diff -pruN 4.14.3+32-g9de3671772-1/automation/build/alpine/3.12-arm64v8.dockerfile 4.16.1-1/automation/build/alpine/3.12-arm64v8.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/alpine/3.12-arm64v8.dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/automation/build/alpine/3.12-arm64v8.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,53 @@ +FROM arm64v8/alpine:3.12 +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN \ + # apk + apk update && \ + \ + # xen build deps + apk add argp-standalone && \ + apk add autoconf && \ + apk add automake && \ + apk add bash && \ + apk add curl && \ + apk add curl-dev && \ + apk add dev86 && \ + apk add dtc-dev && \ + apk add gcc && \ + # gettext for Xen < 4.13 + apk add gettext && \ + apk add git && \ + apk add iasl && \ + apk add libaio-dev && \ + apk add libfdt && \ + apk add linux-headers && \ + apk add make && \ + apk add musl-dev && \ + apk add ncurses-dev && \ + apk add patch && \ + apk add python3-dev && \ + apk add texinfo && \ + apk add util-linux-dev && \ + apk add xz-dev && \ + apk add yajl-dev && \ + apk add zlib-dev && \ + \ + # qemu build deps + apk add bison && \ + apk add flex && \ + apk add glib-dev && \ + apk add libattr && \ + apk add libcap-ng-dev && \ + apk add pixman-dev && \ + \ + # cleanup + rm -rf /tmp/* && \ + rm -f /var/cache/apk/* diff -pruN 4.14.3+32-g9de3671772-1/automation/build/alpine/3.12.dockerfile 4.16.1-1/automation/build/alpine/3.12.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/alpine/3.12.dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/automation/build/alpine/3.12.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,55 @@ +FROM alpine:3.12 +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN \ + # apk + apk update && \ + \ + # xen build deps + apk add argp-standalone && \ + apk add autoconf && \ + apk add automake && \ + apk add bash && \ + apk add curl && \ + apk add curl-dev && \ + apk add dev86 && \ + apk add gcc && \ + apk add g++ && \ + apk add clang && \ + # gettext for Xen < 4.13 + apk add gettext && \ + apk add git && \ + apk add iasl && \ + apk add libaio-dev && \ + apk add linux-headers && \ + apk add make && \ + apk add musl-dev && \ + apk add libc6-compat && \ + apk add ncurses-dev && \ + apk add patch && \ + apk add python3-dev && \ + apk add texinfo && \ + apk add util-linux-dev && \ + apk add xz-dev && \ + apk add yajl-dev && \ + apk add zlib-dev && \ + \ + # qemu build deps + apk add bison && \ + apk add flex && \ + apk add glib-dev && \ + apk add libattr && \ + apk add libcap-ng-dev && \ + apk add ninja && \ + apk add pixman-dev && \ + \ + # cleanup + rm -rf /tmp/* && \ + rm -f /var/cache/apk/* diff -pruN 4.14.3+32-g9de3671772-1/automation/build/archlinux/current.dockerfile 4.16.1-1/automation/build/archlinux/current.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/archlinux/current.dockerfile 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/build/archlinux/current.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -20,6 +20,7 @@ RUN pacman -S --refresh --sysupgrade --n iasl \ inetutils \ iproute \ + # lib32-glibc for Xen < 4.15 lib32-glibc \ libaio \ libcacard \ diff -pruN 4.14.3+32-g9de3671772-1/automation/build/archlinux/riscv64.dockerfile 4.16.1-1/automation/build/archlinux/riscv64.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/archlinux/riscv64.dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/automation/build/archlinux/riscv64.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,19 @@ +FROM archlinux +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +# Packages needed for the build +RUN pacman --noconfirm --needed -Syu \ + base-devel \ + git \ + inetutils \ + riscv64-linux-gnu-binutils \ + riscv64-linux-gnu-gcc \ + riscv64-linux-gnu-glibc + +# Add compiler path +ENV CROSS_COMPILE=riscv64-linux-gnu- + +RUN useradd --create-home user +USER user +WORKDIR /build diff -pruN 4.14.3+32-g9de3671772-1/automation/build/centos/6.dockerfile 4.16.1-1/automation/build/centos/6.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/centos/6.dockerfile 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/build/centos/6.dockerfile 1970-01-01 00:00:00.000000000 +0000 @@ -1,51 +0,0 @@ -FROM centos:6 -LABEL maintainer.name="The Xen Project" \ - maintainer.email="xen-devel@lists.xenproject.org" - -RUN mkdir /build -WORKDIR /build - -# work around https://github.com/moby/moby/issues/10180 -# and add EPEL for dev86 -RUN rpm --rebuilddb && \ - yum -y install \ - yum-plugin-ovl \ - epel-release \ - && yum clean all && \ - rm -rf /var/cache/yum - -# install Xen depends -RUN yum -y install \ - gcc \ - gcc-c++ \ - ncurses-devel \ - zlib-devel \ - openssl-devel \ - python-devel \ - libuuid-devel \ - pciutils-devel \ - pkgconfig \ - gettext \ - flex \ - bison \ - libaio-devel \ - glib2-devel \ - yajl-devel \ - pixman-devel \ - glibc-devel \ - glibc-devel.i686 \ - make \ - binutils \ - git \ - wget \ - acpica-tools \ - python-markdown \ - patch \ - checkpolicy \ - dev86 \ - iasl \ - xz-devel \ - bzip2 \ - nasm \ - && yum clean all && \ - rm -rf /var/cache/yum diff -pruN 4.14.3+32-g9de3671772-1/automation/build/centos/7.2.dockerfile 4.16.1-1/automation/build/centos/7.2.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/centos/7.2.dockerfile 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/build/centos/7.2.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -26,6 +26,7 @@ RUN rpm --rebuilddb && \ python-devel \ libuuid-devel \ pkgconfig \ + # gettext for Xen < 4.13 gettext \ flex \ bison \ @@ -34,6 +35,7 @@ RUN rpm --rebuilddb && \ yajl-devel \ pixman-devel \ glibc-devel \ + # glibc-devel.i686 for Xen < 4.15 glibc-devel.i686 \ make \ binutils \ diff -pruN 4.14.3+32-g9de3671772-1/automation/build/centos/7.dockerfile 4.16.1-1/automation/build/centos/7.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/centos/7.dockerfile 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/build/centos/7.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -24,6 +24,7 @@ RUN yum -y install \ python-devel \ libuuid-devel \ pkgconfig \ + # gettext for Xen < 4.13 gettext \ flex \ bison \ @@ -32,6 +33,7 @@ RUN yum -y install \ yajl-devel \ pixman-devel \ glibc-devel \ + # glibc-devel.i686 for Xen < 4.15 glibc-devel.i686 \ make \ binutils \ diff -pruN 4.14.3+32-g9de3671772-1/automation/build/debian/jessie.dockerfile 4.16.1-1/automation/build/debian/jessie.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/debian/jessie.dockerfile 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/build/debian/jessie.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -26,11 +26,13 @@ RUN apt-get update && \ pkg-config \ flex \ bison \ + # gettext for Xen < 4.13 gettext \ acpica-tools \ bin86 \ bcc \ liblzma-dev \ + # libc6-dev-i386 for Xen < 4.15 libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ diff -pruN 4.14.3+32-g9de3671772-1/automation/build/debian/jessie-i386.dockerfile 4.16.1-1/automation/build/debian/jessie-i386.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/debian/jessie-i386.dockerfile 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/build/debian/jessie-i386.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -28,6 +28,7 @@ RUN apt-get update && \ pkg-config \ flex \ bison \ + # gettext for Xen < 4.13 gettext \ acpica-tools \ bin86 \ diff -pruN 4.14.3+32-g9de3671772-1/automation/build/debian/stretch.dockerfile 4.16.1-1/automation/build/debian/stretch.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/debian/stretch.dockerfile 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/build/debian/stretch.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -27,11 +27,13 @@ RUN apt-get update && \ pkg-config \ flex \ bison \ + # gettext for Xen < 4.13 gettext \ acpica-tools \ bin86 \ bcc \ liblzma-dev \ + # libc6-dev-i386 for Xen < 4.15 libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ @@ -45,6 +47,8 @@ RUN apt-get update && \ nasm \ gnupg \ apt-transport-https \ + # for test phase, qemu-smoke-* jobs + qemu-system-x86 \ && \ apt-get autoremove -y && \ apt-get clean && \ diff -pruN 4.14.3+32-g9de3671772-1/automation/build/debian/stretch-i386.dockerfile 4.16.1-1/automation/build/debian/stretch-i386.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/debian/stretch-i386.dockerfile 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/build/debian/stretch-i386.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -29,6 +29,7 @@ RUN apt-get update && \ pkg-config \ flex \ bison \ + # gettext for Xen < 4.13 gettext \ acpica-tools \ bin86 \ diff -pruN 4.14.3+32-g9de3671772-1/automation/build/debian/unstable-arm32-gcc.dockerfile 4.16.1-1/automation/build/debian/unstable-arm32-gcc.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/debian/unstable-arm32-gcc.dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/automation/build/debian/unstable-arm32-gcc.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,24 @@ +FROM debian:unstable +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root +ENV CROSS_COMPILE /usr/bin/arm-linux-gnueabihf- + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + flex \ + bison \ + git \ + gcc-arm-linux-gnueabihf \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* + diff -pruN 4.14.3+32-g9de3671772-1/automation/build/debian/unstable-arm64v8.dockerfile 4.16.1-1/automation/build/debian/unstable-arm64v8.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/debian/unstable-arm64v8.dockerfile 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/build/debian/unstable-arm64v8.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -27,6 +27,7 @@ RUN apt-get update && \ pkg-config \ flex \ bison \ + # gettext for Xen < 4.13 gettext \ acpica-tools \ libfdt-dev \ diff -pruN 4.14.3+32-g9de3671772-1/automation/build/debian/unstable.dockerfile 4.16.1-1/automation/build/debian/unstable.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/debian/unstable.dockerfile 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/build/debian/unstable.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -27,11 +27,13 @@ RUN apt-get update && \ pkg-config \ flex \ bison \ + # gettext for Xen < 4.13 gettext \ acpica-tools \ bin86 \ bcc \ liblzma-dev \ + # libc6-dev-i386 for Xen < 4.15 libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ diff -pruN 4.14.3+32-g9de3671772-1/automation/build/debian/unstable-i386.dockerfile 4.16.1-1/automation/build/debian/unstable-i386.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/debian/unstable-i386.dockerfile 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/build/debian/unstable-i386.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -29,6 +29,7 @@ RUN apt-get update && \ pkg-config \ flex \ bison \ + # gettext for Xen < 4.13 gettext \ acpica-tools \ bin86 \ diff -pruN 4.14.3+32-g9de3671772-1/automation/build/fedora/29.dockerfile 4.16.1-1/automation/build/fedora/29.dockerfile --- 4.14.3+32-g9de3671772-1/automation/build/fedora/29.dockerfile 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/build/fedora/29.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -2,9 +2,6 @@ FROM fedora:29 LABEL maintainer.name="The Xen Project" \ maintainer.email="xen-devel@lists.xenproject.org" -RUN mkdir /build -WORKDIR /build - # install Xen depends RUN dnf -y install \ clang \ @@ -17,6 +14,7 @@ RUN dnf -y install \ python3-devel \ libuuid-devel \ pkgconfig \ + # gettext for Xen < 4.13 gettext \ flex \ bison \ @@ -25,6 +23,7 @@ RUN dnf -y install \ yajl-devel \ pixman-devel \ glibc-devel \ + # glibc-devel.i686 for Xen < 4.15 glibc-devel.i686 \ make \ binutils \ @@ -41,5 +40,11 @@ RUN dnf -y install \ ocaml \ ocaml-findlib \ golang \ + # QEMU + ninja-build \ && dnf clean all && \ rm -rf /var/cache/dnf + +RUN useradd --create-home user +USER user +WORKDIR /build diff -pruN 4.14.3+32-g9de3671772-1/automation/build/Makefile 4.16.1-1/automation/build/Makefile --- 4.14.3+32-g9de3671772-1/automation/build/Makefile 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/build/Makefile 2022-04-12 12:21:23.000000000 +0000 @@ -2,6 +2,7 @@ # the base of where these containers will appear REGISTRY := registry.gitlab.com/xen-project/xen CONTAINERS = $(subst .dockerfile,,$(wildcard */*.dockerfile)) +DOCKER_CMD ?= docker help: @echo "Builds containers for building Xen based on different distros" @@ -10,9 +11,9 @@ help: @echo "To push container builds, set the env var PUSH" %: %.dockerfile ## Builds containers - docker build -t $(REGISTRY)/$(@D):$(@F) -f $< $(&1 | tee qemu-smoke-arm64.log + dependencies: + - alpine-3.12-gcc-arm64 + - alpine-3.12-arm64-rootfs-export + - kernel-5.9.9-arm64-export + - qemu-system-aarch64-5.2.0-arm64-export + artifacts: + paths: + - smoke.serial + - '*.log' + when: always + tags: + - arm64 + except: + - master + - smoke + - /^coverity-tested\/.*/ + - /^stable-.*/ + +qemu-alpine-x86_64-gcc: + stage: test + image: registry.gitlab.com/xen-project/xen/${CONTAINER} + variables: + CONTAINER: debian:stretch + script: + - ./automation/scripts/qemu-alpine-x86_64.sh 2>&1 | tee qemu-smoke-x86_64.log + dependencies: + - alpine-3.12-gcc + - alpine-3.12-rootfs-export + - kernel-5.10.74-export + artifacts: + paths: + - smoke.serial + - '*.log' + when: always + tags: + - x86_64 + except: + - master + - smoke + - /^coverity-tested\/.*/ + - /^stable-.*/ + +qemu-smoke-arm64-gcc: + stage: test + image: registry.gitlab.com/xen-project/xen/${CONTAINER} + variables: + CONTAINER: debian:unstable-arm64v8 + script: + - ./automation/scripts/qemu-smoke-arm64.sh 2>&1 | tee qemu-smoke-arm64.log + dependencies: + - debian-unstable-gcc-arm64 + - kernel-5.9.9-arm64-export + - qemu-system-aarch64-5.2.0-arm64-export + artifacts: + paths: + - smoke.serial + - '*.log' + when: always + tags: + - arm64 + except: + - master + - smoke + - /^coverity-tested\/.*/ + - /^stable-.*/ + qemu-smoke-x86-64-gcc: stage: test image: registry.gitlab.com/xen-project/xen/${CONTAINER} diff -pruN 4.14.3+32-g9de3671772-1/automation/scripts/build 4.16.1-1/automation/scripts/build --- 4.14.3+32-g9de3671772-1/automation/scripts/build 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/scripts/build 2022-04-12 12:21:23.000000000 +0000 @@ -1,5 +1,7 @@ #!/bin/bash -ex +test -f /etc/os-release && cat "$_" + $CC --version # Express the compiler version as an integer. e.g. GCC 4.9.2 => 0x040902 @@ -10,9 +12,19 @@ cc-ver() # random config or default config if [[ "${RANDCONFIG}" == "y" ]]; then - make -C xen KCONFIG_ALLCONFIG=tools/kconfig/allrandom.config randconfig + make -j$(nproc) -C xen KCONFIG_ALLCONFIG=tools/kconfig/allrandom.config randconfig + hypervisor_only="y" else - make -C xen defconfig + make -j$(nproc) -C xen defconfig +fi + +# Save the config file before building because build failure causes the script +# to exit early -- bash is invoked with -e. +cp xen/.config xen-config + +# arm32 only cross-compiles the hypervisor +if [[ "${XEN_TARGET_ARCH}" = "arm32" ]]; then + hypervisor_only="y" fi # build up our configure options @@ -28,8 +40,16 @@ if [[ "${CC}" == "clang"* ]]; then cfgargs+=("--disable-stubdom") fi -# Qemu requires Python 3.5 or later -if ! type python3 || python3 -c "import sys; res = sys.version_info < (3, 5); exit(not(res))"; then +if ! test -z "$(ldd /bin/ls|grep musl|head -1)"; then + # disable --disable-werror for QEMUU when building with MUSL + cfgargs+=("--with-extra-qemuu-configure-args=\"--disable-werror\"") + # SeaBIOS doesn't build on MUSL systems + cfgargs+=("--with-system-seabios=/bin/false") +fi + +# Qemu requires Python 3.5 or later, and ninja +if ! type python3 || python3 -c "import sys; res = sys.version_info < (3, 5); exit(not(res))" \ + || ! type ninja; then cfgargs+=("--with-system-qemu=/bin/false") fi @@ -38,15 +58,26 @@ if [[ "${CC}" == "gcc" && `cc-ver` -lt 0 cfgargs+=("--with-system-seabios=/bin/false") fi -./configure "${cfgargs[@]}" - -make -j$(nproc) dist +if [[ "${hypervisor_only}" == "y" ]]; then + make -j$(nproc) xen +else + ./configure "${cfgargs[@]}" + make -j$(nproc) dist +fi # Extract artifacts to avoid getting rewritten by customised builds -cp xen/.config xen-config mkdir binaries -if [[ "${XEN_TARGET_ARCH}" == "x86_64" ]]; then +if [[ "${XEN_TARGET_ARCH}" != "x86_32" ]]; then cp xen/xen binaries/xen + if [[ "${hypervisor_only}" != "y" ]]; then + cp -r dist binaries/ + fi +fi + +if [[ "${hypervisor_only}" == "y" ]]; then + # If we are build testing a specific Kconfig exit now, there's no point in + # testing all the possible configs. + exit 0 fi # Build all the configs we care about diff -pruN 4.14.3+32-g9de3671772-1/automation/scripts/containerize 4.16.1-1/automation/scripts/containerize --- 4.14.3+32-g9de3671772-1/automation/scripts/containerize 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/scripts/containerize 2022-04-12 12:21:23.000000000 +0000 @@ -7,7 +7,7 @@ # and /etc/subgid. # docker_cmd=${DOCKER_CMD:-"docker"} -[ "$DOCKER_CMD" = "podman" ] && userns_podman="--userns=keep-id" +[ "$DOCKER_CMD" = "podman" ] && userns_podman="--userns=keep-id" selinux=",z" einfo() { echo "$*" >&2 @@ -24,11 +24,13 @@ die() { # BASE="registry.gitlab.com/xen-project/xen" case "_${CONTAINER}" in + _alpine) CONTAINER="${BASE}/alpine:3.12" ;; _archlinux|_arch) CONTAINER="${BASE}/archlinux:current" ;; - _centos6) CONTAINER="${BASE}/centos:6" ;; + _riscv64) CONTAINER="${BASE}/archlinux:riscv64" ;; _centos7) CONTAINER="${BASE}/centos:7" ;; _centos72) CONTAINER="${BASE}/centos:7.2" ;; _fedora) CONTAINER="${BASE}/fedora:29";; + _focal) CONTAINER="${BASE}/ubuntu:focal" ;; _jessie) CONTAINER="${BASE}/debian:jessie" ;; _stretch|_) CONTAINER="${BASE}/debian:stretch" ;; _unstable|_) CONTAINER="${BASE}/debian:unstable" ;; @@ -45,10 +47,10 @@ case "_${CONTAINER_UID0}" in esac # Save the commands for future use -cmd=$@ +cmd=("$@") # If no command was specified, just drop us into a shell if we're interactive -[ $# -eq 0 ] && tty -s && cmd="/bin/bash" +[ $# -eq 0 ] && tty -s && cmd=("/bin/bash") # Are we in an interactive terminal? tty -s && termint=t @@ -95,11 +97,11 @@ einfo "*** Launching container ..." exec ${docker_cmd} run \ ${userarg} \ ${SSH_AUTH_SOCK:+-e SSH_AUTH_SOCK="/tmp/ssh-agent/${SSH_AUTH_NAME}"} \ - -v "${CONTAINER_PATH}":/build:rw \ + -v "${CONTAINER_PATH}":/build:rw${selinux} \ -v "${HOME}/.ssh":/root/.ssh:ro \ - ${SSH_AUTH_DIR:+-v "${SSH_AUTH_DIR}":/tmp/ssh-agent} \ + ${SSH_AUTH_DIR:+-v "${SSH_AUTH_DIR}":/tmp/ssh-agent${selinux}} \ ${XEN_CONFIG_EXPERT:+-e XEN_CONFIG_EXPERT=${XEN_CONFIG_EXPERT}} \ ${CONTAINER_ARGS} \ -${termint}i --rm -- \ ${CONTAINER} \ - ${cmd} + "${cmd[@]}" diff -pruN 4.14.3+32-g9de3671772-1/automation/scripts/qemu-alpine-arm64.sh 4.16.1-1/automation/scripts/qemu-alpine-arm64.sh --- 4.14.3+32-g9de3671772-1/automation/scripts/qemu-alpine-arm64.sh 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/automation/scripts/qemu-alpine-arm64.sh 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,120 @@ +#!/bin/bash + +set -ex + +apt-get -qy update +apt-get -qy install --no-install-recommends u-boot-qemu \ + u-boot-tools \ + device-tree-compiler \ + cpio \ + curl \ + busybox-static + +# DomU Busybox +cd binaries +mkdir -p initrd +mkdir -p initrd/bin +mkdir -p initrd/sbin +mkdir -p initrd/etc +mkdir -p initrd/dev +mkdir -p initrd/proc +mkdir -p initrd/sys +mkdir -p initrd/lib +mkdir -p initrd/var +mkdir -p initrd/mnt +cp /bin/busybox initrd/bin/busybox +initrd/bin/busybox --install initrd/bin +echo "#!/bin/sh + +mount -t proc proc /proc +mount -t sysfs sysfs /sys +mount -t devtmpfs devtmpfs /dev +/bin/sh" > initrd/init +chmod +x initrd/init +cd initrd +find . | cpio --create --format='newc' | gzip > ../initrd.cpio.gz +cd .. + +mkdir -p rootfs +cd rootfs +tar xvzf ../initrd.tar.gz +mkdir proc +mkdir run +mkdir srv +mkdir sys +rm var/run +cp -ar ../dist/install/* . +mv ../initrd.cpio.gz ./root +cp ../Image ./root +echo "name=\"test\" +memory=512 +vcpus=1 +kernel=\"/root/Image\" +ramdisk=\"/root/initrd.cpio.gz\" +extra=\"console=hvc0 root=/dev/ram0 rdinit=/bin/sh\" +" > root/test.cfg +echo "#!/bin/bash + +export LD_LIBRARY_PATH=/usr/local/lib +bash /etc/init.d/xencommons start + +xl list + +xl create -c /root/test.cfg + +" > etc/local.d/xen.start +chmod +x etc/local.d/xen.start +echo "rc_verbose=yes" >> etc/rc.conf +find . |cpio -H newc -o|gzip > ../xen-rootfs.cpio.gz +cd ../.. + +# XXX QEMU looks for "efi-virtio.rom" even if it is unneeded +curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom +./binaries/qemu-system-aarch64 \ + -machine virtualization=true \ + -cpu cortex-a57 -machine type=virt \ + -m 1024 -display none \ + -machine dumpdtb=binaries/virt-gicv3.dtb +# XXX disable pl061 to avoid Linux crash +dtc -I dtb -O dts binaries/virt-gicv3.dtb > binaries/virt-gicv3.dts +sed 's/compatible = "arm,pl061.*/status = "disabled";/g' binaries/virt-gicv3.dts > binaries/virt-gicv3-edited.dts +dtc -I dts -O dtb binaries/virt-gicv3-edited.dts > binaries/virt-gicv3.dtb + +# ImageBuilder +echo 'MEMORY_START="0x40000000" +MEMORY_END="0x80000000" + +DEVICE_TREE="virt-gicv3.dtb" +XEN="xen" +DOM0_KERNEL="Image" +DOM0_RAMDISK="xen-rootfs.cpio.gz" +XEN_CMD="console=dtuart dom0_mem=1024M" + +NUM_DOMUS=0 + +LOAD_CMD="tftpb" +UBOOT_SOURCE="boot.source" +UBOOT_SCRIPT="boot.scr"' > binaries/config +rm -rf imagebuilder +git clone https://gitlab.com/ViryaOS/imagebuilder +bash imagebuilder/scripts/uboot-script-gen -t tftp -d binaries/ -c binaries/config + + +# Run the test +rm -f smoke.serial +set +e +echo " virtio scan; dhcp; tftpb 0x40000000 boot.scr; source 0x40000000"| \ +timeout -k 1 720 \ +./binaries/qemu-system-aarch64 \ + -machine virtualization=true \ + -cpu cortex-a57 -machine type=virt \ + -m 2048 -monitor none -serial stdio \ + -smp 2 \ + -no-reboot \ + -device virtio-net-pci,netdev=n0 \ + -netdev user,id=n0,tftp=binaries \ + -bios /usr/lib/u-boot/qemu_arm64/u-boot.bin |& tee smoke.serial + +set -e +(grep -q "Domain-0" smoke.serial && grep -q "BusyBox" smoke.serial) || exit 1 +exit 0 diff -pruN 4.14.3+32-g9de3671772-1/automation/scripts/qemu-alpine-x86_64.sh 4.16.1-1/automation/scripts/qemu-alpine-x86_64.sh --- 4.14.3+32-g9de3671772-1/automation/scripts/qemu-alpine-x86_64.sh 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/automation/scripts/qemu-alpine-x86_64.sh 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,95 @@ +#!/bin/bash + +set -ex + +apt-get -qy update +apt-get -qy install --no-install-recommends cpio \ + busybox-static + +# DomU Busybox +cd binaries +mkdir -p initrd +mkdir -p initrd/bin +mkdir -p initrd/sbin +mkdir -p initrd/etc +mkdir -p initrd/dev +mkdir -p initrd/proc +mkdir -p initrd/sys +mkdir -p initrd/lib +mkdir -p initrd/var +mkdir -p initrd/mnt +cp /bin/busybox initrd/bin/busybox +initrd/bin/busybox --install initrd/bin +echo "#!/bin/sh + +mount -t proc proc /proc +mount -t sysfs sysfs /sys +mount -t devtmpfs devtmpfs /dev +/bin/sh" > initrd/init +chmod +x initrd/init +# DomU rootfs +cd initrd +find . | cpio --create --format='newc' | gzip > ../initrd.cpio.gz +cd .. + +# initrd.tar.gz is Dom0 rootfs +mkdir -p rootfs +cd rootfs +tar xvzf ../initrd.tar.gz +mkdir proc +mkdir run +mkdir srv +mkdir sys +rm var/run +cp -ar ../dist/install/* . +mv ../initrd.cpio.gz ./root +cp ../bzImage ./root +echo "name=\"test\" +memory=512 +vcpus=1 +kernel=\"/root/bzImage\" +ramdisk=\"/root/initrd.cpio.gz\" +extra=\"console=hvc0 root=/dev/ram0 rdinit=/bin/sh\" +" > root/test.cfg +echo "#!/bin/bash + +set -x + +export LD_LIBRARY_PATH=/usr/local/lib +bash /etc/init.d/xencommons start + +xl list + +xl create -c /root/test.cfg + +" > etc/local.d/xen.start +chmod +x etc/local.d/xen.start +echo "rc_verbose=yes" >> etc/rc.conf +# rebuild Dom0 rootfs +find . |cpio -H newc -o|gzip > ../xen-rootfs.cpio.gz +cd ../.. + +cat >> binaries/pxelinux.0 << EOF +#!ipxe + +kernel xen console=com1 +module bzImage console=hvc0 +module xen-rootfs.cpio.gz +boot +EOF + +# Run the test +rm -f smoke.serial +set +e +timeout -k 1 720 \ +qemu-system-x86_64 \ + -cpu qemu64,+svm \ + -m 2G -smp 2 \ + -monitor none -serial stdio \ + -nographic \ + -device virtio-net-pci,netdev=n0 \ + -netdev user,id=n0,tftp=binaries,bootfile=/pxelinux.0 |& tee smoke.serial + +set -e +(grep -q "Domain-0" smoke.serial && grep -q "BusyBox" smoke.serial) || exit 1 +exit 0 diff -pruN 4.14.3+32-g9de3671772-1/automation/scripts/qemu-smoke-arm64.sh 4.16.1-1/automation/scripts/qemu-smoke-arm64.sh --- 4.14.3+32-g9de3671772-1/automation/scripts/qemu-smoke-arm64.sh 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/automation/scripts/qemu-smoke-arm64.sh 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,93 @@ +#!/bin/bash + +set -ex + +# Install QEMU +export DEBIAN_FRONTENT=noninteractive +apt-get -qy update +apt-get -qy install --no-install-recommends u-boot-qemu \ + u-boot-tools \ + device-tree-compiler \ + busybox-static \ + cpio \ + curl + +# XXX QEMU looks for "efi-virtio.rom" even if it is unneeded +curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom +./binaries/qemu-system-aarch64 \ + -machine virtualization=true \ + -cpu cortex-a57 -machine type=virt \ + -m 1024 -display none \ + -machine dumpdtb=binaries/virt-gicv3.dtb +# XXX disable pl061 to avoid Linux crash +dtc -I dtb -O dts binaries/virt-gicv3.dtb > binaries/virt-gicv3.dts +sed 's/compatible = "arm,pl061.*/status = "disabled";/g' binaries/virt-gicv3.dts > binaries/virt-gicv3-edited.dts +dtc -I dts -O dtb binaries/virt-gicv3-edited.dts > binaries/virt-gicv3.dtb + + +# Busybox Dom0 +mkdir -p initrd +mkdir -p initrd/bin +mkdir -p initrd/sbin +mkdir -p initrd/etc +mkdir -p initrd/dev +mkdir -p initrd/proc +mkdir -p initrd/sys +mkdir -p initrd/lib +mkdir -p initrd/var +mkdir -p initrd/mnt +cp /bin/busybox initrd/bin/busybox +initrd/bin/busybox --install initrd/bin +echo "#!/bin/sh + +mount -t proc proc /proc +mount -t sysfs sysfs /sys +mount -t devtmpfs devtmpfs /dev +/bin/sh" > initrd/init +chmod +x initrd/init +cd initrd +find . | cpio --create --format='newc' | gzip > ../binaries/initrd +cd .. + + +# ImageBuilder +echo 'MEMORY_START="0x40000000" +MEMORY_END="0x80000000" + +DEVICE_TREE="virt-gicv3.dtb" +XEN="xen" +DOM0_KERNEL="Image" +DOM0_RAMDISK="initrd" +XEN_CMD="console=dtuart dom0_mem=512M" + +NUM_DOMUS=1 +DOMU_KERNEL[0]="Image" +DOMU_RAMDISK[0]="initrd" +DOMU_MEM[0]="256" + +LOAD_CMD="tftpb" +UBOOT_SOURCE="boot.source" +UBOOT_SCRIPT="boot.scr"' > binaries/config +rm -rf imagebuilder +git clone https://gitlab.com/ViryaOS/imagebuilder +bash imagebuilder/scripts/uboot-script-gen -t tftp -d binaries/ -c binaries/config + + +# Run the test +rm -f smoke.serial +set +e +echo " virtio scan; dhcp; tftpb 0x40000000 boot.scr; source 0x40000000"| \ +timeout -k 1 240 \ +./binaries/qemu-system-aarch64 \ + -machine virtualization=true \ + -cpu cortex-a57 -machine type=virt \ + -m 1024 -monitor none -serial stdio \ + -smp 2 \ + -no-reboot \ + -device virtio-net-pci,netdev=n0 \ + -netdev user,id=n0,tftp=binaries \ + -bios /usr/lib/u-boot/qemu_arm64/u-boot.bin |& tee smoke.serial + +set -e +(grep -q "^BusyBox" smoke.serial && grep -q "DOM1: BusyBox" smoke.serial) || exit 1 +exit 0 diff -pruN 4.14.3+32-g9de3671772-1/automation/scripts/qemu-smoke-x86-64.sh 4.16.1-1/automation/scripts/qemu-smoke-x86-64.sh --- 4.14.3+32-g9de3671772-1/automation/scripts/qemu-smoke-x86-64.sh 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/automation/scripts/qemu-smoke-x86-64.sh 2022-04-12 12:21:23.000000000 +0000 @@ -5,18 +5,13 @@ set -ex # variant should be either pv or pvh variant=$1 -# Install QEMU -export DEBIAN_FRONTENT=noninteractive -apt-get -qy update -apt-get -qy install qemu-system-x86 - # Clone and build XTF git clone https://xenbits.xen.org/git-http/xtf.git cd xtf && make -j$(nproc) && cd - case $variant in - pvh) k=test-hvm32pae-example extra="dom0-iommu=none dom0=pvh" ;; - *) k=test-pv32pae-example extra= ;; + pvh) k=test-hvm64-example extra="dom0-iommu=none dom0=pvh" ;; + *) k=test-pv64-example extra= ;; esac rm -f smoke.serial diff -pruN 4.14.3+32-g9de3671772-1/automation/tests-artifacts/alpine/3.12-arm64v8.dockerfile 4.16.1-1/automation/tests-artifacts/alpine/3.12-arm64v8.dockerfile --- 4.14.3+32-g9de3671772-1/automation/tests-artifacts/alpine/3.12-arm64v8.dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/automation/tests-artifacts/alpine/3.12-arm64v8.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,68 @@ +FROM arm64v8/alpine:3.12 +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV USER root + +RUN mkdir /build +WORKDIR /build + +RUN \ + # apk + apk update && \ + \ + # xen runtime deps + apk add musl && \ + apk add openrc && \ + apk add busybox && \ + apk add sudo && \ + apk add dbus && \ + apk add bash && \ + apk add python2 && \ + # gettext for Xen < 4.13 + apk add gettext && \ + apk add zlib && \ + apk add ncurses && \ + apk add texinfo && \ + apk add yajl && \ + apk add libaio && \ + apk add xz-dev && \ + apk add util-linux && \ + apk add argp-standalone && \ + apk add libfdt && \ + apk add glib && \ + apk add pixman && \ + apk add curl && \ + apk add udev && \ + \ + # Xen + cd / && \ + # Minimal ramdisk environment in case of cpio output + rc-update add udev && \ + rc-update add udev-trigger && \ + rc-update add udev-settle && \ + rc-update add networking sysinit && \ + rc-update add loopback sysinit && \ + rc-update add bootmisc boot && \ + rc-update add devfs sysinit && \ + rc-update add dmesg sysinit && \ + rc-update add hostname boot && \ + rc-update add hwclock boot && \ + rc-update add hwdrivers sysinit && \ + rc-update add killprocs shutdown && \ + rc-update add modloop sysinit && \ + rc-update add modules boot && \ + rc-update add mount-ro shutdown && \ + rc-update add savecache shutdown && \ + rc-update add sysctl boot && \ + rc-update add local default && \ + cp -a /sbin/init /init && \ + echo "ttyS0" >> /etc/securetty && \ + echo "hvc0" >> /etc/securetty && \ + echo "ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100" >> /etc/inittab && \ + echo "hvc0::respawn:/sbin/getty -L hvc0 115200 vt100" >> /etc/inittab && \ + passwd -d "root" root && \ + \ + # Create rootfs + cd / && \ + tar cvzf /initrd.tar.gz bin dev etc home init lib mnt opt root sbin usr var diff -pruN 4.14.3+32-g9de3671772-1/automation/tests-artifacts/alpine/3.12.dockerfile 4.16.1-1/automation/tests-artifacts/alpine/3.12.dockerfile --- 4.14.3+32-g9de3671772-1/automation/tests-artifacts/alpine/3.12.dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/automation/tests-artifacts/alpine/3.12.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,66 @@ +FROM alpine:3.12 +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV USER root + +RUN mkdir /build +WORKDIR /build + +RUN \ + # apk + apk update && \ + \ + # xen runtime deps + apk add musl && \ + apk add openrc && \ + apk add busybox && \ + apk add sudo && \ + apk add dbus && \ + apk add bash && \ + apk add python2 && \ + apk add zlib && \ + apk add ncurses && \ + apk add texinfo && \ + apk add yajl && \ + apk add libaio && \ + apk add xz-dev && \ + apk add util-linux && \ + apk add argp-standalone && \ + apk add libfdt && \ + apk add glib && \ + apk add pixman && \ + apk add curl && \ + apk add udev && \ + \ + # Xen + cd / && \ + # Minimal ramdisk environment in case of cpio output + rc-update add udev && \ + rc-update add udev-trigger && \ + rc-update add udev-settle && \ + rc-update add networking sysinit && \ + rc-update add loopback sysinit && \ + rc-update add bootmisc boot && \ + rc-update add devfs sysinit && \ + rc-update add dmesg sysinit && \ + rc-update add hostname boot && \ + rc-update add hwclock boot && \ + rc-update add hwdrivers sysinit && \ + rc-update add killprocs shutdown && \ + rc-update add modloop sysinit && \ + rc-update add modules boot && \ + rc-update add mount-ro shutdown && \ + rc-update add savecache shutdown && \ + rc-update add sysctl boot && \ + rc-update add local default && \ + cp -a /sbin/init /init && \ + echo "ttyS0" >> /etc/securetty && \ + echo "hvc0" >> /etc/securetty && \ + echo "ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100" >> /etc/inittab && \ + echo "hvc0::respawn:/sbin/getty -L hvc0 115200 vt100" >> /etc/inittab && \ + passwd -d "root" root && \ + \ + # Create rootfs + cd / && \ + tar cvzf /initrd.tar.gz bin dev etc home init lib mnt opt root sbin usr var diff -pruN 4.14.3+32-g9de3671772-1/automation/tests-artifacts/kernel/5.10.74.dockerfile 4.16.1-1/automation/tests-artifacts/kernel/5.10.74.dockerfile --- 4.14.3+32-g9de3671772-1/automation/tests-artifacts/kernel/5.10.74.dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/automation/tests-artifacts/kernel/5.10.74.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,38 @@ +FROM debian:unstable +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV LINUX_VERSION=5.10.74 +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + libssl-dev \ + bc \ + curl \ + flex \ + bison \ + libelf-dev \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* + +# Build the kernel +RUN curl -fsSLO https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-"$LINUX_VERSION".tar.xz && \ + tar xvJf linux-"$LINUX_VERSION".tar.xz && \ + cd linux-"$LINUX_VERSION" && \ + make defconfig && \ + make xen.config && \ + cp .config .config.orig && \ + cat .config.orig | grep XEN | grep =m |sed 's/=m/=y/g' >> .config && \ + make -j$(nproc) bzImage && \ + cp arch/x86/boot/bzImage / && \ + cd /build && \ + rm -rf linux-"$LINUX_VERSION"* diff -pruN 4.14.3+32-g9de3671772-1/automation/tests-artifacts/kernel/5.9.9-arm64v8.dockerfile 4.16.1-1/automation/tests-artifacts/kernel/5.9.9-arm64v8.dockerfile --- 4.14.3+32-g9de3671772-1/automation/tests-artifacts/kernel/5.9.9-arm64v8.dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/automation/tests-artifacts/kernel/5.9.9-arm64v8.dockerfile 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,34 @@ +FROM arm64v8/debian:unstable +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV LINUX_VERSION=5.9.9 +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + libssl-dev \ + bc \ + curl \ + flex \ + bison \ + && \ + \ + # Build the kernel + curl -fsSLO https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-"$LINUX_VERSION".tar.xz && \ + tar xvJf linux-"$LINUX_VERSION".tar.xz && \ + cd linux-"$LINUX_VERSION" && \ + make defconfig && \ + make -j$(nproc) Image.gz && \ + cp arch/arm64/boot/Image / && \ + cd /build && \ + rm -rf linux-"$LINUX_VERSION"* && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff -pruN 4.14.3+32-g9de3671772-1/automation/tests-artifacts/Makefile 4.16.1-1/automation/tests-artifacts/Makefile --- 4.14.3+32-g9de3671772-1/automation/tests-artifacts/Makefile 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/automation/tests-artifacts/Makefile 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,19 @@ + +# the base of where these containers will appear +REGISTRY := registry.gitlab.com/xen-project/xen/tests-artifacts +CONTAINERS = $(subst .dockerfile,,$(wildcard */*.dockerfile)) + +help: + @echo "Containers to build and export tests artifacts." + @echo "To build one run 'make ARTIFACT/VERSION'. Available containers:" + @$(foreach file,$(sort $(CONTAINERS)),echo ${file};) + @echo "To push container builds, set the env var PUSH" + +%: %.dockerfile ## Builds containers + docker build -t $(REGISTRY)/$(@D):$(@F) -f $< $($@.tmp && mv -f $@.tmp $@ + sed "s!\(^\| \)$$PWD/! !" $^ >$@.tmp && mv -f $@.tmp $@ include $(XEN_ROOT)/config/$(XEN_OS).mk include $(XEN_ROOT)/config/$(XEN_TARGET_ARCH).mk @@ -91,7 +91,7 @@ PYTHON_PREFIX_ARG ?= --prefix="$(prefix) # # Usage: cflags-y += $(call cc-option,$(CC),-march=winchip-c6,-march=i586) cc-option = $(shell if test -z "`echo 'void*p=1;' | \ - $(1) $(2) -S -o /dev/null -x c - 2>&1 | grep -- $(2) -`"; \ + $(1) $(2) -c -o /dev/null -x c - 2>&1 | grep -- $(2:-Wa$(comma)%=%) -`"; \ then echo "$(2)"; else echo "$(3)"; fi ;) # cc-option-add: Add an option to compilation flags, but only if supported. @@ -137,12 +137,6 @@ export XEN_HAS_BUILD_ID=y build_id_linker := --build-id=sha1 endif -ifndef XEN_HAS_CHECKPOLICY - CHECKPOLICY ?= checkpolicy - XEN_HAS_CHECKPOLICY := $(shell $(CHECKPOLICY) -h 2>&1 | grep -q xen && echo y || echo n) - export XEN_HAS_CHECKPOLICY -endif - define buildmakevars2shellvars export PREFIX="$(prefix)"; \ export XEN_SCRIPT_DIR="$(XEN_SCRIPT_DIR)"; \ @@ -205,7 +199,6 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_I EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables -EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on @@ -244,16 +237,16 @@ QEMU_TRADITIONAL_URL ?= git://xenbits.xe SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif -OVMF_UPSTREAM_REVISION ?= 20d2e5a125e34fc8501026613a71549b2a1a3e54 -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.14.3 -MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.14.3 +OVMF_UPSTREAM_REVISION ?= 7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5 +QEMU_UPSTREAM_REVISION ?= qemu-xen-4.16.1 +MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.16.1 -SEABIOS_UPSTREAM_REVISION ?= rel-1.13.0 +SEABIOS_UPSTREAM_REVISION ?= rel-1.14.0 ETHERBOOT_NICS ?= rtl8139 8086100e -QEMU_TRADITIONAL_REVISION ?= xen-4.14.3 +QEMU_TRADITIONAL_REVISION ?= xen-4.16.1 # Specify which qemu-dm to use. This may be `ioemu' to use the old # Mercurial in-tree version, or a local directory, or a git URL. diff -pruN 4.14.3+32-g9de3671772-1/configure 4.16.1-1/configure --- 4.14.3+32-g9de3671772-1/configure 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/configure 2022-04-12 12:21:23.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Xen Hypervisor 4.14. +# Generated by GNU Autoconf 2.69 for Xen Hypervisor 4.16. # # Report bugs to . # @@ -579,8 +579,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='Xen Hypervisor' PACKAGE_TARNAME='xen' -PACKAGE_VERSION='4.14' -PACKAGE_STRING='Xen Hypervisor 4.14' +PACKAGE_VERSION='4.16' +PACKAGE_STRING='Xen Hypervisor 4.16' PACKAGE_BUGREPORT='xen-devel@lists.xen.org' PACKAGE_URL='https://www.xen.org/' @@ -599,10 +599,7 @@ DEBUG_DIR XEN_DUMP_DIR XEN_PAGING_DIR XEN_LOCK_DIR -XEN_SCRIPT_DIR -XEN_CONFIG_DIR INITD_DIR -CONFIG_DIR SHAREDIR XEN_LIB_DIR XEN_RUN_STORED @@ -614,7 +611,10 @@ LIBEXEC_INC LIBEXEC_LIB LIBEXEC_BIN LIBEXEC +XEN_SCRIPT_DIR CONFIG_LEAF_DIR +XEN_CONFIG_DIR +CONFIG_DIR XENSTORED_PORT XENSTORED_KVA host_os @@ -670,6 +670,7 @@ enable_option_checking with_initddir with_sysconfig_leaf_dir with_libexec_leaf_dir +with_xen_scriptdir with_xen_dumpdir with_rundir with_debugdir @@ -1235,7 +1236,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Xen Hypervisor 4.14 to adapt to many kinds of systems. +\`configure' configures Xen Hypervisor 4.16 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1301,7 +1302,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Xen Hypervisor 4.14:";; + short | recursive ) echo "Configuration of Xen Hypervisor 4.16:";; esac cat <<\_ACEOF @@ -1328,6 +1329,9 @@ Optional Packages: "default". [sysconfig] --with-libexec-leaf-dir=SUBDIR Name of subdirectory in libexecdir to use. + --with-xen-scriptdir=DIR + Path to directory for dom0 hotplug scripts. + [SYSCONFDIR/xen/scripts] --with-xen-dumpdir=DIR Path to directory for domU crash dumps. [LOCALSTATEDIR/lib/xen/dump] --with-rundir=DIR Path to directory for runtime data. @@ -1399,7 +1403,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Xen Hypervisor configure 4.14 +Xen Hypervisor configure 4.16 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1416,7 +1420,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Xen Hypervisor $as_me 4.14, which was +It was created by Xen Hypervisor $as_me 4.16, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -1936,6 +1940,12 @@ if test "x$sysconfdir" = 'x${prefix}/etc esac fi +CONFIG_DIR=$sysconfdir + + +XEN_CONFIG_DIR=$CONFIG_DIR/xen + + # Check whether --with-initddir was given. if test "${with_initddir+set}" = set; then : @@ -1978,6 +1988,17 @@ fi +# Check whether --with-xen-scriptdir was given. +if test "${with_xen_scriptdir+set}" = set; then : + withval=$with_xen_scriptdir; xen_scriptdir_path=$withval +else + xen_scriptdir_path=$XEN_CONFIG_DIR/scripts +fi + +XEN_SCRIPT_DIR=$xen_scriptdir_path + + + # Check whether --with-xen-dumpdir was given. if test "${with_xen_dumpdir+set}" = set; then : withval=$with_xen_dumpdir; xen_dumpdir_path=$withval @@ -2042,21 +2063,12 @@ XEN_LIB_DIR=$localstatedir/lib/xen SHAREDIR=$prefix/share -CONFIG_DIR=$sysconfdir - - INITD_DIR=$initddir_path -XEN_CONFIG_DIR=$CONFIG_DIR/xen - - -XEN_SCRIPT_DIR=$XEN_CONFIG_DIR/scripts - - case "$host_os" in *freebsd*) XEN_LOCK_DIR=$localstatedir/lib ;; -*netbsd*) XEN_LOCK_DIR=$localstatedir/lib ;; +*netbsd*) XEN_LOCK_DIR=$rundir_path ;; *) XEN_LOCK_DIR=$localstatedir/lock ;; esac @@ -2856,7 +2868,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_wri # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Xen Hypervisor $as_me 4.14, which was +This file was extended by Xen Hypervisor $as_me 4.16, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -2910,7 +2922,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Xen Hypervisor config.status 4.14 +Xen Hypervisor config.status 4.16 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -pruN 4.14.3+32-g9de3671772-1/debian/changelog 4.16.1-1/debian/changelog --- 4.14.3+32-g9de3671772-1/debian/changelog 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/changelog 2022-05-09 20:29:23.000000000 +0000 @@ -1,3 +1,127 @@ +xen (4.16.1-1) unstable; urgency=medium + + * Update to new upstream version 4.16.1, which also contains security fixes + for the following issues: + - Racy interactions between dirty vram tracking and paging log dirty + hypercalls + XSA-397 CVE-2022-26356 + - Multiple speculative security issues + XSA-398 (no CVE yet) + - race in VT-d domain ID cleanup + XSA-399 CVE-2022-26357 + - IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues + XSA-400 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 + * Note that the following XSA are not listed, because... + - XSA-396 has patches for the Linux kernel. + * Don't ship NEWS in libxen* packages. Instead, only ship relevant NEWS + items for actual hypervisor and/or utils packages they belong to. + (Closes: #962267) + * d/control: make xen-hypervisor-common arch specific, just like + xen-utils-common. + * d/control: stop recommending qemu-system-x86 on arm, because qemu is not + being built with xen support on arm... + * Add a patch for tools/libs/light/Makefile which prevents build.o and + build.opic to be rebuilt unneededly during the package install phase, + causing a FTBFS because it triggers the use of ccache, which is not + allowed in the install phase of building the Debian packages. + + Improvements related to Qemu integration: [Michael Tokarev] + * d/xen-utils-common.xen.init: properly disable qemu monitor/serial/parallel + devices for qemu started at boot. + * debian: switch from recommending qemu-system-x86 to qemu-system-xen and + mention this change in the NEWS file. + * Add patch "give meaningful error message if qemu device model is + unavailable" to give a useful error message only in case the domU needs + the qemu device model which is not installed, instead of giving a warning + about missing qemu even if it is not used by this domain. + + Documentation, grammar and spelling fixes and improvements: + * d/control: drop obsolete paragraph about separate xen linux kernel package + * d/control: Harmonize the capitalization of the 'Xen' word [Diederik de Haas] + * d/control: Improve spelling and grammar [Diederik de Haas]` + + -- Hans van Kranenburg Mon, 09 May 2022 22:29:23 +0200 + +xen (4.16.0+51-g0941d6cb-1) unstable; urgency=medium + + * Update to new upstream version 4.16.0+51-g0941d6cb, which also contains + security fixes for the following issues: + - arm: guest_physmap_remove_page not removing the p2m mappings + XSA-393 CVE-2022-23033 + - A PV guest could DoS Xen while unmapping a grant + XSA-394 CVE-2022-23034 + - Insufficient cleanup of passed-through device IRQs + XSA-395 CVE-2022-23035 + * Note that the following XSA are not listed, because... + - XSA-391 and XSA-392 have patches for the Linux kernel. + * Upload to unstable now, which obsoletes the Xen 4.14 FTBFS issue. + (Closes: #1002658) + + -- Hans van Kranenburg Sat, 19 Feb 2022 20:29:32 +0100 + +xen (4.16.0-1~exp1) experimental; urgency=medium + + Significant changes: + * Update to new upstream version 4.16.0. This also includes a security fix + for the following issue, which was not applicable to Xen 4.14 yet: + - certain VT-d IOMMUs may not work in shared page table mode + XSA-390 CVE-2021-28710 + * No longer build any package for the i386 architecture. It was already not + possible to use x86_32 hardware because the i386 packages already + shipped a 64-bit hypervisor and PV shim. Running 32-bit utils with a + 64-bit hypervisor requires using a compatibility layer that is fragile and + becomes harder to maintain and test upstream. This change ends the 'grace + period' in which users should have moved to using a fully 64-bit dom0. + - debian/{control,rules,salsa-ci.yml,xen-utils-V.install.vsn-in}: make the + necessary changes + - Remove the Recommends on libc6-xen, which already actually does not + exist any more. (Closes: #992909) + - Drop patch "tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc on + x86_32" because it is not relevant any more. + + Changes related to upgrading to Xen 4.16: + * debian/control: adjust to 4.16 [Maximilian Engelhardt] + * Drop patches that have been applied upstream + * Refresh remaining patches if needed + * debian: follow upstream removal of '.sh' suffix in xl bash_completion file + [Maximilian Engelhardt] + * debian/control, debian/libxenstore*: ship a libxenstore4 package instead + of libxenstore3.0, since upstream bumped the soname + [Maximilian Engelhardt] + + Packaging minor fixes and improvements [Maximilian Engelhardt]: + * debian/rules: set SOURCE_BASE_DIR to the top level build dir so that the + "Display Debian package version in hypervisor log" patch can use it. + * Add patch "xen/arch/x86: make objdump output user locale agnostic" to fix + reproducable builds. This patch will also be sent upstream. + * d/rules: remove reproducible=+fixfilepath from DEB_BUILD_MAINT_OPTIONS + * d/salsa-ci.yml: Explicitly set RELEASE variable to unstable + * d/salsa-ci.yml: disable cross building as it's currently not working + * debian: call update-grub when installing/removing xen-hypervisor-common + (Closes: #988901) + * debian: fix dependency generation for python after dh-python was fixed + first. (Closes: #976597) + * debian/rules: remove unused pybuild settings + + Packaging minor fixes and improvements: + * Improve patches for building the PV shim separately. This enables to + drop the extra Revert of an upstream commit that was done in + 4.14.0+80-gd101b417b7-1~exp1: + - Drop patch: Revert "pvshim: make PV shim build selectable from + configure" + - Update patch "[...] Respect caller's CONFIG_PV_SHIM" to follow moving + of a line to a different file + - Drop patch: "tools/firmware/Makefile: CONFIG_PV_SHIM: enable only on + x86_64" because that's now already the default upstream + * debian/control.md5sum: remove this obsolete file + * Merge patches "vif-common: disable handle_iptable" and + "t/h/L/vif-common.sh: fix handle_iptable return value" into a single + patch, since the latter was a fix for the first. + * debian/control: change the Uploaders email address for Ian Jackson, + since he does not work at Citrix any more now + + -- Hans van Kranenburg Mon, 17 Jan 2022 18:36:02 +0100 + xen (4.14.3+32-g9de3671772-1) unstable; urgency=medium * Update to new upstream version 4.14.3+32-g9de3671772, which also contains diff -pruN 4.14.3+32-g9de3671772-1/debian/control 4.16.1-1/debian/control --- 4.14.3+32-g9de3671772-1/debian/control 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/control 2022-05-09 20:29:23.000000000 +0000 @@ -1,7 +1,7 @@ Source: xen Priority: optional Maintainer: Debian Xen Team -Uploaders: Ian Jackson , Hans van Kranenburg +Uploaders: Ian Jackson , Hans van Kranenburg Section: admin Standards-Version: 4.5.0 Build-Depends: @@ -15,11 +15,11 @@ Build-Depends: python3-dev:any, libpython3-dev, dh-python, - bcc [i386 amd64], - gcc-multilib [i386 amd64], + bcc [amd64], + gcc-multilib [amd64], e2fslibs-dev, iasl, - seabios (>= 1.7.4-2~) [i386 amd64], + seabios (>= 1.7.4-2~) [amd64], libaio-dev, libfdt-dev [armhf arm64], libglib2.0-dev, @@ -39,7 +39,7 @@ Vcs-Browser: https://salsa.debian.org/xe Vcs-Git: https://salsa.debian.org/xen-team/debian-xen.git Package: xenstore-utils -Architecture: amd64 arm64 armhf i386 +Architecture: amd64 arm64 armhf Section: admin Depends: ${shlibs:Depends}, ${misc:Depends} Replaces: xen-utils-common (<= 4.11.1~pre+1.733450b39b-1~) @@ -60,7 +60,7 @@ Description: Xenstore command line utili Package: xen-utils-common Section: admin -Architecture: amd64 i386 armhf arm64 +Architecture: amd64 armhf arm64 Depends: lsb-base, udev, xenstore-utils, ${shlibs:Depends}, ${python3:Depends}, ${misc:Depends} Suggests: xen-doc @@ -73,7 +73,7 @@ Description: Xen administrative tools - Package: xen-hypervisor-common Section: kernel -Architecture: all +Architecture: amd64 armhf arm64 Depends: ${misc:Depends} Replaces: xen-hypervisor-4.8-amd64, xen-hypervisor-4.8-arm64, xen-hypervisor-4.8-armhf Description: Xen Hypervisor - common files @@ -86,9 +86,9 @@ Description: Xen Hypervisor - common fil Package: xen-doc Section: doc -Architecture: amd64 i386 armhf arm64 +Architecture: amd64 armhf arm64 Depends: ${misc:Depends} -Description: XEN documentation +Description: Xen documentation Documentation for the Xen hypervisor and surrounding software, including descriptions of the hypercall interfaces and of some of the library APIs. @@ -97,103 +97,91 @@ Description: XEN documentation Xen control utilities, as those are in the xen-utils-common package. # Yes, arch-specific. See xen-doc.lintian-overrides. -Package: xen-utils-4.14 +Package: xen-utils-4.16 Section: admin -Architecture: amd64 arm64 armhf i386 +Architecture: amd64 arm64 armhf Provides: xen-utils -Depends: ${shlibs:Depends}, ${misc:Depends}, python3, xen-utils-common (>= ${source:Version}) -Recommends: bridge-utils, libc6-xen [i386], xen-hypervisor-4.14, qemu-system-x86, grub-xen-host [i386 amd64] -Suggests: qemu-utils [i386 amd64], seabios [i386 amd64], ovmf -Description: XEN administrative tools - The userspace tools to manage a system virtualized through the XEN virtual +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}, xen-utils-common (>= ${source:Version}) +Recommends: bridge-utils, xen-hypervisor-4.16, qemu-system-xen (>> 1:7.0+dfsg-6~) [amd64], grub-xen-host [amd64] +Suggests: qemu-utils [amd64], seabios [amd64], ovmf +Description: Xen administrative tools + The userspace tools to manage a system virtualized through the Xen virtual machine monitor. . - qemu-utils and seabios are neded for "Xen HVM" (amd64 and i386) + qemu-utils and seabios are needed for "Xen HVM" (amd64) Built-Using: ${misc:Built-Using} -Package: xen-hypervisor-4.14-amd64 +Package: xen-hypervisor-4.16-amd64 Section: kernel -Architecture: amd64 i386 -Provides: xen-hypervisor, xen-hypervisor-4.14, xen-hypervisor-amd64 +Architecture: amd64 +Provides: xen-hypervisor, xen-hypervisor-4.16, xen-hypervisor-amd64 Depends: ${misc:Depends} -Recommends: xen-utils-4.14, xen-hypervisor-common +Recommends: xen-utils-4.16, xen-hypervisor-common Description: Xen Hypervisor on AMD64 - The hypervisor is the "core" for XEN itself. It gets booted by the boot + The hypervisor is the "core" for Xen itself. It gets started by the boot loader and controls cpu and memory, sharing them between your administrative domain (Domain 0) and the virtual guest systems. - . - In order to boot a XEN system along with this package you also need a - kernel specifically crafted to work as the Domain 0, mediating hardware - access for XEN itself. Package: xen-system-amd64 Section: admin -Architecture: amd64 i386 +Architecture: amd64 Provides: xen-system -Depends: xen-hypervisor-4.14-amd64, xen-hypervisor-common, xen-utils-4.14, ${misc:Depends} +Depends: xen-hypervisor-4.16-amd64, xen-hypervisor-common, xen-utils-4.16, ${misc:Depends} Description: Xen System on AMD64 (metapackage) This package depends on the latest Xen hypervisor for use on AMD64 and the Xen utils. -Package: xen-hypervisor-4.14-arm64 +Package: xen-hypervisor-4.16-arm64 Section: kernel Architecture: arm64 -Provides: xen-hypervisor, xen-hypervisor-4.14, xen-hypervisor-arm64 +Provides: xen-hypervisor, xen-hypervisor-4.16, xen-hypervisor-arm64 Depends: ${misc:Depends} -Recommends: xen-utils-4.14, xen-hypervisor-common +Recommends: xen-utils-4.16, xen-hypervisor-common Description: Xen Hypervisor on ARM64 - The hypervisor is the "core" for XEN itself. It gets booted by the boot + The hypervisor is the "core" for Xen itself. It gets started by the boot loader and controls cpu and memory, sharing them between your administrative domain (Domain 0) and the virtual guest systems. - . - In order to boot a XEN system along with this package you also need a - kernel specifically crafted to work as the Domain 0, mediating hardware - access for XEN itself. Package: xen-system-arm64 Section: admin Architecture: arm64 Provides: xen-system -Depends: xen-hypervisor-4.14-arm64, xen-hypervisor-common, xen-utils-4.14, ${misc:Depends} +Depends: xen-hypervisor-4.16-arm64, xen-hypervisor-common, xen-utils-4.16, ${misc:Depends} Description: Xen System on ARM64 (metapackage) This package depends on the latest Xen hypervisor for use on ARM64 and the Xen utils. -Package: xen-hypervisor-4.14-armhf +Package: xen-hypervisor-4.16-armhf Section: kernel Architecture: armhf -Provides: xen-hypervisor, xen-hypervisor-4.14, xen-hypervisor-armhf +Provides: xen-hypervisor, xen-hypervisor-4.16, xen-hypervisor-armhf Depends: ${misc:Depends} -Recommends: xen-utils-4.14, xen-hypervisor-common +Recommends: xen-utils-4.16, xen-hypervisor-common Description: Xen Hypervisor on ARMHF - The hypervisor is the "core" for XEN itself. It gets booted by the boot + The hypervisor is the "core" for Xen itself. It gets started by the boot loader and controls cpu and memory, sharing them between your administrative domain (Domain 0) and the virtual guest systems. - . - In order to boot a XEN system along with this package you also need a - kernel specifically crafted to work as the Domain 0, mediating hardware - access for XEN itself. Package: xen-system-armhf Section: admin Architecture: armhf Provides: xen-system -Depends: xen-hypervisor-4.14-armhf, xen-hypervisor-common, xen-utils-4.14, ${misc:Depends} +Depends: xen-hypervisor-4.16-armhf, xen-hypervisor-common, xen-utils-4.16, ${misc:Depends} Description: Xen System on ARMHF (metapackage) This package depends on the latest Xen hypervisor for use on ARMHF and the Xen utils. Package: libxen-dev Section: libdevel -Architecture: amd64 arm64 armhf i386 +Architecture: amd64 arm64 armhf Depends: ${shlibs:Depends}, ${misc:Depends}, - libxenmisc4.14 (= ${binary:Version}), + libxenmisc4.16 (= ${binary:Version}), libxencall1 (= ${binary:Version}), libxendevicemodel1 (= ${binary:Version}), libxenevtchn1 (= ${binary:Version}), libxenforeignmemory1 (= ${binary:Version}), libxengnttab1 (= ${binary:Version}), - libxenstore3.0 (= ${binary:Version}), + libxenstore4 (= ${binary:Version}), libxentoolcore1 (= ${binary:Version}), libxentoollog1 (= ${binary:Version}), libxenhypfs1 (= ${binary:Version}), @@ -211,9 +199,9 @@ Description: Public headers and libs for Most of the other included libraries are internal, and intended for use by the Xen toolstack, rather than directly. -Package: libxenmisc4.14 +Package: libxenmisc4.16 Section: libs -Architecture: amd64 arm64 armhf i386 +Architecture: amd64 arm64 armhf Depends: ${shlibs:Depends}, ${misc:Depends} Description: Xen runtime libraries - miscellaneous, versioned ABI Shared libraries for Xen utilities. @@ -224,7 +212,7 @@ Multi-Arch: same Package: libxencall1 Section: libs -Architecture: amd64 arm64 armhf i386 +Architecture: amd64 arm64 armhf Depends: ${shlibs:Depends}, ${misc:Depends} Description: Xen runtime library - libxencall Shared library for Xen utilities. @@ -232,7 +220,7 @@ Multi-Arch: same Package: libxendevicemodel1 Section: libs -Architecture: amd64 arm64 armhf i386 +Architecture: amd64 arm64 armhf Depends: ${shlibs:Depends}, ${misc:Depends} Description: Xen runtime libraries - libxendevicemodel Shared library for Xen utilities. @@ -240,7 +228,7 @@ Multi-Arch: same Package: libxenevtchn1 Section: libs -Architecture: amd64 arm64 armhf i386 +Architecture: amd64 arm64 armhf Depends: ${shlibs:Depends}, ${misc:Depends} Description: Xen runtime libraries - libxenevtchn Shared library for Xen utilities. @@ -248,7 +236,7 @@ Multi-Arch: same Package: libxenforeignmemory1 Section: libs -Architecture: amd64 arm64 armhf i386 +Architecture: amd64 arm64 armhf Depends: ${shlibs:Depends}, ${misc:Depends} Description: Xen runtime libraries - libxenforeignmemory Shared library for Xen utilities. @@ -256,15 +244,15 @@ Multi-Arch: same Package: libxengnttab1 Section: libs -Architecture: amd64 arm64 armhf i386 +Architecture: amd64 arm64 armhf Depends: ${shlibs:Depends}, ${misc:Depends} Description: Xen runtime libraries - libxengnttab Shared library for Xen utilities. Multi-Arch: same -Package: libxenstore3.0 +Package: libxenstore4 Section: libs -Architecture: amd64 arm64 armhf i386 +Architecture: amd64 arm64 armhf Depends: ${shlibs:Depends}, ${misc:Depends} Description: Xen runtime libraries - libxenstore Shared library for Xen utilities. @@ -272,7 +260,7 @@ Multi-Arch: same Package: libxentoolcore1 Section: libs -Architecture: amd64 arm64 armhf i386 +Architecture: amd64 arm64 armhf Depends: ${shlibs:Depends}, ${misc:Depends} Description: Xen runtime libraries - libxentoolcore Shared library for Xen utilities. @@ -280,7 +268,7 @@ Multi-Arch: same Package: libxentoollog1 Section: libs -Architecture: amd64 arm64 armhf i386 +Architecture: amd64 arm64 armhf Depends: ${shlibs:Depends}, ${misc:Depends} Description: Xen runtime libraries - libxentoollog Shared library for Xen utilities. @@ -288,7 +276,7 @@ Multi-Arch: same Package: libxenhypfs1 Section: libs -Architecture: amd64 arm64 armhf i386 +Architecture: amd64 arm64 armhf Depends: ${shlibs:Depends}, ${misc:Depends} Description: Xen runtime library - libxenhypfs Shared library for Xen utilities. diff -pruN 4.14.3+32-g9de3671772-1/debian/control.md5sum 4.16.1-1/debian/control.md5sum --- 4.14.3+32-g9de3671772-1/debian/control.md5sum 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/control.md5sum 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -90846bd8cd1227c290d02071e1f3b141 debian/changelog -dc7b5d9f0538e3180af4e9aff9b0bd57 debian/bin/gencontrol.py -9e089bdfb9c848da38da7f50e37a5502 debian/templates/control.main.in -a15fa64ce6deead28d33c1581b14dba7 debian/templates/xen-hypervisor.postinst.in -28356e01cce3f5f226bacec4c49a7f1e debian/templates/control.system.latest.in -03f63e67cf2d915bfbb535f8c9d9e2e4 debian/templates/xen-utils.postinst.in -63ad8a975156f7bf2327f0e1dc7fc9e2 debian/templates/control.source.in -22492e0565a4754b5e008ca7cac871da debian/templates/xen-hypervisor.postrm.in -02ec00ee85d07ab4eb277a91df014e0c debian/templates/control.hypervisor.in -4974334083116945da78ec656b4371f5 debian/templates/control.utils.in -dcabf82578122540e0534f72750698d5 debian/templates/xen-utils.lintian-overrides.in -b6acd21c3924e6ec6f9c547afbbc7d9e debian/templates/xen-utils.prerm.in -9851cdcecfae45a8c4f95ef676e26973 debian/arch/defines -bda767ffd62b57de88b50731794f1374 debian/arch/i386/defines -06efb201e83233c4607b13c8dad5c031 debian/arch/armhf/defines -afd11afd204a8929340d194894572353 debian/arch/amd64/defines -b6a35272efc8545fafab547e1cf492cb debian/arch/arm64/defines diff -pruN 4.14.3+32-g9de3671772-1/debian/libxenstore3.0.install 4.16.1-1/debian/libxenstore3.0.install --- 4.14.3+32-g9de3671772-1/debian/libxenstore3.0.install 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/libxenstore3.0.install 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -usr/lib/*/libxenstore.so.* diff -pruN 4.14.3+32-g9de3671772-1/debian/libxenstore3.0.symbols 4.16.1-1/debian/libxenstore3.0.symbols --- 4.14.3+32-g9de3671772-1/debian/libxenstore3.0.symbols 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/libxenstore3.0.symbols 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -libxenstore.so.3.0 libxenstore3.0 #MINVER# - expanding_buffer_ensure@Base 3.2.0 - sanitise_value@Base 3.2.0 - unsanitise_value@Base 3.2.0 - xs_check_watch@Base 4.2~ - xs_close@Base 4.1.0~rc6 - xs_control_command@Base 4.9.0 - xs_count_strings@Base 3.2.0 - xs_daemon_close@Base 3.2.0 - xs_daemon_destroy_postfork@Base 4.0.1~rc4 - xs_daemon_open@Base 3.2.0 - xs_daemon_open_readonly@Base 3.2.0 - xs_daemon_rootdir@Base 3.2.0 - xs_daemon_rundir@Base 3.2.0 - xs_daemon_socket@Base 3.2.0 - xs_daemon_socket_ro@Base 3.2.0 - xs_daemon_tdb@Base 3.2.0 - xs_debug_command@Base 3.2.0 - xs_directory@Base 3.2.0 - xs_domain_dev@Base 3.2.0 - xs_domain_open@Base 3.2.0 - xs_fileno@Base 3.2.0 - xs_get_domain_path@Base 3.2.0 - xs_get_permissions@Base 3.2.0 - xs_introduce_domain@Base 3.2.0 - xs_is_domain_introduced@Base 3.2.0 - xs_mkdir@Base 3.2.0 - xs_open@Base 4.1.0~rc6 - xs_path_is_subpath@Base 4.2~ - xs_perm_to_string@Base 3.2.0 - xs_read@Base 3.2.0 - xs_read_watch@Base 3.2.0 - xs_release_domain@Base 3.2.0 - xs_restrict@Base 4.1.0~rc6 - xs_resume_domain@Base 3.2.0 - xs_rm@Base 3.2.0 - xs_set_permissions@Base 3.2.0 - xs_set_target@Base 3.4.0 - xs_strings_to_perms@Base 3.2.0 - xs_suspend_evtchn_port@Base 3.4.0 - xs_transaction_end@Base 3.2.0 - xs_transaction_start@Base 3.2.0 - xs_unwatch@Base 3.2.0 - xs_watch@Base 3.2.0 - xs_write@Base 3.2.0 - xs_write_all@Base 3.2.0 diff -pruN 4.14.3+32-g9de3671772-1/debian/libxenstore4.install 4.16.1-1/debian/libxenstore4.install --- 4.14.3+32-g9de3671772-1/debian/libxenstore4.install 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/libxenstore4.install 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/*/libxenstore.so.* diff -pruN 4.14.3+32-g9de3671772-1/debian/libxenstore4.symbols 4.16.1-1/debian/libxenstore4.symbols --- 4.14.3+32-g9de3671772-1/debian/libxenstore4.symbols 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/libxenstore4.symbols 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,39 @@ +libxenstore.so.4 libxenstore4 #MINVER# + VERS_4.0@VERS_4.0 4.16.0 + xs_check_watch@VERS_4.0 4.16.0 + xs_close@VERS_4.0 4.16.0 + xs_control_command@VERS_4.0 4.16.0 + xs_daemon_close@VERS_4.0 4.16.0 + xs_daemon_destroy_postfork@VERS_4.0 4.16.0 + xs_daemon_open@VERS_4.0 4.16.0 + xs_daemon_open_readonly@VERS_4.0 4.16.0 + xs_daemon_rundir@VERS_4.0 4.16.0 + xs_daemon_socket@VERS_4.0 4.16.0 + xs_daemon_socket_ro@VERS_4.0 4.16.0 + xs_debug_command@VERS_4.0 4.16.0 + xs_directory@VERS_4.0 4.16.0 + xs_domain_open@VERS_4.0 4.16.0 + xs_fileno@VERS_4.0 4.16.0 + xs_get_domain_path@VERS_4.0 4.16.0 + xs_get_permissions@VERS_4.0 4.16.0 + xs_introduce_domain@VERS_4.0 4.16.0 + xs_is_domain_introduced@VERS_4.0 4.16.0 + xs_mkdir@VERS_4.0 4.16.0 + xs_open@VERS_4.0 4.16.0 + xs_path_is_subpath@VERS_4.0 4.16.0 + xs_read@VERS_4.0 4.16.0 + xs_read_watch@VERS_4.0 4.16.0 + xs_release_domain@VERS_4.0 4.16.0 + xs_restrict@VERS_4.0 4.16.0 + xs_resume_domain@VERS_4.0 4.16.0 + xs_rm@VERS_4.0 4.16.0 + xs_set_permissions@VERS_4.0 4.16.0 + xs_set_target@VERS_4.0 4.16.0 + xs_strings_to_perms@VERS_4.0 4.16.0 + xs_suspend_evtchn_port@VERS_4.0 4.16.0 + xs_transaction_end@VERS_4.0 4.16.0 + xs_transaction_start@VERS_4.0 4.16.0 + xs_unwatch@VERS_4.0 4.16.0 + xs_watch@VERS_4.0 4.16.0 + xs_write@VERS_4.0 4.16.0 + xs_write_all@VERS_4.0 4.16.0 diff -pruN 4.14.3+32-g9de3671772-1/debian/NEWS 4.16.1-1/debian/NEWS --- 4.14.3+32-g9de3671772-1/debian/NEWS 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/NEWS 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ -xen (4.11.4-1) unstable; urgency=medium - - This package version fixes a bug that would call the stop action on the - xen init script when removing an obsolete xen-utils-V package for a Xen - version V other than the currently running one. This results in stopping - the xenconsoled process. - - If you just upgraded from Xen 4.8 (Stretch), this will happen when - removing the xen-utils-4.8 package afterwards. - - The resulting situation can safely be repaired by calling the start action - on the xen script again manually once to bring back the xenconsoled - process. There will be no damage to running domUs. - - If you're upgrading from previous Xen 4.11 packages, no action is needed. - - Having these (or later) Xen 4.11 packages installed means that the bug - will not trigger any more when removing xen-utils-4.11 after upgrading to - a newer Xen version (e.g. 4.13) in the future. - - -- Hans van Kranenburg Tue, 26 May 2020 13:33:17 +0200 - -xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high - - This update contains the mitigations for the Microarchitectural Data - Sampling speculative side channel attacks. Only Intel based processors are - affected. - - Note that these fixes will only have effect when also loading updated cpu - microcode with MD_CLEAR functionality. When using the intel-microcode - package to include microcode in the dom0 initrd, it has to be loaded by - Xen. Please refer to the hypervisor command line documentation about the - 'ucode=scan' option. - - For the fixes to be fully effective, it is currently also needed to disable - hyper-threading, which can be done in BIOS settings, or by using smt=no on - the hypervisor command line. - - Additional information is available in the upstream Xen security advisory: - https://xenbits.xen.org/xsa/advisory-297.html - - -- Hans van Kranenburg Tue, 18 Jun 2019 09:50:19 +0200 diff -pruN 4.14.3+32-g9de3671772-1/debian/not-installed 4.16.1-1/debian/not-installed --- 4.14.3+32-g9de3671772-1/debian/not-installed 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/not-installed 2022-05-09 20:29:23.000000000 +0000 @@ -13,7 +13,7 @@ etc/init.d/xendomains # as installed. See bug #831786. Fool dh_missing by pretending # they're not installed at all, for now. etc/default/xencommons -etc/bash_completion.d/xl.sh +etc/bash_completion.d/xl # This is all handled by debian/shuffle-boot-files, # which dh_missing does not know about. diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0002-Delete-configure-output.patch 4.16.1-1/debian/patches/0002-Delete-configure-output.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0002-Delete-configure-output.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0002-Delete-configure-output.patch 2022-05-09 20:29:23.000000000 +0000 @@ -10,23 +10,23 @@ files again. Signed-off-by: Ian Jackson --- - configure | 3618 ----------------- - docs/configure | 3427 ----------------- - tools/configure | 11329 ------------------------------------------------------ - 3 files changed, 18374 deletions(-) + configure | 3630 ----------------- + docs/configure | 3442 ---------------- + tools/configure | 11485 ------------------------------------------------------ + 3 files changed, 18557 deletions(-) delete mode 100755 configure delete mode 100755 docs/configure delete mode 100755 tools/configure diff --git a/configure b/configure deleted file mode 100755 -index 9da3970..0000000 +index 62f6c2d..0000000 --- a/configure +++ /dev/null -@@ -1,3618 +0,0 @@ +@@ -1,3630 +0,0 @@ -#! /bin/sh -# Guess values for system-dependent variables and create Makefiles. --# Generated by GNU Autoconf 2.69 for Xen Hypervisor 4.14. +-# Generated by GNU Autoconf 2.69 for Xen Hypervisor 4.16. -# -# Report bugs to . -# @@ -605,8 +605,8 @@ index 9da3970..0000000 -# Identity of this package. -PACKAGE_NAME='Xen Hypervisor' -PACKAGE_TARNAME='xen' --PACKAGE_VERSION='4.14' --PACKAGE_STRING='Xen Hypervisor 4.14' +-PACKAGE_VERSION='4.16' +-PACKAGE_STRING='Xen Hypervisor 4.16' -PACKAGE_BUGREPORT='xen-devel@lists.xen.org' -PACKAGE_URL='https://www.xen.org/' - @@ -625,10 +625,7 @@ index 9da3970..0000000 -XEN_DUMP_DIR -XEN_PAGING_DIR -XEN_LOCK_DIR --XEN_SCRIPT_DIR --XEN_CONFIG_DIR -INITD_DIR --CONFIG_DIR -SHAREDIR -XEN_LIB_DIR -XEN_RUN_STORED @@ -640,7 +637,10 @@ index 9da3970..0000000 -LIBEXEC_LIB -LIBEXEC_BIN -LIBEXEC +-XEN_SCRIPT_DIR -CONFIG_LEAF_DIR +-XEN_CONFIG_DIR +-CONFIG_DIR -XENSTORED_PORT -XENSTORED_KVA -host_os @@ -696,6 +696,7 @@ index 9da3970..0000000 -with_initddir -with_sysconfig_leaf_dir -with_libexec_leaf_dir +-with_xen_scriptdir -with_xen_dumpdir -with_rundir -with_debugdir @@ -1261,7 +1262,7 @@ index 9da3970..0000000 - # Omit some internal or obsolete options to make the list less imposing. - # This message is too long to be a string in the A/UX 3.1 sh. - cat <<_ACEOF --\`configure' configures Xen Hypervisor 4.14 to adapt to many kinds of systems. +-\`configure' configures Xen Hypervisor 4.16 to adapt to many kinds of systems. - -Usage: $0 [OPTION]... [VAR=VALUE]... - @@ -1327,7 +1328,7 @@ index 9da3970..0000000 - -if test -n "$ac_init_help"; then - case $ac_init_help in -- short | recursive ) echo "Configuration of Xen Hypervisor 4.14:";; +- short | recursive ) echo "Configuration of Xen Hypervisor 4.16:";; - esac - cat <<\_ACEOF - @@ -1354,6 +1355,9 @@ index 9da3970..0000000 - "default". [sysconfig] - --with-libexec-leaf-dir=SUBDIR - Name of subdirectory in libexecdir to use. +- --with-xen-scriptdir=DIR +- Path to directory for dom0 hotplug scripts. +- [SYSCONFDIR/xen/scripts] - --with-xen-dumpdir=DIR Path to directory for domU crash dumps. - [LOCALSTATEDIR/lib/xen/dump] - --with-rundir=DIR Path to directory for runtime data. @@ -1425,7 +1429,7 @@ index 9da3970..0000000 -test -n "$ac_init_help" && exit $ac_status -if $ac_init_version; then - cat <<\_ACEOF --Xen Hypervisor configure 4.14 +-Xen Hypervisor configure 4.16 -generated by GNU Autoconf 2.69 - -Copyright (C) 2012 Free Software Foundation, Inc. @@ -1442,7 +1446,7 @@ index 9da3970..0000000 -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. - --It was created by Xen Hypervisor $as_me 4.14, which was +-It was created by Xen Hypervisor $as_me 4.16, which was -generated by GNU Autoconf 2.69. Invocation command line was - - $ $0 $@ @@ -1962,6 +1966,12 @@ index 9da3970..0000000 - esac -fi - +-CONFIG_DIR=$sysconfdir +- +- +-XEN_CONFIG_DIR=$CONFIG_DIR/xen +- +- - -# Check whether --with-initddir was given. -if test "${with_initddir+set}" = set; then : @@ -2004,6 +2014,17 @@ index 9da3970..0000000 - - - +-# Check whether --with-xen-scriptdir was given. +-if test "${with_xen_scriptdir+set}" = set; then : +- withval=$with_xen_scriptdir; xen_scriptdir_path=$withval +-else +- xen_scriptdir_path=$XEN_CONFIG_DIR/scripts +-fi +- +-XEN_SCRIPT_DIR=$xen_scriptdir_path +- +- +- -# Check whether --with-xen-dumpdir was given. -if test "${with_xen_dumpdir+set}" = set; then : - withval=$with_xen_dumpdir; xen_dumpdir_path=$withval @@ -2068,21 +2089,12 @@ index 9da3970..0000000 -SHAREDIR=$prefix/share - - --CONFIG_DIR=$sysconfdir -- -- -INITD_DIR=$initddir_path - - --XEN_CONFIG_DIR=$CONFIG_DIR/xen -- -- --XEN_SCRIPT_DIR=$XEN_CONFIG_DIR/scripts -- -- -case "$host_os" in -*freebsd*) XEN_LOCK_DIR=$localstatedir/lib ;; --*netbsd*) XEN_LOCK_DIR=$localstatedir/lib ;; +-*netbsd*) XEN_LOCK_DIR=$rundir_path ;; -*) XEN_LOCK_DIR=$localstatedir/lock ;; -esac - @@ -2882,7 +2894,7 @@ index 9da3970..0000000 -# report actual input values of CONFIG_FILES etc. instead of their -# values after options handling. -ac_log=" --This file was extended by Xen Hypervisor $as_me 4.14, which was +-This file was extended by Xen Hypervisor $as_me 4.16, which was -generated by GNU Autoconf 2.69. Invocation command line was - - CONFIG_FILES = $CONFIG_FILES @@ -2936,7 +2948,7 @@ index 9da3970..0000000 -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" -ac_cs_version="\\ --Xen Hypervisor config.status 4.14 +-Xen Hypervisor config.status 4.16 -configured by $0, generated by GNU Autoconf 2.69, - with options \\"\$ac_cs_config\\" - @@ -3644,13 +3656,13 @@ index 9da3970..0000000 - diff --git a/docs/configure b/docs/configure deleted file mode 100755 -index 9e3ed60..0000000 +index 569bd4c..0000000 --- a/docs/configure +++ /dev/null -@@ -1,3427 +0,0 @@ +@@ -1,3442 +0,0 @@ -#! /bin/sh -# Guess values for system-dependent variables and create Makefiles. --# Generated by GNU Autoconf 2.69 for Xen Hypervisor Documentation 4.14. +-# Generated by GNU Autoconf 2.69 for Xen Hypervisor Documentation 4.16. -# -# Report bugs to . -# @@ -4229,8 +4241,8 @@ index 9e3ed60..0000000 -# Identity of this package. -PACKAGE_NAME='Xen Hypervisor Documentation' -PACKAGE_TARNAME='xen' --PACKAGE_VERSION='4.14' --PACKAGE_STRING='Xen Hypervisor Documentation 4.14' +-PACKAGE_VERSION='4.16' +-PACKAGE_STRING='Xen Hypervisor Documentation 4.16' -PACKAGE_BUGREPORT='xen-devel@lists.xen.org' -PACKAGE_URL='https://www.xen.org/' - @@ -4247,10 +4259,7 @@ index 9e3ed60..0000000 -XEN_DUMP_DIR -XEN_PAGING_DIR -XEN_LOCK_DIR --XEN_SCRIPT_DIR --XEN_CONFIG_DIR -INITD_DIR --CONFIG_DIR -SHAREDIR -XEN_LIB_DIR -XEN_RUN_STORED @@ -4262,7 +4271,10 @@ index 9e3ed60..0000000 -LIBEXEC_LIB -LIBEXEC_BIN -LIBEXEC +-XEN_SCRIPT_DIR -CONFIG_LEAF_DIR +-XEN_CONFIG_DIR +-CONFIG_DIR -XENSTORED_PORT -XENSTORED_KVA -target_alias @@ -4310,6 +4322,7 @@ index 9e3ed60..0000000 -with_initddir -with_sysconfig_leaf_dir -with_libexec_leaf_dir +-with_xen_scriptdir -with_xen_dumpdir -with_rundir -with_debugdir @@ -4873,7 +4886,7 @@ index 9e3ed60..0000000 - # Omit some internal or obsolete options to make the list less imposing. - # This message is too long to be a string in the A/UX 3.1 sh. - cat <<_ACEOF --\`configure' configures Xen Hypervisor Documentation 4.14 to adapt to many kinds of systems. +-\`configure' configures Xen Hypervisor Documentation 4.16 to adapt to many kinds of systems. - -Usage: $0 [OPTION]... [VAR=VALUE]... - @@ -4935,7 +4948,7 @@ index 9e3ed60..0000000 - -if test -n "$ac_init_help"; then - case $ac_init_help in -- short | recursive ) echo "Configuration of Xen Hypervisor Documentation 4.14:";; +- short | recursive ) echo "Configuration of Xen Hypervisor Documentation 4.16:";; - esac - cat <<\_ACEOF - @@ -4951,6 +4964,9 @@ index 9e3ed60..0000000 - "default". [sysconfig] - --with-libexec-leaf-dir=SUBDIR - Name of subdirectory in libexecdir to use. +- --with-xen-scriptdir=DIR +- Path to directory for dom0 hotplug scripts. +- [SYSCONFDIR/xen/scripts] - --with-xen-dumpdir=DIR Path to directory for domU crash dumps. - [LOCALSTATEDIR/lib/xen/dump] - --with-rundir=DIR Path to directory for runtime data. @@ -5033,7 +5049,7 @@ index 9e3ed60..0000000 -test -n "$ac_init_help" && exit $ac_status -if $ac_init_version; then - cat <<\_ACEOF --Xen Hypervisor Documentation configure 4.14 +-Xen Hypervisor Documentation configure 4.16 -generated by GNU Autoconf 2.69 - -Copyright (C) 2012 Free Software Foundation, Inc. @@ -5050,7 +5066,7 @@ index 9e3ed60..0000000 -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. - --It was created by Xen Hypervisor Documentation $as_me 4.14, which was +-It was created by Xen Hypervisor Documentation $as_me 4.16, which was -generated by GNU Autoconf 2.69. Invocation command line was - - $ $0 $@ @@ -5399,7 +5415,7 @@ index 9e3ed60..0000000 - - - --ac_config_files="$ac_config_files ../config/Docs.mk man/xl.cfg.5.pod man/xl.1.pod" +-ac_config_files="$ac_config_files ../config/Docs.mk man/xl.cfg.5.pod man/xl.1.pod man/xl-disk-configuration.5.pod man/xl-network-configuration.5.pod man/xl.conf.5.pod" - -ac_aux_dir= -for ac_dir in ../ "$srcdir"/../; do @@ -5489,6 +5505,12 @@ index 9e3ed60..0000000 - esac -fi - +-CONFIG_DIR=$sysconfdir +- +- +-XEN_CONFIG_DIR=$CONFIG_DIR/xen +- +- - -# Check whether --with-initddir was given. -if test "${with_initddir+set}" = set; then : @@ -5531,6 +5553,17 @@ index 9e3ed60..0000000 - - - +-# Check whether --with-xen-scriptdir was given. +-if test "${with_xen_scriptdir+set}" = set; then : +- withval=$with_xen_scriptdir; xen_scriptdir_path=$withval +-else +- xen_scriptdir_path=$XEN_CONFIG_DIR/scripts +-fi +- +-XEN_SCRIPT_DIR=$xen_scriptdir_path +- +- +- -# Check whether --with-xen-dumpdir was given. -if test "${with_xen_dumpdir+set}" = set; then : - withval=$with_xen_dumpdir; xen_dumpdir_path=$withval @@ -5595,21 +5628,12 @@ index 9e3ed60..0000000 -SHAREDIR=$prefix/share - - --CONFIG_DIR=$sysconfdir -- -- -INITD_DIR=$initddir_path - - --XEN_CONFIG_DIR=$CONFIG_DIR/xen -- -- --XEN_SCRIPT_DIR=$XEN_CONFIG_DIR/scripts -- -- -case "$host_os" in -*freebsd*) XEN_LOCK_DIR=$localstatedir/lib ;; --*netbsd*) XEN_LOCK_DIR=$localstatedir/lib ;; +-*netbsd*) XEN_LOCK_DIR=$rundir_path ;; -*) XEN_LOCK_DIR=$localstatedir/lock ;; -esac - @@ -6459,7 +6483,7 @@ index 9e3ed60..0000000 -# report actual input values of CONFIG_FILES etc. instead of their -# values after options handling. -ac_log=" --This file was extended by Xen Hypervisor Documentation $as_me 4.14, which was +-This file was extended by Xen Hypervisor Documentation $as_me 4.16, which was -generated by GNU Autoconf 2.69. Invocation command line was - - CONFIG_FILES = $CONFIG_FILES @@ -6513,7 +6537,7 @@ index 9e3ed60..0000000 -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" -ac_cs_version="\\ --Xen Hypervisor Documentation config.status 4.14 +-Xen Hypervisor Documentation config.status 4.16 -configured by $0, generated by GNU Autoconf 2.69, - with options \\"\$ac_cs_config\\" - @@ -6626,6 +6650,9 @@ index 9e3ed60..0000000 - "../config/Docs.mk") CONFIG_FILES="$CONFIG_FILES ../config/Docs.mk" ;; - "man/xl.cfg.5.pod") CONFIG_FILES="$CONFIG_FILES man/xl.cfg.5.pod" ;; - "man/xl.1.pod") CONFIG_FILES="$CONFIG_FILES man/xl.1.pod" ;; +- "man/xl-disk-configuration.5.pod") CONFIG_FILES="$CONFIG_FILES man/xl-disk-configuration.5.pod" ;; +- "man/xl-network-configuration.5.pod") CONFIG_FILES="$CONFIG_FILES man/xl-network-configuration.5.pod" ;; +- "man/xl.conf.5.pod") CONFIG_FILES="$CONFIG_FILES man/xl.conf.5.pod" ;; - - *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; - esac @@ -7077,13 +7104,13 @@ index 9e3ed60..0000000 - diff --git a/tools/configure b/tools/configure deleted file mode 100755 -index f3f19c1..0000000 +index 40f970b..0000000 --- a/tools/configure +++ /dev/null -@@ -1,11329 +0,0 @@ +@@ -1,11485 +0,0 @@ -#! /bin/sh -# Guess values for system-dependent variables and create Makefiles. --# Generated by GNU Autoconf 2.69 for Xen Hypervisor Tools 4.14. +-# Generated by GNU Autoconf 2.69 for Xen Hypervisor Tools 4.16. -# -# Report bugs to . -# @@ -7663,12 +7690,12 @@ index f3f19c1..0000000 -# Identity of this package. -PACKAGE_NAME='Xen Hypervisor Tools' -PACKAGE_TARNAME='xen' --PACKAGE_VERSION='4.14' --PACKAGE_STRING='Xen Hypervisor Tools 4.14' +-PACKAGE_VERSION='4.16' +-PACKAGE_STRING='Xen Hypervisor Tools 4.16' -PACKAGE_BUGREPORT='xen-devel@lists.xen.org' -PACKAGE_URL='https://www.xen.org/' - --ac_unique_file="libxl/libxl.c" +-ac_unique_file="libs/light/libxl.c" -# Factoring default headers for most tests. -ac_includes_default="\ -#include @@ -7726,6 +7753,8 @@ index f3f19c1..0000000 -EXTFS_LIBS -system_aio -zlib +-libzstd_LIBS +-libzstd_CFLAGS -FETCHER -FTP -FALSE @@ -7745,6 +7774,7 @@ index f3f19c1..0000000 -CPP -pyconfig -PYTHONPATH +-BASH -CHECKPOLICY -XENSTORED -GO @@ -7762,14 +7792,13 @@ index f3f19c1..0000000 -OCAMLLIB -OCAMLVERSION -OCAMLC +-ABI_DUMPER -INSTALL_DATA -INSTALL_SCRIPT -INSTALL_PROGRAM -SET_MAKE -AWK -IASL --XGETTEXT --BASH -FLEX -BISON -PERL @@ -7779,7 +7808,6 @@ index f3f19c1..0000000 -PREPEND_LIB -PREPEND_INCLUDES -EXTRA_QEMUU_CONFIGURE_ARGS --ipxe -qemu_xen_systemd -qemu_xen_path -qemu_xen @@ -7787,6 +7815,7 @@ index f3f19c1..0000000 -BCC -LD86 -AS86 +-ipxe -qemu_traditional -LINUX_BACKEND_MODULES -golang @@ -7801,10 +7830,7 @@ index f3f19c1..0000000 -XEN_DUMP_DIR -XEN_PAGING_DIR -XEN_LOCK_DIR --XEN_SCRIPT_DIR --XEN_CONFIG_DIR -INITD_DIR --CONFIG_DIR -SHAREDIR -XEN_LIB_DIR -XEN_RUN_STORED @@ -7816,7 +7842,10 @@ index f3f19c1..0000000 -LIBEXEC_LIB -LIBEXEC_BIN -LIBEXEC +-XEN_SCRIPT_DIR -CONFIG_LEAF_DIR +-XEN_CONFIG_DIR +-CONFIG_DIR -XENSTORED_PORT -XENSTORED_KVA -FILE_OFFSET_BITS @@ -7882,6 +7911,7 @@ index f3f19c1..0000000 -with_initddir -with_sysconfig_leaf_dir -with_libexec_leaf_dir +-with_xen_scriptdir -with_xen_dumpdir -with_rundir -with_debugdir @@ -7895,13 +7925,13 @@ index f3f19c1..0000000 -enable_golang -with_linux_backend_modules -enable_qemu_traditional +-enable_ipxe +-with_system_ipxe -enable_rombios -with_system_qemu -with_stubdom_qmp_proxy -with_system_seabios -with_system_ovmf --enable_ipxe --with_system_ipxe -with_extra_qemuu_configure_args -with_xenstored -enable_systemd @@ -7926,8 +7956,6 @@ index f3f19c1..0000000 -PERL -BISON -FLEX --BASH --XGETTEXT -AS86 -LD86 -BCC @@ -7941,6 +7969,8 @@ index f3f19c1..0000000 -glib_LIBS -pixman_CFLAGS -pixman_LIBS +-libzstd_CFLAGS +-libzstd_LIBS -LIBNL3_CFLAGS -LIBNL3_LIBS -SYSTEMD_CFLAGS @@ -8495,7 +8525,7 @@ index f3f19c1..0000000 - # Omit some internal or obsolete options to make the list less imposing. - # This message is too long to be a string in the A/UX 3.1 sh. - cat <<_ACEOF --\`configure' configures Xen Hypervisor Tools 4.14 to adapt to many kinds of systems. +-\`configure' configures Xen Hypervisor Tools 4.16 to adapt to many kinds of systems. - -Usage: $0 [OPTION]... [VAR=VALUE]... - @@ -8561,7 +8591,7 @@ index f3f19c1..0000000 - -if test -n "$ac_init_help"; then - case $ac_init_help in -- short | recursive ) echo "Configuration of Xen Hypervisor Tools 4.14:";; +- short | recursive ) echo "Configuration of Xen Hypervisor Tools 4.16:";; - esac - cat <<\_ACEOF - @@ -8582,12 +8612,12 @@ index f3f19c1..0000000 - --disable-seabios Disable SeaBIOS (default is ENABLED) - --disable-golang Disable Go tools (default is ENABLED) - --enable-qemu-traditional -- Enable qemu traditional device model, (DEFAULT is on -- for Linux or NetBSD x86, otherwise off) +- Enable qemu traditional device model, (DEFAULT is +- off) +- --enable-ipxe Enable in-tree IPXE, (DEFAULT is off, see also +- --with-system-ipxe) - --enable-rombios Enable ROMBIOS, (DEFAULT is on if qemu-traditional -- is enabled, otherwise off) -- --disable-ipxe Enable in-tree IPXE, (DEFAULT is on if rombios is -- enabled, otherwise off, see also --with-system-ipxe) +- or ipxe is enabled, otherwise off) - --enable-systemd Enable systemd support (default is DISABLED) - --enable-9pfs Explicitly enable 9pfs support in QEMU build - (default is to defer to QEMU configure default) @@ -8606,6 +8636,9 @@ index f3f19c1..0000000 - "default". [sysconfig] - --with-libexec-leaf-dir=SUBDIR - Name of subdirectory in libexecdir to use. +- --with-xen-scriptdir=DIR +- Path to directory for dom0 hotplug scripts. +- [SYSCONFDIR/xen/scripts] - --with-xen-dumpdir=DIR Path to directory for domU crash dumps. - [LOCALSTATEDIR/lib/xen/dump] - --with-rundir=DIR Path to directory for runtime data. @@ -8615,6 +8648,11 @@ index f3f19c1..0000000 - --with-linux-backend-modules="mod1 mod2" - List of Linux backend module or modalias names to be - autoloaded on startup. +- --with-system-ipxe[=PATH] +- Use system supplied IPXE PATH instead of building +- and installing our own version, it takes precedence +- over --{en,dis}able-ipxe, --without-system-ipxe is +- an error - --with-system-qemu[=PATH] - Use system supplied qemu PATH or qemu (taken from - $PATH) as qemu-xen device model instead of building @@ -8628,12 +8666,6 @@ index f3f19c1..0000000 - --with-system-ovmf[=PATH] - Use system supplied OVMF PATH instead of building - and installing our own version -- --with-system-ipxe[=PATH] -- Use system supplied IPXE PATH instead of building -- and installing our own version, it takes precedence -- over --{en,dis}able-ipxe and is bound by the -- presence of rombios, --without-system-ipxe is an -- error - --with-extra-qemuu-configure-args[="--ARG1 ..."] - List of additional configure options for upstream - qemu @@ -8672,8 +8704,6 @@ index f3f19c1..0000000 - PERL Path to Perl parser - BISON Path to Bison parser generator - FLEX Path to Flex lexical analyser generator -- BASH Path to bash shell -- XGETTEXT Path to xgetttext tool - AS86 Path to as86 tool - LD86 Path to ld86 tool - BCC Path to bcc tool @@ -8690,6 +8720,10 @@ index f3f19c1..0000000 - pixman_CFLAGS - C compiler flags for pixman, overriding pkg-config - pixman_LIBS linker flags for pixman, overriding pkg-config +- libzstd_CFLAGS +- C compiler flags for libzstd, overriding pkg-config +- libzstd_LIBS +- linker flags for libzstd, overriding pkg-config - LIBNL3_CFLAGS - C compiler flags for LIBNL3, overriding pkg-config - LIBNL3_LIBS linker flags for LIBNL3, overriding pkg-config @@ -8765,7 +8799,7 @@ index f3f19c1..0000000 -test -n "$ac_init_help" && exit $ac_status -if $ac_init_version; then - cat <<\_ACEOF --Xen Hypervisor Tools configure 4.14 +-Xen Hypervisor Tools configure 4.16 -generated by GNU Autoconf 2.69 - -Copyright (C) 2012 Free Software Foundation, Inc. @@ -9180,7 +9214,7 @@ index f3f19c1..0000000 -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. - --It was created by Xen Hypervisor Tools $as_me 4.14, which was +-It was created by Xen Hypervisor Tools $as_me 4.16, which was -generated by GNU Autoconf 2.69. Invocation command line was - - $ $0 $@ @@ -10966,6 +11000,8 @@ index f3f19c1..0000000 - - - +- +- -test "x$prefix" = "xNONE" && prefix=$ac_default_prefix -test "x$exec_prefix" = "xNONE" && exec_prefix=${prefix} - @@ -10995,6 +11031,12 @@ index f3f19c1..0000000 - esac -fi - +-CONFIG_DIR=$sysconfdir +- +- +-XEN_CONFIG_DIR=$CONFIG_DIR/xen +- +- - -# Check whether --with-initddir was given. -if test "${with_initddir+set}" = set; then : @@ -11037,6 +11079,17 @@ index f3f19c1..0000000 - - - +-# Check whether --with-xen-scriptdir was given. +-if test "${with_xen_scriptdir+set}" = set; then : +- withval=$with_xen_scriptdir; xen_scriptdir_path=$withval +-else +- xen_scriptdir_path=$XEN_CONFIG_DIR/scripts +-fi +- +-XEN_SCRIPT_DIR=$xen_scriptdir_path +- +- +- -# Check whether --with-xen-dumpdir was given. -if test "${with_xen_dumpdir+set}" = set; then : - withval=$with_xen_dumpdir; xen_dumpdir_path=$withval @@ -11101,21 +11154,12 @@ index f3f19c1..0000000 -SHAREDIR=$prefix/share - - --CONFIG_DIR=$sysconfdir -- -- -INITD_DIR=$initddir_path - - --XEN_CONFIG_DIR=$CONFIG_DIR/xen -- -- --XEN_SCRIPT_DIR=$XEN_CONFIG_DIR/scripts -- -- -case "$host_os" in -*freebsd*) XEN_LOCK_DIR=$localstatedir/lib ;; --*netbsd*) XEN_LOCK_DIR=$localstatedir/lib ;; +-*netbsd*) XEN_LOCK_DIR=$rundir_path ;; -*) XEN_LOCK_DIR=$localstatedir/lock ;; -esac - @@ -11352,19 +11396,6 @@ index f3f19c1..0000000 -# Check whether --enable-qemu-traditional was given. -if test "${enable_qemu_traditional+set}" = set; then : - enableval=$enable_qemu_traditional; --else -- -- case "$host_cpu" in -- i[3456]86|x86_64) -- enable_qemu_traditional="yes";; -- *) enable_qemu_traditional="no";; -- esac -- case "$host_os" in -- freebsd*) -- enable_qemu_traditional="no";; -- esac -- -- -fi - -if test "x$enable_qemu_traditional" = "xyes"; then : @@ -11380,12 +11411,57 @@ index f3f19c1..0000000 -fi - - +-# Check whether --enable-ipxe was given. +-if test "${enable_ipxe+set}" = set; then : +- enableval=$enable_ipxe; +-else +- +- if test "x$enable_qemu_traditional" = "xyes"; then : +- +- enable_ipxe="yes" +- +-else +- +- enable_ipxe="no" +- +-fi +- +-fi +- +-if test "x$enable_ipxe" = "xno"; then : +- ipxe=n +-else +- ipxe=y +-fi +- +-# Check whether --with-system-ipxe was given. +-if test "${with_system_ipxe+set}" = set; then : +- withval=$with_system_ipxe; +- case $withval in +- no) as_fn_error $? "--without-system-ipxe has no effect" "$LINENO" 5 ;; +- /*) ipxe_path=$withval; ipxe=n ;; +- *) as_fn_error $? "IPXE specified, but is not an absolute path" "$LINENO" 5 ;; +- esac +- +-fi +- +-if test "x$ipxe" = "xy" -o -n "$ipxe_path" ; then : +- +- +-cat >>confdefs.h <<_ACEOF +-#define IPXE_PATH "${ipxe_path:-$XENFIRMWAREDIR/ipxe.bin}" +-_ACEOF +- +- +-fi +- +- -# Check whether --enable-rombios was given. -if test "${enable_rombios+set}" = set; then : - enableval=$enable_rombios; -else - -- if test "x$enable_qemu_traditional" = "xyes"; then : +- if test "x$enable_qemu_traditional" = "xyes" -o "x$enable_ipxe" = "xyes"; then : - - enable_rombios="yes" - @@ -11700,55 +11776,6 @@ index f3f19c1..0000000 - -fi - --# Check whether --enable-ipxe was given. --if test "${enable_ipxe+set}" = set; then : -- enableval=$enable_ipxe; -- if test "x$enable_ipxe" = "xno"; then : -- ipxe=n --else -- ipxe=y --fi -- --else -- -- if test "x$enable_rombios" = "xno"; then : -- ipxe=n --else -- ipxe=y --fi -- --fi -- -- --# Check whether --with-system-ipxe was given. --if test "${with_system_ipxe+set}" = set; then : -- withval=$with_system_ipxe; -- case $withval in -- no) as_fn_error $? "--without-system-ipxe has no effect" "$LINENO" 5 ;; -- /*) ipxe_path=$withval; ipxe=n ;; -- *) as_fn_error $? "IPXE specified, but is not an absolute path" "$LINENO" 5 ;; -- esac -- --fi -- --if test "x$ipxe" = "xy" -o -n "$ipxe_path" ; then : -- -- -- if test "x$enable_rombios" = "xno"; then : -- -- as_fn_error $? "Rombios is required to use IPXE" "$LINENO" 5 -- --fi -- -- --cat >>confdefs.h <<_ACEOF --#define IPXE_PATH "${ipxe_path:-$XENFIRMWAREDIR/ipxe.bin}" --_ACEOF -- -- --fi -- -- - -# Check whether --with-extra-qemuu-configure-args was given. -if test "${with_extra_qemuu_configure_args+set}" = set; then : @@ -11800,8 +11827,6 @@ index f3f19c1..0000000 - - - -- -- -# Checks for programs. -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' @@ -12466,16 +12491,16 @@ index f3f19c1..0000000 - -test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' - --# Extract the first word of "bison", so it can be a program name with args. --set dummy bison; ac_word=$2 +-# Extract the first word of "flex", so it can be a program name with args. +-set dummy flex; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } --if ${ac_cv_path_BISON+:} false; then : +-if ${ac_cv_path_FLEX+:} false; then : - $as_echo_n "(cached) " >&6 -else -- case $BISON in +- case $FLEX in - [\\/]* | ?:[\\/]*) -- ac_cv_path_BISON="$BISON" # Let the user override the test with a path. +- ac_cv_path_FLEX="$FLEX" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -12485,7 +12510,7 @@ index f3f19c1..0000000 - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -- ac_cv_path_BISON="$as_dir/$ac_word$ac_exec_ext" +- ac_cv_path_FLEX="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi @@ -12496,26 +12521,26 @@ index f3f19c1..0000000 - ;; -esac -fi --BISON=$ac_cv_path_BISON --if test -n "$BISON"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $BISON" >&5 --$as_echo "$BISON" >&6; } +-FLEX=$ac_cv_path_FLEX +-if test -n "$FLEX"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $FLEX" >&5 +-$as_echo "$FLEX" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - --# Extract the first word of "flex", so it can be a program name with args. --set dummy flex; ac_word=$2 +-# Extract the first word of "abi-dumper", so it can be a program name with args. +-set dummy abi-dumper; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } --if ${ac_cv_path_FLEX+:} false; then : +-if ${ac_cv_path_ABI_DUMPER+:} false; then : - $as_echo_n "(cached) " >&6 -else -- case $FLEX in +- case $ABI_DUMPER in - [\\/]* | ?:[\\/]*) -- ac_cv_path_FLEX="$FLEX" # Let the user override the test with a path. +- ac_cv_path_ABI_DUMPER="$ABI_DUMPER" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -12525,7 +12550,7 @@ index f3f19c1..0000000 - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -- ac_cv_path_FLEX="$as_dir/$ac_word$ac_exec_ext" +- ac_cv_path_ABI_DUMPER="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi @@ -12536,10 +12561,10 @@ index f3f19c1..0000000 - ;; -esac -fi --FLEX=$ac_cv_path_FLEX --if test -n "$FLEX"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $FLEX" >&5 --$as_echo "$FLEX" >&6; } +-ABI_DUMPER=$ac_cv_path_ABI_DUMPER +-if test -n "$ABI_DUMPER"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ABI_DUMPER" >&5 +-$as_echo "$ABI_DUMPER" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } @@ -14909,51 +14934,6 @@ index f3f19c1..0000000 - -if ! $rump; then - --# Extract the first word of "xgettext", so it can be a program name with args. --set dummy xgettext; ac_word=$2 --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 --$as_echo_n "checking for $ac_word... " >&6; } --if ${ac_cv_path_XGETTEXT+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- case $XGETTEXT in -- [\\/]* | ?:[\\/]*) -- ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path. -- ;; -- *) -- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -- ac_cv_path_XGETTEXT="$as_dir/$ac_word$ac_exec_ext" -- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 -- break 2 -- fi --done -- done --IFS=$as_save_IFS -- -- test -z "$ac_cv_path_XGETTEXT" && ac_cv_path_XGETTEXT="no" -- ;; --esac --fi --XGETTEXT=$ac_cv_path_XGETTEXT --if test -n "$XGETTEXT"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5 --$as_echo "$XGETTEXT" >&6; } --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi -- -- --if test x"${XGETTEXT}" = x"no" --then -- as_fn_error $? "Unable to find xgettext, please install xgettext" "$LINENO" 5 --fi -case "$host_cpu" in -i[3456]86|x86_64|aarch64) - # Extract the first word of "iasl", so it can be a program name with args. @@ -15830,6 +15810,77 @@ index f3f19c1..0000000 - - - +-pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libzstd" >&5 +-$as_echo_n "checking for libzstd... " >&6; } +- +-if test -n "$libzstd_CFLAGS"; then +- pkg_cv_libzstd_CFLAGS="$libzstd_CFLAGS" +- elif test -n "$PKG_CONFIG"; then +- if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libzstd\""; } >&5 +- ($PKG_CONFIG --exists --print-errors "libzstd") 2>&5 +- ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 +- test $ac_status = 0; }; then +- pkg_cv_libzstd_CFLAGS=`$PKG_CONFIG --cflags "libzstd" 2>/dev/null` +- test "x$?" != "x0" && pkg_failed=yes +-else +- pkg_failed=yes +-fi +- else +- pkg_failed=untried +-fi +-if test -n "$libzstd_LIBS"; then +- pkg_cv_libzstd_LIBS="$libzstd_LIBS" +- elif test -n "$PKG_CONFIG"; then +- if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libzstd\""; } >&5 +- ($PKG_CONFIG --exists --print-errors "libzstd") 2>&5 +- ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 +- test $ac_status = 0; }; then +- pkg_cv_libzstd_LIBS=`$PKG_CONFIG --libs "libzstd" 2>/dev/null` +- test "x$?" != "x0" && pkg_failed=yes +-else +- pkg_failed=yes +-fi +- else +- pkg_failed=untried +-fi +- +- +- +-if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- +-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then +- _pkg_short_errors_supported=yes +-else +- _pkg_short_errors_supported=no +-fi +- if test $_pkg_short_errors_supported = yes; then +- libzstd_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libzstd" 2>&1` +- else +- libzstd_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libzstd" 2>&1` +- fi +- # Put the nasty error message in config.log where it belongs +- echo "$libzstd_PKG_ERRORS" >&5 +- +- true +-elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- true +-else +- libzstd_CFLAGS=$pkg_cv_libzstd_CFLAGS +- libzstd_LIBS=$pkg_cv_libzstd_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- zlib="$zlib -DHAVE_ZSTD $libzstd_CFLAGS $libzstd_LIBS" +-fi +- - - -ac_fn_c_check_header_mongrel "$LINENO" "ext2fs/ext2fs.h" "ac_cv_header_ext2fs_ext2fs_h" "$ac_includes_default" @@ -17105,6 +17156,138 @@ index f3f19c1..0000000 -fi - - +-if test "x$pvshim" = "xy"; then : +- +- # Extract the first word of "bison", so it can be a program name with args. +-set dummy bison; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_path_BISON+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- case $BISON in +- [\\/]* | ?:[\\/]*) +- ac_cv_path_BISON="$BISON" # Let the user override the test with a path. +- ;; +- *) +- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +-for as_dir in $PATH +-do +- IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. +- for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then +- ac_cv_path_BISON="$as_dir/$ac_word$ac_exec_ext" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 +- break 2 +- fi +-done +- done +-IFS=$as_save_IFS +- +- test -z "$ac_cv_path_BISON" && ac_cv_path_BISON="no" +- ;; +-esac +-fi +-BISON=$ac_cv_path_BISON +-if test -n "$BISON"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $BISON" >&5 +-$as_echo "$BISON" >&6; } +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +- +- +-if test x"${BISON}" = x"no" +-then +- as_fn_error $? "Unable to find bison, please install bison" "$LINENO" 5 +-fi +- +-else +- +- # Extract the first word of "bison", so it can be a program name with args. +-set dummy bison; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_path_BISON+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- case $BISON in +- [\\/]* | ?:[\\/]*) +- ac_cv_path_BISON="$BISON" # Let the user override the test with a path. +- ;; +- *) +- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +-for as_dir in $PATH +-do +- IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. +- for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then +- ac_cv_path_BISON="$as_dir/$ac_word$ac_exec_ext" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 +- break 2 +- fi +-done +- done +-IFS=$as_save_IFS +- +- ;; +-esac +-fi +-BISON=$ac_cv_path_BISON +-if test -n "$BISON"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $BISON" >&5 +-$as_echo "$BISON" >&6; } +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +- +- +- +-fi +- +- +-ax_found=0 +- +- if test "$ax_found" = "0"; then : +- +- ac_fn_c_check_header_mongrel "$LINENO" "endian.h" "ac_cv_header_endian_h" "$ac_includes_default" +-if test "x$ac_cv_header_endian_h" = xyes; then : +- +- +-$as_echo "#define INCLUDE_ENDIAN_H " >>confdefs.h +- +- ax_found=1 +-fi +- +- +- +-fi +- +- if test "$ax_found" = "0"; then : +- +- ac_fn_c_check_header_mongrel "$LINENO" "sys/endian.h" "ac_cv_header_sys_endian_h" "$ac_includes_default" +-if test "x$ac_cv_header_sys_endian_h" = xyes; then : +- +- +-$as_echo "#define INCLUDE_ENDIAN_H " >>confdefs.h +- +- ax_found=1 +-fi +- +- +- +-fi +- +-if test "$ax_found" = "0"; then : +- +- as_fn_error $? "No header found from list endian.h sys/endian.h" "$LINENO" 5 +- +-fi +- - -cat >confcache <<\_ACEOF -# This file is a shell script that caches the results of configure @@ -17612,7 +17795,7 @@ index f3f19c1..0000000 -# report actual input values of CONFIG_FILES etc. instead of their -# values after options handling. -ac_log=" --This file was extended by Xen Hypervisor Tools $as_me 4.14, which was +-This file was extended by Xen Hypervisor Tools $as_me 4.16, which was -generated by GNU Autoconf 2.69. Invocation command line was - - CONFIG_FILES = $CONFIG_FILES @@ -17675,7 +17858,7 @@ index f3f19c1..0000000 -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" -ac_cs_version="\\ --Xen Hypervisor Tools config.status 4.14 +-Xen Hypervisor Tools config.status 4.16 -configured by $0, generated by GNU Autoconf 2.69, - with options \\"\$ac_cs_config\\" - diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0003-Display-Debian-package-version-in-hypervisor-log.patch 4.16.1-1/debian/patches/0003-Display-Debian-package-version-in-hypervisor-log.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0003-Display-Debian-package-version-in-hypervisor-log.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0003-Display-Debian-package-version-in-hypervisor-log.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,187 @@ +From: Bastian Blank +Date: Sat, 5 Jul 2014 11:46:43 +0200 +Subject: Display Debian package version in hypervisor log + +During hypervisor boot, disable the banner and nicely display the xen +version as well as the Maintainer address from debian/control. + +For this to work the SOURCE_BASE_DIR variable needs to be set by the +build system to the top directory, i.e. where the debian folder is. + +Original patch by Bastian Blank +Modified by +Hans van Kranenburg +Maximilian Engelhardt +--- + xen/Makefile | 8 +++++--- + xen/common/kernel.c | 8 ++++---- + xen/common/version.c | 22 +++++++++++----------- + xen/drivers/char/console.c | 11 ++++------- + xen/include/xen/compile.h.in | 8 ++++---- + xen/include/xen/version.h | 7 ++++--- + 6 files changed, 32 insertions(+), 32 deletions(-) + +diff --git a/xen/Makefile b/xen/Makefile +index 8abc71c..503104f 100644 +--- a/xen/Makefile ++++ b/xen/Makefile +@@ -430,7 +430,7 @@ endef + targets += .banner + + # compile.h contains dynamic build info. Rebuilt on every 'make' invocation. +-include/xen/compile.h: include/xen/compile.h.in .banner ++include/xen/compile.h: include/xen/compile.h.in + @sed -e 's/@@date@@/$(XEN_BUILD_DATE)/g' \ + -e 's/@@time@@/$(XEN_BUILD_TIME)/g' \ + -e 's/@@whoami@@/$(XEN_WHOAMI)/g' \ +@@ -441,9 +441,11 @@ include/xen/compile.h: include/xen/compile.h.in .banner + -e 's/@@subversion@@/$(XEN_SUBVERSION)/g' \ + -e 's/@@extraversion@@/$(XEN_EXTRAVERSION)/g' \ + -e 's!@@changeset@@!$(shell tools/scmversion $(XEN_ROOT) || echo "unavailable")!g' \ ++ -e 's/@@system_distribution@@/$(shell lsb_release -is)/g' \ ++ -e 's/@@system_maintainer_domain@@/$(shell grep Maintainer ${SOURCE_BASE_DIR}/debian/control | sed -ne 's,^Maintainer: .[^<]*<[^@>]*@\([^>]*\)>,\1,p')/g' \ ++ -e 's/@@system_maintainer_local@@/$(shell grep Maintainer ${SOURCE_BASE_DIR}/debian/control | sed -ne 's,^Maintainer: .[^<]*<\([^@>]*\)@.*>,\1,p')/g' \ ++ -e 's/@@system_version@@/$(shell cd ${SOURCE_BASE_DIR}; dpkg-parsechangelog | awk '/^Version:/ {print $$2}')/g' \ + < include/xen/compile.h.in > $@.new +- @cat .banner +- @sed -rf tools/process-banner.sed < .banner >> $@.new + @mv -f $@.new $@ + + asm-offsets.s: arch/$(TARGET_ARCH)/$(TARGET_SUBARCH)/asm-offsets.c +diff --git a/xen/common/kernel.c b/xen/common/kernel.c +index e119e54..a31e617 100644 +--- a/xen/common/kernel.c ++++ b/xen/common/kernel.c +@@ -402,9 +402,9 @@ static int __init buildinfo_init(void) + + hypfs_add_dir(&buildinfo, &compileinfo, true); + hypfs_string_set_reference(&compiler, xen_compiler()); +- hypfs_string_set_reference(&compile_by, xen_compile_by()); ++ hypfs_string_set_reference(&compile_by, xen_compile_system_maintainer_local()); + hypfs_string_set_reference(&compile_date, xen_compile_date()); +- hypfs_string_set_reference(&compile_domain, xen_compile_domain()); ++ hypfs_string_set_reference(&compile_domain, xen_compile_system_maintainer_domain()); + hypfs_add_leaf(&compileinfo, &compiler, true); + hypfs_add_leaf(&compileinfo, &compile_by, true); + hypfs_add_leaf(&compileinfo, &compile_date, true); +@@ -485,8 +485,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) + + memset(&info, 0, sizeof(info)); + safe_strcpy(info.compiler, deny ? xen_deny() : xen_compiler()); +- safe_strcpy(info.compile_by, deny ? xen_deny() : xen_compile_by()); +- safe_strcpy(info.compile_domain, deny ? xen_deny() : xen_compile_domain()); ++ safe_strcpy(info.compile_by, deny ? xen_deny() : xen_compile_system_maintainer_local()); ++ safe_strcpy(info.compile_domain, deny ? xen_deny() : xen_compile_system_maintainer_domain()); + safe_strcpy(info.compile_date, deny ? xen_deny() : xen_compile_date()); + if ( copy_to_guest(arg, &info, 1) ) + return -EFAULT; +diff --git a/xen/common/version.c b/xen/common/version.c +index d320135..b44d411 100644 +--- a/xen/common/version.c ++++ b/xen/common/version.c +@@ -20,19 +20,24 @@ const char *xen_compile_time(void) + return XEN_COMPILE_TIME; + } + +-const char *xen_compile_by(void) ++const char *xen_compile_system_distribution(void) + { +- return XEN_COMPILE_BY; ++ return XEN_COMPILE_SYSTEM_DISTRIBUTION; + } + +-const char *xen_compile_domain(void) ++const char *xen_compile_system_maintainer_local(void) + { +- return XEN_COMPILE_DOMAIN; ++ return XEN_COMPILE_SYSTEM_MAINTAINER_LOCAL; + } + +-const char *xen_compile_host(void) ++const char *xen_compile_system_maintainer_domain(void) + { +- return XEN_COMPILE_HOST; ++ return XEN_COMPILE_SYSTEM_MAINTAINER_DOMAIN; ++} ++ ++const char *xen_compile_system_version(void) ++{ ++ return XEN_COMPILE_SYSTEM_VERSION; + } + + const char *xen_compiler(void) +@@ -60,11 +65,6 @@ const char *xen_changeset(void) + return XEN_CHANGESET; + } + +-const char *xen_banner(void) +-{ +- return XEN_BANNER; +-} +- + const char *xen_deny(void) + { + return ""; +diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c +index 7d0a603..f1ec810 100644 +--- a/xen/drivers/char/console.c ++++ b/xen/drivers/char/console.c +@@ -1000,14 +1000,11 @@ void __init console_init_preirq(void) + pv_console_set_rx_handler(serial_rx); + + /* HELLO WORLD --- start-of-day banner text. */ +- spin_lock(&console_lock); +- __putstr(xen_banner()); +- spin_unlock(&console_lock); +- printk("Xen version %d.%d%s (%s@%s) (%s) %s %s\n", ++ printk("Xen version %d.%d%s (%s %s) (%s@%s) (%s) %s %s\n", + xen_major_version(), xen_minor_version(), xen_extra_version(), +- xen_compile_by(), xen_compile_domain(), xen_compiler(), +- xen_build_info(), xen_compile_date()); +- printk("Latest ChangeSet: %s\n", xen_changeset()); ++ xen_compile_system_distribution(), xen_compile_system_version(), ++ xen_compile_system_maintainer_local(), xen_compile_system_maintainer_domain(), ++ xen_compiler(), xen_build_info(), xen_compile_date()); + + /* Locate and print the buildid, if applicable. */ + xen_build_init(); +diff --git a/xen/include/xen/compile.h.in b/xen/include/xen/compile.h.in +index 440ecb2..0c3ca58 100644 +--- a/xen/include/xen/compile.h.in ++++ b/xen/include/xen/compile.h.in +@@ -1,8 +1,9 @@ + #define XEN_COMPILE_DATE "@@date@@" + #define XEN_COMPILE_TIME "@@time@@" +-#define XEN_COMPILE_BY "@@whoami@@" +-#define XEN_COMPILE_DOMAIN "@@domain@@" +-#define XEN_COMPILE_HOST "@@hostname@@" ++#define XEN_COMPILE_SYSTEM_DISTRIBUTION "@@system_distribution@@" ++#define XEN_COMPILE_SYSTEM_MAINTAINER_DOMAIN "@@system_maintainer_domain@@" ++#define XEN_COMPILE_SYSTEM_MAINTAINER_LOCAL "@@system_maintainer_local@@" ++#define XEN_COMPILE_SYSTEM_VERSION "@@system_version@@" + #define XEN_COMPILER "@@compiler@@" + + #define XEN_VERSION @@version@@ +@@ -10,4 +11,3 @@ + #define XEN_EXTRAVERSION "@@extraversion@@" + + #define XEN_CHANGESET "@@changeset@@" +-#define XEN_BANNER \ +diff --git a/xen/include/xen/version.h b/xen/include/xen/version.h +index 93c5877..9d98d6e 100644 +--- a/xen/include/xen/version.h ++++ b/xen/include/xen/version.h +@@ -6,9 +6,10 @@ + + const char *xen_compile_date(void); + const char *xen_compile_time(void); +-const char *xen_compile_by(void); +-const char *xen_compile_domain(void); +-const char *xen_compile_host(void); ++const char *xen_compile_system_distribution(void); ++const char *xen_compile_system_maintainer_domain(void); ++const char *xen_compile_system_maintainer_local(void); ++const char *xen_compile_system_version(void); + const char *xen_compiler(void); + unsigned int xen_major_version(void); + unsigned int xen_minor_version(void); diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0003-version.patch 4.16.1-1/debian/patches/0003-version.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0003-version.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0003-version.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,176 +0,0 @@ -From: Bastian Blank -Date: Sat, 5 Jul 2014 11:46:43 +0200 -Subject: version - ---- - xen/Makefile | 8 +++++--- - xen/common/kernel.c | 8 ++++---- - xen/common/version.c | 22 +++++++++++----------- - xen/drivers/char/console.c | 9 +++------ - xen/include/xen/compile.h.in | 8 ++++---- - xen/include/xen/version.h | 7 ++++--- - 6 files changed, 31 insertions(+), 31 deletions(-) - -diff --git a/xen/Makefile b/xen/Makefile -index e20d61b..b211dbe 100644 ---- a/xen/Makefile -+++ b/xen/Makefile -@@ -382,7 +382,7 @@ delete-unfresh-files: - @mv -f $@.tmp $@ - - # compile.h contains dynamic build info. Rebuilt on every 'make' invocation. --include/xen/compile.h: include/xen/compile.h.in .banner -+include/xen/compile.h: include/xen/compile.h.in - @sed -e 's/@@date@@/$(XEN_BUILD_DATE)/g' \ - -e 's/@@time@@/$(XEN_BUILD_TIME)/g' \ - -e 's/@@whoami@@/$(XEN_WHOAMI)/g' \ -@@ -393,9 +393,11 @@ include/xen/compile.h: include/xen/compile.h.in .banner - -e 's/@@subversion@@/$(XEN_SUBVERSION)/g' \ - -e 's/@@extraversion@@/$(XEN_EXTRAVERSION)/g' \ - -e 's!@@changeset@@!$(shell tools/scmversion $(XEN_ROOT) || echo "unavailable")!g' \ -+ -e 's/@@system_distribution@@/$(shell lsb_release -is)/g' \ -+ -e 's/@@system_maintainer_domain@@/$(shell cd ../../../..; dpkg-parsechangelog | sed -ne 's,^Maintainer: .[^<]*<[^@>]*@\([^>]*\)>,\1,p')/g' \ -+ -e 's/@@system_maintainer_local@@/$(shell cd ../../../..; dpkg-parsechangelog | sed -ne 's,^Maintainer: .[^<]*<\([^@>]*\)@.*>,\1,p')/g' \ -+ -e 's/@@system_version@@/$(shell cd ../../../..; dpkg-parsechangelog | awk '/^Version:/ {print $$2}')/g' \ - < include/xen/compile.h.in > $@.new -- @cat .banner -- @sed -rf tools/process-banner.sed < .banner >> $@.new - @mv -f $@.new $@ - - include/asm-$(TARGET_ARCH)/asm-offsets.h: arch/$(TARGET_ARCH)/asm-offsets.s -diff --git a/xen/common/kernel.c b/xen/common/kernel.c -index c3a943f..12bdf9d 100644 ---- a/xen/common/kernel.c -+++ b/xen/common/kernel.c -@@ -398,9 +398,9 @@ static int __init buildinfo_init(void) - - hypfs_add_dir(&buildinfo, &compileinfo, true); - hypfs_string_set_reference(&compiler, xen_compiler()); -- hypfs_string_set_reference(&compile_by, xen_compile_by()); -+ hypfs_string_set_reference(&compile_by, xen_compile_system_maintainer_local()); - hypfs_string_set_reference(&compile_date, xen_compile_date()); -- hypfs_string_set_reference(&compile_domain, xen_compile_domain()); -+ hypfs_string_set_reference(&compile_domain, xen_compile_system_maintainer_domain()); - hypfs_add_leaf(&compileinfo, &compiler, true); - hypfs_add_leaf(&compileinfo, &compile_by, true); - hypfs_add_leaf(&compileinfo, &compile_date, true); -@@ -481,8 +481,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) - - memset(&info, 0, sizeof(info)); - safe_strcpy(info.compiler, deny ? xen_deny() : xen_compiler()); -- safe_strcpy(info.compile_by, deny ? xen_deny() : xen_compile_by()); -- safe_strcpy(info.compile_domain, deny ? xen_deny() : xen_compile_domain()); -+ safe_strcpy(info.compile_by, deny ? xen_deny() : xen_compile_system_maintainer_local()); -+ safe_strcpy(info.compile_domain, deny ? xen_deny() : xen_compile_system_maintainer_domain()); - safe_strcpy(info.compile_date, deny ? xen_deny() : xen_compile_date()); - if ( copy_to_guest(arg, &info, 1) ) - return -EFAULT; -diff --git a/xen/common/version.c b/xen/common/version.c -index 937eb12..781cd03 100644 ---- a/xen/common/version.c -+++ b/xen/common/version.c -@@ -20,19 +20,24 @@ const char *xen_compile_time(void) - return XEN_COMPILE_TIME; - } - --const char *xen_compile_by(void) -+const char *xen_compile_system_distribution(void) - { -- return XEN_COMPILE_BY; -+ return XEN_COMPILE_SYSTEM_DISTRIBUTION; - } - --const char *xen_compile_domain(void) -+const char *xen_compile_system_maintainer_local(void) - { -- return XEN_COMPILE_DOMAIN; -+ return XEN_COMPILE_SYSTEM_MAINTAINER_LOCAL; - } - --const char *xen_compile_host(void) -+const char *xen_compile_system_maintainer_domain(void) - { -- return XEN_COMPILE_HOST; -+ return XEN_COMPILE_SYSTEM_MAINTAINER_DOMAIN; -+} -+ -+const char *xen_compile_system_version(void) -+{ -+ return XEN_COMPILE_SYSTEM_VERSION; - } - - const char *xen_compiler(void) -@@ -60,11 +65,6 @@ const char *xen_changeset(void) - return XEN_CHANGESET; - } - --const char *xen_banner(void) --{ -- return XEN_BANNER; --} -- - const char *xen_deny(void) - { - return ""; -diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c -index 861ad53..501362e 100644 ---- a/xen/drivers/char/console.c -+++ b/xen/drivers/char/console.c -@@ -999,14 +999,11 @@ void __init console_init_preirq(void) - pv_console_set_rx_handler(serial_rx); - - /* HELLO WORLD --- start-of-day banner text. */ -- spin_lock(&console_lock); -- __putstr(xen_banner()); -- spin_unlock(&console_lock); -- printk("Xen version %d.%d%s (%s@%s) (%s) debug=%c " gcov_string " %s\n", -+ printk("Xen version %d.%d%s (%s %s) (%s@%s) (%s) debug=%c " gcov_string " %s\n", - xen_major_version(), xen_minor_version(), xen_extra_version(), -- xen_compile_by(), xen_compile_domain(), -+ xen_compile_system_distribution(), xen_compile_system_version(), -+ xen_compile_system_maintainer_local(), xen_compile_system_maintainer_domain(), - xen_compiler(), debug_build() ? 'y' : 'n', xen_compile_date()); -- printk("Latest ChangeSet: %s\n", xen_changeset()); - - /* Locate and print the buildid, if applicable. */ - xen_build_init(); -diff --git a/xen/include/xen/compile.h.in b/xen/include/xen/compile.h.in -index 440ecb2..0c3ca58 100644 ---- a/xen/include/xen/compile.h.in -+++ b/xen/include/xen/compile.h.in -@@ -1,8 +1,9 @@ - #define XEN_COMPILE_DATE "@@date@@" - #define XEN_COMPILE_TIME "@@time@@" --#define XEN_COMPILE_BY "@@whoami@@" --#define XEN_COMPILE_DOMAIN "@@domain@@" --#define XEN_COMPILE_HOST "@@hostname@@" -+#define XEN_COMPILE_SYSTEM_DISTRIBUTION "@@system_distribution@@" -+#define XEN_COMPILE_SYSTEM_MAINTAINER_DOMAIN "@@system_maintainer_domain@@" -+#define XEN_COMPILE_SYSTEM_MAINTAINER_LOCAL "@@system_maintainer_local@@" -+#define XEN_COMPILE_SYSTEM_VERSION "@@system_version@@" - #define XEN_COMPILER "@@compiler@@" - - #define XEN_VERSION @@version@@ -@@ -10,4 +11,3 @@ - #define XEN_EXTRAVERSION "@@extraversion@@" - - #define XEN_CHANGESET "@@changeset@@" --#define XEN_BANNER \ -diff --git a/xen/include/xen/version.h b/xen/include/xen/version.h -index 9ac926d..1553f22 100644 ---- a/xen/include/xen/version.h -+++ b/xen/include/xen/version.h -@@ -6,9 +6,10 @@ - - const char *xen_compile_date(void); - const char *xen_compile_time(void); --const char *xen_compile_by(void); --const char *xen_compile_domain(void); --const char *xen_compile_host(void); -+const char *xen_compile_system_distribution(void); -+const char *xen_compile_system_maintainer_domain(void); -+const char *xen_compile_system_maintainer_local(void); -+const char *xen_compile_system_version(void); - const char *xen_compiler(void); - unsigned int xen_major_version(void); - unsigned int xen_minor_version(void); diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0005-Do-not-ship-COPYING-into-usr-include.patch 4.16.1-1/debian/patches/0005-Do-not-ship-COPYING-into-usr-include.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0005-Do-not-ship-COPYING-into-usr-include.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0005-Do-not-ship-COPYING-into-usr-include.patch 2022-05-09 20:29:23.000000000 +0000 @@ -13,18 +13,18 @@ Signed-off-by: Ian Jackson +Date: Thu, 20 Sep 2018 18:10:14 +0100 +Subject: Do not build the instruction emulator + +Signed-off-by: Ian Jackson +--- + tools/fuzz/Makefile | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/tools/fuzz/Makefile b/tools/fuzz/Makefile +index 85213dc..6b7970b 100644 +--- a/tools/fuzz/Makefile ++++ b/tools/fuzz/Makefile +@@ -3,7 +3,10 @@ include $(XEN_ROOT)/tools/Rules.mk + + SUBDIRS-y := + SUBDIRS-y += libelf +-SUBDIRS-y += x86_instruction_emulator ++ ++#SUBDIRS-y += x86_instruction_emulator ++# This does not compile with Debian's userland compile options, ++# which include fortify etc. + + .PHONY: all clean distclean install uninstall + all clean distclean install uninstall: %: subdirs-% diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0008-Do-not-build-the-instruction-emulator.patch 4.16.1-1/debian/patches/0008-Do-not-build-the-instruction-emulator.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0008-Do-not-build-the-instruction-emulator.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0008-Do-not-build-the-instruction-emulator.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -From: Ian Jackson -Date: Thu, 20 Sep 2018 18:10:14 +0100 -Subject: Do not build the instruction emulator - -Signed-off-by: Ian Jackson ---- - tools/fuzz/Makefile | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/tools/fuzz/Makefile b/tools/fuzz/Makefile -index 85213dc..6b7970b 100644 ---- a/tools/fuzz/Makefile -+++ b/tools/fuzz/Makefile -@@ -3,7 +3,10 @@ include $(XEN_ROOT)/tools/Rules.mk - - SUBDIRS-y := - SUBDIRS-y += libelf --SUBDIRS-y += x86_instruction_emulator -+ -+#SUBDIRS-y += x86_instruction_emulator -+# This does not compile with Debian's userland compile options, -+# which include fortify etc. - - .PHONY: all clean distclean install uninstall - all clean distclean install uninstall: %: subdirs-% diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0008-tools-libfsimage-prefix.diff.patch 4.16.1-1/debian/patches/0008-tools-libfsimage-prefix.diff.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0008-tools-libfsimage-prefix.diff.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0008-tools-libfsimage-prefix.diff.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,83 @@ +From: Hans van Kranenburg +Date: Mon, 25 May 2020 17:08:18 +0200 +Subject: tools-libfsimage-prefix.diff + +\o/ +--- + tools/Rules.mk | 2 ++ + tools/libfsimage/Rules.mk | 3 ++- + tools/libfsimage/common/Makefile | 16 +++++++++------- + 3 files changed, 13 insertions(+), 8 deletions(-) + +diff --git a/tools/Rules.mk b/tools/Rules.mk +index 051a5d3..ccde2d4 100644 +--- a/tools/Rules.mk ++++ b/tools/Rules.mk +@@ -16,6 +16,8 @@ INSTALL = $(XEN_ROOT)/tools/cross-install + + LDFLAGS += $(PREPEND_LDFLAGS_XEN_TOOLS) + ++LDFLAGS_RPATH = -Wl,-rpath,'$${ORIGIN}$(if $(1),/$(1))' ++ + XEN_INCLUDE = $(XEN_ROOT)/tools/include + + include $(XEN_ROOT)/tools/libs/uselibs.mk +diff --git a/tools/libfsimage/Rules.mk b/tools/libfsimage/Rules.mk +index bb6d42a..38cc539 100644 +--- a/tools/libfsimage/Rules.mk ++++ b/tools/libfsimage/Rules.mk +@@ -3,10 +3,11 @@ include $(XEN_ROOT)/tools/Rules.mk + CFLAGS += -Wno-unknown-pragmas -I$(XEN_ROOT)/tools/libfsimage/common/ -DFSIMAGE_FSDIR=\"$(FSDIR)\" + CFLAGS += -Werror -D_GNU_SOURCE + LDFLAGS += -L../common/ ++LDFLAGS += $(call LDFLAGS_RPATH,../..) + + PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y)) + +-FSDIR = $(libdir)/xenfsimage ++FSDIR = $(LIBEXEC_LIB)/xenfsimage + + FSLIB = fsimage.so + +diff --git a/tools/libfsimage/common/Makefile b/tools/libfsimage/common/Makefile +index 24bc90e..88d964a 100644 +--- a/tools/libfsimage/common/Makefile ++++ b/tools/libfsimage/common/Makefile +@@ -4,6 +4,8 @@ include $(XEN_ROOT)/tools/libfsimage/Rules.mk + MAJOR = 4.16 + MINOR = 0 + ++CFLAGS += -DFSDIR="\"$(LIBEXEC_LIB)/fs\"" ++ + LDFLAGS-$(CONFIG_SunOS) = -Wl,-M -Wl,mapfile-SunOS + LDFLAGS-$(CONFIG_Linux) = -Wl,mapfile-GNU + LDFLAGS += $(LDFLAGS-y) +@@ -22,11 +24,11 @@ all: $(LIB) + + .PHONY: install + install: all +- $(INSTALL_DIR) $(DESTDIR)$(libdir) ++ $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_LIB) + $(INSTALL_DIR) $(DESTDIR)$(includedir) +- $(INSTALL_PROG) libxenfsimage.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir) +- ln -sf libxenfsimage.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenfsimage.so.$(MAJOR) +- ln -sf libxenfsimage.so.$(MAJOR) $(DESTDIR)$(libdir)/libxenfsimage.so ++ $(INSTALL_PROG) libxenfsimage.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBEXEC_LIB) ++ ln -sf libxenfsimage.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBEXEC_LIB)/libxenfsimage.so.$(MAJOR) ++ ln -sf libxenfsimage.so.$(MAJOR) $(DESTDIR)$(LIBEXEC_LIB)/libxenfsimage.so + $(INSTALL_DATA) xenfsimage.h $(DESTDIR)$(includedir) + $(INSTALL_DATA) xenfsimage_plugin.h $(DESTDIR)$(includedir) + $(INSTALL_DATA) xenfsimage_grub.h $(DESTDIR)$(includedir) +@@ -36,9 +38,9 @@ uninstall: + rm -f $(DESTDIR)$(includedir)/xenfsimage_grub.h + rm -f $(DESTDIR)$(includedir)/xenfsimage_plugin.h + rm -f $(DESTDIR)$(includedir)/xenfsimage.h +- rm -f $(DESTDIR)$(libdir)/libxenfsimage.so +- rm -f $(DESTDIR)$(libdir)/libxenfsimage.so.$(MAJOR) +- rm -f $(DESTDIR)$(libdir)/libxenfsimage.so.$(MAJOR).$(MINOR) ++ rm -f $(DESTDIR)$(LIBEXEC_LIB)/libxenfsimage.so ++ rm -f $(DESTDIR)$(LIBEXEC_LIB)/libxenfsimage.so.$(MAJOR) ++ rm -f $(DESTDIR)$(LIBEXEC_LIB)/libxenfsimage.so.$(MAJOR).$(MINOR) + + clean distclean:: + rm -f $(LIB) diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0009-autoconf-Provide-libexec_libdir_suffix.patch 4.16.1-1/debian/patches/0009-autoconf-Provide-libexec_libdir_suffix.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0009-autoconf-Provide-libexec_libdir_suffix.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0009-autoconf-Provide-libexec_libdir_suffix.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,39 @@ +From: Ian Jackson +Date: Wed, 3 Oct 2018 16:25:58 +0100 +Subject: autoconf: Provide libexec_libdir_suffix + +This is going to be used to put libfsimage.so into a path containing +the multiarch triplet. + +Signed-off-by: Ian Jackson +--- + m4/paths.m4 | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/m4/paths.m4 b/m4/paths.m4 +index 7be314a..9cf906e 100644 +--- a/m4/paths.m4 ++++ b/m4/paths.m4 +@@ -84,6 +84,13 @@ AC_ARG_WITH([xen-scriptdir], + XEN_SCRIPT_DIR=$xen_scriptdir_path + AC_SUBST(XEN_SCRIPT_DIR) + ++dnl Allows .../libexec/lib (used for libfsimage) to have a multiarch path ++AC_ARG_WITH([libexec-libdir-suffix], ++ AS_HELP_STRING([--with-libexec-libdir-suffix=/SUFFIX], ++ [Name of subdirectory or suffix to use after ...LIBEXEC/lib.]), ++ [libexec_libdir_suffix=$withval], ++ [libexec_libdir_suffix='']) ++ + AC_ARG_WITH([xen-dumpdir], + AS_HELP_STRING([--with-xen-dumpdir=DIR], + [Path to directory for domU crash dumps. [LOCALSTATEDIR/lib/xen/dump]]), +@@ -117,7 +124,7 @@ AC_SUBST(LIBEXEC) + dnl These variables will be substituted in various .in files + LIBEXEC_BIN=${LIBEXEC}/bin + AC_SUBST(LIBEXEC_BIN) +-LIBEXEC_LIB=${LIBEXEC}/lib ++LIBEXEC_LIB=${LIBEXEC}/lib${libexec_libdir_suffix} + AC_SUBST(LIBEXEC_LIB) + LIBEXEC_INC=${LIBEXEC}/include + AC_SUBST(LIBEXEC_INC) diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0009-tools-libfsimage-prefix.diff.patch 4.16.1-1/debian/patches/0009-tools-libfsimage-prefix.diff.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0009-tools-libfsimage-prefix.diff.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0009-tools-libfsimage-prefix.diff.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,83 +0,0 @@ -From: Hans van Kranenburg -Date: Mon, 25 May 2020 17:08:18 +0200 -Subject: tools-libfsimage-prefix.diff - -\o/ ---- - tools/Rules.mk | 2 ++ - tools/libfsimage/Rules.mk | 3 ++- - tools/libfsimage/common/Makefile | 16 +++++++++------- - 3 files changed, 13 insertions(+), 8 deletions(-) - -diff --git a/tools/Rules.mk b/tools/Rules.mk -index 6774711..96dfe65 100644 ---- a/tools/Rules.mk -+++ b/tools/Rules.mk -@@ -11,6 +11,8 @@ INSTALL = $(XEN_ROOT)/tools/cross-install - - LDFLAGS += $(PREPEND_LDFLAGS_XEN_TOOLS) - -+LDFLAGS_RPATH = -Wl,-rpath,'$${ORIGIN}$(if $(1),/$(1))' -+ - XEN_INCLUDE = $(XEN_ROOT)/tools/include - XEN_LIBXENTOOLCORE = $(XEN_ROOT)/tools/libs/toolcore - XEN_LIBXENTOOLLOG = $(XEN_ROOT)/tools/libs/toollog -diff --git a/tools/libfsimage/Rules.mk b/tools/libfsimage/Rules.mk -index bb6d42a..38cc539 100644 ---- a/tools/libfsimage/Rules.mk -+++ b/tools/libfsimage/Rules.mk -@@ -3,10 +3,11 @@ include $(XEN_ROOT)/tools/Rules.mk - CFLAGS += -Wno-unknown-pragmas -I$(XEN_ROOT)/tools/libfsimage/common/ -DFSIMAGE_FSDIR=\"$(FSDIR)\" - CFLAGS += -Werror -D_GNU_SOURCE - LDFLAGS += -L../common/ -+LDFLAGS += $(call LDFLAGS_RPATH,../..) - - PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y)) - --FSDIR = $(libdir)/xenfsimage -+FSDIR = $(LIBEXEC_LIB)/xenfsimage - - FSLIB = fsimage.so - -diff --git a/tools/libfsimage/common/Makefile b/tools/libfsimage/common/Makefile -index 8c8ba09..cb5fe56 100644 ---- a/tools/libfsimage/common/Makefile -+++ b/tools/libfsimage/common/Makefile -@@ -4,6 +4,8 @@ include $(XEN_ROOT)/tools/libfsimage/Rules.mk - MAJOR = 4.14 - MINOR = 0 - -+CFLAGS += -DFSDIR="\"$(LIBEXEC_LIB)/fs\"" -+ - LDFLAGS-$(CONFIG_SunOS) = -Wl,-M -Wl,mapfile-SunOS - LDFLAGS-$(CONFIG_Linux) = -Wl,mapfile-GNU - LDFLAGS += $(LDFLAGS-y) -@@ -22,11 +24,11 @@ all: $(LIB) - - .PHONY: install - install: all -- $(INSTALL_DIR) $(DESTDIR)$(libdir) -+ $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_LIB) - $(INSTALL_DIR) $(DESTDIR)$(includedir) -- $(INSTALL_PROG) libxenfsimage.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir) -- ln -sf libxenfsimage.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenfsimage.so.$(MAJOR) -- ln -sf libxenfsimage.so.$(MAJOR) $(DESTDIR)$(libdir)/libxenfsimage.so -+ $(INSTALL_PROG) libxenfsimage.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBEXEC_LIB) -+ ln -sf libxenfsimage.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBEXEC_LIB)/libxenfsimage.so.$(MAJOR) -+ ln -sf libxenfsimage.so.$(MAJOR) $(DESTDIR)$(LIBEXEC_LIB)/libxenfsimage.so - $(INSTALL_DATA) xenfsimage.h $(DESTDIR)$(includedir) - $(INSTALL_DATA) xenfsimage_plugin.h $(DESTDIR)$(includedir) - $(INSTALL_DATA) xenfsimage_grub.h $(DESTDIR)$(includedir) -@@ -36,9 +38,9 @@ uninstall: - rm -f $(DESTDIR)$(includedir)/xenfsimage_grub.h - rm -f $(DESTDIR)$(includedir)/xenfsimage_plugin.h - rm -f $(DESTDIR)$(includedir)/xenfsimage.h -- rm -f $(DESTDIR)$(libdir)/libxenfsimage.so -- rm -f $(DESTDIR)$(libdir)/libxenfsimage.so.$(MAJOR) -- rm -f $(DESTDIR)$(libdir)/libxenfsimage.so.$(MAJOR).$(MINOR) -+ rm -f $(DESTDIR)$(LIBEXEC_LIB)/libxenfsimage.so -+ rm -f $(DESTDIR)$(LIBEXEC_LIB)/libxenfsimage.so.$(MAJOR) -+ rm -f $(DESTDIR)$(LIBEXEC_LIB)/libxenfsimage.so.$(MAJOR).$(MINOR) - - clean distclean:: - rm -f $(LIB) diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0010-autoconf-Provide-libexec_libdir_suffix.patch 4.16.1-1/debian/patches/0010-autoconf-Provide-libexec_libdir_suffix.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0010-autoconf-Provide-libexec_libdir_suffix.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0010-autoconf-Provide-libexec_libdir_suffix.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -From: Ian Jackson -Date: Wed, 3 Oct 2018 16:25:58 +0100 -Subject: autoconf: Provide libexec_libdir_suffix - -This is going to be used to put libfsimage.so into a path containing -the multiarch triplet. - -Signed-off-by: Ian Jackson ---- - m4/paths.m4 | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/m4/paths.m4 b/m4/paths.m4 -index 89d3bb8..42b4970 100644 ---- a/m4/paths.m4 -+++ b/m4/paths.m4 -@@ -70,6 +70,13 @@ AC_ARG_WITH([libexec-leaf-dir], - [libexec_subdir=$withval], - [libexec_subdir=$PACKAGE_TARNAME]) - -+dnl Allows .../libexec/lib (used for libfsimage) to have a multiarch path -+AC_ARG_WITH([libexec-libdir-suffix], -+ AS_HELP_STRING([--with-libexec-libdir-suffix=/SUFFIX], -+ [Name of subdirectory or suffix to use after ...LIBEXEC/lib.]), -+ [libexec_libdir_suffix=$withval], -+ [libexec_libdir_suffix='']) -+ - AC_ARG_WITH([xen-dumpdir], - AS_HELP_STRING([--with-xen-dumpdir=DIR], - [Path to directory for domU crash dumps. [LOCALSTATEDIR/lib/xen/dump]]), -@@ -103,7 +110,7 @@ AC_SUBST(LIBEXEC) - dnl These variables will be substituted in various .in files - LIBEXEC_BIN=${LIBEXEC}/bin - AC_SUBST(LIBEXEC_BIN) --LIBEXEC_LIB=${LIBEXEC}/lib -+LIBEXEC_LIB=${LIBEXEC}/lib${libexec_libdir_suffix} - AC_SUBST(LIBEXEC_LIB) - LIBEXEC_INC=${LIBEXEC}/include - AC_SUBST(LIBEXEC_INC) diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0010-.gitignore-Add-configure-output-which-we-always-dele.patch 4.16.1-1/debian/patches/0010-.gitignore-Add-configure-output-which-we-always-dele.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0010-.gitignore-Add-configure-output-which-we-always-dele.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0010-.gitignore-Add-configure-output-which-we-always-dele.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,24 @@ +From: Ian Jackson +Date: Fri, 5 Oct 2018 18:05:48 +0100 +Subject: .gitignore: Add configure output which we always delete and + regenerate + +Signed-off-by: Ian Jackson +--- + .gitignore | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/.gitignore b/.gitignore +index 8ebb51b..aa68745 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -432,3 +432,9 @@ tools/xl/xl + docs/txt/misc/*.txt + docs/txt/man/*.txt + docs/figs/*.png ++ ++configure ++docs/configure ++tools/configure ++config.sub ++config.guess diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0011-config-Tools.mk.in-Respect-caller-s-CONFIG_PV_SHIM.patch 4.16.1-1/debian/patches/0011-config-Tools.mk.in-Respect-caller-s-CONFIG_PV_SHIM.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0011-config-Tools.mk.in-Respect-caller-s-CONFIG_PV_SHIM.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0011-config-Tools.mk.in-Respect-caller-s-CONFIG_PV_SHIM.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,26 @@ +From: Ian Jackson +Date: Fri, 12 Oct 2018 16:00:16 +0000 +Subject: config/Tools.mk.in: Respect caller's CONFIG_PV_SHIM + +This makes it easier to disable the shim build. (In Debian we need to +build the shim separately because it needs different compiler flags). + +Signed-off-by: Ian Jackson +[ Hans: adjust from tools/firmware/Makefile to config/Tools.mk.in to +follow changes that happened in 8845155c83 ("pvshim: make PV shim build +selectable from configure") ] +Signed-off-by: Hans van Kranenburg +--- + config/Tools.mk.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/config/Tools.mk.in b/config/Tools.mk.in +index 934d899..03313b3 100644 +--- a/config/Tools.mk.in ++++ b/config/Tools.mk.in +@@ -75,4 +75,4 @@ ARGP_LDFLAGS := @argp_ldflags@ + + FILE_OFFSET_BITS := @FILE_OFFSET_BITS@ + +-CONFIG_PV_SHIM := @pvshim@ ++CONFIG_PV_SHIM ?= @pvshim@ diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0011-.gitignore-Add-configure-output-which-we-always-dele.patch 4.16.1-1/debian/patches/0011-.gitignore-Add-configure-output-which-we-always-dele.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0011-.gitignore-Add-configure-output-which-we-always-dele.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0011-.gitignore-Add-configure-output-which-we-always-dele.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -From: Ian Jackson -Date: Fri, 5 Oct 2018 18:05:48 +0100 -Subject: .gitignore: Add configure output which we always delete and - regenerate - -Signed-off-by: Ian Jackson ---- - .gitignore | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/.gitignore b/.gitignore -index 36ce2ea..98cb39e 100644 ---- a/.gitignore -+++ b/.gitignore -@@ -416,3 +416,9 @@ tools/xl/xl - docs/txt/misc/*.txt - docs/txt/man/*.txt - docs/figs/*.png -+ -+configure -+docs/configure -+tools/configure -+config.sub -+config.guess diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0012-Revert-pvshim-make-PV-shim-build-selectable-from-con.patch 4.16.1-1/debian/patches/0012-Revert-pvshim-make-PV-shim-build-selectable-from-con.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0012-Revert-pvshim-make-PV-shim-build-selectable-from-con.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0012-Revert-pvshim-make-PV-shim-build-selectable-from-con.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,70 +0,0 @@ -From: Hans van Kranenburg -Date: Sun, 22 Nov 2020 00:40:58 +0100 -Subject: Revert "pvshim: make PV shim build selectable from configure" - -This reverts commit 8845155c831c59e867ee3dd31ee63e0cc6c7dcf2. - -This upstream change changes stuff that breaks our very fragile mess -that builds the shim when it needs to, and doesn't when it should not. - -The result is that it's missing in the end for the i386 build... :| - - dh_install: warning: Cannot find (any matches for) - "usr/lib/debug/usr/lib/xen-*/boot/*" (tried in ., debian/tmp) - - dh_install: warning: xen-utils-4.14 missing files: - usr/lib/debug/usr/lib/xen-*/boot/* - dh_install: error: missing files, aborting ---- - config/Tools.mk.in | 2 -- - tools/configure.ac | 13 ------------- - tools/firmware/Makefile | 4 ++++ - 3 files changed, 4 insertions(+), 15 deletions(-) - -diff --git a/config/Tools.mk.in b/config/Tools.mk.in -index 23df47a..6408e42 100644 ---- a/config/Tools.mk.in -+++ b/config/Tools.mk.in -@@ -75,5 +75,3 @@ TINFO_LIBS := @TINFO_LIBS@ - ARGP_LDFLAGS := @argp_ldflags@ - - FILE_OFFSET_BITS := @FILE_OFFSET_BITS@ -- --CONFIG_PV_SHIM := @pvshim@ -diff --git a/tools/configure.ac b/tools/configure.ac -index 9d126b7..88e66d1 100644 ---- a/tools/configure.ac -+++ b/tools/configure.ac -@@ -503,17 +503,4 @@ AC_ARG_ENABLE([9pfs], - - AC_SUBST(ninepfs) - --AC_ARG_ENABLE([pvshim], -- AS_HELP_STRING([--disable-pvshim], -- [Disable pvshim build (enabled by default on 64bit x86)]), -- [AS_IF([test "x$enable_pvshim" = "xno"], [pvshim=n], [pvshim=y])], [ -- cpu=`test -z "$target_cpu" && echo "$host_cpu" || echo "$target_cpu"` -- case "${XEN_COMPILE_ARCH-${XEN_TARGET_ARCH-$cpu}}" in -- x86_64) -- pvshim="y";; -- *) pvshim="n";; -- esac --]) --AC_SUBST(pvshim) -- - AC_OUTPUT() -diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile -index 809a5fd..cf304fc 100644 ---- a/tools/firmware/Makefile -+++ b/tools/firmware/Makefile -@@ -1,6 +1,10 @@ - XEN_ROOT = $(CURDIR)/../.. - include $(XEN_ROOT)/tools/Rules.mk - -+ifneq ($(XEN_TARGET_ARCH),x86_32) -+CONFIG_PV_SHIM := y -+endif -+ - # hvmloader is a 32-bit protected mode binary. - TARGET := hvmloader/hvmloader - INST_DIR := $(DESTDIR)$(XENFIRMWAREDIR) diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0012-shim-Provide-separate-install-shim-target.patch 4.16.1-1/debian/patches/0012-shim-Provide-separate-install-shim-target.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0012-shim-Provide-separate-install-shim-target.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0012-shim-Provide-separate-install-shim-target.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,78 @@ +From: Ian Jackson +Date: Fri, 12 Oct 2018 17:17:10 +0000 +Subject: shim: Provide separate install-shim target + +When building on a 32-bit userland, the user wants to build 32-bit +tools and a 64-bit hypervisor. This involves setting XEN_TARGET_ARCH +to different values for the tools build and the hypervisor build. + +So the user must invoke the tools build and the hypervisor build +separately. + +However, although the shim is done by the tools/firmware Makefile, its +bitness needs to be the same as the hypervisor, not the same as the +tools. When run with XEN_TARGET_ARCH=x86_32, it it skipped, which is +wrong. + +So the user must invoke the shim build separately. This can be done +with + make -C tools/firmware/xen-dir XEN_TARGET_ARCH=x86_64 + +However, tools/firmware/xen-dir has no `install' target. The +installation of all `firmware' is done in tools/firmware/Makefile. It +might be possible to fix this, but it is not trivial. For example, +the definitions of INST_DIR and DEBG_DIR would need to be copied, as +would an appropriate $(INSTALL_DIR) call. + +For now, provide an `install-shim' target in tools/firmware/Makefile. + +This has to be called from `install' of course. We can't make it +a dependency of `install' because it might be run before `all' has +completed. We could make it depend on a `shim' target but such +a target is nearly impossible to write because everything is done by +the inflexible subdir-$@ machinery. + +The overally result of this patch is that existing make invocations +work as before. But additionally, the user can say + make -C tools/firmware install-shim XEN_TARGET_ARCH=x86_64 +to install the shim. The user must have built it already. +Unlike the build rune, this install-rune is properly conditional +so it is OK to call on ARM. + +What a mess. + +Signed-off-by: Ian Jackson +--- + tools/firmware/Makefile | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile +index 1f27117..bbfd141 100644 +--- a/tools/firmware/Makefile ++++ b/tools/firmware/Makefile +@@ -43,6 +43,13 @@ ifeq ($(CONFIG_ROMBIOS),y) + endif + $(MAKE) CC=$(CC) PYTHON=$(PYTHON) subdirs-$@ + ++.PHONY: install-shim ++install-shim: ++ifeq ($(CONFIG_PV_SHIM),y) ++ $(INSTALL_DATA) xen-dir/xen-shim $(INST_DIR)/xen-shim ++ $(INSTALL_DATA) xen-dir/xen-shim-syms $(DEBG_DIR)/xen-shim-syms ++endif ++ + .PHONY: install + install: all + [ -d $(INST_DIR) ] || $(INSTALL_DIR) $(INST_DIR) +@@ -57,10 +64,7 @@ endif + ifeq ($(CONFIG_IPXE),y) + $(INSTALL_DATA) etherboot/ipxe/src/bin/ipxe.bin $(INST_DIR)/ipxe.bin + endif +-ifeq ($(CONFIG_PV_SHIM),y) +- $(INSTALL_DATA) xen-dir/xen-shim $(INST_DIR)/xen-shim +- $(INSTALL_DATA) xen-dir/xen-shim-syms $(DEBG_DIR)/xen-shim-syms +-endif ++ $(MAKE) install-shim + + .PHONY: uninstall + uninstall: diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0013-docs-man-xen-vbd-interface.7-Provide-properly-format.patch 4.16.1-1/debian/patches/0013-docs-man-xen-vbd-interface.7-Provide-properly-format.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0013-docs-man-xen-vbd-interface.7-Provide-properly-format.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0013-docs-man-xen-vbd-interface.7-Provide-properly-format.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,27 @@ +From: Ian Jackson +Date: Fri, 12 Oct 2018 17:56:56 +0100 +Subject: docs/man/xen-vbd-interface.7: Provide properly-formatted NAME + section + +This manpage was omitted from + docs/man: Provide properly-formatted NAME sections +because I was previously building with markdown not installed. + +Signed-off-by: Ian Jackson +--- + docs/man/xen-vbd-interface.7.pandoc | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/docs/man/xen-vbd-interface.7.pandoc b/docs/man/xen-vbd-interface.7.pandoc +index ba0d159..2f18d5b 100644 +--- a/docs/man/xen-vbd-interface.7.pandoc ++++ b/docs/man/xen-vbd-interface.7.pandoc +@@ -1,3 +1,8 @@ ++Name ++---- ++ ++xen-vbd-interface - Xen paravirtualised block device protocol ++ + Xen guest interface + ------------------- + diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0013-tools-firmware-Makfile-Respect-caller-s-CONFIG_PV_SH.patch 4.16.1-1/debian/patches/0013-tools-firmware-Makfile-Respect-caller-s-CONFIG_PV_SH.