Ian Campbell [Thu, 10 Dec 2015 10:21:34 +0000 (10:21 +0000)]
Revert "tools: Refactor "xentoollog" into its own library"
This reverts commit c7d3afbb44b47af9103be0b914afd588a84d9e62 which
broke the libvirt build, since libvirt uses xtl_* and hence needs
updating to link against the new library when necessary.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Thu, 3 Dec 2015 11:22:02 +0000 (11:22 +0000)]
tools: Refactor "xentoollog" into its own library
In attempting to disaggregate libxenctrl I found that many of the
pieces were going to want access to this library, so split it out (as
it probably should always have been).
Various build adjustments are needed. In particular things which use
xtl_* themselves now need to explicity link against the library.
This has a nice side effect which is that users of libxl no longer
need to link against libxenctrl just to create a logger, which was
counter to the principal that applications using libxl shouldn't be
required to look behind the curtain. This means that xl no longer
links against libxenctrl.
The new library uses a version script to ensure that only expected
symbols are exported and to version them such that ABI guarantees can
be kept in the future.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
[ ijc -- Update QEMU_TRADITIONAL_REVISION and MINIOS_UPSTREAM_REVISION ]
Juergen Gross [Thu, 12 Nov 2015 13:43:31 +0000 (14:43 +0100)]
libxc: introduce domain builder architecture specific data
Reorganize struct xc_dom_image to contain a pointer to domain builder
architecture specific private data. This will abstract the architecture
or domain type specific data from the general used data.
The new area is allocated as soon as the domain type is known.
Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Guest memory allocation in the domain builder of libxc is done via
virtual addresses only. In order to be able to support preallocated
areas not virtually mapped reorganize the memory allocator to keep
track of allocated pages globally and in allocated segments.
This requires an interface change of the allocate callback of the
domain builder which currently is using the last mapped virtual
address as a parameter. This is no problem as the only user of this
callback is stubdom/grub/kexec.c using this virtual address to
calculate the last used pfn.
Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Roger Pau Monne [Fri, 2 Oct 2015 15:48:34 +0000 (17:48 +0200)]
libxc: unify xc_dom_p2m_{host/guest}
Unify both functions into xc_dom_p2m. Should not introduce any functional
change.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org>
Ian Campbell [Wed, 29 Jul 2015 10:00:36 +0000 (11:00 +0100)]
Replace FSF street address with canonical URL
As recommended in http://www.gnu.org/licenses/gpl-howto.en.html.
This is the result of:
$ git grep -El Mass\|Temple\|Franklin | xargs ./fsf.pl
Where fsf.pl is:
#!/usr/bin/perl -w -pi.bak -0777
my $repl = 'If not, see <http://www.gnu.org/licenses/>.';
my $br = qr/(?:\s*\n\s*(?:[\*\#]|\/\/|\.\\" )?\s*|\s+)/;
my $inwt = qr/[Ii]f${br}not,${br}write${br}(?:to${br})?the${br}Free${br}Software${br}Foundation,(?:${br}Inc\.,)?/;
my $mass = qr/675${br}Mass${br}Ave,?${br}Cambridge,?${br}MA${br}02139,?${br}USA,?\.?/;
my $franklin = qr/51${br}Franklin${br}St(?:reet)?(?:,${br}| - )Fifth${br}Floor,?${br}Boston,?${br}MA,?${br}02110-1301,?${br}USA,?\.?/;
my $temple = qr/59${br}Temple${br}Place(?:,${br}| - )Suite${br}330,?${br}Boston,?${br}MA,?${br}021110?-1307,?${br}USA,?\.?/;
The only remaining mentions of these addresses are in COPYING files which I
haven't touched.
Some of the changed files are imports from elsewhere, however
filtering them out is tricky, I think it is tolerable to have these
files be modified here and then perhaps reverted on the next sync,
since it's only 1-2 lines and obvious what is going on.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Fri, 26 Jun 2015 11:06:09 +0000 (12:06 +0100)]
stubdom: vtpmmgr: Correctly format size_t with %z when printing.
Also contains a fix from Thomas Leonard (to use %u for "4 + 32", not
%lu) previously posted as part of "mini-os: enable compiler check for
printk format types" but with mini-os now having been split a separate
repo most of that change has been applied there.
This fixes the 32-bit build with updated mini-os which includes format
string checking.
Signed-off-by: Thomas Leonard <talex5@gmail.com> Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-By: Samuel Thibault <samuel.thibault@ens-lyon.org>
[ ijc -- Updated MINIOS_UPSTREAM_REVISION ]
Olaf Hering [Mon, 11 May 2015 15:24:55 +0000 (15:24 +0000)]
tools: replace private DOCDIR with automake docdir
Reuse automake variable instead of inventing a private variable.
