[Pkg-xen-changes] [xen] 17/17: merge patched-develop into develop
Bastian Blank
waldi at moszumanska.debian.org
Thu Dec 11 21:46:56 UTC 2014
This is an automated email from the git hooks/post-receive script.
waldi pushed a commit to branch develop
in repository xen.
commit e32e8f043392b3b661c5dcabf811eb8ca055fd31
Merge: c971021 21e5834
Author: Bastian Blank <waldi at debian.org>
Date: Thu Dec 11 22:46:00 2014 +0100
merge patched-develop into develop
Give each git-dpm patch a Patch-Name field
debian/.git-dpm | 4 +-
...ther-desktop-chips.patch => CVE-2013-3495.diff} | 4 +-
...ations-preemptible.patch => CVE-2014-5146.diff} | 4 +-
...when-using-FIFO-ba.patch => CVE-2014-6268.diff} | 4 +-
...ling-the-dirty-vra.patch => CVE-2014-7154.diff} | 4 +-
...ileged-instruction.patch => CVE-2014-7155.diff} | 4 +-
...rrupt-injection-fo.patch => CVE-2014-7156.diff} | 4 +-
...d-x2APIC-MSR-range.patch => CVE-2014-7188.diff} | 4 +-
...-on-non-PV-page-ta.patch => CVE-2014-8594.diff} | 4 +-
...strictions-when-lo.patch => CVE-2014-8595.diff} | 4 +-
..._continuation-to-a.patch => CVE-2014-8866.diff} | 4 +-
...-MMIO-to-solitary-.patch => CVE-2014-8867.diff} | 4 +-
...ror-in-MMU_MACHPHY.patch => CVE-2014-9030.diff} | 4 +-
debian/patches/CVE-2014-9065.diff | 2 +-
...config-prefix.diff.patch => config-prefix.diff} | 3 +-
...h => domain-builder-pv-kernel-memory-leak.diff} | 4 +-
...patch => libxl-local-attach-diskpath-leak.diff} | 4 +-
...n-libxl__pa.patch => libxl-parse-max-leak.diff} | 4 +-
debian/patches/series | 94 +++++++++++-----------
...prefix.diff.patch => tools-blktap2-prefix.diff} | 3 +-
...prefix.diff.patch => tools-console-prefix.diff} | 3 +-
...tools-disable.diff.patch => tools-disable.diff} | 3 +-
...ch => tools-examples-xend-disable-network.diff} | 3 +-
...=> tools-examples-xend-disable-relocation.diff} | 3 +-
...les.diff.patch => tools-hotplug-udevrules.diff} | 3 +-
...stall.diff.patch => tools-include-install.diff} | 3 +-
...me.diff.patch => tools-libfsimage-abiname.diff} | 3 +-
...fix.diff.patch => tools-libfsimage-prefix.diff} | 3 +-
...abiname.diff.patch => tools-libxc-abiname.diff} | 3 +-
...abiname.diff.patch => tools-libxl-abiname.diff} | 3 +-
...l-prefix.diff.patch => tools-libxl-prefix.diff} | 3 +-
...sc-prefix.diff.patch => tools-misc-prefix.diff} | 3 +-
...tup.diff.patch => tools-misc-xend-startup.diff} | 3 +-
...-prefix.diff.patch => tools-pygrub-prefix.diff} | 3 +-
... => tools-pygrub-remove-static-solaris-support} | 3 +-
...-prefix.diff.patch => tools-python-prefix.diff} | 3 +-
...hebang.diff.patch => tools-python-shebang.diff} | 3 +-
...f.patch => tools-python-xen-relative-path.diff} | 3 +-
...007-tools-rpath.diff.patch => tools-rpath.diff} | 3 +-
...s-rpath.diff.patch => tools-xcutils-rpath.diff} | 3 +-
...nstall.diff.patch => tools-xenmon-install.diff} | 3 +-
...-prefix.diff.patch => tools-xenmon-prefix.diff} | 3 +-
...efix.diff.patch => tools-xenpaging-prefix.diff} | 3 +-
...iname.diff.patch => tools-xenstat-abiname.diff} | 3 +-
...prefix.diff.patch => tools-xenstat-prefix.diff} | 3 +-
...iff.patch => tools-xenstore-compatibility.diff} | 3 +-
...refix.diff.patch => tools-xenstore-prefix.diff} | 3 +-
...refix.diff.patch => tools-xentrace-prefix.diff} | 3 +-
.../patches/{0001-version.patch => version.diff} | 4 +-
...patch => xl-coredumps-to-var-lib-xen-dump.diff} | 3 +-
50 files changed, 159 insertions(+), 98 deletions(-)
diff --cc debian/.git-dpm
index c83cedb,0000000..fac72bd
mode 100644,000000..100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@@ -1,8 -1,0 +1,8 @@@
+# see git-dpm(1) from git-dpm package
- 46c58c1d1a991e596fe3a2b6474add1d391b2282
- 46c58c1d1a991e596fe3a2b6474add1d391b2282
++21e58346145a93c80356d565cba28dbe10ecad28
++21e58346145a93c80356d565cba28dbe10ecad28
+3387be132d526263f246c24d3bbc94767a4eba76
+3387be132d526263f246c24d3bbc94767a4eba76
+xen_4.4.1.orig.tar.xz
+900ed093d14caf511fa1a22f48bbf0499bb2ee11
+3778516
diff --cc debian/patches/CVE-2013-3495.diff
index e501ee8,0000000..f4aaede
mode 100644,000000..100644
--- a/debian/patches/CVE-2013-3495.diff
+++ b/debian/patches/CVE-2013-3495.diff
@@@ -1,42 -1,0 +1,44 @@@
- From a90ace8403cf00b7eacd5cf2df1d588e15fb5610 Mon Sep 17 00:00:00 2001
++From 51de0995a024121e221fe6509900239d137aaaca Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich at suse.com>
+Date: Wed, 1 Oct 2014 15:06:39 +0200
+Subject: VT-d: suppress UR signaling for further desktop chipsets
+
+This extends commit d6cb14b34f ("VT-d: suppress UR signaling for
+desktop chipsets") as per the finally obtained list of affected
+chipsets from Intel.
+
+Also pad the IDs we had listed there before to full 4 hex digits.
+
+This is CVE-2013-3495 / XSA-59.
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+Acked-by: Yang Zhang <yang.z.zhang at intel.com>
+master commit: 3e2331d271cc0882e4013c8f20398c46c35f90a1
+master date: 2014-09-18 15:03:22 +0200
++
++Patch-Name: CVE-2013-3495.diff
+---
+ xen/drivers/passthrough/vtd/quirks.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c
+index 647723d..2fac35d 100644
+--- a/xen/drivers/passthrough/vtd/quirks.c
++++ b/xen/drivers/passthrough/vtd/quirks.c
+@@ -474,10 +474,12 @@ void pci_vtd_quirk(const struct pci_dev *pdev)
+ action, seg, bus, dev, func);
+ break;
+
+- case 0x100: case 0x104: case 0x108: /* Sandybridge */
+- case 0x150: case 0x154: case 0x158: /* Ivybridge */
+- case 0xa04: /* Haswell ULT */
+- case 0xc00: case 0xc04: case 0xc08: /* Haswell */
++ case 0x0040: case 0x0044: case 0x0048: /* Nehalem/Westmere */
++ case 0x0100: case 0x0104: case 0x0108: /* Sandybridge */
++ case 0x0150: case 0x0154: case 0x0158: /* Ivybridge */
++ case 0x0a04: /* Haswell ULT */
++ case 0x0c00: case 0x0c04: case 0x0c08: /* Haswell */
++ case 0x1600: case 0x1604: case 0x1608: /* Broadwell */
+ bar = pci_conf_read32(seg, bus, dev, func, 0x6c);
+ bar = (bar << 32) | pci_conf_read32(seg, bus, dev, func, 0x68);
+ pa = bar & 0x7ffffff000UL; /* bits 12...38 */
diff --cc debian/patches/CVE-2014-5146.diff
index 5f09fd2,0000000..29dfb61
mode 100644,000000..100644
--- a/debian/patches/CVE-2014-5146.diff
+++ b/debian/patches/CVE-2014-5146.diff
@@@ -1,655 -1,0 +1,657 @@@
- From d02bd66997ff7126172be0cfc9124974747a6d4d Mon Sep 17 00:00:00 2001
++From 1b08b798d7375a5a6488f690b9154761d88704a1 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich at suse.com>
+Date: Fri, 17 Oct 2014 15:57:42 +0200
+Subject: x86/paging: make log-dirty operations preemptible
+
+Both the freeing and the inspection of the bitmap get done in (nested)
+loops which - besides having a rather high iteration count in general,
+albeit that would be covered by XSA-77 - have the number of non-trivial
+iterations they need to perform (indirectly) controllable by both the
+guest they are for and any domain controlling the guest (including the
+one running qemu for it).
+
+Note that the tying of the continuations to the invoking domain (which
+previously [wrongly] used the invoking vCPU instead) implies that the
+tools requesting such operations have to make sure they don't issue
+multiple similar operations in parallel.
+
+Note further that this breaks supervisor-mode kernel assumptions in
+hypercall_create_continuation() (where regs->eip gets rewound to the
+current hypercall stub beginning), but otoh
+hypercall_cancel_continuation() doesn't work in that mode either.
+Perhaps time to rip out all the remains of that feature?
+
+This is part of CVE-2014-5146 / XSA-97.
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+Reviewed-by: Tim Deegan <tim at xen.org>
+Tested-by: Andrew Cooper <andrew.cooper3 at citrix.com>
+master commit: 070493dfd2788e061b53f074b7ba97507fbcbf65
+master date: 2014-10-06 11:22:04 +0200
++
++Patch-Name: CVE-2014-5146.diff
+---
+ xen/arch/x86/domain.c | 4 +-
+ xen/arch/x86/domctl.c | 8 +-
+ xen/arch/x86/hvm/hvm.c | 9 +-
+ xen/arch/x86/mm/paging.c | 261 ++++++++++++++++++++++++++++++-------
+ xen/arch/x86/x86_64/compat/entry.S | 2 +
+ xen/arch/x86/x86_64/entry.S | 2 +
+ xen/common/domain.c | 1 -
+ xen/include/asm-x86/domain.h | 14 ++
+ xen/include/asm-x86/paging.h | 13 +-
+ 9 files changed, 252 insertions(+), 62 deletions(-)
+
+diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
+index 195b07f..789e4a0 100644
+--- a/xen/arch/x86/domain.c
++++ b/xen/arch/x86/domain.c
+@@ -1915,7 +1915,9 @@ int domain_relinquish_resources(struct domain *d)
+ pci_release_devices(d);
+
+ /* Tear down paging-assistance stuff. */
+- paging_teardown(d);
++ ret = paging_teardown(d);
++ if ( ret )
++ return ret;
+
+ /* Drop the in-use references to page-table bases. */
+ for_each_vcpu ( d, v )
+diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
+index a967b65..f5e9e2c 100644
+--- a/xen/arch/x86/domctl.c
++++ b/xen/arch/x86/domctl.c
+@@ -58,9 +58,11 @@ long arch_do_domctl(
+
+ case XEN_DOMCTL_shadow_op:
+ {
+- ret = paging_domctl(d,
+- &domctl->u.shadow_op,
+- guest_handle_cast(u_domctl, void));
++ ret = paging_domctl(d, &domctl->u.shadow_op,
++ guest_handle_cast(u_domctl, void), 0);
++ if ( ret == -EAGAIN )
++ return hypercall_create_continuation(__HYPERVISOR_arch_1,
++ "h", u_domctl);
+ copyback = 1;
+ }
+ break;
+diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
+index 3289604..0c04972 100644
+--- a/xen/arch/x86/hvm/hvm.c
++++ b/xen/arch/x86/hvm/hvm.c
+@@ -3440,7 +3440,8 @@ static hvm_hypercall_t *const hvm_hypercall64_table[NR_hypercalls] = {
+ HYPERCALL(hvm_op),
+ HYPERCALL(sysctl),
+ HYPERCALL(domctl),
+- HYPERCALL(tmem_op)
++ HYPERCALL(tmem_op),
++ [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
+ };
+
+ #define COMPAT_CALL(x) \
+@@ -3460,7 +3461,8 @@ static hvm_hypercall_t *const hvm_hypercall32_table[NR_hypercalls] = {
+ HYPERCALL(hvm_op),
+ HYPERCALL(sysctl),
+ HYPERCALL(domctl),
+- HYPERCALL(tmem_op)
++ HYPERCALL(tmem_op),
++ [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
+ };
+
+ /* PVH 32bitfixme. */
+@@ -3478,7 +3480,8 @@ static hvm_hypercall_t *const pvh_hypercall64_table[NR_hypercalls] = {
+ [ __HYPERVISOR_physdev_op ] = (hvm_hypercall_t *)hvm_physdev_op,
+ HYPERCALL(hvm_op),
+ HYPERCALL(sysctl),
+- HYPERCALL(domctl)
++ HYPERCALL(domctl),
++ [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
+ };
+
+ int hvm_do_hypercall(struct cpu_user_regs *regs)
+diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
+index ab5eacb..fb418fe 100644
+--- a/xen/arch/x86/mm/paging.c
++++ b/xen/arch/x86/mm/paging.c
+@@ -26,6 +26,7 @@
+ #include <asm/shadow.h>
+ #include <asm/p2m.h>
+ #include <asm/hap.h>
++#include <asm/event.h>
+ #include <asm/hvm/nestedhvm.h>
+ #include <xen/numa.h>
+ #include <xsm/xsm.h>
+@@ -116,26 +117,46 @@ static void paging_free_log_dirty_page(struct domain *d, mfn_t mfn)
+ d->arch.paging.free_page(d, mfn_to_page(mfn));
+ }
+
+-void paging_free_log_dirty_bitmap(struct domain *d)
++static int paging_free_log_dirty_bitmap(struct domain *d, int rc)
+ {
+ mfn_t *l4, *l3, *l2;
+ int i4, i3, i2;
+
++ paging_lock(d);
++
+ if ( !mfn_valid(d->arch.paging.log_dirty.top) )
+- return;
++ {
++ paging_unlock(d);
++ return 0;
++ }
+
+- paging_lock(d);
++ if ( !d->arch.paging.preempt.dom )
++ {
++ memset(&d->arch.paging.preempt.log_dirty, 0,
++ sizeof(d->arch.paging.preempt.log_dirty));
++ ASSERT(rc <= 0);
++ d->arch.paging.preempt.log_dirty.done = -rc;
++ }
++ else if ( d->arch.paging.preempt.dom != current->domain ||
++ d->arch.paging.preempt.op != XEN_DOMCTL_SHADOW_OP_OFF )
++ {
++ paging_unlock(d);
++ return -EBUSY;
++ }
+
+ l4 = map_domain_page(mfn_x(d->arch.paging.log_dirty.top));
++ i4 = d->arch.paging.preempt.log_dirty.i4;
++ i3 = d->arch.paging.preempt.log_dirty.i3;
++ rc = 0;
+
+- for ( i4 = 0; i4 < LOGDIRTY_NODE_ENTRIES; i4++ )
++ for ( ; i4 < LOGDIRTY_NODE_ENTRIES; i4++, i3 = 0 )
+ {
+ if ( !mfn_valid(l4[i4]) )
+ continue;
+
+ l3 = map_domain_page(mfn_x(l4[i4]));
+
+- for ( i3 = 0; i3 < LOGDIRTY_NODE_ENTRIES; i3++ )
++ for ( ; i3 < LOGDIRTY_NODE_ENTRIES; i3++ )
+ {
+ if ( !mfn_valid(l3[i3]) )
+ continue;
+@@ -148,20 +169,54 @@ void paging_free_log_dirty_bitmap(struct domain *d)
+
+ unmap_domain_page(l2);
+ paging_free_log_dirty_page(d, l3[i3]);
++ l3[i3] = _mfn(INVALID_MFN);
++
++ if ( i3 < LOGDIRTY_NODE_ENTRIES - 1 && hypercall_preempt_check() )
++ {
++ d->arch.paging.preempt.log_dirty.i3 = i3 + 1;
++ d->arch.paging.preempt.log_dirty.i4 = i4;
++ rc = -EAGAIN;
++ break;
++ }
+ }
+
+ unmap_domain_page(l3);
++ if ( rc )
++ break;
+ paging_free_log_dirty_page(d, l4[i4]);
++ l4[i4] = _mfn(INVALID_MFN);
++
++ if ( i4 < LOGDIRTY_NODE_ENTRIES - 1 && hypercall_preempt_check() )
++ {
++ d->arch.paging.preempt.log_dirty.i3 = 0;
++ d->arch.paging.preempt.log_dirty.i4 = i4 + 1;
++ rc = -EAGAIN;
++ break;
++ }
+ }
+
+ unmap_domain_page(l4);
+- paging_free_log_dirty_page(d, d->arch.paging.log_dirty.top);
+- d->arch.paging.log_dirty.top = _mfn(INVALID_MFN);
+
+- ASSERT(d->arch.paging.log_dirty.allocs == 0);
+- d->arch.paging.log_dirty.failed_allocs = 0;
++ if ( !rc )
++ {
++ paging_free_log_dirty_page(d, d->arch.paging.log_dirty.top);
++ d->arch.paging.log_dirty.top = _mfn(INVALID_MFN);
++
++ ASSERT(d->arch.paging.log_dirty.allocs == 0);
++ d->arch.paging.log_dirty.failed_allocs = 0;
++
++ rc = -d->arch.paging.preempt.log_dirty.done;
++ d->arch.paging.preempt.dom = NULL;
++ }
++ else
++ {
++ d->arch.paging.preempt.dom = current->domain;
++ d->arch.paging.preempt.op = XEN_DOMCTL_SHADOW_OP_OFF;
++ }
+
+ paging_unlock(d);
++
++ return rc;
+ }
+
+ int paging_log_dirty_enable(struct domain *d, bool_t log_global)
+@@ -178,15 +233,25 @@ int paging_log_dirty_enable(struct domain *d, bool_t log_global)
+ return ret;
+ }
+
+-int paging_log_dirty_disable(struct domain *d)
++static int paging_log_dirty_disable(struct domain *d, bool_t resuming)
+ {
+- int ret;
++ int ret = 1;
++
++ if ( !resuming )
++ {
++ domain_pause(d);
++ /* Safe because the domain is paused. */
++ if ( paging_mode_log_dirty(d) )
++ {
++ ret = d->arch.paging.log_dirty.disable_log_dirty(d);
++ ASSERT(ret <= 0);
++ }
++ }
++
++ ret = paging_free_log_dirty_bitmap(d, ret);
++ if ( ret == -EAGAIN )
++ return ret;
+
+- domain_pause(d);
+- /* Safe because the domain is paused. */
+- ret = d->arch.paging.log_dirty.disable_log_dirty(d);
+- if ( !paging_mode_log_dirty(d) )
+- paging_free_log_dirty_bitmap(d);
+ domain_unpause(d);
+
+ return ret;
+@@ -326,7 +391,9 @@ int paging_mfn_is_dirty(struct domain *d, mfn_t gmfn)
+
+ /* Read a domain's log-dirty bitmap and stats. If the operation is a CLEAN,
+ * clear the bitmap and stats as well. */
+-int paging_log_dirty_op(struct domain *d, struct xen_domctl_shadow_op *sc)
++static int paging_log_dirty_op(struct domain *d,
++ struct xen_domctl_shadow_op *sc,
++ bool_t resuming)
+ {
+ int rv = 0, clean = 0, peek = 1;
+ unsigned long pages = 0;
+@@ -334,9 +401,22 @@ int paging_log_dirty_op(struct domain *d, struct xen_domctl_shadow_op *sc)
+ unsigned long *l1 = NULL;
+ int i4, i3, i2;
+
+- domain_pause(d);
++ if ( !resuming )
++ domain_pause(d);
+ paging_lock(d);
+
++ if ( !d->arch.paging.preempt.dom )
++ memset(&d->arch.paging.preempt.log_dirty, 0,
++ sizeof(d->arch.paging.preempt.log_dirty));
++ else if ( d->arch.paging.preempt.dom != current->domain ||
++ d->arch.paging.preempt.op != sc->op )
++ {
++ paging_unlock(d);
++ ASSERT(!resuming);
++ domain_unpause(d);
++ return -EBUSY;
++ }
++
+ clean = (sc->op == XEN_DOMCTL_SHADOW_OP_CLEAN);
+
+ PAGING_DEBUG(LOGDIRTY, "log-dirty %s: dom %u faults=%u dirty=%u\n",
+@@ -348,12 +428,6 @@ int paging_log_dirty_op(struct domain *d, struct xen_domctl_shadow_op *sc)
+ sc->stats.fault_count = d->arch.paging.log_dirty.fault_count;
+ sc->stats.dirty_count = d->arch.paging.log_dirty.dirty_count;
+
+- if ( clean )
+- {
+- d->arch.paging.log_dirty.fault_count = 0;
+- d->arch.paging.log_dirty.dirty_count = 0;
+- }
+-
+ if ( guest_handle_is_null(sc->dirty_bitmap) )
+ /* caller may have wanted just to clean the state or access stats. */
+ peek = 0;
+@@ -365,17 +439,15 @@ int paging_log_dirty_op(struct domain *d, struct xen_domctl_shadow_op *sc)
+ goto out;
+ }
+
+- pages = 0;
+ l4 = paging_map_log_dirty_bitmap(d);
++ i4 = d->arch.paging.preempt.log_dirty.i4;
++ i3 = d->arch.paging.preempt.log_dirty.i3;
++ pages = d->arch.paging.preempt.log_dirty.done;
+
+- for ( i4 = 0;
+- (pages < sc->pages) && (i4 < LOGDIRTY_NODE_ENTRIES);
+- i4++ )
++ for ( ; (pages < sc->pages) && (i4 < LOGDIRTY_NODE_ENTRIES); i4++, i3 = 0 )
+ {
+ l3 = (l4 && mfn_valid(l4[i4])) ? map_domain_page(mfn_x(l4[i4])) : NULL;
+- for ( i3 = 0;
+- (pages < sc->pages) && (i3 < LOGDIRTY_NODE_ENTRIES);
+- i3++ )
++ for ( ; (pages < sc->pages) && (i3 < LOGDIRTY_NODE_ENTRIES); i3++ )
+ {
+ l2 = ((l3 && mfn_valid(l3[i3])) ?
+ map_domain_page(mfn_x(l3[i3])) : NULL);
+@@ -410,18 +482,58 @@ int paging_log_dirty_op(struct domain *d, struct xen_domctl_shadow_op *sc)
+ }
+ if ( l2 )
+ unmap_domain_page(l2);
++
++ if ( i3 < LOGDIRTY_NODE_ENTRIES - 1 && hypercall_preempt_check() )
++ {
++ d->arch.paging.preempt.log_dirty.i4 = i4;
++ d->arch.paging.preempt.log_dirty.i3 = i3 + 1;
++ rv = -EAGAIN;
++ break;
++ }
+ }
+ if ( l3 )
+ unmap_domain_page(l3);
++
++ if ( !rv && i4 < LOGDIRTY_NODE_ENTRIES - 1 &&
++ hypercall_preempt_check() )
++ {
++ d->arch.paging.preempt.log_dirty.i4 = i4 + 1;
++ d->arch.paging.preempt.log_dirty.i3 = 0;
++ rv = -EAGAIN;
++ }
++ if ( rv )
++ break;
+ }
+ if ( l4 )
+ unmap_domain_page(l4);
+
+- if ( pages < sc->pages )
+- sc->pages = pages;
++ if ( !rv )
++ {
++ d->arch.paging.preempt.dom = NULL;
++ if ( clean )
++ {
++ d->arch.paging.log_dirty.fault_count = 0;
++ d->arch.paging.log_dirty.dirty_count = 0;
++ }
++ }
++ else
++ {
++ d->arch.paging.preempt.dom = current->domain;
++ d->arch.paging.preempt.op = sc->op;
++ d->arch.paging.preempt.log_dirty.done = pages;
++ }
+
+ paging_unlock(d);
+
++ if ( rv )
++ {
++ /* Never leave the domain paused on real errors. */
++ ASSERT(rv == -EAGAIN);
++ return rv;
++ }
++
++ if ( pages < sc->pages )
++ sc->pages = pages;
+ if ( clean )
+ {
+ /* We need to further call clean_dirty_bitmap() functions of specific
+@@ -432,6 +544,7 @@ int paging_log_dirty_op(struct domain *d, struct xen_domctl_shadow_op *sc)
+ return rv;
+
+ out:
++ d->arch.paging.preempt.dom = NULL;
+ paging_unlock(d);
+ domain_unpause(d);
+
+@@ -499,12 +612,6 @@ void paging_log_dirty_init(struct domain *d,
+ d->arch.paging.log_dirty.clean_dirty_bitmap = clean_dirty_bitmap;
+ }
+
+-/* This function fress log dirty bitmap resources. */
+-static void paging_log_dirty_teardown(struct domain*d)
+-{
+- paging_free_log_dirty_bitmap(d);
+-}
+-
+ /************************************************/
+ /* CODE FOR PAGING SUPPORT */
+ /************************************************/
+@@ -546,7 +653,7 @@ void paging_vcpu_init(struct vcpu *v)
+
+
+ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t *sc,
+- XEN_GUEST_HANDLE_PARAM(void) u_domctl)
++ XEN_GUEST_HANDLE_PARAM(void) u_domctl, bool_t resuming)
+ {
+ int rc;
+
+@@ -570,6 +677,21 @@ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t *sc,
+ return -EINVAL;
+ }
+
++ if ( resuming
++ ? (d->arch.paging.preempt.dom != current->domain ||
++ d->arch.paging.preempt.op != sc->op)
++ : (d->arch.paging.preempt.dom &&
++ sc->op != XEN_DOMCTL_SHADOW_OP_GET_ALLOCATION) )
++ {
++ printk(XENLOG_G_DEBUG
++ "d%d:v%d: Paging op %#x on Dom%u with unfinished prior op %#x by Dom%u\n",
++ current->domain->domain_id, current->vcpu_id,
++ sc->op, d->domain_id, d->arch.paging.preempt.op,
++ d->arch.paging.preempt.dom
++ ? d->arch.paging.preempt.dom->domain_id : DOMID_INVALID);
++ return -EBUSY;
++ }
++
+ rc = xsm_shadow_control(XSM_HOOK, d, sc->op);
+ if ( rc )
+ return rc;
+@@ -594,14 +716,13 @@ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t *sc,
+ return paging_log_dirty_enable(d, 1);
+
+ case XEN_DOMCTL_SHADOW_OP_OFF:
+- if ( paging_mode_log_dirty(d) )
+- if ( (rc = paging_log_dirty_disable(d)) != 0 )
+- return rc;
++ if ( (rc = paging_log_dirty_disable(d, resuming)) != 0 )
++ return rc;
+ break;
+
+ case XEN_DOMCTL_SHADOW_OP_CLEAN:
+ case XEN_DOMCTL_SHADOW_OP_PEEK:
+- return paging_log_dirty_op(d, sc);
++ return paging_log_dirty_op(d, sc, resuming);
+ }
+
+ /* Here, dispatch domctl to the appropriate paging code */
+@@ -611,19 +732,67 @@ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t *sc,
+ return shadow_domctl(d, sc, u_domctl);
+ }
+
++long paging_domctl_continuation(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
++{
++ struct xen_domctl op;
++ struct domain *d;
++ int ret;
++
++ if ( copy_from_guest(&op, u_domctl, 1) )
++ return -EFAULT;
++
++ if ( op.interface_version != XEN_DOMCTL_INTERFACE_VERSION ||
++ op.cmd != XEN_DOMCTL_shadow_op )
++ return -EBADRQC;
++
++ d = rcu_lock_domain_by_id(op.domain);
++ if ( d == NULL )
++ return -ESRCH;
++
++ ret = xsm_domctl(XSM_OTHER, d, op.cmd);
++ if ( !ret )
++ {
++ if ( domctl_lock_acquire() )
++ {
++ ret = paging_domctl(d, &op.u.shadow_op,
++ guest_handle_cast(u_domctl, void), 1);
++
++ domctl_lock_release();
++ }
++ else
++ ret = -EAGAIN;
++ }
++
++ rcu_unlock_domain(d);
++
++ if ( ret == -EAGAIN )
++ ret = hypercall_create_continuation(__HYPERVISOR_arch_1,
++ "h", u_domctl);
++ else if ( __copy_field_to_guest(u_domctl, &op, u.shadow_op) )
++ ret = -EFAULT;
++
++ return ret;
++}
++
+ /* Call when destroying a domain */
+-void paging_teardown(struct domain *d)
++int paging_teardown(struct domain *d)
+ {
++ int rc;
++
+ if ( hap_enabled(d) )
+ hap_teardown(d);
+ else
+ shadow_teardown(d);
+
+ /* clean up log dirty resources. */
+- paging_log_dirty_teardown(d);
++ rc = paging_free_log_dirty_bitmap(d, 0);
++ if ( rc == -EAGAIN )
++ return rc;
+
+ /* Move populate-on-demand cache back to domain_list for destruction */
+ p2m_pod_empty_cache(d);
++
++ return rc;
+ }
+
+ /* Call once all of the references to the domain have gone away */
+diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S
+index 594b0b9..94f5b8d 100644
+--- a/xen/arch/x86/x86_64/compat/entry.S
++++ b/xen/arch/x86/x86_64/compat/entry.S
+@@ -420,6 +420,7 @@ ENTRY(compat_hypercall_table)
+ .quad compat_ni_hypercall
+ .endr
+ .quad do_mca /* 48 */
++ .quad paging_domctl_continuation
+ .rept NR_hypercalls-((.-compat_hypercall_table)/8)
+ .quad compat_ni_hypercall
+ .endr
+@@ -468,6 +469,7 @@ ENTRY(compat_hypercall_args_table)
+ .byte 0 /* compat_ni_hypercall */
+ .endr
+ .byte 1 /* do_mca */
++ .byte 1 /* paging_domctl_continuation */
+ .rept NR_hypercalls-(.-compat_hypercall_args_table)
+ .byte 0 /* compat_ni_hypercall */
+ .endr
+diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S
+index 3ea4683..c634217 100644
+--- a/xen/arch/x86/x86_64/entry.S
++++ b/xen/arch/x86/x86_64/entry.S
+@@ -761,6 +761,7 @@ ENTRY(hypercall_table)
+ .quad do_ni_hypercall
+ .endr
+ .quad do_mca /* 48 */
++ .quad paging_domctl_continuation
+ .rept NR_hypercalls-((.-hypercall_table)/8)
+ .quad do_ni_hypercall
+ .endr
+@@ -809,6 +810,7 @@ ENTRY(hypercall_args_table)
+ .byte 0 /* do_ni_hypercall */
+ .endr
+ .byte 1 /* do_mca */ /* 48 */
++ .byte 1 /* paging_domctl_continuation */
+ .rept NR_hypercalls-(.-hypercall_args_table)
+ .byte 0 /* do_ni_hypercall */
+ .endr
+diff --git a/xen/common/domain.c b/xen/common/domain.c
+index 1308193..f050af5 100644
+--- a/xen/common/domain.c
++++ b/xen/common/domain.c
+@@ -536,7 +536,6 @@ int domain_kill(struct domain *d)
+ rc = domain_relinquish_resources(d);
+ if ( rc != 0 )
+ {
+- BUG_ON(rc != -EAGAIN);
+ break;
+ }
+ if ( sched_move_domain(d, cpupool0) )
+diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h
+index 4ff89f0..7dfbbcb 100644
+--- a/xen/include/asm-x86/domain.h
++++ b/xen/include/asm-x86/domain.h
+@@ -186,6 +186,20 @@ struct paging_domain {
+ struct hap_domain hap;
+ /* log dirty support */
+ struct log_dirty_domain log_dirty;
++
++ /* preemption handling */
++ struct {
++ const struct domain *dom;
++ unsigned int op;
++ union {
++ struct {
++ unsigned long done:PADDR_BITS - PAGE_SHIFT;
++ unsigned long i4:PAGETABLE_ORDER;
++ unsigned long i3:PAGETABLE_ORDER;
++ } log_dirty;
++ };
++ } preempt;
++
+ /* alloc/free pages from the pool for paging-assistance structures
+ * (used by p2m and log-dirty code for their tries) */
+ struct page_info * (*alloc_page)(struct domain *d);
+diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h
+index 8dd2a61..0a7c73c 100644
+--- a/xen/include/asm-x86/paging.h
++++ b/xen/include/asm-x86/paging.h
+@@ -133,9 +133,6 @@ struct paging_mode {
+ /*****************************************************************************
+ * Log dirty code */
+
+-/* free log dirty bitmap resource */
+-void paging_free_log_dirty_bitmap(struct domain *d);
+-
+ /* get the dirty bitmap for a specific range of pfns */
+ void paging_log_dirty_range(struct domain *d,
+ unsigned long begin_pfn,
+@@ -145,9 +142,6 @@ void paging_log_dirty_range(struct domain *d,
+ /* enable log dirty */
+ int paging_log_dirty_enable(struct domain *d, bool_t log_global);
+
+-/* disable log dirty */
+-int paging_log_dirty_disable(struct domain *d);
+-
+ /* log dirty initialization */
+ void paging_log_dirty_init(struct domain *d,
+ int (*enable_log_dirty)(struct domain *d,
+@@ -204,10 +198,13 @@ int paging_domain_init(struct domain *d, unsigned int domcr_flags);
+ * and disable ephemeral shadow modes (test mode and log-dirty mode) and
+ * manipulate the log-dirty bitmap. */
+ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t *sc,
+- XEN_GUEST_HANDLE_PARAM(void) u_domctl);
++ XEN_GUEST_HANDLE_PARAM(void) u_domctl, bool_t resuming);
++
++/* Helper hypercall for dealing with continuations. */
++long paging_domctl_continuation(XEN_GUEST_HANDLE_PARAM(xen_domctl_t));
+
+ /* Call when destroying a domain */
+-void paging_teardown(struct domain *d);
++int paging_teardown(struct domain *d);
+
+ /* Call once all of the references to the domain have gone away */
+ void paging_final_teardown(struct domain *d);
diff --cc debian/patches/CVE-2014-6268.diff
index 944ccee,0000000..5d8b097
mode 100644,000000..100644
--- a/debian/patches/CVE-2014-6268.diff
+++ b/debian/patches/CVE-2014-6268.diff
@@@ -1,175 -1,0 +1,177 @@@
- From d8a7da2812c0a7e71e756a416153d0182e658a3d Mon Sep 17 00:00:00 2001
++From d70631fc36fd7c02e2b0edb066a4df831e315596 Mon Sep 17 00:00:00 2001
+From: David Vrabel <david.vrabel at citrix.com>
+Date: Tue, 9 Sep 2014 15:31:37 +0200
+Subject: evtchn: check control block exists when using FIFO-based events
+
+When using the FIFO-based event channels, there are no checks for the
+existance of a control block when binding an event or moving it to a
+different VCPU. This is because events may be bound when the ABI is
+in 2-level mode (e.g., by the toolstack before the domain is started).
