parent
0ea1c7b71f
commit
502e8891de
@ -0,0 +1,27 @@
|
|||||||
|
From 84160fa4557bf07017e35180d53abe4ea6ef7b14 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
|
||||||
|
<marmarek@invisiblethingslab.com>
|
||||||
|
Date: Sat, 30 Jan 2016 01:53:26 +0100
|
||||||
|
Subject: [PATCH] Log error code of EVTCHNOP_bind_pirq failure
|
||||||
|
|
||||||
|
Ease debugging of PCI passthrough problems.
|
||||||
|
---
|
||||||
|
drivers/xen/events/events_base.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
|
||||||
|
index e6c1934734b7..0458fcefa4b9 100644
|
||||||
|
--- a/drivers/xen/events/events_base.c
|
||||||
|
+++ b/drivers/xen/events/events_base.c
|
||||||
|
@@ -521,7 +521,7 @@ static unsigned int __startup_pirq(unsigned int irq)
|
||||||
|
BIND_PIRQ__WILL_SHARE : 0;
|
||||||
|
rc = HYPERVISOR_event_channel_op(EVTCHNOP_bind_pirq, &bind_pirq);
|
||||||
|
if (rc != 0) {
|
||||||
|
- pr_warn("Failed to obtain physical IRQ %d\n", irq);
|
||||||
|
+ pr_warn("Failed to obtain physical IRQ %d (error %d)\n", irq, rc);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
evtchn = bind_pirq.port;
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
@ -0,0 +1,34 @@
|
|||||||
|
From 6b4db8c77bd178701b3f501135ab3be08cdc43ac Mon Sep 17 00:00:00 2001
|
||||||
|
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
|
||||||
|
Date: Sun, 15 Jul 2012 19:57:47 +0200
|
||||||
|
Subject: [PATCH] pvops/xen-blkfront: handle FDEJECT as detach request (#630)
|
||||||
|
|
||||||
|
---
|
||||||
|
drivers/block/xen-blkfront.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c
|
||||||
|
index 2541d8c38336..3f6df7d98265 100644
|
||||||
|
--- a/drivers/block/xen-blkfront.c
|
||||||
|
+++ b/drivers/block/xen-blkfront.c
|
||||||
|
@@ -47,6 +47,7 @@
|
||||||
|
#include <linux/bitmap.h>
|
||||||
|
#include <linux/list.h>
|
||||||
|
#include <linux/workqueue.h>
|
||||||
|
+#include <linux/fd.h>
|
||||||
|
|
||||||
|
#include <xen/xen.h>
|
||||||
|
#include <xen/xenbus.h>
|
||||||
|
@@ -511,6 +512,9 @@ static int blkif_ioctl(struct block_device *bdev, fmode_t mode,
|
||||||
|
return 0;
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
+ case FDEJECT:
|
||||||
|
+ xenbus_switch_state(info->xbdev, XenbusStateClosing);
|
||||||
|
+ return 0;
|
||||||
|
|
||||||
|
default:
|
||||||
|
/*printk(KERN_ALERT "ioctl %08x not supported by Xen blkdev\n",
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From bf0b3f33476360b5d72f87d749409b0a2b1a57cb Mon Sep 17 00:00:00 2001
|
From bb7d9fa8c1c8d2e90ea7cac04fb1fafe4965ad69 Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
|
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
|
||||||
<marmarek@invisiblethingslab.com>
|
<marmarek@invisiblethingslab.com>
|
||||||
Date: Tue, 15 Dec 2015 21:35:14 +0100
|
Date: Tue, 15 Dec 2015 21:35:14 +0100
|
@ -0,0 +1,75 @@
|
|||||||
|
From ca6107528e5b5c986b64297ae62f706b5b391b0c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||||
|
Date: Wed, 1 Apr 2015 17:01:26 -0400
|
||||||
|
Subject: [PATCH] xen/pcifront/pciback: Update pciif.h with ->err and ->result
|
||||||
|
values.
|
||||||
|
|
||||||
|
The '->err' should contain only the XEN_PCI_ERR_* type values.
|
||||||
|
The '->result' may contain -EXX values or any other value
|
||||||
|
that the XEN_PCI_OP_* deems appropiate.
