Apply patches for XSA-128 to XSA-140 from upstream

do a patch refresh in xentools42

rather than split the patches for pass-through.c over 5 files, delete
xentools42/patches/patch-CVE-2015-2756 and assemble all in
xentools42/patches/patch-qemu-xen-traditional_hw_pass-through.c
This commit is contained in:
spz 2015-08-23 16:17:12 +00:00
parent 0c025a10fe
commit fcf436606c
61 changed files with 2036 additions and 340 deletions

View file

@ -1,9 +1,9 @@
# $NetBSD: Makefile,v 1.16 2015/06/05 18:18:41 khorben Exp $
# $NetBSD: Makefile,v 1.17 2015/08/23 16:17:12 spz Exp $
VERSION= 4.2.5
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel42-${VERSION}
PKGREVISION= 7
PKGREVISION= 8
CATEGORIES= sysutils
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/

View file

@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.14 2015/06/05 18:18:41 khorben Exp $
$NetBSD: distinfo,v 1.15 2015/08/23 16:17:12 spz Exp $
SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a
RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19
@ -13,7 +13,10 @@ SHA1 (patch-CVE-2015-2045) = f70839fabd4ef9086c8fb808e4f3448a8e844c98
SHA1 (patch-CVE-2015-2151) = df05750b86331b88102b41f065c314c38c6bc396
SHA1 (patch-CVE-2015-2752) = 62547b55385aaf54af23270939fe086b996d5744
SHA1 (patch-CVE-2015-2756) = cb1be46c28e6f88c13fc0d26ff0606bdb877283c
SHA1 (patch-CVE-2015-3340) = 9ff5e766c9e5e3358d8a896f805babc8fb9a41c4
SHA1 (patch-CVE-2015-3456) = 8d54d33b81ef77056aa6f58ab123912948454020
SHA1 (patch-CVE-2015-4163) = d8c9b95026c2316bfb57f644937fdb924902a3bf
SHA1 (patch-CVE-2015-4164) = 9f9add821c4a13308fa4bfa1becd1b0d8fda6177
SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a
SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2

View file

@ -0,0 +1,29 @@
$NetBSD: patch-CVE-2015-3340,v 1.1 2015/08/23 16:17:12 spz Exp $
patch for CVE-2015-3340 aka XSA-132 from
http://xenbits.xen.org/xsa/xsa132-4.2.patch
--- xen/arch/x86/domctl.c.orig 2014-09-02 06:22:57.000000000 +0000
+++ xen/arch/x86/domctl.c
@@ -1193,7 +1198,7 @@ long arch_do_domctl(
case XEN_DOMCTL_gettscinfo:
{
struct domain *d;
- xen_guest_tsc_info_t info;
+ xen_guest_tsc_info_t info = { 0 };
ret = -ESRCH;
d = rcu_lock_domain_by_id(domctl->domain);
$NetBSD: patch-CVE-2015-3340,v 1.1 2015/08/23 16:17:12 spz Exp $
--- xen/common/sysctl.c.orig 2014-09-02 06:22:57.000000000 +0000
+++ xen/common/sysctl.c
@@ -95,7 +95,7 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysc
case XEN_SYSCTL_getdomaininfolist:
{
struct domain *d;
- struct xen_domctl_getdomaininfo info;
+ struct xen_domctl_getdomaininfo info = { 0 };
u32 num_domains = 0;
rcu_read_lock(&domlist_read_lock);

View file

@ -0,0 +1,17 @@
$NetBSD: patch-CVE-2015-4163,v 1.1 2015/08/23 16:17:12 spz Exp $
patch for CVE-2015-4163 aka XSA-134 from
http://xenbits.xen.org/xsa/xsa134.patch
--- xen/common/grant_table.c.orig 2014-09-02 06:22:57.000000000 +0000
+++ xen/common/grant_table.c
@@ -2372,6 +2372,9 @@ __gnttab_swap_grant_ref(grant_ref_t ref_
spin_lock(&gt->lock);
+ if ( gt->gt_version == 0 )
+ PIN_FAIL(out, GNTST_general_error, "grant table not yet set up\n");
+
/* Bounds check on the grant refs */
if ( unlikely(ref_a >= nr_grant_entries(d->grant_table)))
PIN_FAIL(out, GNTST_bad_gntref, "Bad ref-a (%d).\n", ref_a);

View file

@ -0,0 +1,16 @@
$NetBSD: patch-CVE-2015-4164,v 1.1 2015/08/23 16:17:12 spz Exp $
patch for CVE-2015-4164 aka XSA-136 from
http://xenbits.xen.org/xsa/xsa136.patch
--- xen/arch/x86/x86_64/compat/traps.c.orig 2014-09-02 06:22:57.000000000 +0000
+++ xen/arch/x86/x86_64/compat/traps.c
@@ -114,7 +114,7 @@ unsigned int compat_iret(void)
}
else if ( ksp > regs->_esp )
{
- for (i = 9; i > 0; ++i)
+ for ( i = 9; i > 0; --i )
{
rc |= __get_user(x, (u32 *)regs->rsp + i);
rc |= __put_user(x, (u32 *)(unsigned long)ksp + i);

View file

@ -1,11 +1,11 @@
# $NetBSD: Makefile,v 1.34 2015/08/18 07:31:18 wiz Exp $
# $NetBSD: Makefile,v 1.35 2015/08/23 16:17:12 spz Exp $
VERSION= 4.2.5
VERSION_IPXE= 1.0.0
DISTNAME= xen-${VERSION}
PKGNAME= xentools42-${VERSION}
PKGREVISION= 11
PKGREVISION= 12
CATEGORIES= sysutils
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/

View file

@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.18 2015/06/11 17:43:21 bouyer Exp $
$NetBSD: distinfo,v 1.19 2015/08/23 16:17:12 spz Exp $
SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485
RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547
@ -25,54 +25,58 @@ SHA1 (patch-.._docs_man_xlcpupool.cfg.pod.5) = a693a79a1f1c16548f62f7da1fa58fa28
SHA1 (patch-.._docs_man_xm.pod.1) = 975b7570da4bf9fd9cb79539fbd36b8dfbcbd571
SHA1 (patch-.._docs_man_xmdomain.cfg.pod.5) = 5563a72e203e789a86f4166c71ddb3fcff5215c6
SHA1 (patch-CVE-2015-2152) = 676339abef9e79595f6c40de31ca740f8284c7a2
SHA1 (patch-CVE-2015-2752) = fdc83a758c34581d91586f24815952a4b7145af7
SHA1 (patch-CVE-2015-2756) = 73223969ce65688e9226c485f0f444c69ee23bf3
SHA1 (patch-CVE-2015-2752) = 81c197a9adba59b1a1fe86a35f1edc55c27d2c2c
SHA1 (patch-CVE-2015-3209) = abbfe580c03b5fd591d1fd893671f8d2b48f4123
SHA1 (patch-CVE-2015-3259) = 47e6da7ebd348230f2ad7bd82b39f25dd8f38145
SHA1 (patch-CVE-2015-3456) = e1600393860110c3093559f2f58273ba47478dd8
SHA1 (patch-Makefile) = 37fbcd6d2f0279d4c04c91085b0e7f5611a5b92a
SHA1 (patch-Rules.mk) = 51a2804e9a2a509a428392c0eb11243884bb7f22
SHA1 (patch-blktap_drivers_Makefile) = 0906a5ec3a7450fc987b01289e2560e60966d00d
SHA1 (patch-configure) = 7bf4183efb76bded94a9519bf2737fb1240ab0e7
SHA1 (patch-examples_Makefile) = 8e89fab7817785b32d79ec0cad3a2645c6981f01
SHA1 (patch-examples_xend-config.sxp) = 5eb15470bff85d30b6d26d8fe094f59fc8e34175
SHA1 (patch-firmware_etherboot_Makefile) = 1cb31183853c6069dafe47db8430e0577b21408e
SHA1 (patch-firmware_etherboot_patches_boot__prompt__option.patch) = 7d14b60557b1e81de370b21544cd49643fa15f08
SHA1 (patch-firmware_etherboot_patches_series) = cb653834fe14ff0b23fdfa525a20d3bcfe6e3819
SHA1 (patch-firmware_hvmloader_Makefile) = 7d907fa33fa1f121b3d54116d905855529a020fd
SHA1 (patch-firmware_hvmloader_util.h) = 6346ff8b33001dcecb7297b29c9df68be34af64d
SHA1 (patch-hotplug_NetBSD_Makefile) = ab91c41ef6bbdd7f7f3d992b9f81e43056a765e2
SHA1 (patch-hotplug_NetBSD_vif-bridge) = 663d0117612730960fd610b863d863d3abeea460
SHA1 (patch-hotplug_NetBSD_vif-ip) = c8fa179f58f1e550ab64901afd4fca53c3d11ceb
SHA1 (patch-hotplug_common_Makefile) = 288b1fe2565c1d4ded551bf159c068504ecab470
SHA1 (patch-include_xen-sys_NetBSD_gntdev.h) = 25c99a428fda6dee709888ddbcfdcfef5f654564
SHA1 (patch-libfsimage_common_Makefile) = c3cc5335a1d6b066307c5f03fe72f513a9eb2bdb
SHA1 (patch-libfsimage_ufs_ufs.h) = dc59f33cf3abd08a8cdee5977ca4168613327513
SHA1 (patch-libxc_xc__netbsd.c) = c94a2f7b38bfc1479401acf1bb124251bb4e3fcf
SHA1 (patch-libxl_libxl__create.c) = a212b3760f1bb796c6f126e5c795154f4e8030e2
SHA1 (patch-libxl_libxl__internal.h) = f8ff92400f7ba7858cc1963b11c1e8ee23d4e51f
SHA1 (patch-ocaml_common.make) = c59d32301198d65691ab23529dd791de5ac40199
SHA1 (patch-ocaml_xenstored_Makefile) = 0df19c3507616e104ecdfa403d14e046c5b2a368
SHA1 (patch-ocaml_xenstored_define.ml) = 044144295c2818a71c14dffc9c58f8592b222b0c
SHA1 (patch-ocaml_xenstored_utils.ml) = cc792a696743fa348b274b1c23783ea1a0d7da47
SHA1 (patch-pygrub_Makefile) = fa3671e0ff50a6a341ddf54a7b81c21add9e4f89
SHA1 (patch-python_xen_xend_XendNode.py) = 2c65e4b4b85e91e92dfb3aa402ebc44694bdff06
SHA1 (patch-python_xen_xend_osdep.py) = 8da6bba38bd7677ea829ca35058f7d2d1d7acad4
SHA1 (patch-python_xen_xm_create.py) = 7b25b3b3a8d58effae395d776f2a4b94d79acfcb
SHA1 (patch-qemu-xen-traditional_Makefile) = 0fcd7d5342269e87f14ff76be05d8757151438bc
SHA1 (patch-qemu-xen-traditional_block-raw-posix.c) = 6376edcc57313c2ffe9bb3d88043d160d1f644ec
SHA1 (patch-qemu-xen-traditional_configure) = 0f09a0128762dc7d083e5986908fed5b7746a981
SHA1 (patch-qemu-xen-traditional_hw_e1000.c) = a8faf95491867c19471690ae98df93ff1d73114a
SHA1 (patch-CVE-2015-5154) = 29e0f8ad5696b6b1f4d5dbcc8d35579fb8d67375
SHA1 (patch-CVE-2015-5165) = c0b5324cb85ced435f869a0aa7232c5670a9995d
SHA1 (patch-CVE-2015-5166) = 947ac0945091027d5973963765a3ab8975d2226a
SHA1 (patch-Makefile) = 3a474d28a5b838bae4a67b5ca76e23b950bf0133
SHA1 (patch-Rules.mk) = 25a04293f6fe638ba5f3bd5e09b2b091cd201023
SHA1 (patch-blktap_drivers_Makefile) = c6be57154a403a64e3d6bc22d6bd833fe33fc9af
SHA1 (patch-configure) = 11df58a8e1cd6bcc319db0aff508367e59592cba
SHA1 (patch-examples_Makefile) = ee02f973416ca4ffda5381cd7a4ddb3b43579621
SHA1 (patch-examples_xend-config.sxp) = 1c3423b6eead47f09768d571a65891caed12aa99
SHA1 (patch-firmware_etherboot_Makefile) = 9928566768b20d9400d8df379c09b30ba60b2575
SHA1 (patch-firmware_etherboot_patches_boot__prompt__option.patch) = 95d6e140643a6502ca14dca2c5e22fcfaa143d49
SHA1 (patch-firmware_etherboot_patches_series) = 2ced4e380f436a0287744e0a817ff24b91a43e7c
SHA1 (patch-firmware_hvmloader_Makefile) = d4d9f34335a178f50e7fda52747cf6551ceeccc6
SHA1 (patch-firmware_hvmloader_util.h) = 8ec0efdf56b9f2ea66cac7e90cba4abf727d4605
SHA1 (patch-hotplug_NetBSD_Makefile) = 7b14179d0d00dc1b6f9a85fff706d82ce9b0cd66
SHA1 (patch-hotplug_NetBSD_vif-bridge) = 7d01f15273c983c2cfe125e75800f9719961427c
SHA1 (patch-hotplug_NetBSD_vif-ip) = d3b0555f5ba0bfcbf0f7027eb5f74a84d0cf7c80
SHA1 (patch-hotplug_common_Makefile) = 3ee2fec5c4cb171c35c7e73379da4235b5ddca99
SHA1 (patch-include_xen-sys_NetBSD_gntdev.h) = 4789687ab983119e27fccc2fc83181c185cbed96
SHA1 (patch-libfsimage_common_Makefile) = 06b05feed62ca96aa5ab15177227508905d5dccd
SHA1 (patch-libfsimage_ufs_ufs.h) = 598d2c9d8e563c9ed6eb32e0877a5ea8d865e2ca
SHA1 (patch-libxc_xc__netbsd.c) = 1ed0804174badf9e0c788a8ff0b1797459663d68
SHA1 (patch-libxl_libxl__create.c) = 1706f782bcd3bea19b8127e9aefe8bda4a4061de
SHA1 (patch-libxl_libxl__internal.h) = bc2865f5c14b1fb9df1f9ad77d3be4a1494068c6
SHA1 (patch-ocaml_common.make) = a809e3bed475cdffea3cb7ae480c8fe7af6aa798
SHA1 (patch-ocaml_xenstored_Makefile) = a0e91b946307a610490a492d4d56dfe426bddb63
SHA1 (patch-ocaml_xenstored_define.ml) = c0772dff8e59f495a0ebe17a905aed04a29f2469
SHA1 (patch-ocaml_xenstored_utils.ml) = b446e9428c676b70d6b9001c578f6de2048c88c2
SHA1 (patch-pygrub_Makefile) = 42212486644818cc74fcf5ab3f77f3f7cd6433cf
SHA1 (patch-python_xen_xend_XendNode.py) = 7310dcdcff361b8b37a7c328bf6c9eb096a4df98
SHA1 (patch-python_xen_xend_osdep.py) = 8432ad06ef686efc316828e3e49f369a1f9936d5
SHA1 (patch-python_xen_xm_create.py) = 36223a6720f41eda1dc0cda22c52db546c76127c
SHA1 (patch-qemu-xen-traditional_Makefile) = 526d1b22e21a9eca73f6d70e14db5258091ce3b4
SHA1 (patch-qemu-xen-traditional_block-raw-posix.c) = ee1fd53411a357f8855a192bb905963f965ea9a7
SHA1 (patch-qemu-xen-traditional_configure) = 40cd80a7b9368cde3f7e5d24fdf16330d3d7fd0c
SHA1 (patch-qemu-xen-traditional_hw_e1000.c) = a517c2d0c1c8b6ca81bed3a6a6c0e63e8687fd88
SHA1 (patch-qemu-xen-traditional_hw_ide.c) = 4dc86cfec2d86766293af18b558b6bd5a336e697
SHA1 (patch-qemu-xen-traditional_hw_pass-through.c) = d1f3a1842c595e2d261b997bac02bb71de41eaac
SHA1 (patch-qemu-xen-traditional_hw_pass-through.h) = 765cfbb30bdcf9c212bd7f9aa00d19d723da496e
SHA1 (patch-qemu-xen-traditional_hw_piix4acpi.c) = bd89d2da04e2b816a097d4eb6d18936e5fe6bceb
SHA1 (patch-qemu-xen-traditional_hw_pt-graphics.c) = 5484b9ec7d673502d73b0e4802969940eacad218
SHA1 (patch-qemu-xen-traditional_hw_pt-msi.c) = 7281d62de494fbbb6508818c9f8c5cfc212c77d8
SHA1 (patch-qemu-xen-traditional_hw_pt-msi.h) = a33b6ed927db0204c25a9f6ff1bb8870c765f8ad
SHA1 (patch-qemu-xen-traditional_i386-dm_hookstarget.mak) = 7d526e8a9a0b0daf7215c54a036f7a3306291589
SHA1 (patch-qemu-xen-traditional_xen-hooks.mak) = 7acec9c981d18e1b659efc1d8e7c5c3b90d45411
SHA1 (patch-qemu-xen_audio_audio.c) = 95f7417cec027239e9591b8def632d9344f42e05
SHA1 (patch-qemu-xen_fpu_softfloat-specialize.h) = 791aeac1642101cbe2b15bf7ec189765c370f1a2
SHA1 (patch-qemu-xen_ioport.c) = 3dde5877f35396015d28eb2bb318ad2f79e6b4f8
SHA1 (patch-qemu-xen_memory.c) = e4e39a0d02195e3b04d97af04d4aa31ff379b73e
SHA1 (patch-qemu-xen_qemu-doc.texi) = 33d746120d2d063708824f315641a88e3aae67d4
SHA1 (patch-xentrace_Makefile) = 9b53ba4a809dad7a1de34c8fa0dbe493d7256ada
SHA1 (patch-qemu-xen-traditional_hw_pass-through.c) = 38f71458c3f0e2e27727f26f0f894599dd781a9f
SHA1 (patch-qemu-xen-traditional_hw_pass-through.h) = 216f96b6c154ea7feb418ceedab6a13a95f2be72
SHA1 (patch-qemu-xen-traditional_hw_piix4acpi.c) = 49a5bd5fa4c10a0aec8185b78afa60f37b1b6bbe
SHA1 (patch-qemu-xen-traditional_hw_pt-graphics.c) = be285f06962d7f78533f7e00a973cfbd5c7c1733
SHA1 (patch-qemu-xen-traditional_hw_pt-msi.c) = 18246d063314436cd1300499981e4fb6a6e64c6d
SHA1 (patch-qemu-xen-traditional_hw_pt-msi.h) = 8c9f2c39ddab9b5efc7e9a1a10aad4d77e2f184d
SHA1 (patch-qemu-xen-traditional_i386-dm_hookstarget.mak) = dbefbb3c32fd9d1af4b5d32ef269233d641a0bd4
SHA1 (patch-qemu-xen-traditional_xen-hooks.mak) = 07426cfb7a552032b56aad7fc679e74a7bdd67fe
SHA1 (patch-qemu-xen_audio_audio.c) = 996bbabfc195e4809d9343da31dc924e2fb3b22f
SHA1 (patch-qemu-xen_fpu_softfloat-specialize.h) = 25aada20285cc2f9f4e91811a42c2f55da63758f
SHA1 (patch-qemu-xen_ioport.c) = b88f7b3f8ea9ea64aefe6048ffd950c6a452c9cf
SHA1 (patch-qemu-xen_memory.c) = 8c5440055111a5c2b350346b8db06ec15912bc4c
SHA1 (patch-qemu-xen_qemu-doc.texi) = 843adbe6a37fe5d600b0cf61d6bd78bf527aa4a6
SHA1 (patch-xentrace_Makefile) = 751b59769254509c5da199c5498d428f9788b7e5