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0013-tools-firmware-Makfile-Respect-caller-s-CONFIG_PV_SH.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0013-tools-firmware-Makfile-Respect-caller-s-CONFIG_PV_SH.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ -From: Ian Jackson -Date: Fri, 12 Oct 2018 16:00:16 +0000 -Subject: tools/firmware/Makfile: Respect caller's CONFIG_PV_SHIM - -This makes it easier to disable the shim build. (In Debian we need to -build the shim separately because it needs different compiler flags -and a different XEN_COMPILE_ARCH. - -Signed-off-by: Ian Jackson ---- - tools/firmware/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile -index cf304fc..69f63b1 100644 ---- a/tools/firmware/Makefile -+++ b/tools/firmware/Makefile -@@ -2,7 +2,7 @@ XEN_ROOT = $(CURDIR)/../.. - include $(XEN_ROOT)/tools/Rules.mk - - ifneq ($(XEN_TARGET_ARCH),x86_32) --CONFIG_PV_SHIM := y -+CONFIG_PV_SHIM ?= y - endif - - # hvmloader is a 32-bit protected mode binary. diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0014-t-h-L-vif-common.sh-disable-handle_iptable.patch 4.16.1-1/debian/patches/0014-t-h-L-vif-common.sh-disable-handle_iptable.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0014-t-h-L-vif-common.sh-disable-handle_iptable.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0014-t-h-L-vif-common.sh-disable-handle_iptable.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,40 @@ +From: Hans van Kranenburg +Date: Fri, 4 Jan 2019 00:35:45 +0100 +Subject: t/h/L/vif-common.sh: disable handle_iptable + +Also see Debian bug #894013. The current attempt at providing +anti-spoofing rules results in a situation that does not have any +effect. Also note that forwarding bridged traffic to iptables is not +enabled by default, and that for openvswitch users it does not make any +sense. + +So, stop cluttering the live iptables ruleset. + +This functionality seems to be introduced before 2004 and since then it +has never got some additional love. + +It would be nice to have a proper discussion upstream about how Xen +could provide some anti mac/ip spoofing in the dom0. It does not seem to +be a trivial thing to do, since it requires having quite some knowledge +about what the domU is allowed to do or not (e.g. a domU can be a +router...). + +Signed-off-by: Hans van Kranenburg +--- + tools/hotplug/Linux/vif-common.sh | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tools/hotplug/Linux/vif-common.sh b/tools/hotplug/Linux/vif-common.sh +index a8e6517..99ff1ba 100644 +--- a/tools/hotplug/Linux/vif-common.sh ++++ b/tools/hotplug/Linux/vif-common.sh +@@ -182,6 +182,9 @@ frob_iptable() + # + handle_iptable() + { ++ # This function is disabled in Debian packaging. See Debian bug #894013. ++ return 0 ++ + # Check for a working iptables installation. Checking for the iptables + # binary is not sufficient, because the user may not have the appropriate + # modules installed. If iptables is not working, then there's no need to do diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0014-tools-firmware-Makefile-CONFIG_PV_SHIM-enable-only-o.patch 4.16.1-1/debian/patches/0014-tools-firmware-Makefile-CONFIG_PV_SHIM-enable-only-o.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0014-tools-firmware-Makefile-CONFIG_PV_SHIM-enable-only-o.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0014-tools-firmware-Makefile-CONFIG_PV_SHIM-enable-only-o.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ -From: Ian Jackson -Date: Fri, 12 Oct 2018 17:56:04 +0000 -Subject: tools/firmware/Makefile: CONFIG_PV_SHIM: enable only on x86_64 - -Previously this was *dis*abled for x86_*32*. But if someone should -run some of this Makefile on ARM, say, it ought not to be built -either. - -Signed-off-by: Ian Jackson ---- - tools/firmware/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile -index 69f63b1..6f9034f 100644 ---- a/tools/firmware/Makefile -+++ b/tools/firmware/Makefile -@@ -1,7 +1,7 @@ - XEN_ROOT = $(CURDIR)/../.. - include $(XEN_ROOT)/tools/Rules.mk - --ifneq ($(XEN_TARGET_ARCH),x86_32) -+ifeq ($(XEN_TARGET_ARCH),x86_64) - CONFIG_PV_SHIM ?= y - endif - diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0015-shim-Provide-separate-install-shim-target.patch 4.16.1-1/debian/patches/0015-shim-Provide-separate-install-shim-target.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0015-shim-Provide-separate-install-shim-target.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0015-shim-Provide-separate-install-shim-target.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,78 +0,0 @@ -From: Ian Jackson -Date: Fri, 12 Oct 2018 17:17:10 +0000 -Subject: shim: Provide separate install-shim target - -When building on a 32-bit userland, the user wants to build 32-bit -tools and a 64-bit hypervisor. This involves setting XEN_TARGET_ARCH -to different values for the tools build and the hypervisor build. - -So the user must invoke the tools build and the hypervisor build -separately. - -However, although the shim is done by the tools/firmware Makefile, its -bitness needs to be the same as the hypervisor, not the same as the -tools. When run with XEN_TARGET_ARCH=x86_32, it it skipped, which is -wrong. - -So the user must invoke the shim build separately. This can be done -with - make -C tools/firmware/xen-dir XEN_TARGET_ARCH=x86_64 - -However, tools/firmware/xen-dir has no `install' target. The -installation of all `firmware' is done in tools/firmware/Makefile. It -might be possible to fix this, but it is not trivial. For example, -the definitions of INST_DIR and DEBG_DIR would need to be copied, as -would an appropriate $(INSTALL_DIR) call. - -For now, provide an `install-shim' target in tools/firmware/Makefile. - -This has to be called from `install' of course. We can't make it -a dependency of `install' because it might be run before `all' has -completed. We could make it depend on a `shim' target but such -a target is nearly impossible to write because everything is done by -the inflexible subdir-$@ machinery. - -The overally result of this patch is that existing make invocations -work as before. But additionally, the user can say - make -C tools/firmware install-shim XEN_TARGET_ARCH=x86_64 -to install the shim. The user must have built it already. -Unlike the build rune, this install-rune is properly conditional -so it is OK to call on ARM. - -What a mess. - -Signed-off-by: Ian Jackson ---- - tools/firmware/Makefile | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile -index 6f9034f..737a709 100644 ---- a/tools/firmware/Makefile -+++ b/tools/firmware/Makefile -@@ -47,6 +47,13 @@ ifeq ($(CONFIG_ROMBIOS),y) - endif - $(MAKE) CC=$(CC) PYTHON=$(PYTHON) subdirs-$@ - -+.PHONY: install-shim -+install-shim: -+ifeq ($(CONFIG_PV_SHIM),y) -+ $(INSTALL_DATA) xen-dir/xen-shim $(INST_DIR)/xen-shim -+ $(INSTALL_DATA) xen-dir/xen-shim-syms $(DEBG_DIR)/xen-shim-syms -+endif -+ - .PHONY: install - install: all - [ -d $(INST_DIR) ] || $(INSTALL_DIR) $(INST_DIR) -@@ -61,10 +68,7 @@ endif - ifeq ($(CONFIG_IPXE),y) - $(INSTALL_DATA) etherboot/ipxe/src/bin/ipxe.bin $(INST_DIR)/ipxe.bin - endif --ifeq ($(CONFIG_PV_SHIM),y) -- $(INSTALL_DATA) xen-dir/xen-shim $(INST_DIR)/xen-shim -- $(INSTALL_DATA) xen-dir/xen-shim-syms $(DEBG_DIR)/xen-shim-syms --endif -+ $(MAKE) install-shim - - .PHONY: uninstall - uninstall: diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0015-sysconfig.xencommons.in-Strip-and-debianize.patch 4.16.1-1/debian/patches/0015-sysconfig.xencommons.in-Strip-and-debianize.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0015-sysconfig.xencommons.in-Strip-and-debianize.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0015-sysconfig.xencommons.in-Strip-and-debianize.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,130 @@ +From: Hans van Kranenburg +Date: Sat, 9 Feb 2019 17:27:26 +0100 +Subject: sysconfig.xencommons.in: Strip and debianize + +Strip all options that are for stuff we don't ship, which is 1) +xenstored as stubdom and 2) the new options for oom score and open file +descriptor limit, which would not have any effect, because we're +shipping different init scripts... :| + +It seems useful to give the user the option to revert to xenstored +instead of the default oxenstored if they really want. + +Signed-off-by: Hans van Kranenburg +Acked-by: Ian Jackson +--- + tools/hotplug/Linux/init.d/sysconfig.xencommons.in | 82 +--------------------- + 1 file changed, 3 insertions(+), 79 deletions(-) + +diff --git a/tools/hotplug/Linux/init.d/sysconfig.xencommons.in b/tools/hotplug/Linux/init.d/sysconfig.xencommons.in +index 433e484..e948543 100644 +--- a/tools/hotplug/Linux/init.d/sysconfig.xencommons.in ++++ b/tools/hotplug/Linux/init.d/sysconfig.xencommons.in +@@ -6,104 +6,28 @@ + #XENCONSOLED_TRACE=[none|guest|hv|all] + + ## Type: string +-## Default: daemon ++## Default: oxenstored + # +-# Select type of xentore service. +-# +-# This can be either of: +-# * daemon +-# * domain +-# +-# Changing this requires a reboot to take effect. +-# +-#XENSTORETYPE=daemon +- +-## Type: string +-## Default: xenstored +-# +-# Select xenstore implementation, this can be either +-# of these below. +-# Only evaluated if XENSTORETYPE is "daemon". +-# +-# This can be either of: ++# Select xenstore implementation. This can be either of: + # * @sbindir@/oxenstored + # * @sbindir@/xenstored + # + # Changing this requires a reboot to take effect. + #XENSTORED=@XENSTORED@ + +-## Type: string +-## Default: unlimited +-# +-# Select maximum number of file descriptors xenstored is allowed to have +-# opened at one time. +-# For each HVM domain xenstored might need up to 5 open file descriptors, +-# PVH and PV domains will require up to 3 open file descriptors. Additionally +-# 20-30 file descriptors will be opened for internal uses. +-# The specified value (including "unlimited") will be capped by the contents +-# of /proc/sys/fs/nr_open if existing. +-# Only evaluated if XENSTORETYPE is "daemon". +-#XENSTORED_MAX_OPEN_FDS=unlimited +- + ## Type: string + ## Default: "" + # + # Additional commandline arguments to start xenstored, + # like "--trace-file @XEN_LOG_DIR@/xenstored-trace.log" +-# See "@sbindir@/xenstored --help" for possible options. +-# Only evaluated if XENSTORETYPE is "daemon". ++# See "@sbindir@/oxenstored --help" for possible options. + XENSTORED_ARGS= + + ## Type: string + ## Default: Not defined, tracing off + # + # Log xenstored messages +-# Only evaluated if XENSTORETYPE is "daemon". + #XENSTORED_TRACE=[yes|on|1] + +-## Type: integer +-## Default: 50 +-# +-# Percentage of dom0 memory size the xenstore daemon can use before the +-# OOM killer is allowed to kill it. +-# The specified value is multiplied by -10 and echoed to +-# /proc/PID/oom_score_adj. +-#XENSTORED_OOM_MEM_THRESHOLD=50 +- +-## Type: string +-## Default: @LIBEXEC@/boot/xenstore-stubdom.gz +-# +-# xenstore domain kernel. +-# Only evaluated if XENSTORETYPE is "domain". +-#XENSTORE_DOMAIN_KERNEL=@LIBEXEC@/boot/xenstore-stubdom.gz +- +-## Type: integer +-## Default: 8 +-# +-# xenstore domain memory size in MiB. +-# Only evaluated if XENSTORETYPE is "domain". +-#XENSTORE_DOMAIN_SIZE=8 +- +-## Type: string +-## Default: not set, no autoballooning of xenstore domain +-# +-# Maximum xenstore domain memory size. Can be specified as: +-# - plain integer value for max size in MiB +-# - fraction of host memory, e.g. 1/100 +-# - combination of both in form of : (e.g. 8:1/100), resulting +-# value will be the higher of both specifications +-# Only evaluated if XENSTORETYPE is "domain". +-#XENSTORE_MAX_DOMAIN_SIZE= +- +-## Type: string +-## Default: "" +-# +-# Additional arguments for starting the xenstore domain. +-# Only evaluated if XENSTORETYPE is "domain". +-XENSTORE_DOMAIN_ARGS= +- +-# qemu path +-#QEMU_XEN=@qemu_xen_path@ +- + # Dom0 UUID + #XEN_DOM0_UUID=00000000-0000-0000-0000-000000000000 diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0016-docs-man-xen-vbd-interface.7-Provide-properly-format.patch 4.16.1-1/debian/patches/0016-docs-man-xen-vbd-interface.7-Provide-properly-format.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0016-docs-man-xen-vbd-interface.7-Provide-properly-format.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0016-docs-man-xen-vbd-interface.7-Provide-properly-format.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -From: Ian Jackson -Date: Fri, 12 Oct 2018 17:56:56 +0100 -Subject: docs/man/xen-vbd-interface.7: Provide properly-formatted NAME - section - -This manpage was omitted from - docs/man: Provide properly-formatted NAME sections -because I was previously building with markdown not installed. - -Signed-off-by: Ian Jackson ---- - docs/man/xen-vbd-interface.7.pandoc | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/docs/man/xen-vbd-interface.7.pandoc b/docs/man/xen-vbd-interface.7.pandoc -index ba0d159..2f18d5b 100644 ---- a/docs/man/xen-vbd-interface.7.pandoc -+++ b/docs/man/xen-vbd-interface.7.pandoc -@@ -1,3 +1,8 @@ -+Name -+---- -+ -+xen-vbd-interface - Xen paravirtualised block device protocol -+ - Xen guest interface - ------------------- - diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0016-hotplug-common-Do-not-adjust-LD_LIBRARY_PATH.patch 4.16.1-1/debian/patches/0016-hotplug-common-Do-not-adjust-LD_LIBRARY_PATH.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0016-hotplug-common-Do-not-adjust-LD_LIBRARY_PATH.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0016-hotplug-common-Do-not-adjust-LD_LIBRARY_PATH.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,36 @@ +From: Ian Jackson +Date: Thu, 21 Feb 2019 16:05:40 +0000 +Subject: hotplug-common: Do not adjust LD_LIBRARY_PATH + +This is in the upstream script because on non-Debian systems, the +default install locations in /usr/local/lib might not be on the linker +path, and as a result the hotplug scripts would break. + +A reason we might need it in Debian is our multiple version +coinstallation scheme. However, the hotplug scripts all call the +utilities via the wrappers, and the binaries are configured to load +from the right place anyway. + +This setting is an annoyance because it requires libdir, which is an +arch-specific path but comes from a file we want to put in +xen-utils-common, an arch:all package. + +So drop this setting. + +Signed-off-by: Ian Jackson +--- + tools/hotplug/Linux/xen-hotplug-common.sh.in | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/tools/hotplug/Linux/xen-hotplug-common.sh.in b/tools/hotplug/Linux/xen-hotplug-common.sh.in +index 8c2cb9e..72cb7f6 100644 +--- a/tools/hotplug/Linux/xen-hotplug-common.sh.in ++++ b/tools/hotplug/Linux/xen-hotplug-common.sh.in +@@ -23,7 +23,6 @@ dir=$(dirname "$0") + exec 2>>@XEN_LOG_DIR@/xen-hotplug.log + + export PATH="${bindir}:${sbindir}:${LIBEXEC_BIN}:/sbin:/bin:/usr/bin:/usr/sbin:$PATH" +-export LD_LIBRARY_PATH="${libdir}${LD_LIBRARY_PATH+:}$LD_LIBRARY_PATH" + export LANG="POSIX" + unset $(set | grep ^LC_ | cut -d= -f1) + diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0017-Fix-empty-fields-in-first-hypervisor-log-line.patch 4.16.1-1/debian/patches/0017-Fix-empty-fields-in-first-hypervisor-log-line.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0017-Fix-empty-fields-in-first-hypervisor-log-line.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0017-Fix-empty-fields-in-first-hypervisor-log-line.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -From: Hans van Kranenburg -Date: Thu, 3 Jan 2019 22:03:06 +0100 -Subject: Fix empty fields in first hypervisor log line - -Instead of: - - (XEN) Xen version 4.11.1 (Debian ) - (@) - (gcc (Debian 8.2.0-13) 8.2.0) debug=n - Thu Jan 3 19:08:37 UTC 2019 - -I'd like to see: - - (XEN) Xen version 4.11.1 (Debian 4.11.1-1~) - (pkg-xen-devel@lists.alioth.debian.org) - (gcc (Debian 8.2.0-13) 8.2.0) debug=n - Thu Jan 3 22:44:00 CET 2019 - -The substitution was broken since the great packaging refactoring, -because the directory in which the build is done changed. - -Also, use the Maintainer address from debian/control instead of the most -recent changelog entry. If someone wants to use the address to ask a -question, they will end up at the team mailing list, which is better -than an individual person. ---- - xen/Makefile | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/xen/Makefile b/xen/Makefile -index b211dbe..9108a40 100644 ---- a/xen/Makefile -+++ b/xen/Makefile -@@ -394,9 +394,9 @@ include/xen/compile.h: include/xen/compile.h.in - -e 's/@@extraversion@@/$(XEN_EXTRAVERSION)/g' \ - -e 's!@@changeset@@!$(shell tools/scmversion $(XEN_ROOT) || echo "unavailable")!g' \ - -e 's/@@system_distribution@@/$(shell lsb_release -is)/g' \ -- -e 's/@@system_maintainer_domain@@/$(shell cd ../../../..; dpkg-parsechangelog | sed -ne 's,^Maintainer: .[^<]*<[^@>]*@\([^>]*\)>,\1,p')/g' \ -- -e 's/@@system_maintainer_local@@/$(shell cd ../../../..; dpkg-parsechangelog | sed -ne 's,^Maintainer: .[^<]*<\([^@>]*\)@.*>,\1,p')/g' \ -- -e 's/@@system_version@@/$(shell cd ../../../..; dpkg-parsechangelog | awk '/^Version:/ {print $$2}')/g' \ -+ -e 's/@@system_maintainer_domain@@/$(shell grep Maintainer ../debian/control | sed -ne 's,^Maintainer: .[^<]*<[^@>]*@\([^>]*\)>,\1,p')/g' \ -+ -e 's/@@system_maintainer_local@@/$(shell grep Maintainer ../debian/control | sed -ne 's,^Maintainer: .[^<]*<\([^@>]*\)@.*>,\1,p')/g' \ -+ -e 's/@@system_version@@/$(shell cd ..; dpkg-parsechangelog | awk '/^Version:/ {print $$2}')/g' \ - < include/xen/compile.h.in > $@.new - @mv -f $@.new $@ - diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0017-pygrub-Set-sys.path.patch 4.16.1-1/debian/patches/0017-pygrub-Set-sys.path.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0017-pygrub-Set-sys.path.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0017-pygrub-Set-sys.path.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,35 @@ +From: Bastian Blank +Date: Sat, 5 Jul 2014 11:47:01 +0200 +Subject: pygrub: Set sys.path + +We install libfsimage in a non-standard path for Reasons. +(See debian/rules.) + +This patch was originally part of `tools-pygrub-prefix.diff' +(eg commit 51657319be54) and included changes to the Makefile to +change the installation arrangements (we do that part in the rules now +since that is a lot less prone to conflicts when we update) and to +shared library rpath (which is now done in a separate patch). + +(Commit message rewritten by Ian Jackson.) + +Signed-off-by: Ian Jackson + +squash! pygrub: Set sys.path and rpath +--- + tools/pygrub/src/pygrub | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub +index 8d48cf4..46b394c 100755 +--- a/tools/pygrub/src/pygrub ++++ b/tools/pygrub/src/pygrub +@@ -22,6 +22,8 @@ import platform + import curses, _curses, curses.textpad, curses.ascii + import getopt + ++sys.path.insert(1, sys.path[0] + '/../lib/python') ++ + import xenfsimage + import grub.GrubConf + import grub.LiloConf diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0018-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch 4.16.1-1/debian/patches/0018-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0018-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0018-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,58 @@ +From: Ian Jackson +Date: Fri, 22 Feb 2019 12:24:35 +0000 +Subject: pygrub: Specify -rpath LIBEXEC_LIB when building fsimage.so + +If LIBEXEC_LIB is not on the default linker search path, the python +fsimage.so module fails to find libfsimage.so. + +Add the relevant directory to the rpath explicitly. + +(This situation occurs in the Debian package, where +--with-libexec-libdir is used to put each Xen version's libraries and +utilities in their own directory, to allow them to be coinstalled.) + +Signed-off-by: Ian Jackson +--- + tools/pygrub/Makefile | 3 ++- + tools/pygrub/setup.py | 5 +++++ + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/tools/pygrub/Makefile b/tools/pygrub/Makefile +index 37b2146..17bdd2d 100644 +--- a/tools/pygrub/Makefile ++++ b/tools/pygrub/Makefile +@@ -10,12 +10,13 @@ INSTALL_LOG = build/installed_files.txt + all: build + .PHONY: build + build: +- CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDSHARED="$(CC)" LDFLAGS="$(PY_LDFLAGS)" $(PYTHON) setup.py build ++ CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDSHARED="$(CC)" LDFLAGS="$(PY_LDFLAGS)" LIBEXEC_LIB=$(LIBEXEC_LIB) $(PYTHON) setup.py build + + .PHONY: install + install: all + $(INSTALL_DIR) $(DESTDIR)/$(bindir) + CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDSHARED="$(CC)" \ ++ LIBEXEC_LIB=$(LIBEXEC_LIB) \ + LDFLAGS="$(PY_LDFLAGS)" $(PYTHON) setup.py install \ + --record $(INSTALL_LOG) $(PYTHON_PREFIX_ARG) \ + --root="$(DESTDIR)" --install-scripts=$(LIBEXEC_BIN) --force +diff --git a/tools/pygrub/setup.py b/tools/pygrub/setup.py +index b8f1dc4..91019e9 100644 +--- a/tools/pygrub/setup.py ++++ b/tools/pygrub/setup.py +@@ -5,10 +5,15 @@ import sys + + extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ] + ++extra_link_args = [] ++try: extra_link_args += [ "-Wl,-rpath," + os.environ['LIBEXEC_LIB'] ] ++except KeyError: pass ++ + XEN_ROOT = "../.." + + xenfsimage = Extension("xenfsimage", + extra_compile_args = extra_compile_args, ++ extra_link_args = extra_link_args, + include_dirs = [ XEN_ROOT + "/tools/libfsimage/common/" ], + library_dirs = [ XEN_ROOT + "/tools/libfsimage/common/" ], + libraries = ["xenfsimage"], diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0018-vif-common-disable-handle_iptable.patch 4.16.1-1/debian/patches/0018-vif-common-disable-handle_iptable.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0018-vif-common-disable-handle_iptable.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0018-vif-common-disable-handle_iptable.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,38 +0,0 @@ -From: Hans van Kranenburg -Date: Fri, 4 Jan 2019 00:35:45 +0100 -Subject: vif-common: disable handle_iptable - -Also see Debian bug #894013. The current attempt at providing -anti-spoofing rules results in a situation that does not have any -effect. Also note that forwarding bridged traffic to iptables is not -enabled by default, and that for openvswitch users it does not make any -sense. - -So, stop cluttering the live iptables ruleset. - -This functionality seems to be introduced before 2004 and since then it -has never got some additional love. - -It would be nice to have a proper discussion upstream about how Xen -could provide some anti mac/ip spoofing in the dom0. It does not seem to -be a trivial thing to do, since it requires having quite some knowledge -about what the domU is allowed to do or not (e.g. a domU can be a -router...). ---- - tools/hotplug/Linux/vif-common.sh | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/tools/hotplug/Linux/vif-common.sh b/tools/hotplug/Linux/vif-common.sh -index a8e6517..14cd44c 100644 ---- a/tools/hotplug/Linux/vif-common.sh -+++ b/tools/hotplug/Linux/vif-common.sh -@@ -182,6 +182,9 @@ frob_iptable() - # - handle_iptable() - { -+ # This function is disabled in Debian packaging. See Debian bug #894013. -+ return -+ - # Check for a working iptables installation. Checking for the iptables - # binary is not sufficient, because the user may not have the appropriate - # modules installed. If iptables is not working, then there's no need to do diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0019-sysconfig.xencommons.in-Strip-and-debianize.patch 4.16.1-1/debian/patches/0019-sysconfig.xencommons.in-Strip-and-debianize.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0019-sysconfig.xencommons.in-Strip-and-debianize.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0019-sysconfig.xencommons.in-Strip-and-debianize.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,118 +0,0 @@ -From: Hans van Kranenburg -Date: Sat, 9 Feb 2019 17:27:26 +0100 -Subject: sysconfig.xencommons.in: Strip and debianize - -Strip all options that are for stuff we don't ship, which is 1) -xenstored as stubdom and 2) xenbackendd, which seems to be dead code -anyway. [1] - -It seems useful to give the user the option to revert to xenstored -instead of the default oxenstored if they really want. - -[1] https://lists.xen.org/archives/html/xen-devel/2015-07/msg04427.html - -Signed-off-by: Hans van Kranenburg -Acked-by: Ian Jackson ---- - tools/hotplug/Linux/init.d/sysconfig.xencommons.in | 73 +--------------------- - 1 file changed, 3 insertions(+), 70 deletions(-) - -diff --git a/tools/hotplug/Linux/init.d/sysconfig.xencommons.in b/tools/hotplug/Linux/init.d/sysconfig.xencommons.in -index 0fc6557..e948543 100644 ---- a/tools/hotplug/Linux/init.d/sysconfig.xencommons.in -+++ b/tools/hotplug/Linux/init.d/sysconfig.xencommons.in -@@ -6,26 +6,9 @@ - #XENCONSOLED_TRACE=[none|guest|hv|all] - - ## Type: string --## Default: daemon -+## Default: oxenstored - # --# Select type of xentore service. --# --# This can be either of: --# * daemon --# * domain --# --# Changing this requires a reboot to take effect. --# --#XENSTORETYPE=daemon -- --## Type: string --## Default: xenstored --# --# Select xenstore implementation, this can be either --# of these below. --# Only evaluated if XENSTORETYPE is "daemon". --# --# This can be either of: -+# Select xenstore implementation. This can be either of: - # * @sbindir@/oxenstored - # * @sbindir@/xenstored - # -@@ -37,64 +20,14 @@ - # - # Additional commandline arguments to start xenstored, - # like "--trace-file @XEN_LOG_DIR@/xenstored-trace.log" --# See "@sbindir@/xenstored --help" for possible options. --# Only evaluated if XENSTORETYPE is "daemon". -+# See "@sbindir@/oxenstored --help" for possible options. - XENSTORED_ARGS= - - ## Type: string - ## Default: Not defined, tracing off - # - # Log xenstored messages --# Only evaluated if XENSTORETYPE is "daemon". - #XENSTORED_TRACE=[yes|on|1] - --## Type: string --## Default: "@XEN_LIB_STORED@" --# --# Running xenstored on XENSTORED_ROOTDIR --# Only evaluated if XENSTORETYPE is "daemon". --#XENSTORED_ROOTDIR=@XEN_LIB_STORED@ -- --## Type: string --## Default: @LIBEXEC@/boot/xenstore-stubdom.gz --# --# xenstore domain kernel. --# Only evaluated if XENSTORETYPE is "domain". --#XENSTORE_DOMAIN_KERNEL=@LIBEXEC@/boot/xenstore-stubdom.gz -- --## Type: integer --## Default: 8 --# --# xenstore domain memory size in MiB. --# Only evaluated if XENSTORETYPE is "domain". --#XENSTORE_DOMAIN_SIZE=8 -- --## Type: string --## Default: not set, no autoballooning of xenstore domain --# --# Maximum xenstore domain memory size. Can be specified as: --# - plain integer value for max size in MiB --# - fraction of host memory, e.g. 1/100 --# - combination of both in form of : (e.g. 8:1/100), resulting --# value will be the higher of both specifications --# Only evaluated if XENSTORETYPE is "domain". --#XENSTORE_MAX_DOMAIN_SIZE= -- --## Type: string --## Default: "" --# --# Additional arguments for starting the xenstore domain. --# Only evaluated if XENSTORETYPE is "domain". --XENSTORE_DOMAIN_ARGS= -- --## Type: string --## Default: Not defined, xenbackendd debug mode off --# --# Running xenbackendd in debug mode --#XENBACKENDD_DEBUG=[yes|on|1] -- --# qemu path --#QEMU_XEN=@qemu_xen_path@ -- - # Dom0 UUID - #XEN_DOM0_UUID=00000000-0000-0000-0000-000000000000 diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0019-tools-xl-bash-completion-also-complete-xen.patch 4.16.1-1/debian/patches/0019-tools-xl-bash-completion-also-complete-xen.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0019-tools-xl-bash-completion-also-complete-xen.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0019-tools-xl-bash-completion-also-complete-xen.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,27 @@ +From: Hans van Kranenburg +Date: Sun, 10 Feb 2019 18:26:45 +0100 +Subject: tools/xl/bash-completion: also complete 'xen' + +We have the `xen` alias for xl in Debian, since in the past it was a +command that could execute either xl or xm. + +Now, it always does xl, so, complete the same stuff for it as we have +for xl. + +Signed-off-by: Hans van Kranenburg + +[git-debrebase split: mixed commit: upstream part] +--- + tools/xl/bash-completion | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/xl/bash-completion b/tools/xl/bash-completion +index 7c6ed32..b3883df 100644 +--- a/tools/xl/bash-completion ++++ b/tools/xl/bash-completion +@@ -17,4 +17,4 @@ _xl() + return 0 + } + +-complete -F _xl -o nospace -o default xl ++complete -F _xl -o nospace -o default xl xen diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0020-hotplug-common-Do-not-adjust-LD_LIBRARY_PATH.patch 4.16.1-1/debian/patches/0020-hotplug-common-Do-not-adjust-LD_LIBRARY_PATH.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0020-hotplug-common-Do-not-adjust-LD_LIBRARY_PATH.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0020-hotplug-common-Do-not-adjust-LD_LIBRARY_PATH.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ -From: Ian Jackson -Date: Thu, 21 Feb 2019 16:05:40 +0000 -Subject: hotplug-common: Do not adjust LD_LIBRARY_PATH - -This is in the upstream script because on non-Debian systems, the -default install locations in /usr/local/lib might not be on the linker -path, and as a result the hotplug scripts would break. - -A reason we might need it in Debian is our multiple version -coinstallation scheme. However, the hotplug scripts all call the -utilities via the wrappers, and the binaries are configured to load -from the right place anyway. - -This setting is an annoyance because it requires libdir, which is an -arch-specific path but comes from a file we want to put in -xen-utils-common, an arch:all package. - -So drop this setting. - -Signed-off-by: Ian Jackson ---- - tools/hotplug/Linux/xen-hotplug-common.sh.in | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/tools/hotplug/Linux/xen-hotplug-common.sh.in b/tools/hotplug/Linux/xen-hotplug-common.sh.in -index 8c2cb9e..72cb7f6 100644 ---- a/tools/hotplug/Linux/xen-hotplug-common.sh.in -+++ b/tools/hotplug/Linux/xen-hotplug-common.sh.in -@@ -23,7 +23,6 @@ dir=$(dirname "$0") - exec 2>>@XEN_LOG_DIR@/xen-hotplug.log - - export PATH="${bindir}:${sbindir}:${LIBEXEC_BIN}:/sbin:/bin:/usr/bin:/usr/sbin:$PATH" --export LD_LIBRARY_PATH="${libdir}${LD_LIBRARY_PATH+:}$LD_LIBRARY_PATH" - export LANG="POSIX" - unset $(set | grep ^LC_ | cut -d= -f1) - diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0020-tools-don-t-build-ship-xenmon.patch 4.16.1-1/debian/patches/0020-tools-don-t-build-ship-xenmon.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0020-tools-don-t-build-ship-xenmon.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0020-tools-don-t-build-ship-xenmon.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,29 @@ +From: Hans van Kranenburg +Date: Sat, 5 Sep 2020 22:43:19 +0200 +Subject: tools: don't build/ship xenmon + +This is something that hasn't been touched (except for making it Python +3 compatible, which failed) since 2007. Don't build or ship it. + + -# xenmon + File "/usr/sbin/xenmon", line 680 + stop_cmd = "/usr/bin/pkill -INT -z global xenbaked" + TabError: inconsistent use of tabs and spaces in indentation + +Signed-off-by: Hans van Kranenburg +--- + tools/Makefile | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/tools/Makefile b/tools/Makefile +index 757a560..20df647 100644 +--- a/tools/Makefile ++++ b/tools/Makefile +@@ -16,7 +16,6 @@ SUBDIRS-y += xentrace + SUBDIRS-$(CONFIG_XCUTILS) += xcutils + SUBDIRS-$(CONFIG_X86) += firmware + SUBDIRS-y += console +-SUBDIRS-y += xenmon + SUBDIRS-y += xentop + SUBDIRS-y += libfsimage + SUBDIRS-$(CONFIG_Linux) += vchan diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0021-docs-set-date-to-SOURCE_DATE_EPOCH-if-available.patch 4.16.1-1/debian/patches/0021-docs-set-date-to-SOURCE_DATE_EPOCH-if-available.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0021-docs-set-date-to-SOURCE_DATE_EPOCH-if-available.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0021-docs-set-date-to-SOURCE_DATE_EPOCH-if-available.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,39 @@ +From: Maximilian Engelhardt +Date: Fri, 18 Dec 2020 21:42:35 +0100 +Subject: docs: set date to SOURCE_DATE_EPOCH if available + +Use the solution described in [1] to replace the call to the 'date' +command with a version that uses SOURCE_DATE_EPOCH if available. This +is needed for reproducible builds. + +[1] https://reproducible-builds.org/docs/source-date-epoch/ + +Signed-off-by: Maximilian Engelhardt + +[Hans van Kranenburg] +Note: this patch is submitted upstream but not committed yet. We +expect that it gets in. Otherwise, we don't wait and already have it +here because I want to have the reproducible build work completed. +--- + docs/Makefile | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/docs/Makefile b/docs/Makefile +index 8de1efb..ac6792f 100644 +--- a/docs/Makefile ++++ b/docs/Makefile +@@ -3,7 +3,13 @@ include $(XEN_ROOT)/Config.mk + -include $(XEN_ROOT)/config/Docs.mk + + VERSION := $(shell $(MAKE) -C $(XEN_ROOT)/xen --no-print-directory xenversion) +-DATE := $(shell date +%Y-%m-%d) ++ ++DATE_FMT := +%Y-%m-%d ++ifdef SOURCE_DATE_EPOCH ++DATE := $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" "$(DATE_FMT)" 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" "$(DATE_FMT)" 2>/dev/null || date -u "$(DATE_FMT)") ++else ++DATE := $(shell date "$(DATE_FMT)") ++endif + + DOC_ARCHES := arm x86_32 x86_64 + MAN_SECTIONS := 1 5 7 8 diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0021-pygrub-Set-sys.path.patch 4.16.1-1/debian/patches/0021-pygrub-Set-sys.path.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0021-pygrub-Set-sys.path.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0021-pygrub-Set-sys.path.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ -From: Bastian Blank -Date: Sat, 5 Jul 2014 11:47:01 +0200 -Subject: pygrub: Set sys.path - -We install libfsimage in a non-standard path for Reasons. -(See debian/rules.) - -This patch was originally part of `tools-pygrub-prefix.diff' -(eg commit 51657319be54) and included changes to the Makefile to -change the installation arrangements (we do that part in the rules now -since that is a lot less prone to conflicts when we update) and to -shared library rpath (which is now done in a separate patch). - -(Commit message rewritten by Ian Jackson.) - -Signed-off-by: Ian Jackson - -squash! pygrub: Set sys.path and rpath ---- - tools/pygrub/src/pygrub | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub -index 8d48cf4..46b394c 100755 ---- a/tools/pygrub/src/pygrub -+++ b/tools/pygrub/src/pygrub -@@ -22,6 +22,8 @@ import platform - import curses, _curses, curses.textpad, curses.ascii - import getopt - -+sys.path.insert(1, sys.path[0] + '/../lib/python') -+ - import xenfsimage - import grub.GrubConf - import grub.LiloConf diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0022-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch 4.16.1-1/debian/patches/0022-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0022-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0022-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,59 +0,0 @@ -From: Ian Jackson -Date: Fri, 22 Feb 2019 12:24:35 +0000 -Subject: pygrub: Specify -rpath LIBEXEC_LIB when building fsimage.so - -If LIBEXEC_LIB is not on the default linker search path, the python -fsimage.so module fails to find libfsimage.so. - -Add the relevant directory to the rpath explicitly. - -(This situation occurs in the Debian package, where ---with-libexec-libdir is used to put each Xen version's libraries and -utilities in their own directory, to allow them to be coinstalled.) - -Signed-off-by: Ian Jackson ---- - tools/pygrub/Makefile | 5 +++-- - tools/pygrub/setup.py | 5 +++++ - 2 files changed, 8 insertions(+), 2 deletions(-) - -diff --git a/tools/pygrub/Makefile b/tools/pygrub/Makefile -index 3063c49..4cd1a95 100644 ---- a/tools/pygrub/Makefile -+++ b/tools/pygrub/Makefile -@@ -10,12 +10,13 @@ INSTALL_LOG = build/installed_files.txt - all: build - .PHONY: build - build: -- CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDFLAGS="$(PY_LDFLAGS)" $(PYTHON) setup.py build -+ CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDFLAGS="$(PY_LDFLAGS)" LIBEXEC_LIB=$(LIBEXEC_LIB) $(PYTHON) setup.py build - - .PHONY: install - install: all - $(INSTALL_DIR) $(DESTDIR)/$(bindir) -- CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDFLAGS="$(PY_LDFLAGS)" $(PYTHON) \ -+ CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDFLAGS="$(PY_LDFLAGS)" \ -+ LIBEXEC_LIB=$(LIBEXEC_LIB) $(PYTHON) \ - setup.py install --record $(INSTALL_LOG) $(PYTHON_PREFIX_ARG) \ - --root="$(DESTDIR)" --install-scripts=$(LIBEXEC_BIN) --force - set -e; if [ $(bindir) != $(LIBEXEC_BIN) -a \ -diff --git a/tools/pygrub/setup.py b/tools/pygrub/setup.py -index b8f1dc4..91019e9 100644 ---- a/tools/pygrub/setup.py -+++ b/tools/pygrub/setup.py -@@ -5,10 +5,15 @@ import sys - - extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ] - -+extra_link_args = [] -+try: extra_link_args += [ "-Wl,-rpath," + os.environ['LIBEXEC_LIB'] ] -+except KeyError: pass -+ - XEN_ROOT = "../.." - - xenfsimage = Extension("xenfsimage", - extra_compile_args = extra_compile_args, -+ extra_link_args = extra_link_args, - include_dirs = [ XEN_ROOT + "/tools/libfsimage/common/" ], - library_dirs = [ XEN_ROOT + "/tools/libfsimage/common/" ], - libraries = ["xenfsimage"], diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0022-xen-arch-x86-make-objdump-output-user-locale-agnosti.patch 4.16.1-1/debian/patches/0022-xen-arch-x86-make-objdump-output-user-locale-agnosti.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0022-xen-arch-x86-make-objdump-output-user-locale-agnosti.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0022-xen-arch-x86-make-objdump-output-user-locale-agnosti.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,27 @@ +From: Maximilian Engelhardt +Date: Fri, 10 Dec 2021 00:23:30 +0100 +Subject: xen/arch/x86: make objdump output user locale agnostic + +The objdump output is fed to grep, so make sure it doesn't change with +different user locales and break the grep parsing. +This problem was identified while updating xen in Debian and the fix is +needed for generating reproducible builds in varying environments. + +Signed-off-by: Maximilian Engelhardt +--- + xen/arch/x86/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile +index 69b6cfa..bd35423 100644 +--- a/xen/arch/x86/Makefile ++++ b/xen/arch/x86/Makefile +@@ -139,7 +139,7 @@ endif + ifeq ($(XEN_BUILD_PE),y) + + # Check if the linker produces fixups in PE by default +-nr-fixups := $(shell $(OBJDUMP) -p efi/check.efi | grep '^[[:blank:]]*reloc[[:blank:]]*[0-9][[:blank:]].*DIR64$$' | wc -l) ++nr-fixups := $(shell LC_ALL=C $(OBJDUMP) -p efi/check.efi | grep '^[[:blank:]]*reloc[[:blank:]]*[0-9][[:blank:]].*DIR64$$' | wc -l) + ifeq ($(nr-fixups),2) + MKRELOC := : + relocs-dummy := diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0023-give-meaningful-error-message-if-qemu-device-model-i.patch 4.16.1-1/debian/patches/0023-give-meaningful-error-message-if-qemu-device-model-i.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0023-give-meaningful-error-message-if-qemu-device-model-i.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0023-give-meaningful-error-message-if-qemu-device-model-i.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,47 @@ +From: Michael Tokarev +Date: Sun, 24 Apr 2022 12:26:38 +0300 +Subject: give meaningful error message if qemu device model is unavailable + +There's no sense to switch to qemu-xen-traditional device model +if that one is not enabled in the first place. This way we'll +have a chance later to print a message suggesting to install the +missing qemu package if we *actually* need qemu for the device model. +--- + tools/libs/light/libxl_create.c | 2 ++ + tools/libs/light/libxl_dm.c | 3 +++ + 2 files changed, 5 insertions(+) + +diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c +index 8856755..54ded26 100644 +--- a/tools/libs/light/libxl_create.c ++++ b/tools/libs/light/libxl_create.c +@@ -109,6 +109,7 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, + b_info->device_model_version = + LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN; + } ++#if HAVE_QEMU_TRADITIONAL + if (b_info->device_model_version + == LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN) { + const char *dm; +@@ -128,6 +129,7 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, + } + } + } ++#endif + } + + if (b_info->blkdev_start == NULL) +diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c +index 1864ee3..2229751 100644 +--- a/tools/libs/light/libxl_dm.c ++++ b/tools/libs/light/libxl_dm.c +@@ -2880,6 +2880,9 @@ void libxl__spawn_local_dm(libxl__egc *egc, libxl__dm_spawn_state *dmss) + } + if (access(dm, X_OK) < 0) { + LOGED(ERROR, domid, "device model %s is not executable", dm); ++ if (strcmp(dm, QEMU_XEN_PATH) == 0) { ++ LOGD(ERROR, domid, "Please install the qemu-system-xen package for this domain to work"); ++ } + rc = ERROR_FAIL; + goto out; + } diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0023-tools-xl-bash-completion-also-complete-xen.patch 4.16.1-1/debian/patches/0023-tools-xl-bash-completion-also-complete-xen.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0023-tools-xl-bash-completion-also-complete-xen.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0023-tools-xl-bash-completion-also-complete-xen.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -From: Hans van Kranenburg -Date: Sun, 10 Feb 2019 18:26:45 +0100 -Subject: tools/xl/bash-completion: also complete 'xen' - -We have the `xen` alias for xl in Debian, since in the past it was a -command that could execute either xl or xm. - -Now, it always does xl, so, complete the same stuff for it as we have -for xl. - -Signed-off-by: Hans van Kranenburg - -[git-debrebase split: mixed commit: upstream part] ---- - tools/xl/bash-completion | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/xl/bash-completion b/tools/xl/bash-completion -index b7cd6b3..a520b07 100644 ---- a/tools/xl/bash-completion -+++ b/tools/xl/bash-completion -@@ -17,4 +17,4 @@ _xl() - return 0 - } - --complete -F _xl -o nospace -o default xl -+complete -F _xl -o nospace -o default xl xen diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0024-libxl-Fix-unneededly-rebuilding-build.o-pic.patch 4.16.1-1/debian/patches/0024-libxl-Fix-unneededly-rebuilding-build.o-pic.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0024-libxl-Fix-unneededly-rebuilding-build.o-pic.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/patches/0024-libxl-Fix-unneededly-rebuilding-build.o-pic.patch 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,106 @@ +From: Hans van Kranenburg +Date: Thu, 5 May 2022 19:44:29 +0200 +Subject: libxl: Fix unneededly rebuilding build.o(pic) + +[The symptoms] + +When doing a Xen package build for Debian with ccache enabled, we +started getting the following error: + + x86_64-linux-gnu-gcc [...] -o build.o + /builds/xen-team/debian-xen/debian/output/source_dir/tools/libs/light/../../../tools/libacpi/build.c + ccache: error: Failed to create temporary file for + /run/user/0/ccache-tmp/tmp.cpp_stdout.bqxKOP: Permission denied + +It turns out to be the case that during the install step of tools (the +install-tools that happens inside the override_dh_auto_install part of +d/rules), the upstream build machinery *again* tries to build this +build.c file, while this has already been done earlier during the actual +build phase. + +Since the Debian build process stopped to allow usage of ccache during +the install phase of the process, this issue surfaces. + +[The cause] + +In tools/libs/light/Makefile, we see the following lines: + + .PHONY: acpi + acpi: + $(MAKE) -C $(ACPI_PATH) ACPI_BUILD_DIR=$(CURDIR) DSDT_FILES="$(DSDT_FILES-y)" + + [...] + + $(DSDT_FILES-y) build.o build.opic: acpi + +'acpi' is defined as phony target. In the last line, we see that build.o +depdends on acpi. + +Also see: + "4.6 Phony Targets" + https://www.gnu.org/software/make/manual/make.html#Phony-Targets + +A 'normal' target gives make the possibility to track timestamps of a +target file. E.g. compiling foo.c results in foo.o, and as long as foo.c +keeps being 'older' than foo.o, make will think "nothing to do here, +foo.o is up to date, let's move along". + +Now, a phony target is some kind of fake target that does not come with +this kind of information, and such behaves like a target that is always +out-of-date. Hence, with a configuration as seen above, it will try to +always unneededly build this build.o and build.opic again. + +[Discussion] + +Upstream commit e006b2e3be ("libxl: fix libacpi dependency") which +introduced the problem tells us that the purpose of the current +configuration is to make sure the libacpi/ dir is built before we +attempt to work on build.c in here. The changes in there remove an +apparently obsolete line referencing build.o from the libacpi Makefile, +which might mean that in the past this build.