|
||||||
|
|
||||||
|
As such update the header and also the implementations.
|
||||||
|
|
||||||
|
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||||
|
|
||||||
|
Details in this thread:
|
||||||
|
https://patchwork.kernel.org/patch/8258431/
|
||||||
|
---
|
||||||
|
drivers/pci/xen-pcifront.c | 2 +-
|
||||||
|
drivers/xen/xen-pciback/pciback_ops.c | 2 +-
|
||||||
|
include/xen/interface/io/pciif.h | 6 ++++--
|
||||||
|
3 files changed, 6 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/drivers/pci/xen-pcifront.c b/drivers/pci/xen-pcifront.c
|
||||||
|
index eba6e33147a2..cc6dcb13f1a8 100644
|
||||||
|
--- a/drivers/pci/xen-pcifront.c
|
||||||
|
+++ b/drivers/pci/xen-pcifront.c
|
||||||
|
@@ -298,7 +298,7 @@ static int pci_frontend_enable_msix(struct pci_dev *dev,
|
||||||
|
} else {
|
||||||
|
pci_err(dev, "enable msix get err %x\n", err);
|
||||||
|
}
|
||||||
|
- return err;
|
||||||
|
+ return err ? -EINVAL : 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void pci_frontend_disable_msix(struct pci_dev *dev)
|
||||||
|
diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
|
||||||
|
index ea4a08b83fa0..2d63aa2946a3 100644
|
||||||
|
--- a/drivers/xen/xen-pciback/pciback_ops.c
|
||||||
|
+++ b/drivers/xen/xen-pciback/pciback_ops.c
|
||||||
|
@@ -268,7 +268,7 @@ int xen_pcibk_enable_msix(struct xen_pcibk_device *pdev,
|
||||||
|
if (dev_data)
|
||||||
|
dev_data->ack_intr = 0;
|
||||||
|
|
||||||
|
- return result > 0 ? 0 : result;
|
||||||
|
+ return result >= 0 ? 0 : XEN_PCI_ERR_op_failed;
|
||||||
|
}
|
||||||
|
|
||||||
|
static
|
||||||
|
diff --git a/include/xen/interface/io/pciif.h b/include/xen/interface/io/pciif.h
|
||||||
|
index d9922ae36eb5..c8b674fd2455 100644
|
||||||
|
--- a/include/xen/interface/io/pciif.h
|
||||||
|
+++ b/include/xen/interface/io/pciif.h
|
||||||
|
@@ -70,7 +70,7 @@ struct xen_pci_op {
|
||||||
|
/* IN: what action to perform: XEN_PCI_OP_* */
|
||||||
|
uint32_t cmd;
|
||||||
|
|
||||||
|
- /* OUT: will contain an error number (if any) from errno.h */
|
||||||
|
+ /* OUT: will contain an XEN_PCI_ERR_* number. */
|
||||||
|
int32_t err;
|
||||||
|
|
||||||
|
/* IN: which device to touch */
|
||||||
|
@@ -82,7 +82,9 @@ struct xen_pci_op {
|
||||||
|
int32_t offset;
|
||||||
|
int32_t size;
|
||||||
|
|
||||||
|
- /* IN/OUT: Contains the result after a READ or the value to WRITE */
|
||||||
|
+ /* IN/OUT: Contains the result after a READ or the value to WRITE.