View file

@ -1,4 +1,4 @@
$NetBSD: patch-CVE-2015-2752,v 1.1 2015/04/19 13:13:21 spz Exp $
$NetBSD: patch-CVE-2015-2752,v 1.2 2015/08/23 16:17:12 spz Exp $
Patch for CVE-2015-2752 aka XSA-125 from
http://xenbits.xenproject.org/xsa/xsa125-4.2.patch
@ -80,4 +80,3 @@ http://xenbits.xenproject.org/xsa/xsa125-4.2.patch
int xc_domain_ioport_mapping(
xc_interface *xch,
uint32_t domid,

View file

@ -1,142 +0,0 @@
$NetBSD: patch-CVE-2015-2756,v 1.1 2015/04/19 13:13:21 spz Exp $
patch for CVE-2015-2756 aka XSA-126 from
http://xenbits.xenproject.org/xsa/xsa126-qemut.patch
--- qemu-xen-traditional/hw/pass-through.c.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/hw/pass-through.c
@@ -172,9 +172,6 @@ static int pt_word_reg_read(struct pt_de
static int pt_long_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask);
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
@@ -286,9 +283,9 @@ static struct pt_reg_info_tbl pt_emu_reg
.size = 2,
.init_val = 0x0000,
.ro_mask = 0xF880,
- .emu_mask = 0x0740,
+ .emu_mask = 0x0743,
.init = pt_common_reg_init,
- .u.w.read = pt_cmd_reg_read,
+ .u.w.read = pt_word_reg_read,
.u.w.write = pt_cmd_reg_write,
.u.w.restore = pt_cmd_reg_restore,
},
@@ -1905,7 +1902,7 @@ static int pt_dev_is_virtfn(struct pci_d
return rc;
}
-static int pt_register_regions(struct pt_dev *assigned_device)
+static int pt_register_regions(struct pt_dev *assigned_device, uint16_t *cmd)
{
int i = 0;
uint32_t bar_data = 0;
@@ -1925,17 +1922,26 @@ static int pt_register_regions(struct pt
/* Register current region */
if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_IO )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_IO,
pt_ioport_map);
+ *cmd |= PCI_COMMAND_IO;
+ }
else if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_MEM_PREFETCH )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM_PREFETCH,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
else
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
PT_LOG("IO region registered (size=0x%08x base_addr=0x%08x)\n",
(uint32_t)(pci_dev->size[i]),
@@ -3263,27 +3269,6 @@ static int pt_long_reg_read(struct pt_de
return 0;
}
-/* read Command register */
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask)
-{
- struct pt_reg_info_tbl *reg = cfg_entry->reg;
- uint16_t valid_emu_mask = 0;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
-
- /* emulate word register */
- valid_emu_mask = emu_mask & valid_mask;
- *value = PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
-
/* read BAR */
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
@@ -3418,19 +3403,13 @@ static int pt_cmd_reg_write(struct pt_de
uint16_t writable_mask = 0;
uint16_t throughable_mask = 0;
uint16_t wr_value = *value;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
/* modify emulate register */
writable_mask = ~reg->ro_mask & valid_mask;
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~emu_mask & valid_mask;
+ throughable_mask = ~reg->emu_mask & valid_mask;
if (*value & PCI_COMMAND_DISABLE_INTx)
{
@@ -4205,6 +4184,7 @@ static struct pt_dev * register_real_dev
struct pt_dev *assigned_device = NULL;
struct pci_dev *pci_dev;
uint8_t e_device, e_intx;
+ uint16_t cmd = 0;
char *key, *val;
int msi_translate, power_mgmt;
@@ -4294,7 +4274,7 @@ static struct pt_dev * register_real_dev
assigned_device->dev.config[i] = pci_read_byte(pci_dev, i);
/* Handle real device's MMIO/PIO BARs */
- pt_register_regions(assigned_device);
+ pt_register_regions(assigned_device, &cmd);
/* Setup VGA bios for passthroughed gfx */
if ( setup_vga_pt(assigned_device) < 0 )
@@ -4372,6 +4352,10 @@ static struct pt_dev * register_real_dev
}
out:
+ if (cmd)
+ pci_write_word(pci_dev, PCI_COMMAND,
+ *(uint16_t *)(&assigned_device->dev.config[PCI_COMMAND]) | cmd);
+
PT_LOG("Real physical device %02x:%02x.%x registered successfuly!\n"
"IRQ type = %s\n", r_bus, r_dev, r_func,
assigned_device->msi_trans_en? "MSI-INTx":"INTx");

View file

@ -0,0 +1,173 @@
$NetBSD: patch-CVE-2015-3209,v 1.1 2015/08/23 16:17:12 spz Exp $
patches for http://xenbits.xen.org/xsa/advisory-135.html (CVE-2015-3209)
http://xenbits.xen.org/xsa/xsa135-qemut-1.patch
http://xenbits.xen.org/xsa/xsa135-qemut-2.patch
http://xenbits.xen.org/xsa/xsa135-qemuu-4.2-1.patch
http://xenbits.xen.org/xsa/xsa135-qemuu-4.2-2.patch
--- qemu-xen/hw/pcnet.c.orig 2013-10-10 14:15:47.000000000 +0000
+++ qemu-xen/hw/pcnet.c
@@ -1209,7 +1209,7 @@ static void pcnet_transmit(PCNetState *s
target_phys_addr_t xmit_cxda = 0;
int count = CSR_XMTRL(s)-1;
int add_crc = 0;
-
+ int bcnt;
s->xmit_pos = -1;
if (!CSR_TXON(s)) {
@@ -1235,34 +1235,47 @@ static void pcnet_transmit(PCNetState *s
if (BCR_SWSTYLE(s) != 1)
add_crc = GET_FIELD(tmd.status, TMDS, ADDFCS);
}
+
+ if (s->xmit_pos < 0) {
+ goto txdone;
+ }
+
+ bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
+
+ /* if multi-tmd packet outsizes s->buffer then skip it silently.
+ Note: this is not what real hw does */
+ if (s->xmit_pos + bcnt > sizeof(s->buffer)) {
+ s->xmit_pos = -1;
+ goto txdone;
+ }
+
+ s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
+ s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
+ s->xmit_pos += bcnt;
+
if (!GET_FIELD(tmd.status, TMDS, ENP)) {
- int bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
- s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
- s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
- s->xmit_pos += bcnt;
- } else if (s->xmit_pos >= 0) {
- int bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
- s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
- s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
- s->xmit_pos += bcnt;
+ goto txdone;
+ }
#ifdef PCNET_DEBUG
- printf("pcnet_transmit size=%d\n", s->xmit_pos);
+ printf("pcnet_transmit size=%d\n", s->xmit_pos);
#endif
- if (CSR_LOOP(s)) {
- if (BCR_SWSTYLE(s) == 1)
- add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS);
- s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC;
- pcnet_receive(&s->nic->nc, s->buffer, s->xmit_pos);
- s->looptest = 0;
- } else
- if (s->nic)
- qemu_send_packet(&s->nic->nc, s->buffer, s->xmit_pos);
-
- s->csr[0] &= ~0x0008; /* clear TDMD */
- s->csr[4] |= 0x0004; /* set TXSTRT */
- s->xmit_pos = -1;
+ if (CSR_LOOP(s)) {
+ if (BCR_SWSTYLE(s) == 1)
+ add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS);
+ s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC;
+ pcnet_receive(&s->nic->nc, s->buffer, s->xmit_pos);
+ s->looptest = 0;
+ } else {
+ if (s->nic) {
+ qemu_send_packet(&s->nic->nc, s->buffer, s->xmit_pos);
+ }
}
+ s->csr[0] &= ~0x0008; /* clear TDMD */
+ s->csr[4] |= 0x0004; /* set TXSTRT */
+ s->xmit_pos = -1;
+
+ txdone:
SET_FIELD(&tmd.status, TMDS, OWN, 0);
TMDSTORE(&tmd, PHYSADDR(s,CSR_CXDA(s)));
if (!CSR_TOKINTD(s) || (CSR_LTINTEN(s) && GET_FIELD(tmd.status, TMDS, LTINT)))
--- qemu-xen-traditional/hw/pcnet.c.orig 2015-08-23 09:11:31.000000000 +0000
+++ qemu-xen-traditional/hw/pcnet.c
@@ -1250,7 +1250,7 @@ static void pcnet_transmit(PCNetState *s
target_phys_addr_t xmit_cxda = 0;
int count = CSR_XMTRL(s)-1;
int add_crc = 0;
-
+ int bcnt;
s->xmit_pos = -1;
if (!CSR_TXON(s)) {
@@ -1276,34 +1276,47 @@ static void pcnet_transmit(PCNetState *s
if (BCR_SWSTYLE(s) != 1)
add_crc = GET_FIELD(tmd.status, TMDS, ADDFCS);
}
+
+ if (s->xmit_pos < 0) {
+ goto txdone;
+ }
+
+ bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
+
+ /* if multi-tmd packet outsizes s->buffer then skip it silently.
+ Note: this is not what real hw does */
+ if (s->xmit_pos + bcnt > sizeof(s->buffer)) {
+ s->xmit_pos = -1;
+ goto txdone;
+ }
+
+ s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
+ s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
+ s->xmit_pos += bcnt;
+
if (!GET_FIELD(tmd.status, TMDS, ENP)) {
- int bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
- s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
- s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
- s->xmit_pos += bcnt;
- } else if (s->xmit_pos >= 0) {
- int bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
- s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
- s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
- s->xmit_pos += bcnt;
+ goto txdone;
+ }
#ifdef PCNET_DEBUG
- printf("pcnet_transmit size=%d\n", s->xmit_pos);
+ printf("pcnet_transmit size=%d\n", s->xmit_pos);
#endif
- if (CSR_LOOP(s)) {
- if (BCR_SWSTYLE(s) == 1)
- add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS);
- s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC;
- pcnet_receive(s, s->buffer, s->xmit_pos);
- s->looptest = 0;
- } else
- if (s->vc)
- qemu_send_packet(s->vc, s->buffer, s->xmit_pos);
-
- s->csr[0] &= ~0x0008; /* clear TDMD */
- s->csr[4] |= 0x0004; /* set TXSTRT */
- s->xmit_pos = -1;
+ if (CSR_LOOP(s)) {
+ if (BCR_SWSTYLE(s) == 1)
+ add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS);
+ s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC;
+ pcnet_receive(s, s->buffer, s->xmit_pos);
+ s->looptest = 0;
+ } else {
+ if (s->vc) {
+ qemu_send_packet(s->vc, s->buffer, s->xmit_pos);
+ }
}
+ s->csr[0] &= ~0x0008; /* clear TDMD */
+ s->csr[4] |= 0x0004; /* set TXSTRT */
+ s->xmit_pos = -1;
+
+ txdone:
SET_FIELD(&tmd.status, TMDS, OWN, 0);
TMDSTORE(&tmd, PHYSADDR(s,CSR_CXDA(s)));
if (!CSR_TOKINTD(s) || (CSR_LTINTEN(s) && GET_FIELD(tmd.status, TMDS, LTINT)))

