[Pkg-xen-changes] [xen] 08/09: merge patched-develop into develop
Bastian Blank
waldi at moszumanska.debian.org
Wed Nov 26 08:38:38 UTC 2014
This is an automated email from the git hooks/post-receive script.
waldi pushed a commit to branch develop
in repository xen.
commit 4293b0ae4381e0e5130c36abf363bd772e1ac75b
Merge: 63890be 8e4e032
Author: Bastian Blank <waldi at debian.org>
Date: Wed Nov 26 09:10:43 2014 +0100
merge patched-develop into develop
debian/.git-dpm | 4 +-
debian/changelog | 10 +
...ing-make-log-dirty-operations-preemptible.patch | 655 +++++++++++++++++++++
...llow-page-table-updates-on-non-PV-page-ta.patch | 36 ++
...orce-privilege-level-restrictions-when-lo.patch | 166 ++++++
...a-reference-counting-error-in-MMU_MACHPHY.patch | 53 ++
debian/patches/series | 4 +
xen/arch/x86/domain.c | 4 +-
xen/arch/x86/domctl.c | 8 +-
xen/arch/x86/hvm/hvm.c | 9 +-
xen/arch/x86/mm.c | 17 +-
xen/arch/x86/mm/paging.c | 261 ++++++--
xen/arch/x86/x86_64/compat/entry.S | 2 +
xen/arch/x86/x86_64/entry.S | 2 +
xen/arch/x86/x86_emulate/x86_emulate.c | 42 +-
xen/common/domain.c | 1 -
xen/include/asm-x86/domain.h | 14 +
xen/include/asm-x86/paging.h | 13 +-
18 files changed, 1216 insertions(+), 85 deletions(-)
diff --cc debian/.git-dpm
index a0324c0,0000000..4188fc2
mode 100644,000000..100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@@ -1,8 -1,0 +1,8 @@@
+# see git-dpm(1) from git-dpm package
- a90ace8403cf00b7eacd5cf2df1d588e15fb5610
- a90ace8403cf00b7eacd5cf2df1d588e15fb5610
++8e4e0321788113f90b061267635f9c6b4b98b750
++8e4e0321788113f90b061267635f9c6b4b98b750
+3387be132d526263f246c24d3bbc94767a4eba76
+3387be132d526263f246c24d3bbc94767a4eba76
+xen_4.4.1.orig.tar.xz
+900ed093d14caf511fa1a22f48bbf0499bb2ee11
+3778516
diff --cc debian/changelog
index a910a4a,0000000..de53c32
mode 100644,000000..100644
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,1159 -1,0 +1,1169 @@@
+xen (4.4.1-4) UNRELEASED; urgency=medium
+
++ [ Bastian Blank ]
++ * Make operations pre-emptible.
++ CVE-2014-5146, CVE-2014-5149
++ * Don't allow page table updates from non-PV page tables.
++ CVE-2014-8594
++ * Enforce privilege level while loading code segment.
++ CVE-2014-8595
++ * Fix reference counter leak.
++ CVE-2014-9030
++
+ [ Ian Campbell ]
+ * Add licensing for tools/python/logging to debian/copyright.
+ (Closes: #759384)
+ * Correctly include xen-init-name in xen-utils-common. (Closes: #769543)
+ * xen-utils recommends grub-xen-host package (Closes: #770460)
+
+ -- Ian Campbell <ijc at debian.org> Fri, 21 Nov 2014 13:06:49 +0000
+
+xen (4.4.1-3) unstable; urgency=medium
+
+ [ Bastian Blank ]
+ * Remove unused build-depencencies.
+ * Extend list affected systems for broken interrupt assignment.
+ CVE-2013-3495
+ * Fix race in hvm memory management.
+ CVE-2014-7154
+ * Fix missing privilege checks on instruction emulation.
+ CVE-2014-7155, CVE-2014-7156
+ * Fix uninitialized control structures in FIFO handling.
+ CVE-2014-6268
+ * Fix MSR range check in emulation.
+ CVE-2014-7188
+
+ [ Ian Campbell ]
+ * Install xen.efi into /boot for amd64 builds.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 17 Oct 2014 16:27:46 +0200
+
+xen (4.4.1-2) unstable; urgency=medium
+
+ * Re-build with correct content.
+ * Use dh_lintian.
+
+ -- Bastian Blank <waldi at debian.org> Wed, 24 Sep 2014 20:23:14 +0200
+
+xen (4.4.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fix several vulnerabilities. (closes: #757724)
+ CVE-2014-2599, CVE-2014-3124,
+ CVE-2014-3967, CVE-2014-3968,
+ CVE-2014-4021
+
+ -- Bastian Blank <waldi at debian.org> Sun, 21 Sep 2014 10:45:47 +0200
+
+xen (4.4.0-5) unstable; urgency=medium
+
+ [ Ian Campbell ]
+ * Expand on the descriptions of some packages. (Closes: #466683)
+ * Clarify where xen-utils-common is required. (Closes: #612403)
+ * No longer depend on gawk. Xen can now use any awk one of which is always
+ present. (Closes: #589176)
+ * Put core dumps in /var/lib/xen/dump and ensure it exists.
+ (Closes: #444000)
+
+ [ Bastian Blank ]
+ * Handle JSON output from xl in xendomains init script.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 06 Sep 2014 22:11:20 +0200
+
+xen (4.4.0-4) unstable; urgency=medium
+
+ [ Bastian Blank ]
+ * Also remove unused OCaml packages from control file.
+ * Make library packages multi-arch: same. (closes: #730417)
+ * Use debhelper compat level 9. (closes: #692352)
+
+ [ Ian Campbell ]
+ * Correct contents of /etc/xen/scripts/hotplugpath.sh (Closes: #706283)
+ * Drop references cpuperf-xen and cpuperf-perfcntr. (Closes: #733847)
+ * Install xentrace_format(1), xentrace(8) and xentop(1). (Closes: #407143)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 30 Aug 2014 13:34:04 +0200
+
+xen (4.4.0-3) unstable; urgency=medium
+
+ [ Ian Campbell ]
+ * Use correct SeaBIOS binary which supports Xen (Closes: #737905).
+
+ [ Bastian Blank ]
+ * Really update config.{sub,guess}.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 29 Aug 2014 16:33:19 +0200
+
+xen (4.4.0-2) unstable; urgency=medium
+
+ * Remove broken and unused OCaml-support.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 18 Aug 2014 15:18:42 +0200
+
+xen (4.4.0-1) unstable; urgency=medium
+
+ [ Bastian Blank ]
+ * New upstream release.
+ - Update scripts for compatiblity with latest coreutils.
+ (closes: #718898)
+ - Fix guest reboot with xl toolstack. (closes: #727100)
+ - CVE-2013-6375: Insufficient TLB flushing in VT-d (iommu) code.
+ (closes: #730254)
+ - xl support for global VNC options. (closes: #744157)
+ - vif scripts can now be named relative to /etc/xen/scripts.
