Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-03-01 12:02:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xen"
Thu Mar 1 12:02:20 2018 rev:243 rq:580646 version:4.10.0_13
Changes:
--------
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-02-18 11:38:14.490480633 +0100
+++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-03-01 12:02:21.481832679 +0100
@@ -1,0 +2,36 @@
+Mon Feb 12 13:26:38 MST 2018 - carnold@suse.com
+
+- bsc#1080635 - VUL-0: xen: DoS via non-preemptable L3/L4 pagetable
+ freeing (XSA-252)
+ xsa252.patch
+- bsc#1080662 - VUL-0: xen: grant table v2 -> v1 transition may
+ crash Xen (XSA-255)
+ xsa255-1.patch
+ xsa255-2.patch
+- bsc#1080634 - VUL-0: xen: x86 PVH guest without LAPIC may DoS the
+ host (XSA-256)
+ xsa256.patch
+
+-------------------------------------------------------------------
+Fri Feb 9 12:59:12 UTC 2018 - ohering@suse.de
+
+- Remove stale systemd presets code for 13.2 and older
+
+-------------------------------------------------------------------
+Fri Feb 9 12:31:33 UTC 2018 - ohering@suse.de
+
+- fate#324965 - add script, udev rule and systemd service to watch
+ for vcpu online/offline events in a HVM domU
+ They are triggered via xl vcpu-set domU N
+
+-------------------------------------------------------------------
+Fri Feb 9 10:23:15 UTC 2018 - ohering@suse.de
+
+- Replace hardcoded xen with Name tag when refering to subpkgs
+
+-------------------------------------------------------------------
+Fri Feb 9 10:19:49 UTC 2018 - ohering@suse.de
+
+- Make sure tools and tools-domU require libs from the very same build
+
+-------------------------------------------------------------------
New:
----
xsa252.patch
xsa255-1.patch
xsa255-2.patch
xsa256.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xen.spec ++++++
--- /var/tmp/diff_new_pack.BKiFK0/_old 2018-03-01 12:02:27.993599148 +0100
+++ /var/tmp/diff_new_pack.BKiFK0/_new 2018-03-01 12:02:27.997599005 +0100
@@ -14,10 +14,9 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-
-
# needssslcertforbuild
+
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates
@@ -60,10 +59,6 @@
%define with_gcc47 0
%define with_gcc48 0
%define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services
-%define include_systemd_preset 0
-%if 0%{?suse_version} <= 1320 && 0%{?sle_version} < 120300
-%define include_systemd_preset 1
-%endif
%systemd_requires
BuildRequires: systemd-devel
%define with_systemd_modules_load %{_prefix}/lib/modules-load.d
@@ -131,7 +126,7 @@
BuildRequires: pesign-obs-integration
%endif
-Version: 4.10.0_12
+Version: 4.10.0_13
Release: 0
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License: GPL-2.0
@@ -211,6 +206,10 @@
Patch43: 5a6b36cd-9-x86-issue-speculation-barrier.patch
Patch44: 5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch
Patch45: 5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch
+Patch252: xsa252.patch
+Patch25501: xsa255-1.patch
+Patch25502: xsa255-2.patch
+Patch256: xsa256.patch
# Our platform specific patches
Patch400: xen-destdir.patch
Patch401: vif-bridge-no-iptables.patch
@@ -308,11 +307,11 @@
%ifarch %arm aarch64
Requires: qemu-arm
%endif
+Requires: %{name}-libs = %{version}-%{release}
Requires: multipath-tools
Requires: python3
Requires: python3-curses
Requires: qemu-seabios
-Requires: xen-libs = %{version}
# subpackage existed in 10.3
Provides: xen-tools-ioemu = %{version}
Obsoletes: xen-tools-ioemu < %{version}
@@ -340,7 +339,8 @@
%package tools-domU
Summary: Xen Virtualization: Control tools for domain U