+
+The guest may trigger a Xen crash in evtchn_fifo_set_pending() if:
+
+ a) the event is bound to a VCPU without a control block; or
+ b) VCPU 0 does not have a control block.
+
+In case (a), Xen will crash when looking up the current queue. In
+(b), Xen will crash when looking up the old queue (which defaults to a
+queue on VCPU 0).
+
+By allocating all the per-VCPU structures when enabling the FIFO ABI,
+we can be sure that v->evtchn_fifo is always valid.
+
+EVTCHNOP_init_control_block for all the other CPUs need only map the
+shared control block.
+
+A single check in evtchn_fifo_set_pending() before accessing the
+control block fixes all cases where the guest has not initialized some
+control blocks.
+
+This is XSA-107.
+
+Reported-by: Vitaly Kuznetsov <vkuznets at redhat.com>
+Signed-off-by: David Vrabel <david.vrabel at citrix.com>
+Reviewed-by: Jan Beulich <jbeulich at suse.com>
+master commit: a4e0cea6fced50e251453dfe52e1b9dde77a84f5
+master date: 2014-09-09 15:25:58 +0200
++
++Patch-Name: CVE-2014-6268.diff
+---
+ xen/common/event_fifo.c | 82 ++++++++++++++++++++++++++++++++++---------------
+ 1 file changed, 58 insertions(+), 24 deletions(-)
+
+diff --git a/xen/common/event_fifo.c b/xen/common/event_fifo.c
+index 1fce3f1..e9c1fbe 100644
+--- a/xen/common/event_fifo.c
++++ b/xen/common/event_fifo.c
+@@ -178,6 +178,19 @@ static void evtchn_fifo_set_pending(struct vcpu *v, struct evtchn *evtchn)
+ bool_t linked = 0;
+
+ /*
++ * Control block not mapped. The guest must not unmask an
++ * event until the control block is initialized, so we can
++ * just drop the event.
++ */
++ if ( unlikely(!v->evtchn_fifo->control_block) )
++ {
++ printk(XENLOG_G_WARNING
++ "d%dv%d has no FIFO event channel control block\n",
++ d->domain_id, v->vcpu_id);
++ goto done;
++ }
++
++ /*
+ * No locking around getting the queue. This may race with
+ * changing the priority but we are allowed to signal the
+ * event once on the old priority.
+@@ -385,36 +398,42 @@ static void init_queue(struct vcpu *v, struct evtchn_fifo_queue *q,
+ {
+ spin_lock_init(&q->lock);
+ q->priority = i;
+- q->head = &v->evtchn_fifo->control_block->head[i];
+ }
+
+-static int setup_control_block(struct vcpu *v, uint64_t gfn, uint32_t offset)
++static int setup_control_block(struct vcpu *v)
+ {
+- struct domain *d = v->domain;
+ struct evtchn_fifo_vcpu *efv;
+- void *virt;
+ unsigned int i;
+- int rc;
+-
+- if ( v->evtchn_fifo )
+- return -EINVAL;
+
+ efv = xzalloc(struct evtchn_fifo_vcpu);
+ if ( !efv )
+ return -ENOMEM;
+
+- rc = map_guest_page(d, gfn, &virt);
++ for ( i = 0; i <= EVTCHN_FIFO_PRIORITY_MIN; i++ )
++ init_queue(v, &efv->queue[i], i);
++
++ v->evtchn_fifo = efv;
++
++ return 0;
++}
++
++static int map_control_block(struct vcpu *v, uint64_t gfn, uint32_t offset)
++{
++ void *virt;
++ unsigned int i;
++ int rc;
++
++ if ( v->evtchn_fifo->control_block )
++ return -EINVAL;
++
++ rc = map_guest_page(v->domain, gfn, &virt);
+ if ( rc < 0 )
+- {
+- xfree(efv);
+ return rc;
+- }
+
+- v->evtchn_fifo = efv;
+ v->evtchn_fifo->control_block = virt + offset;
+
+ for ( i = 0; i <= EVTCHN_FIFO_PRIORITY_MIN; i++ )
+- init_queue(v, &v->evtchn_fifo->queue[i], i);
++ v->evtchn_fifo->queue[i].head = &v->evtchn_fifo->control_block->head[i];
+
+ return 0;
+ }
+@@ -508,28 +527,43 @@ int evtchn_fifo_init_control(struct evtchn_init_control *init_control)
+
+ spin_lock(&d->event_lock);
+
+- rc = setup_control_block(v, gfn, offset);
+-
+ /*
+ * If this is the first control block, setup an empty event array
+ * and switch to the fifo port ops.
+ */
+- if ( rc == 0 && !d->evtchn_fifo )
++ if ( !d->evtchn_fifo )
+ {
++ struct vcpu *vcb;
++
++ for_each_vcpu ( d, vcb ) {
++ rc = setup_control_block(vcb);
++ if ( rc < 0 )
++ goto error;
++ }
++
+ rc = setup_event_array(d);
+ if ( rc < 0 )
+- cleanup_control_block(v);
+- else
+- {
+- d->evtchn_port_ops = &evtchn_port_ops_fifo;
+- d->max_evtchns = EVTCHN_FIFO_NR_CHANNELS;
+- setup_ports(d);
+- }
++ goto error;
++
++ rc = map_control_block(v, gfn, offset);
++ if ( rc < 0 )
++ goto error;
++
++ d->evtchn_port_ops = &evtchn_port_ops_fifo;
++ d->max_evtchns = EVTCHN_FIFO_NR_CHANNELS;
++ setup_ports(d);
+ }
++ else
++ rc = map_control_block(v, gfn, offset);
+
+ spin_unlock(&d->event_lock);
+
+ return rc;
++
++ error:
++ evtchn_fifo_destroy(d);
++ spin_unlock(&d->event_lock);
++ return rc;
+ }
+
+ static int add_page_to_event_array(struct domain *d, unsigned long gfn)
diff --cc debian/patches/CVE-2014-7154.diff
index 2dee3ba,0000000..7c1ba6b
mode 100644,000000..100644
--- a/debian/patches/CVE-2014-7154.diff
+++ b/debian/patches/CVE-2014-7154.diff
@@@ -1,57 -1,0 +1,59 @@@
- From e4aa132e656197ccd65e612f1e1dc49b1d46f8b9 Mon Sep 17 00:00:00 2001
++From 8312496b428235a7a5e77a989ea47b387b15d135 Mon Sep 17 00:00:00 2001
+From: Andrew Cooper <andrew.cooper3 at citrix.com>
+Date: Tue, 23 Sep 2014 14:39:05 +0200
+Subject: x86/shadow: fix race condition sampling the dirty vram state
+
+d->arch.hvm_domain.dirty_vram must be read with the domain's paging lock held.
+
+If not, two concurrent hypercalls could both end up attempting to free
+dirty_vram (the second of which will free a wild pointer), or both end up
+allocating a new dirty_vram structure (the first of which will be leaked).
+
+This is XSA-104.
+
+Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
+Reviewed-by: Tim Deegan <tim at xen.org>
+master commit: 46a49b91f1026f64430b84dd83e845a33f06415e
+master date: 2014-09-23 14:31:47 +0200
++
++Patch-Name: CVE-2014-7154.diff
+---
+ xen/arch/x86/mm/shadow/common.c | 4 +++-
+ xen/include/asm-x86/hvm/domain.h | 2 +-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c
+index be095f6..3ed48c4 100644
+--- a/xen/arch/x86/mm/shadow/common.c
++++ b/xen/arch/x86/mm/shadow/common.c
+@@ -3486,7 +3486,7 @@ int shadow_track_dirty_vram(struct domain *d,
+ int flush_tlb = 0;
+ unsigned long i;
+ p2m_type_t t;
+- struct sh_dirty_vram *dirty_vram = d->arch.hvm_domain.dirty_vram;
++ struct sh_dirty_vram *dirty_vram;
+ struct p2m_domain *p2m = p2m_get_hostp2m(d);
+
+ if ( end_pfn < begin_pfn || end_pfn > p2m->max_mapped_pfn + 1 )
+@@ -3496,6 +3496,8 @@ int shadow_track_dirty_vram(struct domain *d,
+ p2m_lock(p2m_get_hostp2m(d));
+ paging_lock(d);
+
++ dirty_vram = d->arch.hvm_domain.dirty_vram;
++
+ if ( dirty_vram && (!nr ||
+ ( begin_pfn != dirty_vram->begin_pfn
+ || end_pfn != dirty_vram->end_pfn )) )
+diff --git a/xen/include/asm-x86/hvm/domain.h b/xen/include/asm-x86/hvm/domain.h
+index b1e3187..99c5e44 100644
+--- a/xen/include/asm-x86/hvm/domain.h
++++ b/xen/include/asm-x86/hvm/domain.h
+@@ -67,7 +67,7 @@ struct hvm_domain {
+ /* Memory ranges with pinned cache attributes. */
+ struct list_head pinned_cacheattr_ranges;
+
+- /* VRAM dirty support. */
++ /* VRAM dirty support. Protect with the domain paging lock. */
+ struct sh_dirty_vram *dirty_vram;
+
+ /* If one of vcpus of this domain is in no_fill_mode or
diff --cc debian/patches/CVE-2014-7155.diff
index 8b7dbd4,0000000..8b2c470
mode 100644,000000..100644
--- a/debian/patches/CVE-2014-7155.diff
+++ b/debian/patches/CVE-2014-7155.diff
@@@ -1,47 -1,0 +1,49 @@@
- From 65f95b5c8bb858165c90155a95788fd66f447e1c Mon Sep 17 00:00:00 2001
++From 65a56eff8a777f3acafdde2b0d35bb76cca2c8e5 Mon Sep 17 00:00:00 2001
+From: Andrew Cooper <andrew.cooper3 at citrix.com>
+Date: Tue, 23 Sep 2014 14:40:12 +0200
+Subject: x86/emulate: check cpl for all privileged instructions
+
+Without this, it is possible for userspace to load its own IDT or GDT.
+
+This is XSA-105.
+
+Reported-by: Andrei LUTAS <vlutas at bitdefender.com>
+Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
+Tested-by: Andrei LUTAS <vlutas at bitdefender.com>
+Reviewed-by: Jan Beulich <jbeulich at suse.com>
+master commit: 0e442727ceccfa32a7276cccd205b4722e68fdc1
+master date: 2014-09-23 14:33:06 +0200
++
++Patch-Name: CVE-2014-7155.diff
+---
+ xen/arch/x86/x86_emulate/x86_emulate.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
+index 50d8965..4810e68 100644
+--- a/xen/arch/x86/x86_emulate/x86_emulate.c
++++ b/xen/arch/x86/x86_emulate/x86_emulate.c
+@@ -3314,6 +3314,7 @@ x86_emulate(
+ goto swint;
+
+ case 0xf4: /* hlt */
++ generate_exception_if(!mode_ring0(), EXC_GP, 0);
+ ctxt->retire.flags.hlt = 1;
+ break;
+
+@@ -3710,6 +3711,7 @@ x86_emulate(
+ break;
+ case 2: /* lgdt */
+ case 3: /* lidt */
++ generate_exception_if(!mode_ring0(), EXC_GP, 0);
+ generate_exception_if(ea.type != OP_MEM, EXC_UD, -1);
+ fail_if(ops->write_segment == NULL);
+ memset(®, 0, sizeof(reg));
+@@ -3738,6 +3740,7 @@ x86_emulate(
+ case 6: /* lmsw */
+ fail_if(ops->read_cr == NULL);
+ fail_if(ops->write_cr == NULL);
++ generate_exception_if(!mode_ring0(), EXC_GP, 0);
+ if ( (rc = ops->read_cr(0, &cr0, ctxt)) )
+ goto done;
+ if ( ea.type == OP_REG )
diff --cc debian/patches/CVE-2014-7156.diff
index 6317de2,0000000..1e842ef
mode 100644,000000..100644
--- a/debian/patches/CVE-2014-7156.diff
+++ b/debian/patches/CVE-2014-7156.diff
@@@ -1,33 -1,0 +1,35 @@@
- From a22de27132bab557dcee6e5726d0145364cafcc9 Mon Sep 17 00:00:00 2001
++From d54059c6684032053a45a4475842132aa532bbb6 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich at suse.com>
+Date: Tue, 23 Sep 2014 14:40:51 +0200
+Subject: x86emul: only emulate software interrupt injection for real mode
+
+Protected mode emulation currently lacks proper privilege checking of
+the referenced IDT entry, and there's currently no legitimate way for
+any of the respective instructions to reach the emulator when the guest
+is in protected mode.
+
+This is XSA-106.
+
+Reported-by: Andrei LUTAS <vlutas at bitdefender.com>
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+Acked-by: Keir Fraser <keir at xen.org>
+master commit: 346d4545569928b652c40c7815c1732676f8587c
+master date: 2014-09-23 14:33:50 +0200
++
++Patch-Name: CVE-2014-7156.diff
+---
+ xen/arch/x86/x86_emulate/x86_emulate.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
+index 4810e68..5fbe024 100644
+--- a/xen/arch/x86/x86_emulate/x86_emulate.c
++++ b/xen/arch/x86/x86_emulate/x86_emulate.c
+@@ -2634,6 +2634,7 @@ x86_emulate(
+ case 0xcd: /* int imm8 */
+ src.val = insn_fetch_type(uint8_t);
+ swint:
++ fail_if(!in_realmode(ctxt, ops)); /* XSA-106 */
+ fail_if(ops->inject_sw_interrupt == NULL);
+ rc = ops->inject_sw_interrupt(src.val, _regs.eip - ctxt->regs->eip,
+ ctxt) ? : X86EMUL_EXCEPTION;
diff --cc debian/patches/CVE-2014-7188.diff
index 42f8e85,0000000..7b698db
mode 100644,000000..100644
--- a/debian/patches/CVE-2014-7188.diff
+++ b/debian/patches/CVE-2014-7188.diff
@@@ -1,46 -1,0 +1,48 @@@
- From 1dd58bd5087cd48a4f5bd6dde2e6116ba95ee677 Mon Sep 17 00:00:00 2001
++From bd095429d57b1d3f9246f8d56bc2add6401c4f7b Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich at suse.com>
+Date: Wed, 1 Oct 2014 14:59:00 +0200
+Subject: x86/HVM: properly bound x2APIC MSR range
+
+While the write path change appears to be purely cosmetic (but still
+gets done here for consistency), the read side mistake permitted
+accesses beyond the virtual APIC page.
+
+Note that while this isn't fully in line with the specification
+(digesting MSRs 0x800-0xBFF for the x2APIC), this is the minimal
+possible fix addressing the security issue and getting x2APIC related
+code into a consistent shape (elsewhere a 256 rather than 1024 wide
+window is being used too). This will be dealt with subsequently.
+
+This is CVE-2014-7188 / XSA-108.
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+master commit: 61fdda7acf3de11f3d50d50e5b4f4ecfac7e0d04
+master date: 2014-10-01 14:54:47 +0200
++
++Patch-Name: CVE-2014-7188.diff
+---
+ xen/arch/x86/hvm/hvm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
+index be1a2d3..3289604 100644
+--- a/xen/arch/x86/hvm/hvm.c
++++ b/xen/arch/x86/hvm/hvm.c
+@@ -3022,7 +3022,7 @@ int hvm_msr_read_intercept(unsigned int msr, uint64_t *msr_content)
+ *msr_content = vcpu_vlapic(v)->hw.apic_base_msr;
+ break;
+
+- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
++ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
+ if ( hvm_x2apic_msr_read(v, msr, msr_content) )
+ goto gp_fault;
+ break;
+@@ -3148,7 +3148,7 @@ int hvm_msr_write_intercept(unsigned int msr, uint64_t msr_content)
+ vlapic_tdt_msr_set(vcpu_vlapic(v), msr_content);
+ break;
+
+- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
++ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
+ if ( hvm_x2apic_msr_write(v, msr, msr_content) )
+ goto gp_fault;
+ break;
diff --cc debian/patches/CVE-2014-8594.diff
index 37c49b3,0000000..bbadad1
mode 100644,000000..100644
--- a/debian/patches/CVE-2014-8594.diff
+++ b/debian/patches/CVE-2014-8594.diff
@@@ -1,36 -1,0 +1,38 @@@
- From 27d4dc69bc564e8c6307859c74225fe0806721d4 Mon Sep 17 00:00:00 2001
++From dc3e0f6ab01bc50d565da65e3586871e3368dce2 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich at suse.com>
+Date: Tue, 18 Nov 2014 14:27:46 +0100
+Subject: x86: don't allow page table updates on non-PV page tables in
+ do_mmu_update()
+
+paging_write_guest_entry() and paging_cmpxchg_guest_entry() aren't
+consistently supported for non-PV guests (they'd deref NULL for PVH or
+non-HAP HVM ones). Don't allow respective MMU_* operations on the
+page tables of such domains.
+
+This is CVE-2014-8594 / XSA-109.
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+Acked-by: Tim Deegan <tim at xen.org>
+master commit: e4292c5aac41b80f33d4877104348d5ee7c95aa4
+master date: 2014-11-18 14:15:21 +0100
++
++Patch-Name: CVE-2014-8594.diff
+---
+ xen/arch/x86/mm.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
+index fdc5ed3..f88323f 100644
+--- a/xen/arch/x86/mm.c
++++ b/xen/arch/x86/mm.c
+@@ -3508,6 +3508,10 @@ long do_mmu_update(
+ {
+ p2m_type_t p2mt;
+
++ rc = -EOPNOTSUPP;
++ if ( unlikely(paging_mode_refcounts(pt_owner)) )
++ break;
++
+ xsm_needed |= XSM_MMU_NORMAL_UPDATE;
+ if ( get_pte_flags(req.val) & _PAGE_PRESENT )
+ {
diff --cc debian/patches/CVE-2014-8595.diff
index 90a9938,0000000..10e4c51
mode 100644,000000..100644
--- a/debian/patches/CVE-2014-8595.diff
+++ b/debian/patches/CVE-2014-8595.diff
@@@ -1,166 -1,0 +1,168 @@@
- From f858b972fb83694e140678b8bfdd812299f3af51 Mon Sep 17 00:00:00 2001
++From 3e80fe7c9754ab24e685db3ba8276595164cea9f Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich at suse.com>
+Date: Tue, 18 Nov 2014 14:28:45 +0100
+Subject: x86emul: enforce privilege level restrictions when loading CS
+
+Privilege level checks were basically missing for the CS case, the
+only check that was done (RPL == DPL for nonconforming segments)
+was solely covering a single special case (return to non-conforming
+segment).
+
+Additionally in long mode the L bit set requires the D bit to be clear,
+as was recently pointed out for KVM by Nadav Amit
+<namit at cs.technion.ac.il>.
+
+Finally we also need to force the loaded selector's RPL to CPL (at
+least as long as lret/retf emulation doesn't support privilege level
+changes).
+
+This is CVE-2014-8595 / XSA-110.
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+Reviewed-by: Tim Deegan <tim at xen.org>
+master commit: 1d68c1a70e00ed95ef0889cfa005379dab27b37d
+master date: 2014-11-18 14:16:23 +0100
++
++Patch-Name: CVE-2014-8595.diff
+---
+ xen/arch/x86/x86_emulate/x86_emulate.c | 42 ++++++++++++++++++++++------------
+ 1 file changed, 28 insertions(+), 14 deletions(-)
+
+diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
+index 5fbe024..25571c6 100644
+--- a/xen/arch/x86/x86_emulate/x86_emulate.c
++++ b/xen/arch/x86/x86_emulate/x86_emulate.c
+@@ -1114,7 +1114,7 @@ realmode_load_seg(
+ static int
+ protmode_load_seg(
+ enum x86_segment seg,
+- uint16_t sel,
++ uint16_t sel, bool_t is_ret,
+ struct x86_emulate_ctxt *ctxt,
+ const struct x86_emulate_ops *ops)
+ {
+@@ -1180,9 +1180,23 @@ protmode_load_seg(
+ /* Code segment? */
+ if ( !(desc.b & (1u<<11)) )
+ goto raise_exn;
+- /* Non-conforming segment: check DPL against RPL. */
+- if ( ((desc.b & (6u<<9)) != (6u<<9)) && (dpl != rpl) )
++ if ( is_ret
++ ? /*
++ * Really rpl < cpl, but our sole caller doesn't handle
++ * privilege level changes.
++ */
++ rpl != cpl || (desc.b & (1 << 10) ? dpl > rpl : dpl != rpl)
++ : desc.b & (1 << 10)
++ /* Conforming segment: check DPL against CPL. */
++ ? dpl > cpl
++ /* Non-conforming segment: check RPL and DPL against CPL. */
++ : rpl > cpl || dpl != cpl )
++ goto raise_exn;
++ /* 64-bit code segments (L bit set) must have D bit clear. */
++ if ( in_longmode(ctxt, ops) &&
++ (desc.b & (1 << 21)) && (desc.b & (1 << 22)) )
+ goto raise_exn;
++ sel = (sel ^ rpl) | cpl;
+ break;
+ case x86_seg_ss:
+ /* Writable data segment? */
+@@ -1247,7 +1261,7 @@ protmode_load_seg(
+ static int
+ load_seg(
+ enum x86_segment seg,
+- uint16_t sel,
++ uint16_t sel, bool_t is_ret,
+ struct x86_emulate_ctxt *ctxt,
+ const struct x86_emulate_ops *ops)
+ {
+@@ -1256,7 +1270,7 @@ load_seg(
+ return X86EMUL_UNHANDLEABLE;
+
+ if ( in_protmode(ctxt, ops) )
+- return protmode_load_seg(seg, sel, ctxt, ops);
++ return protmode_load_seg(seg, sel, is_ret, ctxt, ops);
+
+ return realmode_load_seg(seg, sel, ctxt, ops);
+ }
+@@ -1888,7 +1902,7 @@ x86_emulate(
+ if ( (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes),
+ &dst.val, op_bytes, ctxt, ops)) != 0 )
+ goto done;
+- if ( (rc = load_seg(src.val, (uint16_t)dst.val, ctxt, ops)) != 0 )
++ if ( (rc = load_seg(src.val, dst.val, 0, ctxt, ops)) != 0 )
+ return rc;
+ break;
+
+@@ -2242,7 +2256,7 @@ x86_emulate(
+ enum x86_segment seg = decode_segment(modrm_reg);
+ generate_exception_if(seg == decode_segment_failed, EXC_UD, -1);
+ generate_exception_if(seg == x86_seg_cs, EXC_UD, -1);
+- if ( (rc = load_seg(seg, (uint16_t)src.val, ctxt, ops)) != 0 )
++ if ( (rc = load_seg(seg, src.val, 0, ctxt, ops)) != 0 )
+ goto done;
+ if ( seg == x86_seg_ss )
+ ctxt->retire.flags.mov_ss = 1;
+@@ -2323,7 +2337,7 @@ x86_emulate(
+ &_regs.eip, op_bytes, ctxt)) )
+ goto done;
+
+- if ( (rc = load_seg(x86_seg_cs, sel, ctxt, ops)) != 0 )
++ if ( (rc = load_seg(x86_seg_cs, sel, 0, ctxt, ops)) != 0 )
+ goto done;
+ _regs.eip = eip;
+ break;
+@@ -2547,7 +2561,7 @@ x86_emulate(
+ if ( (rc = read_ulong(src.mem.seg, src.mem.off + src.bytes,
+ &sel, 2, ctxt, ops)) != 0 )
+ goto done;
+- if ( (rc = load_seg(dst.val, (uint16_t)sel, ctxt, ops)) != 0 )
++ if ( (rc = load_seg(dst.val, sel, 0, ctxt, ops)) != 0 )
+ goto done;
+ dst.val = src.val;
+ break;
+@@ -2621,7 +2635,7 @@ x86_emulate(
+ &dst.val, op_bytes, ctxt, ops)) ||
+ (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes + offset),
+ &src.val, op_bytes, ctxt, ops)) ||
+- (rc = load_seg(x86_seg_cs, (uint16_t)src.val, ctxt, ops)) )
++ (rc = load_seg(x86_seg_cs, src.val, 1, ctxt, ops)) )
+ goto done;
+ _regs.eip = dst.val;
+ break;
+@@ -2668,7 +2682,7 @@ x86_emulate(
+ _regs.eflags &= mask;
+ _regs.eflags |= (uint32_t)(eflags & ~mask) | 0x02;
+ _regs.eip = eip;
+- if ( (rc = load_seg(x86_seg_cs, (uint16_t)cs, ctxt, ops)) != 0 )
++ if ( (rc = load_seg(x86_seg_cs, cs, 1, ctxt, ops)) != 0 )
+ goto done;
+ break;
+ }
+@@ -3298,7 +3312,7 @@ x86_emulate(
+ generate_exception_if(mode_64bit(), EXC_UD, -1);
+ eip = insn_fetch_bytes(op_bytes);
+ sel = insn_fetch_type(uint16_t);
+- if ( (rc = load_seg(x86_seg_cs, sel, ctxt, ops)) != 0 )
++ if ( (rc = load_seg(x86_seg_cs, sel, 0, ctxt, ops)) != 0 )
+ goto done;
+ _regs.eip = eip;
+ break;
+@@ -3596,7 +3610,7 @@ x86_emulate(
+ goto done;
+ }
+
+- if ( (rc = load_seg(x86_seg_cs, sel, ctxt, ops)) != 0 )
++ if ( (rc = load_seg(x86_seg_cs, sel, 0, ctxt, ops)) != 0 )
+ goto done;
+ _regs.eip = src.val;
+
+@@ -3663,7 +3677,7 @@ x86_emulate(
+ generate_exception_if(!in_protmode(ctxt, ops), EXC_UD, -1);
+ generate_exception_if(!mode_ring0(), EXC_GP, 0);
+ if ( (rc = load_seg((modrm_reg & 1) ? x86_seg_tr : x86_seg_ldtr,
+- src.val, ctxt, ops)) != 0 )
++ src.val, 0, ctxt, ops)) != 0 )
+ goto done;
+ break;
+
diff --cc debian/patches/CVE-2014-8866.diff
index b9ac049,0000000..81afb75
mode 100644,000000..100644
--- a/debian/patches/CVE-2014-8866.diff
+++ b/debian/patches/CVE-2014-8866.diff
@@@ -1,144 -1,0 +1,146 @@@
- From e14c2c7d928299a5324fa8244059e702c6026163 Mon Sep 17 00:00:00 2001
++From 5458152f1f18fff8f4ba2f73c144b9bb6d727bb5 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich at suse.com>
+Date: Thu, 27 Nov 2014 14:10:52 +0100
+Subject: x86: limit checks in hypercall_xlat_continuation() to actual
+ arguments
+
+HVM/PVH guests can otherwise trigger the final BUG_ON() in that
+function by entering 64-bit mode, setting the high halves of affected
+registers to non-zero values, leaving 64-bit mode, and issuing a
+hypercall that might get preempted and hence become subject to
+continuation argument translation (HYPERVISOR_memory_op being the only
+one possible for HVM, PVH also having the option of using
+HYPERVISOR_mmuext_op). This issue got introduced when HVM code was
+switched to use compat_memory_op() - neither that nor
+hypercall_xlat_continuation() were originally intended to be used by
+other than PV guests (which can't enter 64-bit mode and hence have no
+way to alter the high halves of 64-bit registers).