+ (closes: #744160)
+ - Support for arbitrary sized SeaBIOS binaries. (closes: #737905)
+ - pygrub searches for extlinux.conf in the expected places.
+ (closes: #697407)
+ - Update scripts to use correct syntax for ip command.
+ (closes: #705659)
+ * Fix install of xend configs to not break compatibility.
+
+ [ Ian Campbell ]
+ * Disable blktap1 support using new configure option instead of by patching.
+ * Disable qemu-traditional and rombios support using new configure option
+ instead of by patching. No need to build-depend on ipxe any more.
+ * Use system qemu-xen via new configure option instead of patching.
+ * Use system seabios via new configure option instead of patching.
+ * Use EXTRA_CFLAGS_XEN_TOOLS and APPEND_{CPPFLAGS,LDFLAGS} during build.
+ * Add support for armhf and arm64.
+ * Update config.{sub,guess}.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 09 Aug 2014 13:09:00 +0200
+
+xen (4.3.0-3) unstable; urgency=low
+
+ * Revive hypervisor on i386.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 18 Oct 2013 00:15:16 +0200
+
+xen (4.3.0-2) unstable; urgency=low
+
+ * Force proper install order. (closes: #721999)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 05 Oct 2013 15:03:36 +0000
+
+xen (4.3.0-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fix HVM PCI passthrough. (closes: #706543)
+ * Call configure with proper arguments.
+ * Remove now empty xen-docs package.
+ * Disable external code retrieval.
+ * Drop all i386 hypervisor packages.
+ * Drop complete blktap support.
+ * Create /run/xen.
+ * Make xen-utils recommend qemu-system-x86. (closes: #688311)
+ - This version comes with audio support. (closes: #635166)
+ * Make libxenlight and libxlutil public. (closes: #644390)
+ - Set versioned ABI name.
+ - Install headers.
+ - Move libs into normal library path.
+ * Use build flags in the tools build.
+ - Fix fallout from harderning flags.
+ * Update Standards-Version to 3.9.4. No changes.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 05 Sep 2013 13:54:03 +0200
+
+xen (4.2.2-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fix build with gcc 4.8. (closes: #712376)
+ * Build-depend on libssl-dev. (closes: #712366)
+ * Enable hardening as much as possible.
+ * Re-enable ocaml build fixes. (closes: #695176)
+ * Check for out-of-bound values in CPU affinity setup.
+ CVE-2013-2072
+ * Fix information leak on AMD CPUs.
+ CVE-2013-2076
+ * Recover from faults on XRSTOR.
+ CVE-2013-2077
+ * Properly check guest input to XSETBV.
+ CVE-2013-2078
+
+ -- Bastian Blank <waldi at debian.org> Thu, 11 Jul 2013 00:28:24 +0200
+
+xen (4.2.1-2) unstable; urgency=low
+
+ * Actually upload to unstable.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 12 May 2013 00:20:58 +0200
+
+xen (4.2.1-1) experimental; urgency=low
+
+ * New upstream release.
+ * Enable usage of seabios.
+ * Fix some toolchain issues.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 11 May 2013 23:55:46 +0200
+
+xen (4.2.0-2) experimental; urgency=low
+
+ * Support JSON output in domain init script helper.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 01 Oct 2012 15:11:30 +0200
+
+xen (4.2.0-1) experimental; urgency=low
+
+ * New upstream release.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 18 Sep 2012 13:54:30 +0200
+
+xen (4.2.0~rc3-1) experimental; urgency=low
+
+ * New upstream snapshot.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 07 Sep 2012 20:28:46 +0200
+
+xen (4.2.0~rc2-1) experimental; urgency=low
+
+ * New upstream snapshot.
+ * Build-depend against libglib2.0-dev and libyajl-dev.
+ * Disable seabios build for now.
+ * Remove support for Lenny and earlier.
+ * Support build-arch and build-indep make targets.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 13 May 2012 12:21:10 +0000
+
+xen (4.1.4-4) unstable; urgency=high
+
+ * Make several long runing operations preemptible.
+ CVE-2013-1918
+ * Fix source validation for VT-d interrupt remapping.
+ CVE-2013-1952
+
+ -- Bastian Blank <waldi at debian.org> Thu, 02 May 2013 14:30:29 +0200
+
+xen (4.1.4-3) unstable; urgency=high
+
+ * Fix return from SYSENTER.
+ CVE-2013-1917
+ * Fix various problems with guest interrupt handling.
+ CVE-2013-1919
+ * Only save pointer after access checks.
+ CVE-2013-1920
+ * Fix domain locking for transitive grants.
+ CVE-2013-1964
+
+ -- Bastian Blank <waldi at debian.org> Fri, 19 Apr 2013 13:01:57 +0200
+
+xen (4.1.4-2) unstable; urgency=low
+
+ * Use pre-device interrupt remapping mode per default. Fix removing old
+ remappings.
+ CVE-2013-0153
+
+ -- Bastian Blank <waldi at debian.org> Wed, 06 Feb 2013 13:04:52 +0100
+
+xen (4.1.4-1) unstable; urgency=low
+
+ * New upstream release.
+ - Disable process-context identifier support in newer CPUs for all
+ domains.
+ - Add workarounds for AMD errata.
+ - Don't allow any non-canonical addresses.
+ - Use Multiboot memory map if BIOS emulation does not provide one.
+ - Fix several problems in tmem.
+ CVE-2012-3497
+ - Fix error handling in domain creation.
+ - Adjust locking and interrupt handling during S3 resume.
+ - Tighten more resource and memory range checks.
+ - Reset performance counters. (closes: #698651)
+ - Remove special-case for first IO-APIC.
+ - Fix MSI handling for HVM domains. (closes: #695123)
+ - Revert cache value of disks in HVM domains.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 31 Jan 2013 15:44:50 +0100
+
+xen (4.1.3-8) unstable; urgency=high
+
+ * Fix error in VT-d interrupt remapping source validation.
+ CVE-2012-5634
+ * Fix buffer overflow in qemu e1000 emulation.
+ CVE-2012-6075
+ * Update patch, mention second CVE.
+ CVE-2012-5511, CVE-2012-6333
+
+ -- Bastian Blank <waldi at debian.org> Sat, 19 Jan 2013 13:55:07 +0100
+
+xen (4.1.3-7) unstable; urgency=low
+
+ * Fix clock jump due to incorrect annotated inline assembler.
+ (closes: #599161)
+ * Add support for XZ compressed Linux kernels to hypervisor and userspace
+ based loaders, it is needed for any Linux kernels newer then Wheezy.
+ (closes: #695056)
+
+ -- Bastian Blank <waldi at debian.org> Tue, 11 Dec 2012 18:54:59 +0100
+
+xen (4.1.3-6) unstable; urgency=high
+
+ * Fix error handling in physical to machine memory mapping.