* stuff was located in that +part of the code, and was moved into libs/light later. + +[The fix] + +If it is enough to just have an order-only dependency, we can use an +order-only prerequisite instead, in this place: + + $(DSDT_FILES-y): acpi + build.o build.opic: | acpi + +Also see: + "4.3 Types of Prerequisites" + https://www.gnu.org/software/make/manual/make.html#Prerequisite-Types + +Now the build machinery will not attempt to unconditionally rebuild +build.o during make install. + +[Suggestions for further work] + +As can be seen, there's still the $(DSDT_FILES-y) which has the same +acpi dependency and which may lead to similar unwanted side effects. +However, since none of the files in that list have a corresponding build +target in *this* Makefile, it does not trigger the problem for us, and +we leave it alone, for now. + +Suggested-by: Michael Tokarev +Signed-off-by: Hans van Kranenburg +Fixes: e006b2e3be ("libxl: fix libacpi dependency") +--- + tools/libs/light/Makefile | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/tools/libs/light/Makefile b/tools/libs/light/Makefile +index dd43f37..3458c44 100644 +--- a/tools/libs/light/Makefile ++++ b/tools/libs/light/Makefile +@@ -32,7 +32,8 @@ ACPI_PATH = $(XEN_ROOT)/tools/libacpi + DSDT_FILES-$(CONFIG_X86) = dsdt_pvh.c + ACPI_OBJS = $(patsubst %.c,%.o,$(DSDT_FILES-y)) build.o static_tables.o + ACPI_PIC_OBJS = $(patsubst %.o,%.opic,$(ACPI_OBJS)) +-$(DSDT_FILES-y) build.o build.opic: acpi ++$(DSDT_FILES-y): acpi ++build.o build.opic: | acpi + vpath build.c $(ACPI_PATH)/ + vpath static_tables.c $(ACPI_PATH)/ + diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0024-tools-don-t-build-ship-xenmon.patch 4.16.1-1/debian/patches/0024-tools-don-t-build-ship-xenmon.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0024-tools-don-t-build-ship-xenmon.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0024-tools-don-t-build-ship-xenmon.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ -From: Hans van Kranenburg -Date: Sat, 5 Sep 2020 22:43:19 +0200 -Subject: tools: don't build/ship xenmon - -It can't run with Python 3, and I'm not going to fix it. - -Signed-off-by: Hans van Kranenburg ---- - tools/Makefile | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/tools/Makefile b/tools/Makefile -index c10946e..c5a6f5c 100644 ---- a/tools/Makefile -+++ b/tools/Makefile -@@ -17,7 +17,6 @@ SUBDIRS-y += xentrace - SUBDIRS-$(CONFIG_XCUTILS) += xcutils - SUBDIRS-$(CONFIG_X86) += firmware - SUBDIRS-y += console --SUBDIRS-y += xenmon - SUBDIRS-y += xenstat - SUBDIRS-$(CONFIG_NetBSD) += xenbackendd - SUBDIRS-y += libfsimage diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0025-tools-Partially-revert-Cross-compilation-fixes.patch 4.16.1-1/debian/patches/0025-tools-Partially-revert-Cross-compilation-fixes.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0025-tools-Partially-revert-Cross-compilation-fixes.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0025-tools-Partially-revert-Cross-compilation-fixes.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ -From: Elliott Mitchell -Date: Fri, 17 Jul 2020 20:31:21 -0700 -Subject: tools: Partially revert "Cross-compilation fixes." - -This partially reverts commit 16504669c5cbb8b195d20412aadc838da5c428f7. - -Doesn't look like much of 16504669c5cbb8b195d20412aadc838da5c428f7 -actually remains due to passage of time. - -Of the 3, both Python and pygrub appear to mostly be building just fine -cross-compiling. The OCAML portion is being troublesome, this is going -to cause bug reports elsewhere soon. The OCAML portion though can -already be disabled by setting OCAML_TOOLS=n and shouldn't have this -extra form of disabling. - -Signed-off-by: Elliott Mitchell -Acked-by: Christian Lindig -Acked-by: Wei Liu -(cherry picked from commit 69953e2856382274749b617125cc98ce38198463) ---- - tools/Makefile | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/tools/Makefile b/tools/Makefile -index c5a6f5c..e8d6022 100644 ---- a/tools/Makefile -+++ b/tools/Makefile -@@ -38,12 +38,9 @@ SUBDIRS-$(CONFIG_X86) += debugger/gdbsx - SUBDIRS-$(CONFIG_X86) += debugger/kdd - SUBDIRS-$(CONFIG_TESTS) += tests - --# These don't cross-compile --ifeq ($(XEN_COMPILE_ARCH),$(XEN_TARGET_ARCH)) - SUBDIRS-y += python - SUBDIRS-y += pygrub - SUBDIRS-$(OCAML_TOOLS) += ocaml --endif - - ifeq ($(CONFIG_RUMP),y) - SUBDIRS-y := libs libxc xenstore diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0026-t-h-L-vif-common.sh-fix-handle_iptable-return-value.patch 4.16.1-1/debian/patches/0026-t-h-L-vif-common.sh-fix-handle_iptable-return-value.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0026-t-h-L-vif-common.sh-fix-handle_iptable-return-value.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0026-t-h-L-vif-common.sh-fix-handle_iptable-return-value.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ -From: Hans van Kranenburg -Date: Thu, 26 Nov 2020 16:06:03 +0100 -Subject: t/h/L/vif-common.sh: fix handle_iptable return value - -A return statement without explicit value will return the value of the -last command executed before this line with return was encountered. - -This is not what we want. return 0. - -Closes: #955994 -Fixes: 2e0814f971dd ("vif-common: disable handle_iptable") -Reported-by: Samuel Thibault -Signed-off-by: Hans van Kranenburg ---- - tools/hotplug/Linux/vif-common.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/hotplug/Linux/vif-common.sh b/tools/hotplug/Linux/vif-common.sh -index 14cd44c..99ff1ba 100644 ---- a/tools/hotplug/Linux/vif-common.sh -+++ b/tools/hotplug/Linux/vif-common.sh -@@ -183,7 +183,7 @@ frob_iptable() - handle_iptable() - { - # This function is disabled in Debian packaging. See Debian bug #894013. -- return -+ return 0 - - # Check for a working iptables installation. Checking for the iptables - # binary is not sufficient, because the user may not have the appropriate diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0027-xen-rpi4-implement-watchdog-based-reset.patch 4.16.1-1/debian/patches/0027-xen-rpi4-implement-watchdog-based-reset.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0027-xen-rpi4-implement-watchdog-based-reset.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0027-xen-rpi4-implement-watchdog-based-reset.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,105 +0,0 @@ -From: Stefano Stabellini -Date: Fri, 2 Oct 2020 13:47:17 -0700 -Subject: xen/rpi4: implement watchdog-based reset - -The preferred method to reboot RPi4 is PSCI. If it is not available, -touching the watchdog is required to be able to reboot the board. - -The implementation is based on -drivers/watchdog/bcm2835_wdt.c:__bcm2835_restart in Linux v5.9-rc7. - -Signed-off-by: Stefano Stabellini -Acked-by: Julien Grall -Reviewed-by: Bertrand Marquis -Tested-by: Roman Shaposhnik -CC: roman@zededa.com -(cherry picked from commit 25849c8b16f2a5b7fcd0a823e80a5f1b590291f9) ---- - xen/arch/arm/platforms/brcm-raspberry-pi.c | 61 ++++++++++++++++++++++++++++++ - 1 file changed, 61 insertions(+) - -diff --git a/xen/arch/arm/platforms/brcm-raspberry-pi.c b/xen/arch/arm/platforms/brcm-raspberry-pi.c -index f5ae58a..811b40b 100644 ---- a/xen/arch/arm/platforms/brcm-raspberry-pi.c -+++ b/xen/arch/arm/platforms/brcm-raspberry-pi.c -@@ -17,6 +17,10 @@ - * GNU General Public License for more details. - */ - -+#include -+#include -+#include -+#include - #include - - static const char *const rpi4_dt_compat[] __initconst = -@@ -37,12 +41,69 @@ static const struct dt_device_match rpi4_blacklist_dev[] __initconst = - * The aux peripheral also shares a page with the aux UART. - */ - DT_MATCH_COMPATIBLE("brcm,bcm2835-aux"), -+ /* Special device used for rebooting */ -+ DT_MATCH_COMPATIBLE("brcm,bcm2835-pm"), - { /* sentinel */ }, - }; - -+ -+#define PM_PASSWORD 0x5a000000 -+#define PM_RSTC 0x1c -+#define PM_WDOG 0x24 -+#define PM_RSTC_WRCFG_FULL_RESET 0x00000020 -+#define PM_RSTC_WRCFG_CLR 0xffffffcf -+ -+static void __iomem *rpi4_map_watchdog(void) -+{ -+ void __iomem *base; -+ struct dt_device_node *node; -+ paddr_t start, len; -+ int ret; -+ -+ node = dt_find_compatible_node(NULL, NULL, "brcm,bcm2835-pm"); -+ if ( !node ) -+ return NULL; -+ -+ ret = dt_device_get_address(node, 0, &start, &len); -+ if ( ret ) -+ { -+ printk("Cannot read watchdog register address\n"); -+ return NULL; -+ } -+ -+ base = ioremap_nocache(start & PAGE_MASK, PAGE_SIZE); -+ if ( !base ) -+ { -+ printk("Unable to map watchdog register!\n"); -+ return NULL; -+ } -+ -+ return base; -+} -+ -+static void rpi4_reset(void) -+{ -+ uint32_t val; -+ void __iomem *base = rpi4_map_watchdog(); -+ -+ if ( !base ) -+ return; -+ -+ /* use a timeout of 10 ticks (~150us) */ -+ writel(10 | PM_PASSWORD, base + PM_WDOG); -+ val = readl(base + PM_RSTC); -+ val &= PM_RSTC_WRCFG_CLR; -+ val |= PM_PASSWORD | PM_RSTC_WRCFG_FULL_RESET; -+ writel(val, base + PM_RSTC); -+ -+ /* No sleeping, possibly atomic. */ -+ mdelay(1); -+} -+ - PLATFORM_START(rpi4, "Raspberry Pi 4") - .compatible = rpi4_dt_compat, - .blacklist_dev = rpi4_blacklist_dev, -+ .reset = rpi4_reset, - .dma_bitsize = 30, - PLATFORM_END - diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0028-tools-python-Pass-linker-to-Python-build-process.patch 4.16.1-1/debian/patches/0028-tools-python-Pass-linker-to-Python-build-process.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0028-tools-python-Pass-linker-to-Python-build-process.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0028-tools-python-Pass-linker-to-Python-build-process.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,91 +0,0 @@ -From: Elliott Mitchell -Date: Sun, 11 Oct 2020 18:11:39 -0700 -Subject: tools/python: Pass linker to Python build process -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 8bit - -Unexpectedly the environment variable which needs to be passed is -$LDSHARED and not $LD. Otherwise Python may find the build `ld` instead -of the host `ld`. - -Replace $(LDFLAGS) with $(SHLIB_LDFLAGS) as Python needs shared objects -it can load at runtime, not executables. - -This uses $(CC) instead of $(LD) since Python distutils appends $CFLAGS -to $LDFLAGS which breaks many linkers. - -Signed-off-by: Elliott Mitchell -Acked-by: Marek Marczykowski-Górecki -(cherry picked from commit 17d192e0238d6c714e9f04593b59597b7090be38) - -[ Hans van Kranenburg ] -Fixed cherry-pick conflict because we have LIBEXEC_LIB=$(LIBEXEC_LIB) in -between in the same lines. The line wrap mess makes it a bit hard to -follow. ---- - tools/pygrub/Makefile | 11 ++++++----- - tools/python/Makefile | 9 +++++---- - 2 files changed, 11 insertions(+), 9 deletions(-) - -diff --git a/tools/pygrub/Makefile b/tools/pygrub/Makefile -index 4cd1a95..2950f37 100644 ---- a/tools/pygrub/Makefile -+++ b/tools/pygrub/Makefile -@@ -3,21 +3,22 @@ XEN_ROOT = $(CURDIR)/../.. - include $(XEN_ROOT)/tools/Rules.mk - - PY_CFLAGS = $(CFLAGS) $(PY_NOOPT_CFLAGS) --PY_LDFLAGS = $(LDFLAGS) $(APPEND_LDFLAGS) -+PY_LDFLAGS = $(SHLIB_LDFLAGS) $(APPEND_LDFLAGS) - INSTALL_LOG = build/installed_files.txt - - .PHONY: all - all: build - .PHONY: build - build: -- CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDFLAGS="$(PY_LDFLAGS)" LIBEXEC_LIB=$(LIBEXEC_LIB) $(PYTHON) setup.py build -+ CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDSHARED="$(CC)" LDFLAGS="$(PY_LDFLAGS)" \ -+ LIBEXEC_LIB=$(LIBEXEC_LIB) $(PYTHON) setup.py build - - .PHONY: install - install: all - $(INSTALL_DIR) $(DESTDIR)/$(bindir) -- CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDFLAGS="$(PY_LDFLAGS)" \ -- LIBEXEC_LIB=$(LIBEXEC_LIB) $(PYTHON) \ -- setup.py install --record $(INSTALL_LOG) $(PYTHON_PREFIX_ARG) \ -+ CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDSHARED="$(CC)" \ -+ LDFLAGS="$(PY_LDFLAGS)" LIBEXEC_LIB=$(LIBEXEC_LIB) $(PYTHON) setup.py install \ -+ --record $(INSTALL_LOG) $(PYTHON_PREFIX_ARG) \ - --root="$(DESTDIR)" --install-scripts=$(LIBEXEC_BIN) --force - set -e; if [ $(bindir) != $(LIBEXEC_BIN) -a \ - "`readlink -f $(DESTDIR)/$(bindir)`" != \ -diff --git a/tools/python/Makefile b/tools/python/Makefile -index 8d22c03..b675f5b 100644 ---- a/tools/python/Makefile -+++ b/tools/python/Makefile -@@ -5,19 +5,20 @@ include $(XEN_ROOT)/tools/Rules.mk - all: build - - PY_CFLAGS = $(CFLAGS) $(PY_NOOPT_CFLAGS) --PY_LDFLAGS = $(LDFLAGS) $(APPEND_LDFLAGS) -+PY_LDFLAGS = $(SHLIB_LDFLAGS) $(APPEND_LDFLAGS) - INSTALL_LOG = build/installed_files.txt - - .PHONY: build - build: -- CC="$(CC)" CFLAGS="$(PY_CFLAGS)" $(PYTHON) setup.py build -+ CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDSHARED="$(CC)" LDFLAGS="$(PY_LDFLAGS)" $(PYTHON) setup.py build - - .PHONY: install - install: - $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN) - -- CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDFLAGS="$(PY_LDFLAGS)" $(PYTHON) \ -- setup.py install --record $(INSTALL_LOG) $(PYTHON_PREFIX_ARG) \ -+ CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDSHARED="$(CC)" \ -+ LDFLAGS="$(PY_LDFLAGS)" $(PYTHON) setup.py install \ -+ --record $(INSTALL_LOG) $(PYTHON_PREFIX_ARG) \ - --root="$(DESTDIR)" --force - - $(INSTALL_PYTHON_PROG) scripts/convert-legacy-stream $(DESTDIR)$(LIBEXEC_BIN) diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0029-xen-arm-acpi-Don-t-fail-if-SPCR-table-is-absent.patch 4.16.1-1/debian/patches/0029-xen-arm-acpi-Don-t-fail-if-SPCR-table-is-absent.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0029-xen-arm-acpi-Don-t-fail-if-SPCR-table-is-absent.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0029-xen-arm-acpi-Don-t-fail-if-SPCR-table-is-absent.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ -From: Elliott Mitchell -Date: Wed, 21 Oct 2020 15:12:53 -0700 -Subject: xen/arm: acpi: Don't fail if SPCR table is absent - -Absence of a SPCR table likely means the console is a framebuffer. In -such case acpi_iomem_deny_access() should NOT fail. - -Signed-off-by: Elliott Mitchell -Acked-by: Julien Grall -Reviewed-by: Stefano Stabellini -(cherry picked from commit 861f0c110976fa8879b7bf63d9478b6be83d4ab6) ---- - xen/arch/arm/acpi/domain_build.c | 19 ++++++++++--------- - 1 file changed, 10 insertions(+), 9 deletions(-) - -diff --git a/xen/arch/arm/acpi/domain_build.c b/xen/arch/arm/acpi/domain_build.c -index 1b1cfab..bbdc90f 100644 ---- a/xen/arch/arm/acpi/domain_build.c -+++ b/xen/arch/arm/acpi/domain_build.c -@@ -42,17 +42,18 @@ static int __init acpi_iomem_deny_access(struct domain *d) - status = acpi_get_table(ACPI_SIG_SPCR, 0, - (struct acpi_table_header **)&spcr); - -- if ( ACPI_FAILURE(status) ) -+ if ( ACPI_SUCCESS(status) ) - { -- printk("Failed to get SPCR table\n"); -- return -EINVAL; -+ mfn = spcr->serial_port.address >> PAGE_SHIFT; -+ /* Deny MMIO access for UART */ -+ rc = iomem_deny_access(d, mfn, mfn + 1); -+ if ( rc ) -+ return rc; -+ } -+ else -+ { -+ printk("Failed to get SPCR table, Xen console may be unavailable\n"); - } -- -- mfn = spcr->serial_port.address >> PAGE_SHIFT; -- /* Deny MMIO access for UART */ -- rc = iomem_deny_access(d, mfn, mfn + 1); -- if ( rc ) -- return rc; - - /* Deny MMIO access for GIC regions */ - return gic_iomem_deny_access(d); diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0030-xen-acpi-Rework-acpi_os_map_memory-and-acpi_os_unmap.patch 4.16.1-1/debian/patches/0030-xen-acpi-Rework-acpi_os_map_memory-and-acpi_os_unmap.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0030-xen-acpi-Rework-acpi_os_map_memory-and-acpi_os_unmap.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0030-xen-acpi-Rework-acpi_os_map_memory-and-acpi_os_unmap.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,163 +0,0 @@ -From: Julien Grall -Date: Sat, 26 Sep 2020 17:44:29 +0100 -Subject: xen/acpi: Rework acpi_os_map_memory() and acpi_os_unmap_memory() - -The functions acpi_os_{un,}map_memory() are meant to be arch-agnostic -while the __acpi_os_{un,}map_memory() are meant to be arch-specific. - -Currently, the former are still containing x86 specific code. - -To avoid this rather strange split, the generic helpers are reworked so -they are arch-agnostic. This requires the introduction of a new helper -__acpi_os_unmap_memory() that will undo any mapping done by -__acpi_os_map_memory(). - -Currently, the arch-helper for unmap is basically a no-op so it only -returns whether the mapping was arch specific. But this will change -in the future. - -Note that the x86 version of acpi_os_map_memory() was already able to -able the 1MB region. Hence why there is no addition of new code. - -Signed-off-by: Julien Grall -Reviewed-by: Rahul Singh -Reviewed-by: Jan Beulich -Acked-by: Stefano Stabellini -Tested-by: Rahul Singh -Tested-by: Elliott Mitchell -(cherry picked from commit 1c4aa69ca1e1fad20b2158051eb152276d1eb973) ---- - xen/arch/arm/acpi/lib.c | 12 ++++++++++++ - xen/arch/x86/acpi/lib.c | 18 ++++++++++++++++++ - xen/drivers/acpi/osl.c | 34 ++++++++++++++++++---------------- - xen/include/xen/acpi.h | 1 + - 4 files changed, 49 insertions(+), 16 deletions(-) - -diff --git a/xen/arch/arm/acpi/lib.c b/xen/arch/arm/acpi/lib.c -index 4fc6e17..fcc186b 100644 ---- a/xen/arch/arm/acpi/lib.c -+++ b/xen/arch/arm/acpi/lib.c -@@ -30,6 +30,10 @@ char *__acpi_map_table(paddr_t phys, unsigned long size) - unsigned long base, offset, mapped_size; - int idx; - -+ /* No arch specific implementation after early boot */ -+ if ( system_state >= SYS_STATE_boot ) -+ return NULL; -+ - offset = phys & (PAGE_SIZE - 1); - mapped_size = PAGE_SIZE - offset; - set_fixmap(FIXMAP_ACPI_BEGIN, maddr_to_mfn(phys), PAGE_HYPERVISOR); -@@ -49,6 +53,14 @@ char *__acpi_map_table(paddr_t phys, unsigned long size) - return ((char *) base + offset); - } - -+bool __acpi_unmap_table(const void *ptr, unsigned long size) -+{ -+ vaddr_t vaddr = (vaddr_t)ptr; -+ -+ return ((vaddr >= FIXMAP_ADDR(FIXMAP_ACPI_BEGIN)) && -+ (vaddr < (FIXMAP_ADDR(FIXMAP_ACPI_END) + PAGE_SIZE))); -+} -+ - /* True to indicate PSCI 0.2+ is implemented */ - bool __init acpi_psci_present(void) - { -diff --git a/xen/arch/x86/acpi/lib.c b/xen/arch/x86/acpi/lib.c -index 265b9ad..a22414a 100644 ---- a/xen/arch/x86/acpi/lib.c -+++ b/xen/arch/x86/acpi/lib.c -@@ -46,6 +46,10 @@ char *__acpi_map_table(paddr_t phys, unsigned long size) - if ((phys + size) <= (1 * 1024 * 1024)) - return __va(phys); - -+ /* No further arch specific implementation after early boot */ -+ if (system_state >= SYS_STATE_boot) -+ return NULL; -+ - offset = phys & (PAGE_SIZE - 1); - mapped_size = PAGE_SIZE - offset; - set_fixmap(FIX_ACPI_END, phys); -@@ -66,6 +70,20 @@ char *__acpi_map_table(paddr_t phys, unsigned long size) - return ((char *) base + offset); - } - -+bool __acpi_unmap_table(const void *ptr, unsigned long size) -+{ -+ unsigned long vaddr = (unsigned long)ptr; -+ -+ if ((vaddr >= DIRECTMAP_VIRT_START) && -+ (vaddr < DIRECTMAP_VIRT_END)) { -+ ASSERT(!((__pa(ptr) + size - 1) >> 20)); -+ return true; -+ } -+ -+ return ((vaddr >= __fix_to_virt(FIX_ACPI_END)) && -+ (vaddr < (__fix_to_virt(FIX_ACPI_BEGIN) + PAGE_SIZE))); -+} -+ - unsigned int acpi_get_processor_id(unsigned int cpu) - { - unsigned int acpiid, apicid; -diff --git a/xen/drivers/acpi/osl.c b/xen/drivers/acpi/osl.c -index 4c8bb78..389505f 100644 ---- a/xen/drivers/acpi/osl.c -+++ b/xen/drivers/acpi/osl.c -@@ -92,27 +92,29 @@ acpi_physical_address __init acpi_os_get_root_pointer(void) - void __iomem * - acpi_os_map_memory(acpi_physical_address phys, acpi_size size) - { -- if (system_state >= SYS_STATE_boot) { -- mfn_t mfn = _mfn(PFN_DOWN(phys)); -- unsigned int offs = phys & (PAGE_SIZE - 1); -- -- /* The low first Mb is always mapped on x86. */ -- if (IS_ENABLED(CONFIG_X86) && !((phys + size - 1) >> 20)) -- return __va(phys); -- return __vmap(&mfn, PFN_UP(offs + size), 1, 1, -- ACPI_MAP_MEM_ATTR, VMAP_DEFAULT) + offs; -- } -- return __acpi_map_table(phys, size); -+ void *ptr; -+ mfn_t mfn = _mfn(PFN_DOWN(phys)); -+ unsigned int offs = PAGE_OFFSET(phys); -+ -+ /* Try the arch specific implementation first */ -+ ptr = __acpi_map_table(phys, size); -+ if (ptr) -+ return ptr; -+ -+ /* No common implementation for early boot map */ -+ if (unlikely(system_state < SYS_STATE_boot)) -+ return NULL; -+ -+ ptr = __vmap(&mfn, PFN_UP(offs + size), 1, 1, -+ ACPI_MAP_MEM_ATTR, VMAP_DEFAULT); -+ -+ return !ptr ? NULL : (ptr + offs); - } - - void acpi_os_unmap_memory(void __iomem * virt, acpi_size size) - { -- if (IS_ENABLED(CONFIG_X86) && -- (unsigned long)virt >= DIRECTMAP_VIRT_START && -- (unsigned long)virt < DIRECTMAP_VIRT_END) { -- ASSERT(!((__pa(virt) + size - 1) >> 20)); -+ if (__acpi_unmap_table(virt, size)) - return; -- } - - if (system_state >= SYS_STATE_boot) - vunmap((void *)((unsigned long)virt & PAGE_MASK)); -diff --git a/xen/include/xen/acpi.h b/xen/include/xen/acpi.h -index c945ab0..21d5e9f 100644 ---- a/xen/include/xen/acpi.h -+++ b/xen/include/xen/acpi.h -@@ -68,6 +68,7 @@ typedef int (*acpi_table_entry_handler) (struct acpi_subtable_header *header, co - - unsigned int acpi_get_processor_id (unsigned int cpu); - char * __acpi_map_table (paddr_t phys_addr, unsigned long size); -+bool __acpi_unmap_table(const void *ptr, unsigned long size); - int acpi_boot_init (void); - int acpi_boot_table_init (void); - int acpi_numa_init (void); diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0031-xen-arm-acpi-The-fixmap-area-should-always-be-cleare.patch 4.16.1-1/debian/patches/0031-xen-arm-acpi-The-fixmap-area-should-always-be-cleare.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0031-xen-arm-acpi-The-fixmap-area-should-always-be-cleare.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0031-xen-arm-acpi-The-fixmap-area-should-always-be-cleare.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,131 +0,0 @@ -From: Julien Grall -Date: Sat, 26 Sep 2020 19:53:27 +0100 -Subject: xen/arm: acpi: The fixmap area should always be cleared during - failure/unmap - -Commit 022387ee1ad3 "xen/arm: mm: Don't open-code Xen PT update in -{set, clear}_fixmap()" enforced that each set_fixmap() should be -paired with a clear_fixmap(). Any failure to follow the model would -result to a platform crash. - -Unfortunately, the use of fixmap in the ACPI code was overlooked as it -is calling set_fixmap() but not clear_fixmap(). - -The function __acpi_os_map_table() is reworked so: - - We know before the mapping whether the fixmap region is big - enough for the mapping. - - It will fail if the fixmap is already in use. This is not a - change of behavior but clarifying the current expectation to avoid - hitting a BUG(). - -The function __acpi_os_unmap_table() will now call clear_fixmap(). - -Reported-by: Wei Xu -Signed-off-by: Julien Grall -Reviewed-by: Stefano Stabellini -(cherry picked from commit 4d625ff3c3a939dc270b03654337568c30c5ab6e) ---- - xen/arch/arm/acpi/lib.c | 73 +++++++++++++++++++++++++++++++++++++------------ - 1 file changed, 56 insertions(+), 17 deletions(-) - -diff --git a/xen/arch/arm/acpi/lib.c b/xen/arch/arm/acpi/lib.c -index fcc186b..a59cc40 100644 ---- a/xen/arch/arm/acpi/lib.c -+++ b/xen/arch/arm/acpi/lib.c -@@ -25,40 +25,79 @@ - #include - #include - -+static bool fixmap_inuse; -+ - char *__acpi_map_table(paddr_t phys, unsigned long size) - { -- unsigned long base, offset, mapped_size; -- int idx; -+ unsigned long base, offset; -+ mfn_t mfn; -+ unsigned int idx; - - /* No arch specific implementation after early boot */ - if ( system_state >= SYS_STATE_boot ) - return NULL; - - offset = phys & (PAGE_SIZE - 1); -- mapped_size = PAGE_SIZE - offset; -- set_fixmap(FIXMAP_ACPI_BEGIN, maddr_to_mfn(phys), PAGE_HYPERVISOR); -- base = FIXMAP_ADDR(FIXMAP_ACPI_BEGIN); -+ base = FIXMAP_ADDR(FIXMAP_ACPI_BEGIN) + offset; -+ -+ /* Check the fixmap is big enough to map the region */ -+ if ( (FIXMAP_ADDR(FIXMAP_ACPI_END) + PAGE_SIZE - base) < size ) -+ return NULL; -+ -+ /* With the fixmap, we can only map one region at the time */ -+ if ( fixmap_inuse ) -+ return NULL; - -- /* Most cases can be covered by the below. */ -+ fixmap_inuse = true; -+ -+ size += offset; -+ mfn = maddr_to_mfn(phys); - idx = FIXMAP_ACPI_BEGIN; -- while ( mapped_size < size ) -- { -- if ( ++idx > FIXMAP_ACPI_END ) -- return NULL; /* cannot handle this */ -- phys += PAGE_SIZE; -- set_fixmap(idx, maddr_to_mfn(phys), PAGE_HYPERVISOR); -- mapped_size += PAGE_SIZE; -- } - -- return ((char *) base + offset); -+ do { -+ set_fixmap(idx, mfn, PAGE_HYPERVISOR); -+ size -= min(size, (unsigned long)PAGE_SIZE); -+ mfn = mfn_add(mfn, 1); -+ idx++; -+ } while ( size > 0 ); -+ -+ return (char *)base; - } - - bool __acpi_unmap_table(const void *ptr, unsigned long size) - { - vaddr_t vaddr = (vaddr_t)ptr; -+ unsigned int idx; -+ -+ /* We are only handling fixmap address in the arch code */ -+ if ( (vaddr < FIXMAP_ADDR(FIXMAP_ACPI_BEGIN)) || -+ (vaddr >= (FIXMAP_ADDR(FIXMAP_ACPI_END) + PAGE_SIZE)) ) -+ return false; -+ -+ /* -+ * __acpi_map_table() will always return a pointer in the first page -+ * for the ACPI fixmap region. The caller is expected to free with -+ * the same address. -+ */ -+ ASSERT((vaddr & PAGE_MASK) == FIXMAP_ADDR(FIXMAP_ACPI_BEGIN)); -+ -+ /* The region allocated fit in the ACPI fixmap region. */ -+ ASSERT(size < (FIXMAP_ADDR(FIXMAP_ACPI_END) + PAGE_SIZE - vaddr)); -+ ASSERT(fixmap_inuse); -+ -+ fixmap_inuse = false; -+ -+ size += vaddr - FIXMAP_ADDR(FIXMAP_ACPI_BEGIN); -+ idx = FIXMAP_ACPI_BEGIN; -+ -+ do -+ { -+ clear_fixmap(idx); -+ size -= min(size, (unsigned long)PAGE_SIZE); -+ idx++; -+ } while ( size > 0 ); - -- return ((vaddr >= FIXMAP_ADDR(FIXMAP_ACPI_BEGIN)) && -- (vaddr < (FIXMAP_ADDR(FIXMAP_ACPI_END) + PAGE_SIZE))); -+ return true; - } - - /* True to indicate PSCI 0.2+ is implemented */ diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0032-xen-arm-Check-if-the-platform-is-not-using-ACPI-befo.patch 4.16.1-1/debian/patches/0032-xen-arm-Check-if-the-platform-is-not-using-ACPI-befo.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0032-xen-arm-Check-if-the-platform-is-not-using-ACPI-befo.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0032-xen-arm-Check-if-the-platform-is-not-using-ACPI-befo.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -From: Julien Grall -Date: Sat, 26 Sep 2020 21:16:55 +0100 -Subject: xen/arm: Check if the platform is not using ACPI before initializing - Dom0less - -Dom0less requires a device-tree. However, since commit 6e3e77120378 -"xen/arm: setup: Relocate the Device-Tree later on in the boot", the -device-tree will not get unflatten when using ACPI. - -This will lead to a crash during boot. - -Given the complexity to setup dom0less with ACPI (for instance how to -assign device?), we should skip any code related to Dom0less when using -ACPI. - -Signed-off-by: Julien Grall -Tested-by: Rahul Singh -Reviewed-by: Rahul Singh -Reviewed-by: Stefano Stabellini -Tested-by: Elliott Mitchell -(cherry picked from commit dac867bf9adc1562a4cf9db5f89726597af13ef8) ---- - xen/arch/arm/setup.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c -index 34b1c1a..fb2f45e 100644 ---- a/xen/arch/arm/setup.c -+++ b/xen/arch/arm/setup.c -@@ -961,7 +961,8 @@ void __init start_xen(unsigned long boot_phys_offset, - if ( construct_dom0(dom0) != 0) - panic("Could not set up DOM0 guest OS\n"); - -- create_domUs(); -+ if ( acpi_disabled ) -+ create_domUs(); - - /* - * This needs to be called **before** heap_init_late() so modules diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0033-xen-arm-Introduce-fw_unreserved_regions-and-use-it.patch 4.16.1-1/debian/patches/0033-xen-arm-Introduce-fw_unreserved_regions-and-use-it.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0033-xen-arm-Introduce-fw_unreserved_regions-and-use-it.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0033-xen-arm-Introduce-fw_unreserved_regions-and-use-it.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,124 +0,0 @@ -From: Julien Grall -Date: Sat, 26 Sep 2020 21:30:14 +0100 -Subject: xen/arm: Introduce fw_unreserved_regions() and use it - -Since commit 6e3e77120378 "xen/arm: setup: Relocate the Device-Tree -later on in the boot", the device-tree will not be kept mapped when -using ACPI. - -However, a few places are calling dt_unreserved_regions() which expects -a valid DT. This will lead to a crash. - -As the DT should not be used for ACPI (other than for detecting the -modules), a new function fw_unreserved_regions() is introduced. - -It will behave the same way on DT system. On ACPI system, it will -unreserve the whole region. - -Take the opportunity to clarify that bootinfo.reserved_mem is only used -when booting using Device-Tree. - -Signed-off-by: Julien Grall -Reviewed-by: Stefano Stabellini -(cherry picked from commit 9c2bc0f24b2ba7082df408b3c33ec9a86bf20cf0) ---- - xen/arch/arm/kernel.c | 2 +- - xen/arch/arm/setup.c | 22 +++++++++++++++++----- - xen/include/asm-arm/setup.h | 3 ++- - 3 files changed, 20 insertions(+), 7 deletions(-) - -diff --git a/xen/arch/arm/kernel.c b/xen/arch/arm/kernel.c -index 8eff074..27dace0 100644 ---- a/xen/arch/arm/kernel.c -+++ b/xen/arch/arm/kernel.c -@@ -307,7 +307,7 @@ static __init int kernel_decompress(struct bootmodule *mod) - * Free the original kernel, update the pointers to the - * decompressed kernel - */ -- dt_unreserved_regions(addr, addr + size, init_domheap_pages, 0); -+ fw_unreserved_regions(addr, addr + size, init_domheap_pages, 0); - - return 0; - } -diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c -index fb2f45e..c94827e 100644 ---- a/xen/arch/arm/setup.c -+++ b/xen/arch/arm/setup.c -@@ -183,8 +183,9 @@ static void __init processor_id(void) - processor_setup(); - } - --void __init dt_unreserved_regions(paddr_t s, paddr_t e, -- void (*cb)(paddr_t, paddr_t), int first) -+static void __init dt_unreserved_regions(paddr_t s, paddr_t e, -+ void (*cb)(paddr_t, paddr_t), -+ int first) - { - int i, nr = fdt_num_mem_rsv(device_tree_flattened); - -@@ -231,6 +232,17 @@ void __init dt_unreserved_regions(paddr_t s, paddr_t e, - cb(s, e); - } - -+void __init fw_unreserved_regions(paddr_t s, paddr_t e, -+ void (*cb)(paddr_t, paddr_t), int first) -+{ -+ if ( acpi_disabled ) -+ dt_unreserved_regions(s, e, cb, first); -+ else -+ cb(s, e); -+} -+ -+ -+ - struct bootmodule __init *add_boot_module(bootmodule_kind kind, - paddr_t start, paddr_t size, - bool domU) -@@ -392,7 +404,7 @@ void __init discard_initial_modules(void) - !mfn_valid(maddr_to_mfn(e)) ) - continue; - -- dt_unreserved_regions(s, e, init_domheap_pages, 0); -+ fw_unreserved_regions(s, e, init_domheap_pages, 0); - } - - mi->nr_mods = 0; -@@ -699,7 +711,7 @@ static void __init setup_mm(void) - n = mfn_to_maddr(mfn_add(xenheap_mfn_start, xenheap_pages)); - } - -- dt_unreserved_regions(s, e, init_boot_pages, 0); -+ fw_unreserved_regions(s, e, init_boot_pages, 0); - - s = n; - } -@@ -752,7 +764,7 @@ static void __init setup_mm(void) - if ( e > bank_end ) - e = bank_end; - -- dt_unreserved_regions(s, e, init_boot_pages, 0); -+ fw_unreserved_regions(s, e, init_boot_pages, 0); - s = n; - } - } -diff --git a/xen/include/asm-arm/setup.h b/xen/include/asm-arm/setup.h -index 2f8f24e..28bf622 100644 ---- a/xen/include/asm-arm/setup.h -+++ b/xen/include/asm-arm/setup.h -@@ -67,6 +67,7 @@ struct bootcmdlines { - - struct bootinfo { - struct meminfo mem; -+ /* The reserved regions are only used when booting using Device-Tree */ - struct meminfo reserved_mem; - struct bootmodules modules; - struct bootcmdlines cmdlines; -@@ -96,7 +97,7 @@ int construct_dom0(struct domain *d); - void create_domUs(void); - - void discard_initial_modules(void); --void dt_unreserved_regions(paddr_t s, paddr_t e, -+void fw_unreserved_regions(paddr_t s, paddr_t e, - void (*cb)(paddr_t, paddr_t), int first); - - size_t boot_fdt_info(const void *fdt, paddr_t paddr); diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0034-xen-arm-acpi-add-BAD_MADT_GICC_ENTRY-macro.patch 4.16.1-1/debian/patches/0034-xen-arm-acpi-add-BAD_MADT_GICC_ENTRY-macro.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0034-xen-arm-acpi-add-BAD_MADT_GICC_ENTRY-macro.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0034-xen-arm-acpi-add-BAD_MADT_GICC_ENTRY-macro.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,60 +0,0 @@ -From: Julien Grall -Date: Wed, 30 Sep 2020 12:25:04 +0100 -Subject: xen/arm: acpi: add BAD_MADT_GICC_ENTRY() macro - -Imported from Linux commit b6cfb277378ef831c0fa84bcff5049307294adc6: - - The BAD_MADT_ENTRY() macro is designed to work for all of the subtables - of the MADT. In the ACPI 5.1 version of the spec, the struct for the - GICC subtable (struct acpi_madt_generic_interrupt) is 76 bytes long; in - ACPI 6.0, the struct is 80 bytes long. But, there is only one definition - in ACPICA for this struct -- and that is the 6.0 version. Hence, when - BAD_MADT_ENTRY() compares the struct size to the length in the GICC - subtable, it fails if 5.1 structs are in use, and there are systems in - the wild that have them. - - This patch adds the BAD_MADT_GICC_ENTRY() that checks the GICC subtable - only, accounting for the difference in specification versions that are - possible. The BAD_MADT_ENTRY() will continue to work as is for all other - MADT subtables. - - This code is being added to an arm64 header file since that is currently - the only architecture using the GICC subtable of the MADT. As a GIC is - specific to ARM, it is also unlikely the subtable will be used elsewhere. - - Fixes: aeb823bbacc2 ("ACPICA: ACPI 6.0: Add changes for FADT table.") - Signed-off-by: Al Stone - Acked-by: Will Deacon - Acked-by: "Rafael J. Wysocki" - [catalin.marinas@arm.com: extra brackets around macro arguments] - Signed-off-by: Catalin Marinas - -Signed-off-by: Julien Grall -Signed-off-by: Andre Przywara -Signed-off-by: Julien Grall -Acked-by: Stefano Stabellini -Tested-by: Elliott Mitchell -(cherry picked from commit 7056f2f89f03f2f804ac7e776c7b2b000cd716cd) ---- - xen/include/asm-arm/acpi.h | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/xen/include/asm-arm/acpi.h b/xen/include/asm-arm/acpi.h -index 5034028..b52ae2d 100644 ---- a/xen/include/asm-arm/acpi.h -+++ b/xen/include/asm-arm/acpi.h -@@ -54,6 +54,14 @@ void acpi_smp_init_cpus(void); - */ - paddr_t acpi_get_table_offset(struct membank tbl_add[], EFI_MEM_RES index); - -+/* Macros for consistency checks of the GICC subtable of MADT */ -+#define ACPI_MADT_GICC_LENGTH \ -+ (acpi_gbl_FADT.header.revision < 6 ? 76 : 80) -+ -+#define BAD_MADT_GICC_ENTRY(entry, end) \ -+ (!(entry) || (unsigned long)(entry) + sizeof(*(entry)) > (end) || \ -+ (entry)->header.length != ACPI_MADT_GICC_LENGTH) -+ - #ifdef CONFIG_ACPI - extern bool acpi_disabled; - /* Basic configuration for ACPI */ diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0035-xen-arm-traps-Don-t-panic-when-receiving-an-unknown-.patch 4.16.1-1/debian/patches/0035-xen-arm-traps-Don-t-panic-when-receiving-an-unknown-.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0035-xen-arm-traps-Don-t-panic-when-receiving-an-unknown-.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0035-xen-arm-traps-Don-t-panic-when-receiving-an-unknown-.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ -From: Julien Grall -Date: Thu, 5 Nov 2020 22:31:06 +0000 -Subject: xen/arm: traps: Don't panic when receiving an unknown debug trap - -Even if debug trap are only meant for debugging purpose, it is quite -harsh to crash Xen if one of the trap sent by the guest is not handled. - -So switch from a panic() to a printk(). - -Signed-off-by: Julien Grall -Reviewed-by: Stefano Stabellini -(cherry picked from commit 957708c2d1ae25d7375abd5e5e70c3043d64f1f1) ---- - xen/arch/arm/traps.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c -index 2197df2..22bd1bd 100644 ---- a/xen/arch/arm/traps.c -+++ b/xen/arch/arm/traps.c -@@ -1411,7 +1411,7 @@ static void do_debug_trap(struct cpu_user_regs *regs, unsigned int code) - show_execution_state(regs); - break; - default: -- panic("DOM%d: Unhandled debug trap %#x\n", domid, code); -+ printk("DOM%d: Unhandled debug trap %#x\n", domid, code); - break; - } - } diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0036-fix-spelling-errors.patch 4.16.1-1/debian/patches/0036-fix-spelling-errors.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0036-fix-spelling-errors.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0036-fix-spelling-errors.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,211 +0,0 @@ -From: Diederik de Haas -Date: Fri, 4 Dec 2020 08:28:21 +0100 -Subject: fix spelling errors - -Only spelling errors; no functional changes. - -In docs/misc/dump-core-format.txt there are a few more instances of -'informations'. I'll leave that up to someone who can properly determine -how those sentences should be constructed. - -Signed-off-by: Diederik de Haas -Reviewed-by: Stefano Stabellini -Acked-by: Jan Beulich -(cherry picked from commit ba6e78f0db820fbeea4df41fde4655020ca05928) ---- - docs/man/xl.1.pod.in | 2 +- - docs/man/xl.cfg.5.pod.in | 2 +- - docs/man/xlcpupool.cfg.5.pod | 2 +- - tools/firmware/rombios/rombios.c | 2 +- - tools/libxl/libxl_stream_read.c | 2 +- - tools/xl/xl_cmdtable.c | 2 +- - xen/arch/x86/boot/video.S | 2 +- - xen/arch/x86/cpu/vpmu.c | 2 +- - xen/arch/x86/mpparse.c | 2 +- - xen/arch/x86/x86_emulate/x86_emulate.c | 2 +- - xen/common/libelf/libelf-dominfo.c | 2 +- - xen/drivers/passthrough/arm/smmu.c | 2 +- - xen/tools/gen-cpuid.py | 2 +- - xen/xsm/flask/policy/access_vectors | 2 +- - 14 files changed, 14 insertions(+), 14 deletions(-) - -diff --git a/docs/man/xl.1.pod.in b/docs/man/xl.1.pod.in -index 52a47a6..3480707 100644 ---- a/docs/man/xl.1.pod.in -+++ b/docs/man/xl.1.pod.in -@@ -1578,7 +1578,7 @@ List vsnd devices for a domain. - Creates a new keyboard device in the domain specified by I. - I describes the device to attach, using the same format as the - B string in the domain config file. See L --for more informations. -+for more information. - - =item B I I - -diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in -index 0532739..b4625f5 100644 ---- a/docs/man/xl.cfg.5.pod.in -+++ b/docs/man/xl.cfg.5.pod.in -@@ -2385,7 +2385,7 @@ If B is set less than 128MB, an error will be triggered. - - =item B - --Speficies a standard VGA card with VBE (VESA BIOS Extensions) as the -+Specifies a standard VGA card with VBE (VESA BIOS Extensions) as the - emulated graphics device. If your guest supports VBE 2.0 or - later (e.g. Windows XP onwards) then you should enable this. - stdvga supports more video ram and bigger resolutions than Cirrus. -diff --git a/docs/man/xlcpupool.cfg.5.pod b/docs/man/xlcpupool.cfg.5.pod -index 3c9ddf7..c577c7c 100644 ---- a/docs/man/xlcpupool.cfg.5.pod -+++ b/docs/man/xlcpupool.cfg.5.pod -@@ -106,7 +106,7 @@ means that cpus 2,3,5 will be member of the cpupool. - means that cpus 0,2,3 and 5 will be member of the cpupool. A "node:" or - "nodes:" modifier can be used. E.g., "0,node:1,nodes:2-3,^10-13" means - that pcpus 0, plus all the cpus of NUMA nodes 1,2,3 with the exception --of cpus 10,11,12,13 will be memeber of the cpupool. -+of cpus 10,11,12,13 will be members of the cpupool. - - =back - -diff --git a/tools/firmware/rombios/rombios.c b/tools/firmware/rombios/rombios.c -index 51558ee..5cda227 100644 ---- a/tools/firmware/rombios/rombios.c -+++ b/tools/firmware/rombios/rombios.c -@@ -2607,7 +2607,7 @@ void ata_detect( ) - write_byte(ebda_seg,&EbdaData->ata.channels[3].irq,11); - #endif - #if BX_MAX_ATA_INTERFACES > 4 --#error Please fill the ATA interface informations -+#error Please fill the ATA interface information - #endif - - // Device detection -diff --git a/tools/libxl/libxl_stream_read.c b/tools/libxl/libxl_stream_read.c -index 514f6d9..99a6714 100644 ---- a/tools/libxl/libxl_stream_read.c -+++ b/tools/libxl/libxl_stream_read.c -@@ -459,7 +459,7 @@ static void stream_continue(libxl__egc *egc, - while (process_record(egc, stream)) - ; /* - * Nothing! process_record() helpfully tells us if no specific -- * futher actions have been set up, in which case we want to go -+ * further actions have been set up, in which case we want to go - * ahead and process the next record. - */ - break; -diff --git a/tools/xl/xl_cmdtable.c b/tools/xl/xl_cmdtable.c -index 0833539..9ad31a6 100644 ---- a/tools/xl/xl_cmdtable.c -+++ b/tools/xl/xl_cmdtable.c -@@ -154,7 +154,7 @@ struct cmd_spec cmd_table[] = { - "-h Print this help.\n" - "-c Leave domain running after creating the snapshot.\n" - "-p Leave domain paused after creating the snapshot.\n" -- "-D Store the domain id in the configration." -+ "-D Store the domain id in the configuration." - }, - { "migrate", - &main_migrate, 0, 1, -diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S -index a485779..0efbe8d 100644 ---- a/xen/arch/x86/boot/video.S -+++ b/xen/arch/x86/boot/video.S -@@ -177,7 +177,7 @@ dac_set: - movb $0, _param(PARAM_LFB_COLORS+7) - - dac_done: --# get protected mode interface informations -+# get protected mode interface information - movw $0x4f0a, %ax - xorw %bx, %bx - xorw %di, %di -diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c -index 0c3f378..fb1b296 100644 ---- a/xen/arch/x86/cpu/vpmu.c -+++ b/xen/arch/x86/cpu/vpmu.c -@@ -680,7 +680,7 @@ static void pvpmu_finish(struct domain *d, xen_pmu_params_t *params) - vcpu_unpause(v); - } - --/* Dump some vpmu informations on console. Used in keyhandler dump_domains(). */ -+/* Dump some vpmu information to console. Used in keyhandler dump_domains(). */ - void vpmu_dump(struct vcpu *v) - { - struct vpmu_struct *vpmu = vcpu_vpmu(v); -diff --git a/xen/arch/x86/mpparse.c b/xen/arch/x86/mpparse.c -index d532575..dff02b1 100644 ---- a/xen/arch/x86/mpparse.c -+++ b/xen/arch/x86/mpparse.c -@@ -170,7 +170,7 @@ static int MP_processor_info_x(struct mpc_config_processor *m, - if (num_processors >= 8 && hotplug - && genapic.name == apic_default.name) { - printk_once(XENLOG_WARNING -- "WARNING: CPUs limit of 8 reached - ignoring futher processors\n"); -+ "WARNING: CPUs limit of 8 reached - ignoring further processors\n"); - unaccounted_cpus = true; - return -ENOSPC; - } -diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c -index de46ec1..605e535 100644 ---- a/xen/arch/x86/x86_emulate/x86_emulate.c -+++ b/xen/arch/x86/x86_emulate/x86_emulate.c -@@ -3244,7 +3244,7 @@ x86_decode( - case 0x23: /* mov reg,dr */ - /* - * Mov to/from cr/dr ignore the encoding of Mod, and behave as -- * if they were encoded as reg/reg instructions. No futher -+ * if they were encoded as reg/reg instructions. No further - * disp/SIB bytes are fetched. - */ - modrm_mod = 3; -diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c -index 508f08d..69c94b6 100644 ---- a/xen/common/libelf/libelf-dominfo.c -+++ b/xen/common/libelf/libelf-dominfo.c -@@ -1,5 +1,5 @@ - /* -- * parse xen-specific informations out of elf kernel binaries. -+ * parse xen-specific information out of elf kernel binaries. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c -index 4ba6d3a..5c95131 100644 ---- a/xen/drivers/passthrough/arm/smmu.c -+++ b/xen/drivers/passthrough/arm/smmu.c -@@ -214,7 +214,7 @@ struct iommu_domain - struct list_head list; - }; - --/* Xen: Describes informations required for a Xen domain */ -+/* Xen: Describes information required for a Xen domain */ - struct arm_smmu_xen_domain { - spinlock_t lock; - /* List of context (i.e iommu_domain) associated to this domain */ -diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py -index ffd9529..14f56df 100755 ---- a/xen/tools/gen-cpuid.py -+++ b/xen/tools/gen-cpuid.py -@@ -192,7 +192,7 @@ def crunch_numbers(state): - FXSR: [FFXSR, SSE], - - # SSE is taken to mean support for the %XMM registers as well as the -- # instructions. Several futher instruction sets are built on core -+ # instructions. Several further instruction sets are built on core - # %XMM support, without specific inter-dependencies. Additionally - # AMD has a special mis-alignment sub-mode. - SSE: [SSE2, MISALIGNSSE], -diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors -index b87c99e..5371196 100644 ---- a/xen/xsm/flask/policy/access_vectors -+++ b/xen/xsm/flask/policy/access_vectors -@@ -509,7 +509,7 @@ class security - # - class version - { --# Extra informations (-unstable). -+# Extra information (-unstable). - xen_extraversion - # Compile information of the hypervisor. - xen_compile_info diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0037-xen-don-t-have-timestamp-inserted-in-config.gz.patch 4.16.1-1/debian/patches/0037-xen-don-t-have-timestamp-inserted-in-config.gz.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0037-xen-don-t-have-timestamp-inserted-in-config.gz.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0037-xen-don-t-have-timestamp-inserted-in-config.gz.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ -From: =?utf-8?b?IkZyw6lkw6lyaWMgUGllcnJldCAoZmVwaXRyZSki?= - -Date: Wed, 4 Nov 2020 09:24:40 +0100 -Subject: xen: don't have timestamp inserted in config.gz -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 8bit - -This is for improving reproducible builds. - -Signed-off-by: Frédéric Pierret (fepitre) -Acked-by: Jan Beulich -(cherry picked from commit 5816d327e44ab37ae08730f4c54a80835998f31f) ---- - xen/common/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xen/common/Makefile b/xen/common/Makefile -index 06881d0..32cd650 100644 ---- a/xen/common/Makefile -+++ b/xen/common/Makefile -@@ -77,7 +77,7 @@ obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/ - - CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(XEN_ROOT)/xen/)$(KCONFIG_CONFIG) - config.gz: $(CONF_FILE) -- gzip -c $< >$@ -+ gzip -n -c $< >$@ - - config_data.o: config.gz - diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0038-x86-EFI-don-t-insert-timestamp-when-SOURCE_DATE_EPOC.patch 4.16.1-1/debian/patches/0038-x86-EFI-don-t-insert-timestamp-when-SOURCE_DATE_EPOC.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0038-x86-EFI-don-t-insert-timestamp-when-SOURCE_DATE_EPOC.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0038-x86-EFI-don-t-insert-timestamp-when-SOURCE_DATE_EPOC.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -From: Maximilian Engelhardt -Date: Tue, 22 Dec 2020 08:59:14 +0100 -Subject: x86/EFI: don't insert timestamp when SOURCE_DATE_EPOCH is defined - -By default a timestamp gets added to the xen efi binary. Unfortunately -ld doesn't seem to provide a way to set a custom date, like from -SOURCE_DATE_EPOCH, so set a zero value for the timestamp (option ---no-insert-timestamp) if SOURCE_DATE_EPOCH is defined. This makes -reproducible builds possible. - -This is an alternative to the patch suggested in [1]. This patch only -omits the timestamp when SOURCE_DATE_EPOCH is defined. - -[1] https://lists.xenproject.org/archives/html/xen-devel/2020-10/msg02161.html - -Signed-off-by: Maximilian Engelhardt -Acked-by: Jan Beulich -(cherry picked from commit ee41b5c450032ae7f2531e18cd0a73bf5fb48803) ---- - xen/arch/x86/Makefile | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile -index fd0acd5..45a8c8f 100644 ---- a/xen/arch/x86/Makefile -+++ b/xen/arch/x86/Makefile -@@ -172,6 +172,12 @@ EFI_LDFLAGS += --major-image-version=$(XEN_VERSION) - EFI_LDFLAGS += --minor-image-version=$(XEN_SUBVERSION) - EFI_LDFLAGS += --major-os-version=2 --minor-os-version=0 - EFI_LDFLAGS += --major-subsystem-version=2 --minor-subsystem-version=0 -+# It seems ld unfortunately can't set a custom timestamp, so add a zero value -+# for the timestamp (option --no-insert-timestamp) if SOURCE_DATE_EPOCH is -+# defined to make reproducible builds possible. -+ifdef SOURCE_DATE_EPOCH -+EFI_LDFLAGS += --no-insert-timestamp -+endif - - # Check if the compiler supports the MS ABI. - export XEN_BUILD_EFI := $(shell $(CC) $(XEN_CFLAGS) -c efi/check.c -o efi/check.o 2>/dev/null && echo y) diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0039-docs-use-predictable-ordering-in-generated-documenta.patch 4.16.1-1/debian/patches/0039-docs-use-predictable-ordering-in-generated-documenta.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0039-docs-use-predictable-ordering-in-generated-documenta.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0039-docs-use-predictable-ordering-in-generated-documenta.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -From: Maximilian Engelhardt -Date: Fri, 18 Dec 2020 21:42:34 +0100 -Subject: docs: use predictable ordering in generated documentation - -When the seq number is equal, sort by the title to get predictable -output ordering. This is useful for reproducible builds. - -Signed-off-by: Maximilian Engelhardt -Acked-by: Andrew Cooper -(cherry picked from commit e18dadc5b709290b8038a1cacb52bc3b3b69cf21) ---- - docs/xen-headers | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/docs/xen-headers b/docs/xen-headers -index 5415563..8c434d7 100755 ---- a/docs/xen-headers -+++ b/docs/xen-headers -@@ -331,7 +331,7 @@ sub output_index () { -

