Keir Fraser [Thu, 15 May 2008 08:55:53 +0000 (09:55 +0100)]
x86: Fix an S3 bug caused by x_firmware_waking_vector
According to ACPI spec., x_firmware_waking_vector in FACS is for
waking up in protected mode and firmware_waking_vector is for in real
mode. Xen once use x_firmware_waking_vector which can make S3 failed
on some platform. This patch fixed the bug by using non-x one.
Keir Fraser [Thu, 15 May 2008 08:53:32 +0000 (09:53 +0100)]
ioemu: Fix PVFB backend to limit frame buffer size
The recent fix to validate the frontend's frame buffer description
neglected to limit the frame buffer size correctly. This lets a
malicious frontend make the backend attempt to map an arbitrary amount
of guest memory, which could be useful for a denial of service attack
against dom0.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
xen-unstable changeset: 17643:9044705960cb30cec385bdca7305bcf7db096721
xen-unstable date: Thu May 15 09:36:38 2008 +0100
Keir Fraser [Thu, 15 May 2008 08:47:41 +0000 (09:47 +0100)]
xend: fix block protocol mismatch on save/restore
The protocol field of the blkif interface is correct at startup for a
guest of a different mode from dom0 (eg. 32-bit dom0, 64-bit guest).
However, this property is not persisted on save, so a later restore
(or migrate) will setup the block interface with the wrong mode.
Signed-off-by: Herbert van den Bergh <herbert.van.den.bergh@oracle.com> Signed-off-by: Kurt Hackel <kurt.hackel@oracle.com>
xen-unstable changeset: 17635:049459aec2b10628a8b7474d43a89e2a89b29405
xen-unstable date: Wed May 14 09:19:05 2008 +0100
Keir Fraser [Thu, 15 May 2008 08:47:08 +0000 (09:47 +0100)]
qemu: Fix shift-insert behavior
This patch is related to Changeset 15635:7bdc9f6407d3
<http://xenbits.xensource.com/staging/xen-unstable.hg?rev/7bdc9f6407d3>
[PVFB] Fix shift key for graphical vnc display.
With above patch, if a user presses shift-insert, qemu sends shift
down, shift up, insert down and then another shift key down (see trace
below). This makes it impossible to do shift insert pasting or use
guest hot shifted-Fkeys.
Shift Insert trace:
do_key_event():1135 keycode:2a shift down
kbd_put_keycode():539 keycode:2a send shift down
do_key_event():1135 keycode:d2 insert down
kbd_put_keycode():539 keycode:aa send shift up
kbd_put_keycode():539 keycode:e0 send insert down
kbd_put_keycode():539 keycode:52
do_key_event():1135 keycode:d2 insert up
kbd_put_keycode():539 keycode:e0 send insert up
kbd_put_keycode():539 keycode:d2
kbd_put_keycode():539 keycode:2a send shift down
do_key_event():1135 keycode:2a shift up
kbd_put_keycode():539 keycode:aa send shift up
This patch adds a check for the keycode being shiftable, something
other than a keypad key, f1-12 , insert, del , etc. before allowing
the press_shift_up() operation.
Signed-off-by: Pat Campbell <plc@novell.com>
xen-unstable changeset: 17634:feec00994a0b06ec093a4a4779484810a138eef2
xen-unstable date: Wed May 14 09:16:40 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:54:31 +0000 (15:54 +0100)]
SVM: clean up __get_instruction_length_from_list()
Remove unused arguments, fix its behaviour near page boundaries,
inject appropriate pagefaults, and inject #GP if the instruction is
not decodable or %eip is not pointing to valid RAM.
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com> Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17575:01aa7c088e983cd54b61faeb3ff533581714a26f
xen-unstable date: Tue May 06 13:32:18 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:34:33 +0000 (15:34 +0100)]
ioemu: Fix PVFB backend to validate frontend's frame buffer
description
A buggy or malicious frontend can describe its shared framebuffer to
the backend in a way that makes the backend map an arbitrary amount of
guest memory, malloc an arbitrarily large internal buffer, copy
arbitrary memory to that buffer, even beyond its end. A domU running
a malicious frontend can abuse the former two for denial of service
attacks against dom0. It can abuse the third to write arbitrary
backend memory. It can abuse all three to terminate or crash the
backend. Arbitrary code execution looks quite feasible.