|
||||||
|
+ * If the err does not have XEN_PCI_ERR_success, depending on
|
||||||
|
+ * XEN_PCI_OP_* might have the errno value. */
|
||||||
|
uint32_t value;
|
||||||
|
/* IN: Contains extra infor for this operation */
|
||||||
|
uint32_t info;
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
@ -1,13 +0,0 @@
|
|||||||
diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
|
|
||||||
index 524c221..acb29f4 100644
|
|
||||||
--- a/drivers/xen/events/events_base.c
|
|
||||||
+++ b/drivers/xen/events/events_base.c
|
|
||||||
@@ -519,7 +519,7 @@ static unsigned int __startup_pirq(unsigned int irq)
|
|
||||||
BIND_PIRQ__WILL_SHARE : 0;
|
|
||||||
rc = HYPERVISOR_event_channel_op(EVTCHNOP_bind_pirq, &bind_pirq);
|
|
||||||
if (rc != 0) {
|
|
||||||
- pr_warn("Failed to obtain physical IRQ %d\n", irq);
|
|
||||||
+ pr_warn("Failed to obtain physical IRQ %d (error %d)\n", irq, rc);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
evtchn = bind_pirq.port;
|
|
@ -1,104 +0,0 @@
|
|||||||
From xen-devel-bounces@lists.xen.org Tue Feb 9 06:00:36 2016
|
|
||||||
Date: Mon, 8 Feb 2016 23:59:27 -0500
|
|
||||||
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
|
||||||
To: Marek =?iso-8859-1?Q?Marczykowski-G=F3recki?=
|
|
||||||
<marmarek@invisiblethingslab.com>
|
|
||||||
Message-ID: <20160209045927.GC3853@localhost.localdomain>
|
|
||||||
References: <CANQMFx4YULqKctKZqeESesTQjLQun7rQ0ZjGzq96TXTtUw6VWA@mail.gmail.com>
|
|
||||||
<20160127183005.GB3134@char.us.oracle.com>
|
|
||||||
<CANQMFx5macG2AbNWtrKjs6o445_Jo7+twMaDg6ozE=0DSD_n7A@mail.gmail.com>
|
|
||||||
<1454323426.28781.73.camel@citrix.com>
|
|
||||||
<20160201145053.GA21826@char.us.oracle.com>
|
|
||||||
<20160203142230.GC24446@mail-itl>
|
|
||||||
<20160203152657.GE20732@char.us.oracle.com>
|
|
||||||
<20160208173917.GD24446@mail-itl>
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Disposition: inline
|
|
||||||
In-Reply-To: <20160208173917.GD24446@mail-itl>
|
|
||||||
User-Agent: Mutt/1.5.24 (2015-08-30)
|
|
||||||
Cc: Tommi Airikka <tommi@airikka.net>, Ian Campbell <ian.campbell@citrix.com>,
|
|
||||||
810379@bugs.debian.org, xen-devel@lists.xen.org
|
|
||||||
Subject: Re: [Xen-devel] [BUG] pci-passthrough generates "xen:events: Failed
|
|
||||||
to obtain physical IRQ" for some devices
|
|
||||||
|
|
||||||
I posted it at some point. It was that the MSI-X enable op stashes the
|
|
||||||
error value in op->value. But 'op->value' is an unsigned int so the
|
|
||||||
value ends up being 0xfffffe or such. And the other PV frontends only
|
|
||||||
check for !0 - and manufacture their own value (-EINVAL).
|
|
||||||
|
|
||||||
Hence I want to update the pciff.h .. Oh here is the patch:
|
|
||||||
Oh man. A year?!
|
|
||||||
|
|
||||||
Anyhow this can be posted as a cleanup patch seperately of the
|
|
||||||
bug-fixes.
|
|
||||||
|
|
||||||
commit 393be47782bca7a24d3e365448d4d3d1a303abfe
|
|
||||||
Author: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
|
||||||
Date: Wed Apr 1 17:01:26 2015 -0400
|
|
||||||
|
|
||||||
xen/pcifront/pciback: Update pciif.h with ->err and ->result values.
|
|
||||||
|
|
||||||
The '->err' should contain only the XEN_PCI_ERR_* type values.
|
|
||||||
The '->result' may contain -EXX values or any other value
|
|
||||||
that the XEN_PCI_OP_* deems appropiate.
|
|
||||||
|
|
||||||
As such update the header and also the implementations.
