Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2016-07-01 09:55:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "xen" Changes: -------- --- /work/SRC/openSUSE:Factory/xen/xen.changes 2016-06-14 23:05:52.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2016-07-01 09:55:47.000000000 +0200 @@ -1,0 +2,43 @@ +Thu Jun 23 09:45:38 MDT 2016 - carnold@suse.com + +- bsc#900418 - Dump cannot be performed on SLES12 XEN + 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch +- Upstream patches from Jan + 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch + 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch + +------------------------------------------------------------------- +Tue Jun 21 08:26:51 MDT 2016 - carnold@suse.com + +- fate#319989 - Update to Xen 4.7 FCS + xen-4.7.0-testing-src.tar.bz2 +- Drop CVE-2014-3672-qemut-xsa180.patch + +------------------------------------------------------------------- +Thu Jun 16 16:27:25 MDT 2016 - carnold@suse.com + +- bsc#954872 - script block-dmmd not working as expected - libxl: + error: libxl_dm.c (Additional fixes) + block-dmmd + +------------------------------------------------------------------- +Fri Jun 10 14:23:51 UTC 2016 - ohering@suse.de + +- Convert with_stubdom into build_conditional to allow adjusting + via prjconf +- Convert with_debug into build_conditional to allow adjusting + via prjconf + +------------------------------------------------------------------- +Fri Jun 10 13:36:32 UTC 2016 - ohering@suse.de + +- bsc#979002 - add 60-persistent-xvd.rules and helper script to + xen-tools-domU to simplify transition to pvops based kernels + +------------------------------------------------------------------- +Fri Jun 10 13:18:13 UTC 2016 - ohering@suse.de + +- Convert with_oxenstored into build_conditional to allow + adjusting via prjconf (fate#320836) + +------------------------------------------------------------------- @@ -112 +155 @@ -- Update to the latest Xen 4.7 pre-release c2994f86 (fate#319989) +- Update to the latest Xen 4.7 pre-release c2994f86 Old: ---- CVE-2014-3672-qemut-xsa180.patch New: ---- 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xen.spec ++++++ --- /var/tmp/diff_new_pack.l6yEkQ/_old 2016-07-01 09:55:50.000000000 +0200 +++ /var/tmp/diff_new_pack.l6yEkQ/_new 2016-07-01 09:55:50.000000000 +0200 @@ -24,17 +24,20 @@ %define xen_build_dir xen-4.7.0-testing # %define with_kmp 0 -%define with_debug 0 -%define with_stubdom 0 %define with_gdbsx 0 %define with_dom0_support 0 %define with_qemu_traditional 0 -%define with_oxenstored 0 +%bcond_with xen_oxenstored +%ifarch x86_64 +%bcond_without xen_debug +%bcond_without xen_stubdom +%else +%bcond_with xen_debug +%bcond_with xen_stubdom +%endif # %ifarch x86_64 %define with_kmp 0 -%define with_debug 1 -%define with_stubdom 1 %define with_gdbsx 1 %define with_dom0_support 1 %define with_qemu_traditional 1 @@ -108,7 +111,7 @@ BuildRequires: SDL-devel BuildRequires: pciutils-devel %endif -%if %{?with_stubdom}0 +%if %{with xen_stubdom} %if 0%{?suse_version} < 1230 BuildRequires: texinfo %else @@ -116,13 +119,15 @@ %endif %endif BuildRequires: ncurses-devel -%if %{?with_oxenstored}0 +%if %{?with_dom0_support}0 +%if %{with xen_oxenstored} BuildRequires: ocaml BuildRequires: ocaml-compiler-libs BuildRequires: ocaml-findlib BuildRequires: ocaml-ocamldoc BuildRequires: ocaml-runtime %endif +%endif BuildRequires: openssl-devel BuildRequires: python-devel %if %{?with_systemd}0 @@ -160,7 +165,7 @@ %endif %endif -Version: 4.7.0_06 +Version: 4.7.0_08 Release: 0 Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License: GPL-2.0 @@ -198,6 +203,9 @@ # For xen-libs Source99: baselibs.conf # Upstream patches +Patch1: 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch +Patch2: 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch +Patch3: 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch # Upstream qemu-traditional patches Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -228,9 +236,8 @@ Patch276: CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch Patch277: CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch Patch278: CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch -Patch279: CVE-2014-3672-qemut-xsa180.patch -Patch280: CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch -Patch281: CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch +Patch279: CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch +Patch280: CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch # qemu-traditional patches that are not upstream Patch350: blktap.patch Patch351: cdrom-removable.patch @@ -517,6 +524,9 @@ %prep %setup -q -n %xen_build_dir -a 1 -a 2 -a 5 -a 6 -a 57 # Upstream patches +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 # Upstream qemu patches %patch250 -p1 %patch251 -p1 @@ -549,7 +559,6 @@ %patch278 -p1 %patch279 -p1 %patch280 -p1 -%patch281 -p1 # Qemu traditional %patch350 -p1 %patch351 -p1 @@ -687,7 +696,7 @@ : no changes? fi configure_flags= -%if %{?with_stubdom}0 +%if %{with xen_stubdom} configure_flags=--enable-stubdom %else configure_flags=--disable-stubdom @@ -713,9 +722,11 @@ --includedir=%{_includedir} \ --docdir=%{_defaultdocdir}/xen \ --with-initddir=%{_initddir} \ -%if %{?with_oxenstored}0 +%if %{?with_dom0_support}0 +%if %{with xen_oxenstored} --with-xenstored=oxenstored \ %endif +%endif %if %{?with_systemd}0 --enable-systemd \ --with-systemd=%{_unitdir} \ @@ -763,6 +774,54 @@ do mv -v $i ${i%/*}/sysconfig.${i##*/} done + +%if %{?with_systemd}0 +udev_rulesdir=$RPM_BUILD_ROOT%{_udevrulesdir} +mkdir -p ${udev_rulesdir} +tee ${udev_rulesdir}/60-persistent-xvd.rules <<'_EOR_' +ACTION=="remove", GOTO="xvd_aliases_end" +SUBSYSTEM!="block", GOTO="xvd_aliases_end" +KERNEL=="xvd*[!0-9]", IMPORT{program}=="%{name}-tools-domU.sh --devpath %%p --devtype $env{DEVTYPE}" +KERNEL=="xvd*[0-9]", IMPORT{program}=="%{name}-tools-domU.sh --devpath %%p --devtype $env{DEVTYPE}" +KERNEL=="xvd*[!0-9]", ENV{VBD_HD_SYMLINK}=="hd[a-d]", SYMLINK+="$env{VBD_HD_SYMLINK}" +KERNEL=="xvd*[0-9]", ENV{VBD_HD_SYMLINK}=="hd[a-d]", SYMLINK+="$env{VBD_HD_SYMLINK}%%n" +LABEL="xvd_aliases_end" +_EOR_ +# +udev_programdir=$RPM_BUILD_ROOT/usr/lib/udev +mkdir -p ${udev_programdir} +tee ${udev_programdir}/%{name}-tools-domU.sh <<'_EOS_' +#!/bin/bash +set -e +devpath= +devtype= +dev= +while test "$#" -gt 0 +do + : "$1" + case "$1" in + --devpath) devpath=$2 ; shift ;; + --devtype) devtype=$2 ; shift ;; + *) echo "$0: Unknown option $1" >&2 ; exit 1 ;; + esac + shift +done +test -n "${devpath}" || exit 1 +test -n "${devtype}" || exit 1 +cd "/sys/${devpath}" +case "${devtype}" in + partition) cd .. ;; +esac +cd -P device +d="${PWD##*/}" +d="${d/-/\/}" +backend="`xenstore-read device/${d}/backend`" +dev="`xenstore-read \"${backend}\"/dev`" +test -n "${dev}" && echo "VBD_HD_SYMLINK=${dev}" +_EOS_ +chmod 755 ${udev_programdir}/*.sh +%endif + # EFI %if %{?with_dom0_support}0 export BRP_PESIGN_FILES="*.ko *.efi /lib/firmware" @@ -794,7 +853,7 @@ ln -sf xen-syms${ext}-${XEN_FULLVERSION} $RPM_BUILD_ROOT/boot/xen-syms${ext} find $RPM_BUILD_ROOT/boot -ls } -%if %{?with_debug}0 +%if %{with xen_debug} make -C xen install max_phys_cpus=%{max_cpus} debug=y crash_debug=y DEBUG_DIR=/boot DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags} install_xen dbg make -C xen clean @@ -958,6 +1017,7 @@ rm -rf $RPM_BUILD_ROOT/%{_datadir}/man rm -rf $RPM_BUILD_ROOT/%{_libdir}/xen rm -rf $RPM_BUILD_ROOT/%{_libdir}/python* +rm -rf $RPM_BUILD_ROOT/%{_libdir}/ocaml* rm -rf $RPM_BUILD_ROOT%{_unitdir} rm -rf $RPM_BUILD_ROOT%{with_systemd_modules_load} rm -rf $RPM_BUILD_ROOT/usr/sbin @@ -1142,7 +1202,7 @@ %{_mandir}/man8/*.8.gz %{_mandir}/man1/xen-list.1.gz -%if %{?with_oxenstored}0 +%if %{with xen_oxenstored} /usr/sbin/oxenstored /etc/xen/oxenstored.conf %dir %{_libdir}/ocaml @@ -1194,12 +1254,16 @@ %endif /bin/domu-xenstore /bin/xenstore-* +%if %{?with_systemd}0 +/usr/lib/udev +%endif %files devel %defattr(-,root,root) %{_libdir}/*.a %{_libdir}/*.so -%if %{?with_oxenstored}0 +%if %{?with_dom0_support}0 +%if %{with xen_oxenstored} %{_libdir}/ocaml/xenbus/*.a %{_libdir}/ocaml/xenbus/*.cmx* %{_libdir}/ocaml/xenctrl/*.a @@ -1215,6 +1279,7 @@ %{_libdir}/ocaml/xentoollog/*.a %{_libdir}/ocaml/xentoollog/*.cmx* %endif +%endif /usr/include/* %{_datadir}/pkgconfig/xenlight.pc %{_datadir}/pkgconfig/xlutil.pc ++++++ 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch ++++++ References: bsc#900418 # Commit cd42ccb27f4e364b6e75b6fecb06bb99ad8da988 # Date 2016-06-08 14:12:45 +0200 # Author Jan Beulich <jbeulich@suse.com> # Committer Jan Beulich <jbeulich@suse.com> kexec: allow relaxed placement specification via command line Rather than just allowing a fixed address or fully automatic placement, also allow for specifying an upper bound. Especially on EFI systems, where firmware memory use is commonly less predictable than on legacy BIOS ones, this makes success of the reservation more likely when automatic placement is not an option (e.g. because of special DMA restrictions of devices involved in actually carrying out the dump). Also take the opportunity to actually add text to the "crashkernel" entry in the command line option doc. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: David Vrabel <david.vrabel@citrix.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -458,7 +458,18 @@ Specify the maximum address to allocate combination with the `low_crashinfo` command line option. ### crashkernel -> `= <ramsize-range>:<size>[,...][@<offset>]` +> `= <ramsize-range>:<size>[,...][{@,<}<offset>]` +> `= <size>[{@,<}<offset>]` + +Specify sizes and optionally placement of the crash kernel reservation +area. The `<ramsize-range>:<size>` pairs indicate how much memory to +set aside for a crash kernel (`<size>`) for a given range of installed +RAM (`<ramsize-range>`). Each `<ramsize-range>` is of the form +`<start>-[<end>]`. + +A trailing `@<offset>` specifies the exact address this area should be +placed at, whereas `<` in place of `@` just specifies an upper bound of +the address range the area should fall into. ### credit2\_balance\_over
`= <integer>` --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1044,13 +1044,23 @@ void __init noreturn __start_xen(unsigne }
#ifdef CONFIG_KEXEC - /* Don't overlap with modules. */ - e = consider_modules(s, e, PAGE_ALIGN(kexec_crash_area.size), - mod, mbi->mods_count, -1); - if ( !kexec_crash_area.start && (s < e) ) + /* + * Looking backwards from the crash area limit, find a large + * enough range that does not overlap with modules. + */ + while ( !kexec_crash_area.start ) { - e = (e - kexec_crash_area.size) & PAGE_MASK; - kexec_crash_area.start = e; + /* Don't overlap with modules. */ + e = consider_modules(s, e, PAGE_ALIGN(kexec_crash_area.size), + mod, mbi->mods_count, -1); + if ( s >= e ) + break; + if ( e > kexec_crash_area_limit ) + { + e = kexec_crash_area_limit & PAGE_MASK; + continue; + } + kexec_crash_area.start = (e - kexec_crash_area.size) & PAGE_MASK; } #endif } --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -60,6 +60,7 @@ static unsigned char vmcoreinfo_data[VMC static size_t vmcoreinfo_size = 0; xen_kexec_reserve_t kexec_crash_area; +paddr_t __initdata kexec_crash_area_limit = ~(paddr_t)0; static struct { u64 start, end; unsigned long size; @@ -86,7 +87,7 @@ static void *crash_heap_current = NULL, /* * Parse command lines in the format * - * crashkernel=<ramsize-range>:<size>[,...][@<offset>] + * crashkernel=<ramsize-range>:<size>[,...][{@,<}<address>] * * with <ramsize-range> being of form * @@ -94,7 +95,7 @@ static void *crash_heap_current = NULL, * * as well as the legacy ones in the format * - * crashkernel=<size>[@<offset>] + * crashkernel=<size>[{@,<}<address>] */ static void __init parse_crashkernel(const char *str) { @@ -109,7 +110,7 @@ static void __init parse_crashkernel(con { printk(XENLOG_WARNING "crashkernel: too many ranges\n"); cur = NULL; - str = strchr(str, '@'); + str = strpbrk(str, "@<"); break; } @@ -154,9 +155,16 @@ static void __init parse_crashkernel(con } else kexec_crash_area.size = parse_size_and_unit(cur = str, &str); - if ( cur != str && *str == '@' ) - kexec_crash_area.start = parse_size_and_unit(cur = str + 1, &str); - if ( cur == str ) + if ( cur != str ) + { + if ( *str == '@' ) + kexec_crash_area.start = parse_size_and_unit(cur = str + 1, &str); + else if ( *str == '<' ) + kexec_crash_area_limit = parse_size_and_unit(cur = str + 1, &str); + else + printk(XENLOG_WARNING "crashkernel: '%s' ignored\n", str); + } + if ( cur && cur == str ) printk(XENLOG_WARNING "crashkernel: memory value expected\n"); } custom_param("crashkernel", parse_crashkernel); --- a/xen/include/xen/kexec.h +++ b/xen/include/xen/kexec.h @@ -14,6 +14,7 @@ typedef struct xen_kexec_reserve { } xen_kexec_reserve_t; extern xen_kexec_reserve_t kexec_crash_area; +extern paddr_t kexec_crash_area_limit; extern bool_t kexecing; ++++++ 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch ++++++ # Commit 5e02972646132ad98c365ebfcfcb43b40a0dde36 # Date 2016-06-13 12:44:32 +0100 # Author Euan Harris <euan.harris@citrix.com> # Committer Andrew Cooper <andrew.cooper3@citrix.com> nested vmx: Validate host VMX MSRs before accessing them Some VMX MSRs may not exist on certain processor models, or may be disabled because of configuration settings. It is only safe to access these MSRs if configuration flags in other MSRs are set. These prerequisites are listed in the Intel 64 and IA-32 Architectures Software Developer’s Manual, Vol 3, Appendix A. nvmx_msr_read_intercept() does not check the prerequisites before accessing MSR_IA32_VMX_PROCBASED_CTLS2, MSR_IA32_VMX_EPT_VPID_CAP, MSR_IA32_VMX_VMFUNC on the host. Accessing these MSRs from a nested VMX guest running on a host which does not support them will cause Xen to crash with a GPF. Signed-off-by: Euan Harris <euan.harris@citrix.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> --- a/xen/arch/x86/hvm/vmx/vvmx.c +++ b/xen/arch/x86/hvm/vmx/vvmx.c @@ -1820,11 +1820,22 @@ int nvmx_msr_read_intercept(unsigned int return 0; /* - * Those MSRs are available only when bit 55 of - * MSR_IA32_VMX_BASIC is set. + * These MSRs are only available when flags in other MSRs are set. + * These prerequisites are listed in the Intel 64 and IA-32 + * Architectures Software Developer’s Manual, Vol 3, Appendix A. */ switch ( msr ) { + case MSR_IA32_VMX_PROCBASED_CTLS2: + if ( !cpu_has_vmx_secondary_exec_control ) + return 0; + break; + + case MSR_IA32_VMX_EPT_VPID_CAP: + if ( !(cpu_has_vmx_ept || cpu_has_vmx_vpid) ) + return 0; + break; + case MSR_IA32_VMX_TRUE_PINBASED_CTLS: case MSR_IA32_VMX_TRUE_PROCBASED_CTLS: case MSR_IA32_VMX_TRUE_EXIT_CTLS: @@ -1832,6 +1843,11 @@ int nvmx_msr_read_intercept(unsigned int if ( !(vmx_basic_msr & VMX_BASIC_DEFAULT1_ZERO) ) return 0; break; + + case MSR_IA32_VMX_VMFUNC: + if ( !cpu_has_vmx_vmfunc ) + return 0; + break; } rdmsrl(msr, host_data); ++++++ 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch ++++++ # Commit 9dec2c47406f4ef31711656722f5f70d758d6160 # Date 2016-06-17 15:08:08 +0100 # Author Dario Faggioli <dario.faggioli@citrix.com> # Committer George Dunlap <george.dunlap@citrix.com> xen: sched: use default scheduler upon an invalid "sched=" instead of just the first scheduler we find in the array. In fact, right now, if someone makes a typo when passing the "sched=" command line option to Xen, we (with all schedulers configured in) pick ARINC653, which is most likely not what one would expect. Go for the default scheduler instead. Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: George Dunlap <george.dunlap@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-By: Jonathan Creekmore <jonathan.creekmore@gmail.com> --- a/xen/common/schedule.c +++ b/xen/common/schedule.c @@ -1625,7 +1625,8 @@ void __init scheduler_init(void) { printk("Could not find scheduler: %s\n", opt_sched); for ( i = 0; i < NUM_SCHEDULERS; i++ ) - if ( schedulers[i] ) + if ( schedulers[i] && + !strcmp(schedulers[i]->opt_name, CONFIG_SCHED_DEFAULT) ) { ops = *schedulers[i]; break; ++++++ block-dmmd ++++++ --- /var/tmp/diff_new_pack.l6yEkQ/_old 2016-07-01 09:55:50.000000000 +0200 +++ /var/tmp/diff_new_pack.l6yEkQ/_new 2016-07-01 09:55:50.000000000 +0200 @@ -2,7 +2,7 @@ # Usage: block-dmmd [add args | remove args] # -# the dmmd device syntax (in xm commands/configs) is something like: +# the dmmd device syntax (in xm/xl commands/configs) is something like: # dmmd:md;/dev/md0;md;/dev/md1;lvm;/dev/vg1/lv1 # or # dmmd:lvm;/dev/vg1/lv1;lvm;/dev/vg1/lv2;md;/dev/md0 @@ -16,30 +16,49 @@ # dmmd:md;My-MD-name;lvm;/dev/vg1/lv1 # # History: +# 2016-05-27, mlatimer@suse.com: +# Merge