Group: System/Kernel
-Conflicts: xen-tools
+Conflicts: %{name}-tools
+Requires: %{name}-libs = %{version}-%{release}
%description tools-domU
Xen is a virtual machine monitor for x86 that supports execution of
@@ -359,8 +359,8 @@
%package devel
Summary: Xen Virtualization: Headers and libraries for development
Group: System/Kernel
+Requires: %{name}-libs = %{version}
Requires: libuuid-devel
-Requires: xen-libs = %{version}
%description devel
Xen is a virtual machine monitor for x86 that supports execution of
@@ -445,6 +445,10 @@
%patch43 -p1
%patch44 -p1
%patch45 -p1
+%patch252 -p1
+%patch25501 -p1
+%patch25502 -p1
+%patch256 -p1
# Our platform specific patches
%patch400 -p1
%patch401 -p1
@@ -609,8 +613,77 @@
mv -v $i ${i%/*}/sysconfig.${i##*/}
done
+#
udev_rulesdir=$RPM_BUILD_ROOT%{_udevrulesdir}
+tools_domU_dir=$RPM_BUILD_ROOT%{_libexecdir}/%{name}-tools-domU
mkdir -p ${udev_rulesdir}
+mkdir -p ${tools_domU_dir}
+#
+tee ${udev_rulesdir}/80-%{name}-tools-domU.rules <<'_EOR_'
+# XenSource, Inc. Xen Platform Device
+SUBSYSTEM=="pci", ATTR{modalias}=="pci:v00005853d00000001sv00005853sd00000001bcFFsc80i00", TAG+="systemd", ENV{SYSTEMD_WANTS}+="%{name}-vcpu-watch.service"
+_EOR_
+#
+tee $RPM_BUILD_ROOT%{_unitdir}/%{name}-vcpu-watch.service <<'_EOS_'
+[Unit]
+Description=Listen to CPU online/offline events from dom0 toolstack
+
+[Service]
+Type=simple
+ExecStart=%{_libexecdir}/%{name}-tools-domU/%{name}-vcpu-watch.sh
+Restart=always
+RestartSec=2
+_EOS_
+#
+tee $RPM_BUILD_ROOT%{_libexecdir}/%{name}-tools-domU/%{name}-vcpu-watch.sh <<'_EOS_'
+#!/bin/bash
+unset LANG
+unset ${!LC_*}
+echo "$0 starting" >&2
+xenstore-watch cpu | while read
+do
+ : xenstore event: ${REPLY}
+ case "${REPLY}" in
+ cpu)
+ : just started
+ ;;
+ cpu/[0-9]/availability|cpu/[0-9][0-9]/availability)
+ vcpu="${REPLY%/*}"
+ vcpu="${vcpu#*/}"
+ sysfs="/sys/devices/system/cpu/cpu${vcpu}/online"
+ if test -f "${sysfs}"
+ then
+ availability="`xenstore-read \"${REPLY}\"`"
+ case "${availability}" in
+ online|offline)
+ if test "${availability}" = "online"
+ then
+ new_sysfs_state=1
+ else
+ new_sysfs_state=0
+ fi
+ read cur_sysfs_state rest < "${sysfs}"
+ if test "${cur_sysfs_state}" = "${new_sysfs_state}"
+ then
+ : the vcpu "${vcpu}" already has state "${availability}" via "${sysfs}"
+ else
+ : setting vcpu "${vcpu}" to "${availability}" via "${sysfs}"
+ echo "setting vcpu ${vcpu} to ${availability}" >&2
+ echo "${new_sysfs_state}" > "${sysfs}"
+ fi
+ ;;
+ esac
+ fi
+ ;;
+ *)
+ : unhandled
+ ;;
+ esac
+done
+exit 1
+_EOS_
+chmod 755 $RPM_BUILD_ROOT%{_libexecdir}/%{name}-tools-domU/%{name}-vcpu-watch.sh
+#
tee ${udev_rulesdir}/60-persistent-xvd.rules <<'_EOR_'
ACTION=="remove", GOTO="xvd_aliases_end"
SUBSYSTEM!="block", GOTO="xvd_aliases_end"
@@ -679,7 +752,7 @@
test -n "${dev}" && echo "VBD_HD_SYMLINK=${dev}"
_EOS_
#
-tee ${udev_programdir}/%{name}-channel-setup.sh.sh <<'_EOF_'
+tee ${udev_programdir}/%{name}-channel-setup.sh <<'_EOF_'
#!/bin/bash
if test "$#" -ne 2; then
@@ -833,12 +906,6 @@
install -m644 %SOURCE36 $RPM_BUILD_ROOT/%{_libdir}/python%{pyver}/site-packages
# Systemd
-%if %{?include_systemd_preset}0
-mkdir -vp $RPM_BUILD_ROOT%_presetdir
-cat > $RPM_BUILD_ROOT%_presetdir/00-%{name}.preset <
Subject: memory: don't implicitly unpin for decrease-reservation
It very likely was a mistake (copy-and-paste from domain cleanup code)
to implicitly unpin here: The caller should really unpin itself before
(or after, if they so wish) requesting the page to be removed.