+ CVE-2012-5514
+
+ -- Bastian Blank <waldi at debian.org> Tue, 04 Dec 2012 10:51:43 +0100
+
+xen (4.1.3-5) unstable; urgency=high
+
+ * Fix state corruption due to incomplete grant table switch.
+ CVE-2012-5510
+ * Check range of arguments to several HVM operations.
+ CVE-2012-5511, CVE-2012-6333
+ * Check array index before using it in HVM memory operation.
+ CVE-2012-5512
+ * Check memory range in memory exchange operation.
+ CVE-2012-5513
+ * Don't allow too large memory size and avoid busy looping.
+ CVE-2012-5515
+
+ -- Bastian Blank <waldi at debian.org> Mon, 03 Dec 2012 19:37:38 +0100
+
+xen (4.1.3-4) unstable; urgency=high
+
+ * Use linux 3.2.0-4 stuff.
+ * Fix overflow in timer calculations.
+ CVE-2012-4535
+ * Check value of physical interrupts parameter before using it.
+ CVE-2012-4536
+ * Error out on incorrect memory mapping updates.
+ CVE-2012-4537
+ * Check if toplevel page tables are present.
+ CVE-2012-4538
+ * Fix infinite loop in compatibility code.
+ CVE-2012-4539
+ * Limit maximum kernel and ramdisk size.
+ CVE-2012-2625, CVE-2012-4544
+
+ -- Bastian Blank <waldi at debian.org> Tue, 20 Nov 2012 15:51:01 +0100
+
+xen (4.1.3-3) unstable; urgency=low
+
+ * Xen domain init script:
+ - Make sure Open vSwitch is started before any domain.
+ - Properly handle and show output of failed migration and save.
+ - Ask all domains to shut down before checking them.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 18 Sep 2012 13:26:32 +0200
+
+xen (4.1.3-2) unstable; urgency=medium
+
+ * Don't allow writing reserved bits in debug register.
+ CVE-2012-3494
+ * Fix error handling in interrupt assignment.
+ CVE-2012-3495
+ * Don't trigger bug messages on invalid flags.
+ CVE-2012-3496
+ * Check array bounds in interrupt assignment.
+ CVE-2012-3498
+ * Properly check bounds while setting the cursor in qemu.
+ CVE-2012-3515
+ * Disable monitor in qemu by default.
+ CVE-2012-4411
+
+ -- Bastian Blank <waldi at debian.org> Fri, 07 Sep 2012 19:41:46 +0200
+
+xen (4.1.3-1) unstable; urgency=medium
+
+ * New upstream release: (closes: #683286)
+ - Don't leave the x86 emulation in a bad state. (closes: #683279)
+ CVE-2012-3432
+ - Only check for shared pages while any exist on teardown.
+ CVE-2012-3433
+ - Fix error handling for unexpected conditions.
+ - Update CPUID masking to latest Intel spec.
+ - Allow large ACPI ids.
+ - Fix IOMMU support for PCI-to-PCIe bridges.
+ - Disallow access to some sensitive IO-ports.
+ - Fix wrong address in IOTLB.
+ - Fix deadlock on CPUs without working cpufreq driver.
+ - Use uncached disk access in qemu.
+ - Fix buffer size on emulated e1000 device in qemu.
+ * Fixup broken and remove applied patches.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 17 Aug 2012 11:25:02 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-5) unstable; urgency=low
+
+ [ Ian Campbell ]
+ * Set tap device MAC addresses to fe:ff:ff:ff:ff:ff (Closes: #671018)
+ * Only run xendomains initscript if toolstack is xl or xm (Closes: #680528)
+
+ [ Bastian Blank ]
+ * Actually build-depend on new enough version of dpkg-dev.
+ * Add xen-sytem-* meta-packages. We are finally in a position to do
+ automatic upgrades and this package is missing. (closes: #681376)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 28 Jul 2012 10:23:26 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4) unstable; urgency=low
+
+ * Add Build-Using info to xen-utils package.
+ * Fix build-arch target.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 01 Jul 2012 19:52:30 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-3) unstable; urgency=low
+
+ * Remove /usr/lib/xen-default. It breaks systems if xenstored is not
+ compatible.
+ * Fix init script usage.
+ * Fix udev rules for emulated network devices:
+ - Force names of emulated network devices to a predictable name.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 01 Jul 2012 16:59:04 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-2) unstable; urgency=low
+
+ * Fix pointer missmatch in interrupt functions. Fixes build on i386.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 15 Jun 2012 18:00:51 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-1) unstable; urgency=low
+
+ * New upstream snapshot.
+ - Fix privilege escalation and syscall/sysenter DoS while using
+ non-canonical addresses by untrusted PV guests. (closes: #677221)
+ CVE-2012-0217
+ CVE-2012-0218
+ - Disable Xen on CPUs affected by AMD Erratum #121. PV guests can
+ cause a DoS of the host.
+ CVE-2012-2934
+ * Don't fail if standard toolstacks are not available. (closes: #677244)
+
+ -- Bastian Blank <waldi at debian.org> Thu, 14 Jun 2012 17:06:25 +0200
+
+xen (4.1.2-7) unstable; urgency=low
+
+ * Really use ucf.
+ * Update init script dependencies:
+ - Start $syslog before xen.
+ - Start drbd and iscsi before xendomains. (closes: #626356)
+ - Start corosync and heartbeat after xendomains.
+ * Remove /var/log/xen on purge. (closes: #656216)
+
+ -- Bastian Blank <waldi at debian.org> Tue, 22 May 2012 10:44:41 +0200
+
+xen (4.1.2-6) unstable; urgency=low
+
+ * Fix generation of architectures for hypervisor packages.
+ * Remove information about loop devices, it is incorrect. (closes: #503044)
+ * Update xendomains init script:
+ - Create directory for domain images only root readable. (closes: #596048)
+ - Add missing sanity checks for variables. (closes: #671750)
+ - Remove not longer supported config options.
+ - Don't fail if no config is available.
+ - Remove extra output if domain was restored.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 06 May 2012 20:07:41 +0200
+
+xen (4.1.2-5) unstable; urgency=low
+
+ * Actually force init script rename. (closes: #669341)
+ * Fix long output from xl.
+ * Move complete init script setup.
+ * Rewrite xendomains init script:
+ - Use LSB output functions.
+ - Make output more clear.
+ - Use xen toolstack wrapper.
+ - Use a python script to properly read domain details.
+ * Set name for Domain-0.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 23 Apr 2012 11:56:45 +0200
+
+xen (4.1.2-4) unstable; urgency=low
+
+ [ Bastian Blank ]
+ * Build-depend on ipxe-qemu instead of ipxe. (closes: #665070)
+ * Don't longer use a4wide latex package.
+ * Use ucf for /etc/default/xen.
+ * Remove handling for old udev rules link and xenstored directory.
+ * Rename xend init script to xen.