|
|
||||||
|
|
||||||
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
|
||||||
|
|
||||||
Conflicts:
|
|
||||||
drivers/xen/xen-pciback/pciback_ops.c
|
|
||||||
|
|
||||||
Conflicts:
|
|
||||||
drivers/xen/xen-pciback/pciback_ops.c
|
|
||||||
|
|
||||||
diff --git a/drivers/pci/xen-pcifront.c b/drivers/pci/xen-pcifront.c
|
|
||||||
index 8785014..d458e53 100644
|
|
||||||
--- a/drivers/pci/xen-pcifront.c
|
|
||||||
+++ b/drivers/pci/xen-pcifront.c
|
|
||||||
@@ -298,7 +298,7 @@ static int pci_frontend_enable_msix(struct pci_dev *dev,
|
|
||||||
} else {
|
|
||||||
pci_err(dev, "enable msix get err %x\n", err);
|
|
||||||
}
|
|
||||||
- return err;
|
|
||||||
+ return err ? -EINVAL : 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static void pci_frontend_disable_msix(struct pci_dev *dev)
|
|
||||||
diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
|
|
||||||
index ee2c891..573590b 100644
|
|
||||||
--- a/drivers/xen/xen-pciback/pciback_ops.c
|
|
||||||
+++ b/drivers/xen/xen-pciback/pciback_ops.c
|
|
||||||
@@ -268,7 +268,7 @@ int xen_pcibk_enable_msix(struct xen_pcibk_device *pdev,
|
|
||||||
if (dev_data)
|
|
||||||
dev_data->ack_intr = 0;
|
|
||||||
|
|
||||||
- return result > 0 ? 0 : result;
|
|
||||||
+ return result >= 0 ? 0 : XEN_PCI_ERR_op_failed;
|
|
||||||
}
|
|
||||||
|
|
||||||
static
|
|
||||||
diff --git a/include/xen/interface/io/pciif.h b/include/xen/interface/io/pciif.h
|
|
||||||
index d9922ae..c8b674f 100644
|
|
||||||
--- a/include/xen/interface/io/pciif.h
|
|
||||||
+++ b/include/xen/interface/io/pciif.h
|
|
||||||
@@ -70,7 +70,7 @@ struct xen_pci_op {
|
|
||||||
/* IN: what action to perform: XEN_PCI_OP_* */
|
|
||||||
uint32_t cmd;
|
|
||||||
|
|
||||||
- /* OUT: will contain an error number (if any) from errno.h */
|
|
||||||
+ /* OUT: will contain an XEN_PCI_ERR_* number. */
|
|
||||||
int32_t err;
|
|
||||||
|
|
||||||
/* IN: which device to touch */
|
|
||||||
@@ -82,7 +82,9 @@ struct xen_pci_op {
|
|
||||||
int32_t offset;
|
|
||||||
int32_t size;
|
|
||||||
|
|
||||||
- /* IN/OUT: Contains the result after a READ or the value to WRITE */
|
|
||||||
+ /* IN/OUT: Contains the result after a READ or the value to WRITE.
|
|
||||||
+ * If the err does not have XEN_PCI_ERR_success, depending on
|
|
||||||
+ * XEN_PCI_OP_* might have the errno value. */
|
|
||||||
uint32_t value;
|
|
||||||
/* IN: Contains extra infor for this operation */
|
|
||||||
uint32_t info;
|
|
File diff suppressed because it is too large
Load Diff
@ -1,20 +0,0 @@
|
|||||||
--- linux-3.4.1.orig/drivers/block/xen-blkfront.c 2012-06-01 09:18:44.000000000 +0200
|
|
||||||
+++ linux-3.4.1/drivers/block/xen-blkfront.c 2012-07-15 15:54:31.350255623 +0200
|
|
||||||
@@ -44,6 +44,7 @@
|
|
||||||
#include <linux/scatterlist.h>
|
|
||||||
#include <linux/bitmap.h>
|
|
||||||
#include <linux/list.h>
|
|
||||||
+#include <linux/fd.h>
|
|
||||||
|
|
||||||
#include <xen/xen.h>
|
|
||||||
#include <xen/xenbus.h>
|
|
||||||
@@ -241,6 +264,9 @@
|
|
||||||
return 0;
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
+ case FDEJECT:
|
|
||||||
+ xenbus_switch_state(info->xbdev, XenbusStateClosing);
|
|
||||||
+ return 0;
|
|
||||||
|
|
||||||
default:
|
|
||||||
/*printk(KERN_ALERT "ioctl %08x not supported by Xen blkdev\n",
|
|
@ -1,167 +0,0 @@
|
|||||||
From 59e44d8c45afe91204e90229bef64a6d2c5ac103 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
|
|
||||||
<marmarek@invisiblethingslab.com>
|
|
||||||
Date: Thu, 6 Sep 2018 15:09:44 +0200
|
|
||||||
Subject: [PATCH] xen/balloon: add runtime control for scrubbing ballooned out
|
|
||||||
pages
|
|
||||||
|
|
||||||
Scrubbing pages on initial balloon down can take some time, especially
|
|
||||||
in nested virtualization case (nested EPT is slow). When HVM/PVH guest is
|
|
||||||
started with memory= significantly lower than maxmem=, all the extra
|
|
||||||
pages will be scrubbed before returning to Xen. But since most of them
|
|
||||||
weren't used at all at that point, Xen needs to populate them first
|
|
||||||
(from populate-on-demand pool). In nested virt case (Xen inside KVM)
|
|
||||||
this slows down the guest boot by 15-30s with just 1.5GB needed to be
|
|
||||||
returned to Xen.
