rax$ [ ]*[a-f0-9]+: e8 00 00 00 00 callq 0x1f 1b: R_X86_64_PC32 \*ABS\*\+0x10003c [ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 0x24 20: R_X86_64_PC32 \*ABS\*\+0x10003c -[ ]*[a-f0-9]+: 66 e8 00 00 00 00 data16 callq 0x2a 26: R_X86_64_PLT32 foo-0x4 -[ ]*[a-f0-9]+: 66 e9 00 00 00 00 data16 jmpq 0x30 2c: R_X86_64_PLT32 foo-0x4 -[ ]*[a-f0-9]+: 66 0f 82 00 00 00 00 data16 jb 0x37 33: R_X86_64_PLT32 foo-0x4 +[ ]*[a-f0-9]+: 66 e8 00 00 00 00 data16 callq 0x2a 26: R_X86_64_PC32 foo-0x4 +[ ]*[a-f0-9]+: 66 e9 00 00 00 00 data16 jmpq 0x30 2c: R_X86_64_PC32 foo-0x4 +[ ]*[a-f0-9]+: 66 0f 82 00 00 00 00 data16 jb 0x37 33: R_X86_64_PC32 foo-0x4 [ ]*[a-f0-9]+: ff d0 callq \*%rax [ ]*[a-f0-9]+: ff d0 callq \*%rax [ ]*[a-f0-9]+: 66 ff d0 data16 callq \*%rax Index: binutils-2.31/gas/testsuite/gas/i386/reloc64.d =================================================================== --- binutils-2.31.orig/gas/testsuite/gas/i386/reloc64.d 2018-06-24 20:38:57.000000000 +0200 +++ binutils-2.31/gas/testsuite/gas/i386/reloc64.d 2018-08-28 15:31:31.000000000 +0200 @@ -18,7 +18,7 @@ Disassembly of section \.text: .*[ ]+R_X86_64_PC8[ ]+xtrn\+0x0*1 .*[ ]+R_X86_64_PC32[ ]+xtrn-0x0*4 .*[ ]+R_X86_64_PC32[ ]+xtrn-0x0*4 -.*[ ]+R_X86_64_PLT32[ ]+xtrn-0x0*4 +.*[ ]+R_X86_64_PC32[ ]+xtrn-0x0*4 .*[ ]+R_X86_64_PC8[ ]+xtrn-0x0*1 .*[ ]+R_X86_64_GOT64[ ]+xtrn .*[ ]+R_X86_64_GOT32[ ]+xtrn Index: binutils-2.31/gas/testsuite/gas/i386/x86-64-jump.d =================================================================== --- binutils-2.31.orig/gas/testsuite/gas/i386/x86-64-jump.d 2018-06-24 20:38:57.000000000 +0200 +++ binutils-2.31/gas/testsuite/gas/i386/x86-64-jump.d 2018-08-28 15:31:31.000000000 +0200 @@ -8,7 +8,7 @@ Disassembly of section .text: 0+ <.text>: [ ]*[a-f0-9]+: eb fe jmp (0x0|0 <.text>) -[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 0x7 3: R_X86_64_PLT32 xxx-0x4 +[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 0x7 3: R_X86_64_PC32 xxx-0x4 [ ]*[a-f0-9]+: ff 24 25 00 00 00 00 jmpq \*0x0 a: R_X86_64_32S xxx [ ]*[a-f0-9]+: ff e7 jmpq \*%rdi [ ]*[a-f0-9]+: ff 27 jmpq \*$%rdi$ @@ -17,7 +17,7 @@ Disassembly of section .text: [ ]*[a-f0-9]+: ff 2c 25 00 00 00 00 ljmp \*0x0 24: R_X86_64_32S xxx [ ]*[a-f0-9]+: 66 ff 2c 25 00 00 00 00 ljmpw \*0x0 2c: R_X86_64_32S xxx [ ]*[a-f0-9]+: e8 cb ff ff ff callq 0x0 -[ ]*[a-f0-9]+: e8 00 00 00 00 callq 0x3a 36: R_X86_64_PLT32 xxx-0x4 +[ ]*[a-f0-9]+: e8 00 00 00 00 callq 0x3a 36: R_X86_64_PC32 xxx-0x4 [ ]*[a-f0-9]+: ff 14 25 00 00 00 00 callq \*0x0 3d: R_X86_64_32S xxx [ ]*[a-f0-9]+: ff d7 callq \*%rdi [ ]*[a-f0-9]+: ff 17 callq \*$%rdi$ Index: binutils-2.31/gas/testsuite/gas/i386/x86-64-mpx-branch-1.d =================================================================== --- binutils-2.31.orig/gas/testsuite/gas/i386/x86-64-mpx-branch-1.d 2018-06-24 20:38:57.000000000 +0200 +++ binutils-2.31/gas/testsuite/gas/i386/x86-64-mpx-branch-1.d 2018-08-28 15:31:31.000000000 +0200 @@ -20,9 +20,9 @@ Disassembly of section .text: [ ]*[a-f0-9]+: f2 e8 00 00 00 00 bnd callq 24 <foo2> 0+24 <foo2>: -[ ]*[a-f0-9]+: f2 e9 00 00 00 00 bnd jmpq 2a <foo2\+0x6> 26: R_X86_64_PLT32 foo-0x4 -[ ]*[a-f0-9]+: f2 0f 82 00 00 00 00 bnd jb 31 <foo2\+0xd> 2d: R_X86_64_PLT32 foo-0x4 -[ ]*[a-f0-9]+: f2 e8 00 00 00 00 bnd callq 37 <foo2\+0x13> 33: R_X86_64_PLT32 foo-0x4 +[ ]*[a-f0-9]+: f2 e9 00 00 00 00 bnd jmpq 2a <foo2\+0x6> 26: R_X86_64_PC32 foo-0x4 +[ ]*[a-f0-9]+: f2 0f 82 00 00 00 00 bnd jb 31 <foo2\+0xd> 2d: R_X86_64_PC32 foo-0x4 +[ ]*[a-f0-9]+: f2 e8 00 00 00 00 bnd callq 37 <foo2\+0x13> 33: R_X86_64_PC32 foo-0x4 [ ]*[a-f0-9]+: f2 e9 00 00 00 00 bnd jmpq 3d <foo2\+0x19> 39: R_X86_64_PLT32 foo-0x4 [ ]*[a-f0-9]+: f2 0f 82 00 00 00 00 bnd jb 44 <foo2\+0x20> 40: R_X86_64_PLT32 foo-0x4 [ ]*[a-f0-9]+: f2 e8 00 00 00 00 bnd callq 4a <foo2\+0x26> 46: R_X86_64_PLT32 foo-0x4 Index: binutils-2.31/gas/testsuite/gas/i386/x86-64-mpx-branch-2.d =================================================================== --- binutils-2.31.orig/gas/testsuite/gas/i386/x86-64-mpx-branch-2.d 2018-06-24 20:38:57.000000000 +0200 +++ binutils-2.31/gas/testsuite/gas/i386/x86-64-mpx-branch-2.d 2018-08-28 15:31:31.000000000 +0200 @@ -20,9 +20,9 @@ Disassembly of section .text: [ ]*[a-f0-9]+: f2 e8 00 00 00 00 bnd callq 24 <foo2> 0+24 <foo2>: -[ ]*[a-f0-9]+: f2 e9 00 00 00 00 bnd jmpq 2a <foo2\+0x6> 26: R_X86_64_PLT32 foo-0x4 -[ ]*[a-f0-9]+: f2 0f 82 00 00 00 00 bnd jb 31 <foo2\+0xd> 2d: R_X86_64_PLT32 foo-0x4 -[ ]*[a-f0-9]+: f2 e8 00 00 00 00 bnd callq 37 <foo2\+0x13> 33: R_X86_64_PLT32 foo-0x4 +[ ]*[a-f0-9]+: f2 e9 00 00 00 00 bnd jmpq 2a <foo2\+0x6> 26: R_X86_64_PC32 foo-0x4 +[ ]*[a-f0-9]+: f2 0f 82 00 00 00 00 bnd jb 31 <foo2\+0xd> 2d: R_X86_64_PC32 foo-0x4 +[ ]*[a-f0-9]+: f2 e8 00 00 00 00 bnd callq 37 <foo2\+0x13> 33: R_X86_64_PC32 foo-0x4 [ ]*[a-f0-9]+: f2 e9 00 00 00 00 bnd jmpq 3d <foo2\+0x19> 39: R_X86_64_PLT32 foo-0x4 [ ]*[a-f0-9]+: f2 0f 82 00 00 00 00 bnd jb 44 <foo2\+0x20> 40: R_X86_64_PLT32 foo-0x4 [ ]*[a-f0-9]+: f2 e8 00 00 00 00 bnd callq 4a <foo2\+0x26> 46: R_X86_64_PLT32 foo-0x4 Index: binutils-2.31/gas/testsuite/gas/i386/x86-64-relax-2.d =================================================================== --- binutils-2.31.orig/gas/testsuite/gas/i386/x86-64-relax-2.d 2018-06-24 20:38:57.000000000 +0200 +++ binutils-2.31/gas/testsuite/gas/i386/x86-64-relax-2.d 2018-08-28 15:31:31.000000000 +0200 @@ -10,12 +10,12 @@ Disassembly of section .text: 0+ <foo>: [ ]*[a-f0-9]+: eb 24 jmp 26 <local> [ ]*[a-f0-9]+: eb 1e jmp 22 <hidden_def> -[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 9 <foo\+0x9> 5: R_X86_64_PLT32 global_def-0x4 +[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 9 <foo\+0x9> 5: R_X86_64_PC32 global_def-0x4 [ ]*[a-f0-9]+: e9 00 00 00 00 jmpq e <foo\+0xe> a: R_X86_64_PLT32 global_def-0x4 -[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 13 <foo\+0x13> f: R_X86_64_PLT32 weak_def-0x4 -[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 18 <foo\+0x18> 14: R_X86_64_PLT32 weak_hidden_undef-0x4 -[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 1d <foo\+0x1d> 19: R_X86_64_PLT32 weak_hidden_def-0x4 -[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 22 <hidden_def> 1e: R_X86_64_PLT32 hidden_undef-0x4 +[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 13 <foo\+0x13> f: R_X86_64_PC32 weak_def-0x4 +[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 18 <foo\+0x18> 14: R_X86_64_PC32 weak_hidden_undef-0x4 +[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 1d <foo\+0x1d> 19: R_X86_64_PC32 weak_hidden_def-0x4 +[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 22 <hidden_def> 1e: R_X86_64_PC32 hidden_undef-0x4 0+22 <hidden_def>: [ ]*[a-f0-9]+: c3 retq Index: binutils-2.31/gas/testsuite/gas/i386/x86-64-relax-3.d =================================================================== --- binutils-2.31.orig/gas/testsuite/gas/i386/x86-64-relax-3.d 2018-06-24 20:38:57.000000000 +0200 +++ binutils-2.31/gas/testsuite/gas/i386/x86-64-relax-3.d 2018-08-28 15:31:31.000000000 +0200 @@ -11,10 +11,10 @@ Disassembly of section .text: [ ]*[a-f0-9]+: eb 1b jmp 1f <hidden_def> [ ]*[a-f0-9]+: eb 1b jmp 21 <global_def> [ ]*[a-f0-9]+: e9 00 00 00 00 jmpq b <foo\+0xb> 7: R_X86_64_PLT32 global_def-0x4 -[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 10 <foo\+0x10> c: R_X86_64_PLT32 weak_def-0x4 -[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 15 <foo\+0x15> 11: R_X86_64_PLT32 weak_hidden_undef-0x4 -[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 1a <foo\+0x1a> 16: R_X86_64_PLT32 weak_hidden_def-0x4 -[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 1f <hidden_def> 1b: R_X86_64_PLT32 hidden_undef-0x4 +[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 10 <foo\+0x10> c: R_X86_64_PC32 weak_def-0x4 +[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 15 <foo\+0x15> 11: R_X86_64_PC32 weak_hidden_undef-0x4 +[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 1a <foo\+0x1a> 16: R_X86_64_PC32 weak_hidden_def-0x4 +[ ]*[a-f0-9]+: e9 00 00 00 00 jmpq 1f <hidden_def> 1b: R_X86_64_PC32 hidden_undef-0x4 0+1f <hidden_def>: [ ]*[a-f0-9]+: c3 retq Index: binutils-2.31/ld/testsuite/ld-x86-64/mpx1c.rd =================================================================== --- binutils-2.31.orig/ld/testsuite/ld-x86-64/mpx1c.rd 2018-06-24 20:38:58.000000000 +0200 +++ binutils-2.31/ld/testsuite/ld-x86-64/mpx1c.rd 2018-08-28 15:31:31.000000000 +0200 @@ -1,3 +1,3 @@ #... -[0-9a-f ]+R_X86_64_PLT32 +0+ +.* +[0-9a-f ]+R_X86_64_PC32 +0+ +.* #... Index: binutils-2.31/ld/testsuite/ld-x86-64/pr22791-1.err =================================================================== --- binutils-2.31.orig/ld/testsuite/ld-x86-64/pr22791-1.err 2018-06-24 20:38:58.000000000 +0200 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,2 +0,0 @@ -.*relocation R_X86_64_PC32 against symbol `foo' can not be used when making a PIE object; recompile with -fPIC -#... Index: binutils-2.31/ld/testsuite/ld-x86-64/pr22791-1a.c =================================================================== --- binutils-2.31.orig/ld/testsuite/ld-x86-64/pr22791-1a.c 2018-06-24 20:38:58.000000000 +0200 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ -void -foo (void) -{ -} Index: binutils-2.31/ld/testsuite/ld-x86-64/pr22791-1b.s =================================================================== --- binutils-2.31.orig/ld/testsuite/ld-x86-64/pr22791-1b.s 2018-06-24 20:38:58.000000000 +0200 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,6 +0,0 @@ - .text - .globl main - .type main, @function -main: - movl foo(%rip), %eax - .size main, .-main Index: binutils-2.31/ld/testsuite/ld-x86-64/pr22791-2.rd =================================================================== --- binutils-2.31.orig/ld/testsuite/ld-x86-64/pr22791-2.rd 2018-06-24 20:38:58.000000000 +0200 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,6 +0,0 @@ -#failif -#... -.*$TEXTREL$.* -#... -[0-9a-f ]+R_X86_64_NONE.