Miroirs/slackbuilds_ponce
1
0
Fork 0
mirror of https://github.com/Ponce/slackbuilds synced 2024-11-21 19:42:24 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

system/xen: Updated for version 4.18.0.

Browse source 
Signed-off-by: Mario Preksavec <mario@slackware.hr>

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
This commit is contained in:
Mario Preksavec 2023-12-11 22:07:50 +01:00 committed by Willy Sudiarto Raharjo
parent 016590cf6e
commit 1fcd94ebe9
No known key found for this signature in database
GPG key ID: 3F617144D7238786
10 changed files with 197 additions and 199 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
system/xen/dom0/config-5.15.94-xen.x86_64 → system/xen/dom0/config-5.15.139-xen.x86_64
View file

@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 5.15.94 Kernel Configuration
# Linux/x86 5.15.139 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0"
CONFIG_CC_IS_GCC=y
@ -18,6 +18,7 @@ CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
CONFIG_CC_HAS_ASM_INLINE=y
CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
CONFIG_PAHOLE_VERSION=0
CONFIG_IRQ_WORK=y
CONFIG_BUILDTIME_TABLE_SORT=y
CONFIG_THREAD_INFO_IN_TASK=y
@ -442,7 +443,7 @@ CONFIG_I8K=m
CONFIG_MICROCODE=y
CONFIG_MICROCODE_INTEL=y
CONFIG_MICROCODE_AMD=y
CONFIG_MICROCODE_OLD_INTERFACE=y
# CONFIG_MICROCODE_LATE_LOADING is not set
CONFIG_X86_MSR=y
CONFIG_X86_CPUID=y
# CONFIG_X86_5LEVEL is not set
@ -525,6 +526,8 @@ CONFIG_RETHUNK=y
CONFIG_CPU_UNRET_ENTRY=y
CONFIG_CPU_IBPB_ENTRY=y
CONFIG_CPU_IBRS_ENTRY=y
CONFIG_CPU_SRSO=y
# CONFIG_GDS_FORCE_MITIGATION is not set
CONFIG_ARCH_HAS_ADD_PAGES=y
CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y
CONFIG_USE_PERCPU_NUMA_NODE_ID=y
@ -756,6 +759,7 @@ CONFIG_GENERIC_SMP_IDLE_THREAD=y
CONFIG_ARCH_HAS_FORTIFY_SOURCE=y
CONFIG_ARCH_HAS_SET_MEMORY=y
CONFIG_ARCH_HAS_SET_DIRECT_MAP=y
CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y
CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y
CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y
CONFIG_ARCH_WANTS_NO_INSTR=y
@ -1517,13 +1521,6 @@ CONFIG_IP6_NF_TARGET_NPT=m
# end of IPv6: Netfilter Configuration
CONFIG_NF_DEFRAG_IPV6=m
#
# DECnet: Netfilter Configuration
#
# CONFIG_DECNET_NF_GRABULATOR is not set
# end of DECnet: Netfilter Configuration
CONFIG_NF_TABLES_BRIDGE=m
CONFIG_NFT_BRIDGE_META=m
CONFIG_NFT_BRIDGE_REJECT=m
@ -1627,8 +1624,6 @@ CONFIG_NET_DSA_TAG_XRS700X=m
CONFIG_VLAN_8021Q=m
CONFIG_VLAN_8021Q_GVRP=y
CONFIG_VLAN_8021Q_MVRP=y
CONFIG_DECNET=m
# CONFIG_DECNET_ROUTER is not set
CONFIG_LLC=m
CONFIG_LLC2=m
CONFIG_ATALK=m
@ -1703,14 +1698,11 @@ CONFIG_NET_SCH_ETS=m
#
CONFIG_NET_CLS=y
CONFIG_NET_CLS_BASIC=m
CONFIG_NET_CLS_TCINDEX=m
CONFIG_NET_CLS_ROUTE4=m
CONFIG_NET_CLS_FW=m
CONFIG_NET_CLS_U32=m
# CONFIG_CLS_U32_PERF is not set
CONFIG_CLS_U32_MARK=y
CONFIG_NET_CLS_RSVP=m
CONFIG_NET_CLS_RSVP6=m
CONFIG_NET_CLS_FLOW=m
CONFIG_NET_CLS_CGROUP=y
CONFIG_NET_CLS_BPF=m
@ -2528,7 +2520,6 @@ CONFIG_BLK_DEV_CRYPTOLOOP=m
CONFIG_BLK_DEV_DRBD=m
# CONFIG_DRBD_FAULT_INJECTION is not set
CONFIG_BLK_DEV_NBD=m
CONFIG_BLK_DEV_SX8=m
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_COUNT=16
CONFIG_BLK_DEV_RAM_SIZE=16384
@ -8173,9 +8164,10 @@ CONFIG_AMILO_RFKILL=m
CONFIG_FUJITSU_LAPTOP=m
CONFIG_FUJITSU_TABLET=m
CONFIG_GPD_POCKET_FAN=m
CONFIG_X86_PLATFORM_DRIVERS_HP=y
CONFIG_HP_ACCEL=m
CONFIG_WIRELESS_HOTKEY=m
CONFIG_HP_WMI=m
CONFIG_WIRELESS_HOTKEY=m
CONFIG_IBM_RTL=m
CONFIG_IDEAPAD_LAPTOP=m
CONFIG_SENSORS_HDAPS=m
@ -8571,6 +8563,11 @@ CONFIG_VIPERBOARD_ADC=m
CONFIG_XILINX_XADC=m
# end of Analog to digital converters
#
# Analog to digital and digital to analog converters
#
# end of Analog to digital and digital to analog converters
#
# Analog Front Ends
#