+
+ [ Lionel Elie Mamane ]
+ * Fix toolstack script to work with old dash. (closes: #648029)
+
+ -- Bastian Blank <waldi at debian.org> Mon, 16 Apr 2012 08:47:29 +0000
+
+xen (4.1.2-3) unstable; urgency=low
+
+ * Merge xen-common source package.
+ * Remove xend wrapper, it should not be called by users.
+ * Support xl in init script.
+ * Restart xen daemons on upgrade.
+ * Restart and stop xenconsoled in init script.
+ * Load xen-gntdev module.
+ * Create /var/lib/xen. (closes: #658101)
+ * Cleanup udev rules. (closes: #657745)
+
+ -- Bastian Blank <waldi at debian.org> Wed, 01 Feb 2012 19:28:28 +0100
+
+xen (4.1.2-2) unstable; urgency=low
+
+ [ Jon Ludlam ]
+ * Import (partially reworked) upstream changes for OCaml support.
+ - Rename the ocamlfind packages.
+ - Remove uuid and log libraries.
+ - Fix 2 bit-twiddling bugs and an off-by-one
+ * Fix build of OCaml libraries.
+ * Add OCaml library and development package.
+ * Include some missing headers.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 10 Dec 2011 19:13:25 +0000
+
+xen (4.1.2-1) unstable; urgency=low
+
+ * New upstream release.
+ * Build-depend on pkg-config.
+ * Add package libxen-4.1. Includes some shared libs.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 26 Nov 2011 18:28:06 +0100
+
+xen (4.1.1-3) unstable; urgency=low
+
+ [ Julien Danjou ]
+ * Remove Julien Danjou from the Uploaders field. (closes: #590439)
+
+ [ Bastian Blank ]
+ * Use current version of python. (closes: #646660)
+ * Build-depend against liblzma-dev, it is used if available.
+ (closes: #646694)
+ * Update Standards-Version to 3.9.2. No changes.
+ * Don't use brace-expansion in debhelper install files.
+
+ -- Bastian Blank <waldi at debian.org> Wed, 26 Oct 2011 14:42:33 +0200
+
+xen (4.1.1-2) unstable; urgency=low
+
+ * Fix hvmloader with gcc 4.6.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 05 Aug 2011 23:58:36 +0200
+
+xen (4.1.1-1) unstable; urgency=low
+
+ * New upstream release.
+ * Don't use qemu-dm if it is not needed. (Backport from xen-unstable.)
+ * Use dh_python2.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 18 Jul 2011 19:38:38 +0200
+
+xen (4.1.0-3) unstable; urgency=low
+
+ * Add ghostscript to build-deps.
+ * Enable qemu-dm build.
+ - Add qemu as another orig tar.
+ - Remove blktap1, bluetooth and sdl support from qemu.
+ - Recommend qemu-keymaps and qemu-utils.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 28 Apr 2011 15:20:45 +0200
+
+xen (4.1.0-2) unstable; urgency=low
+
+ * Re-enable hvmloader:
+ - Use packaged ipxe.
+ * Workaround incompatibility with xenstored of Xen 4.0.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 15 Apr 2011 11:38:25 +0200
+
+xen (4.1.0-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 27 Mar 2011 18:09:28 +0000
+
+xen (4.1.0~rc6-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ * Build documentation using pdflatex.
+ * Use python 2.6. (closes: #596545)
+ * Fix lintian override.
+ * Install new tools: xl, xenpaging.
+ * Enable blktap2.
+ - Use own md5 implementation.
+ - Fix includes.
+ - Fix linking of blktap2 binaries.
+ - Remove optimization setting.
+ * Temporarily disable hvmloader, wants to download ipxe.
+ * Remove xenstored pid check from xl.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 17 Mar 2011 16:12:45 +0100
+
+xen (4.0.1-2) unstable; urgency=low
+
+ * Fix races in memory management.
+ * Make sure that frame-table compression leaves enough alligned.
+ * Disable XSAVE support. (closes: #595490)
+ * Check for dying domain instead of raising an assertion.
+ * Add C6 state with EOI errata for Intel.
+ * Make some memory management interrupt safe. Unsure if really needed.
+ * Raise bar for inter-socket migrations on mostly-idle systems.
+ * Fix interrupt handling for legacy routed interrupts.
+ * Allow to set maximal domain memory even during a running change.
+ * Support new partition name in pygrub. (closes: #599243)
+ * Fix some comparisions "< 0" that may be optimized away.
+ * Check for MWAIT support before using it.
+ * Fix endless loop on interrupts on Nehalem cpus.
+ * Don't crash upon direct GDT/LDT access. (closes: #609531)
+ CVE-2010-4255
+ * Don't loose timer ticks after domain restore.
+ * Reserve some space for IOMMU area in dom0. (closes: #608715)
+ * Fix hypercall arguments after trace callout.
+ * Fix some error paths in vtd support. Memory leak.
+ * Reinstate ACPI DMAR table.
+
+ -- Bastian Blank <waldi at debian.org> Wed, 12 Jan 2011 15:01:40 +0100
+
+xen (4.0.1-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fix IOAPIC S3 with interrupt remapping enabled.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 03 Sep 2010 17:14:28 +0200
+
+xen (4.0.1~rc6-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ - Add some missing locks for page table walk.
+ - Fix NMU injection into guest.
+ - Fix ioapic updates for vt-d.
+ - Add check for GRUB2 commandline behaviour.
+ - Fix handling of invalid kernel images.
+ - Allow usage of powernow.
+ * Remove lowlevel python modules usage from pygrub. (closes: #588811)
+
+ -- Bastian Blank <waldi at debian.org> Tue, 17 Aug 2010 23:15:34 +0200
+
+xen (4.0.1~rc5-1) unstable; urgency=low
+
+ * New upstream release candidate.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 02 Aug 2010 17:06:27 +0200
+
+xen (4.0.1~rc3-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ * Call dh_pyversion with the correct version.
+ * Restart xen daemon on upgrade.
+
+ -- Bastian Blank <waldi at debian.org> Wed, 30 Jun 2010 16:30:47 +0200
+
+xen (4.0.0-2) unstable; urgency=low
+
+ * Fix python dependency. (closes: #586666)
+ - Use python-support.
+ - Hardcode to use python 2.5 for now.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 21 Jun 2010 17:23:16 +0200
+
+xen (4.0.0-1) unstable; urgency=low
+
+ * Update to unstable.
+ * Fix spelling in README.
+ * Remove unnecessary build-depends.
+ * Fixup xend to use different filename lookup.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 17 Jun 2010 11:16:55 +0200
+
+xen (4.0.0-1~experimental.2) experimental; urgency=low
+
+ * Merge changes from 3.4.3-1.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 28 May 2010 12:58:12 +0200
+
+xen (4.0.0-1~experimental.1) experimental; urgency=low
+
+ * New upstream version.
+ * Rename source package to xen.
+ * Build depend against iasl and uuid-dev.
+ * Disable blktap2 support, it links against OpenSSL.