Starting points

-
    - END -- foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} } @incontents) { -+ foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} or $a->{Title} cmp $b->{Title} } @incontents) { - $o .= "
  • {Href}\">$ic->{Title}
    • \n"; - } - $o .= "
\n"; diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0040-docs-set-date-to-SOURCE_DATE_EPOCH-if-available.patch 4.16.1-1/debian/patches/0040-docs-set-date-to-SOURCE_DATE_EPOCH-if-available.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0040-docs-set-date-to-SOURCE_DATE_EPOCH-if-available.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0040-docs-set-date-to-SOURCE_DATE_EPOCH-if-available.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -From: Maximilian Engelhardt -Date: Fri, 18 Dec 2020 21:42:35 +0100 -Subject: docs: set date to SOURCE_DATE_EPOCH if available - -Use the solution described in [1] to replace the call to the 'date' -command with a version that uses SOURCE_DATE_EPOCH if available. This -is needed for reproducible builds. - -[1] https://reproducible-builds.org/docs/source-date-epoch/ - -Signed-off-by: Maximilian Engelhardt - -[Hans van Kranenburg] -Note: this patch is submitted upstream but not committed yet. We -expect that it gets in. Otherwise, we don't wait and already have it -here because I want to have the reproducible build work completed. ---- - docs/Makefile | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/docs/Makefile b/docs/Makefile -index 8de1efb..ac6792f 100644 ---- a/docs/Makefile -+++ b/docs/Makefile -@@ -3,7 +3,13 @@ include $(XEN_ROOT)/Config.mk - -include $(XEN_ROOT)/config/Docs.mk - - VERSION := $(shell $(MAKE) -C $(XEN_ROOT)/xen --no-print-directory xenversion) --DATE := $(shell date +%Y-%m-%d) -+ -+DATE_FMT := +%Y-%m-%d -+ifdef SOURCE_DATE_EPOCH -+DATE := $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" "$(DATE_FMT)" 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" "$(DATE_FMT)" 2>/dev/null || date -u "$(DATE_FMT)") -+else -+DATE := $(shell date "$(DATE_FMT)") -+endif - - DOC_ARCHES := arm x86_32 x86_64 - MAN_SECTIONS := 1 5 7 8 diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0041-x86-ACPI-fix-mapping-of-FACS.patch 4.16.1-1/debian/patches/0041-x86-ACPI-fix-mapping-of-FACS.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0041-x86-ACPI-fix-mapping-of-FACS.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0041-x86-ACPI-fix-mapping-of-FACS.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,52 +0,0 @@ -From: Jan Beulich -Date: Tue, 24 Nov 2020 11:26:02 +0100 -Subject: x86/ACPI: fix mapping of FACS -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 8bit - -acpi_fadt_parse_sleep_info() runs when the system is already in -SYS_STATE_boot. Hence its direct call to __acpi_map_table() won't work -anymore. This call should probably have been replaced long ago already, -as the layering violation hasn't been necessary for quite some time. - -Fixes: 1c4aa69ca1e1 ("xen/acpi: Rework acpi_os_map_memory() and acpi_os_unmap_memory()") -Signed-off-by: Jan Beulich -Acked-by: Roger Pau Monné -(cherry picked from commit 8b6d55c1261820bb9db8d867ce9ee77397d05203) ---- - xen/arch/x86/acpi/boot.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/xen/arch/x86/acpi/boot.c b/xen/arch/x86/acpi/boot.c -index 38c2b76..3ad4105 100644 ---- a/xen/arch/x86/acpi/boot.c -+++ b/xen/arch/x86/acpi/boot.c -@@ -422,8 +422,7 @@ acpi_fadt_parse_sleep_info(const struct acpi_table_fadt *fadt) - if (!facs_pa) - goto bad; - -- facs = (struct acpi_table_facs *) -- __acpi_map_table(facs_pa, sizeof(struct acpi_table_facs)); -+ facs = acpi_os_map_memory(facs_pa, sizeof(*facs)); - if (!facs) - goto bad; - -@@ -448,11 +447,16 @@ acpi_fadt_parse_sleep_info(const struct acpi_table_fadt *fadt) - offsetof(struct acpi_table_facs, firmware_waking_vector); - acpi_sinfo.vector_width = 32; - -+ acpi_os_unmap_memory(facs, sizeof(*facs)); -+ - printk(KERN_INFO PREFIX - " wakeup_vec[%"PRIx64"], vec_size[%x]\n", - acpi_sinfo.wakeup_vector, acpi_sinfo.vector_width); - return; --bad: -+ -+ bad: -+ if (facs) -+ acpi_os_unmap_memory(facs, sizeof(*facs)); - memset(&acpi_sinfo, 0, - offsetof(struct acpi_sleep_info, sleep_control)); - memset(&acpi_sinfo.sleep_status + 1, 0, diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0042-x86-DMI-fix-table-mapping-when-one-lives-above-1Mb.patch 4.16.1-1/debian/patches/0042-x86-DMI-fix-table-mapping-when-one-lives-above-1Mb.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0042-x86-DMI-fix-table-mapping-when-one-lives-above-1Mb.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0042-x86-DMI-fix-table-mapping-when-one-lives-above-1Mb.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,149 +0,0 @@ -From: Jan Beulich -Date: Tue, 24 Nov 2020 11:26:34 +0100 -Subject: x86/DMI: fix table mapping when one lives above 1Mb -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 8bit - -Use of __acpi_map_table() is kind of an abuse here, and doesn't work -anymore for the majority of cases if any of the tables lives outside the -low first Mb. Keep this (ab)use only prior to reaching SYS_STATE_boot, -primarily to avoid needing to audit whether any of the calls here can -happen this early in the first place; quite likely this isn't necessary -at all - at least dmi_scan_machine() gets called late enough. - -For the "normal" case, call __vmap() directly, despite effectively -duplicating acpi_os_map_memory(). There's one difference though: We -shouldn't need to establish UC- mappings, WP or r/o WB mappings ought to -be fine, as the tables are going to live in either RAM or ROM. Short of -having PAGE_HYPERVISOR_WP and wanting to map the tables r/o anyway, use -the latter of the two options. The r/o mapping implies some -constification of code elsewhere in the file. For code touched anyway -also switch to void (where possible) or uint8_t. - -Fixes: 1c4aa69ca1e1 ("xen/acpi: Rework acpi_os_map_memory() and acpi_os_unmap_memory()") -Signed-off-by: Jan Beulich -Acked-by: Roger Pau Monné -(cherry picked from commit f390941a92f102ebbbbce1b54be206a602187fd7) ---- - xen/arch/x86/dmi_scan.c | 53 ++++++++++++++++++++++++++++++++++--------------- - 1 file changed, 37 insertions(+), 16 deletions(-) - -diff --git a/xen/arch/x86/dmi_scan.c b/xen/arch/x86/dmi_scan.c -index e5930d2..d27cd34 100644 ---- a/xen/arch/x86/dmi_scan.c -+++ b/xen/arch/x86/dmi_scan.c -@@ -12,8 +12,6 @@ - #include - #include - --#define bt_ioremap(b,l) ((void *)__acpi_map_table(b,l)) --#define bt_iounmap(b,l) ((void)0) - #define memcpy_fromio memcpy - #define alloc_bootmem(l) xmalloc_bytes(l) - -@@ -111,9 +109,32 @@ enum dmi_entry_type { - #define dmi_printk(x) - #endif - --static char * __init dmi_string(struct dmi_header *dm, u8 s) -+static const void *__init bt_ioremap(paddr_t addr, unsigned int len) - { -- char *bp=(char *)dm; -+ mfn_t mfn = _mfn(PFN_DOWN(addr)); -+ unsigned int offs = PAGE_OFFSET(addr); -+ -+ if ( addr + len <= MB(1) ) -+ return __va(addr); -+ -+ if ( system_state < SYS_STATE_boot ) -+ return __acpi_map_table(addr, len); -+ -+ return __vmap(&mfn, PFN_UP(offs + len), 1, 1, PAGE_HYPERVISOR_RO, -+ VMAP_DEFAULT) + offs; -+} -+ -+static void __init bt_iounmap(const void *ptr, unsigned int len) -+{ -+ if ( (unsigned long)ptr < DIRECTMAP_VIRT_START && -+ system_state >= SYS_STATE_boot ) -+ vunmap(ptr); -+} -+ -+static const char *__init dmi_string(const struct dmi_header *dm, uint8_t s) -+{ -+ const char *bp = (const void *)dm; -+ - bp+=dm->length; - if(!s) - return ""; -@@ -133,11 +154,10 @@ static char * __init dmi_string(struct dmi_header *dm, u8 s) - */ - - static int __init dmi_table(paddr_t base, u32 len, int num, -- void (*decode)(struct dmi_header *)) -+ void (*decode)(const struct dmi_header *)) - { -- u8 *buf; -- struct dmi_header *dm; -- u8 *data; -+ const uint8_t *buf, *data; -+ const struct dmi_header *dm; - int i=0; - - buf = bt_ioremap(base, len); -@@ -301,7 +321,7 @@ typedef union { - - static int __init _dmi_iterate(const struct dmi_eps *dmi, - const smbios_eps_u smbios, -- void (*decode)(struct dmi_header *)) -+ void (*decode)(const struct dmi_header *)) - { - int num; - u32 len; -@@ -335,7 +355,7 @@ static int __init _dmi_iterate(const struct dmi_eps *dmi, - return dmi_table(base, len, num, decode); - } - --static int __init dmi_iterate(void (*decode)(struct dmi_header *)) -+static int __init dmi_iterate(void (*decode)(const struct dmi_header *)) - { - struct dmi_eps dmi; - struct smbios3_eps smbios3; -@@ -370,7 +390,7 @@ static int __init dmi_iterate(void (*decode)(struct dmi_header *)) - return -1; - } - --static int __init dmi_efi_iterate(void (*decode)(struct dmi_header *)) -+static int __init dmi_efi_iterate(void (*decode)(const struct dmi_header *)) - { - int ret = -1; - -@@ -433,10 +453,11 @@ static char *__initdata dmi_ident[DMI_STRING_MAX]; - * Save a DMI string - */ - --static void __init dmi_save_ident(struct dmi_header *dm, int slot, int string) -+static void __init dmi_save_ident(const struct dmi_header *dm, int slot, int string) - { -- char *d = (char*)dm; -- char *p = dmi_string(dm, d[string]); -+ const char *d = (const void *)dm; -+ const char *p = dmi_string(dm, d[string]); -+ - if(p==NULL || *p == 0) - return; - if (dmi_ident[slot]) -@@ -629,10 +650,10 @@ static const struct dmi_blacklist __initconstrel dmi_blacklist[] = { - * out of here. - */ - --static void __init dmi_decode(struct dmi_header *dm) -+static void __init dmi_decode(const struct dmi_header *dm) - { - #ifdef DMI_DEBUG -- u8 *data = (u8 *)dm; -+ const uint8_t *data = (const void *)dm; - #endif - - switch(dm->type) diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0043-x86-ACPI-fix-S3-wakeup-vector-mapping.patch 4.16.1-1/debian/patches/0043-x86-ACPI-fix-S3-wakeup-vector-mapping.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0043-x86-ACPI-fix-S3-wakeup-vector-mapping.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0043-x86-ACPI-fix-S3-wakeup-vector-mapping.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,83 +0,0 @@ -From: Jan Beulich -Date: Tue, 5 Jan 2021 13:09:55 +0100 -Subject: x86/ACPI: fix S3 wakeup vector mapping -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 8bit - -Use of __acpi_map_table() here was at least close to an abuse already -before, but it will now consistently return NULL here. Drop the layering -violation and use set_fixmap() directly. Re-use of the ACPI fixmap area -is hopefully going to remain "fine" for the time being. - -Add checks to acpi_enter_sleep(): The vector now needs to be contained -within a single page, but the ACPI spec requires 64-byte alignment of -FACS anyway. Also bail if no wakeup vector was determined in the first -place, in part as preparation for a subsequent relaxation change. - -Fixes: 1c4aa69ca1e1 ("xen/acpi: Rework acpi_os_map_memory() and acpi_os_unmap_memory()") -Signed-off-by: Jan Beulich -Acked-by: Roger Pau Monné -(cherry picked from commit 0f089bbf43ecce6f27576cb548ba4341d0ec46a8) ---- - xen/arch/x86/acpi/boot.c | 5 +++++ - xen/arch/x86/acpi/power.c | 15 ++++++++++++--- - 2 files changed, 17 insertions(+), 3 deletions(-) - -diff --git a/xen/arch/x86/acpi/boot.c b/xen/arch/x86/acpi/boot.c -index 3ad4105..7994228 100644 ---- a/xen/arch/x86/acpi/boot.c -+++ b/xen/arch/x86/acpi/boot.c -@@ -443,6 +443,11 @@ acpi_fadt_parse_sleep_info(const struct acpi_table_fadt *fadt) - "FACS is shorter than ACPI spec allow: %#x", - facs->length); - -+ if (facs_pa % 64) -+ printk(KERN_WARNING PREFIX -+ "FACS is not 64-byte aligned: %#lx", -+ facs_pa); -+ - acpi_sinfo.wakeup_vector = facs_pa + - offsetof(struct acpi_table_facs, firmware_waking_vector); - acpi_sinfo.vector_width = 32; -diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c -index 604cb7e..3486a9c 100644 ---- a/xen/arch/x86/acpi/power.c -+++ b/xen/arch/x86/acpi/power.c -@@ -174,17 +174,20 @@ static void acpi_sleep_prepare(u32 state) - if ( state != ACPI_STATE_S3 ) - return; - -- wakeup_vector_va = __acpi_map_table( -- acpi_sinfo.wakeup_vector, sizeof(uint64_t)); -- - /* TBoot will set resume vector itself (when it is safe to do so). */ - if ( tboot_in_measured_env() ) - return; - -+ set_fixmap(FIX_ACPI_END, acpi_sinfo.wakeup_vector); -+ wakeup_vector_va = fix_to_virt(FIX_ACPI_END) + -+ PAGE_OFFSET(acpi_sinfo.wakeup_vector); -+ - if ( acpi_sinfo.vector_width == 32 ) - *(uint32_t *)wakeup_vector_va = bootsym_phys(wakeup_start); - else - *(uint64_t *)wakeup_vector_va = bootsym_phys(wakeup_start); -+ -+ clear_fixmap(FIX_ACPI_END); - } - - static void acpi_sleep_post(u32 state) {} -@@ -333,6 +336,12 @@ static long enter_state_helper(void *data) - */ - int acpi_enter_sleep(struct xenpf_enter_acpi_sleep *sleep) - { -+ if ( sleep->sleep_state == ACPI_STATE_S3 && -+ (!acpi_sinfo.wakeup_vector || !acpi_sinfo.vector_width || -+ (PAGE_OFFSET(acpi_sinfo.wakeup_vector) > -+ PAGE_SIZE - acpi_sinfo.vector_width / 8)) ) -+ return -EOPNOTSUPP; -+ - if ( sleep->flags & XENPF_ACPI_SLEEP_EXTENDED ) - { - if ( !acpi_sinfo.sleep_control.address || diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/0044-x86-ACPI-don-t-invalidate-S5-data-when-S3-wakeup-vec.patch 4.16.1-1/debian/patches/0044-x86-ACPI-don-t-invalidate-S5-data-when-S3-wakeup-vec.patch --- 4.14.3+32-g9de3671772-1/debian/patches/0044-x86-ACPI-don-t-invalidate-S5-data-when-S3-wakeup-vec.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/0044-x86-ACPI-don-t-invalidate-S5-data-when-S3-wakeup-vec.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,58 +0,0 @@ -From: Jan Beulich -Date: Tue, 5 Jan 2021 13:11:04 +0100 -Subject: x86/ACPI: don't invalidate S5 data when S3 wakeup vector cannot be - determined -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 8bit - -We can be more tolerant as long as the data collected from FACS is only -needed to enter S3. A prior change already added suitable checking to -acpi_enter_sleep(). - -Signed-off-by: Jan Beulich -Acked-by: Roger Pau Monné -(cherry picked from commit 16ca5b3f873f17f4fbdaecf46c133e1aa3d623b2) ---- - xen/arch/x86/acpi/boot.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/xen/arch/x86/acpi/boot.c b/xen/arch/x86/acpi/boot.c -index 7994228..9e857c3 100644 ---- a/xen/arch/x86/acpi/boot.c -+++ b/xen/arch/x86/acpi/boot.c -@@ -420,22 +420,22 @@ acpi_fadt_parse_sleep_info(const struct acpi_table_fadt *fadt) - facs_pa = (uint64_t)fadt->facs; - } - if (!facs_pa) -- goto bad; -+ return; - - facs = acpi_os_map_memory(facs_pa, sizeof(*facs)); - if (!facs) -- goto bad; -+ return; - - if (strncmp(facs->signature, "FACS", 4)) { - printk(KERN_ERR PREFIX "Invalid FACS signature %.4s\n", - facs->signature); -- goto bad; -+ goto done; - } - - if (facs->length < 24) { - printk(KERN_ERR PREFIX "Invalid FACS table length: %#x", - facs->length); -- goto bad; -+ goto done; - } - - if (facs->length < 64) -@@ -452,6 +452,7 @@ acpi_fadt_parse_sleep_info(const struct acpi_table_fadt *fadt) - offsetof(struct acpi_table_facs, firmware_waking_vector); - acpi_sinfo.vector_width = 32; - -+ done: - acpi_os_unmap_memory(facs, sizeof(*facs)); - - printk(KERN_INFO PREFIX diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/misc/toolstestsx86_emulator-pass--no-pie--fno.patch 4.16.1-1/debian/patches/misc/toolstestsx86_emulator-pass--no-pie--fno.patch --- 4.14.3+32-g9de3671772-1/debian/patches/misc/toolstestsx86_emulator-pass--no-pie--fno.patch 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/misc/toolstestsx86_emulator-pass--no-pie--fno.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -From: Ian Jackson -Date: Tue, 1 Nov 2016 16:20:27 +0000 -Subject: tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc on x86_32 - -The current build fails with GCC6 on Debian sid i386 (unstable): - - /tmp/ccqjaueF.s: Assembler messages: - /tmp/ccqjaueF.s:3713: Error: missing or invalid displacement expression `vmovd_to_reg_len@GOT' - -This is due to the combination of GCC6, and Debian's decision to -enable some hardening flags by default (to try to make runtime -addresses less predictable): - https://wiki.debian.org/Hardening/PIEByDefaultTransition - -This is of no benefit for the x86 instruction emulator test, which is -a rebuild of the emulator code for testing purposes only. So pass -options to disable this. - -These options will be no-ops if they are the same as the compiler -default. - -On amd64, the -fno-pic breaks the build in a different way. So do -this only on i386. - -Signed-off-by: Ian Jackson -CC: Jan Beulich -CC: Andrew Cooper ---- - tools/tests/x86_emulator/Makefile | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/tools/tests/x86_emulator/Makefile b/tools/tests/x86_emulator/Makefile -index 48b3e6d..83bc757 100644 ---- a/tools/tests/x86_emulator/Makefile -+++ b/tools/tests/x86_emulator/Makefile -@@ -283,6 +283,10 @@ HOSTCFLAGS-x86_64 := -fno-PIE - $(call cc-option-add,HOSTCFLAGS-x86_64,HOSTCC,-no-pie) - HOSTCFLAGS += $(CFLAGS_xeninclude) -I. $(HOSTCFLAGS-$(XEN_COMPILE_ARCH)) - -+ifeq ($(XEN_TARGET_ARCH),x86_32) -+HOSTCFLAGS += -no-pie -fno-pic -+endif -+ - x86.h := $(addprefix $(XEN_ROOT)/tools/include/xen/asm/,\ - x86-vendors.h x86-defns.h msr-index.h) \ - $(addprefix $(XEN_ROOT)/tools/include/xen/lib/x86/, \ diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/prefix-abiname/config-prefix.diff 4.16.1-1/debian/patches/prefix-abiname/config-prefix.diff --- 4.14.3+32-g9de3671772-1/debian/patches/prefix-abiname/config-prefix.diff 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/prefix-abiname/config-prefix.diff 2022-05-09 20:29:23.000000000 +0000 @@ -9,7 +9,7 @@ Patch-Name: config-prefix.diff 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk -index 0dab3b7..4cb368f 100644 +index 5909d3a..cd0fa13 100644 --- a/Config.mk +++ b/Config.mk @@ -74,7 +74,7 @@ EXTRA_LIB += $(EXTRA_PREFIX)/lib diff -pruN 4.14.3+32-g9de3671772-1/debian/patches/series 4.16.1-1/debian/patches/series --- 4.14.3+32-g9de3671772-1/debian/patches/series 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/patches/series 2022-05-09 20:29:23.000000000 +0000 @@ -1,44 +1,24 @@ 0001-Delete-config.sub-and-config.guess.patch 0002-Delete-configure-output.patch -0003-version.patch +0003-Display-Debian-package-version-in-hypervisor-log.patch prefix-abiname/config-prefix.diff 0005-Do-not-ship-COPYING-into-usr-include.patch misc/tools-pygrub-remove-static-solaris-support -misc/toolstestsx86_emulator-pass--no-pie--fno.patch -0008-Do-not-build-the-instruction-emulator.patch -0009-tools-libfsimage-prefix.diff.patch -0010-autoconf-Provide-libexec_libdir_suffix.patch -0011-.gitignore-Add-configure-output-which-we-always-dele.patch -0012-Revert-pvshim-make-PV-shim-build-selectable-from-con.patch -0013-tools-firmware-Makfile-Respect-caller-s-CONFIG_PV_SH.patch -0014-tools-firmware-Makefile-CONFIG_PV_SHIM-enable-only-o.patch -0015-shim-Provide-separate-install-shim-target.patch -0016-docs-man-xen-vbd-interface.7-Provide-properly-format.patch -0017-Fix-empty-fields-in-first-hypervisor-log-line.patch -0018-vif-common-disable-handle_iptable.patch -0019-sysconfig.xencommons.in-Strip-and-debianize.patch -0020-hotplug-common-Do-not-adjust-LD_LIBRARY_PATH.patch -0021-pygrub-Set-sys.path.patch -0022-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch -0023-tools-xl-bash-completion-also-complete-xen.patch -0024-tools-don-t-build-ship-xenmon.patch -0025-tools-Partially-revert-Cross-compilation-fixes.patch -0026-t-h-L-vif-common.sh-fix-handle_iptable-return-value.patch -0027-xen-rpi4-implement-watchdog-based-reset.patch -0028-tools-python-Pass-linker-to-Python-build-process.patch -0029-xen-arm-acpi-Don-t-fail-if-SPCR-table-is-absent.patch -0030-xen-acpi-Rework-acpi_os_map_memory-and-acpi_os_unmap.patch -0031-xen-arm-acpi-The-fixmap-area-should-always-be-cleare.patch -0032-xen-arm-Check-if-the-platform-is-not-using-ACPI-befo.patch -0033-xen-arm-Introduce-fw_unreserved_regions-and-use-it.patch -0034-xen-arm-acpi-add-BAD_MADT_GICC_ENTRY-macro.patch -0035-xen-arm-traps-Don-t-panic-when-receiving-an-unknown-.patch -0036-fix-spelling-errors.patch -0037-xen-don-t-have-timestamp-inserted-in-config.gz.patch -0038-x86-EFI-don-t-insert-timestamp-when-SOURCE_DATE_EPOC.patch -0039-docs-use-predictable-ordering-in-generated-documenta.patch -0040-docs-set-date-to-SOURCE_DATE_EPOCH-if-available.patch -0041-x86-ACPI-fix-mapping-of-FACS.patch -0042-x86-DMI-fix-table-mapping-when-one-lives-above-1Mb.patch -0043-x86-ACPI-fix-S3-wakeup-vector-mapping.patch -0044-x86-ACPI-don-t-invalidate-S5-data-when-S3-wakeup-vec.patch +0007-Do-not-build-the-instruction-emulator.patch +0008-tools-libfsimage-prefix.diff.patch +0009-autoconf-Provide-libexec_libdir_suffix.patch +0010-.gitignore-Add-configure-output-which-we-always-dele.patch +0011-config-Tools.mk.in-Respect-caller-s-CONFIG_PV_SHIM.patch +0012-shim-Provide-separate-install-shim-target.patch +0013-docs-man-xen-vbd-interface.7-Provide-properly-format.patch +0014-t-h-L-vif-common.sh-disable-handle_iptable.patch +0015-sysconfig.xencommons.in-Strip-and-debianize.patch +0016-hotplug-common-Do-not-adjust-LD_LIBRARY_PATH.patch +0017-pygrub-Set-sys.path.patch +0018-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch +0019-tools-xl-bash-completion-also-complete-xen.patch +0020-tools-don-t-build-ship-xenmon.patch +0021-docs-set-date-to-SOURCE_DATE_EPOCH-if-available.patch +0022-xen-arch-x86-make-objdump-output-user-locale-agnosti.patch +0023-give-meaningful-error-message-if-qemu-device-model-i.patch +0024-libxl-Fix-unneededly-rebuilding-build.o-pic.patch diff -pruN 4.14.3+32-g9de3671772-1/debian/rules 4.16.1-1/debian/rules --- 4.14.3+32-g9de3671772-1/debian/rules 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/rules 2022-05-09 20:29:23.000000000 +0000 @@ -5,6 +5,11 @@ SHELL := bash -e +# SOURCE_BASE_DIR is used by our delta queue to find the top directory. It +# seems this information is currenty not directly provided by the Debian build +# system. +export SOURCE_BASE_DIR=$(shell pwd) + # This influences dpkg-buildflags to specify better linker # options. See https://wiki.debian.org/Hardening # Apparently some of these might incur silent breakage @@ -19,15 +24,13 @@ SHELL := bash -e # Inexplicably, if you tell make `export V=value' and `$(shell ...)' # it does not pass V to the shell. WTF. So we set a variable # dbmo which we include in the relevant $(shell ...) invocations. -dbmo= DEB_BUILD_MAINT_OPTIONS="hardening=+all reproducible=+fixfilepath" +dbmo= DEB_BUILD_MAINT_OPTIONS="hardening=+all" # Architecture handling. # # We need to explicitly specify the architecture because the Xen # upstream build system likes to use `uname' which can produce wrong -# answers it other-bitness chroots, and because we need to build a -# 64-bit hypervisor even on i386 (since there is no 32-bit hypervisor -# anymore). +# answers in other-bitness chroots. # Also there is terminological confusion. The DEB_* variables follow # GNU GCC terminology: @@ -42,12 +45,10 @@ include /usr/share/dpkg/architecture.mk # Debian nor GNU names. flavour_amd64 = amd64 -flavour_i386 = amd64 flavour_armhf = armhf flavour_arm64 = arm64 xen_arch_amd64 = x86_64 -xen_arch_i386 = x86_32 xen_arch_armhf = arm32 xen_arch_arm64 = arm64 @@ -164,12 +165,9 @@ export XEN_BUILD_TIME=$(shell LC_ALL=C d export SMBIOS_REL_DATE=$(shell LC_ALL=C date -u -d "@$(SOURCE_DATE_EPOCH)" "+%m/%d/%Y") export VGABIOS_REL_DATE=$(shell LC_ALL=C date -u -d "@$(SOURCE_DATE_EPOCH)" "+%d %b %Y") -export PYBUILD_NAME=xen -export PYBUILD_DISABLE=test -export PYBUILD_SYSTEM=distutils %: - dh $@ --with=python3 --buildsystem=pybuild + dh $@ --with=python3 # Without this, something on stretch passes CFLAGS in the environment # to the Xen build system, which then (with 4.11) chokes printing @@ -209,22 +207,20 @@ override_dh_auto_configure: --disable-blktap1 \ --disable-blktap2 \ --disable-qemu-traditional --disable-rombios \ - --with-system-qemu=/usr/bin/qemu-system-i386 \ + --with-system-qemu=/usr/libexec/xen-qemu-system-i386 \ --enable-ovmf --with-system-ovmf=/usr/share/ovmf/OVMF.fd \ --with-system-seabios=/usr/share/seabios/bios-256k.bin # tools/firmware/xen-dir is the `shim' used for booting PV guests # in an HVM container, for security (particularly, for meltdown/spectre -# mitigation). It's actually a hypervisor. On i386 it is not built -# by `make tools' because run that with XEN_COMPILE_ARCH=x86_32 which -# is no longer a supported hypervisor architecture. And we want to -# build it with $(make_args_xen) not $(make_args_tools). So do it -# separately. +# mitigation). It's actually a hypervisor. It's only built for amd64. +# Since we want to build it with $(make_args_xen) not $(make_args_tools), +# do it separately. override_dh_auto_build: $(MAKE) $(make_args_xen) xen $(MAKE) $(make_args_tools) tools docs CONFIG_PV_SHIM=n case $(flavour) in \ - amd64|i386) \ + amd64) \ $(MAKE) $(make_args_xen) -C tools/firmware/xen-dir ;; \ esac touch debian/xen-tools-built.stamp @@ -239,8 +235,7 @@ override_dh_auto_install: $(TEMPLATED_FI install-{tools,docs} CONFIG_PV_SHIM=n : @# shim install target needs to be run separately because we - @# need to pass it the make_args_xen settings, in particular - @# on i386 bwe need to pass x86_64 here to actually build it. + @# need to pass it the make_args_xen settings. @# Luckily this target, unlike the build, is a noop on @# shimless arches, so it does not need to be conditional. $(MAKE) $(make_args_xen) DESTDIR=$t $(make_args_xen) \ @@ -298,6 +293,8 @@ override_dh_python3: dh_python3 dh_python3 -pxen-utils-$(upstream_version) \ usr/lib/xen-$(upstream_version)/bin + dh_python3 -pxen-utils-$(upstream_version) \ + usr/lib/xen-$(upstream_version)/lib/python # We have two init scripts. (There used to be xend too.) override_dh_installinit: diff -pruN 4.14.3+32-g9de3671772-1/debian/salsa-ci.yml 4.16.1-1/debian/salsa-ci.yml --- 4.14.3+32-g9de3671772-1/debian/salsa-ci.yml 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/salsa-ci.yml 2022-05-09 20:29:23.000000000 +0000 @@ -20,9 +20,18 @@ variables: # disable shallow cloning of git repository. This is needed for git-debrebase GIT_DEPTH: 0 + RELEASE: 'unstable' + # xen currently does not enable hardening when building the hypervisor so # disable blhc. SALSA_CI_DISABLE_BLHC: 1 SALSA_CI_REPROTEST_ENABLE_DIFFOSCOPE: 1 + # We do not provide packages for i386 + SALSA_CI_DISABLE_BUILD_PACKAGE_I386: 1 + + # cross building xen currently fails due to Debian bug #982406 in markdown. + # It can be tried again when there are better chances of it building + # successfully. + SALSA_CI_DISABLE_CROSSBUILD_ARM64: 1 diff -pruN 4.14.3+32-g9de3671772-1/debian/xen-hypervisor-common.NEWS 4.16.1-1/debian/xen-hypervisor-common.NEWS --- 4.14.3+32-g9de3671772-1/debian/xen-hypervisor-common.NEWS 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/xen-hypervisor-common.NEWS 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,20 @@ +xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high + + This update contains the mitigations for the Microarchitectural Data + Sampling speculative side channel attacks. Only Intel based processors are + affected. + + Note that these fixes will only have effect when also loading updated cpu + microcode with MD_CLEAR functionality. When using the intel-microcode + package to include microcode in the dom0 initrd, it has to be loaded by + Xen. Please refer to the hypervisor command line documentation about the + 'ucode=scan' option. + + For the fixes to be fully effective, it is currently also needed to disable + hyper-threading, which can be done in BIOS settings, or by using smt=no on + the hypervisor command line. + + Additional information is available in the upstream Xen security advisory: + https://xenbits.xen.org/xsa/advisory-297.html + + -- Hans van Kranenburg Tue, 18 Jun 2019 09:50:19 +0200 diff -pruN 4.14.3+32-g9de3671772-1/debian/xen-hypervisor-common.postinst 4.16.1-1/debian/xen-hypervisor-common.postinst --- 4.14.3+32-g9de3671772-1/debian/xen-hypervisor-common.postinst 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/xen-hypervisor-common.postinst 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,23 @@ +#!/bin/bash + +set -e + +case "$1" in + configure) + if command -v update-grub > /dev/null && [ -d /boot/grub ]; then + update-grub || : + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff -pruN 4.14.3+32-g9de3671772-1/debian/xen-hypervisor-common.postrm 4.16.1-1/debian/xen-hypervisor-common.postrm --- 4.14.3+32-g9de3671772-1/debian/xen-hypervisor-common.postrm 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/xen-hypervisor-common.postrm 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,23 @@ +#!/bin/bash + +set -e + +case "$1" in + remove) + if command -v update-grub > /dev/null && [ -d /boot/grub ]; then + update-grub || : + fi + ;; + + purge|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff -pruN 4.14.3+32-g9de3671772-1/debian/xen-utils-common.install 4.16.1-1/debian/xen-utils-common.install --- 4.14.3+32-g9de3671772-1/debian/xen-utils-common.install 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/xen-utils-common.install 2022-05-09 20:29:23.000000000 +0000 @@ -5,7 +5,7 @@ etc/xen/scripts etc/xen/xl* -etc/bash_completion.d/xl.sh => usr/share/bash-completion/completions/xl +etc/bash_completion.d/xl => usr/share/bash-completion/completions/xl etc/default/xendomains etc/default/xencommons => usr/share/xen-utils-common/default.xen diff -pruN 4.14.3+32-g9de3671772-1/debian/xen-utils-common.NEWS 4.16.1-1/debian/xen-utils-common.NEWS --- 4.14.3+32-g9de3671772-1/debian/xen-utils-common.NEWS 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/debian/xen-utils-common.NEWS 2022-05-09 20:29:23.000000000 +0000 @@ -0,0 +1,42 @@ +xen (4.16.1-1) unstable; urgency=medium + + At this version xen in Debian switched from using standard full-blown build + of qemu-system-i386 for the HVM domains and qdisks to a special xen-only + build of qemu in qemu-system-xen package. Previously we recommended + qemu-system-x86, now we recommend qemu-system-xen. This significantly + reduces amount of inter-dependencies. + + If you have apt configured to automatically install package Recommends + (which is the default), when updating to this version of xen, apt will + install the new qemu-system-xen recommendation by default, so your + qemu-xen domains, if any, will continue to work as before. You might + want to remove qemu-system-x86 package at this time if you do not use + it, - xen does not use it anymore. + + If your apt is configured to not install Recommends by default, and you + do have qemu-xen domUs, you may want to install qemu-system-xen package + manually. + + -- Michael Tokarev Sat, 23 Apr 2022 12:02:00 +0300 + +xen (4.11.4-1) unstable; urgency=medium + + This package version fixes a bug that would call the stop action on the + xen init script when removing an obsolete xen-utils-V package for a Xen + version V other than the currently running one. This results in stopping + the xenconsoled process. + + If you just upgraded from Xen 4.8 (Stretch), this will happen when + removing the xen-utils-4.8 package afterwards. + + The resulting situation can safely be repaired by calling the start action + on the xen script again manually once to bring back the xenconsoled + process. There will be no damage to running domUs. + + If you're upgrading from previous Xen 4.11 packages, no action is needed. + + Having these (or later) Xen 4.11 packages installed means that the bug + will not trigger any more when removing xen-utils-4.11 after upgrading to + a newer Xen version (e.g. 4.13) in the future. + + -- Hans van Kranenburg Tue, 26 May 2020 13:33:17 +0200 diff -pruN 4.14.3+32-g9de3671772-1/debian/xen-utils-common.xen.init 4.16.1-1/debian/xen-utils-common.xen.init --- 4.14.3+32-g9de3671772-1/debian/xen-utils-common.xen.init 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/xen-utils-common.xen.init 2022-05-09 20:29:23.000000000 +0000 @@ -58,9 +58,9 @@ XENCONSOLED_PIDFILE="/run/xenconsoled.pi CXENSTORED="$ROOT"/bin/xenstored OXENSTORED="$ROOT"/bin/oxenstored XENSTORED_PIDFILE="/run/xenstore.pid" -QEMU=/usr/bin/qemu-system-i386 +QEMU=/usr/libexec/xen-qemu-system-i386 QEMU_PIDFILE="/run/qemu-dom0.pid" -QEMU_ARGS="-xen-domid 0 -xen-attach -name dom0 -nographic -M xenpv -daemonize -monitor /dev/null -serial /dev/null -parallel /dev/null" +QEMU_ARGS="-xen-domid 0 -xen-attach -name dom0 -nographic -M xenpv -daemonize -monitor none -serial none -parallel none" modules_setup() { diff -pruN 4.14.3+32-g9de3671772-1/debian/xen-utils-V.install.vsn-in 4.16.1-1/debian/xen-utils-V.install.vsn-in --- 4.14.3+32-g9de3671772-1/debian/xen-utils-V.install.vsn-in 2021-11-27 14:09:47.000000000 +0000 +++ 4.16.1-1/debian/xen-utils-V.install.vsn-in 2022-05-09 20:29:23.000000000 +0000 @@ -1,7 +1,7 @@ usr/lib/xen-@version@/bin usr/lib/xen-@version@/lib/python -? flavour = amd64 | i386 +? flavour = amd64 usr/lib/xen-@version@/boot usr/lib/debug/usr/lib/xen-*/boot/* usr/lib/debug/xen-syms-@version@-shim # ^ Yes, the upstream build system really does install the shim symbols diff -pruN 4.14.3+32-g9de3671772-1/docs/configure 4.16.1-1/docs/configure --- 4.14.3+32-g9de3671772-1/docs/configure 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/configure 2022-04-12 12:21:23.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Xen Hypervisor Documentation 4.14. +# Generated by GNU Autoconf 2.69 for Xen Hypervisor Documentation 4.16. # # Report bugs to . # @@ -579,8 +579,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='Xen Hypervisor Documentation' PACKAGE_TARNAME='xen' -PACKAGE_VERSION='4.14' -PACKAGE_STRING='Xen Hypervisor Documentation 4.14' +PACKAGE_VERSION='4.16' +PACKAGE_STRING='Xen Hypervisor Documentation 4.16' PACKAGE_BUGREPORT='xen-devel@lists.xen.org' PACKAGE_URL='https://www.xen.org/' @@ -597,10 +597,7 @@ DEBUG_DIR XEN_DUMP_DIR XEN_PAGING_DIR XEN_LOCK_DIR -XEN_SCRIPT_DIR -XEN_CONFIG_DIR INITD_DIR -CONFIG_DIR SHAREDIR XEN_LIB_DIR XEN_RUN_STORED @@ -612,7 +609,10 @@ LIBEXEC_INC LIBEXEC_LIB LIBEXEC_BIN LIBEXEC +XEN_SCRIPT_DIR CONFIG_LEAF_DIR +XEN_CONFIG_DIR +CONFIG_DIR XENSTORED_PORT XENSTORED_KVA target_alias @@ -660,6 +660,7 @@ enable_option_checking with_initddir with_sysconfig_leaf_dir with_libexec_leaf_dir +with_xen_scriptdir with_xen_dumpdir with_rundir with_debugdir @@ -1223,7 +1224,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Xen Hypervisor Documentation 4.14 to adapt to many kinds of systems. +\`configure' configures Xen Hypervisor Documentation 4.16 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1285,7 +1286,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Xen Hypervisor Documentation 4.14:";; + short | recursive ) echo "Configuration of Xen Hypervisor Documentation 4.16:";; esac cat <<\_ACEOF @@ -1301,6 +1302,9 @@ Optional Packages: "default". [sysconfig] --with-libexec-leaf-dir=SUBDIR Name of subdirectory in libexecdir to use. + --with-xen-scriptdir=DIR + Path to directory for dom0 hotplug scripts. + [SYSCONFDIR/xen/scripts] --with-xen-dumpdir=DIR Path to directory for domU crash dumps. [LOCALSTATEDIR/lib/xen/dump] --with-rundir=DIR Path to directory for runtime data. @@ -1383,7 +1387,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Xen Hypervisor Documentation configure 4.14 +Xen Hypervisor Documentation configure 4.16 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1400,7 +1404,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Xen Hypervisor Documentation $as_me 4.14, which was +It was created by Xen Hypervisor Documentation $as_me 4.16, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -1749,7 +1753,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu -ac_config_files="$ac_config_files ../config/Docs.mk man/xl.cfg.5.pod man/xl.1.pod" +ac_config_files="$ac_config_files ../config/Docs.mk man/xl.cfg.5.pod man/xl.1.pod man/xl-disk-configuration.5.pod man/xl-network-configuration.5.pod man/xl.conf.5.pod" ac_aux_dir= for ac_dir in ../ "$srcdir"/../; do @@ -1839,6 +1843,12 @@ if test "x$sysconfdir" = 'x${prefix}/etc esac fi +CONFIG_DIR=$sysconfdir + + +XEN_CONFIG_DIR=$CONFIG_DIR/xen + + # Check whether --with-initddir was given. if test "${with_initddir+set}" = set; then : @@ -1881,6 +1891,17 @@ fi +# Check whether --with-xen-scriptdir was given. +if test "${with_xen_scriptdir+set}" = set; then : + withval=$with_xen_scriptdir; xen_scriptdir_path=$withval +else + xen_scriptdir_path=$XEN_CONFIG_DIR/scripts +fi + +XEN_SCRIPT_DIR=$xen_scriptdir_path + + + # Check whether --with-xen-dumpdir was given. if test "${with_xen_dumpdir+set}" = set; then : withval=$with_xen_dumpdir; xen_dumpdir_path=$withval @@ -1945,21 +1966,12 @@ XEN_LIB_DIR=$localstatedir/lib/xen SHAREDIR=$prefix/share -CONFIG_DIR=$sysconfdir - - INITD_DIR=$initddir_path -XEN_CONFIG_DIR=$CONFIG_DIR/xen - - -XEN_SCRIPT_DIR=$XEN_CONFIG_DIR/scripts - - case "$host_os" in *freebsd*) XEN_LOCK_DIR=$localstatedir/lib ;; -*netbsd*) XEN_LOCK_DIR=$localstatedir/lib ;; +*netbsd*) XEN_LOCK_DIR=$rundir_path ;; *) XEN_LOCK_DIR=$localstatedir/lock ;; esac @@ -2809,7 +2821,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_wri # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Xen Hypervisor Documentation $as_me 4.14, which was +This file was extended by Xen Hypervisor Documentation $as_me 4.16, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -2863,7 +2875,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Xen Hypervisor Documentation config.status 4.14 +Xen Hypervisor Documentation config.status 4.16 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -2976,6 +2988,9 @@ do "../config/Docs.mk") CONFIG_FILES="$CONFIG_FILES ../config/Docs.mk" ;; "man/xl.cfg.5.pod") CONFIG_FILES="$CONFIG_FILES man/xl.cfg.5.pod" ;; "man/xl.1.pod") CONFIG_FILES="$CONFIG_FILES man/xl.1.pod" ;; + "man/xl-disk-configuration.5.pod") CONFIG_FILES="$CONFIG_FILES man/xl-disk-configuration.5.pod" ;; + "man/xl-network-configuration.5.pod") CONFIG_FILES="$CONFIG_FILES man/xl-network-configuration.5.pod" ;; + "man/xl.conf.5.pod") CONFIG_FILES="$CONFIG_FILES man/xl.conf.5.pod" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac diff -pruN 4.14.3+32-g9de3671772-1/docs/configure.ac 4.16.1-1/docs/configure.ac --- 4.14.3+32-g9de3671772-1/docs/configure.ac 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/configure.ac 2022-04-12 12:21:23.000000000 +0000 @@ -9,6 +9,9 @@ AC_CONFIG_FILES([ ../config/Docs.mk man/xl.cfg.5.pod man/xl.1.pod +man/xl-disk-configuration.5.pod +man/xl-network-configuration.5.pod +man/xl.conf.5.pod ]) AC_CONFIG_AUX_DIR([../]) diff -pruN 4.14.3+32-g9de3671772-1/docs/designs/argo.pandoc 4.16.1-1/docs/designs/argo.pandoc --- 4.14.3+32-g9de3671772-1/docs/designs/argo.pandoc 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/designs/argo.pandoc 2022-04-12 12:21:23.000000000 +0000 @@ -439,6 +439,51 @@ that teardown of any domain will not int operation. It enables introducing granular locking without complex or error-prone lock acquisition logic. +# Related Material + +## Enabling Argo in Xen + +To enable Argo in a build of the Xen hypervisor, please ensure that +CONFIG_ARGO is enabled in the Xen hypervisor build configuration file. + +To make Argo available for use at runtime on a Xen system, please see the +Argo settings in the Xen command line documentation. + +## Linux Argo drivers + +A Linux kernel device driver for Argo and corresponding Linux userspace +software, libargo, that utilizes it for interdomain communication between +application level software is available and maintained by the OpenXT Project, +at: + +https://github.com/OpenXT/linux-xen-argo + +The repository contains the primary Linux kernel Argo driver, which is derived +from the original XenClient v4v driver. The document at the following link +describes planning and design notes from OpenXT community discussion for +improvements to the driver: + +https://openxt.atlassian.net/wiki/spaces/DC/pages/775389197/New+Linux+Driver+for+Argo + +An alternative Linux Argo driver is also available in the same repository, +implemented to explore a different approach for Linux to use the Argo +primitives under the Vsock address family to allow socket communication between +Xen domains. + +## v4v drivers + +A Windows driver for v4v has previously been used in XenClient and OpenXT +which could be ported to Argo. It may require update for compatibility with +recent versions of Windows software. + +https://github.com/OpenXT/xc-windows/tree/master/xenv4v + +The Linux, Windows and OSX guest tools for the Open Source HP uxen hypervisor +contain drivers for v4v which are relevant as code bases of interest for +porting or developing new guest OS drivers for Argo. + +https://github.com/uxen-virt/uxen/tree/ascara/vm-support + # Future Work - Performance measurement and optimization diff -pruN 4.14.3+32-g9de3671772-1/docs/designs/dmop.pandoc 4.16.1-1/docs/designs/dmop.pandoc --- 4.14.3+32-g9de3671772-1/docs/designs/dmop.pandoc 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/designs/dmop.pandoc 2022-04-12 12:21:23.000000000 +0000 @@ -4,9 +4,15 @@ DMOP Introduction ------------ -The aim of DMOP is to prevent a compromised device model from compromising -domains other than the one it is providing emulation for (which is therefore -likely already compromised). +The DMOP hypercall has a new ABI design to solve problems in the Xen +ecosystem. First, the ABI is fully stable, to reduce the coupling between +device models and the version of Xen. Specifically, device model software +using DMOP (be it user, stub domain or kernel software) need not be recompiled +to match the version of the running hypervisor. + +Secondly, for device models in userspace, the ABI is designed specifically to +allow a kernel to audit the memory ranges used, without having to know the +internal structure of sub-ops. The problem occurs when you a device model issues an hypercall that includes references to user memory other than the operation structure diff -pruN 4.14.3+32-g9de3671772-1/docs/designs/launch/hyperlaunch-devicetree.rst 4.16.1-1/docs/designs/launch/hyperlaunch-devicetree.rst --- 4.14.3+32-g9de3671772-1/docs/designs/launch/hyperlaunch-devicetree.rst 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/docs/designs/launch/hyperlaunch-devicetree.rst 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,343 @@ +------------------------------------- +Xen Hyperlaunch Device Tree Bindings +------------------------------------- + +The Xen Hyperlaunch device tree adopts the dom0less device tree structure and +extends it to meet the requirements for the Hyperlaunch capability. The primary +difference is the introduction of the ``hypervisor`` node that is under the +``/chosen`` node. The move to a dedicated node was driven by: + +1. Reduces the need to walk over nodes that are not of interest, e.g. only + nodes of interest should be in ``/chosen/hypervisor`` + +2. Allows for the domain construction information to easily be sanitized by + simple removing the ``/chosen/hypervisor`` node. + +Example Configuration +--------------------- + +Below are two example device tree definitions for the hypervisor node. The +first is an example of a multiboot-based configuration for x86 and the second +is a module-based configuration for