4
system/xen/dom0/kernel-xen.sh
View file

@ -5,8 +5,8 @@
# Written by Chris Abela <chris.abela@maltats.com>, 20100515
# Modified by Mario Preksavec <mario@slackware.hr>
KERNEL=${KERNEL:-5.15.94}
XEN=${XEN:-4.17.1}
KERNEL=${KERNEL:-5.15.139}
XEN=${XEN:-4.18.0}
ROOTMOD=${ROOTMOD:-ext4}
ROOTFS=${ROOTFS:-ext4}

2
system/xen/domU/domU.sh
View file

@ -7,7 +7,7 @@
set -e
KERNEL=${KERNEL:-5.15.94}
KERNEL=${KERNEL:-5.15.139}
# Build an image for the root file system and another for the swap
# Default values : 8GB and 500MB resepectively.

38
system/xen/patches/edk2-ovmf-202105-werror.patch
View file

@ -1,38 +0,0 @@
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index 498696e..8a360f4 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -1863,7 +1863,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_N
*_*_*_DTCPP_PATH = DEF(DTCPP_BIN)
*_*_*_DTC_PATH = DEF(DTC_BIN)
-DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common
+DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Wno-array-bounds -include AutoGen.h -fno-common
DEFINE GCC_IA32_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe
DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-address -mno-stack-arg-probe
DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -mfloat-abi=soft -fno-pic -fno-pie
diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile
index 0df728f..49f9706 100644
--- a/BaseTools/Source/C/Makefiles/header.makefile
+++ b/BaseTools/Source/C/Makefiles/header.makefile
@@ -82,17 +82,17 @@ BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS)
ifeq ($(DARWIN),Darwin)
# assume clang or clang compatible flags on OS X
-BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
+BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall \
-Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g
else
ifeq ($(CXX), llvm)
BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
--fno-delete-null-pointer-checks -Wall -Werror \
+-fno-delete-null-pointer-checks -Wall \
-Wno-deprecated-declarations -Wno-self-assign \
-Wno-unused-result -nostdlib -g
else
BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
--fno-delete-null-pointer-checks -Wall -Werror \
+-fno-delete-null-pointer-checks -Wall \
-Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \
-Wno-unused-result -nostdlib -g
endif