The result of this command:
git grep -wnl DOCDIR | xargs sed -i 's@DOCDIR@docdir@g'
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Sun, 10 May 2015 13:14:51 +0000 (14:14 +0100)]
pvgrub: initialise p2m_size
In 84083790 ("libxc: add p2m_size to xc_dom_image") a new field is
added. We should initialised this field in pvgrub as well, otherwise
xc_dom_build_image won't work properly.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Emil Condrea [Wed, 15 Apr 2015 18:00:14 +0000 (21:00 +0300)]
vtpmmgr: execute deep quote in locality 0
Enables deep quote execution for vtpmmgr which can not be started
using locality 2. Flags are used to request additional data to be
present when executing quote. They are interpreted as a bitmask of:
* VTPM_QUOTE_FLAGS_HASH_UUID
* VTPM_QUOTE_FLAGS_VTPM_MEASUREMENTS
* VTPM_QUOTE_FLAGS_GROUP_INFO
* VTPM_QUOTE_FLAGS_GROUP_PUBKEY
The externData param for TPM_Quote is calculated as:
externData = SHA1 (
extraInfoFlags
requestData
[SHA1 (
[SHA1 (UUIDs if requested)]
[SHA1 (vTPM measurements if requested)]
[SHA1 (vTPM group update policy if requested)]
[SHA1 (vTPM group public key if requested)]
) if flags !=0 ]
)
The response param pcrValues is an array containing requested hashes used
for externData calculation : UUIDs, vTPM measurements, vTPM group update
policy, group public key. At the end of these hashes the PCR values are
appended.
Signed-off-by: Emil Condrea <emilcondrea@gmail.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Quan Xu [Tue, 17 Mar 2015 01:00:03 +0000 (21:00 -0400)]
stubdom: fix vtpm build failure due to duplicated typedefs.
Typedefs are duplicated in stubdom/vtpmmgr/tcg.h and supported compilers
do not cope with current staging branch.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Signed-off-by: Quan Xu <quan.xu@intel.com> Tested-by: Olaf Hering <olaf@aepfle.de> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- reworded subject line ]
Wei Liu [Mon, 2 Mar 2015 15:05:43 +0000 (15:05 +0000)]
stubdom: fix make clean and distclean on a freshly cloned tree
Clean and distclean targets need not depend on existence of the mini-os
tree. Don't check for mini-os and don't try to blindly include
mini-os's Config.mk when doing clean and distclean.
Note that one subtle issue is that $(XEN_ROOT)/Config.mk tries to
include $(XEN_ROOT)/config/$(XEN_OS).mk. In stubdom's case XEN_OS is
"MiniOS". Then $(XEN_ROOT)/config/MiniOS.mk tries to include mini-os's
Config.mk.
Since clean and distclean don't enforce existence of mini-os tree, don't
include $(XEN_ROOT)/Config.mk to avoid getting error due to the
aforementioned issue.
Reported-by: Sander Eikelenboom <linux@eikelenboom.it> Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Fri, 30 Jan 2015 15:58:38 +0000 (15:58 +0000)]
build system: stubdom targets now depends on mini-os target
Provide mini-os url and revision in Config.mk
Make stubdom targets depend on mini-os-dir target. Make
subtree-force-update{,-all} depend on mini-os-dir-force-update.
Also make mktarball script generate mini-os archive.
Original mini-os directory is renamed to mini-os-intree to help reduce
patch length. That directory will be deleted in a separate patch.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
Changes in v3:
1. Put mini-os targets in main Makefile.
2. Stubdom clean and distclean don't depend on mini-os-dir.
Wei Liu [Tue, 24 Feb 2015 17:37:04 +0000 (17:37 +0000)]
stubdom: no need to clean mini-os
All objects are placed inside stubdom's directories, so there is no need
to enter mini-os and clean.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Sun, 25 Jan 2015 14:43:43 +0000 (14:43 +0000)]
stubdom: don't look for mini-os source file during configure
Don't look for mini-os source file during configure. Mini-os source code
will be fetched during build.
Instead look for xenstore-minios.cfg.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Fri, 30 Jan 2015 14:15:02 +0000 (14:15 +0000)]
stubdom: fix "make build"
Cross compiling libxc requires some symlinks to exist.
Note that make -C tools/include requires running tools/configure. But at
least now the error message is much better than just a "file not found"
error.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jakcson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Quan Xu [Thu, 15 Jan 2015 09:21:50 +0000 (04:21 -0500)]
vTPM/TPM2: Support TPM 2.0 bind and unbind data
Bind data with TPM2_RSA_Encrypt, which performs RSA encryption using
the indicated padding scheme according to PKCS#1v2.1(PKCS#1). If the
scheme of keyHandle is TPM_ALG_NULL, then the caller may use inScheme
to specify the padding scheme.
Unbind data with TPM2_RSA_Decrypt, which performs RSA decryption using
the indicated padding scheme according to PKCS#1v2.1(PKCS#1).
Signed-off-by: Quan Xu <quan.xu@intel.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Quan Xu [Thu, 15 Jan 2015 09:21:48 +0000 (04:21 -0500)]
vTPM/TPM2: Support 'tpm2' extra command line.
Make vtpm-stubdom domain compatible to launch on TPM 1.x / TPM 2.0.