+ * Update copyright file.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 06 May 2010 15:47:38 +0200
+
+xen-3 (3.4.3-1) unstable; urgency=low
+
+ * New upstream version.
+ * Disable blktap support, it is unusable with current kernels.
+ * Disable libaio, was only used by blktap.
+ * Drop device creation support. (closes: #583283)
+
+ -- Bastian Blank <waldi at debian.org> Fri, 28 May 2010 11:43:18 +0200
+
+xen-3 (3.4.3~rc6-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ - Relocate multiboot modules. (closes: #580045)
+ - Support grub2 in pygrub. (closes: #573311)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 08 May 2010 11:32:29 +0200
+
+xen-3 (3.4.3~rc3-2) unstable; urgency=low
+
+ * Again list the complete version in the hypervisor.
+ * Fix path detection for bootloader, document it. (closes: #481105)
+ * Rewrite README.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 08 Apr 2010 16:14:58 +0200
+
+xen-3 (3.4.3~rc3-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ * Use 3.0 (quilt) source format.
+ * Always use current python version.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 01 Mar 2010 22:14:22 +0100
+
+xen-3 (3.4.2-2) unstable; urgency=low
+
+ * Remove Jeremy T. Bouse from uploaders.
+ * Export blktap lib and headers.
+ * Build amd64 hypervisor on i386. (closes: #366315)
+
+ -- Bastian Blank <waldi at debian.org> Sun, 22 Nov 2009 16:54:47 +0100
+
+xen-3 (3.4.2-1) unstable; urgency=low
+
+ * New upstream version.
+ * Strip hvmloader by hand.
+ * Remove extra license file from libxen-dev.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 16 Nov 2009 20:57:07 +0100
+
+xen-3 (3.4.1-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 21 Aug 2009 21:34:38 +0200
+
+xen-3 (3.4.0-2) unstable; urgency=low
+
+ * Add symbols file for libxenstore3.0. (closes: #536173)
+ * Document that ioemu is currently unsupported. (closes: #536175)
+ * Fix location of fsimage plugins. (closes: #536174)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 18 Jul 2009 18:05:35 +0200
+
+xen-3 (3.4.0-1) unstable; urgency=low
+
+ [ Bastian Blank ]
+ * New upstream version.
+ * Remove ioemu for now. (closes: #490409, #496367)
+ * Remove non-pae hypervisor.
+ * Use debhelper compat level 7.
+ * Make the init script start all daemons.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 30 Jun 2009 22:33:22 +0200
+
+xen-3 (3.2.1-2) unstable; urgency=low
+
+ * Use e2fslibs based ext2 support for pygrub. (closes: #476366)
+ * Fix missing checks in pvfb code.
+ See CVE-2008-1952. (closes: #487095)
+ * Add support for loading bzImage files. (closes: #474509)
+ * Enable TLS support in ioemu code.
+ * Drop libcrypto usage because of GPL-incompatibility.
+ * Remove AES code from blktap drivers. Considered broken.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 28 Jun 2008 11:30:43 +0200
+
+xen-3 (3.2.1-1) unstable; urgency=low
+
+ * New upstream version.
+ * Set rpath relative to ${ORIGIN}.
+ * Add lintian override to xen-utils package.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 22 May 2008 14:01:47 +0200
+
+xen-3 (3.2.0-5) unstable; urgency=low
+
+ * Provide correct directory to dh_pycentral.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 14 Apr 2008 21:43:49 +0200
+
+xen-3 (3.2.0-4) unstable; urgency=low
+
+ * Pull in newer xen-utils-common.
+ * Fix missing size checks in the ioemu block driver. (closes: #469654)
+ See: CVE-2008-0928
+
+ -- Bastian Blank <waldi at debian.org> Fri, 07 Mar 2008 14:21:38 +0100
+
+xen-3 (3.2.0-3) unstable; urgency=low
+
+ * Clean environment for build.
+ * Add packages libxenstore3.0 and xenstore-utils.
+ * Move docs package in docs section to match overwrites.
+ * Make the hypervisor only recommend the utils.
+ * Cleanup installation. (closes: #462989)
+
+ -- Bastian Blank <waldi at debian.org> Tue, 12 Feb 2008 12:40:56 +0000
+
+xen-3 (3.2.0-2) unstable; urgency=low
+
+ * Fix broken patch. (closes: #462522)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 26 Jan 2008 17:21:52 +0000
+
+xen-3 (3.2.0-1) unstable; urgency=low
+
+ * New upstream version.
+ * Add package libxen-dev. Including public headers and static libs.
+ (closes: #402249)
+ * Don't longer install xenfb, removed upstream.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 22 Jan 2008 12:51:49 +0000
+
+xen-3 (3.1.2-2) unstable; urgency=low
+
+ * Add missing rpath definitions.
+ * Fix building of pae version.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 08 Dec 2007 12:07:42 +0000
+
+xen-3 (3.1.2-1) unstable; urgency=high
+
+ * New upstream release:
+ - Move shared file into /var/run. (closes: #447795)
+ See CVE-2007-3919.
+ - x86: Fix various problems with debug-register handling. (closes: #451626)
+ See CVE-2007-5906.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 24 Nov 2007 13:24:45 +0000
+
+xen-3 (3.1.1-1) unstable; urgency=low
+
+ * New upstream release:
+ - Don't use exec with untrusted values in pygrub. (closes: #444430)
+ See CVE-2007-4993.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 19 Oct 2007 16:02:37 +0000
+
+xen-3 (3.1.0-2) unstable; urgency=low
+
+ * Switch to texlive for documentation.
+ * Drop unused transfig.
+ * Drop unused latex features from documentation.
+ * Build depend against gcc-multilib for amd64. (closes: #439662)
+
+ -- Bastian Blank <waldi at debian.org> Fri, 31 Aug 2007 08:15:50 +0000
+
+xen-3 (3.1.0-1) unstable; urgency=low
+
+ [ Julien Danjou ]
+ * New upstream version.
+
+ [ Ralph Passgang ]
+ * Added graphviz to Build-Indeps
+
+ [ Bastian Blank ]
+ * Upstream removed one part of the version. Do it also.
+ * Merge utils packages.
+ * Install blktap support.
+ * Install pygrub.
+ * Install xenfb tools.
+ * xenconsoled startup is racy, wait a little bit.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 20 Aug 2007 15:05:08 +0000
+
+xen-3.0 (3.0.4-1-1) unstable; urgency=low
+
+ [ Bastian Blank ]
+ * New upstream version (closes: #394411)
+
+ [ Guido Trotter ]
+ * Actually try to build and release xen 3.0.4
+ * Update build dependencies
+
+ -- Guido Trotter <ultrotter at debian.org> Wed, 23 May 2007 11:57:29 +0100
+
+xen-3.0 (3.0.3-0-2) unstable; urgency=medium
+
+ [Bastian Blank]
+ * Remove device recreate code.