|
|
||||||
|
|
||||||
Add runtime parameter to enable/disable it, to allow initially disabling
|
|
||||||
scrubbing, then enable it back during boot (for example in initramfs).
|
|
||||||
Such usage relies on assumption that a) most pages ballooned out during
|
|
||||||
initial boot weren't used at all, and b) even if they were, very few
|
|
||||||
secrets are in the guest at that time (before any serious userspace
|
|
||||||
kicks in).
|
|
||||||
Convert CONFIG_XEN_SCRUB_PAGES to CONFIG_XEN_SCRUB_PAGES_DEFAULT (also
|
|
||||||
enabled by default), controlling default value for the new runtime
|
|
||||||
switch.
|
|
||||||
|
|
||||||
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
|
|
||||||
|
|
||||||
---
|
|
||||||
.../ABI/stable/sysfs-devices-system-xen_memory | 9 +++++++++
|
|
||||||
Documentation/admin-guide/kernel-parameters.txt | 6 ++++++
|
|
||||||
drivers/xen/Kconfig | 10 +++++++---
|
|
||||||
drivers/xen/balloon.c | 9 ++++++---
|
|
||||||
drivers/xen/xen-balloon.c | 2 ++
|
|
||||||
include/xen/balloon.h | 1 +
|
|
||||||
6 files changed, 31 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/Documentation/ABI/stable/sysfs-devices-system-xen_memory b/Documentation/ABI/stable/sysfs-devices-system-xen_memory
|
|
||||||
index caa311d59ac1..6d83f95a8a8e 100644
|
|
||||||
--- a/Documentation/ABI/stable/sysfs-devices-system-xen_memory
|
|
||||||
+++ b/Documentation/ABI/stable/sysfs-devices-system-xen_memory
|
|
||||||
@@ -75,3 +75,12 @@ Contact: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
|
||||||
Description:
|
|
||||||
Amount (in KiB) of low (or normal) memory in the
|
|
||||||
balloon.
|
|
||||||
+
|
|
||||||
+What: /sys/devices/system/xen_memory/xen_memory0/scrub_pages
|
|
||||||
+Date: September 2018
|
|
||||||
+KernelVersion: 4.20
|
|
||||||
+Contact: xen-devel@lists.xenproject.org
|
|
||||||
+Description:
|
|
||||||
+ Control scrubbing pages before returning them to Xen for others domains
|
|
||||||
+ use. Can be set with xen_scrub_pages cmdline
|
|
||||||
+ parameter. Default value controlled with CONFIG_XEN_SCRUB_PAGES_DEFAULT.
|
|
||||||
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
index 1370b424a453..c62691ddd476 100644
|
|
||||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
@@ -4921,6 +4921,12 @@
|
|
||||||
Disables the PV optimizations forcing the HVM guest to
|
|
||||||
run as generic HVM guest with no PV drivers.
|
|
||||||
|
|
||||||
+ xen_scrub_pages= [XEN]
|
|
||||||
+ Boolean option to control scrubbing pages before giving them back
|
|
||||||
+ to Xen, for use by other domains. Can be also changed at runtime
|
|
||||||
+ with /sys/devices/system/xen_memory/xen_memory0/scrub_pages.