improvements by loic.devulder@mpsa.com. Highlights include: +# - Re-write and simplification to speed up the script! +# - Add some (useful) logging messages and comments +# Minor tweaks and logging improvements +# 2016-05-26, mlatimer@suse.com: +# Verify MD activation if mdadm returns 2 +# 2016-05-20, mlatimer@suse.com: +# Strip leading "dmmd:" if present in xenstore params value # 2013-07-03, loic.devulder@mpsa.com: -# Partial rewrite of the script for supporting MD activation by name +# Partial rewrite of the script for supporting MD activation by name # 2009-06-09, mh@novell.com: -# Emit debugging messages into a temporary file; if no longer needed, -# just comment the exec I/O redirection below -# Make variables used in functions local to avoid global overridings -# Use vgscan and vgchange where required -# Use the C locale to avoid dealing with localized messages -# Assign output from assembling an MD device to a variable to aid debugging - -# We do not want to deal with localized messages: -LANG=C -LC_MESSAGES=C -export LANG LC_MESSAGES - -dir=$(dirname "$0") -. "$dir/block-common.sh" +# Emit debugging messages into a temporary file; if no longer needed, +# just comment the exec I/O redirection below +# Make variables used in functions local to avoid global overridings +# Use vgscan and vgchange where required +# Use the C locale to avoid dealing with localized messages +# Assign output from assembling an MD device to a variable to aid +# debugging + +# We do not want to deal with localized messages +# We use LC_ALL because LC_ALL superse LANG +# But we also use LANG because some applications may still use LANG... +export LC_ALL=C +export LANG=${LC_ALL} + +# Loading common libraries +. $(dirname $0)/block-common.sh + +# Constants +typeset -rx MDADM_BIN=/sbin/mdadm +typeset -rx LVCHANGE_BIN=/sbin/lvchange +typeset -rx PVSCAN_BIN=/sbin/pvscan +typeset -rx VGSCAN_BIN=/sbin/vgscan +typeset -rx VGCHANGE_BIN=/sbin/vgchange +typeset -rx DATE_LOG="date +%F_%T.%N" +typeset -rx DATE_SEC="date +%s" + +# Uncomment for debugging purposes +# exec >> /tmp/block-dmmd-$(${DATE_LOG}).log 2>&1 +# echo shell-flags: $- -#exec >> /tmp/block-dmmd-`date +%F_%T.%N`.log 2>&1 -#echo shell-flags: $- - -command=$1 - -# We check for errors ourselves: +# We check for errors ourselves set +e function run_mdadm() @@ -48,21 +67,24 @@ local msg local rc - msg="$(/sbin/mdadm $mdadm_cmd 2>&1)" + msg="$(${MDADM_BIN} ${mdadm_cmd} 2>&1)" rc=$? - case "$msg" in - *"has been started"* | *"already active"* ) - return 0 - ;; - *"is already in use"* ) - # hmm, might be used by another device in this domU - # leave it to upper layers to detect a real error - return 2 - ;; - * ) - return $rc - ;; + case "${msg}" in + *"has been started"* | *"already active"*) + return 0 + ;; + *"is already in use"*) + # Hmm, might be used by another device in this domU + # Leave it to upper layers to detect a real error + return 2 + ;; + *) + return ${rc} + ;; esac + + # Normally we should not get here, but if this happens + # we have to return an error return 1 } @@ -72,36 +94,49 @@ local par=$1 local cfg dev dev_path rc t mdadm_opts - if [ ${par} = ${par%%(*} ]; then + if [[ ${par} == ${par%%(*} ]]; then # No configuration file specified - dev=$par - cfg= + dev=${par} + cfg="" else - dev=${par%%(*} - t=${par#*(} - cfg="-c ${t%%)*}" + dev=${par%%(*} + t=${par#*(} + cfg="-c ${t%%)*}" fi # Looking for device name or aliase - if [ ${dev:0:1} = / ]; then - dev_path=${dev%/*} - mdadm_opts= + if [[ ${dev:0:1} == / ]]; then + dev_path=${dev%/*} + mdadm_opts="" else - dev_path=/dev/md - mdadm_opts="-s -N" + dev_path=/dev/md + mdadm_opts="-s -N" fi - # Is md device already active? + # Logging message + echo "[$(${DATE_LOG})] activate MD device ${dev}..." >&2 + + # Is MD device already active? # We need to use full path name, aliase is not possible... if [ -e $dev_path/${dev##*/} ]; then - /sbin/mdadm -Q -D $dev_path/${dev##*/} 2>/dev/null | grep -iq state.*\:.*inactive || return 0 + ${MDADM_BIN} -Q -D $dev_path/${dev##*/} 2>/dev/null \ + | grep -iq state.*\:.