+ * Remove build dependency on linux-support-X
+
+ [ Guido Trotter ]
+ * Add missing build dependency on zlib1g-dev (closes: #396557)
+ * Add missing build dependencies on libncurses5-dev and x11proto-core-dev
+ (closes: #396561, #396567)
+
+ -- Guido Trotter <ultrotter at debian.org> Thu, 2 Nov 2006 16:38:02 +0000
+
+xen-3.0 (3.0.3-0-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 20 Oct 2006 11:04:35 +0000
+
+xen-3.0 (3.0.3~rc4+hg11760-1) unstable; urgency=low
+
+ * New upstream snapshot.
+ * Ignore update-grub errors. (closes: #392534)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 14 Oct 2006 13:09:53 +0000
+
+xen-3.0 (3.0.3~rc1+hg11686-1) unstable; urgency=low
+
+ * New upstream snapshot.
+ * Rename ioemu package to include the complete version.
+ * Fix name of hypervisor. (closes: #391771)
+
+ -- Bastian Blank <waldi at debian.org> Mon, 9 Oct 2006 12:48:13 +0000
+
+xen-3.0 (3.0.2-3+hg9762-1) unstable; urgency=low
+
+ * New upstream snapshot.
+ * Rename hypervisor and utils packages to include the complete version.
+ * Redo build environment.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 4 Sep 2006 18:43:12 +0000
+
+xen-3.0 (3.0.2+hg9697-2) unstable; urgency=low
+
+ [ Guido Trotter ]
+ * Update xen-utils' README.Debian (closes: #372524)
+
+ [ Bastian Blank ]
+ * Adopt new python policy. (closes: #380990)
+ * Add patch to make new kernels working on the hypervisor.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 15 Aug 2006 19:20:08 +0000
+
+xen-3.0 (3.0.2+hg9697-1) unstable; urgency=low
+
+ [ Guido Trotter ]
+ * Update Standards Version
+ * Merge upstream fixes trunk (upstream 3.0.2-3 + a couple of fixes)
+
+ [ Bastian Blank ]
+ * Add xen-ioemu-3.0 package to support HVM guests (closes: #368496)
+
+ -- Guido Trotter <ultrotter at debian.org> Wed, 31 May 2006 10:50:05 +0200
+
+xen-3.0 (3.0.2+hg9681-1) unstable; urgency=low
+
+ * Update xen-hypervisor-3.0-i386 and xen-hypervisor-3.0-i386-pae
+ descriptions, specifying what the difference between the two packages is
+ (closes: #366019)
+ * Merge upstream fixes trunk
+
+ -- Guido Trotter <ultrotter at debian.org> Thu, 18 May 2006 15:25:02 +0200
+
+xen-3.0 (3.0.2+hg9656-1) unstable; urgency=low
+
+ * Merge upstream fixes trunk
+ - This includes a fix for CVE-2006-1056
+
+ -- Guido Trotter <ultrotter at debian.org> Thu, 27 Apr 2006 17:34:03 +0200
+
+xen-3.0 (3.0.2+hg9651-1) unstable; urgency=low
+
+ * Merge upstream fixes trunk
+ * Fix PAE disabled in pae build (Closes: #364875)
+
+ -- Julien Danjou <acid at debian.org> Wed, 26 Apr 2006 13:19:39 +0200
+
+xen-3.0 (3.0.2+hg9646-1) unstable; urgency=low
+
+ [ Guido Trotter ]
+ * Merge upstream fixes trunk
+
+ [ Bastian Blank ]
+ * debian/patches/libdir.dpatch: Update to make xm save work
+
+ -- Julien Danjou <acid at debian.org> Mon, 24 Apr 2006 18:02:07 +0200
+
+xen-3.0 (3.0.2+hg9611-1) unstable; urgency=low
+
+ * Merge upstream bug fixes
+ * Fix bug with xend init.d script
+
+ -- Julien Danjou <acid at debian.org> Wed, 12 Apr 2006 17:35:35 +0200
+
+xen-3.0 (3.0.2+hg9598-1) unstable; urgency=low
+
+ * New upstream release
+ * Fix copyright file
+
+ -- Julien Danjou <acid at debian.org> Mon, 10 Apr 2006 17:02:55 +0200
+
+xen-3.0 (3.0.1+hg8762-1) unstable; urgency=low
+
+ * The "preserve our homes" release
+ * Now cooperatively maintained by the Debian Xen Team
+ * New upstream release (closes: #327493, #342249)
+ * Build depend on transfig (closes: #321157)
+ * Use gcc rather than gcc-3.4 to compile (closes: #323698)
+ * Split xen-hypervisor-3.0 and xen-utils-3.0
+ * Build both normal and pae hypervisor packages
+ * Change maintainer and add uploaders field
+ * Add force-reload support for init script xendomains
+ * Remove dependency against bash
+ * Bump standards version to 3.6.2.2
+ * xen-utils-3.0 conflicts and replaces xen
+ * Add dpatch structure to the package
+ * Remove build-dependency on gcc (it's build essential anyway)
+ * Make SrvServer.py not executable
+ * Create NEWS.Debian file with important upgrade notices
+ * Update copyright file
+ * Remove the linux-patch-xen package
+ * Removed useless build-dependencies: libncurses5-dev, wget
+ * Changed xendomains config path to /etc/default
+ * xen-utils-3.0 now provides xen-utils and xen-hypervisor-3.0-i386 &
+ xen-hypervisor-3.0-i386-pae & xen-hypervizor-amd64 now provide
+ xen-hypervisor
+ * Made xen-utils-3.0.postinst more fault-tolerant, so that upgrading
+ xen2 -> xen3 don't fail because of a running xen2 hypervisor
+ * Updated the "Replaces & Conflicts"
+ * Install only and correctly udev files
+ * Compile date is no more in current locale
+ * Add patch which add the debian version and maintainer in the version
+ string and removes the banner.
+ * Don't install unusable cruft in xen-utils
+ * Remove libxen packages (no stable API/ABI)
+
+ -- Julien Danjou <acid at debian.org> Wed, 5 Apr 2006 16:05:07 +0200
+
+xen (2.0.6-1) unstable; urgency=low
+
+ * Patches applied upstream: non-xen-init-exit.patch, add-build.patch,
+ python-install.patch, disable-html-docs.patch.
+ * New upstream released. Closes: #311336.
+ * Remove comparison to UML from xen short description. Closes: #317066.
+ * Make packages conflicts with 1.2 doc debs. Closes: #304285.
+ * Add iproute to xen depends, as it uses /bin/ip. Closes: #300488,
+ #317468.
+
+ -- Adam Heath <doogie at brainfood.com> Wed, 06 Jul 2005 12:35:50 -0500
+
+xen (2.0.5-3) experimental; urgency=low
+
+ * Change priority/section to match the overrides file.