+
+This is CVE-2014-8866 / XSA-111.
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+Reviewed-by: Tim Deegan <tim at xen.org>
+master commit: 0ad715304b04739fd2fc9517ce8671d3947c7621
+master date: 2014-11-27 14:00:23 +0100
+
+(cherry picked from commit 98c78711764082171b3fa189793c6db904f65ebc)
++
++Patch-Name: CVE-2014-8866.diff
+---
+ xen/arch/x86/domain.c | 12 ++++++++----
+ xen/arch/x86/x86_64/compat/mm.c | 6 +++---
+ xen/common/compat/memory.c | 2 +-
+ xen/include/xen/compat.h | 5 ++++-
+ 4 files changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
+index 789e4a0..8a276f9 100644
+--- a/xen/arch/x86/domain.c
++++ b/xen/arch/x86/domain.c
+@@ -1697,7 +1697,8 @@ unsigned long hypercall_create_continuation(
+ return op;
+ }
+
+-int hypercall_xlat_continuation(unsigned int *id, unsigned int mask, ...)
++int hypercall_xlat_continuation(unsigned int *id, unsigned int nr,
++ unsigned int mask, ...)
+ {
+ int rc = 0;
+ struct mc_state *mcs = ¤t->mc_state;
+@@ -1706,7 +1707,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int mask, ...)
+ unsigned long nval = 0;
+ va_list args;
+
+- BUG_ON(id && *id > 5);
++ ASSERT(nr <= ARRAY_SIZE(mcs->call.args));
++ ASSERT(!(mask >> nr));
++
++ BUG_ON(id && *id >= nr);
+ BUG_ON(id && (mask & (1U << *id)));
+
+ va_start(args, mask);
+@@ -1719,7 +1723,7 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int mask, ...)
+ return 0;
+ }
+
+- for ( i = 0; i < 6; ++i, mask >>= 1 )
++ for ( i = 0; i < nr; ++i, mask >>= 1 )
+ {
+ if ( mask & 1 )
+ {
+@@ -1747,7 +1751,7 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int mask, ...)
+ else
+ {
+ regs = guest_cpu_user_regs();
+- for ( i = 0; i < 6; ++i, mask >>= 1 )
++ for ( i = 0; i < nr; ++i, mask >>= 1 )
+ {
+ unsigned long *reg;
+
+diff --git a/xen/arch/x86/x86_64/compat/mm.c b/xen/arch/x86/x86_64/compat/mm.c
+index 0a8408b..42aa85e 100644
+--- a/xen/arch/x86/x86_64/compat/mm.c
++++ b/xen/arch/x86/x86_64/compat/mm.c
+@@ -116,7 +116,7 @@ int compat_arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg)
+ break;
+
+ if ( rc == __HYPERVISOR_memory_op )
+- hypercall_xlat_continuation(NULL, 0x2, nat, arg);
++ hypercall_xlat_continuation(NULL, 2, 0x2, nat, arg);
+
+ XLAT_pod_target(&cmp, nat);
+
+@@ -351,7 +351,7 @@ int compat_mmuext_op(XEN_GUEST_HANDLE_PARAM(mmuext_op_compat_t) cmp_uops,
+ left = 1;
+ if ( arg1 != MMU_UPDATE_PREEMPTED )
+ {
+- BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops,
++ BUG_ON(!hypercall_xlat_continuation(&left, 4, 0x01, nat_ops,
+ cmp_uops));
+ if ( !test_bit(_MCSF_in_multicall, &mcs->flags) )
+ regs->_ecx += count - i;
+@@ -359,7 +359,7 @@ int compat_mmuext_op(XEN_GUEST_HANDLE_PARAM(mmuext_op_compat_t) cmp_uops,
+ mcs->compat_call.args[1] += count - i;
+ }
+ else
+- BUG_ON(hypercall_xlat_continuation(&left, 0));
++ BUG_ON(hypercall_xlat_continuation(&left, 4, 0));
+ BUG_ON(left != arg1);
+ }
+ else
+diff --git a/xen/common/compat/memory.c b/xen/common/compat/memory.c
+index daa2e04..c5d58e6 100644
+--- a/xen/common/compat/memory.c
++++ b/xen/common/compat/memory.c
+@@ -279,7 +279,7 @@ int compat_memory_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) compat)
+ break;
+
+ cmd = 0;
+- if ( hypercall_xlat_continuation(&cmd, 0x02, nat.hnd, compat) )
++ if ( hypercall_xlat_continuation(&cmd, 2, 0x02, nat.hnd, compat) )
+ {
+ BUG_ON(rc != __HYPERVISOR_memory_op);
+ BUG_ON((cmd & MEMOP_CMD_MASK) != op);
+diff --git a/xen/include/xen/compat.h b/xen/include/xen/compat.h
+index ca60699..bb3ffd1 100644
+--- a/xen/include/xen/compat.h
++++ b/xen/include/xen/compat.h
+@@ -195,6 +195,8 @@ static inline int name(k xen_ ## n *x, k compat_ ## n *c) \
+ * This option is useful for extracting the "op" argument or similar from the
+ * hypercall to enable further xlat processing.
+ *
++ * nr: Total number of arguments the hypercall has.
++ *
+ * mask: Specifies which of the hypercall arguments require compat translation.
+ * bit 0 indicates that the 0'th argument requires translation, bit 1 indicates
+ * that the first argument requires translation and so on. Native and compat
+@@ -214,7 +216,8 @@ static inline int name(k xen_ ## n *x, k compat_ ## n *c) \
+ *
+ * Return: Number of arguments which were actually translated.
+ */
+-int hypercall_xlat_continuation(unsigned int *id, unsigned int mask, ...);
++int hypercall_xlat_continuation(unsigned int *id, unsigned int nr,
++ unsigned int mask, ...);
+
+ /* In-place translation functons: */
+ struct start_info;
diff --cc debian/patches/CVE-2014-8867.diff
index 1e9c5d4,0000000..ace95bb
mode 100644,000000..100644
--- a/debian/patches/CVE-2014-8867.diff
+++ b/debian/patches/CVE-2014-8867.diff
@@@ -1,103 -1,0 +1,105 @@@
- From 90df75e1acbb4b7f8acc4043e6fcc0164dc13e60 Mon Sep 17 00:00:00 2001
++From 733fa33785ddd605d33506a3f8222c650b6c299f Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich at suse.com>
+Date: Thu, 27 Nov 2014 14:11:57 +0100
+Subject: x86/HVM: confine internally handled MMIO to solitary regions
+
+While it is generally wrong to cross region boundaries when dealing
+with MMIO accesses of repeated string instructions (currently only
+MOVS) as that would do things a guest doesn't expect (leaving aside
+that none of these regions would normally be accessed with repeated
+string instructions in the first place), this is even more of a problem
+for all virtual MSI-X page accesses (both msixtbl_{read,write}() can be
+made dereference NULL "entry" pointers this way) as well as undersized
+(1- or 2-byte) LAPIC writes (causing vlapic_read_aligned() to access
+space beyond the one memory page set up for holding LAPIC register
+values).
+
+Since those functions validly assume to be called only with addresses
+their respective checking functions indicated to be okay, it is generic
+code that needs to be fixed to clip the repetition count.
+
+To be on the safe side (and consistent), also do the same for buffered
+I/O intercepts, even if their only client (stdvga) doesn't put the
+hypervisor at risk (i.e. "only" guest misbehavior would result).
+
+This is CVE-2014-8867 / XSA-112.
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+Reviewed-by: Tim Deegan <tim at xen.org>
+master commit: c5397354b998d030b021810b8202de93b9526818
+master date: 2014-11-27 14:01:40 +0100
+
+(cherry picked from commit a39f202031d7f1d8d9e14b8c3d7d11c812db253e)
++
++Patch-Name: CVE-2014-8867.diff
+---
+ xen/arch/x86/hvm/intercept.c | 22 +++++++++++++++++++++-
+ xen/arch/x86/hvm/vmsi.c | 4 ++++
+ 2 files changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/xen/arch/x86/hvm/intercept.c b/xen/arch/x86/hvm/intercept.c
+index 7cc13b5..52ffee3 100644
+--- a/xen/arch/x86/hvm/intercept.c
++++ b/xen/arch/x86/hvm/intercept.c
+@@ -169,11 +169,24 @@ int hvm_mmio_intercept(ioreq_t *p)
+ int i;
+
+ for ( i = 0; i < HVM_MMIO_HANDLER_NR; i++ )
+- if ( hvm_mmio_handlers[i]->check_handler(v, p->addr) )
++ {
++ hvm_mmio_check_t check_handler =
++ hvm_mmio_handlers[i]->check_handler;
++
++ if ( check_handler(v, p->addr) )
++ {
++ if ( unlikely(p->count > 1) &&
++ !check_handler(v, unlikely(p->df)
++ ? p->addr - (p->count - 1L) * p->size
++ : p->addr + (p->count - 1L) * p->size) )
++ p->count = 1;
++
+ return hvm_mmio_access(
+ v, p,
+ hvm_mmio_handlers[i]->read_handler,
+ hvm_mmio_handlers[i]->write_handler);
++ }
++ }
+
+ return X86EMUL_UNHANDLEABLE;
+ }
+@@ -330,6 +343,13 @@ int hvm_io_intercept(ioreq_t *p, int type)
+ if ( type == HVM_PORTIO )
+ return process_portio_intercept(
+ handler->hdl_list[i].action.portio, p);
++
++ if ( unlikely(p->count > 1) &&
++ (unlikely(p->df)
++ ? p->addr - (p->count - 1L) * p->size < addr
++ : p->addr + p->count * 1L * p->size - 1 >= addr + size) )
++ p->count = 1;
++
+ return handler->hdl_list[i].action.mmio(p);
+ }
+ }
+diff --git a/xen/arch/x86/hvm/vmsi.c b/xen/arch/x86/hvm/vmsi.c
+index 10e5f34..dc3e4d7 100644
+--- a/xen/arch/x86/hvm/vmsi.c
++++ b/xen/arch/x86/hvm/vmsi.c
+@@ -235,6 +235,8 @@ static int msixtbl_read(
+ rcu_read_lock(&msixtbl_rcu_lock);
+
+ entry = msixtbl_find_entry(v, address);
++ if ( !entry )
++ goto out;
+ offset = address & (PCI_MSIX_ENTRY_SIZE - 1);
+
+ if ( offset != PCI_MSIX_ENTRY_VECTOR_CTRL_OFFSET )
+@@ -277,6 +279,8 @@ static int msixtbl_write(struct vcpu *v, unsigned long address,
+ rcu_read_lock(&msixtbl_rcu_lock);
+
+ entry = msixtbl_find_entry(v, address);
++ if ( !entry )
++ goto out;
+ nr_entry = (address - entry->gtable) / PCI_MSIX_ENTRY_SIZE;
+
+ offset = address & (PCI_MSIX_ENTRY_SIZE - 1);
diff --cc debian/patches/CVE-2014-9030.diff
index 22a07c4,0000000..c0f33ee
mode 100644,000000..100644
--- a/debian/patches/CVE-2014-9030.diff
+++ b/debian/patches/CVE-2014-9030.diff
@@@ -1,53 -1,0 +1,55 @@@
- From 8e4e0321788113f90b061267635f9c6b4b98b750 Mon Sep 17 00:00:00 2001
++From 09fcd23db55b6043ae40be55e91f508a2c9dbd31 Mon Sep 17 00:00:00 2001
+From: Andrew Cooper <andrew.cooper3 at citrix.com>
+Date: Thu, 20 Nov 2014 17:43:39 +0100
+Subject: x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE
+
+Any domain which can pass the XSM check against a translated guest can cause a
+page reference to be leaked.
+
+While shuffling the order of checks, drop the quite-pointless MEM_LOG(). This
+brings the check in line with similar checks in the vicinity.
+
+Discovered while reviewing the XSA-109/110 followup series.
+
+This is XSA-113.
+
+Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
+Reviewed-by: Jan Beulich <jbeulich at suse.com>
+Reviewed-by: Tim Deegan <tim at xen.org>
++
++Patch-Name: CVE-2014-9030.diff
+---
+ xen/arch/x86/mm.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
+index f88323f..db0b6fe 100644
+--- a/xen/arch/x86/mm.c
++++ b/xen/arch/x86/mm.c
+@@ -3634,6 +3634,12 @@ long do_mmu_update(
+
+ case MMU_MACHPHYS_UPDATE:
+
++ if ( unlikely(paging_mode_translate(pg_owner)) )
++ {
++ rc = -EINVAL;
++ break;
++ }
++
+ mfn = req.ptr >> PAGE_SHIFT;
+ gpfn = req.val;
+
+@@ -3653,13 +3659,6 @@ long do_mmu_update(
+ break;
+ }
+
+- if ( unlikely(paging_mode_translate(pg_owner)) )
+- {
+- MEM_LOG("Mach-phys update on auto-translate guest");
+- rc = -EINVAL;
+- break;
+- }
+-
+ set_gpfn_from_mfn(mfn, gpfn);
+
+ paging_mark_dirty(pg_owner, mfn);
diff --cc debian/patches/CVE-2014-9065.diff
index 965d7af,0000000..0a8fc17
mode 100644,000000..100644
--- a/debian/patches/CVE-2014-9065.diff
+++ b/debian/patches/CVE-2014-9065.diff
@@@ -1,524 -1,0 +1,524 @@@
- From 46c58c1d1a991e596fe3a2b6474add1d391b2282 Mon Sep 17 00:00:00 2001
++From 21e58346145a93c80356d565cba28dbe10ecad28 Mon Sep 17 00:00:00 2001
+From: Keir Fraser <keir at xen.org>
+Date: Mon, 8 Dec 2014 15:26:57 +0100
+Subject: switch to write-biased r/w locks
+
+This is to improve fairness: A permanent flow of read acquires can
+otherwise lock out eventual writers indefinitely.
+
+This is CVE-2014-9065 / XSA-114.
+
+Signed-off-by: Keir Fraser <keir at xen.org>
+Reviewed-by: Jan Beulich <jbeulich at suse.com>
+Reviewed-by: Andrew Cooper <andrew.cooper3 at citrix.com>
+Tested-by: Andrew Cooper <andrew.cooper3 at citrix.com>
+master commit: 2a549b9c8aa48dc39d7c97e5a93978b781b3a1db
+master date: 2014-12-08 14:45:46 +0100
+
+(cherry picked from commit 8029dc43f4b232968168ca5bbd0ef47589243140)
+
+Patch-Name: CVE-2014-9065.diff
+---
+ xen/common/spinlock.c | 136 +++++++++++++++++++++++------------
+ xen/include/asm-arm/arm32/spinlock.h | 78 --------------------
+ xen/include/asm-arm/arm64/spinlock.h | 63 ----------------
+ xen/include/asm-x86/spinlock.h | 54 --------------
+ xen/include/xen/spinlock.h | 6 +-
+ 5 files changed, 93 insertions(+), 244 deletions(-)
+
+diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c
+index 575cc6d..f9f19a8 100644
+--- a/xen/common/spinlock.c
++++ b/xen/common/spinlock.c
+@@ -271,112 +271,151 @@ void _spin_unlock_recursive(spinlock_t *lock)
+
+ void _read_lock(rwlock_t *lock)
+ {
++ uint32_t x;
++
+ check_lock(&lock->debug);
+- while ( unlikely(!_raw_read_trylock(&lock->raw)) )
+- {
+- while ( likely(_raw_rw_is_write_locked(&lock->raw)) )
++ do {
++ while ( (x = lock->lock) & RW_WRITE_FLAG )
+ cpu_relax();
+- }
++ } while ( cmpxchg(&lock->lock, x, x+1) != x );
+ preempt_disable();
+ }
+
+ void _read_lock_irq(rwlock_t *lock)
+ {
++ uint32_t x;
++
+ ASSERT(local_irq_is_enabled());
+ local_irq_disable();
+ check_lock(&lock->debug);
+- while ( unlikely(!_raw_read_trylock(&lock->raw)) )
+- {
+- local_irq_enable();
+- while ( likely(_raw_rw_is_write_locked(&lock->raw)) )
+- cpu_relax();
+- local_irq_disable();
+- }
++ do {
++ if ( (x = lock->lock) & RW_WRITE_FLAG )
++ {
++ local_irq_enable();
++ while ( (x = lock->lock) & RW_WRITE_FLAG )
++ cpu_relax();
++ local_irq_disable();
++ }
++ } while ( cmpxchg(&lock->lock, x, x+1) != x );
+ preempt_disable();
+ }
+
+ unsigned long _read_lock_irqsave(rwlock_t *lock)
+ {
++ uint32_t x;
+ unsigned long flags;
++
+ local_irq_save(flags);
+ check_lock(&lock->debug);
+- while ( unlikely(!_raw_read_trylock(&lock->raw)) )
+- {
+- local_irq_restore(flags);
+- while ( likely(_raw_rw_is_write_locked(&lock->raw)) )
+- cpu_relax();
+- local_irq_save(flags);
+- }
++ do {
++ if ( (x = lock->lock) & RW_WRITE_FLAG )
++ {
++ local_irq_restore(flags);
++ while ( (x = lock->lock) & RW_WRITE_FLAG )
++ cpu_relax();
++ local_irq_save(flags);
++ }
++ } while ( cmpxchg(&lock->lock, x, x+1) != x );
+ preempt_disable();
+ return flags;
+ }
+
+ int _read_trylock(rwlock_t *lock)
+ {
++ uint32_t x;
++
+ check_lock(&lock->debug);
+- if ( !_raw_read_trylock(&lock->raw) )
+- return 0;
++ do {
++ if ( (x = lock->lock) & RW_WRITE_FLAG )
++ return 0;
++ } while ( cmpxchg(&lock->lock, x, x+1) != x );
+ preempt_disable();
+ return 1;
+ }
+
+ void _read_unlock(rwlock_t *lock)
+ {
++ uint32_t x, y;
++
+ preempt_enable();
+- _raw_read_unlock(&lock->raw);
++ x = lock->lock;
++ while ( (y = cmpxchg(&lock->lock, x, x-1)) != x )
++ x = y;
+ }
+
+ void _read_unlock_irq(rwlock_t *lock)
+ {
+- preempt_enable();
+- _raw_read_unlock(&lock->raw);
++ _read_unlock(lock);
+ local_irq_enable();
+ }
+
+ void _read_unlock_irqrestore(rwlock_t *lock, unsigned long flags)
+ {
+- preempt_enable();
+- _raw_read_unlock(&lock->raw);
++ _read_unlock(lock);
+ local_irq_restore(flags);
+ }
+
+ void _write_lock(rwlock_t *lock)
+ {
++ uint32_t x;
++
+ check_lock(&lock->debug);
+- while ( unlikely(!_raw_write_trylock(&lock->raw)) )
+- {
+- while ( likely(_raw_rw_is_locked(&lock->raw)) )
++ do {
++ while ( (x = lock->lock) & RW_WRITE_FLAG )
+ cpu_relax();
++ } while ( cmpxchg(&lock->lock, x, x|RW_WRITE_FLAG) != x );
++ while ( x != 0 )
++ {
++ cpu_relax();
++ x = lock->lock & ~RW_WRITE_FLAG;
+ }
+ preempt_disable();
+ }
+
+ void _write_lock_irq(rwlock_t *lock)
+ {
++ uint32_t x;
++
+ ASSERT(local_irq_is_enabled());
+ local_irq_disable();
+ check_lock(&lock->debug);
+- while ( unlikely(!_raw_write_trylock(&lock->raw)) )
++ do {
++ if ( (x = lock->lock) & RW_WRITE_FLAG )
++ {
++ local_irq_enable();
++ while ( (x = lock->lock) & RW_WRITE_FLAG )
++ cpu_relax();
++ local_irq_disable();
++ }
++ } while ( cmpxchg(&lock->lock, x, x|RW_WRITE_FLAG) != x );
++ while ( x != 0 )
+ {
+- local_irq_enable();
+- while ( likely(_raw_rw_is_locked(&lock->raw)) )
+- cpu_relax();
+- local_irq_disable();
++ cpu_relax();
++ x = lock->lock & ~RW_WRITE_FLAG;
+ }
+ preempt_disable();
+ }
+
+ unsigned long _write_lock_irqsave(rwlock_t *lock)
+ {
++ uint32_t x;
+ unsigned long flags;
++
+ local_irq_save(flags);
+ check_lock(&lock->debug);
+- while ( unlikely(!_raw_write_trylock(&lock->raw)) )
++ do {
++ if ( (x = lock->lock) & RW_WRITE_FLAG )
++ {
++ local_irq_restore(flags);
++ while ( (x = lock->lock) & RW_WRITE_FLAG )
++ cpu_relax();
++ local_irq_save(flags);
++ }
++ } while ( cmpxchg(&lock->lock, x, x|RW_WRITE_FLAG) != x );
++ while ( x != 0 )
+ {
+- local_irq_restore(flags);
+- while ( likely(_raw_rw_is_locked(&lock->raw)) )
+- cpu_relax();
+- local_irq_save(flags);
++ cpu_relax();
++ x = lock->lock & ~RW_WRITE_FLAG;
+ }
+ preempt_disable();
+ return flags;
+@@ -384,9 +423,13 @@ unsigned long _write_lock_irqsave(rwlock_t *lock)
+
+ int _write_trylock(rwlock_t *lock)
+ {
++ uint32_t x;
++
+ check_lock(&lock->debug);
+- if ( !_raw_write_trylock(&lock->raw) )
+- return 0;
++ do {
++ if ( (x = lock->lock) != 0 )
++ return 0;
++ } while ( cmpxchg(&lock->lock, x, x|RW_WRITE_FLAG) != x );
+ preempt_disable();
+ return 1;
+ }
+@@ -394,33 +437,32 @@ int _write_trylock(rwlock_t *lock)
+ void _write_unlock(rwlock_t *lock)
+ {
+ preempt_enable();
+- _raw_write_unlock(&lock->raw);
++ if ( cmpxchg(&lock->lock, RW_WRITE_FLAG, 0) != RW_WRITE_FLAG )
++ BUG();
+ }
+
+ void _write_unlock_irq(rwlock_t *lock)
+ {
+- preempt_enable();
+- _raw_write_unlock(&lock->raw);
++ _write_unlock(lock);
+ local_irq_enable();
+ }
+
+ void _write_unlock_irqrestore(rwlock_t *lock, unsigned long flags)
+ {
+- preempt_enable();
+- _raw_write_unlock(&lock->raw);
++ _write_unlock(lock);
+ local_irq_restore(flags);
+ }
+
+ int _rw_is_locked(rwlock_t *lock)
+ {
+ check_lock(&lock->debug);
+- return _raw_rw_is_locked(&lock->raw);
++ return (lock->lock != 0); /* anyone in critical section? */
+ }
+
+ int _rw_is_write_locked(rwlock_t *lock)
+ {
+ check_lock(&lock->debug);
+- return _raw_rw_is_write_locked(&lock->raw);
++ return (lock->lock == RW_WRITE_FLAG); /* writer in critical section? */
+ }
+
+ #ifdef LOCK_PROFILE
+diff --git a/xen/include/asm-arm/arm32/spinlock.h b/xen/include/asm-arm/arm32/spinlock.h
+index ba11ad6..bc0343c 100644
+--- a/xen/include/asm-arm/arm32/spinlock.h
++++ b/xen/include/asm-arm/arm32/spinlock.h
+@@ -55,84 +55,6 @@ static always_inline int _raw_spin_trylock(raw_spinlock_t *lock)
+ }
+ }
+
+-typedef struct {
+- volatile unsigned int lock;
+-} raw_rwlock_t;
+-
+-#define _RAW_RW_LOCK_UNLOCKED { 0 }
+-
+-static always_inline int _raw_read_trylock(raw_rwlock_t *rw)
+-{
+- unsigned long tmp, tmp2 = 1;
+-
+- __asm__ __volatile__(
+-"1: ldrex %0, [%2]\n"
+-" adds %0, %0, #1\n"
+-" strexpl %1, %0, [%2]\n"
+- : "=&r" (tmp), "+r" (tmp2)
+- : "r" (&rw->lock)
+- : "cc");
+-
+- smp_mb();
+- return tmp2 == 0;
+-}
+-
+-static always_inline int _raw_write_trylock(raw_rwlock_t *rw)
+-{
+- unsigned long tmp;
+-
+- __asm__ __volatile__(
+-"1: ldrex %0, [%1]\n"
+-" teq %0, #0\n"
+-" strexeq %0, %2, [%1]"
+- : "=&r" (tmp)
+- : "r" (&rw->lock), "r" (0x80000000)
+- : "cc");
+-
+- if (tmp == 0) {
+- smp_mb();
+- return 1;
+- } else {
+- return 0;
+- }
+-}
+-
+-static inline void _raw_read_unlock(raw_rwlock_t *rw)
+-{
+- unsigned long tmp, tmp2;
+-
+- smp_mb();
+-
+- __asm__ __volatile__(
+-"1: ldrex %0, [%2]\n"
+-" sub %0, %0, #1\n"
+-" strex %1, %0, [%2]\n"
+-" teq %1, #0\n"
+-" bne 1b"
+- : "=&r" (tmp), "=&r" (tmp2)
+- : "r" (&rw->lock)
+- : "cc");
+-
+- if (tmp == 0)
+- dsb_sev();
+-}
+-
+-static inline void _raw_write_unlock(raw_rwlock_t *rw)
+-{
+- smp_mb();
+-
+- __asm__ __volatile__(
+- "str %1, [%0]\n"
+- :
+- : "r" (&rw->lock), "r" (0)
+- : "cc");
+-
+- dsb_sev();
+-}
+-
+-#define _raw_rw_is_locked(x) ((x)->lock != 0)
+-#define _raw_rw_is_write_locked(x) ((x)->lock == 0x80000000)
+-
+ #endif /* __ASM_SPINLOCK_H */
+ /*
+ * Local variables:
+diff --git a/xen/include/asm-arm/arm64/spinlock.h b/xen/include/asm-arm/arm64/spinlock.h
+index 3a36cfd..5ae034d 100644
+--- a/xen/include/asm-arm/arm64/spinlock.h
++++ b/xen/include/asm-arm/arm64/spinlock.h
+@@ -52,69 +52,6 @@ static always_inline int _raw_spin_trylock(raw_spinlock_t *lock)
+ return !tmp;
+ }
+
+-typedef struct {
+- volatile unsigned int lock;
+-} raw_rwlock_t;
+-
+-#define _RAW_RW_LOCK_UNLOCKED { 0 }
+-
+-static always_inline int _raw_read_trylock(raw_rwlock_t *rw)
+-{
+- unsigned int tmp, tmp2 = 1;
+-
+- asm volatile(
+- " ldaxr %w0, %2\n"
+- " add %w0, %w0, #1\n"
+- " tbnz %w0, #31, 1f\n"
+- " stxr %w1, %w0, %2\n"
+- "1:\n"
+- : "=&r" (tmp), "+r" (tmp2), "+Q" (rw->lock)
+- :
+- : "cc", "memory");
+-
+- return !tmp2;
+-}
+-
+-static always_inline int _raw_write_trylock(raw_rwlock_t *rw)
+-{
+- unsigned int tmp;
+-
+- asm volatile(
+- " ldaxr %w0, %1\n"
+- " cbnz %w0, 1f\n"
+- " stxr %w0, %w2, %1\n"
+- "1:\n"
+- : "=&r" (tmp), "+Q" (rw->lock)
+- : "r" (0x80000000)
+- : "cc", "memory");
+-
+- return !tmp;
+-}
+-
+-static inline void _raw_read_unlock(raw_rwlock_t *rw)
+-{
+- unsigned int tmp, tmp2;
+-
+- asm volatile(
+- " 1: ldxr %w0, %2\n"
+- " sub %w0, %w0, #1\n"
+- " stlxr %w1, %w0, %2\n"
+- " cbnz %w1, 1b\n"
+- : "=&r" (tmp), "=&r" (tmp2), "+Q" (rw->lock)
+- :
+- : "cc", "memory");
+-}
+-
+-static inline void _raw_write_unlock(raw_rwlock_t *rw)
+-{
+- asm volatile(
+- " stlr %w1, %0\n"
+- : "=Q" (rw->lock) : "r" (0) : "memory");
+-}
+-
+-#define _raw_rw_is_locked(x) ((x)->lock != 0)
+-#define _raw_rw_is_write_locked(x) ((x)->lock == 0x80000000)
+-
+ #endif /* __ASM_SPINLOCK_H */
+ /*
+ * Local variables:
+diff --git a/xen/include/asm-x86/spinlock.h b/xen/include/asm-x86/spinlock.h
+index 6bc044c..06d9b04 100644
+--- a/xen/include/asm-x86/spinlock.h
++++ b/xen/include/asm-x86/spinlock.h
+@@ -31,58 +31,4 @@ static always_inline int _raw_spin_trylock(raw_spinlock_t *lock)
+ return (oldval > 0);
+ }
+
+-typedef struct {
+- volatile int lock;
+-} raw_rwlock_t;
+-
+-#define RW_WRITE_BIAS 0x7fffffff
+-#define _RAW_RW_LOCK_UNLOCKED /*(raw_rwlock_t)*/ { 0 }
+-
+-static always_inline int _raw_read_trylock(raw_rwlock_t *rw)
+-{
+- int acquired;
+-
+- asm volatile (
+- " lock; decl %0 \n"
+- " jns 2f \n"
+-#ifdef __clang__ /* clang's builtin assember can't do .subsection */
+- "1: .pushsection .fixup,\"ax\"\n"
+-#else
+- "1: .subsection 1 \n"
+-#endif
+- "2: lock; incl %0 \n"
+- " decl %1 \n"
+- " jmp 1b \n"
+-#ifdef __clang__
+- " .popsection \n"
+-#else
+- " .subsection 0 \n"
+-#endif
+- : "=m" (rw->lock), "=r" (acquired) : "1" (1) : "memory" );
+-
+- return acquired;
+-}
+-
+-static always_inline int _raw_write_trylock(raw_rwlock_t *rw)
+-{
+- return (cmpxchg(&rw->lock, 0, RW_WRITE_BIAS) == 0);
+-}
+-
+-static always_inline void _raw_read_unlock(raw_rwlock_t *rw)
+-{
+- asm volatile (
+- "lock ; incl %0"
+- : "=m" ((rw)->lock) : : "memory" );
+-}
+-
+-static always_inline void _raw_write_unlock(raw_rwlock_t *rw)
+-{
+- asm volatile (
+- "lock ; subl %1,%0"
+- : "=m" ((rw)->lock) : "i" (RW_WRITE_BIAS) : "memory" );
+-}
+-
+-#define _raw_rw_is_locked(x) ((x)->lock != 0)
+-#define _raw_rw_is_write_locked(x) ((x)->lock > 0)
+-
+ #endif /* __ASM_SPINLOCK_H */
+diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h
+index 12b0a89..eda9b2e 100644
+--- a/xen/include/xen/spinlock.h
++++ b/xen/include/xen/spinlock.h
+@@ -141,11 +141,13 @@ typedef struct spinlock {
+ #define spin_lock_init(l) (*(l) = (spinlock_t)SPIN_LOCK_UNLOCKED)
+
+ typedef struct {
+- raw_rwlock_t raw;
++ volatile uint32_t lock;
+ struct lock_debug debug;
+ } rwlock_t;
+
+-#define RW_LOCK_UNLOCKED { _RAW_RW_LOCK_UNLOCKED, _LOCK_DEBUG }
++#define RW_WRITE_FLAG (1u<<31)
++
++#define RW_LOCK_UNLOCKED { 0, _LOCK_DEBUG }
+ #define DEFINE_RWLOCK(l) rwlock_t l = RW_LOCK_UNLOCKED
+ #define rwlock_init(l) (*(l) = (rwlock_t)RW_LOCK_UNLOCKED)
+
diff --cc debian/patches/config-prefix.diff
index a55f45e,0000000..6a6465f
mode 100644,000000..100644
--- a/debian/patches/config-prefix.diff
+++ b/debian/patches/config-prefix.diff
@@@ -1,56 -1,0 +1,57 @@@
- From 537b771695548faab29f414a6c2a78f7851af7f8 Mon Sep 17 00:00:00 2001
++From ec5aa476dc815f4716f55dd0573d5821edc9647d Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:46:45 +0200
+Subject: config-prefix.diff
+
++Patch-Name: config-prefix.diff
+---
+ Config.mk | 2 +-
+ config/StdGNU.mk | 11 ++++++++---
+ 2 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/Config.mk b/Config.mk
+index c44853f..df3a853 100644
+--- a/Config.mk
++++ b/Config.mk
+@@ -84,7 +84,7 @@ EXTRA_LIB += $(EXTRA_PREFIX)/lib
+ endif
+
+ PYTHON ?= python
+-PYTHON_PREFIX_ARG ?= --prefix="$(PREFIX)"
++PYTHON_PREFIX_ARG ?= --home="$(PRIVATE_PREFIX)"
+ # The above requires that PREFIX contains *no spaces*. This variable is here
+ # to permit the user to set PYTHON_PREFIX_ARG to '' to workaround this bug:
+ # https://bugs.launchpad.net/ubuntu/+bug/362570
+diff --git a/config/StdGNU.mk b/config/StdGNU.mk
+index 25fc594..0f1776d 100644
+--- a/config/StdGNU.mk
++++ b/config/StdGNU.mk
+@@ -1,3 +1,5 @@
++include /usr/share/dpkg/architecture.mk
++
+ AS = $(CROSS_COMPILE)as
+ LD = $(CROSS_COMPILE)ld
+ ifeq ($(clang),y)
+@@ -30,16 +32,19 @@ INSTALL_PROG = $(INSTALL) -m0755 -p
+ PREFIX ?= /usr
+ BINDIR = $(PREFIX)/bin
+ INCLUDEDIR = $(PREFIX)/include
+-LIBEXEC = $(PREFIX)/lib/xen/bin
++LIBDIR = $(PREFIX)/lib/$(DEB_HOST_MULTIARCH)
+ SHAREDIR = $(PREFIX)/share
+ MANDIR = $(SHAREDIR)/man
+ MAN1DIR = $(MANDIR)/man1
+ MAN8DIR = $(MANDIR)/man8
+ SBINDIR = $(PREFIX)/sbin
+-XENFIRMWAREDIR = $(PREFIX)/lib/xen/boot
+
+-PRIVATE_PREFIX = $(LIBDIR)/xen
++PRIVATE_PREFIX = $(PREFIX)/lib/xen-$(XEN_VERSION)
+ PRIVATE_BINDIR = $(PRIVATE_PREFIX)/bin
++PRIVATE_LIBDIR = $(PRIVATE_PREFIX)/lib
++
++LIBEXEC = $(PRIVATE_BINDIR)
++XENFIRMWAREDIR = $(PRIVATE_PREFIX)/boot
+
+ CONFIG_DIR = /etc
+ XEN_LOCK_DIR = /var/lock
diff --cc debian/patches/domain-builder-pv-kernel-memory-leak.diff
index 4fc14fd,0000000..d1c3927
mode 100644,000000..100644
--- a/debian/patches/domain-builder-pv-kernel-memory-leak.diff
+++ b/debian/patches/domain-builder-pv-kernel-memory-leak.diff
@@@ -1,242 -1,0 +1,244 @@@
- From d4e6c7a7187f6a32e7f99099860e958c79547fda Mon Sep 17 00:00:00 2001
++From 10b0ed408820c2572711c7e01ae0159b0918d8f1 Mon Sep 17 00:00:00 2001
+From: Ian Campbell <ian.campbell at citrix.com>
+Date: Thu, 20 Nov 2014 15:48:47 +0000
+Subject: libxc: don't leak buffer containing the uncompressed PV kernel
+
+The libxc xc_dom_* infrastructure uses a very simple malloc memory pool which
+is freed by xc_dom_release. However the various xc_try_*_decode routines (other
+than the gzip one) just use plain malloc/realloc and therefore the buffer ends
+up leaked.