View file

@ -0,0 +1,174 @@
$NetBSD: patch-CVE-2015-3259,v 1.1 2015/08/23 16:17:12 spz Exp $
patch for CVE-2015-3259 aka XSA-137 from
http://xenbits.xen.org/xsa/xsa137.patch
--- libxl/xl_cmdimpl.c.orig 2014-09-02 06:22:57.000000000 +0000
+++ libxl/xl_cmdimpl.c
@@ -135,7 +135,7 @@ struct domain_create {
int vncautopass;
int console_autoconnect;
const char *config_file;
- const char *extra_config; /* extra config string */
+ char *extra_config; /* extra config string */
const char *restore_file;
int migrate_fd; /* -1 means none */
char **migration_domname_r; /* from malloc */
@@ -3815,11 +3815,25 @@ int main_vm_list(int argc, char **argv)
return 0;
}
+static void string_realloc_append(char **accumulate, const char *more)
+{
+ /* Appends more to accumulate. Accumulate is either NULL, or
+ * points (always) to a malloc'd nul-terminated string. */
+
+ size_t oldlen = *accumulate ? strlen(*accumulate) : 0;
+ size_t morelen = strlen(more) + 1/*nul*/;
+ if (oldlen > SSIZE_MAX || morelen > SSIZE_MAX - oldlen) {
+ fprintf(stderr,"Additional config data far too large\n");
+ exit(-ERROR_FAIL);
+ }
+
+ *accumulate = xrealloc(*accumulate, oldlen + morelen);
+ memcpy(*accumulate + oldlen, more, morelen);
+}
+
int main_create(int argc, char **argv)
{
const char *filename = NULL;
- char *p;
- char extra_config[1024];
struct domain_create dom_info;
int paused = 0, debug = 0, daemonize = 1, console_autoconnect = 0,
quiet = 0, monitor = 1, vnc = 0, vncautopass = 0;
@@ -3835,6 +3849,8 @@ int main_create(int argc, char **argv)
{0, 0, 0, 0}
};
+ dom_info.extra_config = NULL;
+
if (argv[1] && argv[1][0] != '-' && !strchr(argv[1], '=')) {
filename = argv[1];
argc--; argv++;
@@ -3886,20 +3902,21 @@ int main_create(int argc, char **argv)
}
}
- extra_config[0] = '\0';
- for (p = extra_config; optind < argc; optind++) {
+ memset(&dom_info, 0, sizeof(dom_info));
+
+ for (; optind < argc; optind++) {
if (strchr(argv[optind], '=') != NULL) {
- p += snprintf(p, sizeof(extra_config) - (p - extra_config),
- "%s\n", argv[optind]);
+ string_realloc_append(&dom_info.extra_config, argv[optind]);
+ string_realloc_append(&dom_info.extra_config, "\n");
} else if (!filename) {
filename = argv[optind];
} else {
help("create");
+ free(dom_info.extra_config);
return 2;
}
}
- memset(&dom_info, 0, sizeof(dom_info));
dom_info.debug = debug;
dom_info.daemonize = daemonize;
dom_info.monitor = monitor;
@@ -3907,24 +3924,25 @@ int main_create(int argc, char **argv)
dom_info.dryrun = dryrun_only;
dom_info.quiet = quiet;
dom_info.config_file = filename;
- dom_info.extra_config = extra_config;
dom_info.migrate_fd = -1;
dom_info.vnc = vnc;
dom_info.vncautopass = vncautopass;
dom_info.console_autoconnect = console_autoconnect;
rc = create_domain(&dom_info);
- if (rc < 0)
+ if (rc < 0) {
+ free(dom_info.extra_config);
return -rc;
+ }
+ free(dom_info.extra_config);
return 0;
}
int main_config_update(int argc, char **argv)
{
const char *filename = NULL;
- char *p;
- char extra_config[1024];
+ char *extra_config = NULL;
void *config_data = 0;
int config_len = 0;
libxl_domain_config d_config;
@@ -3972,15 +3990,15 @@ int main_config_update(int argc, char **
}
}
- extra_config[0] = '\0';
- for (p = extra_config; optind < argc; optind++) {
+ for (; optind < argc; optind++) {
if (strchr(argv[optind], '=') != NULL) {
- p += snprintf(p, sizeof(extra_config) - (p - extra_config),
- "%s\n", argv[optind]);
+ string_realloc_append(&extra_config, argv[optind]);
+ string_realloc_append(&extra_config, "\n");
} else if (!filename) {
filename = argv[optind];
} else {
help("create");
+ free(extra_config);
return 2;
}
}
@@ -3989,7 +4007,8 @@ int main_config_update(int argc, char **
rc = libxl_read_file_contents(ctx, filename,
&config_data, &config_len);
if (rc) { fprintf(stderr, "Failed to read config file: %s: %s\n",
- filename, strerror(errno)); return ERROR_FAIL; }
+ filename, strerror(errno));
+ free(extra_config); return ERROR_FAIL; }
if (strlen(extra_config)) {
if (config_len > INT_MAX - (strlen(extra_config) + 2 + 1)) {
fprintf(stderr, "Failed to attach extra configration\n");
@@ -4030,7 +4049,7 @@ int main_config_update(int argc, char **
libxl_domain_config_dispose(&d_config);
free(config_data);
-
+ free(extra_config);
return 0;
}
@@ -6000,7 +6019,7 @@ int main_cpupoolcreate(int argc, char **
{
const char *filename = NULL, *config_src=NULL;
const char *p;
- char extra_config[1024];
+ char *extra_config = NULL;
int opt;
int option_index = 0;
static struct option long_options[] = {
@@ -6047,13 +6066,10 @@ int main_cpupoolcreate(int argc, char **
}
}
- memset(extra_config, 0, sizeof(extra_config));
while (optind < argc) {
if ((p = strchr(argv[optind], '='))) {
- if (strlen(extra_config) + 1 + strlen(argv[optind]) < sizeof(extra_config)) {
- strcat(extra_config, "\n");
- strcat(extra_config, argv[optind]);
- }
+ string_realloc_append(&extra_config, "\n");
+ string_realloc_append(&extra_config, argv[optind]);
} else if (!filename) {
filename = argv[optind];
} else {

View file

@ -0,0 +1,136 @@
$NetBSD: patch-CVE-2015-5154,v 1.1 2015/08/23 16:17:12 spz Exp $
patch for CVE-2015-5154 aka XSA-138 from
http://xenbits.xen.org/xsa/xsa138-qemut-1.patch
http://xenbits.xen.org/xsa/xsa138-qemut-2.patch
http://xenbits.xen.org/xsa/xsa138-qemuu-1.patch
http://xenbits.xen.org/xsa/xsa138-qemuu-3.patch
--- qemu-xen/hw/ide/core.c.orig 2015-08-23 09:31:00.000000000 +0000
+++ qemu-xen/hw/ide/core.c
@@ -1666,8 +1666,10 @@ void ide_data_writew(void *opaque, uint3
*(uint16_t *)p = le16_to_cpu(val);
p += 2;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
}
uint32_t ide_data_readw(void *opaque, uint32_t addr)
@@ -1691,8 +1693,10 @@ uint32_t ide_data_readw(void *opaque, ui
ret = cpu_to_le16(*(uint16_t *)p);
p += 2;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
return ret;
}
@@ -1716,8 +1720,10 @@ void ide_data_writel(void *opaque, uint3
*(uint32_t *)p = le32_to_cpu(val);
p += 4;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
}
uint32_t ide_data_readl(void *opaque, uint32_t addr)
@@ -1741,8 +1747,10 @@ uint32_t ide_data_readl(void *opaque, ui
ret = cpu_to_le32(*(uint32_t *)p);
p += 4;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
return ret;
}
--- qemu-xen-traditional/hw/ide.c.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/hw/ide.c
@@ -3002,11 +3006,17 @@ static void ide_data_writew(void *opaque
buffered_pio_write(s, addr, 2);
p = s->data_ptr;
+ if (p + 2 > s->data_end) {
+ return;
+ }
+
*(uint16_t *)p = le16_to_cpu(val);
p += 2;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
}
static uint32_t ide_data_readw(void *opaque, uint32_t addr)
@@ -3021,11 +3031,17 @@ static uint32_t ide_data_readw(void *opa
buffered_pio_read(s, addr, 2);
p = s->data_ptr;
+ if (p + 2 > s->data_end) {
+ return 0;
+ }
+
ret = cpu_to_le16(*(uint16_t *)p);
p += 2;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
return ret;
}
@@ -3040,11 +3056,17 @@ static void ide_data_writel(void *opaque
buffered_pio_write(s, addr, 4);
p = s->data_ptr;
+ if (p + 4 > s->data_end) {
+ return;
+ }
+
*(uint32_t *)p = le32_to_cpu(val);
p += 4;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
}
static uint32_t ide_data_readl(void *opaque, uint32_t addr)
@@ -3059,11 +3081,17 @@ static uint32_t ide_data_readl(void *opa
buffered_pio_read(s, addr, 4);
p = s->data_ptr;
+ if (p + 4 > s->data_end) {
+ return 0;
+ }
+
ret = cpu_to_le32(*(uint32_t *)p);
p += 4;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
return ret;
}