This is XSA-252.
Signed-off-by: Jan Beulich
Reviewed-by: Andrew Cooper
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -357,11 +357,6 @@ int guest_remove_page(struct domain *d,
rc = guest_physmap_remove_page(d, _gfn(gmfn), mfn, 0);
-#ifdef _PGT_pinned
- if ( !rc && test_and_clear_bit(_PGT_pinned, &page->u.inuse.type_info) )
- put_page_and_type(page);
-#endif
-
/*
* With the lack of an IOMMU on some platforms, domains with DMA-capable
* device must retrieve the same pfn when the hypercall populate_physmap
++++++ xsa255-1.patch ++++++
From: Jan Beulich
Subject: gnttab/ARM: don't corrupt shared GFN array
... by writing status GFNs to it. Introduce a second array instead.
Also implement gnttab_status_gmfn() properly now that the information is
suitably being tracked.
While touching it anyway, remove a misguided (but luckily benign) upper
bound check from gnttab_shared_gmfn(): We should never access beyond the
bounds of that array.
This is part of XSA-255.
Signed-off-by: Jan Beulich
Reviewed-by: Stefano Stabellini
Reviewed-by: Andrew Cooper
---
v3: Don't init the ARM GFN arrays to zero anymore, use INVALID_GFN.
v2: New.
Index: xen-4.10.0-testing/xen/common/grant_table.c
===================================================================
--- xen-4.10.0-testing.orig/xen/common/grant_table.c
+++ xen-4.10.0-testing/xen/common/grant_table.c
@@ -3777,6 +3777,7 @@ int gnttab_map_frame(struct domain *d, u
{
int rc = 0;
struct grant_table *gt = d->grant_table;
+ bool status = false;
grant_write_lock(gt);
@@ -3787,6 +3788,7 @@ int gnttab_map_frame(struct domain *d, u
(idx & XENMAPIDX_grant_table_status) )
{
idx &= ~XENMAPIDX_grant_table_status;
+ status = true;
if ( idx < nr_status_frames(gt) )
*mfn = _mfn(virt_to_mfn(gt->status[idx]));
else
@@ -3804,7 +3806,7 @@ int gnttab_map_frame(struct domain *d, u
}
if ( !rc )
- gnttab_set_frame_gfn(gt, idx, gfn);
+ gnttab_set_frame_gfn(gt, status, idx, gfn);
grant_write_unlock(gt);
Index: xen-4.10.0-testing/xen/include/asm-arm/grant_table.h
===================================================================
--- xen-4.10.0-testing.orig/xen/include/asm-arm/grant_table.h
+++ xen-4.10.0-testing/xen/include/asm-arm/grant_table.h
@@ -9,7 +9,8 @@
#define INITIAL_NR_GRANT_FRAMES 1U
struct grant_table_arch {
- gfn_t *gfn;
+ gfn_t *shared_gfn;
+ gfn_t *status_gfn;
};
void gnttab_clear_flag(unsigned long nr, uint16_t *addr);
@@ -21,7 +22,6 @@ int replace_grant_host_mapping(unsigned
unsigned long new_gpaddr, unsigned int flags);
void gnttab_mark_dirty(struct domain *d, unsigned long l);
#define gnttab_create_status_page(d, t, i) do {} while (0)
-#define gnttab_status_gmfn(d, t, i) (0)
#define gnttab_release_host_mappings(domain) 1