+
+ -- Adam Heath <doogie at brainfood.com> Fri, 18 Mar 2005 12:43:50 -0600
+
+xen (2.0.5-2) experimental; urgency=low
+
+ * Mike McCallister <mike+debian at metalogue.com>,
+ Tommi Virtanen <tv at debian.org>, Tom Hibbert <tom at nsp.co.nz>:
+ Fix missing '.' in update-rc.d call in xen.postinst. Closes: #299384
+
+ -- Adam Heath <doogie at brainfood.com> Fri, 18 Mar 2005 11:39:56 -0600
+
+xen (2.0.5-1) experimental; urgency=low
+
+ * New upstream.
+ * Remove pic-lib.patch, tools-misc-TARGETS.patch, and clean-mttr.patch
+ as they have been applied upstream(in various forms).
+ * xend now starts at priority 20, stops at 21, while xendomains starts
+ at 21, and stops at 20.
+
+ -- Adam Heath <doogie at brainfood.com> Fri, 11 Mar 2005 14:33:33 -0600
+
+xen (2.0.4-4) experimental; urgency=low
+
+ * Bah, major booboo. Add /boot to debian/xen.install, so xen.gz will
+ get shipped. Reported by Clint Adams <schizo at debian.org>.
+
+ -- Adam Heath <doogie at brainfood.com> Tue, 15 Feb 2005 13:00:57 -0600
+
+xen (2.0.4-3) experimental; urgency=low
+
+ * Fix file overlap(/usr/share/doc/xen/examples/*) between xen and
+ xen-docs. Reported by Tupshin Harper <tupshin at tupshin.com>.
+
+ -- Adam Heath <doogie at brainfood.com> Sun, 06 Feb 2005 01:22:45 -0600
+
+xen (2.0.4-2) experimental; urgency=low
+
+ * Fix kernel patch generation. It was broken when I integrated with
+ debian's kernel source. I used a symlink, and diff doesn't follow
+ those.
+
+ -- Adam Heath <doogie at brainfood.com> Sat, 05 Feb 2005 18:16:35 -0600
+
+xen (2.0.4-1) experimental; urgency=low
+
+ * New upstream.
+ * xen.deb can now install on a plain kernel; that is, the init scripts
+ exit successfully if /proc/xen/privcmd doesn't exist. This allows
+ for dual-boot setups.
+ * Manpages do not yet exist xend, xenperf, xensv, xfrd, nor xm. xend
+ xfrd are daemons, and take little if any options. I've not had a need
+ to use xenperf nor xensv yet. xm has nice built in help(xm help).
+ * Upstream now requires either linux 2.4.29, or 2.6.10. Since 2.4.29 is
+ not yet in debian, disable the 2.4 patch generation. Closes: #271245.
+ * Not certain how the kernel-patch-xen was empty. It's not now, with
+ the repackaging. Closes: #272299.
+ * Xen no longer produces kernel images, so problems about missing features
+ are no longer valid. Closes: #253924.
+ * Acknowledge nmu bugs:
+ * No longer build-depend on gcc 3.3, as the default gcc works. Closes:
+ #243048.
+
+ -- Adam Heath <doogie at brainfood.com> Sat, 05 Feb 2005 18:04:27 -0600
+
+xen (2.0.3-0.1) unstable; urgency=low
+
+ * Changes from Tommi Virtanen:
+ * Added dh-kpatches and libcurl3-dev to Build-Depends.
+ * Add /etc/xen/sv/params.py and /etc/xen/xend/params.py.
+ * Add xmexample1 and xmexample2 to xen/doc/examples.
+
+ -- Adam Heath <doogie at brainfood.com> Wed, 26 Jan 2005 10:55:07 -0600
+
+xen (2.0.3-0) unstable; urgency=low
+
+ * New upstream. Closes: #280733.
+ * Repackaged from scratch.
+ * Using unreleased patch management system. See debian/README.build.
+ * After extracting the .dsc, there are no special steps needed
+ * Those wanting to change the source, use the normal procedures for
+ any package, including using interdiff(or other tool) to send a
+ patch to me or the bts.
+ * No longer try to do anything fancy with regard to the layout of the
+ built kernels. Now, only patches are distributed. Please make use of
+ the xen support in kernel-package.
+ * Early preview release to #debian-devel.
+
+ -- Adam Heath <doogie at brainfood.com> Tue, 25 Jan 2005 13:24:54 -0600
+
+xen (1.2-4.1) unstable; urgency=high
+
+ * NMU
+ * Remove gcc-3.2 from Build-Depends as isn't used during build
+ (Closes: #243048)
+
+ -- Frank Lichtenheld <djpig at debian.org> Sat, 21 Aug 2004 17:42:28 +0200
+
+xen (1.2-4) unstable; urgency=low
+
+ * Added xen-docs.README.Debian, which explains the kernel image layout,
+ and contains references on the locations differ from what is mentioned
+ by the upstream documentation. Closes: #230345.
+
+ -- Adam Heath <doogie at brainfood.com> Fri, 26 Mar 2004 17:36:41 -0600
+
+xen (1.2-3) unstable; urgency=low
+
+ * Add kernel-source-2.4.25 and kernel-patch-debian-2.4.25 to
+ Build-Depends-Indep.
+
+ -- Adam Heath <doogie at brainfood.com> Tue, 23 Mar 2004 20:14:39 -0600
+
+xen (1.2-2) unstable; urgency=low
+
+ * xen: moved /boot/xen.gz to /usr/lib/kernels/xen-i386/images/vmlinuz
+ * kernel-image, kernel-modules: swapped i386/xeno to xeno/i386 in
+ /usr/lib/kernels.
+ * Add kernel-patch-nfs-swap deb.
+ * Apply additional patches to kernel-image-xen:
+ * nfs-group
+ * nfs-swap
+
+ -- Adam Heath <doogie at brainfood.com> Thu, 04 Mar 2004 12:47:47 -0600
+
+xen (1.2-1) unstable; urgency=low
+
+ * Initial version.
+
+ -- Adam Heath <doogie at brainfood.com> Tue, 02 Mar 2004 13:21:52 -0600
diff --cc debian/patches/0039-x86-paging-make-log-dirty-operations-preemptible.patch
index 0000000,0000000..5f09fd2
new file mode 100644
--- /dev/null
+++ b/debian/patches/0039-x86-paging-make-log-dirty-operations-preemptible.patch
@@@ -1,0 -1,0 +1,655 @@@
++From d02bd66997ff7126172be0cfc9124974747a6d4d Mon Sep 17 00:00:00 2001
++From: Jan Beulich <jbeulich at suse.com>
++Date: Fri, 17 Oct 2014 15:57:42 +0200
++Subject: x86/paging: make log-dirty operations preemptible
++
++Both the freeing and the inspection of the bitmap get done in (nested)
++loops which - besides having a rather high iteration count in general,
++albeit that would be covered by XSA-77 - have the number of non-trivial
++iterations they need to perform (indirectly) controllable by both the
++guest they are for and any domain controlling the guest (including the
++one running qemu for it).