View file

@ -0,0 +1,433 @@
$NetBSD: patch-CVE-2015-5165,v 1.1 2015/08/23 16:17:12 spz Exp $
patch for CVE-2015-5165 aka XSA-140 from
http://xenbits.xen.org/xsa/xsa140-qemuu-4.3-1.patch
http://xenbits.xen.org/xsa/xsa140-qemuu-4.3-2.patch
http://xenbits.xen.org/xsa/xsa140-qemuu-4.3-3.patch
http://xenbits.xen.org/xsa/xsa140-qemuu-4.3-4.patch
http://xenbits.xen.org/xsa/xsa140-qemuu-4.3-5.patch
http://xenbits.xen.org/xsa/xsa140-qemuu-4.3-6.patch
http://xenbits.xen.org/xsa/xsa140-qemuu-4.3-7.patch
--- qemu-xen/hw/rtl8139.c.orig 2013-10-10 14:15:47.000000000 +0000
+++ qemu-xen/hw/rtl8139.c
@@ -2159,6 +2159,11 @@ static int rtl8139_cplus_transmit_one(RT
{
DPRINTF("+++ C+ mode offloaded task checksum\n");
+ /* Large enough for Ethernet and IP headers? */
+ if (saved_size < ETH_HLEN + sizeof(ip_header)) {
+ goto skip_offload;
+ }
+
/* ip packet header */
ip_header *ip = NULL;
int hlen = 0;
@@ -2169,223 +2174,235 @@ static int rtl8139_cplus_transmit_one(RT
size_t eth_payload_len = 0;
int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
- if (proto == ETH_P_IP)
+ if (proto != ETH_P_IP)
{
- DPRINTF("+++ C+ mode has IP packet\n");
+ goto skip_offload;
+ }
- /* not aligned */
- eth_payload_data = saved_buffer + ETH_HLEN;
- eth_payload_len = saved_size - ETH_HLEN;
-
- ip = (ip_header*)eth_payload_data;
-
- if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
- DPRINTF("+++ C+ mode packet has bad IP version %d "
- "expected %d\n", IP_HEADER_VERSION(ip),
- IP_HEADER_VERSION_4);
- ip = NULL;
- } else {
- hlen = IP_HEADER_LENGTH(ip);
- ip_protocol = ip->ip_p;
- ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
- }
+ DPRINTF("+++ C+ mode has IP packet\n");
+
+ /* not aligned */
+ eth_payload_data = saved_buffer + ETH_HLEN;
+ eth_payload_len = saved_size - ETH_HLEN;
+
+ ip = (ip_header*)eth_payload_data;
+
+ if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
+ DPRINTF("+++ C+ mode packet has bad IP version %d "
+ "expected %d\n", IP_HEADER_VERSION(ip),
+ IP_HEADER_VERSION_4);
+ goto skip_offload;
+ }
+
+ hlen = IP_HEADER_LENGTH(ip);
+ if (hlen < sizeof(ip_header) || hlen > eth_payload_len) {
+ goto skip_offload;
}
- if (ip)
+ ip_protocol = ip->ip_p;
+
+ ip_data_len = be16_to_cpu(ip->ip_len);
+ if (ip_data_len < hlen || ip_data_len > eth_payload_len) {
+ goto skip_offload;
+ }
+ ip_data_len -= hlen;
+
+ if (txdw0 & CP_TX_IPCS)
{
- if (txdw0 & CP_TX_IPCS)
- {
- DPRINTF("+++ C+ mode need IP checksum\n");
+ DPRINTF("+++ C+ mode need IP checksum\n");
- if (hlen<sizeof(ip_header) || hlen>eth_payload_len) {/* min header length */
- /* bad packet header len */
- /* or packet too short */
- }
- else
- {
- ip->ip_sum = 0;
- ip->ip_sum = ip_checksum(ip, hlen);
- DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n",
- hlen, ip->ip_sum);
- }
+ ip->ip_sum = 0;
+ ip->ip_sum = ip_checksum(ip, hlen);
+ DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n",
+ hlen, ip->ip_sum);
+ }
+
+ if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
+ {
+ /* Large enough for the TCP header? */
+ if (ip_data_len < sizeof(tcp_header)) {
+ goto skip_offload;
}
- if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
- {
- int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK;
+ int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK;
- DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d "
- "frame data %d specified MSS=%d\n", ETH_MTU,
- ip_data_len, saved_size - ETH_HLEN, large_send_mss);
+ DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d "
+ "frame data %d specified MSS=%d\n", ETH_MTU,
+ ip_data_len, saved_size - ETH_HLEN, large_send_mss);
- int tcp_send_offset = 0;
- int send_count = 0;
+ int tcp_send_offset = 0;
+ int send_count = 0;
- /* maximum IP header length is 60 bytes */
- uint8_t saved_ip_header[60];
+ /* maximum IP header length is 60 bytes */
+ uint8_t saved_ip_header[60];
- /* save IP header template; data area is used in tcp checksum calculation */
- memcpy(saved_ip_header, eth_payload_data, hlen);
+ /* save IP header template; data area is used in tcp checksum calculation */
+ memcpy(saved_ip_header, eth_payload_data, hlen);
- /* a placeholder for checksum calculation routine in tcp case */
- uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
- // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
+ /* a placeholder for checksum calculation routine in tcp case */
+ uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
+ // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
- /* pointer to TCP header */
- tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
+ /* pointer to TCP header */
+ tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
- int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
+ int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
- /* ETH_MTU = ip header len + tcp header len + payload */
- int tcp_data_len = ip_data_len - tcp_hlen;
- int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
+ /* Invalid TCP data offset? */
+ if (tcp_hlen < sizeof(tcp_header) || tcp_hlen > ip_data_len) {
+ goto skip_offload;
+ }
- DPRINTF("+++ C+ mode TSO IP data len %d TCP hlen %d TCP "
- "data len %d TCP chunk size %d\n", ip_data_len,
- tcp_hlen, tcp_data_len, tcp_chunk_size);
+ /* ETH_MTU = ip header len + tcp header len + payload */
+ int tcp_data_len = ip_data_len - tcp_hlen;
+ int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
- /* note the cycle below overwrites IP header data,
- but restores it from saved_ip_header before sending packet */
+ DPRINTF("+++ C+ mode TSO IP data len %d TCP hlen %d TCP "
+ "data len %d TCP chunk size %d\n", ip_data_len,
+ tcp_hlen, tcp_data_len, tcp_chunk_size);
- int is_last_frame = 0;
+ /* note the cycle below overwrites IP header data,
+ but restores it from saved_ip_header before sending packet */
- for (tcp_send_offset = 0; tcp_send_offset < tcp_data_len; tcp_send_offset += tcp_chunk_size)
- {
- uint16_t chunk_size = tcp_chunk_size;
+ int is_last_frame = 0;
- /* check if this is the last frame */
- if (tcp_send_offset + tcp_chunk_size >= tcp_data_len)
- {
- is_last_frame = 1;
- chunk_size = tcp_data_len - tcp_send_offset;
- }
-
- DPRINTF("+++ C+ mode TSO TCP seqno %08x\n",
- be32_to_cpu(p_tcp_hdr->th_seq));
-
- /* add 4 TCP pseudoheader fields */
- /* copy IP source and destination fields */
- memcpy(data_to_checksum, saved_ip_header + 12, 8);
-
- DPRINTF("+++ C+ mode TSO calculating TCP checksum for "
- "packet with %d bytes data\n", tcp_hlen +
- chunk_size);
-
- if (tcp_send_offset)
- {
- memcpy((uint8_t*)p_tcp_hdr + tcp_hlen, (uint8_t*)p_tcp_hdr + tcp_hlen + tcp_send_offset, chunk_size);
- }
-
- /* keep PUSH and FIN flags only for the last frame */
- if (!is_last_frame)
- {
- TCP_HEADER_CLEAR_FLAGS(p_tcp_hdr, TCP_FLAG_PUSH|TCP_FLAG_FIN);
- }
-
- /* recalculate TCP checksum */
- ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
- p_tcpip_hdr->zeros = 0;
- p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
- p_tcpip_hdr->ip_payload = cpu_to_be16(tcp_hlen + chunk_size);
-
- p_tcp_hdr->th_sum = 0;
-
- int tcp_checksum = ip_checksum(data_to_checksum, tcp_hlen + chunk_size + 12);
- DPRINTF("+++ C+ mode TSO TCP checksum %04x\n",
- tcp_checksum);
-
- p_tcp_hdr->th_sum = tcp_checksum;
-
- /* restore IP header */
- memcpy(eth_payload_data, saved_ip_header, hlen);
-
- /* set IP data length and recalculate IP checksum */
- ip->ip_len = cpu_to_be16(hlen + tcp_hlen + chunk_size);
-
- /* increment IP id for subsequent frames */
- ip->ip_id = cpu_to_be16(tcp_send_offset/tcp_chunk_size + be16_to_cpu(ip->ip_id));
-
- ip->ip_sum = 0;
- ip->ip_sum = ip_checksum(eth_payload_data, hlen);
- DPRINTF("+++ C+ mode TSO IP header len=%d "
- "checksum=%04x\n", hlen, ip->ip_sum);
-
- int tso_send_size = ETH_HLEN + hlen + tcp_hlen + chunk_size;
- DPRINTF("+++ C+ mode TSO transferring packet size "
- "%d\n", tso_send_size);
- rtl8139_transfer_frame(s, saved_buffer, tso_send_size,
- 0, (uint8_t *) dot1q_buffer);
-
- /* add transferred count to TCP sequence number */
- p_tcp_hdr->th_seq = cpu_to_be32(chunk_size + be32_to_cpu(p_tcp_hdr->th_seq));
- ++send_count;
- }
-
- /* Stop sending this frame */
- saved_size = 0;
- }
- else if (txdw0 & (CP_TX_TCPCS|CP_TX_UDPCS))
+ for (tcp_send_offset = 0; tcp_send_offset < tcp_data_len; tcp_send_offset += tcp_chunk_size)
{
- DPRINTF("+++ C+ mode need TCP or UDP checksum\n");
+ uint16_t chunk_size = tcp_chunk_size;
- /* maximum IP header length is 60 bytes */
- uint8_t saved_ip_header[60];
- memcpy(saved_ip_header, eth_payload_data, hlen);
+ /* check if this is the last frame */
+ if (tcp_send_offset + tcp_chunk_size >= tcp_data_len)
+ {
+ is_last_frame = 1;
+ chunk_size = tcp_data_len - tcp_send_offset;
+ }
- uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
- // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
+ DPRINTF("+++ C+ mode TSO TCP seqno %08x\n",
+ be32_to_cpu(p_tcp_hdr->th_seq));
/* add 4 TCP pseudoheader fields */
/* copy IP source and destination fields */
memcpy(data_to_checksum, saved_ip_header + 12, 8);
- if ((txdw0 & CP_TX_TCPCS) && ip_protocol == IP_PROTO_TCP)
+ DPRINTF("+++ C+ mode TSO calculating TCP checksum for "
+ "packet with %d bytes data\n", tcp_hlen +
+ chunk_size);
+
+ if (tcp_send_offset)
+ {
+ memcpy((uint8_t*)p_tcp_hdr + tcp_hlen, (uint8_t*)p_tcp_hdr + tcp_hlen + tcp_send_offset, chunk_size);
+ }
+
+ /* keep PUSH and FIN flags only for the last frame */
+ if (!is_last_frame)
{
- DPRINTF("+++ C+ mode calculating TCP checksum for "
- "packet with %d bytes data\n", ip_data_len);
+ TCP_HEADER_CLEAR_FLAGS(p_tcp_hdr, TCP_FLAG_PUSH|TCP_FLAG_FIN);
+ }
- ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
- p_tcpip_hdr->zeros = 0;
- p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
- p_tcpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+ /* recalculate TCP checksum */
+ ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
+ p_tcpip_hdr->zeros = 0;
+ p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
+ p_tcpip_hdr->ip_payload = cpu_to_be16(tcp_hlen + chunk_size);
+
+ p_tcp_hdr->th_sum = 0;
+
+ int tcp_checksum = ip_checksum(data_to_checksum, tcp_hlen + chunk_size + 12);
+ DPRINTF("+++ C+ mode TSO TCP checksum %04x\n",
+ tcp_checksum);
- tcp_header* p_tcp_hdr = (tcp_header *) (data_to_checksum+12);
+ p_tcp_hdr->th_sum = tcp_checksum;
- p_tcp_hdr->th_sum = 0;
+ /* restore IP header */
+ memcpy(eth_payload_data, saved_ip_header, hlen);
- int tcp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
- DPRINTF("+++ C+ mode TCP checksum %04x\n",
- tcp_checksum);
+ /* set IP data length and recalculate IP checksum */
+ ip->ip_len = cpu_to_be16(hlen + tcp_hlen + chunk_size);
- p_tcp_hdr->th_sum = tcp_checksum;
- }
- else if ((txdw0 & CP_TX_UDPCS) && ip_protocol == IP_PROTO_UDP)
- {
- DPRINTF("+++ C+ mode calculating UDP checksum for "
- "packet with %d bytes data\n", ip_data_len);
+ /* increment IP id for subsequent frames */
+ ip->ip_id = cpu_to_be16(tcp_send_offset/tcp_chunk_size + be16_to_cpu(ip->ip_id));
- ip_pseudo_header *p_udpip_hdr = (ip_pseudo_header *)data_to_checksum;
- p_udpip_hdr->zeros = 0;
- p_udpip_hdr->ip_proto = IP_PROTO_UDP;
- p_udpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+ ip->ip_sum = 0;
+ ip->ip_sum = ip_checksum(eth_payload_data, hlen);
+ DPRINTF("+++ C+ mode TSO IP header len=%d "
+ "checksum=%04x\n", hlen, ip->ip_sum);
+
+ int tso_send_size = ETH_HLEN + hlen + tcp_hlen + chunk_size;
+ DPRINTF("+++ C+ mode TSO transferring packet size "
+ "%d\n", tso_send_size);
+ rtl8139_transfer_frame(s, saved_buffer, tso_send_size,
+ 0, (uint8_t *) dot1q_buffer);
+
+ /* add transferred count to TCP sequence number */
+ p_tcp_hdr->th_seq = cpu_to_be32(chunk_size + be32_to_cpu(p_tcp_hdr->th_seq));
+ ++send_count;
+ }
- udp_header *p_udp_hdr = (udp_header *) (data_to_checksum+12);
+ /* Stop sending this frame */
+ saved_size = 0;
+ }
+ else if (txdw0 & (CP_TX_TCPCS|CP_TX_UDPCS))
+ {
+ DPRINTF("+++ C+ mode need TCP or UDP checksum\n");
- p_udp_hdr->uh_sum = 0;
+ /* maximum IP header length is 60 bytes */
+ uint8_t saved_ip_header[60];
+ memcpy(saved_ip_header, eth_payload_data, hlen);
- int udp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
- DPRINTF("+++ C+ mode UDP checksum %04x\n",
- udp_checksum);
+ uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
+ // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
- p_udp_hdr->uh_sum = udp_checksum;
- }
+ /* add 4 TCP pseudoheader fields */
+ /* copy IP source and destination fields */
+ memcpy(data_to_checksum, saved_ip_header + 12, 8);
- /* restore IP header */
- memcpy(eth_payload_data, saved_ip_header, hlen);
+ if ((txdw0 & CP_TX_TCPCS) && ip_protocol == IP_PROTO_TCP)
+ {
+ DPRINTF("+++ C+ mode calculating TCP checksum for "
+ "packet with %d bytes data\n", ip_data_len);
+
+ ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
+ p_tcpip_hdr->zeros = 0;
+ p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
+ p_tcpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+
+ tcp_header* p_tcp_hdr = (tcp_header *) (data_to_checksum+12);
+
+ p_tcp_hdr->th_sum = 0;
+
+ int tcp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
+ DPRINTF("+++ C+ mode TCP checksum %04x\n",
+ tcp_checksum);
+
+ p_tcp_hdr->th_sum = tcp_checksum;
}
+ else if ((txdw0 & CP_TX_UDPCS) && ip_protocol == IP_PROTO_UDP)
+ {
+ DPRINTF("+++ C+ mode calculating UDP checksum for "
+ "packet with %d bytes data\n", ip_data_len);
+
+ ip_pseudo_header *p_udpip_hdr = (ip_pseudo_header *)data_to_checksum;
+ p_udpip_hdr->zeros = 0;
+ p_udpip_hdr->ip_proto = IP_PROTO_UDP;
+ p_udpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+
+ udp_header *p_udp_hdr = (udp_header *) (data_to_checksum+12);
+
+ p_udp_hdr->uh_sum = 0;
+
+ int udp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
+ DPRINTF("+++ C+ mode UDP checksum %04x\n",
+ udp_checksum);
+
+ p_udp_hdr->uh_sum = udp_checksum;
+ }
+
+ /* restore IP header */
+ memcpy(eth_payload_data, saved_ip_header, hlen);
}
}
+skip_offload:
/* update tally counter */
++s->tally_counters.TxOk;

View file

@ -0,0 +1,28 @@
$NetBSD: patch-CVE-2015-5166,v 1.1 2015/08/23 16:17:12 spz Exp $
patch for CVE-2015-5166 aka XSA-139 from
http://xenbits.xen.org/xsa/xsa139-qemuu-4.5.patch
--- qemu-xen/hw/ide/piix.c.orig 2013-10-10 14:15:47.000000000 +0000
+++ qemu-xen/hw/ide/piix.c
@@ -170,6 +170,7 @@ static int pci_piix3_xen_ide_unplug(Devi
PCIIDEState *pci_ide;
DriveInfo *di;
int i = 0;
+ IDEDevice *idedev;
pci_dev = DO_UPCAST(PCIDevice, qdev, dev);
pci_ide = DO_UPCAST(PCIIDEState, dev, pci_dev);
@@ -183,6 +184,12 @@ static int pci_piix3_xen_ide_unplug(Devi
}
bdrv_close(di->bdrv);
pci_ide->bus[di->bus].ifs[di->unit].bs = NULL;
+ if (!(i % 2)) {
+ idedev = pci_ide->bus[di->bus].master;
+ } else {
+ idedev = pci_ide->bus[di->bus].slave;
+ }
+ idedev->conf.bs = NULL;
drive_put_ref(di);
}
}

View file

@ -1,8 +1,8 @@
$NetBSD: patch-Makefile,v 1.2 2013/05/26 20:27:43 bouyer Exp $
$NetBSD: patch-Makefile,v 1.3 2015/08/23 16:17:12 spz Exp $
--- Makefile.orig 2013-04-23 18:42:55.000000000 +0200
+++ Makefile 2013-05-26 18:33:32.000000000 +0200
@@ -18,15 +18,16 @@
--- Makefile.orig 2014-09-02 06:22:57.000000000 +0000
+++ Makefile
@@ -18,15 +18,16 @@ SUBDIRS-$(CONFIG_XCUTILS) += xcutils
SUBDIRS-$(CONFIG_X86) += firmware
SUBDIRS-y += console
SUBDIRS-y += xenmon
@ -22,7 +22,7 @@ $NetBSD: patch-Makefile,v 1.2 2013/05/26 20:27:43 bouyer Exp $
SUBDIRS-$(CONFIG_NetBSD) += xenbackendd
SUBDIRS-y += libfsimage
SUBDIRS-$(LIBXENAPI_BINDINGS) += libxen
@@ -44,7 +45,7 @@
@@ -44,7 +45,7 @@ SUBDIRS-y += remus
SUBDIRS-$(CONFIG_X86) += xenpaging
SUBDIRS-$(CONFIG_X86) += debugger/gdbsx
SUBDIRS-$(CONFIG_X86) += debugger/kdd

View file

@ -1,6 +1,6 @@
$NetBSD: patch-Rules.mk,v 1.1 2015/01/29 21:31:39 joerg Exp $
$NetBSD: patch-Rules.mk,v 1.2 2015/08/23 16:17:12 spz Exp $
--- Rules.mk.orig 2015-01-12 16:53:24.000000000 +0000
--- Rules.mk.orig 2014-09-02 06:22:57.000000000 +0000
+++ Rules.mk
@@ -21,23 +21,23 @@ CFLAGS_xeninclude = -I$(XEN_INCLUDE)

View file

@ -1,8 +1,8 @@
$NetBSD: patch-blktap_drivers_Makefile,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-blktap_drivers_Makefile,v 1.2 2015/08/23 16:17:12 spz Exp $
--- blktap/drivers/Makefile.orig 2008-08-01 16:38:07.000000000 +0200
--- blktap/drivers/Makefile.orig 2014-09-02 06:22:57.000000000 +0000
+++ blktap/drivers/Makefile
@@ -37,9 +37,11 @@ BLK-OBJS-y += block-qcow2.o
@@ -50,9 +50,11 @@ BLK-OBJS-y += block-qcow2.o
BLK-OBJS-y += aes.o
BLK-OBJS-y += tapaio.o
BLK-OBJS-$(CONFIG_Linux) += blk_linux.o

View file

@ -1,6 +1,6 @@
$NetBSD: patch-configure,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-configure,v 1.2 2015/08/23 16:17:12 spz Exp $
--- configure.orig 2012-12-17 15:00:12.000000000 +0000
--- configure.orig 2014-09-02 06:22:57.000000000 +0000
+++ configure
@@ -3719,7 +3719,7 @@ $as_echo "no" >&6; }
fi

View file

@ -1,7 +1,7 @@
$NetBSD: patch-examples_Makefile,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-examples_Makefile,v 1.2 2015/08/23 16:17:12 spz Exp $
--- examples/Makefile.orig 2011-10-20 19:05:41.000000000 +0200
+++ examples/Makefile 2011-10-26 13:55:46.000000000 +0200
--- examples/Makefile.orig 2014-09-02 06:22:57.000000000 +0000
+++ examples/Makefile
@@ -1,5 +1,6 @@
XEN_ROOT = $(CURDIR)/../..
include $(XEN_ROOT)/tools/Rules.mk

View file

@ -1,8 +1,8 @@
$NetBSD: patch-examples_xend-config.sxp,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-examples_xend-config.sxp,v 1.2 2015/08/23 16:17:12 spz Exp $
--- examples/xend-config.sxp.orig 2010-04-07 16:12:04.000000000 +0000
--- examples/xend-config.sxp.orig 2014-09-02 06:22:57.000000000 +0000
+++ examples/xend-config.sxp
@@ -190,7 +190,7 @@
@@ -207,7 +207,7 @@
# Whether to enable auto-ballooning of dom0 to allow domUs to be created.
# If enable-dom0-ballooning = no, dom0 will never balloon out.