static inline int replace_grant_supported(void)
{
@@ -42,19 +42,35 @@ static inline unsigned int gnttab_dom0_m
#define gnttab_init_arch(gt) \
({ \
- (gt)->arch.gfn = xzalloc_array(gfn_t, (gt)->max_grant_frames); \
- ( (gt)->arch.gfn ? 0 : -ENOMEM ); \
+ unsigned int ngf_ = (gt)->max_grant_frames; \
+ unsigned int nsf_ = grant_to_status_frames(ngf_); \
+ \
+ (gt)->arch.shared_gfn = xmalloc_array(gfn_t, ngf_); \
+ (gt)->arch.status_gfn = xmalloc_array(gfn_t, nsf_); \
+ if ( (gt)->arch.shared_gfn && (gt)->arch.status_gfn ) \
+ { \
+ while ( ngf_-- ) \
+ (gt)->arch.shared_gfn[ngf_] = INVALID_GFN; \
+ while ( nsf_-- ) \
+ (gt)->arch.status_gfn[nsf_] = INVALID_GFN; \
+ } \
+ else \
+ gnttab_destroy_arch(gt); \
+ (gt)->arch.shared_gfn ? 0 : -ENOMEM; \
})
#define gnttab_destroy_arch(gt) \
do { \
- xfree((gt)->arch.gfn); \
- (gt)->arch.gfn = NULL; \
+ xfree((gt)->arch.shared_gfn); \
+ (gt)->arch.shared_gfn = NULL; \
+ xfree((gt)->arch.status_gfn); \
+ (gt)->arch.status_gfn = NULL; \
} while ( 0 )
-#define gnttab_set_frame_gfn(gt, idx, gfn) \
+#define gnttab_set_frame_gfn(gt, st, idx, gfn) \
do { \
- (gt)->arch.gfn[idx] = gfn; \
+ ((st) ? (gt)->arch.status_gfn : (gt)->arch.shared_gfn)[idx] = \
+ (gfn); \
} while ( 0 )
#define gnttab_create_shared_page(d, t, i) \
@@ -65,8 +81,10 @@ static inline unsigned int gnttab_dom0_m
} while ( 0 )
#define gnttab_shared_gmfn(d, t, i) \
- ( ((i >= nr_grant_frames(t)) && \
- (i < (t)->max_grant_frames))? 0 : gfn_x((t)->arch.gfn[i]))
+ gfn_x(((i) >= nr_grant_frames(t)) ? INVALID_GFN : (t)->arch.shared_gfn[i])
+
+#define gnttab_status_gmfn(d, t, i) \
+ gfn_x(((i) >= nr_status_frames(t)) ? INVALID_GFN : (t)->arch.status_gfn[i])
#define gnttab_need_iommu_mapping(d) \
(is_domain_direct_mapped(d) && need_iommu(d))
Index: xen-4.10.0-testing/xen/include/asm-x86/grant_table.h
===================================================================
--- xen-4.10.0-testing.orig/xen/include/asm-x86/grant_table.h
+++ xen-4.10.0-testing/xen/include/asm-x86/grant_table.h
@@ -46,7 +46,7 @@ static inline unsigned int gnttab_dom0_m
#define gnttab_init_arch(gt) 0
#define gnttab_destroy_arch(gt) do {} while ( 0 )
-#define gnttab_set_frame_gfn(gt, idx, gfn) do {} while ( 0 )
+#define gnttab_set_frame_gfn(gt, st, idx, gfn) do {} while ( 0 )
#define gnttab_create_shared_page(d, t, i) \
do { \
++++++ xsa255-2.patch ++++++
From: Jan Beulich
Subject: gnttab: don't blindly free status pages upon version change
There may still be active mappings, which would trigger the respective
BUG_ON(). Split the loop into one dealing with the page attributes and
the second (when the first fully passed) freeing the pages. Return an
error if any pages still have pending references.