* -#... Index: binutils-2.31/ld/testsuite/ld-x86-64/pr22791-2a.s =================================================================== --- binutils-2.31.orig/ld/testsuite/ld-x86-64/pr22791-2a.s 2018-06-24 20:38:58.000000000 +0200 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,8 +0,0 @@ - .text - .p2align 4,,15 - .globl foo - .type foo, @function -foo: - jmp bar - .size foo, .-foo - .section .note.GNU-stack,"",@progbits Index: binutils-2.31/ld/testsuite/ld-x86-64/pr22791-2b.c =================================================================== --- binutils-2.31.orig/ld/testsuite/ld-x86-64/pr22791-2b.c 2018-06-24 20:38:58.000000000 +0200 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -#include <stdio.h> - -void -bar (void) -{ - puts ("PASS"); -} Index: binutils-2.31/ld/testsuite/ld-x86-64/pr22791-2c.s =================================================================== --- binutils-2.31.orig/ld/testsuite/ld-x86-64/pr22791-2c.s 2018-06-24 20:38:58.000000000 +0200 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,12 +0,0 @@ - .text - .p2align 4,,15 - .globl main - .type main, @function -main: - subq $8, %rsp - call foo - xorl %eax, %eax - addq $8, %rsp - ret - .size main, .-main - .section .note.GNU-stack,"",@progbits Index: binutils-2.31/ld/testsuite/ld-x86-64/x86-64.exp =================================================================== --- binutils-2.31.orig/ld/testsuite/ld-x86-64/x86-64.exp 2018-08-28 15:31:17.000000000 +0200 +++ binutils-2.31/ld/testsuite/ld-x86-64/x86-64.exp 2018-08-28 15:31:31.000000000 +0200 @@ -1180,44 +1180,6 @@ if { [isnative] && [which $CC] != 0 } { "pr22393-3-static" \ ] \ [list \ - "Build pr22791-1.so" \ - "-shared" \ - "-fPIC" \ - { pr22791-1a.c } \ - {} \ - "pr22791-1.so" \ - ] \ - [list \ - "Build pr22791-1" \ - "-pie -Wl,--no-as-needed tmpdir/pr22791-1.so" \ - "$NOPIE_CFLAGS" \ - { pr22791-1b.s } \ - {{error_output "pr22791-1.err"}} \ - "pr22791-1" \ - ] \ - [list \ - "Build pr22791-2a.o" \ - "" \ - "$NOPIE_CFLAGS" \ - { pr22791-2a.s } \ - ] \ - [list \ - "Build pr22791-2.so" \ - "-shared tmpdir/pr22791-2a.o" \ - "-fPIC" \ - { pr22791-2b.c } \ - {{readelf -drW pr22791-2.rd}} \ - "pr22791-2.so" \ - ] \ - [list \ - "Build pr22791-2" \ - "-pie -Wl,--no-as-needed tmpdir/pr22791-2.so" \ - "$NOPIE_CFLAGS" \ - { pr22791-2c.s } \ - {{readelf -drW pr22791-2.rd}} \ - "pr22791-2" \ - ] \ - [list \ "Build pr22842.so" \ "-shared" \ "-fPIC" \ @@ -1560,15 +1522,6 @@ if { [isnative] && [which $CC] != 0 } { "pass.out" \ ] \ [list \ - "Run pr22791-2" \ - "-pie -Wl,--no-as-needed tmpdir/pr22791-2.so" \ - "" \ - { pr22791-2c.s } \ - "pr22791-2" \ - "pass.out" \ - "$NOPIE_CFLAGS" \ - ] \ - [list \ "Build pr22842" \ "-pie -Wl,--no-as-needed tmpdir/pr22842.so" \ "" \ Index: binutils-2.31/gas/testsuite/gas/i386/x86-64-nop-3.d =================================================================== --- binutils-2.31.orig/gas/testsuite/gas/i386/x86-64-nop-3.d 2018-06-24 20:38:57.000000000 +0200 +++ binutils-2.31/gas/testsuite/gas/i386/x86-64-nop-3.d 2018-08-28 15:38:52.000000000 +0200 @@ -17,5 +17,5 @@ Disassembly of section .text: Disassembly of section .altinstr_replacement: 0+ <.altinstr_replacement>: - +[a-f0-9]+: e9 00 00 00 00 jmpq 5 <_start\+0x5> 1: R_X86_64_PLT32 foo-0x4 + +[a-f0-9]+: e9 00 00 00 00 jmpq 5 <_start\+0x5> 1: R_X86_64_PC32 foo-0x4 #pass Index: binutils-2.31/gas/testsuite/gas/i386/x86-64-nop-4.d =================================================================== --- binutils-2.31.orig/gas/testsuite/gas/i386/x86-64-nop-4.d 