View file

@ -1,6 +1,6 @@
$NetBSD: patch-firmware_etherboot_Makefile,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-firmware_etherboot_Makefile,v 1.2 2015/08/23 16:17:12 spz Exp $
--- firmware/etherboot/Makefile.orig 2012-12-17 15:00:24.000000000 +0000
--- firmware/etherboot/Makefile.orig 2014-09-02 06:22:57.000000000 +0000
+++ firmware/etherboot/Makefile
@@ -27,18 +27,10 @@ all: $(ROMS)
%.rom: $D/src/arch/i386/Makefile

View file

@ -1,6 +1,6 @@
$NetBSD: patch-firmware_etherboot_patches_boot__prompt__option.patch,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-firmware_etherboot_patches_boot__prompt__option.patch,v 1.2 2015/08/23 16:17:12 spz Exp $
--- firmware/etherboot/patches/boot_prompt_option.patch.orig 2012-12-17 15:00:24.000000000 +0000
--- firmware/etherboot/patches/boot_prompt_option.patch.orig 2014-09-02 06:22:57.000000000 +0000
+++ firmware/etherboot/patches/boot_prompt_option.patch
@@ -13,7 +13,7 @@ index 0f92415..cce7505 100644
@@ -418,6 +419,7 @@ no_pmm:

View file

@ -1,6 +1,6 @@
$NetBSD: patch-firmware_etherboot_patches_series,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-firmware_etherboot_patches_series,v 1.2 2015/08/23 16:17:12 spz Exp $
--- firmware/etherboot/patches/series.orig 2012-12-17 15:00:24.000000000 +0000
--- firmware/etherboot/patches/series.orig 2014-09-02 06:22:57.000000000 +0000
+++ firmware/etherboot/patches/series
@@ -1,4 +1,3 @@
boot_prompt_option.patch

View file

@ -1,6 +1,6 @@
$NetBSD: patch-firmware_hvmloader_Makefile,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-firmware_hvmloader_Makefile,v 1.2 2015/08/23 16:17:12 spz Exp $
--- firmware/hvmloader/Makefile.orig 2012-12-17 15:00:24.000000000 +0000
--- firmware/hvmloader/Makefile.orig 2014-09-02 06:22:57.000000000 +0000
+++ firmware/hvmloader/Makefile
@@ -26,7 +26,7 @@ SUBDIRS := acpi
# The HVM loader is started in 32-bit mode at the address below:

View file

@ -1,5 +1,7 @@
--- firmware/hvmloader/util.h.orig 2014-09-02 15:22:57.000000000 +0900
+++ firmware/hvmloader/util.h 2014-12-08 13:01:39.000000000 +0900
$NetBSD: patch-firmware_hvmloader_util.h,v 1.2 2015/08/23 16:17:12 spz Exp $
--- firmware/hvmloader/util.h.orig 2014-09-02 06:22:57.000000000 +0000
+++ firmware/hvmloader/util.h
@@ -3,6 +3,7 @@
#include <stdarg.h>
@ -8,7 +10,7 @@
#include <xen/xen.h>
#include <xen/hvm/hvm_info_table.h>
@@ -172,7 +173,6 @@
@@ -172,7 +173,6 @@ int printf(const char *fmt, ...) __attri
int vprintf(const char *fmt, va_list ap);
/* Buffer output */

View file

@ -1,8 +1,8 @@
$NetBSD: patch-hotplug_NetBSD_Makefile,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-hotplug_NetBSD_Makefile,v 1.2 2015/08/23 16:17:12 spz Exp $
--- hotplug/NetBSD/Makefile.orig 2011-03-25 11:42:50.000000000 +0100
+++ hotplug/NetBSD/Makefile 2011-04-15 11:38:32.000000000 +0200
@@ -8,7 +8,7 @@
--- hotplug/NetBSD/Makefile.orig 2014-09-02 06:22:57.000000000 +0000
+++ hotplug/NetBSD/Makefile
@@ -8,7 +8,7 @@ XEN_SCRIPTS += vif-bridge
XEN_SCRIPTS += vif-ip
XEN_SCRIPT_DATA =
@ -11,7 +11,7 @@ $NetBSD: patch-hotplug_NetBSD_Makefile,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
.PHONY: all
all:
@@ -21,10 +21,11 @@
@@ -21,10 +21,11 @@ install: all install-scripts install-rcd
.PHONY: install-scripts
install-scripts:
@ -25,7 +25,7 @@ $NetBSD: patch-hotplug_NetBSD_Makefile,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
done
set -e; for i in $(XEN_SCRIPT_DATA); \
do \
@@ -33,12 +34,6 @@
@@ -33,12 +34,6 @@ install-scripts:
.PHONY: install-rcd
install-rcd:

View file

@ -1,6 +1,6 @@
$NetBSD: patch-hotplug_NetBSD_vif-bridge,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-hotplug_NetBSD_vif-bridge,v 1.2 2015/08/23 16:17:12 spz Exp $
--- hotplug/NetBSD/vif-bridge.orig 2012-12-17 15:00:35.000000000 +0000
--- hotplug/NetBSD/vif-bridge.orig 2014-09-02 06:22:57.000000000 +0000
+++ hotplug/NetBSD/vif-bridge
@@ -23,7 +23,10 @@ case $xstatus in
xbridge=$(xenstore-read "$xpath/bridge")

View file

@ -1,6 +1,6 @@
$NetBSD: patch-hotplug_NetBSD_vif-ip,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-hotplug_NetBSD_vif-ip,v 1.2 2015/08/23 16:17:12 spz Exp $
--- hotplug/NetBSD/vif-ip.orig 2012-12-17 15:00:35.000000000 +0000
--- hotplug/NetBSD/vif-ip.orig 2014-09-02 06:22:57.000000000 +0000
+++ hotplug/NetBSD/vif-ip
@@ -24,6 +24,10 @@ case $xstatus in
xfid=$(xenstore-read "$xpath/frontend-id")

View file

@ -1,6 +1,6 @@
$NetBSD: patch-hotplug_common_Makefile,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-hotplug_common_Makefile,v 1.2 2015/08/23 16:17:12 spz Exp $
--- hotplug/common/Makefile.orig 2013-04-23 16:42:55.000000000 +0000
--- hotplug/common/Makefile.orig 2014-09-02 06:22:57.000000000 +0000
+++ hotplug/common/Makefile
@@ -23,15 +23,15 @@ install: all install-scripts

View file

@ -1,6 +1,6 @@
$NetBSD: patch-include_xen-sys_NetBSD_gntdev.h,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-include_xen-sys_NetBSD_gntdev.h,v 1.2 2015/08/23 16:17:12 spz Exp $
--- include/xen-sys/NetBSD/gntdev.h.orig 2011-03-29 17:10:31.000000000 +0000
--- include/xen-sys/NetBSD/gntdev.h.orig 2015-08-23 08:59:20.000000000 +0000
+++ include/xen-sys/NetBSD/gntdev.h
@@ -0,0 +1,105 @@
+/******************************************************************************

View file

@ -1,8 +1,8 @@
$NetBSD: patch-libfsimage_common_Makefile,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-libfsimage_common_Makefile,v 1.2 2015/08/23 16:17:12 spz Exp $
--- libfsimage/common/Makefile.orig 2010-05-11 21:27:58.000000000 +0000
--- libfsimage/common/Makefile.orig 2014-09-02 06:22:57.000000000 +0000
+++ libfsimage/common/Makefile
@@ -4,6 +4,8 @@ include $(XEN_ROOT)/tools/Rules.mk
@@ -4,6 +4,8 @@ include $(XEN_ROOT)/tools/libfsimage/Rul
MAJOR = 1.0
MINOR = 0

View file

@ -1,6 +1,6 @@
$NetBSD: patch-libfsimage_ufs_ufs.h,v 1.1 2013/11/07 00:46:39 joerg Exp $
$NetBSD: patch-libfsimage_ufs_ufs.h,v 1.2 2015/08/23 16:17:12 spz Exp $
--- libfsimage/ufs/ufs.h.orig 2013-07-14 19:44:35.000000000 +0000
--- libfsimage/ufs/ufs.h.orig 2014-09-02 06:22:57.000000000 +0000
+++ libfsimage/ufs/ufs.h
@@ -4,7 +4,7 @@
*/

View file

@ -1,6 +1,6 @@
$NetBSD: patch-libxc_xc__netbsd.c,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-libxc_xc__netbsd.c,v 1.2 2015/08/23 16:17:12 spz Exp $
--- libxc/xc_netbsd.c.orig 2012-12-17 15:00:48.000000000 +0000
--- libxc/xc_netbsd.c.orig 2014-09-02 06:22:57.000000000 +0000
+++ libxc/xc_netbsd.c
@@ -18,13 +18,19 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

View file

@ -1,8 +1,8 @@
$NetBSD: patch-libxl_libxl__create.c,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-libxl_libxl__create.c,v 1.2 2015/08/23 16:17:12 spz Exp $
--- libxl/libxl_create.c.orig 2012-12-17 15:01:09.000000000 +0000
--- libxl/libxl_create.c.orig 2014-09-02 06:22:57.000000000 +0000
+++ libxl/libxl_create.c
@@ -338,7 +338,7 @@ int libxl__domain_build(libxl__gc *gc,
@@ -355,7 +355,7 @@ int libxl__domain_build(libxl__gc *gc,
vments[2] = "image/ostype";
vments[3] = "hvm";
vments[4] = "start_time";
@ -11,7 +11,7 @@ $NetBSD: patch-libxl_libxl__create.c,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
localents = libxl__calloc(gc, 7, sizeof(char *));
localents[0] = "platform/acpi";
@@ -361,7 +361,7 @@ int libxl__domain_build(libxl__gc *gc,
@@ -378,7 +378,7 @@ int libxl__domain_build(libxl__gc *gc,
vments[i++] = "image/kernel";
vments[i++] = (char *) state->pv_kernel.path;
vments[i++] = "start_time";
@ -20,7 +20,7 @@ $NetBSD: patch-libxl_libxl__create.c,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
if (state->pv_ramdisk.path) {
vments[i++] = "image/ramdisk";
vments[i++] = (char *) state->pv_ramdisk.path;
@@ -832,7 +832,7 @@ void libxl__xc_domain_restore_done(libxl
@@ -849,7 +849,7 @@ void libxl__xc_domain_restore_done(libxl
vments[2] = "image/ostype";
vments[3] = "hvm";
vments[4] = "start_time";
@ -29,7 +29,7 @@ $NetBSD: patch-libxl_libxl__create.c,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
break;
case LIBXL_DOMAIN_TYPE_PV:
vments = libxl__calloc(gc, 11, sizeof(char *));
@@ -842,7 +842,7 @@ void libxl__xc_domain_restore_done(libxl
@@ -859,7 +859,7 @@ void libxl__xc_domain_restore_done(libxl
vments[i++] = "image/kernel";
vments[i++] = (char *) state->pv_kernel.path;
vments[i++] = "start_time";

View file

@ -1,8 +1,8 @@
$NetBSD: patch-libxl_libxl__internal.h,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-libxl_libxl__internal.h,v 1.2 2015/08/23 16:17:12 spz Exp $
--- libxl/libxl_internal.h.orig 2012-12-17 15:01:09.000000000 +0000
--- libxl/libxl_internal.h.orig 2014-09-02 06:22:57.000000000 +0000
+++ libxl/libxl_internal.h
@@ -374,7 +374,11 @@ typedef struct {
@@ -378,7 +378,11 @@ typedef struct {
#define PCI_FUNC(devfn) ((devfn) & 0x07)
#define AUTO_PHP_SLOT 0x100
#define SYSFS_PCI_DEV "/sys/bus/pci/devices"

View file

@ -1,6 +1,6 @@
$NetBSD: patch-ocaml_common.make,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-ocaml_common.make,v 1.2 2015/08/23 16:17:12 spz Exp $
--- ocaml/common.make.orig 2013-03-13 09:31:47.000000000 +0000
--- ocaml/common.make.orig 2014-09-02 06:22:57.000000000 +0000
+++ ocaml/common.make
@@ -3,7 +3,7 @@ include $(XEN_ROOT)/tools/Rules.mk
CC ?= gcc

View file

@ -1,6 +1,6 @@
$NetBSD: patch-ocaml_xenstored_Makefile,v 1.1 2013/05/25 05:19:17 jnemeth Exp $
$NetBSD: patch-ocaml_xenstored_Makefile,v 1.2 2015/08/23 16:17:12 spz Exp $
--- ocaml/xenstored/Makefile.orig 2013-04-23 16:42:55.000000000 +0000
--- ocaml/xenstored/Makefile.orig 2014-09-02 06:22:57.000000000 +0000
+++ ocaml/xenstored/Makefile
@@ -1,6 +1,7 @@
XEN_ROOT = $(CURDIR)/../../..

View file

@ -1,6 +1,6 @@
$NetBSD: patch-ocaml_xenstored_define.ml,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-ocaml_xenstored_define.ml,v 1.2 2015/08/23 16:17:12 spz Exp $
--- ocaml/xenstored/define.ml.orig 2012-12-17 15:01:22.000000000 +0000
--- ocaml/xenstored/define.ml.orig 2014-09-02 06:22:57.000000000 +0000
+++ ocaml/xenstored/define.ml
@@ -17,13 +17,13 @@
let xenstored_major = 1

View file

@ -1,8 +1,8 @@
$NetBSD: patch-ocaml_xenstored_utils.ml,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-ocaml_xenstored_utils.ml,v 1.2 2015/08/23 16:17:12 spz Exp $
--- ocaml/xenstored/utils.ml.orig
--- ocaml/xenstored/utils.ml.orig 2014-09-02 06:22:57.000000000 +0000
+++ ocaml/xenstored/utils.ml
@@ -87,7 +83,7 @@ let read_file_single_integer filename =
@@ -87,7 +87,7 @@ let read_file_single_integer filename =
let buf = String.make 20 (char_of_int 0) in
let sz = Unix.read fd buf 0 20 in
Unix.close fd;

View file

@ -1,6 +1,6 @@
$NetBSD: patch-pygrub_Makefile,v 1.1 2013/05/25 05:19:17 jnemeth Exp $
$NetBSD: patch-pygrub_Makefile,v 1.2 2015/08/23 16:17:12 spz Exp $
--- pygrub/Makefile.orig 2013-04-23 16:42:55.000000000 +0000
--- pygrub/Makefile.orig 2014-09-02 06:22:57.000000000 +0000
+++ pygrub/Makefile
@@ -15,7 +15,7 @@ install: all
--install-scripts=$(PRIVATE_BINDIR) --force

View file

@ -1,8 +1,8 @@
$NetBSD: patch-python_xen_xend_XendNode.py,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-python_xen_xend_XendNode.py,v 1.2 2015/08/23 16:17:12 spz Exp $
--- python/xen/xend/XendNode.py.orig 2010-04-07 16:12:05.000000000 +0000
--- python/xen/xend/XendNode.py.orig 2014-09-02 06:22:57.000000000 +0000
+++ python/xen/xend/XendNode.py
@@ -276,28 +276,29 @@ class XendNode:
@@ -279,28 +279,29 @@ class XendNode:
except KeyError:
pass

View file

@ -1,8 +1,8 @@
$NetBSD: patch-python_xen_xend_osdep.py,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-python_xen_xend_osdep.py,v 1.2 2015/08/23 16:17:12 spz Exp $
--- python/xen/xend/osdep.py.orig 2011-04-01 12:03:13.000000000 +0200
+++ python/xen/xend/osdep.py 2011-04-01 13:49:45.000000000 +0200
@@ -94,8 +94,12 @@
--- python/xen/xend/osdep.py.orig 2014-09-02 06:22:57.000000000 +0000
+++ python/xen/xend/osdep.py
@@ -98,8 +98,12 @@ def _netbsd_balloon_stat(label):
return None
cmd = "/sbin/sysctl " + cmdarg
sysctloutput = commands.getoutput(cmd)

View file

@ -1,6 +1,6 @@
$NetBSD: patch-python_xen_xm_create.py,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-python_xen_xm_create.py,v 1.2 2015/08/23 16:17:12 spz Exp $
--- python/xen/xm/create.py.orig 2010-04-07 16:12:05.000000000 +0000
--- python/xen/xm/create.py.orig 2014-09-02 06:22:57.000000000 +0000
+++ python/xen/xm/create.py
@@ -426,7 +426,7 @@ gopts.var('vtpm', val="instance=INSTANCE
preferred instance number. The hotplug script will determine

View file

@ -1,6 +1,6 @@
$NetBSD: patch-qemu-xen-traditional_Makefile,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-qemu-xen-traditional_Makefile,v 1.2 2015/08/23 16:17:12 spz Exp $
--- qemu-xen-traditional/Makefile.orig 2011-02-11 17:54:51.000000000 +0000
--- qemu-xen-traditional/Makefile.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/Makefile
@@ -1,7 +1,7 @@
# Makefile for QEMU.