Arm. + +Multiboot x86 Configuration: +"""""""""""""""""""""""""""" + +:: + + hypervisor { + #address-cells = <1>; + #size-cells = <0>; + compatible = “hypervisor,xen” + + // Configuration container + config { + compatible = "xen,config"; + + module { + compatible = "module,microcode", "multiboot,module"; + mb-index = <1>; + }; + + module { + compatible = "module,xsm-policy", "multiboot,module"; + mb-index = <2>; + }; + }; + + // Boot Domain definition + domain { + compatible = "xen,domain"; + + domid = <0x7FF5>; + + // FUNCTION_NONE (0) + // FUNCTION_BOOT (1 << 0) + // FUNCTION_CRASH (1 << 1) + // FUNCTION_CONSOLE (1 << 2) + // FUNCTION_XENSTORE (1 << 30) + // FUNCTION_LEGACY_DOM0 (1 << 31) + functions = <0x00000001>; + + memory = <0x0 0x20000>; + cpus = <1>; + module { + compatible = "module,kernel", "multiboot,module"; + mb-index = <3>; + }; + + module { + compatible = "module,ramdisk", "multiboot,module"; + mb-index = <4>; + }; + module { + compatible = "module,config", "multiboot,module"; + mb-index = <5>; + }; + + // Classic Dom0 definition + domain { + compatible = "xen,domain"; + + domid = <0>; + + // PERMISSION_NONE (0) + // PERMISSION_CONTROL (1 << 0) + // PERMISSION_HARDWARE (1 << 1) + permissions = <3>; + + // FUNCTION_NONE (0) + // FUNCTION_BOOT (1 << 0) + // FUNCTION_CRASH (1 << 1) + // FUNCTION_CONSOLE (1 << 2) + // FUNCTION_XENSTORE (1 << 30) + // FUNCTION_LEGACY_DOM0 (1 << 31) + functions = <0xC0000006>; + + // MODE_PARAVIRTUALIZED (1 << 0) /* PV | PVH/HVM */ + // MODE_ENABLE_DEVICE_MODEL (1 << 1) /* HVM | PVH */ + // MODE_LONG (1 << 2) /* 64 BIT | 32 BIT */ + mode = <5>; /* 64 BIT, PV */ + + // UUID + domain-uuid = [B3 FB 98 FB 8F 9F 67 A3]; + + cpus = <1>; + memory = <0x0 0x20000>; + security-id = “dom0_t; + + module { + compatible = "module,kernel", "multiboot,module"; + mb-index = <6>; + bootargs = "console=hvc0"; + }; + module { + compatible = "module,ramdisk", "multiboot,module"; + mb-index = <7>; + }; + }; + +The multiboot modules supplied when using the above config would be, in order: + +* (the above config, compiled) +* CPU microcode +* XSM policy +* kernel for boot domain +* ramdisk for boot domain +* boot domain configuration file +* kernel for the classic dom0 domain +* ramdisk for the classic dom0 domain + +Module Arm Configuration: +""""""""""""""""""""""""" + +:: + + hypervisor { + compatible = “hypervisor,xen” + + // Configuration container + config { + compatible = "xen,config"; + + module { + compatible = "module,microcode”; + module-addr = <0x0000ff00 0x80>; + }; + + module { + compatible = "module,xsm-policy"; + module-addr = <0x0000ff00 0x80>; + + }; + }; + + // Boot Domain definition + domain { + compatible = "xen,domain"; + + domid = <0x7FF5>; + + // FUNCTION_NONE (0) + // FUNCTION_BOOT (1 << 0) + // FUNCTION_CRASH (1 << 1) + // FUNCTION_CONSOLE (1 << 2) + // FUNCTION_XENSTORE (1 << 30) + // FUNCTION_LEGACY_DOM0 (1 << 31) + functions = <0x00000001>; + + memory = <0x0 0x20000>; + cpus = <1>; + module { + compatible = "module,kernel"; + module-addr = <0x0000ff00 0x80>; + }; + + module { + compatible = "module,ramdisk"; + module-addr = <0x0000ff00 0x80>; + }; + module { + compatible = "module,config"; + module-addr = <0x0000ff00 0x80>; + }; + + // Classic Dom0 definition + domain@0 { + compatible = "xen,domain"; + + domid = <0>; + + // PERMISSION_NONE (0) + // PERMISSION_CONTROL (1 << 0) + // PERMISSION_HARDWARE (1 << 1) + permissions = <3>; + + // FUNCTION_NONE (0) + // FUNCTION_BOOT (1 << 0) + // FUNCTION_CRASH (1 << 1) + // FUNCTION_CONSOLE (1 << 2) + // FUNCTION_XENSTORE (1 << 30) + // FUNCTION_LEGACY_DOM0 (1 << 31) + functions = <0xC0000006>; + + // MODE_PARAVIRTUALIZED (1 << 0) /* PV | PVH/HVM */ + // MODE_ENABLE_DEVICE_MODEL (1 << 1) /* HVM | PVH */ + // MODE_LONG (1 << 2) /* 64 BIT | 32 BIT */ + mode = <5>; /* 64 BIT, PV */ + + // UUID + domain-uuid = [B3 FB 98 FB 8F 9F 67 A3]; + + cpus = <1>; + memory = <0x0 0x20000>; + security-id = “dom0_t”; + + module { + compatible = "module,kernel"; + module-addr = <0x0000ff00 0x80>; + bootargs = "console=hvc0"; + }; + module { + compatible = "module,ramdisk"; + module-addr = <0x0000ff00 0x80>; + }; + }; + +The modules that would be supplied when using the above config would be: + +* (the above config, compiled into hardware tree) +* CPU microcode +* XSM policy +* kernel for boot domain +* ramdisk for boot domain +* boot domain configuration file +* kernel for the classic dom0 domain +* ramdisk for the classic dom0 domain + +The hypervisor device tree would be compiled into the hardware device tree and +provided to Xen using the standard method currently in use. The remaining +modules would need to be loaded in the respective addresses specified in the +`module-addr` property. + + +The Hypervisor node +------------------- + +The hypervisor node is a top level container for the domains that will be built +by hypervisor on start up. On the ``hypervisor`` node the ``compatible`` +property is used to identify the type of hypervisor node present.. + +compatible + Identifies the type of node. Required. + +The Config node +--------------- + +A config node is for detailing any modules that are of interest to Xen itself. +For example this would be where Xen would be informed of microcode or XSM +policy locations. If the modules are multiboot modules and are able to be +located by index within the module chain, the ``mb-index`` property should be +used to specify the index in the multiboot module chain.. If the module will be +located by physical memory address, then the ``module-addr`` property should be +used to identify the location and size of the module. + +compatible + Identifies the type of node. Required. + +The Domain node +--------------- + +A domain node is for describing the construction of a domain. It may provide a +domid property which will be used as the requested domain id for the domain +with a value of “0” signifying to use the next available domain id, which is +the default behavior if omitted. A domain configuration is not able to request +a domid of “0”. After that a domain node may have any of the following +parameters, + +compatible + Identifies the type of node. Required. + +domid + Identifies the domid requested to assign to the domain. Required. + +permissions + This sets what Discretionary Access Control permissions + a domain is assigned. Optional, default is none. + +functions + This identifies what system functions a domain will fulfill. + Optional, the default is none. + +.. note:: The `functions` bits that have been selected to indicate + ``FUNCTION_XENSTORE`` and ``FUNCTION_LEGACY_DOM0`` are the last two bits + (30, 31) such that should these features ever be fully retired, the flags may + be dropped without leaving a gap in the flag set. + +mode + The mode the domain will be executed under. Required. + +domain-uuid + A globally unique identifier for the domain. Optional, + the default is NULL. + +cpus + The number of vCPUs to be assigned to the domain. Optional, + the default is “1”. + +memory + The amount of memory to assign to the domain, in KBs. + Required. + +security-id + The security identity to be assigned to the domain when XSM + is the access control mechanism being used. Optional, + the default is “domu_t”. + +The Module node +--------------- + +This node describes a boot module loaded by the boot loader. The required +compatible property follows the format: module, where type can be +“kernel”, “ramdisk”, “device-tree”, “microcode”, “xsm-policy” or “config”. In +the case the module is a multiboot module, the additional property string +“multiboot,module” may be present. One of two properties is required and +identifies how to locate the module. They are the mb-index, used for multiboot +modules, and the module-addr for memory address based location. + +compatible + This identifies what the module is and thus what the hypervisor + should use the module for during domain construction. Required. + +mb-index + This identifies the index for this module in the multiboot module chain. + Required for multiboot environments. + +module-addr + This identifies where in memory this module is located. Required for + non-multiboot environments. + +bootargs + This is used to provide the boot params to kernel modules. + +.. note:: The bootargs property is intended for situations where the same kernel multiboot module is used for more than one domain. diff -pruN 4.14.3+32-g9de3671772-1/docs/designs/launch/hyperlaunch.rst 4.16.1-1/docs/designs/launch/hyperlaunch.rst --- 4.14.3+32-g9de3671772-1/docs/designs/launch/hyperlaunch.rst 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/docs/designs/launch/hyperlaunch.rst 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,1004 @@ +########################### +Hyperlaunch Design Document +########################### + +.. sectnum:: :depth: 4 + +This post is a Request for Comment on the included v4 of a design document that +describes Hyperlaunch: a new method of launching the Xen hypervisor, relating +to dom0less and work from the Hyperlaunch project. We invite discussion of this +on this list, at the monthly Xen Community Calls, and at dedicated meetings on +this topic in the Xen Working Group which will be announced in advance on the +Xen Development mailing list. + + +.. contents:: :depth: 3 + + +Introduction +============ + +This document describes the design and motivation for the funded development of +a new, flexible system for launching the Xen hypervisor and virtual machines +named: "Hyperlaunch". + +The design enables seamless transition for existing systems that require a +dom0, and provides a new general capability to build and launch alternative +configurations of virtual machines, including support for static partitioning +and accelerated start of VMs during host boot, while adhering to the principles +of least privilege. It incorporates the existing dom0less functionality, +extended to fold in the new developments from the Hyperlaunch project, with +support for both x86 and Arm platform architectures, building upon and +replacing the earlier 'late hardware domain' feature for disaggregation of +dom0. + +Hyperlaunch is designed to be flexible and reusable across multiple use cases, +and our aim is to ensure that it is capable, widely exercised, comprehensively +tested, and well understood by the Xen community. + +Document Structure +================== + +This is the primary design document for Hyperlaunch, to provide an overview of +the feature. Separate additional documents will cover specific aspects of +Hyperlaunch in further detail, including: + + - The Device Tree specification for Hyperlaunch metadata + - New Domain Roles for Xen and the Xen Security Modules (XSM) policy + - Passthrough of PCI devices with Hyperlaunch + +Approach +======== + +Born out of improving support for Dynamic Root of Trust for Measurement (DRTM), +the Hyperlaunch project is focused on restructuring the system launch of Xen. +The Hyperlaunch design provides a security architecture that builds on the +principles of Least Privilege and Strong Isolation, achieving this through the +disaggregation of system functions. It enables this with the introduction of a +boot domain that works in conjunction with the hypervisor to provide the +ability to launch multiple domains as part of host boot while maintaining a +least privilege implementation. + +While the Hyperlaunch project inception was and continues to be driven by a +focus on security through disaggregation, there are multiple use cases with a +non-security focus that require or benefit from the ability to launch multiple +domains at host boot. This was proven by the need that drove the implementation +of the dom0less capability in the Arm branch of Xen. + +Hyperlaunch is designed to be flexible and reusable across multiple use cases, +and our aim is to ensure that it is capable, widely exercised, comprehensively +tested, and provides a robust foundation for current and emerging system launch +requirements of the Xen community. + + +Objectives +---------- + +* In general strive to maintain compatibility with existing Xen behavior +* A default build of the hypervisor should be capable of booting both legacy-compatible and new styles of launch: + + * classic Xen boot: starting a single, privileged Dom0 + * classic Xen boot with late hardware domain: starting a Dom0 that transitions hardware access/control to another domain + * a dom0less boot: starting multiple domains without privilege assignment controls + * Hyperlaunch: starting one or more VMs, with flexible configuration + +* Preferred that it be managed via KCONFIG options to govern inclusion of support for each style +* The selection between classic boot and Hyperlaunch boot should be automatic + + * Preferred that it not require a kernel command line parameter for selection + +* It should not require modification to boot loaders +* It should provide a user friendly interface for its configuration and management +* It must provide a method for building systems that fallback to console access in the event of misconfiguration +* It should be able to boot an x86 Xen environment without the need for a Dom0 domain + + +Requirements and Design +======================= + +Hyperlaunch is defined as the ability of a hypervisor to construct and start +one or more virtual machines at system launch in a specific way. A hypervisor +can support one or both modes of configuration, Hyperlaunch Static and +Hyperlaunch Dynamic. The Hyperlaunch Static mode functions as a static +partitioning hypervisor ensuring only the virtual machines started at system +launch are running on the system. The Hyperlaunch Dynamic mode functions as a +dynamic hypervisor allowing for additional virtual machines to be started after +the initial virtual machines have started. The Xen hypervisor is capable of +both modes of configuration from the same binary and when paired with its XSM +flask, provides strong controls that enable fine grained system partitioning. + +Hypervisor Launch Landscape +--------- + +This comparison table presents the distinctive capabilities of Hyperlaunch with +reference to existing launch configurations currently available in Xen and +other hypervisors. + +:: + + +---------------+-----------+------------+-----------+-------------+---------------------+ + | **Xen Dom0** | **Linux** | **Late** | **Jail** | **Xen** | **Xen Hyperlaunch** | + | **(Classic)** | **KVM** | **HW Dom** | **house** | **dom0less**+---------+-----------+ + | | | | | | Static | Dynamic | + +===============+===========+============+===========+=============+=========+===========+ + | Hypervisor able to launch multiple VMs during host boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | Y | Y | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Hypervisor supports Static Partitioning | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | Y | Y | Y | | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Able to launch VMs dynamically after host boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Y | Y | Y* | Y | Y* | | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Supports strong isolation between all VMs started at host boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | Y | Y | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Enables flexible sequencing of VM start during host boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Prevent all-powerful static root domain being launched at boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | Y* | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Operates without a Highly-privileged management VM (eg. Dom0) | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | Y* | | Y* | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Operates without a privileged toolstack VM (Control Domain) | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | Y* | Y | | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Extensible VM configuration applied before launch of VMs at host boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Flexible granular assignment of permissions and functions to VMs | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Supports extensible VM measurement architecture for DRTM and attestation | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | PCI passthrough configured at host boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + + +Domain Construction +------------------- + +An important aspect of the Hyperlaunch architecture is that the hypervisor +performs domain construction for all the Initial Domains, ie. it builds each +domain that is described in the Launch Control Module. More specifically, the +hypervisor will perform the function of *domain creation* for each Initial +Domain: it allocates the unique domain identifier assigned to the virtual +machine and records essential metadata about it in the internal data structure +that enables scheduling the domain to run. It will also perform *basic domain +construction*: build the initial page tables with data from the kernel and +initial ramdisk supplied, and as appropriate for the domain type, populate the +p2m table and ACPI tables. + +Subsequent to this, the boot domain can apply additional configuration to the +initial domains from the data in the LCM, in *extended domain construction*. + +The benefits of this structure include: + +* Security: Contrains the permissions required by the boot domain: it does not + require the capability to create domains in this structure. This aligns with + the principles of least privilege. +* Flexibility: Enables policy-based dynamic assignment of hardware by the boot + domain, customizable according to use-case and able to adapt to hardware + discovery +* Compatibility: Supports reuse of familiar tools with use-case customized boot + domains. +* Commonality: Reuses the same logic for initial basic domain building across + diverse Xen deployments. + * It aligns the x86 initial domain construction with the existing Arm + dom0less feature for construction of multiple domains at boot. + * The boot domain implementation may vary significantly with different + deployment use cases, whereas the hypervisor implementation is + common. +* Correctness: Increases confidence in the implementation of domain + construction, since it is performed by the hypervisor in well maintained and + centrally tested logic. +* Performance: Enables launch for configurations where a fast start of + multiple domains at boot is a requirement. +* Capability: Supports launch of advanced configurations where a sequenced + start of multiple domains is required, or multiple domains are involved in + startup of the running system configuration + * eg. for PCI passthrough on systems where the toolstack runs in a + separate domain to the hardware management. + +Please, see the ‘Hyperlaunch Device Tree’ design document, which describes the +configuration module that is provided to the hypervisor by the bootloader. + +The hypervisor determines how these domains are started as host boot completes: +in some systems the Boot Domain acts upon the extended boot configuration +supplied as part of launch, performing configuration tasks for preparing the +other domains for the hypervisor to commence running them. + +Common Boot Configurations +-------------------------- + +When looking across those that have expressed interest or discussed a need for +launching multiple domains at host boot, the Hyperlaunch approach is to provide +the means to start nearly any combination of domains. Below is an enumerated +selection of common boot configurations for reference in the following section. + +Dynamic Launch with a Highly-Privileged Domain 0 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Hyperlaunch Classic: Dom0 + This configuration mimics the classic Xen start and domain construction + where a single domain is constructed with all privileges and functions for + managing hardware and running virtualization toolstack software. + +Hyperlaunch Classic: Extended Launch Dom0 + This configuration is where a Dom0 is started via a Boot Domain that runs + first. This is for cases where some preprocessing in a less privileged domain + is required before starting the all-privileged Domain 0. + +Hyperlaunch Classic: Basic Cloud + This configuration constructs a Dom0 that is started in parallel with some + number of workload domains. + +Hyperlaunch Classic: Cloud + This configuration builds a Dom0 and some number of workload domains, launched + via a Boot Domain that runs first. + + +Static Launch Configurations: without a Domain 0 or a Control Domain +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Hyperlaunch Static: Basic + Simple static partitioning where all domains that can be run on this system are + built and started during host boot and where no domain is started with the + Control Domain permissions, thus making it not possible to create/start any + further new domains. + +Hyperlaunch Static: Standard + This is a variation of the “Hyperlaunch Static: Basic” static partitioning + configuration with the introduction of a Boot Domain. This configuration allows + for use of a Boot Domain to be able to apply extended configuration + to the Initial Domains before they are started and + sequence the order in which they start. + +Hyperlaunch Static: Disaggregated + This is a variation of the “Hyperlaunch Static: Standard” configuration with + the introduction of a Boot Domain and an illustration that some functions can + be disaggregated to dedicated domains. + +Dynamic Launch of Disaggregated System Configurations +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Hyperlaunch Dynamic: Hardware Domain + This configuration mimics the existing Xen feature late hardware domain with + the one difference being that the hardware domain is constructed by the + hypervisor at startup instead of later by Dom0. + +Hyperlaunch Dynamic: Flexible Disaggregation + This configuration is similar to the “Hyperlaunch Classic: Dom0” configuration + except that it includes starting a separate hardware domain during Xen startup. + It is also similar to “Hyperlaunch Dynamic: Hardware Domain” configuration, but + it launches via a Boot Domain that runs first. + +Hyperlaunch Dynamic: Full Disaggregation + In this configuration it is demonstrated how it is possible to start a fully + disaggregated system: the virtualization toolstack runs in a Control Domain, + separate from the domains responsible for managing hardware, XenStore, the Xen + Console and Crash functions, each launched via a Boot Domain. + + +Example Use Cases and Configurations +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The following example use cases can be matched to configurations listed in the +previous section. + +Use case: Modern cloud hypervisor +""""""""""""""""""""""""""""""""" + +**Option:** Hyperlaunch Classic: Cloud + +This configuration will support strong isolation for virtual TPM domains and +measured launch in support of attestation to infrastructure management, while +allowing the use of existing Dom0 virtualization toolstack software. + +Use case: Edge device with security or safety requirements +"""""""""""""""""""""""""""""""""""""""""""""""""""""""""" + +**Option:** Hyperlaunch Static: Boot + +This configuration runs without requiring a highly-privileged Dom0, and enables +extended VM configuration to be applied to the Initial VMs prior to launching +them, optionally in a sequenced start. + +Use case: Client hypervisor +""""""""""""""""""""""""""" + +**Option:** Hyperlaunch Dynamic: Flexible Disaggregation + +**Option:** Hyperlaunch Dynamic: Full Disaggregation + +These configurations enable dynamic client workloads, strong isolation for the +domain running the virtualization toolstack software and each domain managing +hardware, with PCI passthrough performed during host boot and support for +measured launch. + +Hyperlaunch Disaggregated Launch +-------------------------------- + + +Existing in Xen today are two primary permissions, *control domain* and +*hardware domain*, and two functions, *console domain* and *xenstore domain*, +that can be assigned to a domain. Traditionally all of these permissions and +functions are all assigned to Dom0 at start and can then be delegated to other +domains created by the toolstack in Dom0. With Hyperlaunch it becomes possible +to assign these permissions and functions to any domain for which there is a +definition provided at startup. + +Additionally, two further functions are introduced: the *recovery domain*, +intended to assist with recovery from failures encountered starting VMs during +host boot, and the *boot domain*, for performing aspects of domain construction +during startup. + +Supporting the booting of each of the above common boot configurations is +accomplished by considering the set of initial domains and the assignment of +Xen’s permissions and functions, including the ones introduced by Hyperlaunch, +to these domains. A discussion of these will be covered later but for now they +are laid out in a table with a mapping to the common boot configurations. This +table is not intended to be an exhaustive list of configurations and does not +account for flask policy specified functions that are use case specific. + +In the table each number represents a separate domain being +constructed by the Hyperlaunch construction path as Xen starts, and the +designator, ``{n}`` signifies that there may be “n” additional domains that may +be constructed that do not have any special role for a general Xen system. + +:: + + +-------------------+------------------+-----------------------------------+ + | Configuration | Permission | Function | + | +------+------+----+------+--------+--------+----------+ + | | None | Ctrl | HW | Boot |Recovery| Console| Xenstore | + +===================+======+======+====+======+========+========+==========+ + | Classic: Dom0 | | 0 | 0 | | 0 | 0 | 0 | + +-------------------+------+------+----+------+--------+--------+----------+ + | Classic: Extended | | 1 | 1 | 0 | 1 | 1 | 1 | + | Launch Dom0 | | | | | | | | + +-------------------+------+------+----+------+--------+--------+----------+ + | Classic: | {n} | 0 | 0 | | 0 | 0 | 0 | + | Basic Cloud | | | | | | | | + +-------------------+------+------+----+------+--------+--------+----------+ + | Classic: Cloud | {n} | 1 | 1 | 0 | 1 | 1 | 1 | + +-------------------+------+------+----+------+--------+--------+----------+ + | Static: Basic | {n} | | 0 | | 0 | 0 | 0 | + +-------------------+------+------+----+------+--------+--------+----------+ + | Static: Standard | {n} | | 1 | 0 | 1 | 1 | 1 | + +-------------------+------+------+----+------+--------+--------+----------+ + | Static: | {n} | | 2 | 0 | 3 | 4 | 1 | + | Disaggregated | | | | | | | | + +-------------------+------+------+----+------+--------+--------+----------+ + | Dynamic: | | 0 | 1 | | 0 | 0 | 0 | + | Hardware Domain | | | | | | | | + +-------------------+------+------+----+------+--------+--------+----------+ + | Dynamic: Flexible | {n} | 1 | 2 | 0 | 1 | 1 | 1 | + | Disaggregation | | | | | | | | + +-------------------+------+------+----+------+--------+--------+----------+ + | Dynamic: Full | {n} | 2 | 3 | 0 | 4 | 5 | 1 | + | Disaggregation | | | | | | | | + +-------------------+------+------+----+------+--------+--------+----------+ + +Overview of Hyperlaunch Flow +---------------------------- + +Before delving into Hyperlaunch, a good basis to start with is an understanding +of the current process to create a domain. A way to view this process starts +with the core configuration which is the information the hypervisor requires to +make the call to `domain_create`, followed by basic construction to provide the +memory image to run, including the kernel and ramdisk. A subsequent step +applies the extended configuration used by the toolstack to provide a domain +with any additional configuration information. Until the extended configuration +is completed, a domain has access to no resources except its allocated vcpus +and memory. The exception to this is Dom0, which the hypervisor explicitly +grants control and access to all system resources, except for those that only +the hypervisor should have control over. This exception for Dom0 is driven by +the system structure with a monolithic Dom0 domain predating introduction of +support for disaggregation into Xen, and the corresponding default assignment +of multiple roles within the Xen system to Dom0. + +While not a different domain creation path, there does exist the Hardware +Domain (hwdom), sometimes also referred to as late-Dom0. It is an early effort +to disaggregate Dom0’s roles into a separate control domain and hardware +domain. This capability is activated by the passing of a domain id to the +`hardware_dom` kernel command line parameter, and the Xen hypervisor will then +flag that domain id as the hardware domain. Later when the toolstack constructs +a domain with that domain id as the requested domid, the hypervisor will +transfer all device I/O from Dom0 to this domain. In addition it will also +transfer the “host shutdown on domain shutdown” flag from Dom0 to the hardware +domain. It is worth mentioning that this approach for disaggregation was +created in this manner due to the inability of Xen to launch more than one +domain at startup. + +Hyperlaunch Xen startup +^^^^^^^^^^^^^^^^^^^^^^^ + +The Hyperlaunch approach’s primary focus is on how to assign the roles +traditionally granted to Dom0 to one or more domains at host boot. While the +statement is simple to make, the implications are not trivial by any means. +This also explains why the Hyperlaunch approach is orthogonal to the existing +dom0less capability. The dom0less capability focuses on enabling the launch of +multiple domains in parallel with Dom0 at host boot. A corollary for dom0less +is that for systems that don’t require Dom0 after all guest domains have +started, they are able to do the host boot without a Dom0. Though it should be +noted that it may be possible to start Dom0 at a later point. Whereas with +Hyperlaunch, its approach of separating Dom0’s roles requires the ability to +launch multiple domains at host boot. The direct consequences from this +approach are profound and provide a myriad of possible configurations for which +a sample of common boot configurations were already presented. + +To enable the Hyperlaunch approach a new alternative path for host boot within +the hypervisor must be introduced. This alternative path effectively branches +just before the current point of Dom0 construction and begins an alternate +means of system construction. The determination if this alternate path should +be taken is through the inspection of the boot chain. If the bootloader has +loaded a specific configuration, as described later, it will enable Xen to +detect that a Hyperlaunch configuration has been provided. Once a Hyperlaunch +configuration is detected, this alternate path can be thought of as occurring +in phases: domain creation, domain preparation, and launch finalization. + +Domain Creation +""""""""""""""" + +The domain creation phase begins with Xen parsing the bootloader provided +material, to understand the content of the modules provided. It will then load +any microcode or XSM policy it discovers. For each domain configuration Xen +finds, it parses the configuration to construct the necessary domain definition +to instantiate an instance of the domain and leave it in a paused state. When +all domain configurations have been instantiated as domains, if one of them is +flagged as the Boot Domain, that domain will be unpaused starting the domain +preparation phase. If there is no Boot Domain defined, then the domain +preparation phase will be skipped and Xen will trigger the launch finalization +phase. + +Domain Preparation Phase +"""""""""""""""""""""""" + +The domain preparation phase is an optional check point for the execution of a +workload specific domain, the Boot Domain. While the Boot Domain is the first +domain to run and has some degree of control over the system, it is extremely +restricted in both system resource access and hypervisor operations. Its +purpose is to: + +* Access the configuration provided by the bootloader +* Finalize the configuration of the domains +* Conduct any setup and launch related operations +* Do an ordered unpause of domains that require an ordered start + +When the Boot Domain has completed, it will notify the hypervisor that it is +done triggering the launch finalization phase. + + +Launch Finalization +""""""""""""""""""" + +The hypervisor handles the launch finalization phase which is equivalent to the +clean up phase. As such the steps taken by the hypervisor, not necessarily in +implementation order, are as follows, + +* Free the boot module chain +* If a Boot Domain was used, reclaim Boot Domain resources +* Unpause any domains still in a paused state +* Boot Domain uses a reserved function thus can never be respawned + +While the focus thus far has been on how the Hyperlaunch capability will work, +it is worth mentioning what it does not do or limit from occurring. It does not +stop or inhibit the assigning of the control domain role which gives the domain +the ability to create, start, stop, restart, and destroy domains or the +hardware domain role which gives access to all I/O devices except those that +the hypervisor has reserved for itself. In particular it is still possible to +construct a domain with all the privileged roles, i.e. a Dom0, with or without +the domain id being zero. In fact what limitations are imposed now become fully +configurable without the risk of circumvention by an all privileged domain. + +Structuring of Hyperlaunch +-------------------------- + +The structure of Hyperlaunch is built around the existing capabilities of the +host boot protocol. This approach was driven by the objective not to require +modifications to the boot loader. The only requirement is that the boot loader +supports the Multiboot2 (MB2) protocol. For UEFI boot, our recommendation is to +use GRUB.efi to load Xen and the initial domain materials via the multiboot2 +method. On Arm platforms, Hyperlaunch is compatible with the existing interface +for boot into the hypervisor. + + +x86 Multiboot2 +^^^^^^^^^^^^^^ + +The MB2 protocol has no concept of a manifest to tell the initial kernel what +is contained in the chain, leaving it to the kernel to impose a loading +convention, use magic number identification, or both. When considering the +passing of multiple kernels, ramdisks, and domain configuration along with any +existing modules already passed, there is no sane convention that could be +imposed and magic number identification is nearly impossible when considering +the objective not to impose unnecessary complication to the hypervisor. + +As it was alluded to previously, a manifest describing the contents in the MB2 +chain and how they relate within a Xen context is needed. To address this need +the Launch Control Module (LCM) was designed to provide such a manifest. The +LCM was designed to have a specific set of properties, + +* minimize the complexity of the parsing logic required by the hypervisor +* allow for expanding and optional configuration fragments without breaking + backwards compatibility + +To enable automatic detection of a Hyperlaunch configuration, the LCM must be +the first MB2 module in the MB2 module chain. The LCM is implemented using the +Device Tree as defined in the Hyperlaunch Device Tree design document. With the +LCM implemented in Device Tree, it has a magic number that enables the +hypervisor to detect its presence when used in a Multiboot2 module chain. The +hypervisor can confirm that it is a proper LCM Device Tree by checking for a +compliant Hyperlaunch Device Tree. The Hyperlaunch Device Tree nodes are +designed to allow, + +* for the hypervisor to parse only those entries it understands, +* for packing custom information for a custom boot domain, +* the ability to use a new LCM with an older hypervisor, +* and the ability to use an older LCM with a new hypervisor. + +Arm Device Tree +^^^^^^^^^^^^^^^ + +As discussed the LCM is in Device Tree format and was designed to co-exist in +the Device Tree ecosystem, and in particular in parallel with dom0less Device +Tree entries. On Arm, Xen is already designed to boot from a host Device Tree +description (dtb) file and the LCM entries can be embedded into this host dtb +file. This makes detecting the LCM entries and supporting Hyperlaunch on Arm +relatively straight forward. Relative to the described x86 approach, at the +point where Xen inspects the first MB2 module, on Arm Xen will check if the top +level LCM node exists in the host dtb file. If the LCM node does exist, then at +that point it will enter into the same code path as the x86 entry would go. + +Xen hypervisor +^^^^^^^^^^^^^^ + +It was previously discussed at a higher level of the new host boot flow that +will be introduced. Within this new flow is the configuration parsing and +domain creation phase which will be expanded upon here. The hypervisor will +inspect the LCM for a config node and if found will iterate through all modules +nodes. The module nodes are used to identify if any modules contain microcode +or an XSM policy. As it processes domain nodes, it will construct the domain +using the node properties and the modules nodes. Once it has completed +iterating through all the entries in the LCM, if a constructed domain has the +Boot Domain attribute, it will then be unpaused. Otherwise the hypervisor will +start the launch finalization phase. + +Boot Domain +^^^^^^^^^^^ + +Traditionally domain creation was controlled by the user within the Dom0 +environment whereby custom toolstacks could be implemented to impose +requirements on the process. The Boot Domain is a means to enable the user to +continue to maintain a degree of that control over domain creation but within a +limited privilege environment. The Boot Domain will have access to the LCM and +the boot chain along with access to a subset of the hypercall operations. When +the Boot Domain is finished it will notify the hypervisor through a hypercall +op. + +Recovery Domain +^^^^^^^^^^^^^^^ + +With the existing Dom0 host boot path, when a failure occurs there are several +assumptions that can safely be made to get the user to a console for +troubleshooting. With the Hyperlaunch host boot path those assumptions can no +longer be made, thus a means is needed to get the user to a console in the case +of a recoverable failure. The recovery domain is configured by a domain +configuration entry in the LCM, in the same manner as the other initial +domains, and it will not be unpaused at launch finalization unless a failure is +encountered starting the initial domains. + +Xen has existing support for a Crash Environment where memory can be reserved +at host boot and a kernel loaded into it, to be jumped into at any point while +the system is running when a crash is detected. The Recovery Domain +functionality is a separate, complementary capability. The Crash Environment +replaces the previously active hypervisor and running guests, and enables a +process for mounting disks to write out log information prior to rebooting the +system. In contrast, the Recovery Domain is able to use the functionality of +the Xen hypervisor, that is still present and running, to perform recovery +handling for errors encountered with starting the initial domains. + +Deferred Design +""""""""""""""" + +To be determined: + +* Define what is detected as a crash +* Explain how crash detection is performed and which components are involved +* Explain how the recovery domain is unpaused +* Explain how and when the resources assigned to the recovery domain are reclaimed +* Define what the recovery domain is able to do +* Determine what permissions the recovery domain requires to perform its job + + +Control Domain +^^^^^^^^^^^^^^ + +The concept of the Control Domain already exists within Xen as a boolean, +`is_privileged`, that governs access to many of the privileged interfaces of +the hypervisor that support a domain running a virtualization system toolstack. +Hyperlaunch will allow the `is_privileged` flag to be set on any domain that is +created at launch, rather than only a Dom0. It may potentially be set on +multiple domains. + +Hardware Domain +^^^^^^^^^^^^^^^ + +The Hardware Domain is also an existing concept for Xen that is enabled through +the `is_hardware_domain` check. With Hyperlaunch the previous process of I/O +accesses being assigned to Dom0 for later transfer to the hardware domain would +no longer be required. Instead during the configuration phase the Xen +hypervisor would directly assign the I/O accesses to the domain with the +hardware domain permission bit enabled. + +Console Domain +^^^^^^^^^^^^^^ + +Traditionally the Xen console is assigned to the control domain and then +reassignable by the toolstack to another domain. With Hyperlaunch it becomes +possible to construct a boot configuration where there is no control domain or +have a use case where the Xen console needs to be isolated. As such it becomes +necessary to be able to designate which of the initial domains should be +assigned the Xen console. Therefore Hyperlaunch introduces the ability to +specify an initial domain which the console is assigned along with a convention +of ordered assignment for when there is no explicit assignment. + +Communication of Domain Configurations +====================================== + +There are several standard methods for an Operating System to access machine +configuration and environment information: ACPI is common on x86 systems, +whereas Device Tree is more typical on Arm platforms. There are currently +implementations of both in Xen. + +* For dom0less, guest Device Trees are dynamically constructed by the + hypervisor to convey domain configuration data + +* For PVH dom0 on x86, ACPI tables are built by the hypervisor before the + domain is started + +Note that both of these mechanisms convey static data that is fixed prior to +the point of domain construction. Hyperlaunch will retain both the existing +ACPI and Device Tree methods. + +Communication of data between a Boot Domain and a Control Domain is of note +since they may not be running concurrently: the method used will depend on +their specific implementations, but one option available is to use Xen’s hypfs +for transfer of basic data to support system bootstrap. + +------------------------------------------------------------------------------- + +Appendix +======== + +Appendix 1: Flow Sequence of Steps of a Hyperlaunch Boot +-------------------------------------------------------- + +Provided here is an ordered flow of a Hyperlaunch with a highlight logic +decision points. Not all branch points are recorded, specifically for the +variety of error conditions that may occur. :: + + 1. Hypervisor Startup: + 2a. (x86) Inspect first module provided by the bootloader + a. Is the module an LCM + i. YES: proceed with the Hyperlaunch host boot path + ii. NO: proceed with a Dom0 host boot path + 2b. (Arm) Inspect host dtb for `/chosen/hypervisor` node + a. Is the LCM present + i. YES: proceed with the Hyperlaunch host boot path + ii. NO: proceed with a Dom0/dom0less host boot path + 3. Iterate through the LCM entries looking for the module description + entry + a. Check if any of the modules are microcode or policy and if so, + load + 4. Iterate through the LCM entries processing all domain description + entries + a. Use the details from the Basic Configuration to call + `domain_create` + b. Record if a domain is flagged as the Boot Domain + c. Record if a domain is flagged as the Recovery Domain + 5. Was a Boot Domain created + a. YES: + i. Attach console to Boot Domain + ii. Unpause Boot Domain + iii. Goto Boot Domain (step 6) + b. NO: Goto Launch Finalization (step 10) + 6. Boot Domain: + 7. Boot Domain comes online and may do any of the following actions + a. Process the LCM + b. Validate the MB2 chain + c. Make additional configuration settings for staged domains + d. Unpause any precursor domains + e. Set any runtime configurations + 8. Boot Domain does any necessary cleanup + 9. Boot Domain make hypercall op call to signal it is finished + i. Hypervisor reclaims all Boot Domain resources + ii. Hypervisor records that the Boot Domain ran + ii. Goto Launch Finalization (step 9) + 10. Launch Finalization + 11. If a configured domain was flagged to have the console, the + hypervisor assigns it + 12. The hypervisor clears the LCM and bootloader loaded module, + reclaiming the memory + 13. The hypervisor iterates through domains unpausing any domain not + flagged as the recovery domain + + +Appendix 2: Considerations in Naming the Hyperlaunch Feature +------------------------------------------------------------ + +* The term “Launch” is preferred over “Boot” + + * Multiple individual component boots can occur in the new system start + process; Launch is preferable for describing the whole process + * Fortunately there is consensus in the current group of stakeholders + that the term “Launch” is good and appropriate + +* The names we define must support becoming meaningful and simple to use + outside the Xen community + + * They must be able to be resolved quickly via search engine to a clear + explanation (eg. Xen marketing material, documentation or wiki) + * We prefer that the terms be helpful for marketing communications + * Consequence: avoid