This is part of XSA-255.
Signed-off-by: Jan Beulich
Reviewed-by: Stefano Stabellini
Reviewed-by: Andrew Cooper
---
v4: Add gprintk(XENLOG_ERR, ...) to domain_crash() invocations.
v3: Call guest_physmap_remove_page() from gnttab_map_frame(), making the
code unconditional at the same time. Re-base over changes to first
patch.
v2: Also deal with translated guests.
Index: xen-4.10.0-testing/xen/common/grant_table.c
===================================================================
--- xen-4.10.0-testing.orig/xen/common/grant_table.c
+++ xen-4.10.0-testing/xen/common/grant_table.c
@@ -1644,23 +1644,74 @@ status_alloc_failed:
return -ENOMEM;
}
-static void
+static int
gnttab_unpopulate_status_frames(struct domain *d, struct grant_table *gt)
{
- int i;
+ unsigned int i;
for ( i = 0; i < nr_status_frames(gt); i++ )
{
struct page_info *pg = virt_to_page(gt->status[i]);
+ gfn_t gfn = gnttab_get_frame_gfn(gt, true, i);
+
+ /*
+ * For translated domains, recovering from failure after partial
+ * changes were made is more complicated than it seems worth
+ * implementing at this time. Hence respective error paths below
+ * crash the domain in such a case.
+ */
+ if ( paging_mode_translate(d) )
+ {
+ int rc = gfn_eq(gfn, INVALID_GFN)
+ ? 0
+ : guest_physmap_remove_page(d, gfn,
+ _mfn(page_to_mfn(pg)), 0);
+
+ if ( rc )
+ {
+ gprintk(XENLOG_ERR,
+ "Could not remove status frame %u (GFN %#lx) from P2M\n",
+ i, gfn_x(gfn));
+ domain_crash(d);
+ return rc;
+ }
+ gnttab_set_frame_gfn(gt, true, i, INVALID_GFN);
+ }
BUG_ON(page_get_owner(pg) != d);
if ( test_and_clear_bit(_PGC_allocated, &pg->count_info) )
put_page(pg);
- BUG_ON(pg->count_info & ~PGC_xen_heap);
+
+ if ( pg->count_info & ~PGC_xen_heap )
+ {
+ if ( paging_mode_translate(d) )
+ {
+ gprintk(XENLOG_ERR,
+ "Wrong page state %#lx of status frame %u (GFN %#lx)\n",
+ pg->count_info, i, gfn_x(gfn));
+ domain_crash(d);
+ }
+ else
+ {
+ if ( get_page(pg, d) )
+ set_bit(_PGC_allocated, &pg->count_info);
+ while ( i-- )
+ gnttab_create_status_page(d, gt, i);
+ }
+ return -EBUSY;
+ }
+
+ page_set_owner(pg, NULL);
+ }
+
+ for ( i = 0; i < nr_status_frames(gt); i++ )
+ {
free_xenheap_page(gt->status[i]);
gt->status[i] = NULL;
}
gt->nr_status_frames = 0;
+
+ return 0;
}
/*
@@ -2970,8 +3021,9 @@ gnttab_set_version(XEN_GUEST_HANDLE_PARA
break;
}
- if ( op.version < 2 && gt->gt_version == 2 )
- gnttab_unpopulate_status_frames(currd, gt);
+ if ( op.version < 2 && gt->gt_version == 2 &&
+ (res = gnttab_unpopulate_status_frames(currd, gt)) != 0 )
+ goto out_unlock;
/* Make sure there's no crud left over from the old version. */
for ( i = 0; i < nr_grant_frames(gt); i++ )
@@ -3805,6 +3857,11 @@ int gnttab_map_frame(struct domain *d, u
rc = -EINVAL;
}
+ if ( !rc && paging_mode_translate(d) &&
+ !gfn_eq(gnttab_get_frame_gfn(gt, status, idx), INVALID_GFN) )
+ rc = guest_physmap_remove_page(d, gnttab_get_frame_gfn(gt, status, idx),
+ *mfn, 0);
+
if ( !rc )
gnttab_set_frame_gfn(gt, status, idx, gfn);
Index: xen-4.10.0-testing/xen/include/asm-arm/grant_table.h