From: Markus Armbruster <armbru@redhat.com> Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17630:53195719f7621110dab7a97a2bca292b73baa715
xen-unstable date: Tue May 13 15:08:17 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:19:47 +0000 (15:19 +0100)]
ioemu: fix disk format security vulnerability
* make the xenstore reader in qemu-dm's startup determine which
of qemu's block drivers to use according to the xenstore
backend `type' field. This `type' field typically comes from
the front of the drive mapping string in ioemu. The
supported cases are:
xm config file string `type' image format qemu driver
phy:[/dev/]<device> phy raw image bdrv_raw
file:<filename> file raw image bdrv_raw
tap:aio:<filename> tap raw image bdrv_raw
tap:qcow:<image> tap not raw autoprobe
tap:<cow-fmt>:<image> tap named format bdrv_<cow-fmt>
It is still necessary to autoprobe when the image is specified as
`tap:qcow:<image>', because qemu distinguishes `qcow' and `qcow2'
whereas blktap doesn't; `qcow' in xenstore typically means what
qemu calls qcow2. This is OK because qemu can safely distinguish
the different cow formats provided we know it's not a raw image.
* Make the format autoprobing machinery never return `raw'. This has
two purposes: firstly, it arranges that the `tap:qcow:...' case
above can be handled without accidentally falling back to raw
format. Secondly it prevents accidents in case the code changes in
future: autoprobing will now always fail on supposed cow files which
actually contain junk, rather than giving the guest access to the
underlying file.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
xen-unstable changeset: 17606:e3be00bd6aa963aca563692c271af762f9380ba0
xen-unstable date: Mon May 12 10:09:12 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:16:59 +0000 (15:16 +0100)]
xend: Fix and improve error handling for failed suspend/migrate
This has been broken since cset 16964:5d84464dc1fc
Also deal better with very early errors (close sender side socket)
Signed-off-by: Steven Hand <steven.hand@cl.cam.ac.uk>
xen-unstable changeset: 17601:c99a88623eda83d8e02f4b6d7c32bc4c6d298d8a
xen-unstable date: Thu May 08 14:33:31 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:15:02 +0000 (15:15 +0100)]
x86 hvm: Warn only once per time source when the periodic tiemout is
set 'too small'. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17579:cc953475ab149a61defff06de237295a7feb882d
xen-unstable date: Tue May 06 16:20:54 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:14:34 +0000 (15:14 +0100)]
x86 hvm: Support interrupt delivery for PIT channel 0 when in modes 3 and 4. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17578:a95c2e36d6fda747279123ab13bfaf40c4041337
xen-unstable date: Tue May 06 16:20:24 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:12:54 +0000 (15:12 +0100)]
x86, hvm: stdvga cache always on
currently the hypervisor vga cache (stdvga.c) enables itself only in
graphical mode and in the a0000h-affffh range. However there is no
reason for this: it already allocates enought memory to map the whole
vram. I am attaching a patch that implements the bank switching
mechanism in stdvga.c, allowing the cache to be always enabled when
the emulated graphic card is in VGA mode.
Keir Fraser [Tue, 13 May 2008 14:11:11 +0000 (15:11 +0100)]
libxc foreign address translation bug
In the xc_translate_foreign_address function from libxc, there is a
check on the page directory entry to see if the page is 4K or 4M.
However, the check is looking at bit 3, when it should be looking at
bit 7. This patch fixes the problem.
Signed-off-by: Bryan D. Payne <bryan@thepaynes.cc>
xen-unstable changeset: 17558:a353dd2ab9445036351c5da5c14555b82bc85ae6
xen-unstable date: Fri May 02 13:46:16 2008 +0100
Keir Fraser [Thu, 1 May 2008 09:17:39 +0000 (10:17 +0100)]
xenstored: Fix xenstored abort when connection dropped.
If a connection is dropped with pending input and output data then the
connection will be dereferenced by both handle_input and handle_output
resulting in a double free when the main loop dereferences the
connection.
