1. 08 May, 2022 1 commit
  2. 05 May, 2022 4 commits
    • Jan Beulich's avatar
      x86: avoid SORT_BY_INIT_PRIORITY with old GNU ld · 90ba9a2d
      Jan Beulich authored
      Support for this construct was added in 2.22 only. Avoid the need to
      introduce logic to probe for linker script capabilities by (ab)using the
      probe for a command line option having appeared at about the same time.
      
      Note that this remains x86-specific because Arm is unaffected, by
      requiring GNU ld 2.24 or newer.
      
      Fixes: 4b7fd815
      
       ("x86: fold sections in final binaries")
      Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
      Reviewed-by: default avatarRoger Pau Monné <roger.pau@citrix.com>
      90ba9a2d
    • Juergen Gross's avatar
      tools/xenstore: don't let special watches be children of / · c1d5e402
      Juergen Gross authored
      
      When firing special watches (e.g. "@releaseDomain"), they will be
      regarded to be valid children of the "/" node. So a domain having
      registered a watch for "/" and having the privilege to receive
      the special watches will receive those special watch events for the
      registered "/" watch.
      
      Fix that by calling the related fire_watches() with the "exact"
      parameter set to true, causing a mismatch for the "/" node.
      Reported-by: default avatarRaphael Ning <raphning@amazon.com>
      Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
      Reviewed-by: default avatarRaphael Ning <raphning@amazon.com>
      Reviewed-by: default avatarJulien Grall <jgrall@amazon.com>
      c1d5e402
    • Bertrand Marquis's avatar
      xen/arm: Advertise workaround 1 if we apply 3 · af570d1c
      Bertrand Marquis authored
      
      SMCC_WORKAROUND_3 is handling both Spectre v2 and spectre BHB.
      So when a guest is asking if we support workaround 1, tell yes if we
      apply workaround 3 on exception entry as it handles it.
      
      This will allow guests not supporting Spectre BHB but impacted by
      spectre v2 to still handle it correctly.
      The modified behaviour is coherent with what the Linux kernel does in
      KVM for guests.
      
      While there use ARM_SMCCC_SUCCESS instead of 0 for the return code value
      for workaround detection to be coherent with Workaround 2 handling.
      Signed-off-by: default avatarBertrand Marquis <bertrand.marquis@arm.com>
      Acked-by: default avatarJulien Grall <jgrall@amazon.com>
      af570d1c
    • Julien Grall's avatar
      SUPPORT.MD: Correct the amount of physical memory supported for Arm · a5968a55
      Julien Grall authored
      
      As part of XSA-385, SUPPORT.MD gained a statement regarding the amount
      of physical memory supported.
      
      However, booting Xen on a Arm platform with that amount of memory would
      result to a breakage because the frametable area is too small.
      
      The wiki [1] (as of April 2022) claims we were able to support up to
      5 TiB on Arm64 and 16 GiB. However, this is not the case because
      the struct page_info has always been bigger than expected (56 bytes
      for 64-bit and 32-bytes for 32-bit).
      
      I don't have any HW with such amount of memory. So rather than
      modifying the code, take the opportunity to use the limit that should
      work on Arm (2 TiB for 64-bit and 12 GiB for 32-bit).
      Signed-off-by: default avatarJulien Grall <jgrall@amazon.com>
      Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com> #arm part
      a5968a55
  3. 04 May, 2022 1 commit
    • Jens Wiklander's avatar
      optee: immediately free RPC buffers that are released by OP-TEE · 5d2d5365
      Jens Wiklander authored
      This commit fixes a case overlooked in [1].
      
      There are two kinds of shared memory buffers used by OP-TEE:
      1. Normal payload buffer
      2. Internal command structure buffers
      
      The internal command structure buffers are represented with a shadow
      copy internally in Xen since this buffer can contain physical addresses
      that may need to be translated between real physical address and guest
      physical address without leaking information to the guest.
      
      [1] fixes the problem when releasing the normal payload buffers. The
      internal command structure buffers must be released in the same way.
      Failure to follow this order opens a window where the guest has freed
      the shared memory but Xen is still tracking the buffer.
      
      During this window the guest may happen to recycle this particular
      shared memory in some other thread and try to use it. Xen will block
      this which will lead to spurious failures to register a new shared
      memory block.
      
      Fix this by freeing the internal command structure buffers first before
      informing the guest that the buffer can be freed.
      