Add:
..
extra="tpm2=1"
..
to launch vtpm-stubdom domain on TPM 2.0, ignore it on TPM 1.x. for
example,
vtpm-stubdom domain configuration on TPM 2.0:
Quan Xu [Thu, 15 Jan 2015 09:21:47 +0000 (04:21 -0500)]
vTPM/TPM2: Add main entrance vtpmmgr2_init()
Accept commands from the vtpm-stubdom domains via the mini-os TPM
backend driver. The vTPM manager communicates directly with hardware
TPM 2.0 using the mini-os tpm2_tis driver.
Signed-off-by: Quan Xu <quan.xu@intel.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Quan Xu [Thu, 15 Jan 2015 09:21:45 +0000 (04:21 -0500)]
vTPM/TPM2: Create and load SK on TPM 2.0
TPM2_Create is used to create an object that can be loaded into a
TPM using TPM2_Load(). If the command completes successfully, the
TPM will create the new object and return the object’s creation.
data (creationData), its public area (outPublic), and its encrypted
sensitive area (outPrivate). Preservation of the returned data is
the responsibility of the caller. The object will need to be loaded
(TPM2_Load()).
TPM2_Load is used to load objects into the TPM. This command is used
when both a TPM2B_PUBLIC and TPM2B_PRIVATE are to be loaded. If only
a TPM2B_PUBLIC is to be loaded, the TPM2_LoadExternal command is used.
Signed-off-by: Quan Xu <quan.xu@intel.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Quan Xu [Thu, 15 Jan 2015 09:21:44 +0000 (04:21 -0500)]
vTPM/TPM2: TPM 2.0 takes ownership and create SRK
TPM2_CreatePrimary is used to create a Primary Object under one of
the Primary Seeds or a Temporary Object under TPM_RH_NULL. The command
uses a TPM2B_PUBLIC as a template for the object to be created. The
command will create and load a Primary Object. The sensitive area is
not returned. Any type of object and attributes combination that is
allowed by TPM2_Create() may be created by this command. The constraints
on templates and parameters are the same as TPM2_Create() except that a
Primary Storage Key and a Temporary Storage Key are not constrained to
use the algorithms of their parents.
Signed-off-by: Quan Xu <quan.xu@intel.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Ian Jackson [Tue, 6 Jan 2015 16:21:21 +0000 (16:21 +0000)]
configure: Rerun autogen.sh
Various configure scripts have the Xen version built into them by
autoconf. Rereun autogen.sh (on Debian wheezy) so that they all say
4.6. There are no changes other than to doc comments, usage messages,
and so forth.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
When using pvgrub in graphical mode with vnc, the grub timeout doesn't
work: the countdown doesn't even start. With a serial terminal the
problem doesn't occur and the countdown works as expected.
It turns out that the problem is that when using a graphical terminal,
checkkey () returns 0 instead of -1 when there is no activity on the
mouse or keyboard. As a consequence grub thinks that the user typed
something and interrupts the count down.
To fix the issue simply ignore keystrokes returning 0, that is the NUL
character anyway. Add a patch to grub.patches to do that.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Tested-by: Steven Haigh <netwiz@crc.id.au> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
M A Young [Thu, 23 Oct 2014 17:37:43 +0000 (18:37 +0100)]
stubdom/Makefile: use QEMU_TRADITIONAL_LOC
In commit 8962a8f951ea83e8d10ee23aeb20266e4795b06e CONFIG_QEMU was
replaced by QEMU_TRADITIONAL_LOC. However stubdom/Makefile still uses
CONFIG_QEMU so building stubdom is likely to fail. This patch
replaces CONFIG_QEMU with QEMU_TRADITIONAL_LOC in stubdom/Makefile as
well.
Signed-off-by: Michael Young <m.a.young@durham.ac.uk> Acked-by: Wei Liu <wei.liu2@citrix.com> Release-Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Olaf Hering [Wed, 8 Oct 2014 13:57:42 +0000 (15:57 +0200)]
stubdom: provide install-c target
configure --enable-c-stubdom fails to build with 'make rpmball' because
no install target exists for it. Just provide it to fix build.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Olaf Hering [Tue, 7 Oct 2014 14:15:46 +0000 (16:15 +0200)]
stubdom: another for fix for lwip compile
stubdom/lwip-x86_64/src/core/dhcp.c: In function 'dhcp_create_request':
stubdom/lwip-x86_64/src/core/dhcp.c:1361:64: error: array subscript is above array bounds
The previous attempt to fix the failure above worked fine in SLE11,
openSUSE 13.1 and newer. But gcc-4.5 as included in openSUSE 11.4 still
failed to compile. To fix compilation also with this version of gcc move
the range check right into the code instead of assigning it to a
temporary variable.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Mon, 6 Oct 2014 13:42:53 +0000 (15:42 +0200)]
stubdom: remove references to xend from README
.. the xl part of the config is right above the removed lines.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Olaf Hering [Wed, 1 Oct 2014 16:41:29 +0000 (18:41 +0200)]
move vtpmmgr helpers from tools to stubdom
Tools.mk contains a dead CONFIG_VTPM, @vtpm@ is never expanded because
@vtpm@ is only known by stubdom/configure.ac. Move the two perl scripts
to stubdom/vtpmmgr and install them as executeable. This was introduced
by the recent commit ffa11862aa431494e809c6e99f7358c12cb67e44 ("vtpmmgr:
add example control tools")
Also remove vtpm= from config/Stubdom.mk because vtpm= is (appearently)
not used by make itself.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Wei Liu <wei.liu2@citrix.com>
Olaf Hering [Wed, 1 Oct 2014 16:41:17 +0000 (18:41 +0200)]
Use configure --libexecdir=BASEDIR to set LIBEXEC
The current usage of LIBEXEC is bogus. It describes the directory for
private xen executables. Other places create their own, similar
libexecdir path as $prefix/lib/xen/*.
