f839698456
functional for PV domains. Support for HVM domains and grant tables
is still to come. Note that xm/xend is deprecated in this version.
You should switch to using xl (which is tested to be working) if
you can.
----- 4.2.2
Xen 4.2.2 is a maintenance release in the 4.2 series and contains:
We recommend that all users of Xen 4.2.1 upgrade to Xen 4.2.2.
This release fixes the following critical vulnerabilities:
CVE-2012-5634 / XSA-33: VT-d interrupt remapping source
validation flaw
CVE-2013-0151 / XSA-34: nested virtualization on 32-bit
exposes host crash
CVE-2013-0152 / XSA-35: Nested HVM exposes host to being
driven out of memory by guest
CVE-2013-0153 / XSA-36: interrupt remap entries shared and
old ones not cleared on AMD IOMMUs
CVE-2013-0154 / XSA-37: Hypervisor crash due to incorrect
ASSERT (debug build only)
CVE-2013-0215 / XSA-38: oxenstored incorrect handling of
certain Xenbus ring states
CVE-2012-6075 / XSA-41: qemu (e1000 device driver): Buffer
overflow when processing large packets
CVE-2013-1917 / XSA-44: Xen PV DoS vulnerability with SYSENTER
CVE-2013-1919 / XSA-46: Several access permission issues with
IRQs for unprivileged guests
CVE-2013-1920 / XSA-47: Potential use of freed memory in event
channel operations
CVE-2013-1922 / XSA-48: qemu-nbd format-guessing due to missing
format specification
This release contains many bug fixes and improvements (around
100 since Xen 4.2.1). The highlights are:
ACPI APEI/ERST finally working on production systems
Bug fixes for other low level system state handling
Bug fixes and improvements to the libxl tool stack
Bug fixes to nested virtualization
----- 4.2.1
Xen 4.2.1 is a maintenance release in the 4.2 series and contains:
We recommend that all users of Xen 4.2.0 upgrade to Xen 4.2.1.
The release fixes the following critical vulnerabilities:
CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability
CVE-2012-4537 / XSA-22: Memory mapping failure DoS
vulnerability
CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS
vulnerability
CVE-2012-4539 / XSA-24: Grant table hypercall infinite
loop DoS vulnerability
CVE-2012-4544, CVE-2012-2625 / XSA-25: Xen domain builder
Out-of-memory due to malicious kernel/ramdisk
CVE-2012-5510 / XSA-26: Grant table version switch list
corruption vulnerability
CVE-2012-5511 / XSA-27: Several HVM operations do not
validate the range of their inputs
CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite
hypervisor memory
CVE-2012-5514 / XSA-30: Broken error handling in
guest_physmap_mark_populate_on_demand()
CVE-2012-5515 / XSA-31: Several memory hypercall operations
allow invalid extent order values
CVE-2012-5525 / XSA-32: several hypercalls do not validate
input GFNs
Among many bug fixes and improvements (around 100 since Xen 4.2.0):
A fix for a long standing time management issue
Bug fixes for S3 (suspend to RAM) handling
Bug fixes for other low level system state handling
Bug fixes and improvements to the libxl tool stack
Bug fixes to nested virtualization
----- 4.2.0
The Xen 4.2 release contains a number of important new features
and updates including:
The release incorporates many new features and improvements to
existing features. There are improvements across the board including
to Security, Scalability, Performance and Documentation.
XL is now the default toolstack: Significant effort has gone
in to the XL tool toolstack in this release and it is now feature
complete and robust enough that we have made it the default. This
toolstack can now replace xend in the majority of deployments, see
XL vs Xend Feature Comparison. As well as improving XL the underlying
libxl library has been significantly improved and supports the
majority of the most common toolstack features. In addition the
API has been declared stable which should make it even easier for
external toolstack such as libvirt and XCP's xapi to make full use
of this functionality in the future.
Large Systems: Following on from the improvements made in 4.1
Xen now supports even larger systems, with up to 4095 host CPUs
and up to 512 guest CPUs. In addition toolstack feature like the
ability to automatically create a CPUPOOL per NUMA node and more
intelligent placement of guest VCPUs on NUMA nodes have further
improved the Xen experience on large systems. Other new features,
such as multiple PCI segment support have also made a positive
impact on such systems.
Improved security: The XSM/Flask subsystem has seen several
enhancements, including improved support for disaggregated systems
and a rewritten example policy which is clearer and simpler to
modify to suit local requirements.
Documentation: The Xen documentation has been much improved,
both the in-tree documentation and the wiki. This is in no small
part down to the success of the Xen Document Days so thanks to all
who have taken part.