2018-06-24 20:38:57.000000000 +0200 +++ binutils-2.31/gas/testsuite/gas/i386/x86-64-nop-4.d 2018-08-28 15:39:03.000000000 +0200 @@ -20,5 +20,5 @@ Disassembly of section .altinstr_replace +[a-f0-9]+: 89 c0 mov %eax,%eax +[a-f0-9]+: 89 c0 mov %eax,%eax +[a-f0-9]+: 89 c0 mov %eax,%eax - +[a-f0-9]+: e9 00 00 00 00 jmpq b <_start\+0xb> 7: R_X86_64_PLT32 foo-0x4 + +[a-f0-9]+: e9 00 00 00 00 jmpq b <_start\+0xb> 7: R_X86_64_PC32 foo-0x4 #pass Index: binutils-2.31/gas/testsuite/gas/i386/x86-64-nop-5.d =================================================================== --- binutils-2.31.orig/gas/testsuite/gas/i386/x86-64-nop-5.d 2018-06-24 20:38:57.000000000 +0200 +++ binutils-2.31/gas/testsuite/gas/i386/x86-64-nop-5.d 2018-08-28 15:39:11.000000000 +0200 @@ -23,5 +23,5 @@ Disassembly of section .altinstr_replace +[a-f0-9]+: 89 c0 mov %eax,%eax +[a-f0-9]+: 89 c0 mov %eax,%eax +[a-f0-9]+: 89 c0 mov %eax,%eax - +[a-f0-9]+: e9 00 00 00 00 jmpq d <_start\+0xd> 9: R_X86_64_PLT32 foo-0x4 + +[a-f0-9]+: e9 00 00 00 00 jmpq d <_start\+0xd> 9: R_X86_64_PC32 foo-0x4 #pass Index: binutils-2.31/ld/testsuite/ld-x86-64/pr22842b.S =================================================================== --- binutils-2.31.orig/ld/testsuite/ld-x86-64/pr22842b.S 2018-08-28 15:59:40.000000000 +0200 +++ binutils-2.31/ld/testsuite/ld-x86-64/pr22842b.S 2018-08-28 16:00:02.000000000 +0200 @@ -7,7 +7,7 @@ main: leaq bar(%rip), %rdi addq %rax, %rdi - callq foo + callq foo@PLT xorl %eax, %eax popq %rcx retq ++++++ handle-ELF-compressed-header-alignment-correctly-by-.patch ++++++ >From 4207142d6a5d2359170c5f9a140fc1a2351fbda9 Mon Sep 17 00:00:00 2001 From: Mark Wielaard <mark(a)klomp.org> Date: Tue, 27 Nov 2018 11:59:10 +0000 Subject: [PATCH] Handle ELF compressed header alignment correctly by setting up the section alignment correctly for the Elf32_Chdr or Elf64_Chdr type and respect the ch_addralign field when decompressing the section data. PR binutils/23919 binutils* readelf.c (dump_sections_as_strings): Remove bogus addralign check. (dump_sections_as_bytes): Likewise. (load_specific_debug_sections): Likewise. * testsuite/binutils-all/dw2-3.rS: Adjust alignment. * testsuite/binutils-all/dw2-3.rt: Likewise. bfd * bfd.c (bfd_update_compression_header): Explicitly set alignment. (bfd_check_compression_header): Add uncompressed_alignment_power argument. Check ch_addralign is a power of 2. * bfd-in2.h: Regenerated. * compress.c (bfd_compress_section_contents): Get and set orig_uncompressed_alignment_pow if section is decompressed. (bfd_is_section_compressed_with_header): Add and get uncompressed_align_pow_p argument. (bfd_is_section_compressed): Add uncompressed_align_power argument to bfd_is_section_compressed_with_header call. (bfd_init_section_decompress_status): Get and set uncompressed_alignment_power. * elf.c (_bfd_elf_make_section_from_shdr): Add uncompressed_align_power argument to bfd_is_section_compressed_with_header call. --- bfd/ChangeLog | 19 +++++++++++++ bfd/bfd-in2.h | 6 ++-- bfd/bfd.c | 20 ++++++++++---- bfd/compress.c | 35 +++++++++++++++++------- bfd/elf.c | 5 ++-- binutils/ChangeLog | 9 ++++++ binutils/readelf.c | 18 ------------ binutils/testsuite/binutils-all/dw2-3.rS | 2 +- binutils/testsuite/binutils-all/dw2-3.rt | 2 +- 9 files changed, 77 insertions(+), 39 