View file

@ -1,8 +1,8 @@
$NetBSD: patch-qemu-xen-traditional_block-raw-posix.c,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-qemu-xen-traditional_block-raw-posix.c,v 1.2 2015/08/23 16:17:12 spz Exp $
- if given a block device, use the character device instead.
--- qemu-xen-traditional/block-raw-posix.c.orig 2012-12-11 13:11:04.000000000 +0000
--- qemu-xen-traditional/block-raw-posix.c.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/block-raw-posix.c
@@ -65,6 +65,7 @@
#include <sys/disklabel.h>

View file

@ -1,8 +1,8 @@
$NetBSD: patch-qemu-xen-traditional_configure,v 1.2 2014/09/17 20:32:36 bouyer Exp $
$NetBSD: patch-qemu-xen-traditional_configure,v 1.3 2015/08/23 16:17:12 spz Exp $
--- qemu-xen-traditional/configure.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/configure 2014-09-17 13:10:43.000000000 +0000
@@ -1089,7 +1089,7 @@
+++ qemu-xen-traditional/configure
@@ -1089,7 +1089,7 @@ fi
# Check if tools are available to build documentation.
if [ -x "`which texi2html 2>/dev/null`" ] && \
[ -x "`which pod2man 2>/dev/null`" ]; then
@ -11,7 +11,7 @@ $NetBSD: patch-qemu-xen-traditional_configure,v 1.2 2014/09/17 20:32:36 bouyer E
fi
##########################################
@@ -1124,7 +1124,7 @@
@@ -1124,7 +1124,7 @@ else
if test -z "$prefix" ; then
prefix="/usr/local"
fi
@ -20,7 +20,7 @@ $NetBSD: patch-qemu-xen-traditional_configure,v 1.2 2014/09/17 20:32:36 bouyer E
datasuffix="/share/qemu"
docsuffix="/share/doc/qemu"
binsuffix="/bin"
@@ -1215,6 +1215,9 @@
@@ -1215,6 +1215,9 @@ echo "docdir=\${prefix}$docsuffix" >> $c
echo "#define CONFIG_QEMU_SHAREDIR \"$prefix$datasuffix\"" >> $config_h
echo "MAKE=$make" >> $config_mak
echo "INSTALL=$install" >> $config_mak
@ -30,7 +30,7 @@ $NetBSD: patch-qemu-xen-traditional_configure,v 1.2 2014/09/17 20:32:36 bouyer E
echo "CC=$cc" >> $config_mak
echo "HOST_CC=$host_cc" >> $config_mak
echo "AR=$ar" >> $config_mak
@@ -1492,7 +1495,9 @@
@@ -1492,7 +1495,9 @@ fi
# XXX: suppress that
if [ "$bsd" = "yes" ] ; then
echo "#define O_LARGEFILE 0" >> $config_h

View file

@ -1,13 +1,13 @@
$NetBSD: patch-qemu-xen-traditional_hw_e1000.c,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-qemu-xen-traditional_hw_e1000.c,v 1.2 2015/08/23 16:17:12 spz Exp $
From sysutils/xentools33/patches/patch-ak.
qemu-0.13.x will include this fix:
http://git.qemu.org/qemu.git/commit/?id=9651ac55e5de0e1534d898316cc851af6ffc4334
--- qemu-xen-traditional/hw/e1000.c.orig 2009-08-06 12:56:34.000000000 +0000
--- qemu-xen-traditional/hw/e1000.c.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/hw/e1000.c
@@ -244,16 +244,20 @@ set_eecd(E1000State *s, int index, uint3
@@ -265,16 +265,20 @@ set_eecd(E1000State *s, int index, uint3
s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);