|
|
||||||
+ Default value controlled with CONFIG_XEN_SCRUB_PAGES_DEFAULT.
|
|
||||||
+
|
|
||||||
xirc2ps_cs= [NET,PCMCIA]
|
|
||||||
Format:
|
|
||||||
<irq>,<irq_mask>,<io>,<full_duplex>,<do_sound>,<lockup_hack>[,<irq2>[,<irq3>[,<irq4>]]]
|
|
||||||
diff --git a/drivers/xen/Kconfig b/drivers/xen/Kconfig
|
|
||||||
index e5d0c28372ea..2f0353290ce5 100644
|
|
||||||
--- a/drivers/xen/Kconfig
|
|
||||||
+++ b/drivers/xen/Kconfig
|
|
||||||
@@ -79,15 +79,19 @@ config XEN_BALLOON_MEMORY_HOTPLUG_LIMIT
|
|
||||||
This value is used to allocate enough space in internal
|
|
||||||
tables needed for physical memory administration.
|
|
||||||
|
|
||||||
-config XEN_SCRUB_PAGES
|
|
||||||
- bool "Scrub pages before returning them to system"
|
|
||||||
+config XEN_SCRUB_PAGES_DEFAULT
|
|
||||||
+ bool "Scrub pages before returning them to system by default"
|
|
||||||
depends on XEN_BALLOON
|
|
||||||
default y
|
|
||||||
help
|
|
||||||
Scrub pages before returning them to the system for reuse by
|
|
||||||
other domains. This makes sure that any confidential data
|
|
||||||
is not accidentally visible to other domains. Is it more
|
|
||||||
- secure, but slightly less efficient.
|
|
||||||
+ secure, but slightly less efficient. This can be controlled with
|
|
||||||
+ xen_scrub_pages=0 parameter and
|
|
||||||
+ /sys/devices/system/xen_memory/xen_memory0/scrub_pages.
|
|
||||||
+ This option only sets the default value.
|
|
||||||
+
|
|
||||||
If in doubt, say yes.
|
|
||||||
|
|
||||||
config XEN_DEV_EVTCHN
|
|
||||||
diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
|
|
||||||
index 065f0b607373..a3e5dfa71796 100644
|
|
||||||
--- a/drivers/xen/balloon.c
|
|
||||||
+++ b/drivers/xen/balloon.c
|
|
||||||
@@ -56,6 +56,7 @@
|
|
||||||
#include <linux/percpu-defs.h>
|
|
||||||
#include <linux/slab.h>
|
|
||||||
#include <linux/sysctl.h>
|
|
||||||
+#include <linux/moduleparam.h>
|
|
||||||
|
|
||||||
#include <asm/page.h>
|
|
||||||
#include <asm/pgalloc.h>
|
|
||||||
@@ -74,6 +75,9 @@
|
|
||||||
|
|
||||||
static int xen_hotplug_unpopulated;
|
|
||||||
|
|
||||||
+bool __read_mostly xen_scrub_pages = IS_ENABLED(CONFIG_XEN_SCRUB_PAGES_DEFAULT);
|
|
||||||
+core_param(xen_scrub_pages, xen_scrub_pages, bool, 0);
|
|
||||||
+
|
|
||||||
#ifdef CONFIG_XEN_BALLOON_MEMORY_HOTPLUG
|
|
||||||
|
|
||||||
static int zero;
|
|
||||||
@@ -159,9 +163,8 @@ static DECLARE_DELAYED_WORK(balloon_worker, balloon_process);
|
|
||||||
|
|
||||||
static void scrub_page(struct page *page)
|
|
||||||
{
|
|
||||||
-#ifdef CONFIG_XEN_SCRUB_PAGES
|
|
||||||