===================================================================
--- xen-4.10.0-testing.orig/xen/include/asm-arm/grant_table.h
+++ xen-4.10.0-testing/xen/include/asm-arm/grant_table.h
@@ -73,6 +73,11 @@ static inline unsigned int gnttab_dom0_m
(gfn); \
} while ( 0 )
+#define gnttab_get_frame_gfn(gt, st, idx) ({ \
+ _gfn((st) ? gnttab_status_gmfn(NULL, gt, idx) \
+ : gnttab_shared_gmfn(NULL, gt, idx)); \
+})
+
#define gnttab_create_shared_page(d, t, i) \
do { \
share_xen_page_with_guest( \
Index: xen-4.10.0-testing/xen/include/asm-x86/grant_table.h
===================================================================
--- xen-4.10.0-testing.orig/xen/include/asm-x86/grant_table.h
+++ xen-4.10.0-testing/xen/include/asm-x86/grant_table.h
@@ -47,6 +47,12 @@ static inline unsigned int gnttab_dom0_m
#define gnttab_init_arch(gt) 0
#define gnttab_destroy_arch(gt) do {} while ( 0 )
#define gnttab_set_frame_gfn(gt, st, idx, gfn) do {} while ( 0 )
+#define gnttab_get_frame_gfn(gt, st, idx) ({ \
+ unsigned long mfn_ = (st) ? gnttab_status_mfn(gt, idx) \
+ : gnttab_shared_mfn(gt, idx); \
+ unsigned long gpfn_ = get_gpfn_from_mfn(mfn_); \
+ VALID_M2P(gpfn_) ? _gfn(gpfn_) : INVALID_GFN; \
+})
#define gnttab_create_shared_page(d, t, i) \
do { \
@@ -63,11 +69,11 @@ static inline unsigned int gnttab_dom0_m
} while ( 0 )
-#define gnttab_shared_mfn(d, t, i) \
+#define gnttab_shared_mfn(t, i) \
((virt_to_maddr((t)->shared_raw[i]) >> PAGE_SHIFT))
#define gnttab_shared_gmfn(d, t, i) \
- (mfn_to_gmfn(d, gnttab_shared_mfn(d, t, i)))
+ (mfn_to_gmfn(d, gnttab_shared_mfn(t, i)))
#define gnttab_status_mfn(t, i) \
++++++ xsa256.patch ++++++
From: Andrew Cooper
Subject: x86/hvm: Disallow the creation of HVM domains without Local APIC emulation
There are multiple problems, not necesserily limited to:
* Guests which configure event channels via hvmop_set_evtchn_upcall_vector(),
or which hit %cr8 emulation will cause Xen to fall over a NULL vlapic->regs
pointer.
* On Intel hardware, disabling the TPR_SHADOW execution control without
reenabling CR8_{LOAD,STORE} interception means that the guests %cr8
accesses interact with the real TPR. Amongst other things, setting the
real TPR to 0xf blocks even IPIs from interrupting this CPU.
* On hardware which sets up the use of Interrupt Posting, including
IOMMU-Posting, guests run without the appropriate non-root configuration,
which at a minimum will result in dropped interrupts.
Whether no-LAPIC mode is of any use at all remains to be seen.
This is XSA-256.
Signed-off-by: Andrew Cooper
Reviewed-by: Jan Beulich
diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index f93327b..f65fc12 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -413,7 +413,7 @@ static bool emulation_flags_ok(const struct domain *d, uint32_t emflags)
if ( is_hardware_domain(d) &&
emflags != (XEN_X86_EMU_LAPIC|XEN_X86_EMU_IOAPIC) )
return false;
- if ( !is_hardware_domain(d) && emflags &&
+ if ( !is_hardware_domain(d) &&
emflags != XEN_X86_EMU_ALL && emflags != XEN_X86_EMU_LAPIC )
return false;
}