+
+The memory pool currently supports mmap'd buffers as well as a directly
+allocated buffers, however the try decode routines make use of realloc and do
+not fit well into this model. Introduce a concept of an external memory block
+to the memory pool and provide an interface to register such memory.
+
+The mmap_ptr and mmap_len fields of the memblock tracking struct lose their
+mmap_ prefix since they are now also used for external memory blocks.
+
+We are only seeing this now because the gzip decoder doesn't leak and it's only
+relatively recently that kernels in the wild have switched to better
+compression.
+
+This is https://bugs.debian.org/767295
+
+Reported by: Gedalya <gedalya at gedalya.net>
+Signed-off-by: Ian Campbell <ian.campbell at citrix.com>
+Reviewed-by: Wei Liu <wei.liu2 at citrix.com>
+
+(cherry picked from commit 8f4023dd7d77de7b2c1af77e86637202a33f948a)
++
++Patch-Name: domain-builder-pv-kernel-memory-leak.diff
+---
+ tools/libxc/xc_dom.h | 10 ++++--
+ tools/libxc/xc_dom_bzimageloader.c | 20 ++++++++++++
+ tools/libxc/xc_dom_core.c | 61 ++++++++++++++++++++++++++++---------
+ tools/libxc/xc_dom_decompress_lz4.c | 5 +++
+ 4 files changed, 80 insertions(+), 16 deletions(-)
+
+diff --git a/tools/libxc/xc_dom.h b/tools/libxc/xc_dom.h
+index c9af0ce..d94101f 100644
+--- a/tools/libxc/xc_dom.h
++++ b/tools/libxc/xc_dom.h
+@@ -33,8 +33,13 @@ struct xc_dom_seg {
+
+ struct xc_dom_mem {
+ struct xc_dom_mem *next;
+- void *mmap_ptr;
+- size_t mmap_len;
++ void *ptr;
++ enum {
++ XC_DOM_MEM_TYPE_MALLOC_INTERNAL,
++ XC_DOM_MEM_TYPE_MALLOC_EXTERNAL,
++ XC_DOM_MEM_TYPE_MMAP,
++ } type;
++ size_t len;
+ unsigned char memory[0];
+ };
+
+@@ -290,6 +295,7 @@ void xc_dom_log_memory_footprint(struct xc_dom_image *dom);
+ /* --- simple memory pool ------------------------------------------ */
+
+ void *xc_dom_malloc(struct xc_dom_image *dom, size_t size);
++int xc_dom_register_external(struct xc_dom_image *dom, void *ptr, size_t size);
+ void *xc_dom_malloc_page_aligned(struct xc_dom_image *dom, size_t size);
+ void *xc_dom_malloc_filemap(struct xc_dom_image *dom,
+ const char *filename, size_t * size,
+diff --git a/tools/libxc/xc_dom_bzimageloader.c b/tools/libxc/xc_dom_bzimageloader.c
+index 2225699..964ebdc 100644
+--- a/tools/libxc/xc_dom_bzimageloader.c
++++ b/tools/libxc/xc_dom_bzimageloader.c
+@@ -161,6 +161,13 @@ static int xc_try_bzip2_decode(
+
+ total = (((uint64_t)stream.total_out_hi32) << 32) | stream.total_out_lo32;
+
++ if ( xc_dom_register_external(dom, out_buf, total) )
++ {
++ DOMPRINTF("BZIP2: Error registering stream output");
++ free(out_buf);
++ goto bzip2_cleanup;
++ }
++
+ DOMPRINTF("%s: BZIP2 decompress OK, 0x%zx -> 0x%lx",
+ __FUNCTION__, *size, (long unsigned int) total);
+
+@@ -305,6 +312,13 @@ static int _xc_try_lzma_decode(
+ }
+ }
+
++ if ( xc_dom_register_external(dom, out_buf, stream->total_out) )
++ {
++ DOMPRINTF("%s: Error registering stream output", what);
++ free(out_buf);
++ goto lzma_cleanup;
++ }
++
+ DOMPRINTF("%s: %s decompress OK, 0x%zx -> 0x%zx",
+ __FUNCTION__, what, *size, (size_t)stream->total_out);
+
+@@ -464,7 +478,13 @@ static int xc_try_lzo1x_decode(
+
+ dst_len = lzo_read_32(cur);
+ if ( !dst_len )
++ {
++ msg = "Error registering stream output";
++ if ( xc_dom_register_external(dom, out_buf, out_len) )
++ break;
++
+ return 0;
++ }
+
+ if ( dst_len > LZOP_MAX_BLOCK_SIZE )
+ {
+diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c
+index baa62a1..ecbf981 100644
+--- a/tools/libxc/xc_dom_core.c
++++ b/tools/libxc/xc_dom_core.c
+@@ -132,6 +132,7 @@ void *xc_dom_malloc(struct xc_dom_image *dom, size_t size)
+ return NULL;
+ }
+ memset(block, 0, sizeof(*block) + size);
++ block->type = XC_DOM_MEM_TYPE_MALLOC_INTERNAL;
+ block->next = dom->memblocks;
+ dom->memblocks = block;
+ dom->alloc_malloc += sizeof(*block) + size;
+@@ -151,23 +152,45 @@ void *xc_dom_malloc_page_aligned(struct xc_dom_image *dom, size_t size)
+ return NULL;
+ }
+ memset(block, 0, sizeof(*block));
+- block->mmap_len = size;
+- block->mmap_ptr = mmap(NULL, block->mmap_len,
+- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON,
+- -1, 0);
+- if ( block->mmap_ptr == MAP_FAILED )
++ block->len = size;
++ block->ptr = mmap(NULL, block->len,
++ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON,
++ -1, 0);
++ if ( block->ptr == MAP_FAILED )
+ {
+ DOMPRINTF("%s: mmap failed", __FUNCTION__);
+ free(block);
+ return NULL;
+ }
++ block->type = XC_DOM_MEM_TYPE_MMAP;
+ block->next = dom->memblocks;
+ dom->memblocks = block;
+ dom->alloc_malloc += sizeof(*block);
+- dom->alloc_mem_map += block->mmap_len;
++ dom->alloc_mem_map += block->len;
+ if ( size > (100 * 1024) )
+ print_mem(dom, __FUNCTION__, size);
+- return block->mmap_ptr;
++ return block->ptr;
++}
++
++int xc_dom_register_external(struct xc_dom_image *dom, void *ptr, size_t size)
++{
++ struct xc_dom_mem *block;
++
++ block = malloc(sizeof(*block));
++ if ( block == NULL )
++ {
++ DOMPRINTF("%s: allocation failed", __FUNCTION__);
++ return -1;
++ }
++ memset(block, 0, sizeof(*block));
++ block->ptr = ptr;
++ block->len = size;
++ block->type = XC_DOM_MEM_TYPE_MALLOC_EXTERNAL;
++ block->next = dom->memblocks;
++ dom->memblocks = block;
++ dom->alloc_malloc += sizeof(*block);
++ dom->alloc_mem_map += block->len;
++ return 0;
+ }
+
+ void *xc_dom_malloc_filemap(struct xc_dom_image *dom,
+@@ -212,24 +235,25 @@ void *xc_dom_malloc_filemap(struct xc_dom_image *dom,
+ }
+
+ memset(block, 0, sizeof(*block));
+- block->mmap_len = *size;
+- block->mmap_ptr = mmap(NULL, block->mmap_len, PROT_READ,
++ block->len = *size;
++ block->ptr = mmap(NULL, block->len, PROT_READ,
+ MAP_SHARED, fd, 0);
+- if ( block->mmap_ptr == MAP_FAILED ) {
++ if ( block->ptr == MAP_FAILED ) {
+ xc_dom_panic(dom->xch, XC_INTERNAL_ERROR,
+ "failed to mmap file: %s",
+ strerror(errno));
+ goto err;
+ }
+
++ block->type = XC_DOM_MEM_TYPE_MMAP;
+ block->next = dom->memblocks;
+ dom->memblocks = block;
+ dom->alloc_malloc += sizeof(*block);
+- dom->alloc_file_map += block->mmap_len;
++ dom->alloc_file_map += block->len;
+ close(fd);
+ if ( *size > (100 * 1024) )
+ print_mem(dom, __FUNCTION__, *size);
+- return block->mmap_ptr;
++ return block->ptr;
+
+ err:
+ if ( fd != -1 )
+@@ -246,8 +270,17 @@ static void xc_dom_free_all(struct xc_dom_image *dom)
+ while ( (block = dom->memblocks) != NULL )
+ {
+ dom->memblocks = block->next;
+- if ( block->mmap_ptr )
+- munmap(block->mmap_ptr, block->mmap_len);
++ switch ( block->type )
++ {
++ case XC_DOM_MEM_TYPE_MALLOC_INTERNAL:
++ break;
++ case XC_DOM_MEM_TYPE_MALLOC_EXTERNAL:
++ free(block->ptr);
++ break;
++ case XC_DOM_MEM_TYPE_MMAP:
++ munmap(block->ptr, block->len);
++ break;
++ }
+ free(block);
+ }
+ }
+diff --git a/tools/libxc/xc_dom_decompress_lz4.c b/tools/libxc/xc_dom_decompress_lz4.c
+index 08272fe..bb8409f 100644
+--- a/tools/libxc/xc_dom_decompress_lz4.c
++++ b/tools/libxc/xc_dom_decompress_lz4.c
+@@ -104,6 +104,11 @@ int xc_try_lz4_decode(
+
+ if (size == 0)
+ {
++ if ( xc_dom_register_external(dom, output, out_len) )
++ {
++ msg = "Error registering stream output";
++ goto exit_2;
++ }
+ *blob = output;
+ *psize = out_len;
+ return 0;
diff --cc debian/patches/libxl-local-attach-diskpath-leak.diff
index 67a5488,0000000..724235a
mode 100644,000000..100644
--- a/debian/patches/libxl-local-attach-diskpath-leak.diff
+++ b/debian/patches/libxl-local-attach-diskpath-leak.diff
@@@ -1,37 -1,0 +1,39 @@@
- From 260a7a8659cb54d90b238bf9dd0f2961a6b38025 Mon Sep 17 00:00:00 2001
++From 1ed460b33daa6e8d464f9608f56287d0b8cfff00 Mon Sep 17 00:00:00 2001
+From: Ian Campbell <ian.campbell at citrix.com>
+Date: Thu, 6 Nov 2014 13:00:31 +0000
+Subject: tools: libxl: do not leak diskpath during local disk attach
+
+libxl__device_disk_local_initiate_attach is assigning dls->diskpath with a
+strdup of the device path. This is then passed to the callback, e.g.
+parse_bootloader_result but bootloader_cleanup will not free it.
+
+Since the callback is within the scope of the (e)gc and therefore doesn't need
+to be malloc'd, a gc'd alloc will do. All other assignments to this field use
+the gc.
+
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767295
+
+Reported-by: Gedalya <gedalya at gedalya.net>
+Signed-off-by: Ian Campbell <ian.campbell at citrix.com>
+Acked-by: Ian Jackson <ian.jackson at eu.citrix.com>
+Acked-by: Wei Liu <wei.liu2 at citrix.com>
+(cherry picked from commit 379b351889a8f02abe30a06e2ce9ba8b381b91ab)
++
++Patch-Name: libxl-local-attach-diskpath-leak.diff
+---
+ tools/libxl/libxl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
+index 2d29ad2..c47f957 100644
+--- a/tools/libxl/libxl.c
++++ b/tools/libxl/libxl.c
+@@ -2678,7 +2678,7 @@ void libxl__device_disk_local_initiate_attach(libxl__egc *egc,
+ }
+
+ if (dev != NULL)
+- dls->diskpath = strdup(dev);
++ dls->diskpath = libxl__strdup(gc, dev);
+
+ dls->callback(egc, dls, 0);
+ return;
diff --cc debian/patches/libxl-parse-max-leak.diff
index 00a6b0c,0000000..3f6ba4e
mode 100644,000000..100644
--- a/debian/patches/libxl-parse-max-leak.diff
+++ b/debian/patches/libxl-parse-max-leak.diff
@@@ -1,48 -1,0 +1,50 @@@
- From e26f098530560cc7cbefd6dbbafff323efc826a2 Mon Sep 17 00:00:00 2001
++From 7b265c05dd55729d89638ad36a06e32242e08a38 Mon Sep 17 00:00:00 2001
+From: Ian Campbell <ian.campbell at citrix.com>
+Date: Thu, 6 Nov 2014 13:59:43 +0000
+Subject: tools: libxl: do not overrun input buffer in libxl__parse_mac
+
+Valgrind reports:
+==7971== Invalid read of size 1
+==7971== at 0x40877BE: libxl__parse_mac (libxl_internal.c:288)
+==7971== by 0x405C5F8: libxl__device_nic_from_xs_be (libxl.c:3405)
+==7971== by 0x4065542: libxl__append_nic_list_of_type (libxl.c:3484)
+==7971== by 0x4065542: libxl_device_nic_list (libxl.c:3504)
+==7971== by 0x406F561: libxl_retrieve_domain_configuration (libxl.c:6661)
+==7971== by 0x805671C: reload_domain_config (xl_cmdimpl.c:2037)
+==7971== by 0x8057F30: handle_domain_death (xl_cmdimpl.c:2116)
+==7971== by 0x8057F30: create_domain (xl_cmdimpl.c:2580)
+==7971== by 0x805B4B2: main_create (xl_cmdimpl.c:4652)
+==7971== by 0x804EAB2: main (xl.c:378)
+
+This is because on the final iteration the tok += 3 skips over the terminating
+NUL to the next byte, and then *tok reads it. Fix this by using endptr as the
+iterator.
+
+Signed-off-by: Ian Campbell <ian.campbell at citrix.com>
+Reviewed-by: Don Slutz <dslutz at verizon.com>
+Acked-by: Wei Liu <wei.liu2 at citrix.com>
+(cherry picked from commit 5a430eca0b27354456d1245ed3f637d5f2e17883)
++
++Patch-Name: libxl-parse-max-leak.diff
+---
+ tools/libxl/libxl_internal.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tools/libxl/libxl_internal.c b/tools/libxl/libxl_internal.c
+index cf17658..c0ccbd1 100644
+--- a/tools/libxl/libxl_internal.c
++++ b/tools/libxl/libxl_internal.c
+@@ -275,10 +275,12 @@ _hidden int libxl__parse_mac(const char *s, libxl_mac mac)
+ char *endptr;
+ int i;
+
+- for (i = 0, tok = s; *tok && (i < 6); ++i, tok += 3) {
++ for (i = 0, tok = s; *tok && (i < 6); ++i, tok = endptr) {
+ mac[i] = strtol(tok, &endptr, 16);
+ if (endptr != (tok + 2) || (*endptr != '\0' && *endptr != ':') )
+ return ERROR_INVAL;
++ if (*endptr == ':')
++ endptr++;
+ }
+ if ( i != 6 )
+ return ERROR_INVAL;
diff --cc debian/patches/series
index f84eca9,0000000..53386f8
mode 100644,000000..100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -1,48 -1,0 +1,48 @@@
- 0001-version.patch
- 0002-config-prefix.diff.patch
- 0003-tools-libfsimage-abiname.diff.patch
- 0004-tools-libxc-abiname.diff.patch
- 0005-tools-libxl-abiname.diff.patch
- 0006-tools-xenstat-abiname.diff.patch
- 0007-tools-rpath.diff.patch
- 0008-tools-blktap2-prefix.diff.patch
- 0009-tools-console-prefix.diff.patch
- 0010-tools-libfsimage-prefix.diff.patch
- 0011-tools-libxl-prefix.diff.patch
- 0012-tools-misc-prefix.diff.patch
- 0013-tools-pygrub-prefix.diff.patch
- 0014-tools-python-prefix.diff.patch
- 0015-tools-xcutils-rpath.diff.patch
- 0016-tools-xenmon-prefix.diff.patch
- 0017-tools-xenpaging-prefix.diff.patch
- 0018-tools-xenstat-prefix.diff.patch
- 0019-tools-xenstore-prefix.diff.patch
- 0020-tools-xentrace-prefix.diff.patch
- 0021-tools-python-xen-relative-path.diff.patch
- 0022-tools-misc-xend-startup.diff.patch
- 0023-tools-disable.diff.patch
- 0024-tools-examples-xend-disable-network.diff.patch
- 0025-tools-examples-xend-disable-relocation.diff.patch
- 0026-tools-pygrub-remove-static-solaris-support.patch
- 0027-tools-include-install.diff.patch
- 0028-tools-xenmon-install.diff.patch
- 0029-tools-hotplug-udevrules.diff.patch
- 0030-tools-python-shebang.diff.patch
- 0031-tools-xenstore-compatibility.diff.patch
- 0032-send-xl-coredumps-var-lib-xen-dump-NAME.patch
- 0033-evtchn-check-control-block-exists-when-using-FIFO-ba.patch
- 0034-x86-shadow-fix-race-condition-sampling-the-dirty-vra.patch
- 0035-x86-emulate-check-cpl-for-all-privileged-instruction.patch
- 0036-x86emul-only-emulate-software-interrupt-injection-fo.patch
- 0037-x86-HVM-properly-bound-x2APIC-MSR-range.patch
- 0038-VT-d-suppress-UR-signaling-for-further-desktop-chips.patch
- 0039-x86-paging-make-log-dirty-operations-preemptible.patch
- 0040-x86-don-t-allow-page-table-updates-on-non-PV-page-ta.patch
- 0041-x86emul-enforce-privilege-level-restrictions-when-lo.patch
- 0042-x86-mm-fix-a-reference-counting-error-in-MMU_MACHPHY.patch
- 0043-tools-libxl-do-not-overrun-input-buffer-in-libxl__pa.patch
- 0044-x86-limit-checks-in-hypercall_xlat_continuation-to-a.patch
- 0045-x86-HVM-confine-internally-handled-MMIO-to-solitary-.patch
- 0046-libxc-don-t-leak-buffer-containing-the-uncompressed-.patch
- 0047-tools-libxl-do-not-leak-diskpath-during-local-disk-a.patch
++version.diff
++config-prefix.diff
++tools-libfsimage-abiname.diff
++tools-libxc-abiname.diff
++tools-libxl-abiname.diff
++tools-xenstat-abiname.diff
++tools-rpath.diff
++tools-blktap2-prefix.diff
++tools-console-prefix.diff
++tools-libfsimage-prefix.diff
++tools-libxl-prefix.diff
++tools-misc-prefix.diff
++tools-pygrub-prefix.diff
++tools-python-prefix.diff
++tools-xcutils-rpath.diff
++tools-xenmon-prefix.diff
++tools-xenpaging-prefix.diff
++tools-xenstat-prefix.diff
++tools-xenstore-prefix.diff
++tools-xentrace-prefix.diff
++tools-python-xen-relative-path.diff
++tools-misc-xend-startup.diff
++tools-disable.diff
++tools-examples-xend-disable-network.diff
++tools-examples-xend-disable-relocation.diff
++tools-pygrub-remove-static-solaris-support
++tools-include-install.diff
++tools-xenmon-install.diff
++tools-hotplug-udevrules.diff
++tools-python-shebang.diff
++tools-xenstore-compatibility.diff
++xl-coredumps-to-var-lib-xen-dump.diff
++CVE-2014-6268.diff
++CVE-2014-7154.diff
++CVE-2014-7155.diff
++CVE-2014-7156.diff
++CVE-2014-7188.diff
++CVE-2013-3495.diff
++CVE-2014-5146.diff
++CVE-2014-8594.diff
++CVE-2014-8595.diff
++CVE-2014-9030.diff
++libxl-parse-max-leak.diff
++CVE-2014-8866.diff
++CVE-2014-8867.diff
++domain-builder-pv-kernel-memory-leak.diff
++libxl-local-attach-diskpath-leak.diff
+CVE-2014-9065.diff
diff --cc debian/patches/tools-blktap2-prefix.diff
index 4acf597,0000000..f122270
mode 100644,000000..100644
--- a/debian/patches/tools-blktap2-prefix.diff
+++ b/debian/patches/tools-blktap2-prefix.diff
@@@ -1,154 -1,0 +1,155 @@@
- From ab12c7f81d723d235033dc391a645ee10d134278 Mon Sep 17 00:00:00 2001
++From e3e6c6f2fe01654be0d0fbe125d43a6236423c09 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:46:53 +0200
+Subject: tools-blktap2-prefix.diff
+
++Patch-Name: tools-blktap2-prefix.diff
+---
+ tools/blktap2/control/Makefile | 26 ++++++++------------------
+ tools/blktap2/vhd/Makefile | 1 +
+ tools/blktap2/vhd/lib/Makefile | 29 +++++++++--------------------
+ 3 files changed, 18 insertions(+), 38 deletions(-)
+
+diff --git a/tools/blktap2/control/Makefile b/tools/blktap2/control/Makefile
+index 86a433c..f3a7a6e 100644
+--- a/tools/blktap2/control/Makefile
++++ b/tools/blktap2/control/Makefile
+@@ -1,10 +1,7 @@
+ XEN_ROOT := $(CURDIR)/../../../
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-MAJOR = 1.0
+-MINOR = 0
+ LIBNAME = libblktapctl
+-LIBSONAME = $(LIBNAME).so.$(MAJOR)
+
+ IBIN = tap-ctl
+
+@@ -38,39 +35,32 @@ OBJS = $(CTL_OBJS) tap-ctl.o
+ PICS = $(CTL_PICS)
+
+ LIB_STATIC = $(LIBNAME).a
+-LIB_SHARED = $(LIBSONAME).$(MINOR)
++LIB_SHARED = $(LIBNAME).so
+ IBIN = tap-ctl
+
+ all: build
+
+ build: $(IBIN) $(LIB_STATIC) $(LIB_SHARED)
+
+-$(LIBNAME).so: $(LIBSONAME)
+- ln -sf $< $@
+-
+-$(LIBSONAME): $(LIB_SHARED)
+- ln -sf $< $@
+-
+ tap-ctl: tap-ctl.o $(LIBNAME).so
+- $(CC) $(LDFLAGS) -o $@ $^
++ $(CC) $(LDFLAGS) $(call LDFLAGS_RPATH,../lib) -o $@ $^
+
+ $(LIB_STATIC): $(CTL_OBJS)
+ $(AR) r $@ $^
+
+ $(LIB_SHARED): $(CTL_PICS)
+- $(CC) $(LDFLAGS) -fPIC -Wl,$(SONAME_LDFLAG) -Wl,$(LIBSONAME) $(SHLIB_LDFLAGS) -rdynamic $^ -o $@
++ $(CC) $(LDFLAGS) -fPIC $(SHLIB_LDFLAGS) -rdynamic $^ -o $@
+
+ install: $(IBIN) $(LIB_STATIC) $(LIB_SHARED)
+- $(INSTALL_DIR) -p $(DESTDIR)$(SBINDIR)
+- $(INSTALL_PROG) $(IBIN) $(DESTDIR)$(SBINDIR)
++ $(INSTALL_DIR) -p $(DESTDIR)$(IBDIR)
++ $(INSTALL_DIR) -p $(DESTDIR)$(PRIVATE_LIBDIR)
++ $(INSTALL_DIR) -p $(DESTDIR)$(PRIVATE_SBINDIR)
++ $(INSTALL_PROG) $(IBIN) $(DESTDIR)$(PRIVATE_BINDIR)
+ $(INSTALL_DATA) $(LIB_STATIC) $(DESTDIR)$(LIBDIR)
+- $(INSTALL_PROG) $(LIB_SHARED) $(DESTDIR)$(LIBDIR)
+- ln -sf $(LIBSONAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME).so
+- ln -sf $(LIB_SHARED) $(DESTDIR)$(LIBDIR)/$(LIBSONAME)
++ $(INSTALL_PROG) $(LIB_SHARED) $(DESTDIR)$(PRIVATE_LIBDIR)
+
+ clean:
+ rm -f $(OBJS) $(PICS) $(DEPS) $(IBIN) $(LIB_STATIC) $(LIB_SHARED)
+- rm -f $(LIBNAME).so $(LIBSONAME)
+ rm -f *~
+
+ .PHONY: all build clean install
+diff --git a/tools/blktap2/vhd/Makefile b/tools/blktap2/vhd/Makefile
+index c5019de..e55c73c 100644
+--- a/tools/blktap2/vhd/Makefile
++++ b/tools/blktap2/vhd/Makefile
+@@ -12,6 +12,7 @@ CFLAGS += -Werror
+ CFLAGS += -Wno-unused
+ CFLAGS += -I../include
+ CFLAGS += -D_GNU_SOURCE
++CFLAGS += $(CFLAGS_libxenctrl)
+
+ ifeq ($(CONFIG_X86_64),y)
+ CFLAGS += -fPIC
+diff --git a/tools/blktap2/vhd/lib/Makefile b/tools/blktap2/vhd/lib/Makefile
+index cdbb86c..0ab9885 100644
+--- a/tools/blktap2/vhd/lib/Makefile
++++ b/tools/blktap2/vhd/lib/Makefile
+@@ -2,26 +2,20 @@ XEN_ROOT=$(CURDIR)/../../../..