View file

@ -1,7 +1,28 @@
$NetBSD: patch-qemu-xen-traditional_hw_pass-through.c,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-qemu-xen-traditional_hw_pass-through.c,v 1.2 2015/08/23 16:17:12 spz Exp $
--- qemu-xen-traditional/hw/pass-through.c.orig 2012-05-24 16:05:23.000000000 +0200
+++ qemu-xen-traditional/hw/pass-through.c 2012-05-24 16:06:19.000000000 +0200
patch for CVE-2015-2756 aka XSA-126 from
http://xenbits.xenproject.org/xsa/xsa126-qemut.patch
patch for CVE-2015-4103 aka XSA-128 from
http://xenbits.xen.org/xsa/xsa128-qemut.patch
patch for CVE-2015-4104 aka XSA-129 from
http://xenbits.xen.org/xsa/xsa129-qemut.patch
patch for CVE-2015-4106 aka XSA-131 from
http://xenbits.xen.org/xsa/xsa131-qemut-4.2-1.patch
http://xenbits.xen.org/xsa/xsa131-qemut-2.patch
http://xenbits.xen.org/xsa/xsa131-qemut-3.patch
http://xenbits.xen.org/xsa/xsa131-qemut-4.patch
http://xenbits.xen.org/xsa/xsa131-qemut-5.patch
http://xenbits.xen.org/xsa/xsa131-qemut-6.patch
http://xenbits.xen.org/xsa/xsa131-qemut-7.patch
http://xenbits.xen.org/xsa/xsa131-qemut-8.patch
avoid duplicate inclusion of pci/header.h and pci/pci.h (also in pass-through.h)
--- qemu-xen-traditional/hw/pass-through.c.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/hw/pass-through.c
@@ -84,8 +84,6 @@
*/
@ -11,3 +32,731 @@ $NetBSD: patch-qemu-xen-traditional_hw_pass-through.c,v 1.1 2013/05/15 06:58:50
#include "pt-msi.h"
#include "qemu-xen.h"
#include "iomulti.h"
@@ -147,6 +145,10 @@ static uint32_t pt_msgaddr64_reg_init(st
struct pt_reg_info_tbl *reg, uint32_t real_offset);
static uint32_t pt_msgdata_reg_init(struct pt_dev *ptdev,
struct pt_reg_info_tbl *reg, uint32_t real_offset);
+static uint32_t pt_mask_reg_init(struct pt_dev *ptdev,
+ struct pt_reg_info_tbl *reg, uint32_t real_offset);
+static uint32_t pt_pending_reg_init(struct pt_dev *ptdev,
+ struct pt_reg_info_tbl *reg, uint32_t real_offset);
static uint32_t pt_msixctrl_reg_init(struct pt_dev *ptdev,
struct pt_reg_info_tbl *reg, uint32_t real_offset);
static uint32_t pt_header_type_reg_init(struct pt_dev *ptdev,
@@ -178,9 +180,6 @@ static int pt_cmd_reg_read(struct pt_dev
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
-static int pt_pmcsr_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask);
static int pt_byte_reg_write(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint8_t *value, uint8_t dev_value, uint8_t valid_mask);
@@ -285,7 +284,7 @@ static struct pt_reg_info_tbl pt_emu_reg
.offset = PCI_COMMAND,
.size = 2,
.init_val = 0x0000,
- .ro_mask = 0xF880,
+ .res_mask = 0xF880,
.emu_mask = 0x0740,
.init = pt_common_reg_init,
.u.w.read = pt_cmd_reg_read,
@@ -312,7 +311,8 @@ static struct pt_reg_info_tbl pt_emu_reg
.offset = PCI_STATUS,
.size = 2,
.init_val = 0x0000,
- .ro_mask = 0x06FF,
+ .res_mask = 0x0007,
+ .ro_mask = 0x06F8,
.emu_mask = 0x0010,
.init = pt_status_reg_init,
.u.w.read = pt_word_reg_read,
@@ -457,7 +457,7 @@ static struct pt_reg_info_tbl pt_emu_reg
.offset = PCI_INTEL_OPREGION,
.size = 4,
.init_val = 0,
- .no_wb = 1,
+ .emu_mask = 0xFFFFFFFF,
.u.dw.read = pt_intel_opregion_read,
.u.dw.write = pt_intel_opregion_write,
.u.dw.restore = NULL,
@@ -493,15 +493,29 @@ static struct pt_reg_info_tbl pt_emu_reg
.u.w.write = pt_word_reg_write,
.u.w.restore = NULL,
},
- /* PCI Power Management Control/Status reg */
+ /* PCI Power Management Control/Status reg (->power_mgmt on) */
{
.offset = PCI_PM_CTRL,
.size = 2,
.init_val = 0x0008,
- .ro_mask = 0xE1FC,
+ .res_mask = 0x00F0,
+ .ro_mask = 0xE10C,
.emu_mask = 0x8100,
.init = pt_pmcsr_reg_init,
- .u.w.read = pt_pmcsr_reg_read,
+ .u.w.read = pt_word_reg_read,
+ .u.w.write = pt_pmcsr_reg_write,
+ .u.w.restore = pt_pmcsr_reg_restore,
+ },
+ /* PCI Power Management Control/Status reg (->power_mgmt off) */
+ {
+ .offset = PCI_PM_CTRL,
+ .size = 2,
+ .init_val = 0x0008,
+ .res_mask = 0x00F0,
+ .ro_mask = 0xE10C,
+ .emu_mask = 0x810B,
+ .init = pt_pmcsr_reg_init,
+ .u.w.read = pt_word_reg_read,
.u.w.write = pt_pmcsr_reg_write,
.u.w.restore = pt_pmcsr_reg_restore,
},
@@ -525,6 +539,16 @@ static struct pt_reg_info_tbl pt_emu_reg
.u.b.restore = NULL,
},
{
+ .offset = PCI_VPD_ADDR,
+ .size = 2,
+ .ro_mask = 0x0003,
+ .emu_mask = 0x0003,
+ .init = pt_common_reg_init,
+ .u.w.read = pt_word_reg_read,
+ .u.w.write = pt_word_reg_write,
+ .u.w.restore = pt_word_reg_restore,
+ },
+ {
.size = 0,
},
};
@@ -567,7 +591,7 @@ static struct pt_reg_info_tbl pt_emu_reg
.offset = PCI_EXP_DEVCAP,
.size = 4,
.init_val = 0x00000000,
- .ro_mask = 0x1FFCFFFF,
+ .ro_mask = 0xFFFFFFFF,
.emu_mask = 0x10000000,
.init = pt_common_reg_init,
.u.dw.read = pt_long_reg_read,
@@ -586,6 +610,17 @@ static struct pt_reg_info_tbl pt_emu_reg
.u.w.write = pt_word_reg_write,
.u.w.restore = pt_word_reg_restore,
},
+ /* Device Status reg */
+ {
+ .offset = PCI_EXP_DEVSTA,
+ .size = 2,
+ .res_mask = 0xFFC0,
+ .ro_mask = 0x0030,
+ .init = pt_common_reg_init,
+ .u.w.read = pt_word_reg_read,
+ .u.w.write = pt_word_reg_write,
+ .u.w.restore = pt_word_reg_restore,
+ },
/* Link Control reg */
{
.offset = PCI_EXP_LNKCTL,
@@ -598,6 +633,16 @@ static struct pt_reg_info_tbl pt_emu_reg
.u.w.write = pt_word_reg_write,
.u.w.restore = pt_word_reg_restore,
},
+ /* Link Status reg */
+ {
+ .offset = PCI_EXP_LNKSTA,
+ .size = 2,
+ .ro_mask = 0x3FFF,
+ .init = pt_common_reg_init,
+ .u.w.read = pt_word_reg_read,
+ .u.w.write = pt_word_reg_write,
+ .u.w.restore = pt_word_reg_restore,
+ },
/* Device Control 2 reg */
{
.offset = 0x28,
@@ -646,8 +691,9 @@ static struct pt_reg_info_tbl pt_emu_reg
.offset = PCI_MSI_FLAGS, // 2
.size = 2,
.init_val = 0x0000,
- .ro_mask = 0xFF8E,
- .emu_mask = 0x007F,
+ .res_mask = 0xFE00,
+ .ro_mask = 0x018E,
+ .emu_mask = 0x017E,
.init = pt_msgctrl_reg_init,
.u.w.read = pt_word_reg_read,
.u.w.write = pt_msgctrl_reg_write,
@@ -660,7 +706,6 @@ static struct pt_reg_info_tbl pt_emu_reg
.init_val = 0x00000000,
.ro_mask = 0x00000003,
.emu_mask = 0xFFFFFFFF,
- .no_wb = 1,
.init = pt_common_reg_init,
.u.dw.read = pt_long_reg_read,
.u.dw.write = pt_msgaddr32_reg_write,
@@ -673,7 +718,6 @@ static struct pt_reg_info_tbl pt_emu_reg
.init_val = 0x00000000,
.ro_mask = 0x00000000,
.emu_mask = 0xFFFFFFFF,
- .no_wb = 1,
.init = pt_msgaddr64_reg_init,
.u.dw.read = pt_long_reg_read,
.u.dw.write = pt_msgaddr64_reg_write,
@@ -686,7 +730,6 @@ static struct pt_reg_info_tbl pt_emu_reg
.init_val = 0x0000,
.ro_mask = 0x0000,
.emu_mask = 0xFFFF,
- .no_wb = 1,
.init = pt_msgdata_reg_init,
.u.w.read = pt_word_reg_read,
.u.w.write = pt_msgdata_reg_write,
@@ -699,12 +742,55 @@ static struct pt_reg_info_tbl pt_emu_reg
.init_val = 0x0000,
.ro_mask = 0x0000,
.emu_mask = 0xFFFF,
- .no_wb = 1,
.init = pt_msgdata_reg_init,
.u.w.read = pt_word_reg_read,
.u.w.write = pt_msgdata_reg_write,
.u.w.restore = NULL,
},
+ /* Mask reg (if PCI_MSI_FLAGS_MASK_BIT set, for 32-bit devices) */
+ {
+ .offset = PCI_MSI_MASK_32,
+ .size = 4,
+ .init_val = 0x00000000,
+ .ro_mask = 0xFFFFFFFF,
+ .emu_mask = 0xFFFFFFFF,
+ .init = pt_mask_reg_init,
+ .u.dw.read = pt_long_reg_read,
+ .u.dw.write = pt_long_reg_write,
+ },
+ /* Mask reg (if PCI_MSI_FLAGS_MASK_BIT set, for 64-bit devices) */
+ {
+ .offset = PCI_MSI_MASK_64,
+ .size = 4,
+ .init_val = 0x00000000,
+ .ro_mask = 0xFFFFFFFF,
+ .emu_mask = 0xFFFFFFFF,
+ .init = pt_mask_reg_init,
+ .u.dw.read = pt_long_reg_read,
+ .u.dw.write = pt_long_reg_write,
+ },
+ /* Pending reg (if PCI_MSI_FLAGS_MASK_BIT set, for 32-bit devices) */
+ {
+ .offset = PCI_MSI_MASK_32 + 4,
+ .size = 4,
+ .init_val = 0x00000000,
+ .ro_mask = 0xFFFFFFFF,
+ .emu_mask = 0x00000000,
+ .init = pt_pending_reg_init,
+ .u.dw.read = pt_long_reg_read,
+ .u.dw.write = pt_long_reg_write,
+ },
+ /* Pending reg (if PCI_MSI_FLAGS_MASK_BIT set, for 64-bit devices) */
+ {
+ .offset = PCI_MSI_MASK_64 + 4,
+ .size = 4,
+ .init_val = 0x00000000,
+ .ro_mask = 0xFFFFFFFF,
+ .emu_mask = 0x00000000,
+ .init = pt_pending_reg_init,
+ .u.dw.read = pt_long_reg_read,
+ .u.dw.write = pt_long_reg_write,
+ },
{
.size = 0,
},
@@ -729,7 +815,8 @@ static struct pt_reg_info_tbl pt_emu_reg
.offset = PCI_MSI_FLAGS, // 2
.size = 2,
.init_val = 0x0000,
- .ro_mask = 0x3FFF,
+ .res_mask = 0x3800,
+ .ro_mask = 0x07FF,
.emu_mask = 0x0000,
.init = pt_msixctrl_reg_init,
.u.w.read = pt_word_reg_read,
@@ -1527,10 +1614,10 @@ static void pt_pci_write_config(PCIDevic
uint32_t find_addr = address;
uint32_t real_offset = 0;
uint32_t valid_mask = 0xFFFFFFFF;
- uint32_t read_val = 0;
+ uint32_t read_val = 0, wb_mask, wp_mask;
uint8_t *ptr_val = NULL;
int emul_len = 0;
- int index = 0;
+ int index = 0, wp_flag = 0;
int ret = 0;
#ifdef PT_DEBUG_PCI_CONFIG_ACCESS
@@ -1600,11 +1687,21 @@ static void pt_pci_write_config(PCIDevic
{
PT_LOG("Error: pci_read_block failed. return value[%d].\n", ret);
memset((uint8_t *)&read_val, 0xff, len);
+ wb_mask = 0;
}
+ else
+ wb_mask = 0xFFFFFFFF >> ((4 - len) << 3);
/* pass directly to libpci for passthrough type register group */
if (reg_grp_entry == NULL)
+ {
+ if (!assigned_device->permissive)
+ {
+ wb_mask = 0;
+ wp_flag = 1;
+ }
goto out;
+ }
/* adjust the read and write value to appropriate CFC-CFF window */
read_val <<= ((address & 3) << 3);
@@ -1623,6 +1720,12 @@ static void pt_pci_write_config(PCIDevic
valid_mask = (0xFFFFFFFF >> ((4 - emul_len) << 3));
valid_mask <<= ((find_addr - real_offset) << 3);
ptr_val = ((uint8_t *)&val + (real_offset & 3));
+ wp_mask = reg->emu_mask | reg->ro_mask;
+ if (!assigned_device->permissive)
+ wp_mask |= reg->res_mask;
+ if (wp_mask == (0xFFFFFFFF >> ((4 - reg->size) << 3)))
+ wb_mask &= ~((wp_mask >> ((find_addr - real_offset) << 3))
+ << ((len - emul_len) << 3));
/* do emulation depend on register size */
switch (reg->size) {
@@ -1671,6 +1774,16 @@ static void pt_pci_write_config(PCIDevic
/* nothing to do with passthrough type register,
* continue to find next byte
*/
+ if (!assigned_device->permissive)
+ {
+ wb_mask &= ~(0xff << ((len - emul_len) << 3));
+ /* Unused BARs will make it here, but we don't want to issue
+ * warnings for writes to them (bogus writes get dealt with
+ * above).
+ */
+ if (index < 0)
+ wp_flag = 1;
+ }
emul_len--;
find_addr++;
}
@@ -1680,8 +1793,28 @@ static void pt_pci_write_config(PCIDevic
val >>= ((address & 3) << 3);
out:
- if (!(reg && reg->no_wb)) { /* unknown regs are passed through */
- ret = pci_write_block(pci_dev, address, (uint8_t *)&val, len);
+ if (wp_flag && !assigned_device->permissive_warned)
+ {
+ assigned_device->permissive_warned = 1;
+ PT_LOG("Write-back to unknown field 0x%02x (partially) inhibited (0x%0*x)\n",
+ addr, len * 2, wb_mask);
+ PT_LOG("If device %02x:%02x.%o doesn't work, try enabling permissive\n",
+ pci_bus_num(d->bus), PCI_SLOT(d->devfn), PCI_FUNC(d->devfn));
+ PT_LOG("mode (unsafe) and if it helps report the problem to xen-devel\n");
+ }
+ for (index = 0; wb_mask; index += len) {
+ /* unknown regs are passed through */
+ while (!(wb_mask & 0xff)) {
+ index++;
+ wb_mask >>= 8;
+ }
+ len = 0;
+ do {
+ len++;
+ wb_mask >>= 8;
+ } while (wb_mask & 0xff);
+ ret = pci_write_block(pci_dev, address + index,
+ (uint8_t *)&val + index, len);
if (!ret)
PT_LOG("Error: pci_write_block failed. return value[%d].\n", ret);
@@ -2848,6 +2981,7 @@ static uint32_t pt_pmc_reg_init(struct p
return reg->init_val;
}
+/* this function will be called twice (for ->power_mgmt on and off cases) */
/* initialize PCI Power Management Control/Status register */
static uint32_t pt_pmcsr_reg_init(struct pt_dev *ptdev,
struct pt_reg_info_tbl *reg, uint32_t real_offset)
@@ -2855,8 +2989,23 @@ static uint32_t pt_pmcsr_reg_init(struct
PCIDevice *d = &ptdev->dev;
uint16_t cap_ver = 0;
- if (!ptdev->power_mgmt)
- return reg->init_val;
+ switch (reg->emu_mask & (PCI_PM_CTRL_STATE_MASK |
+ PCI_PM_CTRL_NO_SOFT_RESET))
+ {
+ case 0:
+ if (!ptdev->power_mgmt)
+ return PT_INVALID_REG;
+ break;
+ case PCI_PM_CTRL_STATE_MASK | PCI_PM_CTRL_NO_SOFT_RESET:
+ if (!ptdev->power_mgmt)
+ return reg->init_val;
+ return PT_INVALID_REG;
+ default:
+ /* exit I/O emulator */
+ PT_LOG("Internal error: Invalid PMCSR emulation mask %04x."
+ " I/O emulator exit.\n", reg->emu_mask);
+ exit(1);
+ }
/* check PCI Power Management support version */
cap_ver = ptdev->pm_state->pmc_field & PCI_PM_CAP_VER_MASK;
@@ -3000,6 +3149,42 @@ static uint32_t pt_msgdata_reg_init(stru
return PT_INVALID_REG;
}
+/* this function will be called twice (for 32 bit and 64 bit type) */
+/* initialize Mask register */
+static uint32_t pt_mask_reg_init(struct pt_dev *ptdev,
+ struct pt_reg_info_tbl *reg, uint32_t real_offset)
+{
+ uint32_t flags = ptdev->msi->flags;
+ uint32_t offset = reg->offset;
+
+ if (!(flags & PCI_MSI_FLAGS_MASK_BIT))
+ return PT_INVALID_REG;
+
+ if (offset == (flags & PCI_MSI_FLAGS_64BIT ?
+ PCI_MSI_MASK_64 : PCI_MSI_MASK_32))
+ return reg->init_val;
+
+ return PT_INVALID_REG;
+}
+
+/* this function will be called twice (for 32 bit and 64 bit type) */
+/* initialize Pending register */
+static uint32_t pt_pending_reg_init(struct pt_dev *ptdev,
+ struct pt_reg_info_tbl *reg, uint32_t real_offset)
+{
+ uint32_t flags = ptdev->msi->flags;
+ uint32_t offset = reg->offset;
+
+ if (!(flags & PCI_MSI_FLAGS_MASK_BIT))
+ return PT_INVALID_REG;
+
+ if (offset == (flags & PCI_MSI_FLAGS_64BIT ?
+ PCI_MSI_MASK_64 + 4 : PCI_MSI_MASK_32 + 4))
+ return reg->init_val;
+
+ return PT_INVALID_REG;
+}
+
/* initialize Message Control register for MSI-X */
static uint32_t pt_msixctrl_reg_init(struct pt_dev *ptdev,
struct pt_reg_info_tbl *reg, uint32_t real_offset)
@@ -3331,24 +3516,18 @@ static int pt_bar_reg_read(struct pt_dev
}
-/* read Power Management Control/Status register */
-static int pt_pmcsr_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask)
+static uint32_t get_throughable_mask(const struct pt_dev *ptdev,
+ const struct pt_reg_info_tbl *reg,
+ uint32_t valid_mask)
{
- struct pt_reg_info_tbl *reg = cfg_entry->reg;
- uint16_t valid_emu_mask = reg->emu_mask;
-
- if (!ptdev->power_mgmt)
- valid_emu_mask |= PCI_PM_CTRL_STATE_MASK | PCI_PM_CTRL_NO_SOFT_RESET;
+ uint32_t throughable_mask = ~(reg->emu_mask | reg->ro_mask);
- valid_emu_mask = valid_emu_mask & valid_mask ;
- *value = PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
+ if (!ptdev->permissive)
+ throughable_mask &= ~reg->res_mask;
- return 0;
+ return throughable_mask & valid_mask;
}
-
/* write byte size emulate register */
static int pt_byte_reg_write(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
@@ -3356,14 +3535,13 @@ static int pt_byte_reg_write(struct pt_d
{
struct pt_reg_info_tbl *reg = cfg_entry->reg;
uint8_t writable_mask = 0;
- uint8_t throughable_mask = 0;
+ uint8_t throughable_mask = get_throughable_mask(ptdev, reg, valid_mask);
/* modify emulate register */
writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
*value = PT_MERGE_VALUE(*value, dev_value, throughable_mask);
return 0;
@@ -3376,14 +3554,13 @@ static int pt_word_reg_write(struct pt_d
{
struct pt_reg_info_tbl *reg = cfg_entry->reg;
uint16_t writable_mask = 0;
- uint16_t throughable_mask = 0;
+ uint16_t throughable_mask = get_throughable_mask(ptdev, reg, valid_mask);
/* modify emulate register */
writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
*value = PT_MERGE_VALUE(*value, dev_value, throughable_mask);
return 0;
@@ -3396,14 +3573,13 @@ static int pt_long_reg_write(struct pt_d
{
struct pt_reg_info_tbl *reg = cfg_entry->reg;
uint32_t writable_mask = 0;
- uint32_t throughable_mask = 0;
+ uint32_t throughable_mask = get_throughable_mask(ptdev, reg, valid_mask);
/* modify emulate register */
writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
*value = PT_MERGE_VALUE(*value, dev_value, throughable_mask);
return 0;
@@ -3416,7 +3592,7 @@ static int pt_cmd_reg_write(struct pt_de
{
struct pt_reg_info_tbl *reg = cfg_entry->reg;
uint16_t writable_mask = 0;
- uint16_t throughable_mask = 0;
+ uint16_t throughable_mask = get_throughable_mask(ptdev, reg, valid_mask);
uint16_t wr_value = *value;
uint16_t emu_mask = reg->emu_mask;
@@ -3430,8 +3606,6 @@ static int pt_cmd_reg_write(struct pt_de
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~emu_mask & valid_mask;
-
if (*value & PCI_COMMAND_DISABLE_INTx)
{
if (ptdev->msi_trans_en)
@@ -3477,7 +3651,6 @@ static int pt_bar_reg_write(struct pt_de
PCIDevice *d = (PCIDevice *)&ptdev->dev;
PCIIORegion *r;
uint32_t writable_mask = 0;
- uint32_t throughable_mask = 0;
uint32_t bar_emu_mask = 0;
uint32_t bar_ro_mask = 0;
uint32_t new_addr, last_addr;
@@ -3604,8 +3777,7 @@ static int pt_bar_reg_write(struct pt_de
exit:
/* create value for writing to I/O device register */
- throughable_mask = ~bar_emu_mask & valid_mask;
- *value = PT_MERGE_VALUE(*value, dev_value, throughable_mask);
+ *value = PT_MERGE_VALUE(*value, dev_value, 0);
/* After BAR reg update, we need to remap BAR*/
reg_grp_entry = pt_find_reg_grp(ptdev, PCI_COMMAND);
@@ -3632,9 +3804,8 @@ static int pt_exp_rom_bar_reg_write(stru
PCIDevice *d = (PCIDevice *)&ptdev->dev;
PCIIORegion *r;
uint32_t writable_mask = 0;
- uint32_t throughable_mask = 0;
+ uint32_t throughable_mask = get_throughable_mask(ptdev, reg, valid_mask);
uint32_t r_size = 0;
- uint32_t bar_emu_mask = 0;
uint32_t bar_ro_mask = 0;
r = &d->io_regions[PCI_ROM_SLOT];
@@ -3644,7 +3815,6 @@ static int pt_exp_rom_bar_reg_write(stru
PT_GET_EMUL_SIZE(base->bar_flag, r_size);
/* set emulate mask and read-only mask */
- bar_emu_mask = reg->emu_mask;
bar_ro_mask = (reg->ro_mask | (r_size - 1)) & ~PCI_ROM_ADDRESS_ENABLE;
/* modify emulate register */
@@ -3664,7 +3834,6 @@ static int pt_exp_rom_bar_reg_write(stru
r->addr = cfg_entry->data;
/* create value for writing to I/O device register */
- throughable_mask = ~bar_emu_mask & valid_mask;
*value = PT_MERGE_VALUE(*value, dev_value, throughable_mask);
/* After BAR reg update, we need to remap BAR*/
@@ -3688,22 +3857,18 @@ static int pt_pmcsr_reg_write(struct pt_
{
struct pt_reg_info_tbl *reg = cfg_entry->reg;
PCIDevice *d = &ptdev->dev;
- uint16_t emu_mask = reg->emu_mask;
uint16_t writable_mask = 0;
- uint16_t throughable_mask = 0;
+ uint16_t throughable_mask = get_throughable_mask(ptdev, reg, valid_mask);
struct pt_pm_info *pm_state = ptdev->pm_state;
uint16_t read_val = 0;
- if (!ptdev->power_mgmt)
- emu_mask |= PCI_PM_CTRL_STATE_MASK | PCI_PM_CTRL_NO_SOFT_RESET;
-
/* modify emulate register */
- writable_mask = emu_mask & ~reg->ro_mask & valid_mask;
+ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~emu_mask & valid_mask;
- *value = PT_MERGE_VALUE(*value, dev_value, throughable_mask);
+ *value = PT_MERGE_VALUE(*value, dev_value & ~PCI_PM_CTRL_PME_STATUS,
+ throughable_mask);
if (!ptdev->power_mgmt)
return 0;
@@ -3810,7 +3975,7 @@ static int pt_msgctrl_reg_write(struct p
{
struct pt_reg_info_tbl *reg = cfg_entry->reg;
uint16_t writable_mask = 0;
- uint16_t throughable_mask = 0;
+ uint16_t throughable_mask = get_throughable_mask(ptdev, reg, valid_mask);
uint16_t old_ctrl = cfg_entry->data;
PCIDevice *pd = (PCIDevice *)ptdev;
uint16_t val;
@@ -3821,6 +3986,11 @@ static int pt_msgctrl_reg_write(struct p
/* modify emulate register */
writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ /* also emulate MSI_ENABLE bit for MSI-INTx translation */
+ if (ptdev->msi_trans_en) {
+ writable_mask |= PCI_MSI_FLAGS_ENABLE & valid_mask;
+ throughable_mask &= ~PCI_MSI_FLAGS_ENABLE;
+ }
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* update the msi_info too */
ptdev->msi->flags |= cfg_entry->data &
@@ -3828,7 +3998,6 @@ static int pt_msgctrl_reg_write(struct p
/* create value for writing to I/O device register */
val = *value;
- throughable_mask = ~reg->emu_mask & valid_mask;
*value = PT_MERGE_VALUE(*value, dev_value, throughable_mask);
/* update MSI */
@@ -3868,12 +4037,6 @@ static int pt_msgctrl_reg_write(struct p
else
ptdev->msi->flags &= ~PCI_MSI_FLAGS_ENABLE;
- /* pass through MSI_ENABLE bit when no MSI-INTx translation */
- if (!ptdev->msi_trans_en) {
- *value &= ~PCI_MSI_FLAGS_ENABLE;
- *value |= val & PCI_MSI_FLAGS_ENABLE;
- }
-
return 0;
}
@@ -3884,7 +4047,6 @@ static int pt_msgaddr32_reg_write(struct
{
struct pt_reg_info_tbl *reg = cfg_entry->reg;
uint32_t writable_mask = 0;
- uint32_t throughable_mask = 0;
uint32_t old_addr = cfg_entry->data;
/* modify emulate register */
@@ -3894,8 +4056,7 @@ static int pt_msgaddr32_reg_write(struct
ptdev->msi->addr_lo = cfg_entry->data;
/* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
- *value = PT_MERGE_VALUE(*value, dev_value, throughable_mask);
+ *value = PT_MERGE_VALUE(*value, dev_value, 0);
/* update MSI */
if (cfg_entry->data != old_addr)
@@ -3914,7 +4075,6 @@ static int pt_msgaddr64_reg_write(struct
{
struct pt_reg_info_tbl *reg = cfg_entry->reg;
uint32_t writable_mask = 0;
- uint32_t throughable_mask = 0;
uint32_t old_addr = cfg_entry->data;
/* check whether the type is 64 bit or not */
@@ -3932,8 +4092,7 @@ static int pt_msgaddr64_reg_write(struct
ptdev->msi->addr_hi = cfg_entry->data;
/* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
- *value = PT_MERGE_VALUE(*value, dev_value, throughable_mask);
+ *value = PT_MERGE_VALUE(*value, dev_value, 0);
/* update MSI */
if (cfg_entry->data != old_addr)
@@ -3953,7 +4112,6 @@ static int pt_msgdata_reg_write(struct p
{
struct pt_reg_info_tbl *reg = cfg_entry->reg;
uint16_t writable_mask = 0;
- uint16_t throughable_mask = 0;
uint16_t old_data = cfg_entry->data;
uint32_t flags = ptdev->msi->flags;
uint32_t offset = reg->offset;
@@ -3974,8 +4132,7 @@ static int pt_msgdata_reg_write(struct p
ptdev->msi->data = cfg_entry->data;
/* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
- *value = PT_MERGE_VALUE(*value, dev_value, throughable_mask);
+ *value = PT_MERGE_VALUE(*value, dev_value, 0);
/* update MSI */
if (cfg_entry->data != old_data)
@@ -3994,7 +4151,7 @@ static int pt_msixctrl_reg_write(struct
{
struct pt_reg_info_tbl *reg = cfg_entry->reg;
uint16_t writable_mask = 0;
- uint16_t throughable_mask = 0;
+ uint16_t throughable_mask = get_throughable_mask(ptdev, reg, valid_mask);
uint16_t old_ctrl = cfg_entry->data;
/* modify emulate register */
@@ -4002,7 +4159,6 @@ static int pt_msixctrl_reg_write(struct
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~reg->emu_mask & valid_mask;
*value = PT_MERGE_VALUE(*value, dev_value, throughable_mask);
/* update MSI-X */
@@ -4206,7 +4362,7 @@ static struct pt_dev * register_real_dev
struct pci_dev *pci_dev;
uint8_t e_device, e_intx;
char *key, *val;
- int msi_translate, power_mgmt;
+ int msi_translate, power_mgmt, permissive = 0;
PT_LOG("Assigning real physical device %02x:%02x.%x ...\n",
r_bus, r_dev, r_func);
@@ -4250,6 +4406,8 @@ static struct pt_dev * register_real_dev
else
PT_LOG("Error: unrecognized value for msitranslate=\n");
}
+ else if (strcmp(key, "permissive") == 0)
+ permissive = 1;
else if (strcmp(key, "power_mgmt") == 0)
{
if (strcmp(val, "0") == 0)
@@ -4287,6 +4445,7 @@ static struct pt_dev * register_real_dev
assigned_device->msi_trans_cap = msi_translate;
assigned_device->power_mgmt = power_mgmt;
assigned_device->is_virtfn = pt_dev_is_virtfn(pci_dev);
+ assigned_device->permissive = permissive;
pt_iomul_init(assigned_device, r_bus, r_dev, r_func);
/* Initialize virtualized PCI configuration (Extended 256 Bytes) */