129 lines
3.4 KiB
Bash
129 lines
3.4 KiB
Bash
#!@RCD_SCRIPTS_SHELL@
|
|
#
|
|
# PROVIDE: xendomains
|
|
# REQUIRE: xend
|
|
# KEYWORD: shutdown
|
|
#
|
|
# xendomains This required variable is a whitespace-separated
|
|
# list of domains, e.g., xendomains="dom1 dom2 dom3".
|
|
#
|
|
# xendomains_config This optional variable is a format string that
|
|
# represents the path to the configuration file for
|
|
# each domain. "%s" is substituted with the name of
|
|
# the domain. The default is "@PKG_SYSCONFDIR@/%s".
|
|
#
|
|
# xendomains_prehook This optional variable is a format string that
|
|
# represents the command to run, if it exists, before
|
|
# starting each domain. "%s" is substituted with the
|
|
# name of the domain. The default is
|
|
# "@PKG_SYSCONFDIR@/%s-pre".
|
|
#
|
|
# xendomains_posthook This optional variable is a format string that
|
|
# represents the command to run, if it exists, after
|
|
# stopping each domain. "%s" is substituted with the
|
|
# name of the domain. The default is
|
|
# "@PKG_SYSCONFDIR@/%s-post".
|
|
#
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="xendomains"
|
|
ctl_command="@PREFIX@/sbin/xl"
|
|
start_cmd="xendomains_start"
|
|
stop_cmd="xendomains_stop"
|
|
list_cmd="xendomains_list"
|
|
extra_commands="list"
|
|
required_files="/kern/xen/privcmd"
|
|
|
|
xendomains_start()
|
|
{
|
|
[ -n "$xendomains" ] || return
|
|
|
|
echo "Starting xen domains."
|
|
for domain in $xendomains; do
|
|
case "$domain" in
|
|
"") continue ;;
|
|
esac
|
|
|
|
# Start off by running the pre-hook script if it's present.
|
|
if [ -n "${xendomains_prehook}" ]; then
|
|
cmdline=`printf "${xendomains_prehook}" $domain`
|
|
cmd="${cmdline%% *}"
|
|
if [ -x "$cmd" ]; then
|
|
if ! $cmdline; then
|
|
echo "Pre-hook \`\`$cmdline'' failed... skipping $domain."
|
|
continue
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
# Ask xend to create the domain.
|
|
if [ -n "${xendomains_config}" ]; then
|
|
file=`printf "${xendomains_config}" $domain`
|
|
if [ -f "$file" ]; then
|
|
${ctl_command} create "$file"
|
|
fi
|
|
fi
|
|
done
|
|
}
|
|
|
|
xendomains_list() {
|
|
# Output a whitespace-separated list of live guest domains.
|
|
${ctl_command} list | awk '
|
|
(FNR <= 2) { next }
|
|
($5 !~ /s/) { s = s " " $1 }
|
|
END { sub(" *", "", s); print s }'
|
|
}
|
|
|
|
xendomains_stop()
|
|
{
|
|
# Determine an appropriate timeout waiting for all domains to
|
|
# stop -- always wait at least 60s, and add 5s per active domain.
|
|
#
|
|
numdomains=$(xendomains_list | awk '{ print NF }')
|
|
[ $numdomains -gt 0 ] || return
|
|
timeout=$((60 + numdomains * 5))
|
|
|
|
# Ask xend to stop every domain, and poll xend every 10s up to the
|
|
# timeout period to check if all the domains are stopped. We
|
|
# consider a domain in the "s" (shutdown) state to be stopped.
|
|
#
|
|
echo "Stopping xen domains."
|
|
for domain in $(xendomains_list); do
|
|
${ctl_command} shutdown $domain
|
|
done
|
|
while [ $timeout -gt 0 ]; do
|
|
livedomains=$(xendomains_list)
|
|
[ -n "$livedomains" ] || break
|
|
timeout=$((timeout - 10))
|
|
sleep 10
|
|
done
|
|
livedomains=$(xendomains_list)
|
|
if [ -n "$livedomains" ]; then
|
|
echo "Failed to stop: $livedomains"
|
|
else
|
|
echo "All domains stopped."
|
|
fi
|
|
|
|
# Finish off by running the post-hook script if it's present.
|
|
for domain in $xendomains; do
|
|
case "$domain" in
|
|
"") continue ;;
|
|
esac
|
|
if [ -n "${xendomains_posthook}" ]; then
|
|
cmdline=`printf "${xendomains_posthook}" $domain`
|
|
cmd="${cmdline%% *}"
|
|
if [ -x "$cmd" ]; then
|
|
$cmdline || echo "Post-hook \`\`$cmdline'' failed."
|
|
fi
|
|
fi
|
|
done
|
|
}
|
|
|
|
load_rc_config $name
|
|
|
|
: ${xendomains_config="@PKG_SYSCONFDIR@/%s"}
|
|
: ${xendomains_prehook="@PKG_SYSCONFDIR@/%s-pre"}
|
|
: ${xendomains_posthook="@PKG_SYSCONFDIR@/%s-post"}
|
|
|
|
run_rc_command "$1"
|