+ BLKTAP_ROOT := ../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-LIBVHD-MAJOR = 1.0
+-LIBVHD-MINOR = 0
+-LIBVHD-SONAME = libvhd.so.$(LIBVHD-MAJOR)
+-
+ LVM-UTIL-OBJ := $(BLKTAP_ROOT)/lvm/lvm-util.o
+
+-LIBVHD-BUILD := libvhd.a
+-
+-INST-DIR = $(LIBDIR)
+-
+ CFLAGS += -Werror
+ CFLAGS += -Wno-unused
+ CFLAGS += -I../../include
+ CFLAGS += -D_GNU_SOURCE
+ CFLAGS += -fPIC
+ CFLAGS += -g
++CFLAGS += $(CFLAGS_libxenctrl)
+
+ ifeq ($(CONFIG_Linux),y)
+ LIBS := -luuid
+ endif
++LDFLAGS += $(LDFLAGS_libxenctrl) $(call LDFLAGS_RPATH)
+
+ ifeq ($(CONFIG_LIBICONV),y)
+ LIBS += -liconv
+@@ -51,27 +45,22 @@ LIB-OBJS += $(LVM-UTIL-OBJ)
+
+ LIB-PICOBJS = $(patsubst %.o,%.opic,$(LIB-OBJS))
+
+-LIBVHD = libvhd.a libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR)
++LIBVHD = libvhd.a libvhd.so
+
+ all: build
+
+-build: libvhd.a libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR)
++build: libvhd.a libvhd.so
+
+ libvhd.a: $(LIB-OBJS)
+ $(AR) rc $@ $^
+
+-libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR): $(LIB-PICOBJS)
+- $(CC) -Wl,$(SONAME_LDFLAG),$(LIBVHD-SONAME) $(SHLIB_LDFLAGS) \
+- $(LDFLAGS) -o libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR) $^ $(LIBS)
+- ln -sf libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR) libvhd.so.$(LIBVHD-MAJOR)
+- ln -sf libvhd.so.$(LIBVHD-MAJOR) libvhd.so
++libvhd.so: $(LIB-PICOBJS)
++ $(CC) $(SHLIB_LDFLAGS) $(LDFLAGS) -o libvhd.so $^ $(LIBS)
+
+ install: all
+- $(INSTALL_DIR) -p $(DESTDIR)$(INST-DIR)
+- $(INSTALL_DATA) libvhd.a $(DESTDIR)$(INST-DIR)
+- $(INSTALL_PROG) libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR) $(DESTDIR)$(INST-DIR)
+- ln -sf libvhd.so.$(LIBVHD-MAJOR).$(LIBVHD-MINOR) $(DESTDIR)$(INST-DIR)/libvhd.so.$(LIBVHD-MAJOR)
+- ln -sf libvhd.so.$(LIBVHD-MAJOR) $(DESTDIR)$(INST-DIR)/libvhd.so
++ $(INSTALL_DIR) -p $(DESTDIR)$(LIBDIR)
++ $(INSTALL_DATA) libvhd.a $(DESTDIR)$(LIBDIR)
++ $(INSTALL_PROG) libvhd.so $(DESTDIR)$(LIBDIR)
+
+ clean:
+ rm -rf *.a *.so* *.o *.opic *~ $(DEPS) $(LIBVHD)
diff --cc debian/patches/tools-console-prefix.diff
index e176545,0000000..6430a84
mode 100644,000000..100644
--- a/debian/patches/tools-console-prefix.diff
+++ b/debian/patches/tools-console-prefix.diff
@@@ -1,32 -1,0 +1,33 @@@
- From bd93072208e5ddfc026059c811b2eacd8fdd6883 Mon Sep 17 00:00:00 2001
++From 6133fec6e8a95d48c89984b7fa508a2dc545c711 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:46:54 +0200
+Subject: tools-console-prefix.diff
+
++Patch-Name: tools-console-prefix.diff
+---
+ tools/console/Makefile | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/tools/console/Makefile b/tools/console/Makefile
+index 3e38252..b69f674 100644
+--- a/tools/console/Makefile
++++ b/tools/console/Makefile
+@@ -8,6 +8,7 @@ CFLAGS += $(CFLAGS_libxenstore)
+ LDLIBS += $(LDLIBS_libxenctrl)
+ LDLIBS += $(LDLIBS_libxenstore)
+ LDLIBS += $(SOCKET_LIBS)
++LDFLAGS += $(call LDFLAGS_RPATH,../lib)
+
+ LDLIBS_xenconsoled += $(UTIL_LIBS)
+ LDLIBS_xenconsoled += -lrt
+@@ -30,9 +31,7 @@ xenconsole: $(patsubst %.c,%.o,$(wildcard client/*.c))
+
+ .PHONY: install
+ install: $(BIN)
+- $(INSTALL_DIR) $(DESTDIR)/$(SBINDIR)
+- $(INSTALL_PROG) xenconsoled $(DESTDIR)/$(SBINDIR)
+ $(INSTALL_DIR) $(DESTDIR)$(PRIVATE_BINDIR)
+- $(INSTALL_PROG) xenconsole $(DESTDIR)$(PRIVATE_BINDIR)
++ $(INSTALL_PROG) xenconsole xenconsoled $(DESTDIR)$(PRIVATE_BINDIR)
+
+ -include $(DEPS)
diff --cc debian/patches/tools-disable.diff
index 659752e,0000000..d77d3dc
mode 100644,000000..100644
--- a/debian/patches/tools-disable.diff
+++ b/debian/patches/tools-disable.diff
@@@ -1,39 -1,0 +1,40 @@@
- From 45bf35fd25ad6a4a87fd812b07703f88d384e2ed Mon Sep 17 00:00:00 2001
++From bffaa5c5281dc495895a40cc1965c2c5442fd9ff Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:23 +0200
+Subject: tools-disable.diff
+
++Patch-Name: tools-disable.diff
+---
+ tools/Makefile | 2 --
+ tools/Rules.mk | 4 ----
+ 2 files changed, 6 deletions(-)
+
+diff --git a/tools/Makefile b/tools/Makefile
+index 00c69ee..2fca717 100644
+--- a/tools/Makefile
++++ b/tools/Makefile
+@@ -19,8 +19,6 @@ SUBDIRS-$(CONFIG_Linux) += memshr
+ ifeq ($(CONFIG_X86)$(CONFIG_Linux),yy)
+ SUBDIRS-$(CONFIG_BLKTAP1) += blktap
+ endif
+-SUBDIRS-$(CONFIG_Linux) += blktap2
+-SUBDIRS-$(CONFIG_NetBSD) += blktap2
+ SUBDIRS-$(CONFIG_NetBSD) += xenbackendd
+ SUBDIRS-y += libfsimage
+ SUBDIRS-$(LIBXENAPI_BINDINGS) += libxen
+diff --git a/tools/Rules.mk b/tools/Rules.mk
+index 0d9d98c..74ce6bc 100644
+--- a/tools/Rules.mk
++++ b/tools/Rules.mk
+@@ -41,11 +41,7 @@ CFLAGS_libxenvchan = -I$(XEN_LIBVCHAN)
+ LDLIBS_libxenvchan = $(SHLIB_libxenctrl) $(SHLIB_libxenstore) -L$(XEN_LIBVCHAN) -lxenvchan
+ SHLIB_libxenvchan = -Wl,-rpath-link=$(XEN_LIBVCHAN)
+
+-ifeq ($(CONFIG_Linux),y)
+-LIBXL_BLKTAP ?= y
+-else
+ LIBXL_BLKTAP ?= n
+-endif
+
+ ifeq ($(LIBXL_BLKTAP),y)
+ CFLAGS_libblktapctl = -I$(XEN_BLKTAP2)/control -I$(XEN_BLKTAP2)/include $(CFLAGS_xeninclude)
diff --cc debian/patches/tools-examples-xend-disable-network.diff
index 6d110f7,0000000..3cbee99
mode 100644,000000..100644
--- a/debian/patches/tools-examples-xend-disable-network.diff
+++ b/debian/patches/tools-examples-xend-disable-network.diff
@@@ -1,33 -1,0 +1,34 @@@
- From e2119763be1aae854466139f452fbdd46afcf4c0 Mon Sep 17 00:00:00 2001
++From b7a6b853b4a2bb6266b793bf60bc8f2762be416f Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:24 +0200
+Subject: tools-examples-xend-disable-network.diff
+
++Patch-Name: tools-examples-xend-disable-network.diff
+---
+ tools/examples/xend-config.sxp | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/tools/examples/xend-config.sxp b/tools/examples/xend-config.sxp
+index 0896a27..f0cc520 100644
+--- a/tools/examples/xend-config.sxp
++++ b/tools/examples/xend-config.sxp
+@@ -132,6 +132,11 @@
+ #(console-limit 1024)
+
+ ##
++# NOTE:
++# Please read /usr/share/doc/xen-utils-common/README.Debian for Debian specific
++# informations about the network setup.
++
++##
+ # To bridge network traffic, like this:
+ #
+ # dom0: ----------------- bridge -> real eth0 -> the network
+@@ -170,7 +175,6 @@
+ # two fake interfaces per guest domain. To do things like this, write
+ # yourself a wrapper script, and call network-bridge from it, as appropriate.
+ #
+-(network-script network-bridge)
+
+ # The script used to control virtual interfaces. This can be overridden on a
+ # per-vif basis when creating a domain or a configuring a new vif. The
diff --cc debian/patches/tools-examples-xend-disable-relocation.diff
index fd67527,0000000..6b3ab7c
mode 100644,000000..100644
--- a/debian/patches/tools-examples-xend-disable-relocation.diff
+++ b/debian/patches/tools-examples-xend-disable-relocation.diff
@@@ -1,29 -1,0 +1,30 @@@
- From cb3723cc9efd29f3dc96b21d0448a2ba1b7a7898 Mon Sep 17 00:00:00 2001
++From e21c3afae4b59160430e9bb42db5bfbfb0a6a6f9 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:25 +0200
+Subject: tools-examples-xend-disable-relocation.diff
+
++Patch-Name: tools-examples-xend-disable-relocation.diff
+---
+ tools/examples/xend-config.sxp | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/tools/examples/xend-config.sxp b/tools/examples/xend-config.sxp
+index f0cc520..93a24fd 100644
+--- a/tools/examples/xend-config.sxp
++++ b/tools/examples/xend-config.sxp
+@@ -62,7 +62,6 @@
+ #(xend-tcp-xmlrpc-server no)
+ #(xend-unix-xmlrpc-server yes)
+ #(xend-relocation-server no)
+-(xend-relocation-server yes)
+ #(xend-relocation-ssl-server no)
+ #(xend-udev-event-server no)
+
+@@ -126,7 +125,6 @@
+ # (xend-relocation-hosts-allow '^localhost$ ^.*\\.example\\.org$')
+ #
+ #(xend-relocation-hosts-allow '')
+-(xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')
+
+ # The limit (in kilobytes) on the size of the console buffer
+ #(console-limit 1024)
diff --cc debian/patches/tools-hotplug-udevrules.diff
index ad6c600,0000000..4f1bcb1
mode 100644,000000..100644
--- a/debian/patches/tools-hotplug-udevrules.diff
+++ b/debian/patches/tools-hotplug-udevrules.diff
@@@ -1,25 -1,0 +1,26 @@@
- From f8e9bfff4a0b504fbd509dc87f053e90a4593064 Mon Sep 17 00:00:00 2001
++From 9424935f25e6fc0e081ac5e6048cc388a21b1000 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:32 +0200
+Subject: tools-hotplug-udevrules.diff
+
++Patch-Name: tools-hotplug-udevrules.diff
+---
+ tools/hotplug/Linux/xen-backend.rules | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/tools/hotplug/Linux/xen-backend.rules b/tools/hotplug/Linux/xen-backend.rules
+index a0d409e..f0d9901 100644
+--- a/tools/hotplug/Linux/xen-backend.rules
++++ b/tools/hotplug/Linux/xen-backend.rules
+@@ -5,11 +5,4 @@ SUBSYSTEM=="xen-backend", KERNEL=="vif-*", ENV{UDEV_CALL}="1", ACTION=="online",
+ SUBSYSTEM=="xen-backend", KERNEL=="vif-*", ENV{UDEV_CALL}="1", ACTION=="offline", RUN+="/etc/xen/scripts/vif-setup offline type_if=vif"
+ SUBSYSTEM=="xen-backend", KERNEL=="vscsi*", RUN+="/etc/xen/scripts/vscsi $env{ACTION}"
+ SUBSYSTEM=="xen-backend", ACTION=="remove", ENV{UDEV_CALL}="1", RUN+="/etc/xen/scripts/xen-hotplug-cleanup"
+-KERNEL=="evtchn", NAME="xen/%k"
+-SUBSYSTEM=="xen", KERNEL=="blktap[0-9]*", NAME="xen/%k", MODE="0600"
+-SUBSYSTEM=="blktap2", KERNEL=="blktap[0-9]*", NAME="xen/blktap-2/%k", MODE="0600"
+-KERNEL=="blktap-control", NAME="xen/blktap-2/control", MODE="0600"
+-KERNEL=="gntdev", NAME="xen/%k", MODE="0600"
+-KERNEL=="pci_iomul", NAME="xen/%k", MODE="0600"
+-KERNEL=="tapdev[a-z]*", NAME="xen/blktap-2/tapdev%m", MODE="0600"
+ SUBSYSTEM=="net", KERNEL=="vif*-emu", ACTION=="add", ENV{UDEV_CALL}="1", RUN+="/etc/xen/scripts/vif-setup $env{ACTION} type_if=tap"
diff --cc debian/patches/tools-include-install.diff
index 617c6f7,0000000..83ec47e
mode 100644,000000..100644
--- a/debian/patches/tools-include-install.diff
+++ b/debian/patches/tools-include-install.diff
@@@ -1,29 -1,0 +1,30 @@@
- From 086940c4bfe38ecb88d2c9b6db069e1319ed6796 Mon Sep 17 00:00:00 2001
++From 7d56e014040266d6f6ab2c52fed6126a4fab98a0 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:30 +0200
+Subject: tools-include-install.diff
+
++Patch-Name: tools-include-install.diff
+---
+ tools/include/Makefile | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/tools/include/Makefile b/tools/include/Makefile
+index f7a6256..615f5bb 100644
+--- a/tools/include/Makefile
++++ b/tools/include/Makefile
+@@ -11,7 +11,6 @@ xen-foreign:
+ xen/.dir:
+ @rm -rf xen
+ mkdir -p xen/libelf
+- ln -sf $(XEN_ROOT)/xen/include/public/COPYING xen
+ ln -sf $(wildcard $(XEN_ROOT)/xen/include/public/*.h) xen
+ ln -sf $(addprefix $(XEN_ROOT)/xen/include/public/,arch-x86 arch-arm hvm io xsm) xen
+ ln -sf ../xen-sys/$(XEN_OS) xen/sys
+@@ -30,7 +29,6 @@ install: all
+ $(INSTALL_DIR) $(DESTDIR)$(INCLUDEDIR)/xen/io
+ $(INSTALL_DIR) $(DESTDIR)$(INCLUDEDIR)/xen/sys
+ $(INSTALL_DIR) $(DESTDIR)$(INCLUDEDIR)/xen/xsm
+- $(INSTALL_DATA) xen/COPYING $(DESTDIR)$(INCLUDEDIR)/xen
+ $(INSTALL_DATA) xen/*.h $(DESTDIR)$(INCLUDEDIR)/xen
+ $(INSTALL_DATA) xen/arch-x86/*.h $(DESTDIR)$(INCLUDEDIR)/xen/arch-x86
+ $(INSTALL_DATA) xen/arch-x86/hvm/*.h $(DESTDIR)$(INCLUDEDIR)/xen/arch-x86/hvm
diff --cc debian/patches/tools-libfsimage-abiname.diff
index dc5e4ea,0000000..16c81fc
mode 100644,000000..100644
--- a/debian/patches/tools-libfsimage-abiname.diff
+++ b/debian/patches/tools-libfsimage-abiname.diff
@@@ -1,59 -1,0 +1,60 @@@
- From 4a7370d08f7bffe4ceb57151ac95af99ae3cde11 Mon Sep 17 00:00:00 2001
++From 4a4ff09180bf2642429ecafb505b3a04843be52f Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:46:47 +0200
+Subject: tools-libfsimage-abiname.diff
+
++Patch-Name: tools-libfsimage-abiname.diff
+---
+ tools/libfsimage/common/Makefile | 18 ++++--------------
+ 1 file changed, 4 insertions(+), 14 deletions(-)
+
+diff --git a/tools/libfsimage/common/Makefile b/tools/libfsimage/common/Makefile
+index cbd60b4..4202cc1 100644
+--- a/tools/libfsimage/common/Makefile
++++ b/tools/libfsimage/common/Makefile
+@@ -1,9 +1,6 @@
+ XEN_ROOT = $(CURDIR)/../../..
+ include $(XEN_ROOT)/tools/libfsimage/Rules.mk
+
+-MAJOR = 1.0
+-MINOR = 0
+-
+ LDFLAGS-$(CONFIG_SunOS) = -Wl,-M -Wl,mapfile-SunOS
+ LDFLAGS-$(CONFIG_Linux) = -Wl,mapfile-GNU
+ LDFLAGS = $(LDFLAGS-y)
+@@ -15,7 +12,7 @@ LIB_SRCS-y = fsimage.c fsimage_plugin.c fsimage_grub.c
+
+ PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y))
+
+-LIB = libfsimage.so libfsimage.so.$(MAJOR) libfsimage.so.$(MAJOR).$(MINOR)
++LIB = libfsimage.so
+
+ .PHONY: all
+ all: $(LIB)
+@@ -24,9 +21,7 @@ all: $(LIB)
+ install: all
+ $(INSTALL_DIR) $(DESTDIR)$(LIBDIR)
+ $(INSTALL_DIR) $(DESTDIR)$(INCLUDEDIR)
+- $(INSTALL_PROG) libfsimage.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBDIR)
+- ln -sf libfsimage.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBDIR)/libfsimage.so.$(MAJOR)
+- ln -sf libfsimage.so.$(MAJOR) $(DESTDIR)$(LIBDIR)/libfsimage.so
++ $(INSTALL_PROG) libfsimage.so $(DESTDIR)$(LIBDIR)
+ $(INSTALL_DATA) fsimage.h $(DESTDIR)$(INCLUDEDIR)
+ $(INSTALL_DATA) fsimage_plugin.h $(DESTDIR)$(INCLUDEDIR)
+ $(INSTALL_DATA) fsimage_grub.h $(DESTDIR)$(INCLUDEDIR)
+@@ -34,13 +29,8 @@ install: all
+ clean distclean::
+ rm -f $(LIB)
+
+-libfsimage.so: libfsimage.so.$(MAJOR)
+- ln -sf $< $@
+-libfsimage.so.$(MAJOR): libfsimage.so.$(MAJOR).$(MINOR)
+- ln -sf $< $@
+-
+-libfsimage.so.$(MAJOR).$(MINOR): $(PIC_OBJS)
+- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libfsimage.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(PTHREAD_LIBS)
++libfsimage.so: $(PIC_OBJS)
++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $^ $(PTHREAD_LIBS)
+
+ -include $(DEPS)
+
diff --cc debian/patches/tools-libfsimage-prefix.diff
index 1642f9b,0000000..c9c5e0d
mode 100644,000000..100644
--- a/debian/patches/tools-libfsimage-prefix.diff
+++ b/debian/patches/tools-libfsimage-prefix.diff
@@@ -1,52 -1,0 +1,53 @@@
- From fc454a556a6877b0aecc560bd2abefc87eef45f5 Mon Sep 17 00:00:00 2001
++From 66f2cc186b7cd712a059c51af7fd89c0d7806e20 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:46:55 +0200
+Subject: tools-libfsimage-prefix.diff
+
++Patch-Name: tools-libfsimage-prefix.diff
+---
+ tools/libfsimage/Rules.mk | 3 ++-
+ tools/libfsimage/common/Makefile | 6 ++++--
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/tools/libfsimage/Rules.mk b/tools/libfsimage/Rules.mk
+index 8a23655..2750f4f 100644
+--- a/tools/libfsimage/Rules.mk
++++ b/tools/libfsimage/Rules.mk
+@@ -3,10 +3,11 @@ include $(XEN_ROOT)/tools/Rules.mk
+ CFLAGS += -Wno-unknown-pragmas -I$(XEN_ROOT)/tools/libfsimage/common/ -DFSIMAGE_FSDIR=\"$(FSDIR)\"
+ CFLAGS += -Werror -D_GNU_SOURCE
+ LDFLAGS += -L../common/
++LDFLAGS += $(call LDFLAGS_RPATH,../..)
+
+ PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y))
+
+-FSDIR = $(LIBDIR)/fs
++FSDIR = $(PRIVATE_LIBDIR)/fs
+
+ FSLIB = fsimage.so
+
+diff --git a/tools/libfsimage/common/Makefile b/tools/libfsimage/common/Makefile
+index 4202cc1..85f3d29 100644
+--- a/tools/libfsimage/common/Makefile
++++ b/tools/libfsimage/common/Makefile
+@@ -1,6 +1,8 @@
+ XEN_ROOT = $(CURDIR)/../../..