34
system/xen/patches/edk2-ovmf-werror.diff Normal file
View file

@ -0,0 +1,34 @@
--- xen-4.18.0/tools/firmware/ovmf-dir-remote/BaseTools/Conf/tools_def.template.ORIG 2023-05-24 14:59:54.000000000 +0200
+++ xen-4.18.0/tools/firmware/ovmf-dir-remote/BaseTools/Conf/tools_def.template 2023-12-05 03:34:17.395390728 +0100
@@ -739,7 +739,7 @@
*_*_*_DTCPP_PATH = DEF(DTCPP_BIN)
*_*_*_DTC_PATH = DEF(DTC_BIN)
-DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common
+DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Wno-array-bounds -include AutoGen.h -fno-common
DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie
DEFINE GCC_LOONGARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -fno-plt -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections
DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
--- xen-4.18.0/tools/firmware/ovmf-dir-remote/BaseTools/Source/C/Makefiles/header.makefile.ORIG 2023-05-24 14:59:54.000000000 +0200
+++ xen-4.18.0/tools/firmware/ovmf-dir-remote/BaseTools/Source/C/Makefiles/header.makefile 2023-12-05 03:36:03.531794147 +0100
@@ -89,17 +89,17 @@
ifeq ($(DARWIN),Darwin)
# assume clang or clang compatible flags on OS X
-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
+CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall \
-Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g
else
ifneq ($(CLANG),)
CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
--fno-delete-null-pointer-checks -Wall -Werror \
+-fno-delete-null-pointer-checks -Wall \
-Wno-deprecated-declarations -Wno-self-assign \
-Wno-unused-result -nostdlib -g
else
CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
--fno-delete-null-pointer-checks -Wall -Werror \
+-fno-delete-null-pointer-checks -Wall \
-Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \
-Wno-unused-result -nostdlib -g
endif

123
system/xen/patches/qemu-remove-password-option-for-spice.patch Normal file
View file

@ -0,0 +1,123 @@
From 36debafddd788066be10b33c5f11b984a08e5c85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Thu, 1 Dec 2022 04:22:11 -0500
Subject: [PATCH] ui: remove deprecated 'password' option for SPICE
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This has been replaced by the 'password-secret' option,
which references a 'secret' object instance.
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
docs/about/deprecated.rst | 8 --------
docs/about/removed-features.rst | 7 +++++++
qemu-options.hx | 9 +--------
ui/spice-core.c | 15 ---------------
4 files changed, 8 insertions(+), 31 deletions(-)
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index d31ffa86d40..2827b0c0beb 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -66,14 +66,6 @@ and will cause a warning.
The replacement for the ``nodelay`` short-form boolean option is ``nodelay=on``
rather than ``delay=off``.
-``-spice password=string`` (since 6.0)
-''''''''''''''''''''''''''''''''''''''
-
-This option is insecure because the SPICE password remains visible in
-the process listing. This is replaced by the new ``password-secret``
-option which lets the password be securely provided on the command
-line using a ``secret`` object instance.
-
``-smp`` ("parameter=0" SMP configurations) (since 6.2)
'''''''''''''''''''''''''''''''''''''''''''''''''''''''
diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
index 4a84e6174fe..e901637ce5f 100644
--- a/docs/about/removed-features.rst
+++ b/docs/about/removed-features.rst
@@ -428,6 +428,13 @@ respectively. The actual backend names should be used instead.
Use ``-drive if=pflash`` to configure the OTP device of the sifive_u
RISC-V machine instead.
+``-spice password=string`` (removed in 8.0)
+'''''''''''''''''''''''''''''''''''''''''''
+
+This option was insecure because the SPICE password remained visible in
+the process listing. This was replaced by the new ``password-secret``
+option which lets the password be securely provided on the command
+line using a ``secret`` object instance.
QEMU Machine Protocol (QMP) commands
------------------------------------
diff --git a/qemu-options.hx b/qemu-options.hx
index e79ff4d8fb9..cafd8be8eda 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2135,7 +2135,7 @@ DEF("spice", HAS_ARG, QEMU_OPTION_spice,
" [,tls-channel=[main|display|cursor|inputs|record|playback]]\n"
" [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n"
" [,sasl=on|off][,disable-ticketing=on|off]\n"
- " [,password=<string>][,password-secret=<secret-id>]\n"
+ " [,password-secret=<secret-id>]\n"
" [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n"
" [,jpeg-wan-compression=[auto|never|always]]\n"
" [,zlib-glz-wan-compression=[auto|never|always]]\n"
@@ -2161,13 +2161,6 @@ SRST
``ipv4=on|off``; \ ``ipv6=on|off``; \ ``unix=on|off``
Force using the specified IP version.
- ``password=<string>``
- Set the password you need to authenticate.
-
- This option is deprecated and insecure because it leaves the
- password visible in the process listing. Use ``password-secret``
- instead.
-
``password-secret=<secret-id>``
Set the ID of the ``secret`` object containing the password
you need to authenticate.
diff --git a/ui/spice-core.c b/ui/spice-core.c
index 72f8f1681c6..76f7c2bc3d1 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -412,9 +412,6 @@ static QemuOptsList qemu_spice_opts = {
.name = "unix",
.type = QEMU_OPT_BOOL,
#endif
- },{
- .name = "password",
- .type = QEMU_OPT_STRING,
},{
.name = "password-secret",
.type = QEMU_OPT_STRING,
@@ -666,20 +663,8 @@ static void qemu_spice_init(void)
}
passwordSecret = qemu_opt_get(opts, "password-secret");
if (passwordSecret) {
- if (qemu_opt_get(opts, "password")) {
- error_report("'password' option is mutually exclusive with "
- "'password-secret'");
- exit(1);
- }
password = qcrypto_secret_lookup_as_utf8(passwordSecret,
&error_fatal);
- } else {
- str = qemu_opt_get(opts, "password");
- if (str) {
- warn_report("'password' option is deprecated and insecure, "
- "use 'password-secret' instead");
- password = g_strdup(str);
- }
}
if (tls_port) {
--
GitLab