Fix this issue by taking/releasing a reference over the calls to
handle_input and handle_output separately and checking the result of
talloc_free to see if the connection went away.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
xen-unstable changeset: 17532:5e5bc5b2bb6d4d71c0de97c15448f2f991f4271d
xen-unstable date: Thu May 01 10:00:00 2008 +0100
Keir Fraser [Thu, 1 May 2008 09:17:10 +0000 (10:17 +0100)]
x86 time: Read platform time before locally-extrapolated time during
calibration and frequency changes. This places the variable delay
(acquiring the platform_timer_lock) safely as the very first thing we
do, avoiding a variable delay /between/ computing the two timestamps.
Problem diagnosed by Dave Winchell <dwinchell@virtualiron.com>
1. We cannot rely on BSF/BSR leaving the destination register intact
if the source is zero (according to Intel manuals)
2. We race clear_bit() in find_first_bit(), which may occur after
SCAS but before BSF. So we must handle zero input to BSF.
Cache figlet output across builds, and provide src-tarball target
which creates figlet output and then deletes figlet itself (which is
not licensed under GPL).
x86/64 compat: Replace hypervisor BUG_ON() with a cleaner hypercall failure.
While trying to run a 32-bit PV domU on a 64-bit hypervisor, I
triggered an assert in the hypervisor. The assert dealt with the
maximum number of grants that a domU can have. I made the hypervisor
a bit more graceful by returning an error rather than asserting.
libxc: Move xg_memalign() into a proper source file, so that it
definitely does not leak out of tools/libxc. Return to the
ioemu/osdep.c way of checking for posix_memalign() as this works on
Solaris.
save/restore: Use page-aligned allocations for hypercall args that are
mlock()ed across other hypercall invocations, to avoid aliasing with
other hypercall arguments, causing spurious unlocking.
ioemu: Fix rtl8139 emulation so that reboot works correctly in 64-bit
Windows VMs. Return an error if the guest OS tries to transmit a
packet with the transmitter disabled, so that it doesn't spin forever
waiting for it to complete.
Signed-off-by: Steven Smith <Steven.Smith@eu.citrix.com>
xen-unstable changeset: 17420:40c0dda6eae68ec1bbd3bfd3e812d8b9e34051a0
xen-unstable date: Wed Apr 09 16:03:40 2008 +0100
- replaced VMX with HVM
- added AMD as a vendor of HVM capable processors
- removed LibVNCServer as a requirement for HVM builds
- fixed name of HVM example file
- changed default value of acpi, apic and pae options
- added hap option
- removed reference to cdrom option and integrated it into "disk"
- improved examples for disk option
- replaced vncviewer option with vncconsole
- removed obsolete ne2000 option
- replaced enable-audio with soundhw
- fixed dd usage for creating sparse files (count=0)
- remove acpi=0 hint for Windows guests
- removed reference to (obsolete?) -f option for xm create
- made shutdown advice less Linux centric
- removed comment about save/restore and migration not yet ready
Keir Fraser [Mon, 31 Mar 2008 17:08:17 +0000 (18:08 +0100)]
Constrain the checks for GCC/ANSI to just those header files that
require it. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17327:da9bd2e81288225c8836e8083430ebcadf696f98
xen-unstable date: Mon Mar 31 18:05:18 2008 +0100
Keir Fraser [Mon, 31 Mar 2008 16:48:44 +0000 (17:48 +0100)]
Revert all usages of gcc's __extension__ keyword, and instead assert
that our headers are not built with __GNUC__ and __STRICT_ANSI__.
__extension__ had some weird (and buggy) behaviours when nested which
make it a risky proposition for general usage in our header
files. Better to disallow -ansi, -std=c99, and similar gcc options
when building against Xen headers.