+ include $(XEN_ROOT)/tools/libfsimage/Rules.mk
+
++CFLAGS += -DFSDIR="\"$(PRIVATE_LIBDIR)/fs\""
++
+ LDFLAGS-$(CONFIG_SunOS) = -Wl,-M -Wl,mapfile-SunOS
+ LDFLAGS-$(CONFIG_Linux) = -Wl,mapfile-GNU
+ LDFLAGS = $(LDFLAGS-y)
+@@ -19,9 +21,9 @@ all: $(LIB)
+
+ .PHONY: install
+ install: all
+- $(INSTALL_DIR) $(DESTDIR)$(LIBDIR)
++ $(INSTALL_DIR) $(DESTDIR)$(PRIVATE_LIBDIR)
+ $(INSTALL_DIR) $(DESTDIR)$(INCLUDEDIR)
+- $(INSTALL_PROG) libfsimage.so $(DESTDIR)$(LIBDIR)
++ $(INSTALL_PROG) libfsimage.so $(DESTDIR)$(PRIVATE_LIBDIR)
+ $(INSTALL_DATA) fsimage.h $(DESTDIR)$(INCLUDEDIR)
+ $(INSTALL_DATA) fsimage_plugin.h $(DESTDIR)$(INCLUDEDIR)
+ $(INSTALL_DATA) fsimage_grub.h $(DESTDIR)$(INCLUDEDIR)
diff --cc debian/patches/tools-libxc-abiname.diff
index c112985,0000000..ccc14ee
mode 100644,000000..100644
--- a/debian/patches/tools-libxc-abiname.diff
+++ b/debian/patches/tools-libxc-abiname.diff
@@@ -1,98 -1,0 +1,99 @@@
- From 77d66b22c6a95a0413c984d2b56799619eaeff5a Mon Sep 17 00:00:00 2001
++From 942996c5b4c8a136150e19909440019592530678 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:46:48 +0200
+Subject: tools-libxc-abiname.diff
+
++Patch-Name: tools-libxc-abiname.diff
+---
+ tools/libxc/Makefile | 35 +++++++++++++----------------------
+ 1 file changed, 13 insertions(+), 22 deletions(-)
+
+diff --git a/tools/libxc/Makefile b/tools/libxc/Makefile
+index 2cca2b2..b171f91 100644
+--- a/tools/libxc/Makefile
++++ b/tools/libxc/Makefile
+@@ -1,9 +1,6 @@
+ XEN_ROOT = $(CURDIR)/../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-MAJOR = 4.4
+-MINOR = 0
+-
+ CTRL_SRCS-y :=
+ CTRL_SRCS-y += xc_core.c
+ CTRL_SRCS-$(CONFIG_X86) += xc_core_x86.c
+@@ -110,12 +107,12 @@ OSDEP_PIC_OBJS := $(patsubst %.c,%.opic,$(OSDEP_SRCS-y))
+
+ LIB := libxenctrl.a
+ ifneq ($(stubdom),y)
+-LIB += libxenctrl.so libxenctrl.so.$(MAJOR) libxenctrl.so.$(MAJOR).$(MINOR)
++LIB += libxenctrl.so libxenctrl-$(XEN_VERSION).so
+ endif
+
+ LIB += libxenguest.a
+ ifneq ($(stubdom),y)
+-LIB += libxenguest.so libxenguest.so.$(MAJOR) libxenguest.so.$(MAJOR).$(MINOR)
++LIB += libxenguest.so libxenguest-$(XEN_VERSION).so
+ endif
+
+ ifneq ($(stubdom),y)
+@@ -136,15 +133,13 @@ libs: $(LIB)
+ install: build
+ $(INSTALL_DIR) $(DESTDIR)$(LIBDIR)
+ $(INSTALL_DIR) $(DESTDIR)$(INCLUDEDIR)
+- $(INSTALL_PROG) libxenctrl.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBDIR)
++ $(INSTALL_PROG) libxenctrl-$(XEN_VERSION).so $(DESTDIR)$(LIBDIR)
+ $(INSTALL_DATA) libxenctrl.a $(DESTDIR)$(LIBDIR)
+- ln -sf libxenctrl.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBDIR)/libxenctrl.so.$(MAJOR)
+- ln -sf libxenctrl.so.$(MAJOR) $(DESTDIR)$(LIBDIR)/libxenctrl.so
++ ln -sf libxenctrl-$(XEN_VERSION).so $(DESTDIR)$(LIBDIR)/libxenctrl.so
+ $(INSTALL_DATA) xenctrl.h xenctrlosdep.h xentoollog.h $(DESTDIR)$(INCLUDEDIR)
+- $(INSTALL_PROG) libxenguest.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBDIR)
++ $(INSTALL_PROG) libxenguest-$(XEN_VERSION).so $(DESTDIR)$(LIBDIR)
+ $(INSTALL_DATA) libxenguest.a $(DESTDIR)$(LIBDIR)
+- ln -sf libxenguest.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBDIR)/libxenguest.so.$(MAJOR)
+- ln -sf libxenguest.so.$(MAJOR) $(DESTDIR)$(LIBDIR)/libxenguest.so
++ ln -sf libxenguest-$(XEN_VERSION).so $(DESTDIR)$(LIBDIR)/libxenguest.so
+ $(INSTALL_DATA) xenguest.h $(DESTDIR)$(INCLUDEDIR)
+
+ .PHONY: TAGS
+@@ -173,22 +168,18 @@ rpm: build
+ libxenctrl.a: $(CTRL_LIB_OBJS)
+ $(AR) rc $@ $^
+
+-libxenctrl.so: libxenctrl.so.$(MAJOR)
+- ln -sf $< $@
+-libxenctrl.so.$(MAJOR): libxenctrl.so.$(MAJOR).$(MINOR)
++libxenctrl.so: libxenctrl-$(XEN_VERSION).so
+ ln -sf $< $@
+
+-libxenctrl.so.$(MAJOR).$(MINOR): $(CTRL_PIC_OBJS)
+- $(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenctrl.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(DLOPEN_LIBS) $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
++libxenctrl-$(XEN_VERSION).so: $(CTRL_PIC_OBJS)
++ $(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $^ $(DLOPEN_LIBS) $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
+
+ # libxenguest
+
+ libxenguest.a: $(GUEST_LIB_OBJS)
+ $(AR) rc $@ $^
+
+-libxenguest.so: libxenguest.so.$(MAJOR)
+- ln -sf $< $@
+-libxenguest.so.$(MAJOR): libxenguest.so.$(MAJOR).$(MINOR)
++libxenguest.so: libxenguest-$(XEN_VERSION).so
+ ln -sf $< $@
+
+ ifeq ($(CONFIG_MiniOS),y)
+@@ -200,9 +191,9 @@ endif
+ xc_dom_bzimageloader.o: CFLAGS += $(call zlib-options,D)
+ xc_dom_bzimageloader.opic: CFLAGS += $(call zlib-options,D)
+
+-libxenguest.so.$(MAJOR).$(MINOR): COMPRESSION_LIBS = $(call zlib-options,l)
+-libxenguest.so.$(MAJOR).$(MINOR): $(GUEST_PIC_OBJS) libxenctrl.so
+- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenguest.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(GUEST_PIC_OBJS) $(COMPRESSION_LIBS) -lz $(LDLIBS_libxenctrl) $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
++libxenguest-$(XEN_VERSION).so: COMPRESSION_LIBS = $(call zlib-options,l)
++libxenguest-$(XEN_VERSION).so: $(GUEST_PIC_OBJS) libxenctrl-$(XEN_VERSION).so
++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $(GUEST_PIC_OBJS) $(COMPRESSION_LIBS) -lz $(LDLIBS_libxenctrl) $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
+
+ xenctrl_osdep_ENOSYS.so: $(OSDEP_PIC_OBJS) libxenctrl.so
+ $(CC) -g $(LDFLAGS) $(SHLIB_LDFLAGS) -o $@ $(OSDEP_PIC_OBJS) $(LDLIBS_libxenctrl) $(APPEND_LDFLAGS)
diff --cc debian/patches/tools-libxl-abiname.diff
index c186a4c,0000000..766e4f4
mode 100644,000000..100644
--- a/debian/patches/tools-libxl-abiname.diff
+++ b/debian/patches/tools-libxl-abiname.diff
@@@ -1,80 -1,0 +1,81 @@@
- From bd104cd974cc0997028f7c1209ca3ee96fda7db6 Mon Sep 17 00:00:00 2001
++From 11a304a31b9c43087ce887d2708099c1658f2b58 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:46:49 +0200
+Subject: tools-libxl-abiname.diff
+
++Patch-Name: tools-libxl-abiname.diff
+---
+ tools/libxl/Makefile | 34 ++++++++++------------------------
+ 1 file changed, 10 insertions(+), 24 deletions(-)
+
+diff --git a/tools/libxl/Makefile b/tools/libxl/Makefile
+index 755b666..b002c54 100644
+--- a/tools/libxl/Makefile
++++ b/tools/libxl/Makefile
+@@ -5,12 +5,6 @@
+ XEN_ROOT = $(CURDIR)/../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-MAJOR = 4.4
+-MINOR = 0
+-
+-XLUMAJOR = 4.3
+-XLUMINOR = 0
+-
+ CFLAGS += -Werror -Wno-format-zero-length -Wmissing-declarations \
+ -Wno-declaration-after-statement -Wformat-nonliteral
+ CFLAGS += -I. -fPIC
+@@ -185,14 +179,11 @@ _libxl_type%.h _libxl_type%_json.h _libxl_type%.c: libxl_type%.idl gentypes.py i
+ $(call move-if-changed,__libxl_type$*_json.h,_libxl_type$*_json.h)
+ $(call move-if-changed,__libxl_type$*.c,_libxl_type$*.c)
+
+-libxenlight.so: libxenlight.so.$(MAJOR)
++libxenlight.so: libxenlight-$(XEN_VERSION).so
+ ln -sf $< $@
+
+-libxenlight.so.$(MAJOR): libxenlight.so.$(MAJOR).$(MINOR)
+- ln -sf $< $@
+-
+-libxenlight.so.$(MAJOR).$(MINOR): $(LIBXL_OBJS)
+- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenlight.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXL_LIBS) $(APPEND_LDFLAGS)
++libxenlight-$(XEN_VERSION).so: $(LIBXL_OBJS)
++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXL_LIBS) $(APPEND_LDFLAGS)
+
+ libxenlight_test.so: $(LIBXL_OBJS) $(LIBXL_TEST_OBJS)
+ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenlight.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXL_LIBS) $(APPEND_LDFLAGS)
+@@ -200,14 +191,11 @@ libxenlight_test.so: $(LIBXL_OBJS) $(LIBXL_TEST_OBJS)
+ libxenlight.a: $(LIBXL_OBJS)
+ $(AR) rcs libxenlight.a $^
+
+-libxlutil.so: libxlutil.so.$(XLUMAJOR)
+- ln -sf $< $@
+-
+-libxlutil.so.$(XLUMAJOR): libxlutil.so.$(XLUMAJOR).$(XLUMINOR)
++libxlutil.so: libxlutil-$(XEN_VERSION).so
+ ln -sf $< $@
+
+-libxlutil.so.$(XLUMAJOR).$(XLUMINOR): $(LIBXLU_OBJS)
+- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxlutil.so.$(XLUMAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXLU_LIBS) $(APPEND_LDFLAGS)
++libxlutil-$(XEN_VERSION).so: $(LIBXLU_OBJS)
++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXLU_LIBS) $(APPEND_LDFLAGS)
+
+ libxlutil.a: $(LIBXLU_OBJS)
+ $(AR) rcs libxlutil.a $^
+@@ -234,13 +222,11 @@ install: all
+ $(INSTALL_DIR) $(DESTDIR)$(PRIVATE_BINDIR)
+ $(INSTALL_PROG) xl $(DESTDIR)$(SBINDIR)
+ $(INSTALL_PROG) libxl-save-helper $(DESTDIR)$(PRIVATE_BINDIR)
+- $(INSTALL_PROG) libxenlight.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBDIR)
+- ln -sf libxenlight.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBDIR)/libxenlight.so.$(MAJOR)
+- ln -sf libxenlight.so.$(MAJOR) $(DESTDIR)$(LIBDIR)/libxenlight.so
++ $(INSTALL_PROG) libxenlight-$(XEN_VERSION).so $(DESTDIR)$(LIBDIR)
++ ln -sf libxenlight-$(XEN_VERSION).so $(DESTDIR)$(LIBDIR)/libxenlight.so
+ $(INSTALL_DATA) libxenlight.a $(DESTDIR)$(LIBDIR)
+- $(INSTALL_PROG) libxlutil.so.$(XLUMAJOR).$(XLUMINOR) $(DESTDIR)$(LIBDIR)
+- ln -sf libxlutil.so.$(XLUMAJOR).$(XLUMINOR) $(DESTDIR)$(LIBDIR)/libxlutil.so.$(XLUMAJOR)
+- ln -sf libxlutil.so.$(XLUMAJOR) $(DESTDIR)$(LIBDIR)/libxlutil.so
++ $(INSTALL_PROG) libxlutil-$(XEN_VERSION).so $(DESTDIR)$(LIBDIR)
++ ln -sf libxlutil-$(XEN_VERSION).so $(DESTDIR)$(LIBDIR)/libxlutil.so
+ $(INSTALL_DATA) libxlutil.a $(DESTDIR)$(LIBDIR)
+ $(INSTALL_DATA) libxl.h libxl_event.h libxl_json.h _libxl_types.h _libxl_types_json.h _libxl_list.h libxl_utils.h libxl_uuid.h $(DESTDIR)$(INCLUDEDIR)
+ $(INSTALL_DATA) bash-completion $(DESTDIR)$(BASH_COMPLETION_DIR)/xl.sh
diff --cc debian/patches/tools-libxl-prefix.diff
index cad08ec,0000000..11d9295
mode 100644,000000..100644
--- a/debian/patches/tools-libxl-prefix.diff
+++ b/debian/patches/tools-libxl-prefix.diff
@@@ -1,69 -1,0 +1,70 @@@
- From 27d21e69f7e9766c61ea44c8662907dbadd8f86d Mon Sep 17 00:00:00 2001
++From 3f24c2632f080487bb2f789a8249be6ca58e8301 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:46:57 +0200
+Subject: tools-libxl-prefix.diff
+
++Patch-Name: tools-libxl-prefix.diff
+---
+ tools/libxl/Makefile | 9 +++++----
+ tools/xenstat/libxenstat/Makefile | 2 +-
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/tools/libxl/Makefile b/tools/libxl/Makefile
+index b002c54..39e20ad 100644
+--- a/tools/libxl/Makefile
++++ b/tools/libxl/Makefile
+@@ -12,6 +12,8 @@ CFLAGS += -I. -fPIC
+ ifeq ($(CONFIG_Linux),y)
+ LIBUUID_LIBS += -luuid
+ endif
++LDFLAGS_XL = $(call LDFLAGS_RPATH,../lib)
++LDFLAGS_LIBXL = $(call LDFLAGS_RPATH)
+
+ LIBXL_LIBS =
+ LIBXL_LIBS = $(LDLIBS_libxenctrl) $(LDLIBS_libxenguest) $(LDLIBS_libxenstore) $(LDLIBS_libblktapctl) $(PTYFUNCS_LIBS) $(LIBUUID_LIBS)
+@@ -183,7 +185,7 @@ libxenlight.so: libxenlight-$(XEN_VERSION).so
+ ln -sf $< $@
+
+ libxenlight-$(XEN_VERSION).so: $(LIBXL_OBJS)
+- $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXL_LIBS) $(APPEND_LDFLAGS)
++ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG),$@ $(LDFLAGS_LIBXL) $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXL_LIBS) $(APPEND_LDFLAGS)
+
+ libxenlight_test.so: $(LIBXL_OBJS) $(LIBXL_TEST_OBJS)
+ $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenlight.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(LIBXL_LIBS) $(APPEND_LDFLAGS)
+@@ -201,7 +203,7 @@ libxlutil.a: $(LIBXLU_OBJS)
+ $(AR) rcs libxlutil.a $^
+
+ xl: $(XL_OBJS) libxlutil.so libxenlight.so
+- $(CC) $(LDFLAGS) -o $@ $(XL_OBJS) libxlutil.so $(LDLIBS_libxenlight) $(LDLIBS_libxenctrl) -lyajl $(APPEND_LDFLAGS)
++ $(CC) $(LDFLAGS) $(LDFLAGS_XL) -o $@ $(XL_OBJS) libxlutil.so $(LDLIBS_libxenlight) $(LDLIBS_libxenctrl) -lyajl $(APPEND_LDFLAGS)
+
+ test_%: test_%.o test_common.o libxlutil.so libxenlight_test.so
+ $(CC) $(LDFLAGS) -o $@ $^ $(filter-out %libxenlight.so, $(LDLIBS_libxenlight)) $(LDLIBS_libxenctrl) -lyajl $(APPEND_LDFLAGS)
+@@ -214,13 +216,12 @@ testidl: testidl.o libxlutil.so libxenlight.so
+
+ .PHONY: install
+ install: all
+- $(INSTALL_DIR) $(DESTDIR)$(SBINDIR)
+ $(INSTALL_DIR) $(DESTDIR)$(LIBDIR)
+ $(INSTALL_DIR) $(DESTDIR)$(INCLUDEDIR)
+ $(INSTALL_DIR) $(DESTDIR)$(BASH_COMPLETION_DIR)
+ $(INSTALL_DIR) $(DESTDIR)$(XEN_RUN_DIR)
+ $(INSTALL_DIR) $(DESTDIR)$(PRIVATE_BINDIR)
+- $(INSTALL_PROG) xl $(DESTDIR)$(SBINDIR)
++ $(INSTALL_PROG) xl $(DESTDIR)$(PRIVATE_BINDIR)
+ $(INSTALL_PROG) libxl-save-helper $(DESTDIR)$(PRIVATE_BINDIR)
+ $(INSTALL_PROG) libxenlight-$(XEN_VERSION).so $(DESTDIR)$(LIBDIR)
+ ln -sf libxenlight-$(XEN_VERSION).so $(DESTDIR)$(LIBDIR)/libxenlight.so
+diff --git a/tools/xenstat/libxenstat/Makefile b/tools/xenstat/libxenstat/Makefile
+index 669bb1f..6089755 100644
+--- a/tools/xenstat/libxenstat/Makefile
++++ b/tools/xenstat/libxenstat/Makefile
+@@ -53,7 +53,7 @@ $(SHLIB): $(OBJECTS-y)
+ install: all
+ $(INSTALL_DATA) src/xenstat.h $(DESTDIR)$(INCLUDEDIR)
+ $(INSTALL_DATA) $(LIB) $(DESTDIR)$(LIBDIR)/libxenstat.a
+- $(INSTALL_PROG) src/libxenstat.so $(DESTDIR)$(LIBDIR)
++ $(INSTALL_PROG) src/libxenstat.so $(DESTDIR)$(PRIVATE_LIBDIR)
+
+ PYLIB=bindings/swig/python/_xenstat.so
+ PYMOD=bindings/swig/python/xenstat.py
diff --cc debian/patches/tools-misc-prefix.diff
index c26c8b6,0000000..7c13e9c
mode 100644,000000..100644
--- a/debian/patches/tools-misc-prefix.diff
+++ b/debian/patches/tools-misc-prefix.diff
@@@ -1,50 -1,0 +1,51 @@@
- From fd88c7796ab07d79cfe0c6cd1c4bb2ad6e6907fe Mon Sep 17 00:00:00 2001
++From 02114134100401cf516261e5b15d305145d9c8e8 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:46:59 +0200
+Subject: tools-misc-prefix.diff
+
++Patch-Name: tools-misc-prefix.diff
+---
+ tools/misc/Makefile | 8 +++-----
+ tools/python/xen/xend/xend | 2 ++
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/tools/misc/Makefile b/tools/misc/Makefile
+index 17aeda5..56d4b82 100644
+--- a/tools/misc/Makefile
++++ b/tools/misc/Makefile
+@@ -32,6 +32,8 @@ INSTALL_PRIVBIN := $(INSTALL_PRIVBIN-y)
+ # Include configure output (config.h) to headers search path
+ CFLAGS += -I$(XEN_ROOT)/tools
+
++APPEND_LDFLAGS += $(call LDFLAGS_RPATH,../lib)
++
+ .PHONY: all
+ all: build
+
+@@ -41,12 +43,8 @@ build: $(TARGETS)
+
+ .PHONY: install
+ install: build
+- $(INSTALL_DIR) $(DESTDIR)$(BINDIR)
+- $(INSTALL_DIR) $(DESTDIR)$(SBINDIR)
+ $(INSTALL_DIR) $(DESTDIR)$(PRIVATE_BINDIR)
+- $(INSTALL_PYTHON_PROG) $(INSTALL_BIN) $(DESTDIR)$(BINDIR)
+- $(INSTALL_PYTHON_PROG) $(INSTALL_SBIN) $(DESTDIR)$(SBINDIR)
+- $(INSTALL_PYTHON_PROG) $(INSTALL_PRIVBIN) $(DESTDIR)$(PRIVATE_BINDIR)
++ $(INSTALL_PYTHON_PROG) $(INSTALL_BIN) $(INSTALL_SBIN) $(INSTALL_PRIVBIN) $(DESTDIR)$(PRIVATE_BINDIR)
+ set -e; for d in $(SUBDIRS); do $(MAKE) -C $$d install-recurse; done
+
+ .PHONY: clean
+diff --git a/tools/python/xen/xend/xend b/tools/python/xen/xend/xend
+index 9ef0210..3446c8e 100644
+--- a/tools/python/xen/xend/xend
++++ b/tools/python/xen/xend/xend
+@@ -33,6 +33,8 @@ import signal
+ import time
+ import commands
+
++sys.path.insert(1, sys.path[0] + '/../lib/python')
++
+ from xen.xend.server import SrvDaemon
+
+ class CheckError(ValueError):
diff --cc debian/patches/tools-misc-xend-startup.diff
index 2738bf1,0000000..147198e
mode 100644,000000..100644
--- a/debian/patches/tools-misc-xend-startup.diff
+++ b/debian/patches/tools-misc-xend-startup.diff
@@@ -1,46 -1,0 +1,47 @@@
- From 1e805409ebe5a177993adb4b4693a2e11c0c1c43 Mon Sep 17 00:00:00 2001
++From 0238824d49401a24850ed5be5710f97116f027ad Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:20 +0200
+Subject: tools-misc-xend-startup.diff
+
++Patch-Name: tools-misc-xend-startup.diff
+---
+ tools/python/xen/xend/xend | 11 -----------
+ 1 file changed, 11 deletions(-)
+
+diff --git a/tools/python/xen/xend/xend b/tools/python/xen/xend/xend
+index 3446c8e..5495189 100644
+--- a/tools/python/xen/xend/xend
++++ b/tools/python/xen/xend/xend
+@@ -71,13 +71,6 @@ def check_user():
+ hline()
+ raise CheckError("invalid user")
+
+-def start_daemon(daemon, *args):
+- if os.fork() == 0:
+- os.execvp(daemon, (daemon,) + args)
+-
+-def start_blktapctrl():
+- start_daemon("blktapctrl", "")
+-
+ def main():
+ try:
+ check_logging()
+@@ -89,18 +82,14 @@ def main():
+ if not sys.argv[1:]:
+ print 'usage: %s {start|stop|reload|restart}' % sys.argv[0]
+ elif sys.argv[1] == 'start':
+- if os.uname()[0] != "SunOS":
+- start_blktapctrl()
+ return daemon.start()
+ elif sys.argv[1] == 'trace_start':
+- start_blktapctrl()
+ return daemon.start(trace=1)
+ elif sys.argv[1] == 'stop':
+ return daemon.stop()
+ elif sys.argv[1] == 'reload':
+ return daemon.reloadConfig()
+ elif sys.argv[1] == 'restart':
+- start_blktapctrl()
+ return daemon.stop() or daemon.start()
+ elif sys.argv[1] == 'status':
+ return daemon.status()
diff --cc debian/patches/tools-pygrub-prefix.diff
index 0745ed9,0000000..7f3244b
mode 100644,000000..100644
--- a/debian/patches/tools-pygrub-prefix.diff
+++ b/debian/patches/tools-pygrub-prefix.diff
@@@ -1,41 -1,0 +1,42 @@@
- From 603adc9defeb0a07fbffbea2233f7579decce861 Mon Sep 17 00:00:00 2001
++From 755283c8766340546fb7856f11f81502c18c9831 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:01 +0200
+Subject: tools-pygrub-prefix.diff
+
++Patch-Name: tools-pygrub-prefix.diff
+---
+ tools/pygrub/setup.py | 2 ++
+ tools/pygrub/src/pygrub | 2 ++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/tools/pygrub/setup.py b/tools/pygrub/setup.py
+index 52dcf57..8a1be9a 100644
+--- a/tools/pygrub/setup.py
++++ b/tools/pygrub/setup.py
+@@ -4,11 +4,13 @@ import os
+ import sys
+
+ extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ]
++extra_link_args = [ "-Wl,-rpath,${ORIGIN}/.." ]
+
+ XEN_ROOT = "../.."
+
+ fsimage = Extension("fsimage",
+ extra_compile_args = extra_compile_args,
++ extra_link_args = extra_link_args,
+ include_dirs = [ XEN_ROOT + "/tools/libfsimage/common/" ],
+ library_dirs = [ XEN_ROOT + "/tools/libfsimage/common/" ],
+ libraries = ["fsimage"],
+diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub
+index 45a7290..1e3e3ba 100644
+--- a/tools/pygrub/src/pygrub
++++ b/tools/pygrub/src/pygrub
+@@ -22,6 +22,8 @@ import xen.lowlevel.xc
+ import curses, _curses, curses.wrapper, curses.textpad, curses.ascii
+ import getopt
+
++sys.path.insert(1, sys.path[0] + '/../lib/python')
++
+ import fsimage
+ import grub.GrubConf
+ import grub.LiloConf
diff --cc debian/patches/tools-pygrub-remove-static-solaris-support
index 0701702,0000000..1563655
mode 100644,000000..100644
--- a/debian/patches/tools-pygrub-remove-static-solaris-support
+++ b/debian/patches/tools-pygrub-remove-static-solaris-support
@@@ -1,85 -1,0 +1,86 @@@
- From e201b0c3404d104e6dda72eb498440110bf2f1f9 Mon Sep 17 00:00:00 2001
++From b0160947a9e22114aa4b8b3f55ecb10a9c3dcc30 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:29 +0200
+Subject: tools-pygrub-remove-static-solaris-support
+
++Patch-Name: tools-pygrub-remove-static-solaris-support
+---
+ tools/pygrub/src/pygrub | 51 +------------------------------------------------
+ 1 file changed, 1 insertion(+), 50 deletions(-)
+
+diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub
+index 1e3e3ba..2964140 100644
+--- a/tools/pygrub/src/pygrub
++++ b/tools/pygrub/src/pygrub
+@@ -17,7 +17,6 @@ import os, sys, string, struct, tempfile, re, traceback
+ import copy
+ import logging
+ import platform
+-import xen.lowlevel.xc
+
+ import curses, _curses, curses.wrapper, curses.textpad, curses.ascii
+ import getopt
+@@ -640,51 +639,6 @@ def run_grub(file, entry, fs, cfg_args):
+
+ return grubcfg
+
+-def supports64bitPVguest():
+- xc = xen.lowlevel.xc.xc()
+- caps = xc.xeninfo()['xen_caps'].split(" ")
+- for cap in caps:
+- if cap == "xen-3.0-x86_64":
+- return True
+- return False
+-
+-# If nothing has been specified, look for a Solaris domU. If found, perform the
+-# necessary tweaks.
+-def sniff_solaris(fs, cfg):
+- if not fs.file_exists("/platform/i86xpv/kernel/unix") and \
+- not fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
+- return cfg
+-
+- if not cfg["kernel"]:
+- if supports64bitPVguest() and \
+- fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
+- cfg["kernel"] = "/platform/i86xpv/kernel/amd64/unix"
+- cfg["ramdisk"] = "/platform/i86pc/amd64/boot_archive"
+- elif fs.file_exists("/platform/i86xpv/kernel/unix"):
+- cfg["kernel"] = "/platform/i86xpv/kernel/unix"
+- cfg["ramdisk"] = "/platform/i86pc/boot_archive"
+- else:
+- return cfg
+-
+- # Unpleasant. Typically we'll have 'root=foo -k' or 'root=foo /kernel -k',
+- # and we need to maintain Xen properties (root= and ip=) and the kernel
+- # before any user args.
+-
+- xenargs = ""
+- userargs = ""
+-
+- if not cfg["args"]:
+- cfg["args"] = cfg["kernel"]
+- else:
+- for arg in cfg["args"].split():
+- if re.match("^root=", arg) or re.match("^ip=", arg):
+- xenargs += arg + " "
+- elif arg != cfg["kernel"]:
+- userargs += arg + " "
+- cfg["args"] = xenargs + " " + cfg["kernel"] + " " + userargs
+-
+- return cfg
+-
+ def sniff_netware(fs, cfg):
+ if not fs.file_exists("/nwserver/xnloader.sys"):
+ return cfg
+@@ -858,10 +812,7 @@ if __name__ == "__main__":
+ try:
+ fs = fsimage.open(file, offset, bootfsoptions)
+
+- chosencfg = sniff_solaris(fs, incfg)
+-
+- if not chosencfg["kernel"]:
+- chosencfg = sniff_netware(fs, incfg)
++ chosencfg = sniff_netware(fs, incfg)
+
+ if not chosencfg["kernel"]:
+ chosencfg = run_grub(file, entry, fs, incfg["args"])
diff --cc debian/patches/tools-python-prefix.diff
index 545fd2a,0000000..14b1718
mode 100644,000000..100644
--- a/debian/patches/tools-python-prefix.diff
+++ b/debian/patches/tools-python-prefix.diff
@@@ -1,147 -1,0 +1,148 @@@
- From 98e7698ea7ca4bcde5d9160e9b03cb3ffaea0fdb Mon Sep 17 00:00:00 2001
++From 995133b1d2a5e180b8f50e5abde596bdb85fba77 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:02 +0200
+Subject: tools-python-prefix.diff
+
++Patch-Name: tools-python-prefix.diff
+---
+ tools/python/setup.py | 10 ++++++++++
+ tools/python/xen/util/auxbin.py | 36 +++++++++++++++++++-----------------
+ 2 files changed, 29 insertions(+), 17 deletions(-)
+
+diff --git a/tools/python/setup.py b/tools/python/setup.py
+index 8127b21..702a383 100644
+--- a/tools/python/setup.py
++++ b/tools/python/setup.py
+@@ -5,6 +5,7 @@ import os, sys
+ XEN_ROOT = "../.."
+
+ extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ]
++extra_link_args = [ "-Wl,-rpath,${ORIGIN}/../../.." ]
+
+ PATH_XEN = XEN_ROOT + "/tools/include"
+ PATH_LIBXC = XEN_ROOT + "/tools/libxc"
+@@ -13,6 +14,7 @@ PATH_XENSTORE = XEN_ROOT + "/tools/xenstore"
+
+ xc = Extension("xc",
+ extra_compile_args = extra_compile_args,
++ extra_link_args = extra_link_args,
+ include_dirs = [ PATH_XEN, PATH_LIBXC, "xen/lowlevel/xc" ],
+ library_dirs = [ PATH_LIBXC ],
+ libraries = [ "xenctrl", "xenguest" ],
+@@ -21,6 +23,7 @@ xc = Extension("xc",
+
+ xs = Extension("xs",
+ extra_compile_args = extra_compile_args,
++ extra_link_args = extra_link_args,
+ include_dirs = [ PATH_XEN, PATH_XENSTORE, "xen/lowlevel/xs" ],
+ library_dirs = [ PATH_XENSTORE ],
+ libraries = [ "xenstore" ],
+@@ -29,6 +32,7 @@ xs = Extension("xs",
+
+ scf = Extension("scf",
+ extra_compile_args = extra_compile_args,
++ extra_link_args = extra_link_args,
+ include_dirs = [ "xen/lowlevel/scf" ],
+ library_dirs = [ ],
+ libraries = [ ],
+@@ -37,6 +41,7 @@ scf = Extension("scf",
+
+ process = Extension("process",
+ extra_compile_args = extra_compile_args,
++ extra_link_args = extra_link_args,
+ include_dirs = [ "xen/lowlevel/process" ],
+ library_dirs = [ ],
+ libraries = [ "contract" ],
+@@ -45,6 +50,7 @@ process = Extension("process",
+
+ flask = Extension("flask",
+ extra_compile_args = extra_compile_args,
++ extra_link_args = extra_link_args,
+ include_dirs = [ PATH_XEN, PATH_LIBXC, "xen/lowlevel/flask" ],
+ library_dirs = [ PATH_LIBXC ],
+ libraries = [ "xenctrl" ],
+@@ -53,6 +59,7 @@ flask = Extension("flask",
+
+ ptsname = Extension("ptsname",
+ extra_compile_args = extra_compile_args,
++ extra_link_args = extra_link_args,
+ include_dirs = [ "ptsname" ],
+ library_dirs = [ ],
+ libraries = [ ],
+@@ -61,6 +68,7 @@ ptsname = Extension("ptsname",
+
+ checkpoint = Extension("checkpoint",
+ extra_compile_args = extra_compile_args,
++ extra_link_args = extra_link_args,
+ include_dirs = [ PATH_XEN, PATH_LIBXC, PATH_XENSTORE ],
+ library_dirs = [ PATH_LIBXC, PATH_XENSTORE ],
+ libraries = [ "xenctrl", "xenguest", "xenstore", "rt" ],
+@@ -72,6 +80,7 @@ checkpoint = Extension("checkpoint",
+
+ netlink = Extension("netlink",
+ extra_compile_args = extra_compile_args,
++ extra_link_args = extra_link_args,
+ include_dirs = [ ],
+ library_dirs = [ ],
+ libraries = [ ],
+@@ -81,6 +90,7 @@ netlink = Extension("netlink",
+
+ xl = Extension("xl",
+ extra_compile_args = extra_compile_args,
++ extra_link_args = extra_link_args,
+ include_dirs = [ PATH_XEN, PATH_LIBXL, PATH_LIBXC, "xen/lowlevel/xl" ],
+ library_dirs = [ PATH_LIBXL ],
+ libraries = [ "xenlight" ],
+diff --git a/tools/python/xen/util/auxbin.py b/tools/python/xen/util/auxbin.py
+index a690ad9..b1bd191 100644
+--- a/tools/python/xen/util/auxbin.py
++++ b/tools/python/xen/util/auxbin.py
+@@ -19,29 +19,31 @@
+ import os
+ import os.path
+ import sys
+-from xen.util.path import *
++import xen.util.path
++
++
++class _Path(object):
++ def __init__(self, path=[]):
++ self._path = path
++ def __call__(self, name):
++ for dir in self._path:
++ real = os.path.join(dir, name)
++ if os.path.exists(real):
++ return real
++
++
++path_bin = _Path([xen.util.path.PRIVATE_BINDIR, '/usr/lib/xen/bin', '/usr/sbin', '/sbin', '/usr/bin', '/bin'])
++path_boot = _Path([xen.util.path.XENFIRMWAREDIR, '/usr/lib/xen/boot', '/boot'])
+
+ def execute(exe, args = None):
+- exepath = pathTo(exe)
++ exepath = path_bin(exe)
+ a = [ exepath ]
+ if args:
+ a.extend(args)
+- try:
+- os.execv(exepath, a)
+- except (OSError, TypeError), exn:
+- print exepath, ": ", exn
+- sys.exit(1)
+-
+-SEARCHDIRS = [ BINDIR, SBINDIR, LIBEXEC, PRIVATE_BINDIR, XENFIRMWAREDIR ]
+-def pathTo(exebin):
+- for dir in SEARCHDIRS:
+- exe = os.path.join(dir, exebin)
+- if os.path.exists(exe):
+- return exe
+- return None
++ os.execv(exepath, a)
+
+ def xen_configdir():
+- return XEN_CONFIG_DIR
++ return xen.util.path.XEN_CONFIG_DIR
+
+ def scripts_dir():
+- return XEN_SCRIPT_DIR
++ return xen.util.path.XEN_SCRIPT_DIR
diff --cc debian/patches/tools-python-shebang.diff
index a87193e,0000000..5401724
mode 100644,000000..100644
--- a/debian/patches/tools-python-shebang.diff
+++ b/debian/patches/tools-python-shebang.diff
@@@ -1,175 -1,0 +1,176 @@@
- From cb11364de999703c102ef2fd798a8f361783c002 Mon Sep 17 00:00:00 2001
++From 9e04b0568d6a3b8c3a242dd64773a59c87dcb0e9 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:33 +0200
+Subject: tools-python-shebang.diff
+
++Patch-Name: tools-python-shebang.diff
+---
+ tools/python/xen/remus/save.py | 2 --
+ tools/python/xen/remus/vm.py | 2 --
+ tools/python/xen/util/bugtool.py | 2 --
+ tools/python/xen/util/pci.py | 2 --
+ tools/python/xen/util/vscsi_util.py | 1 -
+ tools/python/xen/xend/XendBase.py | 1 -
+ tools/python/xen/xend/XendClient.py | 1 -
+ tools/python/xen/xend/XendLocalStorageRepo.py | 1 -
+ tools/python/xen/xend/XendQCoWStorageRepo.py | 1 -
+ tools/python/xen/xend/XendSXPDev.py | 2 --
+ tools/python/xen/xend/XendStorageRepository.py | 1 -
+ tools/python/xen/xend/XendVDI.py | 1 -
+ tools/python/xen/xend/arch.py | 2 --
+ tools/python/xen/xend/osdep.py | 2 --
+ tools/python/xen/xend/sxp.py | 1 -
+ tools/python/xen/xm/xenapi_create.py | 1 -
+ 16 files changed, 23 deletions(-)
+
+diff --git a/tools/python/xen/remus/save.py b/tools/python/xen/remus/save.py
+index 2193061..fdf78aa 100644
+--- a/tools/python/xen/remus/save.py
++++ b/tools/python/xen/remus/save.py
+@@ -1,5 +1,3 @@
+-#!/usr/bin/env python
+-
+ import os, select, socket, threading, time, signal, xmlrpclib
+
+ from xen.xend.XendClient import server
+diff --git a/tools/python/xen/remus/vm.py b/tools/python/xen/remus/vm.py
+index 90002e3..b9d1263 100644
+--- a/tools/python/xen/remus/vm.py
++++ b/tools/python/xen/remus/vm.py
+@@ -1,5 +1,3 @@
+-#!/usr/bin/env python
+-
+ import xmlrpclib
+
+ from xen.xend.XendClient import server
+diff --git a/tools/python/xen/util/bugtool.py b/tools/python/xen/util/bugtool.py
+index 2abcc86..43aede8 100644
+--- a/tools/python/xen/util/bugtool.py
++++ b/tools/python/xen/util/bugtool.py
+@@ -1,5 +1,3 @@
+-#!/usr/bin/env python
+-
+ # This library is free software; you can redistribute it and/or
+ # modify it under the terms of version 2.1 of the GNU Lesser General Public
+ # License as published by the Free Software Foundation.