*inactive || return 0 fi - run_mdadm "-A $mdadm_opts $dev $cfg" + # Activate MD device + run_mdadm "-A ${mdadm_opts} ${dev} ${cfg}" rc=$? - [ $rc -eq 2 ] && return 0 + # A return code of 2 can indicate the array configuration was incorrect + if [[ ${rc} == 2 ]]; then + # Logging message + echo "[$(${DATE_LOG})] verifying MD device ${dev} activation..." >&2 + + # If the array is active, return 0, otherwise return an error + ${MDADM_BIN} -Q -D $dev_path/${dev##*/} &>/dev/null && return 0 \ + || return 1 + fi - return $rc + return ${rc} } function deactivate_md() @@ -109,22 +144,25 @@ local par=$1 local dev - if [ ${par} = ${par%%(*} ]; then + if [[ ${par} == ${par%%(*} ]]; then # No configuration file specified - dev=${par} + dev=${par} else - dev=${par%%(*} + dev=${par%%(*} fi # Looking for device name or aliase - if [ ${dev:0:1} = / ]; then - dev_path=${dev%/*} + if [[ ${dev:0:1} == / ]]; then + dev_path=${dev%/*} else - dev_path=/dev/md + dev_path=/dev/md fi + # Logging message + echo "[$(${DATE_LOG})] deactivate MD device ${dev}..." >&2 + # We need the device name only while deactivating - /sbin/mdadm -S ${dev_path}/${dev##*/} > /dev/null 2>&1 + ${MDADM_BIN} -S ${dev_path}/${dev##*/} > /dev/null 2>&1 return $? } @@ -132,169 +170,200 @@ function activate_lvm() { local run_timeout=90 + local parsed_timeout local end_time + # If /etc/xen/xend-config.sxp exists (e.g. SLES11), use + # device-create-timeout, instead of the default setting + if [[ -f /etc/xen/xend-config.sxp ]]; then + parsed_timeout=$(grep -v "^[ \t]*#.*" /etc/xen/xend-config.sxp \ + |sed -n 's/(device-create-timeout \+\([0-9]\+\))/\1/p') + if [[ ! -z $parsed_timeout ]]; then + run_timeout=$((${parsed_timeout}*9/10)) + fi + fi + # First scan for PVs and VGs - # We need this for using md device as PV - /sbin/pvscan > /dev/null 2>&1 -# /sbin/vgscan --mknodes > /dev/null 2>&1 + # We need this for using MD device as PV + ${PVSCAN_BIN} > /dev/null 2>&1 +# ${VGSCAN_BIN} --mknodes > /dev/null 2>&1 + + # Logging message + echo "[$(${DATE_LOG})] activate LVM device ${dev}..." >&2 + + # Set end_time for the loop + (( end_time = $(${DATE_SEC}) + run_timeout )) - end_time=$(($(date +%s)+${run_timeout})) while true; do - /sbin/lvchange -aey $1 > /dev/null 2>&1 + ${LVCHANGE_BIN} -aey $1 > /dev/null 2>&1 + + if [ $? -eq 0 -a -e $1 ]; then + return 0 + fi - if [ $? -eq 0 -a -e $1 ]; then - return 0 - fi - - sleep 0.1 - if [ $(date +%s) -ge ${end_time} ]; then - log err "Failed to activate $1 within ${run_timeout} seconds" - return 1 - fi + sleep 0.1 + # If it takes too long we need to return an error + if (( $(${DATE_SEC}) >= end_time )); then + log err "Failed to activate $1 within ${run_timeout} seconds" + return 1 + fi done + + # Normally we should not get here, but if this happens + # we have to return an error return 1 } function deactivate_lvm() { - /sbin/lvchange -aen $1 > /dev/null 2>&1 + # Logging message + echo "[$(${DATE_LOG})] deactivate LVM device ${dev}..." >&2 + + ${LVCHANGE_BIN} -aen $1 > /dev/null 2>&1 if [ $? -eq 0 ]; then - # We may have to deactivate the VG now, but can ignore errors: -# /sbin/vgchange -an ${1%/*} || : + # We may have to deactivate the VG now, but can ignore errors: +# ${VGCHANGE_BIN} -an ${1%/*} || : # Maybe we need to cleanup the LVM cache: -# /sbin/vgscan --mknodes || : - return 0 +# ${VGSCAN_BIN} --mknodes || : + return 0 fi return 1 } -BP=100 -SP=$BP -VBD= +# Variables +typeset command=$1 +typeset BP=100 +typeset SP=${BP} +typeset VBD +typeset -a stack -declare -a stack function push() { - if [ -z "$1" ]; then - return - fi - let "SP -= 1" - stack[$SP]="${1}" + local value="$1" + + [[ -n "${value}" ]] \ + && stack[$((--SP))]="${value}" + + return 0 } function pop() { - VBD= - - if [ "$SP" -eq "$BP" ]; then - return - fi + [[ "${SP}" != "${BP}" ]] \ + && VBD=${stack[$((SP++))]} \ + || VBD="" - VBD=${stack[$SP]} - let "SP += 1" + return 0 } function activate_dmmd() { - case $1 in - md) + case "$1" in + "md") activate_md $2 - return + return $? ;; - lvm) + "lvm") activate_lvm $2 - return + return $? ;; esac + + # Normally we should not get here, but if this happens + # we have to return an error + return 1 } function deactivate_dmmd() { case "$1" in - md) + "md") deactivate_md $2 - return + return $? ;; - lvm) + "lvm") deactivate_lvm $2 - return + return $? ;; esac + + # Normally we should not get here, but if this happens + # we have to return an error + return 1 } function cleanup_stack() { - while [ 1 ]; do + while true; do pop - if [ -z "$VBD" ]; then - break - fi - deactivate_dmmd $VBD + [[ -z "${VBD}" ]] && break + deactivate_dmmd ${VBD} done } function parse_par() { - local ac par rc s t # Make these explicitly local vars + # Make these vars explicitly local + local ac par rc s t ac=$1 par="$2" - par="$par;" - while [ 1 ]; do + par="${par};" + while true; do t=${par%%;*} - if [ -z "$t" ]; then - return 0 - fi + + [[ -z "${t}" ]] && return 0 par=${par#*;} s=${par%%;*} - if [ -z "$s" ]; then - return 1 - fi + [[ -z "${s}" ]] && return 1 par=${par#*;} - if [ "$ac" = "activate" ]; then - activate_dmmd $t $s - rc=$? - if [ $rc -ne 0 ]; then - return 1 - fi + if [[ "${ac}" == "activate" ]]; then + activate_dmmd ${t} ${s} \ + || return 1 fi - push "$t $s" + push "${t} ${s}" done } +case "${command}" in + "add") + p=$(xenstore-read ${XENBUS_PATH}/params) || true + claim_lock "dmmd" + dmmd=${p#dmmd:} + + if ! parse_par activate "${dmmd}"; then + cleanup_stack + release_lock "dmmd" + exit 1 + fi + + lastparam=${dmmd##*;} + usedevice=${lastparam%(*} + xenstore-write ${XENBUS_PATH}/node "${usedevice}" + write_dev "${usedevice}" + release_lock "dmmd" + + exit 0 + ;; + + "remove") + p=$(xenstore-read ${XENBUS_PATH}/params) || true + claim_lock "dmmd" + dmmd=${p#dmmd:} + + parse_par noactivate "${dmmd}" -case "$command" in - add) - p=`xenstore-read $XENBUS_PATH/params` || true - claim_lock "dmmd" - dmmd=${p#dmmd:} - parse_par activate "$dmmd" - rc=$? - if [ $rc -ne 0 ]; then - cleanup_stack - release_lock "dmmd" - exit 1 - fi - lastparam=${dmmd##*;} - usedevice=${lastparam%(*} - xenstore-write $XENBUS_PATH/node "$usedevice" - write_dev "$usedevice" - release_lock "dmmd" - exit 0 - ;; - - remove) - p=`xenstore-read $XENBUS_PATH/params` || true - claim_lock "dmmd" - dmmd=${p#dmmd:} - parse_par noactivate "$dmmd" - cleanup_stack - release_lock "dmmd" - exit 0 - ;; + cleanup_stack + release_lock "dmmd" + + exit 0 + ;; esac + +# Normally we should not get here, but if this happens +# we have to return an error +return 1 ++++++ ipxe.tar.bz2 ++++++ ++++++ qemu-xen-traditional-dir-remote.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tools/qemu-xen-traditional-dir-remote/vl.c new/tools/qemu-xen-traditional-dir-remote/vl.c --- old/tools/qemu-xen-traditional-dir-remote/vl.c 2016-06-07 16:03:56.000000000 +0200 +++ new/tools/qemu-xen-traditional-dir-remote/vl.c 2016-06-21 16:25:33.000000000 +0200 @@ -3752,6 +3752,50 @@ } #endif +static void check_cve_2014_3672_xen(void) +{ + static unsigned long limit = ~0UL; + const int fd = 2; + struct stat stab; + + if (limit == ~0UL) { + const char *s = getenv("XEN_QEMU_CONSOLE_LIMIT"); + /* XEN_QEMU_CONSOLE_LIMIT=0 means no limit */ + limit = s ? strtoul(s,0,0) : 0; + } + if (limit == 0) + return; + + int r = fstat(fd, &stab); + if (r) { + perror("fstat stderr (for CVE-2014-3672 check)"); + exit(-1); + } + if (!S_ISREG(stab.st_mode)) + return; + if (stab.st_size <= limit) + return; + + /* oh dear */ + fprintf(stderr,"\r\n" + "Closing stderr due to CVE-2014-3672 limit. " + " Set XEN_QEMU_CONSOLE_LIMIT to number of bytes to override," + " or 0 for no limit.\n"); + fflush(stderr); + + int nfd = open("/dev/null", O_WRONLY); + if (nfd < 0) { + perror("open /dev/null (for CVE-2014-3672 check)"); + exit(-1); + } + r = dup2(nfd, fd); + if (r != fd) { + perror("dup2 /dev/null (for CVE-2014-3672 check)"); + exit(-1); + } + close(nfd); +} + void main_loop_wait(int timeout) { IOHandlerRecord *ioh; @@ -3763,6 +3807,8 @@ host_main_loop_wait(&timeout); + check_cve_2014_3672_xen(); + /* poll any events */ /* XXX: separate device handlers from system ones */ nfds = -1; ++++++ stubdom.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/xen/stubdom.tar.bz2 /work/SRC/openSUSE:Factory/.xen.new/stubdom.tar.bz2 differ: char 11, line 1 ++++++ xen-4.7.0-testing-src.