[Qemu-devel] [PATCH] qcow2: release refcount table clusters of the old
table, after growing the refcount table
http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00043.html
Signed-off-by: Kevin Wolf <kwolf@suse.de>
xen-unstable changeset: 17312:892a20f824a7aa5c5ed57ce80fc61f1dffd4b4d2
xen-unstable date: Thu Mar 27 17:14:41 2008 +0000
Keir Fraser [Thu, 27 Mar 2008 11:06:15 +0000 (11:06 +0000)]
x86, vmx: HVM guests are allowed to modify CR2, and the written value
should be remembered by Xen. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17306:a294519d97d2fc59ec286b9c4e9988776166053e
xen-unstable date: Thu Mar 27 11:03:45 2008 +0000
Keir Fraser [Tue, 25 Mar 2008 10:37:17 +0000 (10:37 +0000)]
pv-on-hvm: Fix up linux code after hypercall-type-checking changes. Signed-off-by: Jan Beulich <jbeulich@novell.com>
xen-unstable changeset: 16862:1c826ea72a8018bb29c50958a541764c356a3f51
xen-unstable date: Wed Jan 23 15:42:52 2008 +0000
Keir Fraser [Thu, 20 Mar 2008 12:14:53 +0000 (12:14 +0000)]
x86_emulate: Return X86EMUL_UNHANDLEABLE if mode_iopl() or
mode_ring0() checks cannot be carried out.
Also fix handling of EFLAGS.IF in iret and popf. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17251:f45aa9a14db425d1f726fb1368a8932263de68da
xen-unstable date: Wed Mar 19 14:06:18 2008 +0000
Keir Fraser [Thu, 20 Mar 2008 12:11:48 +0000 (12:11 +0000)]
x86: fix feature availability for PV guests
PV guests should not be allowed to believe features not currently
virtualized (in many cases, requiring special MSRs) are available. Of
course it is bad enough that to work on older hypervisors guests will
still need to special case this, but better fix it now than never.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
xen-unstable changeset: 17238:4b157affc08f75cb0e2d69954357cfb1630e798c
xen-unstable date: Tue Mar 18 16:05:24 2008 +0000
Keir Fraser [Thu, 20 Mar 2008 12:11:08 +0000 (12:11 +0000)]
svm: Reported SS.DPL must equal CPL, as this is assumed by generic HVM
code despite the fact that AMD processors do not always maintain this
invariant.
Based on a bug report and proposed patch by Ben Guthro and Robert
Phillips of Virtual Iron.
Keir Fraser [Thu, 20 Mar 2008 12:10:20 +0000 (12:10 +0000)]
domain_shutdown() needs to vcpu_pause_nosync() rather than directly
incrementing the pause_count field. The latter ensures that the VCPU
gets descheduled --- synchronously in the case of the
currently-running VCPU.
Based on a bug report and proposed patch by Ben Guthro and Robert
Phillips of Virtual Iron.
Keir Fraser [Thu, 20 Mar 2008 12:09:40 +0000 (12:09 +0000)]
Xend forgets to write the domain's VDI UUID into the domain state file
once the domain is started (before it's there). Once xend is restarted
it will not know the association between the VBD and VDI anymore due
to the missing UUID. This patch fixes this.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
xen-unstable changeset: 17230:5cbfc6c24d3201ec93b722bc91350be38991c177
xen-unstable date: Tue Mar 18 13:14:26 2008 +0000
Keir Fraser [Thu, 20 Mar 2008 12:06:32 +0000 (12:06 +0000)]
x86: Reserve 32 bits for each of acpiid and apicid in new phys_id vcpu hypercall. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17193:f33328217eee1a66bf2a874ff1a42b62c21e42bc
xen-unstable date: Mon Mar 10 22:51:57 2008 +0000
Keir Fraser [Mon, 17 Mar 2008 11:40:53 +0000 (11:40 +0000)]
SVM: handle page faults in emulated instruction fetches
Deal with failures in hvm_copy_from_guest_virt when fetching
instructions in the various SVM emulation paths. Since we know that
the instruction was fetchable by the hardware, we can usually just
return from the VMEXIT and try again; whatever caused us to fail will
cause the hardware to fail next time and we'll get the correct exit
code.
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
xen-unstable changeset: 17202:8325f200e19414d998b7625f2e3cf786a6d3d3a3
xen-unstable date: Mon Mar 17 11:39:50 2008 +0000
projects / people / vhanquez / xen.git / log