21
system/xen/patches/symlinks_instead_of_hardlinks.diff
View file

@ -1,15 +1,15 @@
--- xen-4.15.0/tools/xenstore/Makefile.orig 2021-04-06 19:14:18.000000000 +0200
+++ xen-4.15.0/tools/xenstore/Makefile 2021-04-09 20:43:12.613910598 +0200
@@ -76,7 +76,7 @@
$(AR) cr $@ $^
--- xen-4.18.0/tools/xs-clients/Makefile.ORIG 2023-11-16 22:44:21.000000000 +0100
+++ xen-4.18.0/tools/xs-clients/Makefile 2023-12-05 03:01:05.801759446 +0100
@@ -29,7 +29,7 @@
clients: xenstore $(CLIENTS) xenstore-control
$(CLIENTS): xenstore
- ln -f xenstore $@
+ ln -sf xenstore $@
xenstore: xenstore_client.o
$(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
@@ -117,7 +117,7 @@
$(CC) $(LDFLAGS) $^ $(LDLIBS) -o $@ $(APPEND_LDFLAGS)
@@ -54,7 +54,7 @@
$(INSTALL_PROG) xenstore-control $(DESTDIR)$(bindir)
$(INSTALL_PROG) xenstore $(DESTDIR)$(bindir)
set -e ; for c in $(CLIENTS) ; do \
@ -18,12 +18,3 @@
done
.PHONY: uninstall
@@ -144,7 +144,7 @@
$(INSTALL_DIR) $(DESTDIR)$(bindir)
$(INSTALL_PROG) xenstore $(DESTDIR)$(bindir)
set -e ; for c in $(CLIENTS) ; do \
- ln -f $(DESTDIR)$(bindir)/xenstore $(DESTDIR)$(bindir)/$${c} ; \
+ ln -sf xenstore $(DESTDIR)$(bindir)/$${c} ; \
done
-include $(DEPS_INCLUDE)

17
system/xen/xen.SlackBuild
View file

@ -25,14 +25,14 @@
cd $(dirname $0) ; CWD=$(pwd)
PRGNAM=xen
VERSION=${VERSION:-4.17.2}
VERSION=${VERSION:-4.18.0}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
PKGTYPE=${PKGTYPE:-tgz}
SEABIOS=${SEABIOS:-1.16.0}
OVMF=${OVMF:-20210824_7b4a99be8a}
IPXE=${IPXE:-3c040ad387099483102708bb1839110bc788cefb}
SEABIOS=${SEABIOS:-1.16.2}
OVMF=${OVMF:-20230524_ba91d0292e}
IPXE=${IPXE:-1d1cf74a5e58811822bee4b3da3cff7282fcdfca}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
@ -169,19 +169,20 @@ patch -p1 <$CWD/patches/stubdom_zlib_disable_man_install.diff
# Fix glibc-2.27 build
if [ "$(ldd --version | awk '{print $NF; exit}')" = "2.27" ]; then
( cd tools/qemu-xen && patch -p1 <$CWD/patches/glibc-memfd_fix_configure_test.patch )
tools/qemu-xen && patch -d tools/qemu-xen -p1 <$CWD/patches/glibc-memfd_fix_configure_test.patch
fi
# Fix ovmf firmware build
( cd tools/firmware/ovmf-dir-remote && \
patch -p1 <$CWD/patches/edk2-ovmf-202105-werror.patch
)
patch -p1 <$CWD/patches/edk2-ovmf-werror.diff
# Fix binutils-2.36 build
if [ "$(objcopy --version | awk '{print $NF; exit}' | cut -d- -f1)" = "2.36" ]; then
patch -p1 <$CWD/patches/qemu-xen-no-pie.diff
fi
# Revert QEMU password removal for spice
patch -d tools/qemu-xen -p1 -R <$CWD/patches/qemu-remove-password-option-for-spice.patch
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \

18
system/xen/xen.info
View file

@ -1,10 +1,10 @@
PRGNAM="xen"
VERSION="4.17.2"
VERSION="4.18.0"
HOMEPAGE="http://www.xenproject.org/"
DOWNLOAD="UNSUPPORTED"
MD5SUM=""
DOWNLOAD_x86_64="http://mirror.slackware.hr/sources/xen/xen-4.17.2.tar.gz \
http://mirror.slackware.hr/sources/xen-extfiles/ipxe-git-3c040ad387099483102708bb1839110bc788cefb.tar.gz \
DOWNLOAD_x86_64="http://mirror.slackware.hr/sources/xen/xen-4.18.0.tar.gz \
http://mirror.slackware.hr/sources/xen-extfiles/ipxe-git-1d1cf74a5e58811822bee4b3da3cff7282fcdfca.tar.gz \
http://mirror.slackware.hr/sources/xen-extfiles/lwip-1.3.0.tar.gz \
http://mirror.slackware.hr/sources/xen-extfiles/zlib-1.2.3.tar.gz \
http://mirror.slackware.hr/sources/xen-extfiles/newlib-1.16.0.tar.gz \
@ -13,10 +13,10 @@ DOWNLOAD_x86_64="http://mirror.slackware.hr/sources/xen/xen-4.17.2.tar.gz \
http://mirror.slackware.hr/sources/xen-extfiles/polarssl-1.1.4-gpl.tgz \
http://mirror.slackware.hr/sources/xen-extfiles/gmp-4.3.2.tar.bz2 \
http://mirror.slackware.hr/sources/xen-extfiles/tpm_emulator-0.7.4.tar.gz \
http://mirror.slackware.hr/sources/xen-seabios/seabios-1.16.0.tar.gz \
http://mirror.slackware.hr/sources/xen-ovmf/xen-ovmf-20210824_7b4a99be8a.tar.bz2"
MD5SUM_x86_64="f344056c4566ac1627db46ea92588c3a \
23ba00d5e2c5b4343d12665af73e1cb5 \
http://mirror.slackware.hr/sources/xen-seabios/seabios-1.16.2.tar.gz \
http://mirror.slackware.hr/sources/xen-ovmf/xen-ovmf-20230524_ba91d0292e.tar.bz2"
MD5SUM_x86_64="c564d641a8638cfd43a0a810ebce2179 \
0d0dc7451b47f2c7a2992bbec20bf4d0 \
36cc57650cffda9a0269493be2a169bb \
debc62758716a169df9f62e6ab2bc634 \
bf8f1f9e3ca83d732c00a79a6ef29bc4 \
@ -25,8 +25,8 @@ MD5SUM_x86_64="f344056c4566ac1627db46ea92588c3a \
7b72caf22b01464ee7d6165f2fd85f44 \
dd60683d7057917e34630b4a787932e8 \
e26becb8a6a2b6695f6b3e8097593db8 \
1411e7647ef93424fe88fea5d0ef9a82 \
322d42a3378394b5486acc1564651a4f"
ef52bf37a78e78a082688a244300ab86 \
00968782d77aa244952c8236c299c45b"
REQUIRES="acpica yajl"
MAINTAINER="Mario Preksavec"
EMAIL="mario at slackware dot hr"