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.7.0-testing/ChangeLog new/xen-4.7.0-testing/ChangeLog --- old/xen-4.7.0-testing/ChangeLog 2016-06-09 23:13:18.000000000 +0200 +++ new/xen-4.7.0-testing/ChangeLog 2016-06-21 16:24:24.000000000 +0200 @@ -1,13 +1,9 @@ -commit a4b3caa9308ba71611218b3da9132caff23e3cf8 -Author: Jan Beulich <JBeulich@suse.com> -Date: Wed Jun 8 03:52:33 2016 -0600 +commit 9a6cc4f5c14b3d7542b7523f88a1b65464733d3a +Author: Ian Jackson <ian.jackson@eu.citrix.com> +Date: Mon Jun 20 11:38:15 2016 +0100 - tools: fix libxengnttab dependencies + Xen 4.7.0 release - Without this some ld versions warn about not being able to find - libxentoollog.so.1 when linking libxenvchan. + Set version numbers for actual release. - Signed-off-by: Jan Beulich <jbeulich@suse.com> - Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> - Release-acked-by: Wei Liu <wei.liu2@citrix.com> - master commit: e9151dbe35611778d70a1ad2698af60141ea0418 + Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.7.0-testing/Config.mk new/xen-4.7.0-testing/Config.mk --- old/xen-4.7.0-testing/Config.mk 2016-06-09 23:13:18.000000000 +0200 +++ new/xen-4.7.0-testing/Config.mk 2016-06-21 16:24:24.000000000 +0200 @@ -272,10 +272,8 @@ MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= 52a99493cce88a9d4ec8a02d7f1bd1a1001ce60d -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.7.0-rc5 -MINIOS_UPSTREAM_REVISION ?= 1a3ee6eeca136525aa2e6917ae500e7cf731c09d -# Fri May 13 15:21:10 2016 +0100 -# lib/sys.c: enclose file_types in define guards +QEMU_UPSTREAM_REVISION ?= qemu-xen-4.7.0 +MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.7.0 SEABIOS_UPSTREAM_REVISION ?= rel-1.9.2 # Tue, 1 Mar 2016 15:06:45 +0100 (16:06 +0200) @@ -284,9 +282,7 @@ ETHERBOOT_NICS ?= rtl8139 8086100e -QEMU_TRADITIONAL_REVISION ?= df553c056104e3dd8a2bd2e72539a57c4c085bae -# Thu May 5 11:14:44 2016 +0100 -# Fix build with newer version of GNUTLS +QEMU_TRADITIONAL_REVISION ?= xen-4.7.0 # Specify which qemu-dm to use. This may be `ioemu' to use the old # Mercurial in-tree version, or a local directory, or a git URL. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.7.0-testing/README new/xen-4.7.0-testing/README --- old/xen-4.7.0-testing/README 2016-06-09 23:13:18.000000000 +0200 +++ new/xen-4.7.0-testing/README 2016-06-21 16:24:24.000000000 +0200 @@ -1,10 +1,10 @@ ################################# -__ __ _ _ _____ -\ \/ /___ _ __ | || | |___ | _ __ ___ - \ // _ \ '_ \ | || |_ / /____| '__/ __| - / \ __/ | | | |__ _| / /_____| | | (__ -/_/\_\___|_| |_| |_|(_)_/ |_| \___| - +__ __ _ _ _____ ___ +\ \/ /___ _ __ | || | |___ / _ \ + \ // _ \ '_ \ | || |_ / / | | | + / \ __/ | | | |__ _| / /| |_| | +/_/\_\___|_| |_| |_|(_)_/(_)___/ + ################################# http://www.xen.org/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.7.0-testing/xen/Makefile new/xen-4.7.0-testing/xen/Makefile --- old/xen-4.7.0-testing/xen/Makefile 2016-06-09 23:13:18.000000000 +0200 +++ new/xen-4.7.0-testing/xen/Makefile 2016-06-21 16:24:24.000000000 +0200 @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 7 -export XEN_EXTRAVERSION ?= .0-rc$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .0$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.7.0-testing/xen/arch/x86/hvm/hvm.c new/xen-4.7.0-testing/xen/arch/x86/hvm/hvm.c --- old/xen-4.7.0-testing/xen/arch/x86/hvm/hvm.c 2016-06-09 23:13:18.000000000 +0200 +++ new/xen-4.7.0-testing/xen/arch/x86/hvm/hvm.c 2016-06-21 16:24:24.000000000 +0200 @@ -3466,7 +3466,7 @@ xstate_sizes[_XSTATE_BNDCSR]); } - if ( _ebx & cpufeat_mask(X86_FEATURE_PKU) ) + if ( _ecx & cpufeat_mask(X86_FEATURE_PKU) ) { xfeature_mask |= XSTATE_PKRU; xstate_size = max(xstate_size, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.7.0-testing/xen/include/public/io/libxenvchan.h new/xen-4.7.0-testing/xen/include/public/io/libxenvchan.h --- old/xen-4.7.0-testing/xen/include/public/io/libxenvchan.h 2016-06-09 23:13:18.000000000 +0200 +++ new/xen-4.7.0-testing/xen/include/public/io/libxenvchan.h 2016-06-21 16:24:24.000000000 +0200 @@ -10,18 +10,23 @@ * * @section LICENSE * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; If not, see <http://www.gnu.org/licenses/>. + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. * * @section DESCRIPTION *