Additional two other variables are used to describe similar paths:
PRIVATE_BINDIR and PRIVATE_PREFIX
The autoconf documentation refers to libexec as a directory for
executables and stuff which is called by other programs, not by the
user.
Adjust all places that want libexecdir as a target path. LIBEXEC refers
now to the base directory. Three convenience variables are used to refer
to paths to private binaries, libs and include files.
In the systemd files LIBEXEC_BIN is substituted, so this variable has to
be present in autoconf. All other variables are expanded in Paths.mk
because they are only used in Makefiles.
Most users of LIBEXEC are updated to use LIBEXEC_BIN because that is
what they want.
Users of PRIVATE_BINDIR are updated to use LIBEXEC_BIN because that is
what they want. PRIVATE_BINDIR and PRIVATE_PREFIX usage is removed by
this patch, in favour of LIBXEC_BIN and LIBEXEC
An internal libxl function was removed. A single helper to retrieve
LIBEXEC_BIN remains.
As suggested by the autoconf documentation, configure appends the
package name to LIBEXEC to make sure the provided directory really
refers to xen. This makes sure "make uninstall" preserves the real
libexecdir.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: George Dunlap <george.dunlap@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Wei Liu <wei.liu2@citrix.com>
[ ijc -- ran autogen.sh as requested, updated QEMU_TRADITIONAL_REVISION to
pickup version which uses LIBEXEC_BIN ]
Move xenstore and libxc public headers to include subdir
Also moves xc_dom.h to include as it is used often by other xen tools.
Use the new include subdirectories to build Xen tools, qemu-xen and
stubdoms.
Add the old libxc include path to the programs that need it to build,
on a case by case basis and commeting that they shouldn't require
internal libxc headers to build.
[ And: update QEMU_TRADITIONAL_REVISION to corresponding qemu patch
- Ian jackson ]
Olaf Hering [Mon, 22 Sep 2014 13:00:02 +0000 (15:00 +0200)]
Config.mk: replace dependency to genpath with actual target
genpath is a detail of buildmakevars2file. Replace the dependency to
genpath with the actual buildmakevars2file target. This change by
itself does not fix any bug. Upcoming changes will add dependencies to
$(target), but no rule exist to create $(target).
To force a rebuild of the $(1) rule the target now depends on the
existing .phony target. This dummy target is already used elsewhere in
the code.
No change in behaviour is expected by this patch.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Mon, 22 Sep 2014 12:59:50 +0000 (14:59 +0200)]
stubdom: fix lwip compile
stubdom/lwip-x86_64/src/core/dhcp.c: In function 'dhcp_create_request':
stubdom/lwip-x86_64/src/core/dhcp.c:1359:71: error: array subscript is above array bounds [-Werror=array-bounds]
dhcp->msg_out->chaddr[i] = (i < netif->hwaddr_len) ? netif->hwaddr[i] : 0/* pad byte*/;
gcc can not know if hwaddr_len exceeds the hwaddr array size,
so force an upper limit to assist gcc.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Thomas Leonard [Fri, 8 Aug 2014 15:47:30 +0000 (16:47 +0100)]
mini-os: don't include lib.h from mm.h
This breaks the include cycle hypervisor.h -> hypercall-x86_32.h -> mm.h
-> lib.h -> gntmap.h -> os.h -> hypervisor.h.
Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Olaf Hering [Tue, 22 Jul 2014 07:19:17 +0000 (09:19 +0200)]
stubdom: fix -Wextra usage in vtpm_emulator
If -Wextra is appended to CFLAGS it will enable all warnings. Previous
options such as -Wno-unused-parameters have no effect anymore. As a
result compilation will fail with gcc-4.3. Newer versions of gcc will
appearently remember -Wno-* options before -Wextra.