110
system/xen/xsa/xsa437.patch
View file

@ -1,110 +0,0 @@
From 7fac5971340a13ca9458195305bcfe14df2e52d2 Mon Sep 17 00:00:00 2001
From: Stefano Stabellini <stefano.stabellini@amd.com>
Date: Thu, 17 Aug 2023 13:41:35 +0100
Subject: [PATCH] xen/arm: page: Handle cache flush of an element at the top of
the address space
The region that needs to be cleaned/invalidated may be at the top
of the address space. This means that 'end' (i.e. 'p + size') will
be 0 and therefore nothing will be cleaned/invalidated as the check
in the loop will always be false.
On Arm64, we only support we only support up to 48-bit Virtual
address space. So this is not a concern there. However, for 32-bit,
the mapcache is using the last 2GB of the address space. Therefore
we may not clean/invalidate properly some pages. This could lead
to memory corruption or data leakage (the scrubbed value may
still sit in the cache when the guest could read directly the memory
and therefore read the old content).
Rework invalidate_dcache_va_range(), clean_dcache_va_range(),
clean_and_invalidate_dcache_va_range() to handle a cache flush
with an element at the top of the address space.
This is CVE-2023-34321 / XSA-437.
Reported-by: Julien Grall <jgrall@amazon.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com>
Signed-off-by: Julien Grall <jgrall@amazon.com>
Acked-by: Bertrand Marquis <bertrand.marquis@arm.com>
---
xen/arch/arm/include/asm/page.h | 33 ++++++++++++++++++++-------------
1 file changed, 20 insertions(+), 13 deletions(-)
diff --git a/xen/arch/arm/include/asm/page.h b/xen/arch/arm/include/asm/page.h
index e7cd62190c7f..d7fe770a5e49 100644
--- a/xen/arch/arm/include/asm/page.h
+++ b/xen/arch/arm/include/asm/page.h
@@ -160,26 +160,25 @@ static inline size_t read_dcache_line_bytes(void)
static inline int invalidate_dcache_va_range(const void *p, unsigned long size)
{
- const void *end = p + size;
size_t cacheline_mask = dcache_line_bytes - 1;
dsb(sy); /* So the CPU issues all writes to the range */
if ( (uintptr_t)p & cacheline_mask )
{
+ size -= dcache_line_bytes - ((uintptr_t)p & cacheline_mask);
p = (void *)((uintptr_t)p & ~cacheline_mask);
asm volatile (__clean_and_invalidate_dcache_one(0) : : "r" (p));
p += dcache_line_bytes;
}
- if ( (uintptr_t)end & cacheline_mask )
- {
- end = (void *)((uintptr_t)end & ~cacheline_mask);
- asm volatile (__clean_and_invalidate_dcache_one(0) : : "r" (end));
- }
- for ( ; p < end; p += dcache_line_bytes )
+ for ( ; size >= dcache_line_bytes;
+ p += dcache_line_bytes, size -= dcache_line_bytes )
asm volatile (__invalidate_dcache_one(0) : : "r" (p));
+ if ( size > 0 )
+ asm volatile (__clean_and_invalidate_dcache_one(0) : : "r" (p));
+
dsb(sy); /* So we know the flushes happen before continuing */
return 0;
@@ -187,10 +186,14 @@ static inline int invalidate_dcache_va_range(const void *p, unsigned long size)
static inline int clean_dcache_va_range(const void *p, unsigned long size)
{
- const void *end = p + size;
+ size_t cacheline_mask = dcache_line_bytes - 1;
+
dsb(sy); /* So the CPU issues all writes to the range */
- p = (void *)((uintptr_t)p & ~(dcache_line_bytes - 1));
- for ( ; p < end; p += dcache_line_bytes )
+ size += (uintptr_t)p & cacheline_mask;
+ size = (size + cacheline_mask) & ~cacheline_mask;
+ p = (void *)((uintptr_t)p & ~cacheline_mask);
+ for ( ; size >= dcache_line_bytes;
+ p += dcache_line_bytes, size -= dcache_line_bytes )
asm volatile (__clean_dcache_one(0) : : "r" (p));
dsb(sy); /* So we know the flushes happen before continuing */
/* ARM callers assume that dcache_* functions cannot fail. */
@@ -200,10 +203,14 @@ static inline int clean_dcache_va_range(const void *p, unsigned long size)
static inline int clean_and_invalidate_dcache_va_range
(const void *p, unsigned long size)
{
- const void *end = p + size;
+ size_t cacheline_mask = dcache_line_bytes - 1;
+
dsb(sy); /* So the CPU issues all writes to the range */
- p = (void *)((uintptr_t)p & ~(dcache_line_bytes - 1));
- for ( ; p < end; p += dcache_line_bytes )
+ size += (uintptr_t)p & cacheline_mask;
+ size = (size + cacheline_mask) & ~cacheline_mask;
+ p = (void *)((uintptr_t)p & ~cacheline_mask);
+ for ( ; size >= dcache_line_bytes;
+ p += dcache_line_bytes, size -= dcache_line_bytes )
asm volatile (__clean_and_invalidate_dcache_one(0) : : "r" (p));
dsb(sy); /* So we know the flushes happen before continuing */
/* ARM callers assume that dcache_* functions cannot fail. */
--
2.40.1