+diff --git a/tools/python/xen/util/pci.py b/tools/python/xen/util/pci.py
+index adeca4b..bfd7c22 100644
+--- a/tools/python/xen/util/pci.py
++++ b/tools/python/xen/util/pci.py
+@@ -1,5 +1,3 @@
+-#!/usr/bin/env python
+-#
+ # PCI Device Information Class
+ # - Helps obtain information about which I/O resources a PCI device needs
+ #
+diff --git a/tools/python/xen/util/vscsi_util.py b/tools/python/xen/util/vscsi_util.py
+index 5872e65..6630527 100644
+--- a/tools/python/xen/util/vscsi_util.py
++++ b/tools/python/xen/util/vscsi_util.py
+@@ -1,4 +1,3 @@
+-#!/usr/bin/env python
+ # -*- mode: python; -*-
+
+ #============================================================================
+diff --git a/tools/python/xen/xend/XendBase.py b/tools/python/xen/xend/XendBase.py
+index 9244776..96b7720 100644
+--- a/tools/python/xen/xend/XendBase.py
++++ b/tools/python/xen/xend/XendBase.py
+@@ -1,4 +1,3 @@
+-#!/usr/bin/python
+ #============================================================================
+ # This library is free software; you can redistribute it and/or
+ # modify it under the terms of version 2.1 of the GNU Lesser General Public
+diff --git a/tools/python/xen/xend/XendClient.py b/tools/python/xen/xend/XendClient.py
+index ef16699..2eb5095 100644
+--- a/tools/python/xen/xend/XendClient.py
++++ b/tools/python/xen/xend/XendClient.py
+@@ -1,4 +1,3 @@
+-#!/usr/bin/env python
+ #============================================================================
+ # This library is free software; you can redistribute it and/or
+ # modify it under the terms of version 2.1 of the GNU Lesser General Public
+diff --git a/tools/python/xen/xend/XendLocalStorageRepo.py b/tools/python/xen/xend/XendLocalStorageRepo.py
+index 31b86f6..272f3a1 100644
+--- a/tools/python/xen/xend/XendLocalStorageRepo.py
++++ b/tools/python/xen/xend/XendLocalStorageRepo.py
+@@ -1,4 +1,3 @@
+-#!/usr/bin/python
+ #============================================================================
+ # This library is free software; you can redistribute it and/or
+ # modify it under the terms of version 2.1 of the GNU Lesser General Public
+diff --git a/tools/python/xen/xend/XendQCoWStorageRepo.py b/tools/python/xen/xend/XendQCoWStorageRepo.py
+index 726df0b..53846b4 100644
+--- a/tools/python/xen/xend/XendQCoWStorageRepo.py
++++ b/tools/python/xen/xend/XendQCoWStorageRepo.py
+@@ -1,4 +1,3 @@
+-#!/usr/bin/python
+ #============================================================================
+ # This library is free software; you can redistribute it and/or
+ # modify it under the terms of version 2.1 of the GNU Lesser General Public
+diff --git a/tools/python/xen/xend/XendSXPDev.py b/tools/python/xen/xend/XendSXPDev.py
+index f145701..13621f4 100644
+--- a/tools/python/xen/xend/XendSXPDev.py
++++ b/tools/python/xen/xend/XendSXPDev.py
+@@ -1,5 +1,3 @@
+-#!/usr/bin/env python
+-#
+ # Helper functions for dealing with the sxp representation of devices
+
+ import types
+diff --git a/tools/python/xen/xend/XendStorageRepository.py b/tools/python/xen/xend/XendStorageRepository.py
+index 6ac94d3..c67aa37 100644
+--- a/tools/python/xen/xend/XendStorageRepository.py
++++ b/tools/python/xen/xend/XendStorageRepository.py
+@@ -1,4 +1,3 @@
+-#!/usr/bin/python
+ #============================================================================
+ # This library is free software; you can redistribute it and/or
+ # modify it under the terms of version 2.1 of the GNU Lesser General Public
+diff --git a/tools/python/xen/xend/XendVDI.py b/tools/python/xen/xend/XendVDI.py
+index f8abea6..778986f 100644
+--- a/tools/python/xen/xend/XendVDI.py
++++ b/tools/python/xen/xend/XendVDI.py
+@@ -1,4 +1,3 @@
+-#!/usr/bin/python
+ #============================================================================
+ # This library is free software; you can redistribute it and/or
+ # modify it under the terms of version 2.1 of the GNU Lesser General Public
+diff --git a/tools/python/xen/xend/arch.py b/tools/python/xen/xend/arch.py
+index 6d789d9..4f82735 100644
+--- a/tools/python/xen/xend/arch.py
++++ b/tools/python/xen/xend/arch.py
+@@ -1,5 +1,3 @@
+-#!/usr/bin/env python
+-#
+ # This library is free software; you can redistribute it and/or
+ # modify it under the terms of version 2.1 of the GNU Lesser General Public
+ # License as published by the Free Software Foundation.
+diff --git a/tools/python/xen/xend/osdep.py b/tools/python/xen/xend/osdep.py
+index b51dd2e..d03247a 100644
+--- a/tools/python/xen/xend/osdep.py
++++ b/tools/python/xen/xend/osdep.py
+@@ -1,5 +1,3 @@
+-#!/usr/bin/env python
+-#
+ # This library is free software; you can redistribute it and/or
+ # modify it under the terms of version 2.1 of the GNU Lesser General Public
+ # License as published by the Free Software Foundation.
+diff --git a/tools/python/xen/xend/sxp.py b/tools/python/xen/xend/sxp.py
+index c87270f..21ed514 100644
+--- a/tools/python/xen/xend/sxp.py
++++ b/tools/python/xen/xend/sxp.py
+@@ -1,4 +1,3 @@
+-#!/usr/bin/env python
+ #============================================================================
+ # This library is free software; you can redistribute it and/or
+ # modify it under the terms of version 2.1 of the GNU Lesser General Public
+diff --git a/tools/python/xen/xm/xenapi_create.py b/tools/python/xen/xm/xenapi_create.py
+index 346ff20..31d0130 100644
+--- a/tools/python/xen/xm/xenapi_create.py
++++ b/tools/python/xen/xm/xenapi_create.py
+@@ -1,4 +1,3 @@
+-#!/usr/bin/python
+ #============================================================================
+ # This library is free software; you can redistribute it and/or
+ # modify it under the terms of version 2.1 of the GNU Lesser General Public
diff --cc debian/patches/tools-python-xen-relative-path.diff
index 1c0daaa,0000000..6e20901
mode 100644,000000..100644
--- a/debian/patches/tools-python-xen-relative-path.diff
+++ b/debian/patches/tools-python-xen-relative-path.diff
@@@ -1,183 -1,0 +1,184 @@@
- From bf9eda5579d44877c9dfe76d4d1a63f2b42d11fc Mon Sep 17 00:00:00 2001
++From 8717c86e617bd83f3fd79099b8ca3895062c3357 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:19 +0200
+Subject: tools-python-xen-relative-path.diff
+
++Patch-Name: tools-python-xen-relative-path.diff
+---
+ tools/python/xen/xend/XendCheckpoint.py | 4 ++--
+ tools/python/xen/xend/XendConfig.py | 12 +++++------
+ tools/python/xen/xend/XendDomainInfo.py | 2 +-
+ tools/python/xen/xm/create.py | 35 ++++++++++++++-------------------
+ 4 files changed, 24 insertions(+), 29 deletions(-)
+
+diff --git a/tools/python/xen/xend/XendCheckpoint.py b/tools/python/xen/xend/XendCheckpoint.py
+index a433ffa..940c9bf 100644
+--- a/tools/python/xen/xend/XendCheckpoint.py
++++ b/tools/python/xen/xend/XendCheckpoint.py
+@@ -118,7 +118,7 @@ def save(fd, dominfo, network, live, dst, checkpoint=False, node=-1,sock=None):
+ # enabled. Passing "0" simply uses the defaults compiled into
+ # libxenguest; see the comments and/or code in xc_linux_save() for
+ # more information.
+- cmd = [xen.util.auxbin.pathTo(XC_SAVE), str(fd),
++ cmd = [xen.util.auxbin.path_bin(XC_SAVE), str(fd),
+ str(dominfo.getDomid()), "0", "0",
+ str(int(live) | (int(hvm) << 2)) ]
+ log.debug("[xc_save]: %s", string.join(cmd))
+@@ -299,7 +299,7 @@ def restore(xd, fd, dominfo = None, paused = False, relocating = False):
+
+ superpages = restore_image.superpages
+
+- cmd = map(str, [xen.util.auxbin.pathTo(XC_RESTORE),
++ cmd = map(str, [xen.util.auxbin.path_bin(XC_RESTORE),
+ fd, dominfo.getDomid(),
+ store_port, console_port, int(is_hvm), pae, apic, superpages, 1])
+ log.debug("[xc_restore]: %s", string.join(cmd))
+diff --git a/tools/python/xen/xend/XendConfig.py b/tools/python/xen/xend/XendConfig.py
+index 4a226a7..42406f3 100644
+--- a/tools/python/xen/xend/XendConfig.py
++++ b/tools/python/xen/xend/XendConfig.py
+@@ -493,11 +493,11 @@ class XendConfig(dict):
+
+ if self.is_hvm() or self.has_rfb():
+ if 'device_model' not in self['platform']:
+- self['platform']['device_model'] = auxbin.pathTo("qemu-dm")
++ self['platform']['device_model'] = auxbin.path_bin("qemu-dm")
+ # device_model may be set to 'qemu-dm' or 'stubdom-dm' w/o a path
+ if os.path.dirname(self['platform']['device_model']) == "":
+ self['platform']['device_model'] = \
+- auxbin.pathTo(self['platform']['device_model'])
++ auxbin.path_bin(self['platform']['device_model'])
+ # If the device_model is not set the os.path.exists() would raise
+ # an exception so we return our error message instead if applicable
+ if not self['platform']['device_model']:
+@@ -528,14 +528,14 @@ class XendConfig(dict):
+ # Old configs may have hvmloader set as PV_kernel param
+ if self.has_key('PV_kernel') and self['PV_kernel'] != '':
+ if self['PV_kernel'] == 'hvmloader':
+- self['PV_kernel'] = auxbin.pathTo("hvmloader")
++ self['PV_kernel'] = auxbin.path_boot("hvmloader")
+ self['platform']['loader'] = self['PV_kernel']
+ self['PV_kernel'] = ''
+ else:
+- self['platform']['loader'] = auxbin.pathTo("hvmloader")
++ self['platform']['loader'] = auxbin.path_boot("hvmloader")
+ log.debug("Loader is %s" % str(self['platform']['loader']))
+ elif self['platform']['loader'] == 'hvmloader':
+- self['platform']['loader'] = auxbin.pathTo("hvmloader")
++ self['platform']['loader'] = auxbin.path_boot("hvmloader")
+ if not os.path.exists(self['platform']['loader']):
+ raise VmError("kernel '%s' not found" % str(self['platform']['loader']))
+
+@@ -1653,7 +1653,7 @@ class XendConfig(dict):
+ # is invoked for pvfb services
+ if 'device_model' not in target['platform']:
+ target['platform']['device_model'] = \
+- auxbin.pathTo("qemu-dm")
++ auxbin.path_bin("qemu-dm")
+
+ # Finally, if we are a pvfb, we need to make a vkbd
+ # as well that is not really exposed to Xen API
+diff --git a/tools/python/xen/xend/XendDomainInfo.py b/tools/python/xen/xend/XendDomainInfo.py
+index 8d4ff5c..cb2d36d 100644
+--- a/tools/python/xen/xend/XendDomainInfo.py
++++ b/tools/python/xen/xend/XendDomainInfo.py
+@@ -3244,7 +3244,7 @@ class XendDomainInfo:
+ else:
+ # Boot using bootloader
+ if not blexec or blexec == 'pygrub':
+- blexec = auxbin.pathTo('pygrub')
++ blexec = auxbin.path_bin('pygrub')
+
+ blcfg = None
+ disks = [x for x in self.info['vbd_refs']
+diff --git a/tools/python/xen/xm/create.py b/tools/python/xen/xm/create.py
+index 22841aa..2ddf71b 100644
+--- a/tools/python/xen/xm/create.py
++++ b/tools/python/xen/xm/create.py
+@@ -695,45 +695,39 @@ def configure_image(vals):
+ return None
+ config_image = [ vals.builder ]
+ if vals.kernel:
++ t = auxbin.path_boot(vals.kernel)
+ if vals.bootloader:
+ # If bootloader is specified, vals.kernel will be used
+ # by bootloader when boots DomU. So it is needless to
+ # check the path is existent or not.
+ config_image.append([ 'kernel', vals.kernel ])
+- elif os.path.dirname(vals.kernel) != "" and os.path.exists(vals.kernel):
+- config_image.append([ 'kernel', vals.kernel ])
+ elif vals.kernel == 'hvmloader':
+ # Keep hvmloader w/o a path and let xend find it.
+ # This allows guest migration to a Dom0 having different
+ # xen install pathes.
+ config_image.append([ 'kernel', vals.kernel ])
+- elif os.path.exists(os.path.abspath(vals.kernel)):
+- # Keep old behaviour, if path is valid.
+- config_image.append([ 'kernel', os.path.abspath(vals.kernel) ])
++ elif t:
++ config_image.append([ 'kernel', t ])
+ else:
+ raise ValueError('Cannot find kernel "%s"' % vals.kernel)
+ if vals.ramdisk:
++ t = auxbin.path_boot(vals.ramdisk)
+ if vals.bootloader:
+ # Same with 'kernel' above
+ config_image.append([ 'ramdisk', vals.ramdisk ])
+- elif os.path.dirname(vals.ramdisk) != "" and os.path.exists(vals.ramdisk):
+- config_image.append([ 'ramdisk', vals.ramdisk ])
+- elif os.path.exists(os.path.abspath(vals.ramdisk)):
+- # Keep old behaviour, if path is valid.
+- config_image.append([ 'ramdisk', os.path.abspath(vals.ramdisk) ])
++ elif t:
++ config_image.append([ 'ramdisk', t ])
+ else:
+ raise ValueError('Cannot find ramdisk "%s"' % vals.ramdisk)
+ if vals.loader:
+- if os.path.dirname(vals.loader) != "" and os.path.exists(vals.loader):
+- config_image.append([ 'loader', vals.loader ])
+- elif vals.loader == 'hvmloader':
++ t = auxbin.path_boot(vals.loader)
++ if vals.loader == 'hvmloader':
+ # Keep hvmloader w/o a path and let xend find it.
+ # This allows guest migration to a Dom0 having different
+ # xen install pathes.
+ config_image.append([ 'loader', vals.loader ])
+- elif os.path.exists(os.path.abspath(vals.loader)):
+- # Keep old behaviour, if path is valid.
+- config_image.append([ 'loader', os.path.abspath(vals.loader) ])
++ elif t:
++ config_image.append([ 'loader', t ])
+ else:
+ raise ValueError('Cannot find loader "%s"' % vals.loader)
+ if vals.cmdline_ip:
+@@ -1032,7 +1026,7 @@ def configure_hvm(config_image, vals):
+ args = [ 'acpi', 'apic',
+ 'boot',
+ 'cpuid', 'cpuid_check',
+- 'device_model', 'display',
++ 'display',
+ 'fda', 'fdb',
+ 'gfx_passthru', 'guest_os_type',
+ 'hap', 'hpet',
+@@ -1054,6 +1048,8 @@ def configure_hvm(config_image, vals):
+ for a in args:
+ if a in vals.__dict__ and vals.__dict__[a] is not None:
+ config_image.append([a, vals.__dict__[a]])
++ if vals.device_model:
++ config_image.append(['device_model', auxbin.path_bin(vals.device_model)])
+ if vals.vncpasswd is not None:
+ config_image.append(['vncpasswd', vals.vncpasswd])
+
+@@ -1120,10 +1116,9 @@ def make_config(vals):
+
+ config_image = configure_image(vals)
+ if vals.bootloader:
+- if vals.bootloader == "pygrub":
+- vals.bootloader = auxbin.pathTo(vals.bootloader)
++ t = auxbin.path_boot(vals.bootloader)
+
+- config.append(['bootloader', vals.bootloader])
++ config.append(['bootloader', t])
+ if vals.bootargs:
+ config.append(['bootloader_args', vals.bootargs])
+ else:
diff --cc debian/patches/tools-rpath.diff
index a7bfaaa,0000000..a62a322
mode 100644,000000..100644
--- a/debian/patches/tools-rpath.diff
+++ b/debian/patches/tools-rpath.diff
@@@ -1,22 -1,0 +1,23 @@@
- From 95a24141c687055133b46b179b4a3eb72a2c6c13 Mon Sep 17 00:00:00 2001
++From cf39071467ab7d09b4260f0e2908c1f6c4721af0 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:46:51 +0200
+Subject: tools-rpath.diff
+
++Patch-Name: tools-rpath.diff
+---
+ tools/Rules.mk | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/Rules.mk b/tools/Rules.mk
+index 13d8fc1..0d9d98c 100644
+--- a/tools/Rules.mk
++++ b/tools/Rules.mk
+@@ -9,6 +9,8 @@ include $(XEN_ROOT)/Config.mk
+ export _INSTALL := $(INSTALL)
+ INSTALL = $(XEN_ROOT)/tools/cross-install
+
++LDFLAGS_RPATH = -Wl,-rpath,'$${ORIGIN}$(if $(1),/$(1))'
++
+ XEN_INCLUDE = $(XEN_ROOT)/tools/include
+ XEN_LIBXC = $(XEN_ROOT)/tools/libxc
+ XEN_XENLIGHT = $(XEN_ROOT)/tools/libxl
diff --cc debian/patches/tools-xcutils-rpath.diff
index 54bb4ec,0000000..d60e061
mode 100644,000000..100644
--- a/debian/patches/tools-xcutils-rpath.diff
+++ b/debian/patches/tools-xcutils-rpath.diff
@@@ -1,22 -1,0 +1,23 @@@
- From 58f609cdbadd9eabc4da18fd71d4d0affee24bbc Mon Sep 17 00:00:00 2001
++From c8425e52400d7370d58aab689b0c9ad150992f2a Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:05 +0200
+Subject: tools-xcutils-rpath.diff
+
++Patch-Name: tools-xcutils-rpath.diff
+---
+ tools/xcutils/Makefile | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/xcutils/Makefile b/tools/xcutils/Makefile
+index 6c502f1..d0d20d6 100644
+--- a/tools/xcutils/Makefile
++++ b/tools/xcutils/Makefile
+@@ -20,6 +20,8 @@ CFLAGS_xc_save.o := $(CFLAGS_libxenctrl) $(CFLAGS_libxenguest) $(CFLAGS_libxe
+ CFLAGS_readnotes.o := $(CFLAGS_libxenctrl) $(CFLAGS_libxenguest)
+ CFLAGS_lsevtchn.o := $(CFLAGS_libxenctrl)
+
++APPEND_LDFLAGS += $(call LDFLAGS_RPATH,../lib)
++
+ .PHONY: all
+ all: build
+
diff --cc debian/patches/tools-xenmon-install.diff
index 1c75ebd,0000000..ca44e6d
mode 100644,000000..100644
--- a/debian/patches/tools-xenmon-install.diff
+++ b/debian/patches/tools-xenmon-install.diff
@@@ -1,33 -1,0 +1,34 @@@
- From 30ea99f928f36b916868e9eeb0f91160fdf0ddec Mon Sep 17 00:00:00 2001
++From a04b1971492440cfebbbb9cdcef56f8d70fc4761 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:31 +0200
+Subject: tools-xenmon-install.diff
+
++Patch-Name: tools-xenmon-install.diff
+---
+ tools/xenmon/Makefile | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/tools/xenmon/Makefile b/tools/xenmon/Makefile
+index dab5415..7f7f99d 100644
+--- a/tools/xenmon/Makefile
++++ b/tools/xenmon/Makefile
+@@ -13,6 +13,10 @@
+ XEN_ROOT=$(CURDIR)/../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
++DEFAULT_PYTHON_PATH := $(shell $(XEN_ROOT)/tools/python/get-path)
++PYTHON_PATH ?= $(DEFAULT_PYTHON_PATH)
++INSTALL_PYTHON_PROG = $(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH)" $(INSTALL_PROG)
++
+ CFLAGS += -Werror
+ CFLAGS += $(CFLAGS_libxenctrl)
+ LDLIBS += $(LDLIBS_libxenctrl)
+@@ -31,7 +35,7 @@ install: build
+ $(INSTALL_DIR) $(DESTDIR)$(PRIVATE_BINDIR)
+ $(INSTALL_PROG) xenbaked $(DESTDIR)$(PRIVATE_BINDIR)/xenbaked
+ $(INSTALL_PROG) xentrace_setmask $(DESTDIR)$(PRIVATE_BINDIR)/xentrace_setmask
+- $(INSTALL_PROG) xenmon.py $(DESTDIR)$(PRIVATE_BINDIR)/xenmon.py
++ $(INSTALL_PYTHON_PROG) xenmon.py $(DESTDIR)$(PRIVATE_BINDIR)/xenmon
+ $(INSTALL_DIR) $(DESTDIR)$(DOCDIR)
+ $(INSTALL_DATA) README $(DESTDIR)$(DOCDIR)/README.xenmon
+
diff --cc debian/patches/tools-xenmon-prefix.diff
index a32faec,0000000..8fd7af0
mode 100644,000000..100644
--- a/debian/patches/tools-xenmon-prefix.diff
+++ b/debian/patches/tools-xenmon-prefix.diff
@@@ -1,36 -1,0 +1,37 @@@
- From ef86f13850569fe145993fe826344f5ff013d80e Mon Sep 17 00:00:00 2001
++From 7890b6a82243405fd71018580cc12ce142de636d Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:06 +0200
+Subject: tools-xenmon-prefix.diff
+
++Patch-Name: tools-xenmon-prefix.diff
+---
+ tools/xenmon/Makefile | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/tools/xenmon/Makefile b/tools/xenmon/Makefile
+index 3fe87ba..dab5415 100644
+--- a/tools/xenmon/Makefile
++++ b/tools/xenmon/Makefile
+@@ -16,6 +16,7 @@ include $(XEN_ROOT)/tools/Rules.mk
+ CFLAGS += -Werror
+ CFLAGS += $(CFLAGS_libxenctrl)
+ LDLIBS += $(LDLIBS_libxenctrl)
++LDFLAGS += $(call LDFLAGS_RPATH,../lib)
+
+ SCRIPTS = xenmon.py
+
+@@ -27,10 +28,10 @@ build: xentrace_setmask xenbaked
+
+ .PHONY: install
+ install: build
+- $(INSTALL_DIR) $(DESTDIR)$(SBINDIR)
+- $(INSTALL_PROG) xenbaked $(DESTDIR)$(SBINDIR)/xenbaked
+- $(INSTALL_PROG) xentrace_setmask $(DESTDIR)$(SBINDIR)/xentrace_setmask
+- $(INSTALL_PROG) xenmon.py $(DESTDIR)$(SBINDIR)/xenmon.py
++ $(INSTALL_DIR) $(DESTDIR)$(PRIVATE_BINDIR)
++ $(INSTALL_PROG) xenbaked $(DESTDIR)$(PRIVATE_BINDIR)/xenbaked
++ $(INSTALL_PROG) xentrace_setmask $(DESTDIR)$(PRIVATE_BINDIR)/xentrace_setmask
++ $(INSTALL_PROG) xenmon.py $(DESTDIR)$(PRIVATE_BINDIR)/xenmon.py
+ $(INSTALL_DIR) $(DESTDIR)$(DOCDIR)
+ $(INSTALL_DATA) README $(DESTDIR)$(DOCDIR)/README.xenmon
+
diff --cc debian/patches/tools-xenpaging-prefix.diff
index 90ef4c5,0000000..7d341a4
mode 100644,000000..100644
--- a/debian/patches/tools-xenpaging-prefix.diff
+++ b/debian/patches/tools-xenpaging-prefix.diff
@@@ -1,33 -1,0 +1,34 @@@
- From 2abffe26cec8e35e374148277125599ba8ba5b36 Mon Sep 17 00:00:00 2001
++From 8d4e0f7ace4dd7e41af63b9f8203a69dc1f6db76 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:08 +0200
+Subject: tools-xenpaging-prefix.diff
+
++Patch-Name: tools-xenpaging-prefix.diff
+---
+ tools/xenpaging/Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tools/xenpaging/Makefile b/tools/xenpaging/Makefile
+index 548d9dd..b5147da 100644
+--- a/tools/xenpaging/Makefile
++++ b/tools/xenpaging/Makefile
+@@ -3,7 +3,7 @@ include $(XEN_ROOT)/tools/Rules.mk
+
+ CFLAGS += $(CFLAGS_libxenctrl) $(CFLAGS_libxenstore) $(PTHREAD_CFLAGS)
+ LDLIBS += $(LDLIBS_libxenctrl) $(LDLIBS_libxenstore) $(PTHREAD_LIBS)
+-LDFLAGS += $(PTHREAD_LDFLAGS)
++LDFLAGS += $(PTHREAD_LDFLAGS) $(call LDFLAGS_RPATH,../lib)
+
+ POLICY = default
+
+@@ -25,8 +25,8 @@ xenpaging: $(OBJS)
+
+ install: all
+ $(INSTALL_DIR) $(DESTDIR)$(XEN_PAGING_DIR)
+- $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC)
+- $(INSTALL_PROG) $(IBINS) $(DESTDIR)$(LIBEXEC)
++ $(INSTALL_DIR) $(DESTDIR)$(PRIVATE_BINDIR)
++ $(INSTALL_PROG) $(IBINS) $(DESTDIR)$(PRIVATE_BINDIR)
+
+ clean:
+ rm -f *.o *~ $(DEPS) xen TAGS $(IBINS) $(LIB)
diff --cc debian/patches/tools-xenstat-abiname.diff
index d5a5d07,0000000..fdfba4c
mode 100644,000000..100644
--- a/debian/patches/tools-xenstat-abiname.diff
+++ b/debian/patches/tools-xenstat-abiname.diff
@@@ -1,63 -1,0 +1,64 @@@
- From 4494f78e0764b88bb38b360c421ce3a6d0847a7b Mon Sep 17 00:00:00 2001