Rearrange warning options for gcc so that -Wextra comes before other -W
options. This fixes compilation of stubdom in SLES11.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Daniel De Graaf [Mon, 28 Apr 2014 23:29:10 +0000 (19:29 -0400)]
vtpmmgr: properly remove t_uint size dependency
Rather than using the internal MPI format for the Diffie-Hellman group,
whose representation depends on the size of the t_uint type, store the
value as a big-endian integer and use mpi_read_binary to convert it in
an architecture-independent manner. This patch also removes the
unnecessary range check on the exponent which ended up being different
between 32- and 64-bit code.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Daniel De Graaf [Thu, 24 Apr 2014 20:39:10 +0000 (16:39 -0400)]
vtpmmgr: fix 32-bit compilation
The internal MPI word size matches the word size of the platform rather
than using uint32_t/uint64_t, so constant MPI objects need to be
initialized with that in mind.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Daniel De Graaf [Mon, 21 Apr 2014 17:23:05 +0000 (13:23 -0400)]
vtpmmgr: use XSM label as vTPM kernel hash
Because there is not currently a method for the vTPM Manager to obtain a
build hash of a vTPM, use the hash of the vTPM's XSM label as a
substitute. This allows the vTPM Manager to distinguish between vTPMs
intended to be paired with a hardware domain kernel (which cannot use
pv-grub) and vTPMs which are paired with a pv-grub domain and therefore
contain reliable measurements of the guest kernel in PCRs 4 and 5.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Daniel De Graaf [Mon, 21 Apr 2014 17:23:04 +0000 (13:23 -0400)]
stubdom/grub: verify vTPM label if requested
This adds an optional argument --vtpm-label=<label> to the pv-grub
command line. If specified, a vtpm device must be connected to the
pv-grub domain and the backend of this device must have the given XSM
label (which may start with a * to indicate a wildcard). Verifying the
label of the vTPM before sending measurements prevents a disaggregated
control domain that has access to xenstore but not to the guest domains
from causing the measurements performed by pv-grub to be discarded,
allowing the forgery of arbitrary kernel measurements in the TPM.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Daniel De Graaf [Mon, 21 Apr 2014 17:23:03 +0000 (13:23 -0400)]
vtpm: add deep quote support
This allows the client of a vTPM to request a quote from the physical
TPM which includes PCRs from both the physical and virtual TPMs, signed
by an AIK from the physical TPM. This quote can be used to provide
evidence of the complete launch environment of a virtual machine.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Daniel De Graaf [Mon, 21 Apr 2014 17:23:02 +0000 (13:23 -0400)]
vtpm: add ordinal for obtaining an EK signature
For a vTPM to be useful for remote attestation, proof that the vTPM's EK
was generated and held within a secure vTPM implementation is necessary.
This patch adds an ordinal to the vTPM which will request a quote
providing this evidence from the TPM Manager; it only functions during
the first startup of a given vTPM in order to provide proof that the EK
was freshly generated (and not a key whose private part is available
elsewhere).
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Daniel De Graaf [Mon, 21 Apr 2014 17:23:01 +0000 (13:23 -0400)]
vtpm: passthru requests to manager
When sending commands to a vTPM, commands with the VTPM_TAG_REQ2 tag are
passed directly to the TPM Manager since they are used in the management
interface to the TPM Manager. The VTPM_TAG_REQ tag is translated to
TPM_TAG_RQU_COMMAND to allow access to the physical TPM for certain
ordinals (PCRRead, Extend, and GetRandom).
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Jason Andryuk [Mon, 21 Apr 2014 17:23:00 +0000 (13:23 -0400)]
vtpmmgr: Convert TPM_Seal to use TPM_PCR_INFO_LONG
Infineon 1.2 TPMs fail TPM_Seal commands with TPM_BAD_PARAMETER when
PCRS are specified by a TPM_PCR_INFO structure. Using a
TPM_PCR_INFO_LONG structure to specify PCRs succeeds, so update to use
that. This also requires changes to use TPM_STORED_DATA12 for the
result.
Signed-off-by: Jason Andryuk <andryuk@aero.org> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Daniel De Graaf [Mon, 21 Apr 2014 17:22:57 +0000 (13:22 -0400)]
vtpmmgr: add TPM group support
This is a complete rewrite of the disk format and key hierarchy for the
TPM Manager. The new format supports multiple groups of vTPMs which
define the permitted configurations where a given vTPM's keys are
available, allowing upgrades of critical components while retaining the
secrecy of cryptographic keys.
New features of the TPM Manager are explained in the README and in the
definitions of the management commands in vtpm_manager.h.
New features for vTPMs:
1. The size of the state blob for a vTPM is expanded from 52 to 64
bytes in order to support future vTPMs using SHA-2/3 instead of SHA-1.
2. vTPMs can obtain a quote from the physical TPM with certain
resettable PCRs set to include information about the vTPM. This can be
used by a vTPM to provide evidence of its integrity, including the
secrecy of its EK, and for deep quotes.
Some additional changes made by this rewrite that may impact existing
users:
1. The value of WELLKNOWN_OWNER_AUTH was incorrect for the physical TPM;
the convention is to use all zero bits for well-known authentication
values, not all one bits.
2. Randomly generating the owner auth value for the physical TPM is no
longer supported, as it prevents later creation or certification of
AIKs (which the old manager did not support).
3. The vTPM Manager needs to be provisioned with a PCR composite and an
upgrade authority's public key before it will save data across boots.