- clear_highpage(page);
|
|
||||||
-#endif
|
|
||||||
+ if (xen_scrub_pages)
|
|
||||||
+ clear_highpage(page);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* balloon_append: add the given page to the balloon. */
|
|
||||||
diff --git a/drivers/xen/xen-balloon.c b/drivers/xen/xen-balloon.c
|
|
||||||
index b437fccd4e62..a3dd7c6ec371 100644
|
|
||||||
--- a/drivers/xen/xen-balloon.c
|
|
||||||
+++ b/drivers/xen/xen-balloon.c
|
|
||||||
@@ -137,6 +137,7 @@ static DEVICE_ULONG_ATTR(schedule_delay, 0444, balloon_stats.schedule_delay);
|
|
||||||
static DEVICE_ULONG_ATTR(max_schedule_delay, 0644, balloon_stats.max_schedule_delay);
|
|
||||||
static DEVICE_ULONG_ATTR(retry_count, 0444, balloon_stats.retry_count);
|
|
||||||
static DEVICE_ULONG_ATTR(max_retry_count, 0644, balloon_stats.max_retry_count);
|
|
||||||
+static DEVICE_BOOL_ATTR(scrub_pages, 0644, xen_scrub_pages);
|
|
||||||
|
|
||||||
static ssize_t show_target_kb(struct device *dev, struct device_attribute *attr,
|
|
||||||
char *buf)
|
|
||||||
@@ -203,6 +204,7 @@ static struct attribute *balloon_attrs[] = {
|
|
||||||
&dev_attr_max_schedule_delay.attr.attr,
|
|
||||||
&dev_attr_retry_count.attr.attr,
|
|
||||||
&dev_attr_max_retry_count.attr.attr,
|
|
||||||
+ &dev_attr_scrub_pages.attr.attr,
|
|
||||||
NULL
|
|
||||||
};
|
|
||||||
|
|
||||||
diff --git a/include/xen/balloon.h b/include/xen/balloon.h
|
|
||||||
index 61f410fd74e4..0ec832b9ff55 100644
|
|
||||||
--- a/include/xen/balloon.h
|
|
||||||
+++ b/include/xen/balloon.h
|
|
||||||
@@ -21,6 +21,7 @@ struct balloon_stats {
|
|
||||||
};
|
|
||||||
|
|
||||||
extern struct balloon_stats balloon_stats;
|
|
||||||
+extern bool xen_scrub_pages;
|
|
||||||
|
|
||||||
void balloon_set_new_target(unsigned long target);
|
|
||||||
|
|
||||||
--
|
|
||||||
2.17.1
|
|
||||||
|
|
@ -1,49 +0,0 @@
|
|||||||
From: Jan Beulich <jbeulich@suse.com>
|
|
||||||
Subject: xen-netback: fix input validation in xenvif_set_hash_mapping()
|
|
||||||
|
|
||||||
Both len and off are frontend specified values, so we need to make
|
|
||||||
sure there's no overflow when adding the two for the bounds check. We
|
|
||||||
also want to avoid undefined behavior and hence use off to index into
|
|
||||||
->hash.mapping[] only after bounds checking. This at the same time
|
|
||||||
allows to take care of not applying off twice for the bounds checking
|
|
||||||
against vif->num_queues.
|
|
||||||
|
|
||||||
It is also insufficient to bounds check copy_op.len, as this is len
|
|
||||||
truncated to 16 bits.
|
|
||||||
|
|
||||||
This is XSA-270.