      [1] 5b13eb1d
      
       ("optee: immediately free buffers that are released by OP-TEE")
      Signed-off-by: default avatarJens Wiklander <jens.wiklander@linaro.org>
      Reviewed-by: default avatarVolodymyr Babchuk <volodymyr_babchuk@epam.com>
      [stefano: minor code style fix]
      Signed-off-by: default avatarStefano Stabellini <stefano.stabellini@xilinx.com>
      5d2d5365
  4. 02 May, 2022 5 commits
    • Roger Pau Monné's avatar
      linker/lld: do not generate quoted section names · 702c9a80
      Roger Pau Monné authored
      LLVM LD doesn't strip the quotes from the section names, and so the
      resulting binary ends up with section names like:
      
        [ 1] ".text"           PROGBITS         ffff82d040200000  00008000
             000000000018cbc1  0000000000000000  AX       0     0     4096
      
      This confuses some tools (like gdb) and prevents proper parsing of the
      binary.
      
      The issue has already been reported and is being fixed in LLD.  In
      order to workaround this issue and keep the GNU ld support define
      different DECL_SECTION macros depending on the used ld
      implementation.
      
      Drop the quotes from the definitions of the debug sections in
      DECL_DEBUG{2}, as those quotes are not required for GNU ld either.
      
      Fixes: 62549205
      
       ('x86: quote section names when defining them in linker script')
      Signed-off-by: default avatarRoger Pau Monné <roger.pau@citrix.com>
      Reviewed-by: default avatarJan Beulich <jbeulich@suse.com>
      702c9a80
    • Roger Pau Monné's avatar
      kconfig: detect LD implementation · c70c4b62
      Roger Pau Monné authored
      
      Detect GNU and LLVM ld implementations. This is required for further
      patches that will introduce diverging behaviour depending on the
      linker implementation in use.
      
      Note that LLVM ld returns "compatible with GNU linkers" as part of the
      version string, so be on the safe side and use '^' to only match at
      the start of the line in case LLVM ever decides to change the text to
      use "compatible with GNU ld" instead.
      Signed-off-by: default avatarRoger Pau Monné <roger.pau@citrix.com>
      Reviewed-by: default avatarMichal Orzel <michal.orzel@arm.com>
      Acked-by: default avatarJulien Grall <jgrall@amazon.com>
      c70c4b62
    • Elliott Mitchell's avatar
      scripts/add_maintainers.pl: add -o as an alternative to --patchdir · 3c245bc3
      Elliott Mitchell authored
      
      This matches the output directory option used by `git format-patch`.  I
      suspect I'm not the only one who finds matching `git format-patch` more
      intuitive, than -d for directory.
      Signed-off-by: default avatarElliott Mitchell <ehem+xen@m5p.com>
      Reviewed-by: default avatarJuergen Gross <jgross@suse.com>
      3c245bc3
    • Roger Pau Monné's avatar
      x86/msr: handle reads to MSR_P5_MC_{ADDR,TYPE} · ce59e472
      Roger Pau Monné authored
      
      Windows Server 2019 Essentials will unconditionally attempt to read
      P5_MC_ADDR MSR at boot and throw a BSOD if injected a #GP.
      
      Fix this by mapping MSR_P5_MC_{ADDR,TYPE} to
      MSR_IA32_MCi_{ADDR,STATUS}, as reported also done by hardware in Intel
      SDM "Mapping of the Pentium Processor Machine-Check Errors to the
      Machine-Check Architecture" section.
      Reported-by: default avatarSteffen Einsle <einsle@phptrix.de>
      Signed-off-by: default avatarRoger Pau Monné <roger.pau@citrix.com>
      Reviewed-by: default avatarJan Beulich <jbeulich@suse.com>
      ce59e472
    • Jan Beulich's avatar
      IOMMU/x86: disallow device assignment to PoD guests · ad4312d7
      Jan Beulich authored
      
      While it is okay for IOMMU page tables to be set up for guests starting
      in PoD mode, actual device assignment may only occur once all PoD
      entries have been removed from the P2M. So far this was enforced only
      for boot-time assignment, and only in the tool stack.
      
      Also use the new function to replace p2m_pod_entry_count(): Its unlocked
      access to p2m->pod.entry_count wasn't really okay (irrespective of the
      result being stale by the time the caller gets to see it). Nor was the
      use of that function in line with the immediately preceding comment: A
      PoD guest isn't just one with a non-zero entry count, but also one with
      a non-empty cache (e.g. prior to actually launching the guest).
      
      To allow the tool stack to see a consistent snapshot of PoD state, move
      the tail of XENMEM_{get,set}_pod_target handling into a function, adding
      proper locking there.
      
      In libxl take the liberty to use the new local variable r also for a
      pre-existing call into libxc.
      Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
      Reviewed-by: default avatarRoger Pau Monné <roger.pau@citrix.com>
      ad4312d7
  5. 29 Apr, 2022 1 commit
  6. 28 Apr, 2022 8 commits
  7. 27 Apr, 2022 13 commits
  8. 26 Apr, 2022 5 commits
  9. 22 Apr, 2022 2 commits