The current implementation still has some limitations:
* 5 valid system PCR selections per group
* The vTPM Manager's disk can use at most 2MB of space
* The vTPM domain's build hash is always set to null/zero
Most of the code relating to upgrade and rollback protection is
currently stubbed out, but future versions can add:
* Support for using the TPM's monotonic counter to prevent rollback
of vTPM data by taking and restoring disk snapshots
* Masking the master disk encryption key using a value stored in the
TPM's NVRAM so that revocation of old data is possible without
relying on all previously authorized software stacks to respect the
monotonic counter's value
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Matthew Daley [Sat, 29 Mar 2014 05:08:08 +0000 (18:08 +1300)]
pv-grub: correct sizeof usage
We were lucky that sizeof(frame) >= sizeof(*frame) anyway.
Signed-off-by: Matthew Daley <mattd@bugfuzz.com> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Samuel Thibault [Fri, 21 Mar 2014 01:56:56 +0000 (02:56 +0100)]
PV-GRUB: fix blk access at end of disk
GRUB usually always loads a whole disk track, even if that means going
beyond the end of the disk. We thus have to gracefully return an error,
instead of letting the blkfront go panic.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Mon, 9 Sep 2013 13:52:35 +0000 (14:52 +0100)]
configure: Regenerate with autoconf 2.69
This is the version from Debian Wheezy which is what both Ian Jackson and
myself run on our workstations. As committers it is useful to minimise
regeneration noise.
This is purely a run of autogen.sh. I have not tried to build the result.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Tested-by: Ian Jackson <ian.jackson@citrix.com>
Ian Campbell [Tue, 6 Aug 2013 10:32:32 +0000 (11:32 +0100)]
tools: Make qemu-xen-traditional build optional.
Now that we have upstream qemu people may want to avoid building this extra
code.
There is a little bit of trickery in stubdom/configure.ac to ensure that the
ioemu stubdom is only built if qemu-traditional is enabled.
libxl will return an error if a caller tries to build a domain using
qemu-xen-traditional when this support was disabled at build time. Since
qemu-xen-traditional has been historically tightly bound to the Xen releases I
don't see any value in supporting "3rd party" provision of
qemu-xen-traditional.
We also do not want/need this on ARM therefore default is on for x86 and off
otherwise.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
[ ijc -- trivial conflicts in Tools.mk.in and tools/configure.ac.
Reran autogen.sh ]
Samuel Thibault [Mon, 29 Jul 2013 09:18:10 +0000 (11:18 +0200)]
stubdom: Fix stubdom undeclared function build warnings
This includes a few headers to fix some missing function declarations.
../grub-upstream/stage2/builtins.c:1728:3: warning: implicit declaration of function ‘do_exit’ [-Wimplicit-function-declaration]
stubdom/include/xen/libelf/libelf.h:453:5: warning: implicit declaration of function ‘memcpy’ [-Wimplicit-function-declaration]
Reported-by: IAN DELANEY <della5@iinet.com.au> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Christoph Egger [Mon, 13 May 2013 08:24:31 +0000 (10:24 +0200)]
stubdom: Make stubdom buildsystem consistent with tools buildsystem
Use FETCHER for stubdom, too. This makes stubdom buildsystem
more consistent with tools buildsystem.
Fixes toplevel configure failure if wget is not found
independent if we are going to build stubdom or not.
Signed-off-by: Christoph Egger <chegger@amazon.de> Reviewed-by: Matt Wilson <msw@amazon.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Daniel Kiper [Tue, 7 May 2013 11:51:48 +0000 (13:51 +0200)]
Remove traces of IA-64 architecture support
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Daniel Kiper [Tue, 7 May 2013 11:51:44 +0000 (13:51 +0200)]
stubdom/vtpm: Silently ignore rm errors during make clean
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Add decompressors based on hypervisor code. This are used in mini-os by
pv-grub.
This enables pv-grub to boot kernels compressed with e.g. xz, which are
becoming more common.
Signed-off-by: Bastian Blank <waldi@debian.org>
Adjusted to use terminology "unsafe" rather than "trusted" to indicate
that the user had better sanitise the data (or not care, as in stub
domains) as suggested by Tim Deegan. This was effectively a sed script.
Minimise the changes to hypervisor code by moving the "compat layer" into the
relevant libxc source files (which include the Xen ones).
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Daniel De Graaf [Thu, 21 Mar 2013 20:11:28 +0000 (16:11 -0400)]
stubdom/grub: send kernel measurements to vTPM
This allows a domU with an arbitrary kernel and initrd to take advantage
of the static root of trust provided by a vTPM.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
Daniel De Graaf [Thu, 21 Mar 2013 20:11:25 +0000 (16:11 -0400)]
stubdom/vtpm: make state save operation atomic
This changes the save format of the vtpm stubdom to include two copies
of the saved data: one active, and one inactive. When saving the state,
data is written to the inactive slot before updating the key and hash
saved with the TPM Manager, which determines the active slot when the
vTPM starts up.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Daniel De Graaf [Thu, 21 Mar 2013 20:11:24 +0000 (16:11 -0400)]
stubdom/vtpm: Support locality field
The vTPM protocol now contains a field allowing the locality of a
command to be specified; pass this to the TPM when processing a packet.