++From 17957eb752727543ff74bb733b9dc653a47b2e38 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:46:50 +0200
+Subject: tools-xenstat-abiname.diff
+
++Patch-Name: tools-xenstat-abiname.diff
+---
+ tools/xenstat/libxenstat/Makefile | 20 ++++----------------
+ 1 file changed, 4 insertions(+), 16 deletions(-)
+
+diff --git a/tools/xenstat/libxenstat/Makefile b/tools/xenstat/libxenstat/Makefile
+index 21aad89..669bb1f 100644
+--- a/tools/xenstat/libxenstat/Makefile
++++ b/tools/xenstat/libxenstat/Makefile
+@@ -22,17 +22,13 @@ libdir=$(prefix)/lib
+ LDCONFIG=ldconfig
+ MAKE_LINK=ln -sf
+
+-MAJOR=0
+-MINOR=0
+-
+ LIB=src/libxenstat.a
+-SHLIB=src/libxenstat.so.$(MAJOR).$(MINOR)
+-SHLIB_LINKS=src/libxenstat.so.$(MAJOR) src/libxenstat.so
++SHLIB=src/libxenstat.so
+ OBJECTS-y=src/xenstat.o
+ OBJECTS-$(CONFIG_Linux) += src/xenstat_linux.o
+ OBJECTS-$(CONFIG_SunOS) += src/xenstat_solaris.o
+ OBJECTS-$(CONFIG_NetBSD) += src/xenstat_netbsd.o
+-SONAME_FLAGS=-Wl,$(SONAME_LDFLAG) -Wl,libxenstat.so.$(MAJOR)
++SONAME_FLAGS=-Wl,$(SONAME_LDFLAG),libxenstat.so
+
+ WARN_FLAGS=-Wall -Werror
+
+@@ -43,7 +39,7 @@ LDLIBS-y = $(LDLIBS_libxenstore) $(LDLIBS_libxenctrl)
+ LDLIBS-$(CONFIG_SunOS) += -lkstat
+
+ .PHONY: all
+-all: $(LIB) $(SHLIB) $(SHLIB_LINKS)
++all: $(LIB) $(SHLIB)
+
+ $(LIB): $(OBJECTS-y)
+ $(AR) rc $@ $^
+@@ -53,19 +49,11 @@ $(SHLIB): $(OBJECTS-y)
+ $(CC) $(LDFLAGS) $(SONAME_FLAGS) $(SHLIB_LDFLAGS) -o $@ \
+ $(OBJECTS-y) $(LDLIBS-y) $(APPEND_LDFLAGS)
+
+-src/libxenstat.so.$(MAJOR): $(SHLIB)
+- $(MAKE_LINK) $(<F) $@
+-
+-src/libxenstat.so: src/libxenstat.so.$(MAJOR)
+- $(MAKE_LINK) $(<F) $@
+-
+ .PHONY: install
+ install: all
+ $(INSTALL_DATA) src/xenstat.h $(DESTDIR)$(INCLUDEDIR)
+ $(INSTALL_DATA) $(LIB) $(DESTDIR)$(LIBDIR)/libxenstat.a
+- $(INSTALL_PROG) src/libxenstat.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBDIR)
+- ln -sf libxenstat.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBDIR)/libxenstat.so.$(MAJOR)
+- ln -sf libxenstat.so.$(MAJOR) $(DESTDIR)$(LIBDIR)/libxenstat.so
++ $(INSTALL_PROG) src/libxenstat.so $(DESTDIR)$(LIBDIR)
+
+ PYLIB=bindings/swig/python/_xenstat.so
+ PYMOD=bindings/swig/python/xenstat.py
diff --cc debian/patches/tools-xenstat-prefix.diff
index bf5a57e,0000000..9a74313
mode 100644,000000..100644
--- a/debian/patches/tools-xenstat-prefix.diff
+++ b/debian/patches/tools-xenstat-prefix.diff
@@@ -1,47 -1,0 +1,48 @@@
- From bf25355bf2aed4c667220f2d889981578c0a7329 Mon Sep 17 00:00:00 2001
++From d66e717b740d1ca2e48718ac5c0c19afbab7e896 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:09 +0200
+Subject: tools-xenstat-prefix.diff
+
++Patch-Name: tools-xenstat-prefix.diff
+---
+ tools/xenstat/libxenstat/Makefile | 1 +
+ tools/xenstat/xentop/Makefile | 6 ++++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/tools/xenstat/libxenstat/Makefile b/tools/xenstat/libxenstat/Makefile
+index 6089755..eaf40b4 100644
+--- a/tools/xenstat/libxenstat/Makefile
++++ b/tools/xenstat/libxenstat/Makefile
+@@ -51,6 +51,7 @@ $(SHLIB): $(OBJECTS-y)
+
+ .PHONY: install
+ install: all
++ $(INSTALL_DIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(PRIVATE_LIBDIR)
+ $(INSTALL_DATA) src/xenstat.h $(DESTDIR)$(INCLUDEDIR)
+ $(INSTALL_DATA) $(LIB) $(DESTDIR)$(LIBDIR)/libxenstat.a
+ $(INSTALL_PROG) src/libxenstat.so $(DESTDIR)$(PRIVATE_LIBDIR)
+diff --git a/tools/xenstat/xentop/Makefile b/tools/xenstat/xentop/Makefile
+index afed0d1..61f1c7d 100644
+--- a/tools/xenstat/xentop/Makefile
++++ b/tools/xenstat/xentop/Makefile
+@@ -19,7 +19,9 @@ all install xentop:
+ else
+
+ CFLAGS += -DGCC_PRINTF -Wall -Werror $(CFLAGS_libxenstat)
++LDFLAGS += $(call LDFLAGS_RPATH,../lib)
+ LDLIBS += $(LDLIBS_libxenstat) $(CURSES_LIBS) $(SOCKET_LIBS)
++LDLIBS += $(LDLIBS_libxenctrl) $(LDLIBS_libxenstore)
+ CFLAGS += -DHOST_$(XEN_OS)
+
+ # Include configure output (config.h) to headers search path
+@@ -30,8 +32,8 @@ all: xentop
+
+ .PHONY: install
+ install: xentop xentop.1
+- $(INSTALL_DIR) $(DESTDIR)$(SBINDIR)
+- $(INSTALL_PROG) xentop $(DESTDIR)$(SBINDIR)/xentop
++ $(INSTALL_DIR) $(DESTDIR)$(PRIVATE_BINDIR)
++ $(INSTALL_PROG) xentop $(DESTDIR)$(PRIVATE_BINDIR)/xentop
+ $(INSTALL_DIR) $(DESTDIR)$(MAN1DIR)
+ $(INSTALL_DATA) xentop.1 $(DESTDIR)$(MAN1DIR)/xentop.1
+
diff --cc debian/patches/tools-xenstore-compatibility.diff
index 5b3465a,0000000..652ab17
mode 100644,000000..100644
--- a/debian/patches/tools-xenstore-compatibility.diff
+++ b/debian/patches/tools-xenstore-compatibility.diff
@@@ -1,61 -1,0 +1,62 @@@
- From 030188d29ffe4e8e8260566d0963fa12f750a7e7 Mon Sep 17 00:00:00 2001
++From f590cef34c6d4a84449cb0bc46c843745cf195a0 Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:36 +0200
+Subject: tools-xenstore-compatibility.diff
+
++Patch-Name: tools-xenstore-compatibility.diff
+---
+ tools/xenstore/xenstore.h | 1 +
+ tools/xenstore/xenstore_client.c | 2 +-
+ tools/xenstore/xs.c | 4 +++-
+ 3 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/tools/xenstore/xenstore.h b/tools/xenstore/xenstore.h
+index fdf5e76..b45224b 100644
+--- a/tools/xenstore/xenstore.h
++++ b/tools/xenstore/xenstore.h
+@@ -26,6 +26,7 @@
+
+ #define XS_OPEN_READONLY 1UL<<0
+ #define XS_OPEN_SOCKETONLY 1UL<<1
++#define XS_OPEN_DOMAINONLY 1UL<<2
+
+ /*
+ * Setting XS_UNWATCH_FILTER arranges that after xs_unwatch, no
+diff --git a/tools/xenstore/xenstore_client.c b/tools/xenstore/xenstore_client.c
+index 0ec103f..be70ab4 100644
+--- a/tools/xenstore/xenstore_client.c
++++ b/tools/xenstore/xenstore_client.c
+@@ -632,7 +632,7 @@ main(int argc, char **argv)
+ max_width = ws.ws_col - 2;
+ }
+
+- xsh = xs_open(socket ? XS_OPEN_SOCKETONLY : 0);
++ xsh = xs_open(socket ? XS_OPEN_SOCKETONLY : XS_OPEN_DOMAINONLY);
+ if (xsh == NULL) err(1, "xs_open");
+
+ again:
+diff --git a/tools/xenstore/xs.c b/tools/xenstore/xs.c
+index dd03a85..15e65b8 100644
+--- a/tools/xenstore/xs.c
++++ b/tools/xenstore/xs.c
+@@ -282,17 +282,19 @@ struct xs_handle *xs_daemon_open_readonly(void)
+
+ struct xs_handle *xs_domain_open(void)
+ {
+- return xs_open(0);
++ return xs_open(XS_OPEN_DOMAINONLY);
+ }
+
+ struct xs_handle *xs_open(unsigned long flags)
+ {
+ struct xs_handle *xsh = NULL;
+
++ if (!(flags & XS_OPEN_DOMAINONLY)) {
+ if (flags & XS_OPEN_READONLY)
+ xsh = get_handle(xs_daemon_socket_ro());
+ else
+ xsh = get_handle(xs_daemon_socket());
++ }
+
+ if (!xsh && !(flags & XS_OPEN_SOCKETONLY))
+ xsh = get_handle(xs_domain_dev());
diff --cc debian/patches/tools-xenstore-prefix.diff
index 0a37ceb,0000000..4a542ab
mode 100644,000000..100644
--- a/debian/patches/tools-xenstore-prefix.diff
+++ b/debian/patches/tools-xenstore-prefix.diff
@@@ -1,58 -1,0 +1,59 @@@
- From 46661fdde15627db208e3f28c61f96a50ee27165 Mon Sep 17 00:00:00 2001
++From dfef5e187690887a937be5fe34770b599067070f Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:12 +0200
+Subject: tools-xenstore-prefix.diff
+
++Patch-Name: tools-xenstore-prefix.diff
+---
+ tools/xenstore/Makefile | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/tools/xenstore/Makefile b/tools/xenstore/Makefile
+index 262f401..153c36f 100644
+--- a/tools/xenstore/Makefile
++++ b/tools/xenstore/Makefile
+@@ -8,6 +8,8 @@ CFLAGS += -Werror
+ CFLAGS += -I.
+ CFLAGS += $(CFLAGS_libxenctrl)
+
++LDFLAGS_libxenctrl += $(call LDFLAGS_RPATH,../lib)
++
+ CLIENTS := xenstore-exists xenstore-list xenstore-read xenstore-rm xenstore-chmod
+ CLIENTS += xenstore-write xenstore-ls xenstore-watch
+
+@@ -58,10 +60,10 @@ endif
+ init-xenstore-domain.o: CFLAGS += $(CFLAGS_libxenguest)
+
+ init-xenstore-domain: init-xenstore-domain.o $(LIBXENSTORE)
+- $(CC) $(LDFLAGS) $^ $(LDLIBS_libxenctrl) $(LDLIBS_libxenguest) $(LDLIBS_libxenstore) -o $@ $(APPEND_LDFLAGS)
++ $(CC) $(LDFLAGS) $^ $(LDLIBS_libxenctrl) $(LDLIBS_libxenguest) $(LDLIBS_libxenstore) $(call LDFLAGS_RPATH,../lib) -o $@ $(APPEND_LDFLAGS)
+
+ xenstored: $(XENSTORED_OBJS)
+- $(CC) $(LDFLAGS) $^ $(LDLIBS_libxenctrl) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
++ $(CC) $(LDFLAGS) $^ $(LDLIBS_libxenctrl) $(SOCKET_LIBS) $(call LDFLAGS_RPATH,../lib) -o $@ $(APPEND_LDFLAGS)
+
+ xenstored.a: $(XENSTORED_OBJS)
+ $(AR) cr $@ $^
+@@ -109,17 +111,17 @@ tarball: clean
+
+ .PHONY: install
+ install: all
+- $(INSTALL_DIR) $(DESTDIR)$(BINDIR)
++ $(INSTALL_DIR) $(DESTDIR)$(PRIVATE_BINDIR)
+ $(INSTALL_DIR) $(DESTDIR)$(SBINDIR)
+ $(INSTALL_DIR) $(DESTDIR)$(INCLUDEDIR)
+ $(INSTALL_DIR) $(DESTDIR)$(INCLUDEDIR)/xenstore-compat
+ $(INSTALL_DIR) $(DESTDIR)/var/run/xenstored
+ $(INSTALL_DIR) $(DESTDIR)/var/lib/xenstored
+- $(INSTALL_PROG) xenstored $(DESTDIR)$(SBINDIR)
+- $(INSTALL_PROG) xenstore-control $(DESTDIR)$(BINDIR)
+- $(INSTALL_PROG) xenstore $(DESTDIR)$(BINDIR)
++ $(INSTALL_PROG) xenstored $(DESTDIR)$(PRIVATE_BINDIR)
++ $(INSTALL_PROG) xenstore-control $(DESTDIR)$(PRIVATE_BINDIR)
++ $(INSTALL_PROG) xenstore $(DESTDIR)$(SBINDIR)
+ set -e ; for c in $(CLIENTS) ; do \
+- ln -f $(DESTDIR)$(BINDIR)/xenstore $(DESTDIR)$(BINDIR)/$${c} ; \
++ ln -f xenstore $(DESTDIR)$(SBINDIR)/$${c} ; \
+ done
+ $(INSTALL_DIR) $(DESTDIR)$(LIBDIR)
+ $(INSTALL_PROG) libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBDIR)
diff --cc debian/patches/tools-xentrace-prefix.diff
index d239430,0000000..fb0b972
mode 100644,000000..100644
--- a/debian/patches/tools-xentrace-prefix.diff
+++ b/debian/patches/tools-xentrace-prefix.diff
@@@ -1,38 -1,0 +1,39 @@@
- From 114369c0e83424814962f0cd5784d54d5ec63813 Mon Sep 17 00:00:00 2001
++From 5870bdab405f9d52009dde6e9c18c00566274ebb Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:47:14 +0200
+Subject: tools-xentrace-prefix.diff
+
++Patch-Name: tools-xentrace-prefix.diff
+---
+ tools/xentrace/Makefile | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/tools/xentrace/Makefile b/tools/xentrace/Makefile
+index 63b09c0..fcc578a 100644
+--- a/tools/xentrace/Makefile
++++ b/tools/xentrace/Makefile
+@@ -5,6 +5,7 @@ CFLAGS += -Werror
+
+ CFLAGS += $(CFLAGS_libxenctrl)
+ LDLIBS += $(LDLIBS_libxenctrl)
++LDFLAGS += $(call LDFLAGS_RPATH,../lib)
+
+ BIN = xentrace xentrace_setsize
+ LIBBIN = xenctx
+@@ -20,13 +21,11 @@ build: $(BIN) $(LIBBIN)
+
+ .PHONY: install
+ install: build
+- $(INSTALL_DIR) $(DESTDIR)$(BINDIR)
+- [ -z "$(LIBBIN)" ] || $(INSTALL_DIR) $(DESTDIR)$(PRIVATE_BINDIR)
++ $(INSTALL_DIR) $(DESTDIR)$(PRIVATE_BINDIR)
+ $(INSTALL_DIR) $(DESTDIR)$(MAN1DIR)
+ $(INSTALL_DIR) $(DESTDIR)$(MAN8DIR)
+- $(INSTALL_PROG) $(BIN) $(DESTDIR)$(BINDIR)
+- $(INSTALL_PYTHON_PROG) $(SCRIPTS) $(DESTDIR)$(BINDIR)
+- [ -z "$(LIBBIN)" ] || $(INSTALL_PROG) $(LIBBIN) $(DESTDIR)$(PRIVATE_BINDIR)
++ $(INSTALL_PROG) $(BIN) $(LIBBIN) $(DESTDIR)$(PRIVATE_BINDIR)
++ $(INSTALL_PYTHON_PROG) $(SCRIPTS) $(DESTDIR)$(PRIVATE_BINDIR)
+ $(INSTALL_DATA) $(MAN1) $(DESTDIR)$(MAN1DIR)
+ $(INSTALL_DATA) $(MAN8) $(DESTDIR)$(MAN8DIR)
+
diff --cc debian/patches/version.diff
index c9cd1bf,0000000..3c0bde2
mode 100644,000000..100644
--- a/debian/patches/version.diff
+++ b/debian/patches/version.diff
@@@ -1,170 -1,0 +1,170 @@@
- From aef970480394e4c6da1f1299e1558c405cfc4f32 Mon Sep 17 00:00:00 2001
++From a56d50ac2bb489b7767b225f994b884c500cd6af Mon Sep 17 00:00:00 2001
+From: Bastian Blank <waldi at debian.org>
+Date: Sat, 5 Jul 2014 11:46:43 +0200
+Subject: version
+
- @DPATCH@
++Patch-Name: version.diff
+---
+ xen/Makefile | 11 +++++------
+ xen/common/kernel.c | 4 ++--
+ xen/common/version.c | 21 +++++++++++----------
+ xen/drivers/char/console.c | 9 +++------
+ xen/include/xen/compile.h.in | 8 ++++----
+ xen/include/xen/version.h | 8 ++++----
+ 6 files changed, 29 insertions(+), 32 deletions(-)
+
+diff --git a/xen/Makefile b/xen/Makefile
+index 134a8bd..10d1424 100644
+--- a/xen/Makefile
++++ b/xen/Makefile
+@@ -122,20 +122,19 @@ delete-unfresh-files:
+ @mv -f $@.tmp $@
+
+ # compile.h contains dynamic build info. Rebuilt on every 'make' invocation.
+-include/xen/compile.h: include/xen/compile.h.in .banner
++include/xen/compile.h: include/xen/compile.h.in
+ @sed -e 's/@@date@@/$(shell LC_ALL=C date)/g' \
+ -e 's/@@time@@/$(shell LC_ALL=C date +%T)/g' \
+- -e 's/@@whoami@@/$(XEN_WHOAMI)/g' \
+- -e 's/@@domain@@/$(XEN_DOMAIN)/g' \
+- -e 's/@@hostname@@/$(shell hostname)/g' \
+ -e 's!@@compiler@@!$(shell $(CC) $(CFLAGS) --version 2>&1 | head -1)!g' \
+ -e 's/@@version@@/$(XEN_VERSION)/g' \
+ -e 's/@@subversion@@/$(XEN_SUBVERSION)/g' \
+ -e 's/@@extraversion@@/$(XEN_EXTRAVERSION)/g' \
+ -e 's!@@changeset@@!$(shell tools/scmversion $(XEN_ROOT) || echo "unavailable")!g' \
++ -e 's/@@system_distribution@@/$(shell lsb_release -is)/g' \
++ -e 's/@@system_maintainer_domain@@/$(shell cd ../../../..; dpkg-parsechangelog | sed -ne 's,^Maintainer: .[^<]*<[^@>]*@\([^>]*\)>,\1,p')/g' \
++ -e 's/@@system_maintainer_local@@/$(shell cd ../../../..; dpkg-parsechangelog | sed -ne 's,^Maintainer: .[^<]*<\([^@>]*\)@.*>,\1,p')/g' \
++ -e 's/@@system_version@@/$(shell cd ../../../..; dpkg-parsechangelog | awk '/^Version:/ {print $$2}')/g' \
+ < include/xen/compile.h.in > $@.new
+- @cat .banner
+- @$(PYTHON) tools/fig-to-oct.py < .banner >> $@.new
+ @mv -f $@.new $@
+
+ include/asm-$(TARGET_ARCH)/asm-offsets.h: arch/$(TARGET_ARCH)/asm-offsets.s
+diff --git a/xen/common/kernel.c b/xen/common/kernel.c
+index b371f8f..877d461 100644
+--- a/xen/common/kernel.c
++++ b/xen/common/kernel.c
+@@ -243,8 +243,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
+ {
+ struct xen_compile_info info;
+ safe_strcpy(info.compiler, xen_compiler());
+- safe_strcpy(info.compile_by, xen_compile_by());
+- safe_strcpy(info.compile_domain, xen_compile_domain());
++ safe_strcpy(info.compile_by, xen_compile_system_maintainer_local());
++ safe_strcpy(info.compile_domain, xen_compile_system_maintainer_domain());
+ safe_strcpy(info.compile_date, xen_compile_date());
+ if ( copy_to_guest(arg, &info, 1) )
+ return -EFAULT;
+diff --git a/xen/common/version.c b/xen/common/version.c
+index b152e27..7b5af55 100644
+--- a/xen/common/version.c
++++ b/xen/common/version.c
+@@ -11,19 +11,24 @@ const char *xen_compile_time(void)
+ return XEN_COMPILE_TIME;
+ }
+
+-const char *xen_compile_by(void)
++const char *xen_compile_system_distribution(void)
+ {
+- return XEN_COMPILE_BY;
++ return XEN_COMPILE_SYSTEM_DISTRIBUTION;
+ }
+
+-const char *xen_compile_domain(void)
++const char *xen_compile_system_maintainer_local(void)
+ {
+- return XEN_COMPILE_DOMAIN;
++ return XEN_COMPILE_SYSTEM_MAINTAINER_LOCAL;
+ }
+
+-const char *xen_compile_host(void)
++const char *xen_compile_system_maintainer_domain(void)
+ {
+- return XEN_COMPILE_HOST;
++ return XEN_COMPILE_SYSTEM_MAINTAINER_DOMAIN;
++}
++
++const char *xen_compile_system_version(void)
++{
++ return XEN_COMPILE_SYSTEM_VERSION;
+ }
+
+ const char *xen_compiler(void)
+@@ -51,7 +56,3 @@ const char *xen_changeset(void)
+ return XEN_CHANGESET;
+ }
+
+-const char *xen_banner(void)
+-{
+- return XEN_BANNER;
+-}
+diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c
+index 89ffe64..07af8d6 100644
+--- a/xen/drivers/char/console.c
++++ b/xen/drivers/char/console.c
+@@ -667,14 +667,11 @@ void __init console_init_preirq(void)
+ serial_set_rx_handler(sercon_handle, serial_rx);
+
+ /* HELLO WORLD --- start-of-day banner text. */
+- spin_lock(&console_lock);
+- __putstr(xen_banner());
+- spin_unlock(&console_lock);
+- printk("Xen version %d.%d%s (%s@%s) (%s) debug=%c %s\n",
++ printk("Xen version %d.%d%s (%s %s) (%s@%s) (%s) debug=%c %s\n",
+ xen_major_version(), xen_minor_version(), xen_extra_version(),
+- xen_compile_by(), xen_compile_domain(),
++ xen_compile_system_distribution(), xen_compile_system_version(),
++ xen_compile_system_maintainer_local(), xen_compile_system_maintainer_domain(),
+ xen_compiler(), debug_build() ? 'y' : 'n', xen_compile_date());
+- printk("Latest ChangeSet: %s\n", xen_changeset());
+
+ if ( opt_sync_console )
+ {
+diff --git a/xen/include/xen/compile.h.in b/xen/include/xen/compile.h.in
+index 440ecb2..0c3ca58 100644
+--- a/xen/include/xen/compile.h.in
++++ b/xen/include/xen/compile.h.in
+@@ -1,8 +1,9 @@
+ #define XEN_COMPILE_DATE "@@date@@"
+ #define XEN_COMPILE_TIME "@@time@@"
+-#define XEN_COMPILE_BY "@@whoami@@"
+-#define XEN_COMPILE_DOMAIN "@@domain@@"
+-#define XEN_COMPILE_HOST "@@hostname@@"
++#define XEN_COMPILE_SYSTEM_DISTRIBUTION "@@system_distribution@@"
++#define XEN_COMPILE_SYSTEM_MAINTAINER_DOMAIN "@@system_maintainer_domain@@"
++#define XEN_COMPILE_SYSTEM_MAINTAINER_LOCAL "@@system_maintainer_local@@"
++#define XEN_COMPILE_SYSTEM_VERSION "@@system_version@@"
+ #define XEN_COMPILER "@@compiler@@"
+
+ #define XEN_VERSION @@version@@
+@@ -10,4 +11,3 @@
+ #define XEN_EXTRAVERSION "@@extraversion@@"
+
+ #define XEN_CHANGESET "@@changeset@@"
+-#define XEN_BANNER \
+diff --git a/xen/include/xen/version.h b/xen/include/xen/version.h
+index 81a3c7d..c25937e 100644
+--- a/xen/include/xen/version.h
++++ b/xen/include/xen/version.h
+@@ -3,14 +3,14 @@
+
+ const char *xen_compile_date(void);
+ const char *xen_compile_time(void);
+-const char *xen_compile_by(void);
+-const char *xen_compile_domain(void);
+-const char *xen_compile_host(void);
++const char *xen_compile_system_distribution(void);
++const char *xen_compile_system_maintainer_domain(void);
++const char *xen_compile_system_maintainer_local(void);
++const char *xen_compile_system_version(void);
+ const char *xen_compiler(void);
+ unsigned int xen_major_version(void);
+ unsigned int xen_minor_version(void);
+ const char *xen_extra_version(void);
+ const char *xen_changeset(void);
+-const char *xen_banner(void);
+
+ #endif /* __XEN_VERSION_H__ */
diff --cc debian/patches/xl-coredumps-to-var-lib-xen-dump.diff
index e93f540,0000000..13a19a5
mode 100644,000000..100644
--- a/debian/patches/xl-coredumps-to-var-lib-xen-dump.diff
+++ b/debian/patches/xl-coredumps-to-var-lib-xen-dump.diff
@@@ -1,79 -1,0 +1,80 @@@
- From 2dec9f02a44a006887469c80a7649c31bb518899 Mon Sep 17 00:00:00 2001
++From 2ee9f4efffced82ac054728cc38e8712fd88f6a3 Mon Sep 17 00:00:00 2001
+From: Ian Campbell <ijc at hellion.org.uk>
+Date: Sun, 31 Aug 2014 01:42:03 +0100
+Subject: send xl coredumps /var/lib/xen/dump/NAME
+
++Patch-Name: xl-coredumps-to-var-lib-xen-dump.diff
+---
+ docs/man/xl.cfg.pod.5 | 4 ++--
+ tools/Makefile | 2 +-
+ tools/libxl/xl_cmdimpl.c | 2 +-
+ tools/python/xen/xend/XendDomainInfo.py | 4 ++--
+ 4 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5
+index e15a49f..d26ea0b 100644
+--- a/docs/man/xl.cfg.pod.5
++++ b/docs/man/xl.cfg.pod.5
+@@ -268,12 +268,12 @@ destroy`.
+
+ =item B<coredump-destroy>
+
+-write a "coredump" of the domain to F</var/xen/dump/NAME> and then
++write a "coredump" of the domain to F</var/lib/xen/dump/NAME> and then
+ destroy the domain.
+
+ =item B<coredump-restart>
+
+-write a "coredump" of the domain to F</var/xen/dump/NAME> and then
++write a "coredump" of the domain to F</var/lib/xen/dump/NAME> and then
+ restart the domain.
+
+ =back
+diff --git a/tools/Makefile b/tools/Makefile
+index 2fca717..7c2dcaf 100644
+--- a/tools/Makefile
++++ b/tools/Makefile
+@@ -58,7 +58,7 @@ all: subdirs-all
+
+ .PHONY: install
+ install: subdirs-install
+- $(INSTALL_DIR) $(DESTDIR)/var/xen/dump
++ $(INSTALL_DIR) $(DESTDIR)/var/lib/xen/dump/
+ $(INSTALL_DIR) $(DESTDIR)/var/log/xen
+ $(INSTALL_DIR) $(DESTDIR)/var/lib/xen
+ $(INSTALL_DIR) $(DESTDIR)/var/lock/subsys
+diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c
+index 4fc46eb..4e9dacb 100644
+--- a/tools/libxl/xl_cmdimpl.c
++++ b/tools/libxl/xl_cmdimpl.c
+@@ -1815,7 +1815,7 @@ static int handle_domain_death(uint32_t *r_domid,
+ char *corefile;
+ int rc;
+
+- if (asprintf(&corefile, "/var/xen/dump/%s", d_config->c_info.name) < 0) {
++ if (asprintf(&corefile, "/var/lib/xen/dump/%s", d_config->c_info.name) < 0) {
+ LOG("failed to construct core dump path");
+ } else {
+ LOG("dumping core to %s", corefile);
+diff --git a/tools/python/xen/xend/XendDomainInfo.py b/tools/python/xen/xend/XendDomainInfo.py
+index cb2d36d..793f3b2 100644
+--- a/tools/python/xen/xend/XendDomainInfo.py
++++ b/tools/python/xen/xend/XendDomainInfo.py
+@@ -2288,7 +2288,7 @@ class XendDomainInfo:
+ # To prohibit directory traversal
+ based_name = os.path.basename(self.info['name_label'])
+
+- coredir = "/var/xen/dump/%s" % (based_name)
++ coredir = "/var/lib/xen/dump/%s" % (based_name)
+ if not os.path.exists(coredir):
+ try:
+ mkdir.parents(coredir, stat.S_IRWXU)
+@@ -2297,7 +2297,7 @@ class XendDomainInfo:
+
+ if not os.path.isdir(coredir):
+ # Use former directory to dump core
+- coredir = '/var/xen/dump'
++ coredir = '/var/lib/xen/dump/'
+
+ this_time = time.strftime("%Y-%m%d-%H%M.%S", time.localtime())
+ corefile = "%s/%s-%s.%s.core" % (coredir, this_time,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xen/xen.git
More information about the Pkg-xen-changes
mailing list