the term “domain” which is Xen-specific and + requires a definition to be provided each time when used elsewhere + + +* There is a need to communicate that Xen is capable of being used as a Static + Partitioning hypervisor + + * The community members using and maintaining dom0less are the current + primary stakeholders for this + +* There is a need to communicate that the new launch functionality provides new + capabilities not available elsewhere, and is more than just supporting Static + Partitioning + + * No other hypervisor known to the authors of this document is capable + of providing what Hyperlaunch will be able to do. The launch sequence is + designed to: + + * Remove dependency on a single, highly-privileged initial domain + * Allow the initial domains started to be independent and fully + isolated from each other + * Support configurations where no further VMs can be launched + once the initial domains have started + * Use a standard, extensible format for conveying VM + configuration data + * Ensure that domain building of all initial domains is + performed by the hypervisor from materials supplied by the + bootloader + * Enable flexible configuration to be applied to all initial + domains by an optional Boot Domain, that runs with limited + privilege, before any other domain starts and obtains the VM + configuration data from the bootloader materials via the + hypervisor + * Enable measurements of all of the boot materials prior to + their use, in a sequence with minimized privilege + * Support use-case-specific customized Boot Domains + * Complement the hypervisor’s existing ability to enforce + policy-based Mandatory Access Control + + +* “Static” and “Dynamic” have different and important meanings in different + communities + + * Static and Dynamic Partitioning describe the ability to create new + virtual machines, or not, after the initial host boot process + completes + * Static and Dynamic Root of Trust describe the nature of the trust + chain for a measured launch. In this case Static is referring to the + fact that the trust chain is fixed and non-repeatable until the next + host reboot or shutdown. Whereas Dynamic in this case refers to the + ability to conduct the measured launch at any time and potentially + multiple times before the next host reboot or shutdown. + + * We will be using Hyperlaunch with both Static and Dynamic + Roots of Trust, to launch both Static and Dynamically + Partitioned Systems, and being clear about exactly which + combination is being started will be very important (eg. for + certification processes) + + * Consequence: uses of “Static” and “Dynamic” need to be qualified if + they are incorporated into the naming of this functionality + + * This can be done by adding the preceding, stronger branded + term: “Hyperlaunch”, before “Static” or “Dynamic” + * ie. “Hyperlaunch Static” describes launch of a + Statically Partitioned system + * and “Hyperlaunch Dynamic” describes launch of a + Dynamically Partitioned system. + * In practice, this means that “Hyperlaunch Static” describes + starting a Static Partitioned system where no new domains can + be started later (ie. no VM has the Control Domain + permission), whereas “Hyperlaunch Dynamic” will launch some + VM with the Control Domain permission, able to create VMs + dynamically at a later point. + +**Naming Proposal:** + +* New Term: “Hyperlaunch” : the ability of a hypervisor to construct and start + one or more virtual machines at system launch, in the following manner: + + * The hypervisor must build all of the domains that it starts at host + boot + + * Similar to the way the dom0 domain is built by the hypervisor + today, and how dom0less works: it will run a loop to build + them all, driven from the configuration provided + * This is a requirement for ensuring that there is Strong + Isolation between each of the initial VMs + + * A single file contains the VM configs (“Launch Control Module”: LCM, + in Device Tree binary format) is provided to the hypervisor + + * The hypervisor parses it and builds domains + * If the LCM config says that a Boot Domain should run first, + then the LCM file itself is made available to the Boot Domain + for it to parse and act on, to invoke operations via the + hypervisor to apply additional configuration to the other VMs + (ie. executing a privilege-constrained toolstack) + +* New Term: “Hyperlaunch Static”: starts a Static Partitioned system, where + only the virtual machines started at system launch are running on the system + +* New Term: “Hyperlaunch Dynamic”: starts a system where virtual machines may + be dynamically added after the initial virtual machines have started. + + +In the default configuration, Xen will be capable of both styles of Hyperlaunch +from the same hypervisor binary, when paired with its XSM flask, provides +strong controls that enable fine grained system partitioning. + + +* Retiring Term: “DomB”: will no longer be used to describe the optional first + domain that is started. It is replaced with the more general term: “Boot + Domain”. + +* Retiring Term: “Dom0less”: it is to be replaced with “Hyperlaunch Static” + + +Appendix 3: Terminology +----------------------- + +To help ensure clarity in reading this document, the following is the +definition of terminology used within this document. + + +Basic Configuration + the minimal information the hypervisor requires to instantiate a domain instance + + +Boot Domain + a domain with limited privileges launched by the hypervisor during a + Multiple Domain Boot that runs as the first domain started. In the Hyperlaunch + architecture, it is responsible for assisting with higher level operations of + the domain setup process. + + +Classic Launch + a backwards-compatible host boot that ends with the launch of a single domain (Dom0) + + +Console Domain + a domain that has the Xen console assigned to it + + +Control Domain + a privileged domain that has been granted Control Domain permissions which + are those that are required by the Xen toolstack for managing other domains. + These permissions are a subset of those that are granted to Dom0. + + +Device Tree + a standardized data structure, with defined file formats, for describing + initial system configuration + + +Disaggregation + the separation of system roles and responsibilities across multiple + connected components that work together to provide functionality + + +Dom0 + the highly-privileged, first and only domain started at host boot on a + conventional Xen system + + +Dom0less + an existing feature of Xen on Arm that provides Multiple Domain Boot + + +Domain + a running instance of a virtual machine; (as the term is commonly used in + the Xen Community) + +DomB +  the former name for Hyperlaunch + + +Extended Configuration + any configuration options for a domain beyond its Basic Configuration + + +Hardware Domain + a privileged domain that has been granted permissions to access and manage + host hardware. These permissions are a subset of those that are granted to + Dom0. + + +Host Boot + the system startup of Xen using the configuration provided by the bootloader + + +Hyperlaunch + a flexible host boot that ends with the launch of one or more domains + + +Initial Domain + a domain that is described in the LCM that is run as part of a multiple + domain boot. This includes the Boot Domain, Recovery Domain and all Launched + Domains. + + +Late Hardware Domain + a Hardware Domain that is launched after host boot has already completed + with a running Dom0. When the Late Hardware Domain is started, Dom0 + relinquishes and transfers the permissions to access and manage host hardware + to it.. + + +Launch Control Module (LCM) + A file supplied to the hypervisor by the bootloader that contains + configuration data for the hypervisor and the initial set of virtual machines + to be run at boot + + +Launched Domain + a domain, aside from the boot domain and recovery domain, that is started as + part of a multiple domain boot and remains running once the boot process is + complete + + +Multiple Domain Boot + a system configuration where the hypervisor and multiple virtual machines + are all launched when the host system hardware boots + + +Recovery Domain + an optional fallback domain that the hypervisor may start in the event of a + detectable error encountered during the multiple domain boot process + + +System Device Tree + this is the product of an Arm community project to extend Device Tree to + cover more aspects of initial system configuration + + +Appendix 4: Copyright License +----------------------------- + +This work is licensed under a Creative Commons Attribution 4.0 International +License. A copy of this license may be obtained from the Creative Commons +website (https://creativecommons.org/licenses/by/4.0/legalcode). + +| Contributions by: +| Christopher Clark are Copyright © 2021 Star Lab Corporation +| Daniel P. Smith are Copyright © 2021 Apertus Solutions, LLC diff -pruN 4.14.3+32-g9de3671772-1/docs/designs/xenstore-migration.md 4.16.1-1/docs/designs/xenstore-migration.md --- 4.14.3+32-g9de3671772-1/docs/designs/xenstore-migration.md 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/designs/xenstore-migration.md 2022-04-12 12:21:23.000000000 +0000 @@ -116,7 +116,7 @@ xenstored state that needs to be restore +-------+-------+-------+-------+ | rw-socket-fd | +-------------------------------+ -| ro-socket-fd | +| evtchn-fd | +-------------------------------+ ``` @@ -126,8 +126,8 @@ xenstored state that needs to be restore | `rw-socket-fd` | The file descriptor of the socket accepting | | | read-write connections | | | | -| `ro-socket-fd` | The file descriptor of the socket accepting | -| | read-only connections | +| `evtchn-fd` | The file descriptor used to communicate with | +| | the event channel driver | xenstored will resume in the original process context. Hence `rw-socket-fd` and `ro-socket-fd` simply specify the file descriptors of the sockets. Sockets @@ -147,7 +147,7 @@ the domain being migrated. ``` 0 1 2 3 4 5 6 7 octet +-------+-------+-------+-------+-------+-------+-------+-------+ -| conn-id | conn-type | flags | +| conn-id | conn-type | | +-------------------------------+---------------+---------------+ | conn-spec ... @@ -169,9 +169,6 @@ the domain being migrated. | | 0x0001: socket | | | 0x0002 - 0xFFFF: reserved for future use | | | | -| `flags` | A bit-wise OR of: | -| | 0001: read-only | -| | | | `conn-spec` | See below | | | | | `in-data-len` | The length (in octets) of any data read | @@ -216,11 +213,13 @@ For `shared ring` connections it is as f | | operation [2] or DOMID_INVALID [3] otherwise | | | | | `evtchn` | The port number of the interdomain channel used | -| | by `domid` to communicate with xenstored | +| | by xenstored to communicate with `domid` | | | | -Since the ABI guarantees that entry 1 in `domid`'s grant table will always -contain the GFN of the shared page. +The GFN of the shared page is not preserved because the ABI reserves +entry 1 in `domid`'s grant table to point to the xenstore shared page. +Note there is no guarantee the page will still be valid at the time of +the restore because a domain can revoke the permission. For `socket` connections it is as follows: @@ -386,7 +385,7 @@ A node permission specifier has the foll ``` 0 1 2 3 octet +-------+-------+-------+-------+ -| perm | pad | domid | +| perm | flags | domid | +-------+-------+---------------+ ``` @@ -395,9 +394,13 @@ A node permission specifier has the foll | `perm` | One of the ASCII values `w`, `r`, `b` or `n` as | | | specified for the `SET_PERMS` operation [2] | | | | +| `flags` | A bit-wise OR of: | +| | 0x01: stale permission, ignore when checking | +| | permissions | +| | | | `domid` | The domain-id to which the permission relates | -Note that perm1 defines the domain owning the code. See [4] for more +Note that perm1 defines the domain owning the node. See [4] for more explanation of node permissions. * * * diff -pruN 4.14.3+32-g9de3671772-1/docs/features/dom0less.pandoc 4.16.1-1/docs/features/dom0less.pandoc --- 4.14.3+32-g9de3671772-1/docs/features/dom0less.pandoc 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/features/dom0less.pandoc 2022-04-12 12:21:23.000000000 +0000 @@ -16,9 +16,10 @@ Multiboot specification has been extende to be passed to Xen. See docs/misc/arm/device-tree/booting.txt for more information about the Multiboot specification and how to use it. -Currently, a control domain ("dom0") is still required, but in the -future it will become unnecessary when all domains are created -directly from Xen. Instead of waiting for the control domain to be fully +Currently, a control domain ("dom0") is still required to manage the DomU +domains, but the system can start also without dom0 if the Device Tree +doesn't specify the dom0 kernel and it declares one or more domUs. +Instead of waiting for the control domain (when declared) to be fully booted and the Xen tools to become available, domains created by Xen this way are started right away in parallel. Hence, their boot time is typically much shorter. diff -pruN 4.14.3+32-g9de3671772-1/docs/man/xenstore-chmod.1.pod 4.16.1-1/docs/man/xenstore-chmod.1.pod --- 4.14.3+32-g9de3671772-1/docs/man/xenstore-chmod.1.pod 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/man/xenstore-chmod.1.pod 2022-04-12 12:21:23.000000000 +0000 @@ -46,10 +46,6 @@ write, and set permissions). Apply the permissions to the key and all its I. -=item B<-s> - -Connect to the Xenstore daemon using a local socket only. - =item B<-u> Apply the permissions to the key and all its I. diff -pruN 4.14.3+32-g9de3671772-1/docs/man/xenstore-ls.1.pod 4.16.1-1/docs/man/xenstore-ls.1.pod --- 4.14.3+32-g9de3671772-1/docs/man/xenstore-ls.1.pod 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/man/xenstore-ls.1.pod 2022-04-12 12:21:23.000000000 +0000 @@ -50,10 +50,6 @@ I the permissions for any domain no subsequent entries. The key owner always has full access (read, write, and set permissions). -=item B<-s> - -Connect to the Xenstore daemon using a local socket only. - =back =head1 BUGS diff -pruN 4.14.3+32-g9de3671772-1/docs/man/xenstore-read.1.pod 4.16.1-1/docs/man/xenstore-read.1.pod --- 4.14.3+32-g9de3671772-1/docs/man/xenstore-read.1.pod 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/man/xenstore-read.1.pod 2022-04-12 12:21:23.000000000 +0000 @@ -16,10 +16,6 @@ Read values of one or more Xenstore I - -Connect to the Xenstore daemon using a local socket only. - =item B<-R> Read raw value, skip escaping non-printable characters (\x..). diff -pruN 4.14.3+32-g9de3671772-1/docs/man/xenstore-write.1.pod 4.16.1-1/docs/man/xenstore-write.1.pod --- 4.14.3+32-g9de3671772-1/docs/man/xenstore-write.1.pod 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/man/xenstore-write.1.pod 2022-04-12 12:21:23.000000000 +0000 @@ -13,10 +13,6 @@ provided to write them at once - in one =over -=item B<-s> - -Connect to the Xenstore daemon using a local socket only. - =item B<-R> Write raw value, skip parsing escaped characters (\x..). diff -pruN 4.14.3+32-g9de3671772-1/docs/man/xen-vtpmmgr.7.pod 4.16.1-1/docs/man/xen-vtpmmgr.7.pod --- 4.14.3+32-g9de3671772-1/docs/man/xen-vtpmmgr.7.pod 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/man/xen-vtpmmgr.7.pod 2022-04-12 12:21:23.000000000 +0000 @@ -92,6 +92,13 @@ Valid arguments: =over 4 +=item srk_handle= + +Specify a srk_handle for TPM 2.0. TPM 2.0 uses a key hierarchy, and +this allow specifying the parent handle for vtpmmgr to create its own +key under. Using this option bypasses vtpmmgr trying to take ownership +of the TPM. + =item owner_auth= =item srk_auth= @@ -222,6 +229,17 @@ XSM label, not the kernel. =head1 Appendix B: vtpmmgr on TPM 2.0 +=head2 WARNING: Incomplete - cannot persist data + +TPM 2.0 support for vTPM manager is incomplete. There is no support for +persisting an encryption key, so vTPM manager regenerates primary and secondary +key handles each boot. + +Also, the vTPM manger group command implementation hardcodes TPM 1.2 commands. +This means running manage-vtpmmgr.pl fails when the TPM 2.0 hardware rejects +the TPM 1.2 commands. vTPM manager with TPM 2.0 cannot create groups and +therefore cannot persist vTPM contents. + =head2 Manager disk image setup: The vTPM Manager requires a disk image to store its encrypted data. The image diff -pruN 4.14.3+32-g9de3671772-1/docs/man/xl.1.pod.in 4.16.1-1/docs/man/xl.1.pod.in --- 4.14.3+32-g9de3671772-1/docs/man/xl.1.pod.in 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/man/xl.1.pod.in 2022-04-12 12:21:23.000000000 +0000 @@ -50,7 +50,7 @@ setup the bridge. If you specify the amount of memory dom0 has, passing B to Xen, it is highly recommended to disable B. Edit -B and set it to 0. +B<@XEN_CONFIG_DIR@/xl.conf> and set it to 0. =item run xl as B @@ -86,6 +86,10 @@ Always use carriage-return-based overwri messages without scrolling the screen. Without -t, this is done only if stderr is a tty. +=item B<-T> + +Include timestamps and pid of the xl process in output. + =back =head1 DOMAIN SUBCOMMANDS @@ -171,13 +175,6 @@ B =over 4 -=item I - - xl create DebianLenny - -This creates a domain with the file /etc/xen/DebianLenny, and returns as -soon as it is run. - =item I xl create hvm.cfg 'cpus="0-3"; pci=["01:05.1","01:05.2"]' @@ -578,7 +575,7 @@ See the corresponding option of the I I Use to setup network buffering instead of the -default script (/etc/xen/scripts/remus-netbuf-setup). +default script (@XEN_SCRIPT_DIR@/remus-netbuf-setup). =item B<-F> @@ -1351,7 +1348,7 @@ All the specified CPUs that can be added to it. If some CPU can't (e.g., because they're already part of another cpupool), an error is reported about each one of them. -=item B I +=item B I I Removes one or more CPUs or NUMA nodes from I. CPUs and NUMA nodes can be specified as single CPU/node IDs or as ranges, using the @@ -1389,7 +1386,7 @@ Note that only PV block devices are supp Requests to attach emulated devices (eg, vdev=hdc) will result in only the PV view being available to the guest. -=item B I I [I] +=item B [I] I I Detach a domain's virtual block device. I may be the symbolic name or the numeric device id given to the device by domain 0. You @@ -1406,7 +1403,7 @@ B =item B<--force> If this parameter is specified the device will be forcefully detached, which -may cause IO errors in the domain. +may cause IO errors in the domain and possibly a guest crash =back @@ -1578,7 +1575,7 @@ List vsnd devices for a domain. Creates a new keyboard device in the domain specified by I. I describes the device to attach, using the same format as the B string in the domain config file. See L -for more informations. +for more information. =item B I I @@ -1595,16 +1592,24 @@ List virtual network interfaces for a do =over 4 -=item B +=item B [I<-n>] + +List all the B of assignable PCI devices. See +L for more information. If the -n option is +specified then any name supplied when the device was made assignable +will also be displayed. -List all the assignable PCI devices. These are devices in the system which are configured to be available for passthrough and are bound to a suitable PCI backend driver in domain 0 rather than a real driver. -=item B I +=item B [I<-n NAME>] I + +Make the device at B assignable to guests. See +L for more information. If the -n option is +supplied then the assignable device entry will the named with the +given B. -Make the device at PCI Bus/Device/Function BDF assignable to guests. This will bind the device to the pciback driver and assign it to the "quarantine domain". If it is already bound to a driver, it will first be unbound, and the original driver stored so that it can be @@ -1618,10 +1623,13 @@ not to do this on a device critical to d storage controllers, network interfaces, or GPUs that are currently being used. -=item B [I<-r>] I +=item B [I<-r>] I|I + +Make a device non-assignable to guests. The device may be identified +either by its B or the B supplied when the device was made +assignable. See L for more information. -Make the device at PCI Bus/Device/Function BDF not assignable to -guests. This will at least unbind the device from pciback, and +This will at least unbind the device from pciback, and re-assign it from the "quarantine domain" back to domain 0. If the -r option is specified, it will also attempt to re-bind the device to its original driver, making it usable by Domain 0 again. If the device is @@ -1637,15 +1645,15 @@ As always, this should only be done if y confident that the particular device you're re-assigning to dom0 will cancel all in-flight DMA on FLR. -=item B I I +=item B I I -Hot-plug a new pass-through pci device to the specified domain. -B is the PCI Bus/Device/Function of the physical device to pass-through. +Hot-plug a new pass-through pci device to the specified domain. See +L for more information. -=item B [I] I I +=item B [I] I I -Hot-unplug a previously assigned pci device from a domain. B is the PCI -Bus/Device/Function of the physical device to be removed from the guest domain. +Hot-unplug a pci device that was previously passed through to a domain. See +L for more information. B @@ -1660,7 +1668,7 @@ even without guest domain's collaboratio =item B I -List pass-through pci devices for a domain. +List the B of pci devices passed through to a domain. =back diff -pruN 4.14.3+32-g9de3671772-1/docs/man/xl.cfg.5.pod.in 4.16.1-1/docs/man/xl.cfg.5.pod.in --- 4.14.3+32-g9de3671772-1/docs/man/xl.cfg.5.pod.in 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/man/xl.cfg.5.pod.in 2022-04-12 12:21:23.000000000 +0000 @@ -580,6 +580,11 @@ to have. This value controls how many pa via the grant mechanism by this domain. The default value is settable via L. +=item B + +Specify the maximum grant table version the domain is allowed to use. The +default value is settable via L. + =item B Disable migration of this domain. This enables certain other features @@ -681,6 +686,32 @@ Windows). If this option is not specified then it will default to B. +=item B + +Specifies the size of vmtrace buffer that would be allocated for each +vCPU belonging to this domain. Disabled (i.e. B) by +default. + +B: Acceptable values are platform specific. For Intel Processor +Trace, this value must be a power of 2 between 4k and 16M. + +=item B + +Currently ARM only. + +Specifies whether to enable the access to PMU registers by disabling +the PMU traps. + +The PMU registers are not virtualized and the physical registers are directly +accessible when this parameter is enabled. There is no interrupt support and +Xen will not save/restore the register values on context switches. + +vPMU, by design and purpose, exposes system level performance +information to the guest. Only to be used by sufficiently privileged +domains. This feature is currently in experimental state. + +If this option is not specified then it will default to B. + =back =head2 Devices @@ -1101,73 +1132,7 @@ option is valid only when the B Specifies the host PCI devices to passthrough to this guest. -Each B has the form of -B<[DDDD:]BB:DD.F[@VSLOT],KEY=VALUE,KEY=VALUE,...> where: - -=over 4 - -=item B<[DDDD:]BB:DD.F> - -Identifies the PCI device from the host perspective in the domain -(B), Bus (B), Device (B
) and Function (B) syntax. This is -the same scheme as used in the output of B for the device in -question. - -Note: by default B will omit the domain (B) if it -is zero and it is optional here also. You may specify the function -(B) as B<*> to indicate all functions. - -=item B<@VSLOT> - -Specifies the virtual slot where the guest will see this -device. This is equivalent to the B
which the guest sees. In a -guest B and B are C<0000:00>. - -=item B - -By default pciback only allows PV guests to write "known safe" values -into PCI configuration space, likewise QEMU (both qemu-xen and -qemu-xen-traditional) imposes the same constraint on HVM guests. -However, many devices require writes to other areas of the configuration space -in order to operate properly. This option tells the backend (pciback or QEMU) -to allow all writes to the PCI configuration space of this device by this -domain. - -B it gives the guest much -more control over the device, which may have security or stability -implications. It is recommended to only enable this option for -trusted VMs under administrator's control. - -=item B - -Specifies that MSI-INTx translation should be turned on for the PCI -device. When enabled, MSI-INTx translation will always enable MSI on -the PCI device regardless of whether the guest uses INTx or MSI. Some -device drivers, such as NVIDIA's, detect an inconsistency and do not -function when this option is enabled. Therefore the default is false (0). - -=item B - -Tells B to automatically attempt to re-assign a device to -pciback if it is not already assigned. - -B If you set this option, B will gladly re-assign a critical -system device, such as a network or a disk controller being used by -dom0 without confirmation. Please use with care. - -=item B - -B<(HVM only)> Specifies that the VM should be able to program the -D0-D3hot power management states for the PCI device. The default is false (0). - -=item B - -B<(HVM/x86 only)> This is the same as the policy setting inside the B -option but just specific to a given device. The default is "relaxed". - -Note: this would override global B option. - -=back +See L for more details. =item B @@ -2318,11 +2283,31 @@ This set incorporates use of a hypercall This enlightenment may improve performance of Windows guests with multiple virtual CPUs. +=item B + +This set enables new hypercall variants taking a variably-sized sparse +B as an argument, rather than a simple 64-bit +mask. Hence this enlightenment must be specified for guests with more +than 64 vCPUs if B and/or B are also +specified. + +=item B + +This group when set indicates to a guest that the hypervisor does not +explicitly have any limits on the number of Virtual processors a guest +is allowed to bring up. It is strongly recommended to keep this enabled +for guests with more than 64 vCPUs. + +=item B + +This set enables dynamic changes to Virtual processor states in Windows +guests effectively allowing vCPU hotplug. + =item B This is a special value that enables the default set of groups, which is currently the B, B, B, B, -B and B groups. +B, B, B and B groups. =item B @@ -2385,7 +2370,7 @@ If B is set less than 128MB, a =item B -Speficies a standard VGA card with VBE (VESA BIOS Extensions) as the +Specifies a standard VGA card with VBE (VESA BIOS Extensions) as the emulated graphics device. If your guest supports VBE 2.0 or later (e.g. Windows XP onwards) then you should enable this. stdvga supports more video ram and bigger resolutions than Cirrus. @@ -2779,6 +2764,10 @@ In case of B it is image, in case of B it is expected to be Linux-based stubdomain kernel. +=item B + +Set the device-model stubdomain kernel command line to B. + =item B Override the path to the ramdisk image used as device-model stubdomain. @@ -2898,6 +2887,20 @@ No MCA capabilities in above list are en =back +=item B + +The "msr_relaxed" boolean is an interim option, and defaults to false. + +In Xen 4.15, the default behaviour for unhandled MSRs has been changed, +to avoid leaking host data into guests, and to avoid breaking guest +logic which uses #GP probing to identify the availability of MSRs. + +However, this new stricter behaviour has the possibility to break +guests, and a more 4.14-like behaviour can be selected by setting this +option. + +If using this option is necessary to fix an issue, please report a bug. + =back =head1 SEE ALSO diff -pruN 4.14.3+32-g9de3671772-1/docs/man/xl.conf.5.pod 4.16.1-1/docs/man/xl.conf.5.pod --- 4.14.3+32-g9de3671772-1/docs/man/xl.conf.5.pod 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/man/xl.conf.5.pod 1970-01-01 00:00:00.000000000 +0000 @@ -1,229 +0,0 @@ -=head1 NAME - -/etc/xen/xl.conf - XL Global/Host Configuration - -=head1 DESCRIPTION - -The F file allows configuration of hostwide C toolstack -options. - -For details of per-domain configuration options please see -L. - -=head1 SYNTAX - -The config file consists of a series of C pairs. - -A value C is one of: - -=over 4 - -=item B<"STRING"> - -A string, surrounded by either single or double quotes. - -=item B - -A number, in either decimal, octal (using a C<0> prefix) or -hexadecimal (using an C<0x> prefix). - -=item B - -A C interpreted as C (C<0>) or C (any other -value). - -=item B<[ VALUE, VALUE, ... ]> - -A list of C of the above types. Lists are homogeneous and are -not nested. - -=back - -The semantics of each C defines which form of C is required. - -=head1 OPTIONS - -=over 4 - -=item B - -Determines how domain-id is set when creating a new domain. - -If set to "xen" then the hypervisor will allocate new domain-id values on a sequential basis. - -If set to "random" then a random domain-id value will be chosen. - -Default: "xen" - -=item B - -If set to "on" then C will automatically reduce the amount of -memory assigned to domain 0 in order to free memory for new domains. - -If set to "off" then C will not automatically reduce the amount of -domain 0 memory. - -If set to "auto" then auto-ballooning will be disabled if the -C option was provided on the Xen command line. - -You are strongly recommended to set this to C<"off"> (or C<"auto">) if -you use the C hypervisor command line to reduce the amount -of memory given to domain 0 by default. - -Default: C<"auto"> - -=item B - -If disabled hotplug scripts will be called from udev, as it used to -be in the previous releases. With the default option, hotplug scripts -will be launched by xl directly. - -Default: C<1> - -=item B - -Sets the path to the lock file used by xl to serialise certain -operations (primarily domain creation). - -Default: C - -=item B - -Sets the default value for the C domain config value. - -Default: value of Xen command line B parameter (or its -default value if unspecified). - -=item B - -Sets the default value for the C domain config value. - -Default: value of Xen command line B -parameter (or its default value if unspecified). - -=item B - -Configures the default hotplug script used by virtual network devices. - -The old B option is deprecated and should not be used. - -Default: C - -=item B - -Configures the default bridge to set for virtual network devices. - -The old B option is deprecated and should not be used. - -Default: C - -=item B - -Configures the default backend to set for virtual network devices. - -Default: C<0> - -=item B - -Configures the default gateway device to set for virtual network devices. - -Default: C - -=item B - -Configures the default script used by Remus to setup network buffering. - -Default: C - -=item B - -Configures the default script used by COLO to setup colo-proxy. - -Default: C - -=item B - -Configures the default output format used by xl when printing "machine -readable" information. The default is to use the C -L syntax. However for compatibility with the -previous C toolstack this can be configured to use the old C -(S-Expression-like) syntax instead. - -Default: C - -=item B - -Configures the name of the first block device to be used for temporary -block device allocations by the toolstack. -The default choice is "xvda". - -=item B - -If this option is enabled then when a guest is created there will be an -guarantee that there is memory available for the guest. -The self-balloon mechanism can deflate/inflate the balloon -quickly and the amount of free memory (which C can show) is -stale the moment it is printed. When claim is enabled a reservation for -the amount of memory (see 'memory' in xl.conf(5)) is set, which is then -reduced as the domain's memory is populated and eventually reaches zero. -The free memory in C is the combination of the hypervisor's -free heap memory minus the outstanding claims value. - -If the reservation cannot be meet the guest creation fails immediately -instead of taking seconds/minutes (depending on the size of the guest) -while the guest is populated. - -Default: C<1> - -=over 4 - -=item C<0> - -No claim is made. Memory population during guest creation will be -attempted as normal and may fail due to memory exhaustion. - -=item C<1> - -Free memory as reported by the hypervisor is used for -calculating whether there is enough memory free to launch a guest. -This guarantees immediate feedback whether the guest can be launched due -to memory exhaustion (which can take a long time to find out if launching -massively huge guests). - -=back - -=item B="CPULIST" - -=item B="CPULIST" - -=item B="CPULIST" - -Global masks that are applied when creating guests and pinning vcpus -to indicate which cpus they are allowed to run on. Specifically, -C applies to all guest types, C applies to -both HVM and PVH guests and C applies to PV guests. - -The hard affinity of guest's vcpus are logical-AND'ed with respective -masks. If the resulting affinity mask is empty, operation will fail. - -Use --ignore-global-affinity-masks to skip applying global masks. - -The default value for these masks are all 1's, i.e. all cpus are allowed. - -Due to bug(s), these options may not interact well with other options -concerning CPU affinity. One example is CPU pools. Users should always double -check that the required affinity has taken effect. - -=back - -=head1 SEE ALSO - -=over 4 - -=item L - -=item L - -=item https://www.json.org/ - -=back diff -pruN 4.14.3+32-g9de3671772-1/docs/man/xl.conf.5.pod.in 4.16.1-1/docs/man/xl.conf.5.pod.in --- 4.14.3+32-g9de3671772-1/docs/man/xl.conf.5.pod.in 1970-01-01 00:00:00.000000000 +0000 +++ 4.16.1-1/docs/man/xl.conf.5.pod.in 2022-04-12 12:21:23.000000000 +0000 @@ -0,0 +1,235 @@ +=head1 NAME + +@XEN_CONFIG_DIR@/xl.conf - XL Global/Host Configuration + +=head1 DESCRIPTION + +The F file allows configuration of hostwide C toolstack +options. + +For details of per-domain configuration options please see +L. + +=head1 SYNTAX + +The config file consists of a series of C pairs. + +A value C is one of: + +=over 4 + +=item B<"STRING"> + +A string, surrounded by either single or double quotes. + +=item B + +A number, in either decimal, octal (using a C<0> prefix) or +hexadecimal (using an C<0x> prefix). + +=item B + +A C interpreted as C (C<0>) or C (any other +value). + +=item B<[ VALUE, VALUE, ... ]> + +A list of C of the above types. Lists are homogeneous and are +not nested. + +=back + +The semantics of each C defines which form of C is required. + +=head1 OPTIONS + +=over 4 + +=item B + +Determines how domain-id is set when creating a new domain. + +If set to "xen" then the hypervisor will allocate new domain-id values on a sequential basis. + +If set to "random" then a random domain-id value will be chosen. + +Default: "xen" + +=item B + +If set to "on" then C will automatically reduce the amount of +memory assigned to domain 0 in order to free memory for new domains. + +If set to "off" then C will not automatically reduce the amount of +domain 0 memory. + +If set to "auto" then auto-ballooning will be disabled if the +C option was provided on the Xen command line. + +You are strongly recommended to set this to C<"off"> (or C<"auto">) if +you use the C hypervisor command line to reduce the amount +of memory given to domain 0 by default. + +Default: C<"auto"> + +=item B + +If disabled hotplug scripts will be called from udev, as it used to +be in the previous releases. With the default option, hotplug scripts +will be launched by xl directly. + +Default: C<1> + +=item B + +Sets the path to the lock file used by xl to serialise certain +operations (primarily domain creation). + +Default: C + +=item B + +Sets the default value for the C domain config value. + +Default: value of Xen command line B parameter (or its +default value if unspecified). + +=item B + +Sets the default value for the C domain config value. + +Default: value of Xen command line B +parameter (or its default value if unspecified). + +=item B + +Sets the default value for the C domain config value. + +Default: maximum grant version supported by the hypervisor. + +=item B + +Configures the default hotplug script used by virtual network devices. + +The old B option is deprecated and should not be used. + +Default: C<@XEN_SCRIPT_DIR@/vif-bridge> + +=item B + +Configures the default bridge to set for virtual network devices. + +The old B option is deprecated and should not be used. + +Default: C + +=item B + +Configures the default backend to set for virtual network devices. + +Default: C<0> + +=item B + +Configures the default gateway device to set for virtual network devices. + +Default: C + +=item B + +Configures the default script used by Remus to setup network buffering. + +Default: C<@XEN_SCRIPT_DIR@/remus-netbuf-setup> + +=item B + +Configures the default script used by COLO to setup colo-proxy. + +Default: C<@XEN_SCRIPT_DIR@/colo-proxy-setup> + +=item B + +Configures the default output format used by xl when printing "machine +readable" information. The default is to use the C +L syntax. However for compatibility with the +previous C toolstack this can be configured to use the old C +(S-Expression-like) syntax instead. + +Default: C + +=item B + +Configures the name of the first block device to be used for temporary +block device allocations by the toolstack. +The default choice is "xvda". + +=item B + +If this option is enabled then when a guest is created there will be an +guarantee that there is memory available for the guest. +The self-balloon mechanism can deflate/inflate the balloon +quickly and the amount of free memory (which C can show) is +stale the moment it is printed. When claim is enabled a reservation for +the amount of memory (see 'memory' in xl.conf(5)) is set, which is then +reduced as the domain's memory is populated and eventually reaches zero. +The free memory in C is the combination of the hypervisor's +free heap memory minus the outstanding claims value. + +If the reservation cannot be meet the guest creation fails immediately +instead of taking seconds/minutes (depending on the size of the guest) +while the guest is populated. + +Default: C<1> + +=over 4 + +=item C<0> + +No claim is made. Memory population during guest creation will be +attempted as normal and may fail due to memory exhaustion. + +=item C<1> + +Free memory as reported by the hypervisor is used for +calculating whether there is enough memory free to launch a guest. +This guarantees immediate feedback whether the guest can be launched due +to memory exhaustion (which can take a long time to find out if launching +massively huge guests). + +=back + +=item B="CPULIST" + +=item B="CPULIST" + +=item B="CPULIST" + +Global masks that are applied when creating guests and pinning vcpus +to indicate which cpus they are allowed to run on. Specifically, +C applies to all guest types, C applies to +both HVM and PVH guests and C applies to PV guests. + +The hard affinity of guest's vcpus are logical-AND'ed with respective +masks. If the resulting affinity mask is empty, operation will fail. + +Use --ignore-global-affinity-masks to skip applying global masks. + +The default value for these masks are all 1's, i.e. all cpus are allowed. + +Due to bug(s), these options may not interact well with other options +concerning CPU affinity. One example is CPU pools. Users should always double +check that the required affinity has taken effect. + +=back + +=head1 SEE ALSO + +=over 4 + +=item L + +=item L + +=item https://www.json.org/ + +=back diff -pruN 4.14.3+32-g9de3671772-1/docs/man/xlcpupool.cfg.5.pod 4.16.1-1/docs/man/xlcpupool.cfg.5.pod --- 4.14.3+32-g9de3671772-1/docs/man/xlcpupool.cfg.5.pod 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/man/xlcpupool.cfg.5.pod 2022-04-12 12:21:23.000000000 +0000 @@ -106,7 +106,7 @@ means that cpus 2,3,5 will be member of means that cpus 0,2,3 and 5 will be member of the cpupool. A "node:" or "nodes:" modifier can be used. E.g., "0,node:1,nodes:2-3,^10-13" means that pcpus 0, plus all the cpus of NUMA nodes 1,2,3 with the exception -of cpus 10,11,12,13 will be memeber of the cpupool. +of cpus 10,11,12,13 will be members of the cpupool. =back diff -pruN 4.14.3+32-g9de3671772-1/docs/man/xl-disk-configuration.5.pod 4.16.1-1/docs/man/xl-disk-configuration.5.pod --- 4.14.3+32-g9de3671772-1/docs/man/xl-disk-configuration.5.pod 2021-11-23 12:30:09.000000000 +0000 +++ 4.16.1-1/docs/man/xl-disk-configuration.5.pod 1970-01-01 00:00:00.000000000 +0000 @@ -1,529 +0,0 @@ -=head1 NAME - -xl-disk-configuration - XL Disk Configuration Syntax - -=head1 SYNTAX - -This document specifies the xl config file format disk configuration -option. It has the following form: - - disk = [ 'DISKSPEC', 'DISKSPEC', ... ] - -where each C is in this form: - - [=|,]*, - [, [, [, []]]], - [=|,]* - [target=] - -For example, these strings are equivalent: - - /dev/vg/guest-volume,,hda - /dev/vg/guest-volume,raw,hda,rw - format=raw, vdev=hda, access=rw, target=/dev/vg/guest-volume - raw:/dev/vg/guest-volume,hda,w (deprecated, see below) - -As are these: - - /root/image.iso,,hdc,cdrom - /root/image.iso,,hdc,,cdrom - /root/image.iso,raw,hdc,devtype=cdrom - format=raw, vdev=hdc, access=ro, devtype=cdrom, target=/root/image.iso - raw:/root/image.iso,hdc:cdrom,ro (deprecated, see below) - -These might be specified in the domain config file like this: - - disk = [ '/dev/vg/guest-volume,,hda', '/root/image.iso,,hdc,cdrom' ] - - -More formally, the string is a series of comma-separated keyword/value -pairs, flags and positional parameters. Parameters which are not bare -keywords and which do not contain "=" symbols are assigned to the -so-far-unspecified positional parameters, in the order below. The -positional parameters may also be specified explicitly by name. - -Each parameter may be specified at most once, either as a positional -parameter or a named parameter. Default values apply if the parameter -is not specified, or if it is specified with an empty value (whether -positionally or explicitly). - -Whitespace may appear before each parameter and will be ignored. - -=head1 Positional Parameters - -=over 4 - -=item B - -=over 4 - -=item Description - -Block device or image file path. When this is used as a path, F -will be prepended if the path doesn't start with a '/'. - -=item Supported values - -N/A - -=item Deprecated values - -N/A - -=item Default value - -None. While a path is provided in most cases there is an exception: -for a cdrom device, lack of this attribute would imply an empty cdrom -drive. - -=item Special syntax - -When this parameter is specified by name, ie with the C -syntax in the configuration file, it consumes the whole rest of the -C including trailing whitespaces. Therefore in that case -it must come last. This is permissible even if an empty value for -the target was already specified as a positional parameter. This -is the only way to specify a target string containing metacharacters -such as commas and (in some cases) colons, which would otherwise be -misinterpreted. - -Future parameter and flag names will start with an ascii letter and -contain only ascii alphanumerics, hyphens and underscores, and will -not be legal as vdevs. Targets which might match that syntax -should not be specified as positional parameters. - -=back - -=item B - -=over 4 - -=item Description - -Specifies the format of image file. - -=item Supported values - -raw, qcow, qcow2, vhd, qed - -=item Deprecated values - -None - -=item Default value - -raw - -=back - -=item B - -=over 4 - -=item Description - -Virtual device as seen by the guest (also referred to as guest drive -designation in some specifications). See L. - -=item Supported values - -hd[x], xvd[x], sd[x] etc. Please refer to the above specification for -further details. - -=item Deprecated values - -None - -=item Default Value - -None, this parameter is mandatory. - -=back - -=item B - -=over 4 - -=item Description - -Specified access control information. Whether or not the block device is -provided to the guest in read-only or read-write mode depends on this -attribute. - -=item Supported values - -C, C (specifies read-only) - -C, C (specifies read/write) - -=item Deprecated values - -None - -=item Default value - -C unless devtype=cdrom, in which case C - -=back - -=back - -=head1 Other Parameters And Flags - -=over 4 - -=item B=I - -=over 4 - -=item Description - -Qualifies virtual device type. - -=item Supported values - -cdrom - -=item Deprecated values - -None - -=item Mandatory - -No - -=back - -=item B - -Convenience alias for "devtype=cdrom". - - -=item B=I - -=over 4 - -=item Description - -Designates a backend domain for the device - -=item Supported values - -Valid domain names - -=item Mandatory - -No - -=back - -Specifies the backend domain which this device should attach to. This -defaults to domain 0. Specifying another domain requires setting up a -driver domain which is outside the scope of this document. - - -=item B=I - -=over 4 - -=item Description - -Specifies the backend implementation to use - -=item Supported values - -phy, qdisk - -=item Mandatory - -No - -=item Default value - -Automatically determine which backend to use. - -=back - -This does not affect the guest's view of the device. It controls -which software implementation of the Xen backend driver is used. - -Not all backend drivers support all combinations of other options. -For example, "phy" does not support formats other than "raw". -Normally this option should not be specified, in which case libxl will -automatically determine the most suitable backend. - - -=item B