While the locality is not currently checked for validity, a binding
between locality and some distinguishing feature of the client domain
(such as the XSM label) will need to be defined in order to properly
support a multi-client vTPM.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
Daniel De Graaf [Thu, 21 Mar 2013 20:11:23 +0000 (16:11 -0400)]
stubdom/vtpm: correct the buffer size returned by TPM_CAP_PROP_INPUT_BUFFER
The vtpm2 ABI supports packets of up to 4088 bytes by default; expose
this property though the TPM's interface so clients do not attempt to
send larger packets.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Daniel De Graaf [Thu, 21 Mar 2013 20:11:21 +0000 (16:11 -0400)]
mini-os/tpmback: Replace UUID field with opaque pointer
Instead of only recording the UUID field, which may not be of interest
to all tpmback implementations, provide a user-settable opaque pointer
associated with the tpmback instance.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Daniel De Graaf [Thu, 21 Mar 2013 20:11:20 +0000 (16:11 -0400)]
mini-os/tpmback: set up callbacks before enumeration
The open/close callbacks in tpmback cannot be properly initalized in
order to catch the initial enumeration events because init_tpmback
clears the callbacks and then asynchronously starts the enumeration of
existing tpmback devices. Fix this by passing the callbacks to
init_tpmback so they can be installed before enumeration.
This also removes the unused callbacks for suspend and resume.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Ian Campbell [Tue, 5 Feb 2013 16:19:53 +0000 (16:19 +0000)]
tools+stubdom: install under /usr/local by default.
Now that the hotplug scripts have been fixed to remove hardcoded paths lets
try this again. From 26470:acaf29203cf9:
This is the defacto (or FHS mandated?) standard location for software
built from source, in order to avoid clashing with packaged software
which is installed under /usr/bin etc.
I think there is benefit in having Xen's install behave more like the
majority of other OSS software out there.
The major downside here is in the transition from 4.2 to 4.3 where
people who have built from source will innevitably discover breakage
because 4.3 no longer overwrites stuff in /usr like it used to so they
pickup old stale bits from /usr instead of new stuff from /usr/local.
Packages will use ./configure --prefix=/usr or whatever helper macro
their package manager gives them. I have confirmed that doing this
results in the same list of installed files as before this patch was
applied.
The hypervisor remains in /boot/ and there is no intention to move it.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Roger Pau Monné <roger.pau@citrix.com>
Daniel De Graaf [Thu, 21 Mar 2013 20:11:29 +0000 (16:11 -0400)]
stubdom/Makefile: Fix gmp extract rule
When NEWLIB_STAMPFILE is updated but gmp has already been extracted, the mv
command will incorrectly create a subdirectory instead of renaming. Remove the
old target before renaming to fix this.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Andrei Lifchits [Wed, 20 Feb 2013 16:54:03 +0000 (16:54 +0000)]
build: Fix distclean when repo location changes
If the path to xen-unstable.hg changes (i.e. you move the repo), the symlinks
inside xen-unstable.hg/stubdom/libxc-x86_[32|64]/ all become broken, which
breaks distclean because make attempts to clean inside those first and fails to
find Makefile (which is also a symlink).
Signed-off-by: Andrei Lifchits <andrei.lifchits@citrix.com>
Ian Campbell [Mon, 28 Jan 2013 16:48:19 +0000 (16:48 +0000)]
tools: revert to installing in /usr
26470:acaf29203cf9 missed a bunch of hardcoded paths, e.g. in the
initscripts. I think at this juncture it is appropriate to revert
this change and try again after some more testing.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Roger Pau Monné <roger.pau@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Fri, 25 Jan 2013 15:04:11 +0000 (15:04 +0000)]
stubdom: Install xenstore stubdom in $(XENFIRMWAREDIR)
Removes hardcoded /usr prefix.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Committed-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Fri, 25 Jan 2013 15:04:09 +0000 (15:04 +0000)]
build: cleanup configure detritus at toplevel and stubdom
These files were left over after
$ git clean -f -dx
$ ./configure
$ make distclean
and picked up by a subsequent.
$ git clean -f -dx
Ensure that these files are also correctly ignored.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Roger Pau Monné <roger.pau@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Thu, 24 Jan 2013 12:47:55 +0000 (12:47 +0000)]
vtpm/vtpmmgr: Use libpolarssl.a instead of hardcoding own list of .o files
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> Committed-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Thu, 24 Jan 2013 12:47:54 +0000 (12:47 +0000)]
tools+stubdom: install under /usr/local by default.
This is the defacto (or FHS mandated?) standard location for software
built from source, in order to avoid clashing with packaged software
which is installed under /usr/bin etc.
I think there is benefit in having Xen's install behave more like the
majority of other OSS software out there.
The major downside here is in the transition from 4.2 to 4.3 where
people who have built from source will innevitably discover breakage
because 4.3 no longer overwrites stuff in /usr like it used to so they
pickup old stale bits from /usr instead of new stuff from /usr/local.
Packages will use ./configure --prefix=/usr or whatever helper macro
their package manager gives them. I have confirmed that doing this
results in the same list of installed files as before this patch was
applied.