View file

@ -1,8 +1,24 @@
$NetBSD: patch-qemu-xen-traditional_hw_pass-through.h,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-qemu-xen-traditional_hw_pass-through.h,v 1.2 2015/08/23 16:17:12 spz Exp $
--- qemu-xen-traditional/hw/pass-through.h.orig 2012-05-24 15:57:12.000000000 +0200
+++ qemu-xen-traditional/hw/pass-through.h 2012-05-24 15:58:46.000000000 +0200
@@ -20,8 +20,13 @@
patch for CVE-2015-4103 aka XSA-128 from
http://xenbits.xen.org/xsa/xsa128-qemut.patch
patch for CVE-2015-4104 aka XSA-129 from
http://xenbits.xen.org/xsa/xsa129-qemut.patch
patch for CVE-2015-4105 aka XSA-130 from
http://xenbits.xen.org/xsa/xsa130-qemut.patch
patch for CVE-2015-4106 aka XSA-131 from
http://xenbits.xen.org/xsa/xsa131-qemut-6.patch
http://xenbits.xen.org/xsa/xsa131-qemut-7.patch
http://xenbits.xen.org/xsa/xsa131-qemut-8.patch
fix up pci include path for NetBSD
--- qemu-xen-traditional/hw/pass-through.h.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/hw/pass-through.h
@@ -20,14 +20,19 @@
#include "hw.h"
#include "pci.h"
@ -16,3 +32,62 @@ $NetBSD: patch-qemu-xen-traditional_hw_pass-through.h,v 1.1 2013/05/15 06:58:50
#include "exec-all.h"
#include "sys-queue.h"
#include "qemu-timer.h"
/* Log acesss */
-#define PT_LOGGING_ENABLED
+/* #define PT_LOGGING_ENABLED */
/* Print errors even if logging is disabled */
#define PT_ERR(_f, _a...) fprintf(logfile, "%s: " _f, __func__, ##_a)
@@ -84,6 +89,12 @@
#define PCI_MSI_FLAGS_MASK_BIT 0x0100
#endif
+#ifndef PCI_MSI_MASK_32
+/* interrupt masking register */
+#define PCI_MSI_MASK_32 12
+#define PCI_MSI_MASK_64 16
+#endif
+
#ifndef PCI_EXP_TYPE_PCIE_BRIDGE
/* PCI/PCI-X to PCIE Bridge */
#define PCI_EXP_TYPE_PCIE_BRIDGE 0x8
@@ -99,6 +110,14 @@
#define PCI_EXP_TYPE_ROOT_EC 0xa
#endif
+#ifndef PCI_VPD_ADDR
+/* Vital Product Data */
+#define PCI_VPD_ADDR 2 /* Address to access (15 bits!) */
+#define PCI_VPD_ADDR_MASK 0x7fff /* Address mask */
+#define PCI_VPD_ADDR_F 0x8000 /* Write 0, 1 indicates completion */
+#define PCI_VPD_DATA 4 /* 32-bits of data returned here */
+#endif
+
#ifndef PCI_ERR_UNCOR_MASK
/* Uncorrectable Error Mask */
#define PCI_ERR_UNCOR_MASK 8
@@ -234,6 +253,8 @@ struct pt_dev {
unsigned power_mgmt:1;
struct pt_pm_info *pm_state; /* PM virtualization */
unsigned is_virtfn:1;
+ unsigned permissive:1;
+ unsigned permissive_warned:1;
/* io port multiplexing */
#define PCI_IOMUL_INVALID_FD (-1)
@@ -368,12 +389,12 @@ struct pt_reg_info_tbl {
uint32_t size;
/* reg initial value */
uint32_t init_val;
+ /* reg reserved field mask (ON:reserved, OFF:defined) */
+ uint32_t res_mask;
/* reg read only field mask (ON:RO/ROS, OFF:other) */
uint32_t ro_mask;
/* reg emulate field mask (ON:emu, OFF:passthrough) */
uint32_t emu_mask;
- /* no write back allowed */
- uint32_t no_wb;
/* emul reg initialize method */
conf_reg_init init;
union {

View file

@ -1,7 +1,7 @@
$NetBSD: patch-qemu-xen-traditional_hw_piix4acpi.c,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-qemu-xen-traditional_hw_piix4acpi.c,v 1.2 2015/08/23 16:17:12 spz Exp $
--- qemu-xen-traditional/hw/piix4acpi.c.orig 2012-05-30 10:21:32.000000000 +0200
+++ qemu-xen-traditional/hw/piix4acpi.c 2012-05-30 10:23:11.000000000 +0200
--- qemu-xen-traditional/hw/piix4acpi.c.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/hw/piix4acpi.c
@@ -41,8 +41,12 @@
#define PIIX4ACPI_LOG(level, fmt, ...) do { if (level <= PIIX4ACPI_LOGLEVEL) qemu_log(fmt, ## __VA_ARGS__); } while (0)

View file

@ -1,7 +1,7 @@
$NetBSD: patch-qemu-xen-traditional_hw_pt-graphics.c,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-qemu-xen-traditional_hw_pt-graphics.c,v 1.2 2015/08/23 16:17:12 spz Exp $
--- qemu-xen-traditional/hw/pt-graphics.c.orig 2012-05-24 16:16:49.000000000 +0200
+++ qemu-xen-traditional/hw/pt-graphics.c 2012-05-24 16:16:55.000000000 +0200
--- qemu-xen-traditional/hw/pt-graphics.c.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/hw/pt-graphics.c
@@ -3,8 +3,6 @@
*/

View file

@ -1,7 +1,7 @@
$NetBSD: patch-qemu-xen-traditional_hw_pt-msi.c,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-qemu-xen-traditional_hw_pt-msi.c,v 1.2 2015/08/23 16:17:12 spz Exp $
--- qemu-xen-traditional/hw/pt-msi.c.orig 2012-05-24 13:27:50.000000000 +0200
+++ qemu-xen-traditional/hw/pt-msi.c 2012-05-24 13:28:42.000000000 +0200
--- qemu-xen-traditional/hw/pt-msi.c.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/hw/pt-msi.c
@@ -22,6 +22,10 @@
#include "pt-msi.h"
#include <sys/mman.h>

View file

@ -1,7 +1,7 @@
$NetBSD: patch-qemu-xen-traditional_hw_pt-msi.h,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-qemu-xen-traditional_hw_pt-msi.h,v 1.2 2015/08/23 16:17:12 spz Exp $
--- qemu-xen-traditional/hw/pt-msi.h.orig 2012-05-24 16:09:24.000000000 +0200
+++ qemu-xen-traditional/hw/pt-msi.h 2012-05-24 16:15:19.000000000 +0200
--- qemu-xen-traditional/hw/pt-msi.h.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/hw/pt-msi.h
@@ -1,7 +1,6 @@
#ifndef _PT_MSI_H
#define _PT_MSI_H

View file

@ -1,8 +1,8 @@
$NetBSD: patch-qemu-xen-traditional_i386-dm_hookstarget.mak,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-qemu-xen-traditional_i386-dm_hookstarget.mak,v 1.2 2015/08/23 16:17:12 spz Exp $
--- qemu-xen-traditional/i386-dm/hookstarget.mak.orig 2011-04-15 11:45:21.000000000 +0200
+++ qemu-xen-traditional/i386-dm/hookstarget.mak 2011-04-15 11:46:36.000000000 +0200
@@ -2,5 +2,5 @@
--- qemu-xen-traditional/i386-dm/hookstarget.mak.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/i386-dm/hookstarget.mak
@@ -2,5 +2,5 @@ IOEMU_OS=$(shell uname -s)
install-hook:
$(INSTALL_DIR) "$(DESTDIR)/$(bindir)"

View file

@ -1,10 +1,10 @@
$NetBSD: patch-qemu-xen-traditional_xen-hooks.mak,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-qemu-xen-traditional_xen-hooks.mak,v 1.2 2015/08/23 16:17:12 spz Exp $
enable PCI passthrough when pciutils is present
--- qemu-xen-traditional/xen-hooks.mak.orig 2012-05-24 15:41:11.000000000 +0200
+++ qemu-xen-traditional/xen-hooks.mak 2012-05-24 15:46:21.000000000 +0200
@@ -55,17 +55,25 @@
--- qemu-xen-traditional/xen-hooks.mak.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/xen-hooks.mak
@@ -57,17 +57,25 @@ endif
ifdef CONFIG_STUBDOM
CONFIG_PASSTHROUGH=1
else

View file

@ -1,8 +1,8 @@
$NetBSD: patch-qemu-xen_audio_audio.c,v 1.1 2013/05/26 20:27:43 bouyer Exp $
$NetBSD: patch-qemu-xen_audio_audio.c,v 1.2 2015/08/23 16:17:12 spz Exp $
--- qemu-xen/audio/audio.c.orig 2013-05-26 20:24:36.000000000 +0200
+++ qemu-xen/audio/audio.c 2013-05-26 20:24:39.000000000 +0200
@@ -1162,6 +1162,7 @@
--- qemu-xen/audio/audio.c.orig 2013-10-10 14:15:47.000000000 +0000
+++ qemu-xen/audio/audio.c
@@ -1162,6 +1162,7 @@ int AUD_read (SWVoiceIn *sw, void *buf,
return 0;
}

View file

@ -1,8 +1,8 @@
$NetBSD: patch-qemu-xen_fpu_softfloat-specialize.h,v 1.1 2013/05/26 20:27:43 bouyer Exp $
$NetBSD: patch-qemu-xen_fpu_softfloat-specialize.h,v 1.2 2015/08/23 16:17:12 spz Exp $
--- qemu-xen/fpu/softfloat-specialize.h.orig 2013-05-26 21:19:30.000000000 +0200
+++ qemu-xen/fpu/softfloat-specialize.h 2013-05-26 21:20:25.000000000 +0200
@@ -89,8 +89,8 @@
--- qemu-xen/fpu/softfloat-specialize.h.orig 2013-10-10 14:15:47.000000000 +0000
+++ qemu-xen/fpu/softfloat-specialize.h
@@ -89,8 +89,8 @@ const float64 float64_default_nan = cons
#define floatx80_default_nan_low LIT64( 0xC000000000000000 )
#endif
@ -13,7 +13,7 @@ $NetBSD: patch-qemu-xen_fpu_softfloat-specialize.h,v 1.1 2013/05/26 20:27:43 bou
/*----------------------------------------------------------------------------
| The pattern for a default generated quadruple-precision NaN. The `high' and
@@ -104,8 +104,8 @@
@@ -104,8 +104,8 @@ const floatx80 floatx80_default_nan = ma
#define float128_default_nan_low LIT64( 0x0000000000000000 )
#endif

View file

@ -1,8 +1,8 @@
$NetBSD: patch-qemu-xen_ioport.c,v 1.1 2013/05/26 20:27:43 bouyer Exp $
$NetBSD: patch-qemu-xen_ioport.c,v 1.2 2015/08/23 16:17:12 spz Exp $
--- qemu-xen/ioport.c.orig 2013-05-26 20:28:24.000000000 +0200
+++ qemu-xen/ioport.c 2013-05-26 20:28:28.000000000 +0200
@@ -177,6 +177,7 @@
--- qemu-xen/ioport.c.orig 2013-10-10 14:15:47.000000000 +0000
+++ qemu-xen/ioport.c
@@ -177,6 +177,7 @@ int register_ioport_write(pio_addr_t sta
return 0;
}

View file

@ -1,8 +1,8 @@
$NetBSD: patch-qemu-xen_memory.c,v 1.1 2013/05/26 20:27:43 bouyer Exp $
$NetBSD: patch-qemu-xen_memory.c,v 1.2 2015/08/23 16:17:12 spz Exp $
--- qemu-xen/memory.c.orig 2013-05-26 20:31:37.000000000 +0200
+++ qemu-xen/memory.c 2013-05-26 20:31:22.000000000 +0200
@@ -237,6 +237,7 @@
--- qemu-xen/memory.c.orig 2013-10-10 14:15:47.000000000 +0000
+++ qemu-xen/memory.c
@@ -237,6 +237,7 @@ static void flatview_simplify(FlatView *
}
}

View file

@ -1,8 +1,8 @@
$NetBSD: patch-qemu-xen_qemu-doc.texi,v 1.1 2013/06/17 13:54:02 wiz Exp $
$NetBSD: patch-qemu-xen_qemu-doc.texi,v 1.2 2015/08/23 16:17:12 spz Exp $
Avoid encoding issues in pod2man.
--- qemu-xen/qemu-doc.texi.orig 2013-04-05 23:39:54.000000000 +0000
--- qemu-xen/qemu-doc.texi.orig 2013-10-10 14:15:47.000000000 +0000
+++ qemu-xen/qemu-doc.texi
@@ -225,7 +225,7 @@ VGA BIOS.
QEMU uses YM3812 emulation by Tatsuyuki Satoh.

View file

@ -1,8 +1,8 @@
$NetBSD: patch-xentrace_Makefile,v 1.1 2013/05/15 06:58:50 jnemeth Exp $
$NetBSD: patch-xentrace_Makefile,v 1.2 2015/08/23 16:17:12 spz Exp $
--- xentrace/Makefile.orig 2010-04-07 16:12:05.000000000 +0000
--- xentrace/Makefile.orig 2014-09-02 06:22:57.000000000 +0000
+++ xentrace/Makefile
@@ -43,6 +43,7 @@ install: build
@@ -29,6 +29,7 @@ install: build
[ -z "$(LIBBIN)" ] || $(INSTALL_PROG) $(LIBBIN) $(DESTDIR)$(PRIVATE_BINDIR)
$(INSTALL_DATA) $(MAN1) $(DESTDIR)$(MAN1DIR)
$(INSTALL_DATA) $(MAN8) $(DESTDIR)$(MAN8DIR)