|
|
||||||
|
|
||||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
||||||
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
|
|
||||||
Tested-by: Paul Durrant <paul.durrant@citrix.com>
|
|
||||||
|
|
||||||
--- a/drivers/net/xen-netback/hash.c
|
|
||||||
+++ b/drivers/net/xen-netback/hash.c
|
|
||||||
@@ -332,20 +332,22 @@ u32 xenvif_set_hash_mapping_size(struct
|
|
||||||
u32 xenvif_set_hash_mapping(struct xenvif *vif, u32 gref, u32 len,
|
|
||||||
u32 off)
|
|
||||||
{
|
|
||||||
- u32 *mapping = &vif->hash.mapping[off];
|
|
||||||
+ u32 *mapping = vif->hash.mapping;
|
|
||||||
struct gnttab_copy copy_op = {
|
|
||||||
.source.u.ref = gref,
|
|
||||||
.source.domid = vif->domid,
|
|
||||||
- .dest.u.gmfn = virt_to_gfn(mapping),
|
|
||||||
.dest.domid = DOMID_SELF,
|
|
||||||
- .dest.offset = xen_offset_in_page(mapping),
|
|
||||||
- .len = len * sizeof(u32),
|
|
||||||
+ .len = len * sizeof(*mapping),
|
|
||||||
.flags = GNTCOPY_source_gref
|
|
||||||
};
|
|
||||||
|
|
||||||
- if ((off + len > vif->hash.size) || copy_op.len > XEN_PAGE_SIZE)
|
|
||||||
+ if ((off + len < off) || (off + len > vif->hash.size) ||
|
|
||||||
+ len > XEN_PAGE_SIZE / sizeof(*mapping))
|
|
||||||
return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER;
|
|
||||||
|
|
||||||
+ copy_op.dest.u.gmfn = virt_to_gfn(mapping + off);
|
|
||||||
+ copy_op.dest.offset = xen_offset_in_page(mapping + off);
|
|
||||||
+
|
|
||||||
while (len-- != 0)
|
|
||||||
if (mapping[off++] >= vif->num_queues)
|
|
||||||
return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER;
|
|
@ -1,28 +1,23 @@
|
|||||||
patches.rpmify/makefile-after_link.patch
|
0001-kbuild-AFTER_LINK.patch
|
||||||
|
0002-xen-netfront-detach-crash.patch
|
||||||
patches.xen/xen-netfront-detach-crash.patch
|
0003-mce-hide-EBUSY-initialization-error-on-Xen.patch
|
||||||
patches.xen/0001-mce-hide-EBUSY-initialization-error-on-Xen.patch
|
0004-Log-error-code-of-EVTCHNOP_bind_pirq-failure.patch
|
||||||
patches.xen/irq-bind-debug-log.patch
|
|
||||||
patches.xen/xen-balloon-add-runtime-control-for-scrubbing-balloo.patch
|
|
||||||
|
|
||||||
# Additional features
|
# Additional features
|
||||||
#patches.xen/pvops-0100-usb-xen-pvusb-driver.patch
|
0005-pvops-respect-removable-xenstore-flag-for-block-devi.patch
|
||||||
patches.xen/pvops-blkfront-removable-flag.patch
|
0006-pvops-xen-blkfront-handle-FDEJECT-as-detach-request-.patch
|
||||||
patches.xen/pvops-blkfront-eject-support.patch
|
0007-block-add-no_part_scan-module-parameter.patch
|
||||||
|
|
||||||
patches.qubes/0001-block-add-no_part_scan-module-parameter.patch
|
|
||||||
|
|
||||||
# Security fixes
|
# Security fixes
|
||||||
patches.xen/xsa155-linux-0008-xen-Add-RING_COPY_RESPONSE.patch
|
0008-xen-Add-RING_COPY_RESPONSE.patch
|
||||||
patches.xen/xsa155-linux44-0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch
|
0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch
|
||||||
patches.xen/xsa155-linux44-0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch
|
0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch
|
||||||
patches.xen/xsa155-linux-0011-xen-netfront-add-range-check-for-Tx-response-id.patch
|
0011-xen-netfront-add-range-check-for-Tx-response-id.patch
|
||||||
patches.xen/xsa155-linux312-0012-xen-blkfront-make-local-copy-of-response-before-usin.patch
|
0012-xen-blkfront-make-local-copy-of-response-before-usin.patch
|
||||||
patches.xen/xsa155-linux44-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch
|
0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch
|
||||||
patches.xen/xsa270.patch
|
|
||||||
|
|
||||||
# MSI-X enabled device passthrough fix (#1734)
|
# MSI-X enabled device passthrough fix (#1734)
|
||||||
patches.xen/pci_op-cleanup.patch
|
0014-xen-pcifront-pciback-Update-pciif.h-with-err-and-res.patch
|
||||||
|
|
||||||
# Fix for MSI support with stubdoms
|
# Fix for MSI support with stubdoms
|
||||||
patches.xen/xen-pciback-add-attribute-to-allow-MSI-enable-flag-w.patch
|
0015-xen-pciback-add-attribute-to-allow-MSI-enable-flag-w.patch
|
||||||
|
Loading…
Reference in new issue