The hypervisor remains in /boot/ and there is no intention to move it.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Matt Wilson <msw@amazon.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Mon, 21 Jan 2013 16:04:56 +0000 (16:04 +0000)]
vtpmmgr: fix build on 32-bit
Correct format string, fixing:
vtpm_storage.c: In function 'vtpm_storage_load_header': vtpm_storage.c:658: error: format '%ld' expects type 'long int', but argument 5 has type 'unsigned int'
vtpm_storage.c:658: error: format '%ld' expects type 'long int', but argument 5 has type 'unsigned int' make[2]: *** [vtpm_storage.o] Error 1
Add padlock.o to PSSL_OBJS, fixing:
/local/scratch/ianc/devel/xen-unstable.git/stubdom/mini-os-x86_32-vtpmmgr/mini-os.o: In function `aes_crypt_ecb': /local/scratch/ianc/devel/xen-unstable.git/stubdom/polarssl-x86_32/library/aes.c:659: undefined reference to `padlock_supports'
/local/scratch/ianc/devel/xen-unstable.git/stubdom/polarssl-x86_32/library/aes.c:661: undefined reference to `padlock_xcryptecb' /local/scratch/ianc/devel/xen-unstable.git/stubdom/mini-os-x86_32-vtpmmgr/mini-os.o: In function `aes_crypt_cbc': /local/scratch/ianc/devel/xen-unstable.git/stubdom/polarssl-x86_32/library/aes.c:771: undefined reference to `padlock_supports'
/local/scratch/ianc/devel/xen-unstable.git/stubdom/polarssl-x86_32/library/aes.c:773: undefined reference to `padlock_xcryptcbc'
make[1]: ***
[/local/scratch/ianc/devel/xen-unstable.git/stubdom/mini-os-x86_32-vtpmmgr/mini-os]
Error 1
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
[ ijc -- applied same fix to stubdom/vtpm/Makefile ] Committed-by: Ian Campbell <ian.campbell@citrix.com>
Stub domains now use autoconf to build.
This configure script can enable or disable specific domains
and also specify custom download locations for stubdom library
packages. See ./configure --help for details.
C and Caml are disabled by default. vtpm-stubdom is conditional
on the presense of cmake.
Rename vtpmmgrdom to vtpmmgr-stubdom
Also update .*ignore
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
vtpm/vtpmmgr and required libs to stubdom/Makefile
Add 3 new libraries to stubdom:
libgmp
polarssl
Berlios TPM Emulator 0.7.4
Add makefile structure for vtpm and vtpmmgrdom. Both
vtpm domains are optional builds as vtpm depends on
cmake. To build either of them, you must do so explicitly.
make vtpm-stubdom vtpmmgrdom
Finally, also update .*ignore
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ijc, folded in fix from Matthew to workaround cmake 2.8.2 build failure] Committed-by: Ian Campbell <ian.campbell@citrix.com>
Add the code base for vtpmmgrdom. Makefile changes
next patch.
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
Add the code base for vtpm-stubdom to the stubdom
heirarchy. Makefile changes in later patch.
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
Ian Jackson [Fri, 26 Oct 2012 15:09:29 +0000 (16:09 +0100)]
libxc: builder: limit maximum size of kernel/ramdisk.
Allowing user supplied kernels of arbitrary sizes, especially during
decompression, can swallow up dom0 memory leading to either virtual
address space exhaustion in the builder process or allocation
failures/OOM killing of both toolstack and unrelated processes.
We disable these checks when building in a stub domain for pvgrub
since this uses the guest's own memory and is isolated.
Decompression of gzip compressed kernels and ramdisks has been safe
since 14954:58205257517d (Xen 3.1.0 onwards).
This is XSA-25 / CVE-2012-4544.
Also make explicit checks for buffer overflows in various
decompression routines. These were already ruled out due to other
properties of the code but check them as a belt-and-braces measure.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Campbell [Thu, 25 Oct 2012 16:04:37 +0000 (17:04 +0100)]
xl: Do not leak events when a domain exits.
The goto in both of these places misses the event free which would
normally clean up.
==8655== 80 bytes in 1 blocks are definitely lost in loss record 1 of 1
==8655== at 0x4024370: calloc (vg_replace_malloc.c:593)
==8655== by 0x406EAAE: libxl__zalloc (libxl_internal.c:83)
==8655== by 0x4078173: libxl__event_new (libxl_event.c:1167)
==8655== by 0x4056373: domain_death_occurred (libxl.c:958)
==8655== by 0x4058D06: domain_death_xswatch_callback (libxl.c:1038)
==8655== by 0x4078EB5: watchfd_callback (libxl_event.c:458)
==8655== by 0x407839E: afterpoll_internal (libxl_event.c:949)
==8655== by 0x4079142: eventloop_iteration (libxl_event.c:1371)
==8655== by 0x40799BB: libxl_event_wait (libxl_event.c:1396)
==8655== by 0x805CC67: create_domain (xl_cmdimpl.c:1698)
==8655== by 0x805E001: main_create (xl_cmdimpl.c:3986)
==8655== by 0x804D43D: main (xl.c:285)
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
projects / people / liuw / stubdom.git / log