deletions(-) diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h index ee8cd7ef0b..6d92c51cb9 100644 --- a/bfd/bfd-in2.h +++ b/bfd/bfd-in2.h @@ -7419,7 +7419,8 @@ void bfd_update_compression_header bfd_boolean bfd_check_compression_header (bfd *abfd, bfd_byte *contents, asection *sec, - bfd_size_type *uncompressed_size); + bfd_size_type *uncompressed_size, + unsigned int *uncompressed_alignment_power); int bfd_get_compression_header_size (bfd *abfd, asection *sec); @@ -8006,7 +8007,8 @@ void bfd_cache_section_contents bfd_boolean bfd_is_section_compressed_with_header (bfd *abfd, asection *section, int *compression_header_size_p, - bfd_size_type *uncompressed_size_p); + bfd_size_type *uncompressed_size_p, + unsigned int *uncompressed_alignment_power_p); bfd_boolean bfd_is_section_compressed (bfd *abfd, asection *section); diff --git a/bfd/bfd.c b/bfd/bfd.c index 15becd7ae8..2b658298ea 100644 --- a/bfd/bfd.c +++ b/bfd/bfd.c @@ -2332,6 +2332,8 @@ bfd_update_compression_header (bfd *abfd, bfd_byte *contents, bfd_put_32 (abfd, sec->size, &echdr->ch_size); bfd_put_32 (abfd, 1 << sec->alignment_power, &echdr->ch_addralign); + /* bfd_log2 (alignof (Elf32_Chdr)) */ + bfd_set_section_alignment (abfd, sec, 2); } else { @@ -2342,6 +2344,8 @@ bfd_update_compression_header (bfd *abfd, bfd_byte *contents, bfd_put_64 (abfd, sec->size, &echdr->ch_size); bfd_put_64 (abfd, 1 << sec->alignment_power, &echdr->ch_addralign); + /* bfd_log2 (alignof (Elf64_Chdr)) */ + bfd_set_section_alignment (abfd, sec, 3); } } else @@ -2354,6 +2358,8 @@ bfd_update_compression_header (bfd *abfd, bfd_byte *contents, order. */ memcpy (contents, "ZLIB", 4); bfd_putb64 (sec->size, contents + 4); + /* No way to keep the original alignment, just use 1 always. */ + bfd_set_section_alignment (abfd, sec, 0); } } } @@ -2368,12 +2374,14 @@ bfd_update_compression_header (bfd *abfd, bfd_byte *contents, SYNOPSIS bfd_boolean bfd_check_compression_header (bfd *abfd, bfd_byte *contents, asection *sec, - bfd_size_type *uncompressed_size); + bfd_size_type *uncompressed_size, + unsigned int *uncompressed_alignment_power); DESCRIPTION Check the compression header at CONTENTS of SEC in ABFD and - store the uncompressed size in UNCOMPRESSED_SIZE if the - compression header is valid. + store the uncompressed size in UNCOMPRESSED_SIZE and the + uncompressed data alignment in UNCOMPRESSED_ALIGNMENT_POWER + if the compression header is valid. RETURNS Return TRUE if the compression header is valid. @@ -2382,7 +2390,8 @@ RETURNS bfd_boolean bfd_check_compression_header (bfd *abfd, bfd_byte *contents, asection *sec, - bfd_size_type *uncompressed_size) + bfd_size_type *uncompressed_size, + unsigned int *uncompressed_alignment_power) { if (bfd_get_flavour (abfd) == bfd_target_elf_flavour && (elf_section_flags (sec) & SHF_COMPRESSED) != 0) @@ -2404,9 +2413,10 @@ bfd_check_compression_header (bfd *abfd, bfd_byte *contents, chdr.ch_addralign = bfd_get_64 (abfd, &echdr->ch_addralign); } if (chdr.ch_type == ELFCOMPRESS_ZLIB - && chdr.ch_addralign == 1U << sec->alignment_power) + && chdr.ch_addralign == (1U << bfd_log2 (chdr.ch_addralign))) { *uncompressed_size = chdr.ch_size; + *uncompressed_alignment_power = bfd_log2 (chdr.ch_addralign); return TRUE; } } diff --git a/bfd/compress.c b/bfd/compress.c index 53e566e498..97ea624eb8 100644 --- a/bfd/compress.c +++ b/bfd/compress.c @@ -84,11 +84,13 @@ bfd_compress_section_contents (bfd *abfd, sec_ptr sec, int zlib_size = 0; int orig_compression_header_size; bfd_size_type orig_uncompressed_size; + unsigned int orig_uncompressed_alignment_pow; int header_size = bfd_get_compression_header_size (abfd, NULL); bfd_boolean compressed = bfd_is_section_compressed_with_header (abfd, sec, &orig_compression_header_size, - &orig_uncompressed_size); + &orig_uncompressed_size, + &orig_uncompressed_alignment_pow); /* Either ELF compression header or the 12-byte, "ZLIB" + 8-byte size, overhead in .zdebug* section. */ @@ -153,6 +155,9 @@ bfd_compress_section_contents (bfd *abfd, sec_ptr sec, return 0; } free (uncompressed_buffer); + bfd_set_section_alignment (abfd, sec, + orig_uncompressed_alignment_pow); + sec->contents = buffer; sec->compress_status = COMPRESS_SECTION_DONE; return orig_uncompressed_size; @@ -364,20 +369,24 @@ SYNOPSIS bfd_boolean bfd_is_section_compressed_with_header (bfd *abfd, asection *section, int *compression_header_size_p, - bfd_size_type *uncompressed_size_p); + bfd_size_type *uncompressed_size_p, + unsigned int *uncompressed_alignment_power_p); DESCRIPTION Return @code{TRUE} if @var{section} is compressed. Compression - header size is returned in @var{compression_header_size_p} and - uncompressed size is returned in @var{uncompressed_size_p}. If - compression is unsupported, compression header size is returned - with -1 and uncompressed size is returned with 0. + header size is returned in @var{compression_header_size_p}, + uncompressed size is returned in @var{uncompressed_size_p} + and the uncompressed data alignement power is returned in + @var{uncompressed_align_pow_p}. If compression is + unsupported, compression header size is returned with -1 + and uncompressed size is returned with 0. */ bfd_boolean bfd_is_section_compressed_with_header (bfd *abfd, sec_ptr sec, int *compression_header_size_p, - bfd_size_type *uncompressed_size_p) + bfd_size_type *uncompressed_size_p, + unsigned int *uncompressed_align_pow_p) { bfd_byte header[MAX_COMPRESSION_HEADER_SIZE]; int compression_header_size; @@ -412,7 +421,8 @@ bfd_is_section_compressed_with_header (bfd *abfd, sec_ptr sec, if (compression_header_size != 0) { if (!bfd_check_compression_header (abfd, header, sec, - uncompressed_size_p)) + uncompressed_size_p, + uncompressed_align_pow_p)) compression_header_size = -1; } /* Check for the pathalogical case of a debug string section that @@ -449,9 +459,11 @@ bfd_is_section_compressed (bfd *abfd, sec_ptr sec) { int compression_header_size; bfd_size_type uncompressed_size; + unsigned int uncompressed_align_power; return (bfd_is_section_compressed_with_header (abfd, sec, &compression_header_size, - &uncompressed_size) + &uncompressed_size, + &uncompressed_align_power) && compression_header_size >= 0 && uncompressed_size > 0); } @@ -480,6 +492,7 @@ bfd_init_section_decompress_status (bfd *abfd, sec_ptr sec) int compression_header_size; int header_size; bfd_size_type uncompressed_size; + unsigned int uncompressed_alignment_power = 0; compression_header_size = bfd_get_compression_header_size (abfd, sec); if (compression_header_size > MAX_COMPRESSION_HEADER_SIZE) @@ -508,7 +521,8 @@ bfd_init_section_decompress_status (bfd *abfd, sec_ptr sec) uncompressed_size = bfd_getb64 (header + 4); } else if (!bfd_check_compression_header (abfd, header, sec, - &uncompressed_size)) + &uncompressed_size, + &uncompressed_alignment_power)) { bfd_set_error (bfd_error_wrong_format); return FALSE; @@ -516,6 +530,7 @@ bfd_init_section_decompress_status (bfd *abfd, sec_ptr sec) sec->compressed_size = sec->size; sec->size = uncompressed_size; + bfd_set_section_alignment (abfd, sec, uncompressed_alignment_power); sec->compress_status = DECOMPRESS_SECTION_SIZED; return TRUE; diff --git a/bfd/elf.c b/bfd/elf.c index bebda20195..604971dd4c 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -1177,11 +1177,12 @@ _bfd_elf_make_section_from_shdr (bfd *abfd, enum { nothing, compress, decompress } action = nothing; int compression_header_size; bfd_size_type uncompressed_size; + unsigned int uncompressed_align_power; bfd_boolean compressed = bfd_is_section_compressed_with_header (abfd, newsect, &compression_header_size, - &uncompressed_size); - + &uncompressed_size, + &uncompressed_align_power); if (compressed) { /* Compressed section. Check if we should decompress. */ diff --git a/binutils/readelf.c b/binutils/readelf.c index 39744009ab..afb039f7b7 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -13397,12 +13397,6 @@ dump_section_as_strings (Elf_Internal_Shdr * section, Filedata * filedata) printable_section_name (filedata, section), chdr.ch_type); return FALSE; } - else if (chdr.ch_addralign != section->sh_addralign) - { - warn (_("compressed section '%s' is corrupted\n"), - printable_section_name (filedata, section)); - return FALSE; - } uncompressed_size = chdr.ch_size; start += compression_header_size; new_size -= compression_header_size; @@ -13544,12 +13538,6 @@ dump_section_as_bytes (Elf_Internal_Shdr * section, printable_section_name (filedata, section), chdr.ch_type); return FALSE; } - else if (chdr.ch_addralign != section->sh_addralign) - { - warn (_("compressed section '%s' is corrupted\n"), - printable_section_name (filedata, section)); - return FALSE; - } uncompressed_size = chdr.ch_size; start += compression_header_size; new_size -= compression_header_size; @@ -13719,12 +13707,6 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, section->name, chdr.ch_type); return FALSE; } - else if (chdr.ch_addralign != sec->sh_addralign) - { - warn (_("compressed section '%s' is corrupted\n"), - section->name); - return FALSE; - } uncompressed_size = chdr.ch_size; start += compression_header_size; size -= compression_header_size; diff --git a/binutils/testsuite/binutils-all/dw2-3.rS b/binutils/testsuite/binutils-all/dw2-3.rS index f1637e9149..86bc73d9a2 100644 --- a/binutils/testsuite/binutils-all/dw2-3.rS +++ b/binutils/testsuite/binutils-all/dw2-3.rS @@ -1,3 +1,3 @@ #... - +\[[ 0-9]+\] .debug_info +(PROGBITS|MIPS_DWARF) +0+ +[0-9a-f]+ +[0-9a-f]+ [0-9a-f]+ +C +0 +0 +1 + +\[[ 0-9]+\] .debug_info +(PROGBITS|MIPS_DWARF) +0+ +[0-9a-f]+ +[0-9a-f]+ [0-9a-f]+ +C +0 +0 +(4|8) #pass diff --git a/binutils/testsuite/binutils-all/dw2-3.rt b/binutils/testsuite/binutils-all/dw2-3.rt index f59cbaa22b..74e7f8deca 100644 --- a/binutils/testsuite/binutils-all/dw2-3.rt +++ b/binutils/testsuite/binutils-all/dw2-3.rt @@ -1,6 +1,6 @@ #... +\[[ 0-9]+\] .debug_info - +(PROGBITS|MIPS_DWARF) +0+ +[0-9a-f]+ +[0-9a-f]+ +[0-9a-f]+ +0 +0 +1 + +(PROGBITS|MIPS_DWARF) +0+ +[0-9a-f]+ +[0-9a-f]+ +[0-9a-f]+ +0 +0 +(4|8) +\[0+800\]: COMPRESSED +ZLIB, 0+9d, 1 #pass -- 2.19.1

1 0