++
++Note that the tying of the continuations to the invoking domain (which
++previously [wrongly] used the invoking vCPU instead) implies that the
++tools requesting such operations have to make sure they don't issue
++multiple similar operations in parallel.
++
++Note further that this breaks supervisor-mode kernel assumptions in
++hypercall_create_continuation() (where regs->eip gets rewound to the
++current hypercall stub beginning), but otoh
++hypercall_cancel_continuation() doesn't work in that mode either.
++Perhaps time to rip out all the remains of that feature?
++
++This is part of CVE-2014-5146 / XSA-97.
++
++Signed-off-by: Jan Beulich <jbeulich at suse.com>
++Reviewed-by: Tim Deegan <tim at xen.org>
++Tested-by: Andrew Cooper <andrew.cooper3 at citrix.com>
++master commit: 070493dfd2788e061b53f074b7ba97507fbcbf65
++master date: 2014-10-06 11:22:04 +0200
++---
++ xen/arch/x86/domain.c | 4 +-
++ xen/arch/x86/domctl.c | 8 +-
++ xen/arch/x86/hvm/hvm.c | 9 +-
++ xen/arch/x86/mm/paging.c | 261 ++++++++++++++++++++++++++++++-------
++ xen/arch/x86/x86_64/compat/entry.S | 2 +
++ xen/arch/x86/x86_64/entry.S | 2 +
++ xen/common/domain.c | 1 -
++ xen/include/asm-x86/domain.h | 14 ++
++ xen/include/asm-x86/paging.h | 13 +-
++ 9 files changed, 252 insertions(+), 62 deletions(-)
++
++diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
++index 195b07f..789e4a0 100644
++--- a/xen/arch/x86/domain.c
+++++ b/xen/arch/x86/domain.c
++@@ -1915,7 +1915,9 @@ int domain_relinquish_resources(struct domain *d)
++ pci_release_devices(d);
++
++ /* Tear down paging-assistance stuff. */
++- paging_teardown(d);
+++ ret = paging_teardown(d);
+++ if ( ret )
+++ return ret;
++
++ /* Drop the in-use references to page-table bases. */
++ for_each_vcpu ( d, v )
++diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
++index a967b65..f5e9e2c 100644
++--- a/xen/arch/x86/domctl.c
+++++ b/xen/arch/x86/domctl.c
++@@ -58,9 +58,11 @@ long arch_do_domctl(
++
++ case XEN_DOMCTL_shadow_op:
++ {
++- ret = paging_domctl(d,
++- &domctl->u.shadow_op,
++- guest_handle_cast(u_domctl, void));
+++ ret = paging_domctl(d, &domctl->u.shadow_op,
+++ guest_handle_cast(u_domctl, void), 0);
+++ if ( ret == -EAGAIN )
+++ return hypercall_create_continuation(__HYPERVISOR_arch_1,
+++ "h", u_domctl);
++ copyback = 1;
++ }
++ break;
++diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
++index 3289604..0c04972 100644
++--- a/xen/arch/x86/hvm/hvm.c
+++++ b/xen/arch/x86/hvm/hvm.c
++@@ -3440,7 +3440,8 @@ static hvm_hypercall_t *const hvm_hypercall64_table[NR_hypercalls] = {
++ HYPERCALL(hvm_op),
++ HYPERCALL(sysctl),
++ HYPERCALL(domctl),
++- HYPERCALL(tmem_op)
+++ HYPERCALL(tmem_op),
+++ [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
++ };
++
++ #define COMPAT_CALL(x) \
++@@ -3460,7 +3461,8 @@ static hvm_hypercall_t *const hvm_hypercall32_table[NR_hypercalls] = {
++ HYPERCALL(hvm_op),
++ HYPERCALL(sysctl),
++ HYPERCALL(domctl),
++- HYPERCALL(tmem_op)
+++ HYPERCALL(tmem_op),
+++ [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
++ };
++
++ /* PVH 32bitfixme. */
++@@ -3478,7 +3480,8 @@ static hvm_hypercall_t *const pvh_hypercall64_table[NR_hypercalls] = {
++ [ __HYPERVISOR_physdev_op ] = (hvm_hypercall_t *)hvm_physdev_op,
++ HYPERCALL(hvm_op),
++ HYPERCALL(sysctl),
++- HYPERCALL(domctl)
+++ HYPERCALL(domctl),
+++ [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
++ };
++
++ int hvm_do_hypercall(struct cpu_user_regs *regs)
++diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
++index ab5eacb..fb418fe 100644
++--- a/xen/arch/x86/mm/paging.c
+++++ b/xen/arch/x86/mm/paging.c
++@@ -26,6 +26,7 @@
++ #include <asm/shadow.h>
++ #include <asm/p2m.h>
++ #include <asm/hap.h>
+++#include <asm/event.h>
++ #include <asm/hvm/nestedhvm.h>
++ #include <xen/numa.h>
++ #include <xsm/xsm.h>
++@@ -116,26 +117,46 @@ static void paging_free_log_dirty_page(struct domain *d, mfn_t mfn)
++ d->arch.paging.free_page(d, mfn_to_page(mfn));
++ }
++
++-void paging_free_log_dirty_bitmap(struct domain *d)
+++static int paging_free_log_dirty_bitmap(struct domain *d, int rc)
++ {
++ mfn_t *l4, *l3, *l2;
++ int i4, i3, i2;
++
+++ paging_lock(d);
+++
++ if ( !mfn_valid(d->arch.paging.log_dirty.top) )
++- return;
+++ {
+++ paging_unlock(d);
+++ return 0;
+++ }
++
++- paging_lock(d);
+++ if ( !d->arch.paging.preempt.dom )
+++ {
+++ memset(&d->arch.paging.preempt.log_dirty, 0,
+++ sizeof(d->arch.paging.preempt.log_dirty));
+++ ASSERT(rc <= 0);
+++ d->arch.paging.preempt.log_dirty.done = -rc;
+++ }
+++ else if ( d->arch.paging.preempt.dom != current->domain ||
+++ d->arch.paging.preempt.op != XEN_DOMCTL_SHADOW_OP_OFF )
+++ {
+++ paging_unlock(d);
+++ return -EBUSY;
+++ }
++
++ l4 = map_domain_page(mfn_x(d->arch.paging.log_dirty.top));
+++ i4 = d->arch.paging.preempt.log_dirty.i4;
+++ i3 = d->arch.paging.preempt.log_dirty.i3;
+++ rc = 0;
++
++- for ( i4 = 0; i4 < LOGDIRTY_NODE_ENTRIES; i4++ )
+++ for ( ; i4 < LOGDIRTY_NODE_ENTRIES; i4++, i3 = 0 )
++ {
++ if ( !mfn_valid(l4[i4]) )
++ continue;
++
++ l3 = map_domain_page(mfn_x(l4[i4]));
++
++- for ( i3 = 0; i3 < LOGDIRTY_NODE_ENTRIES; i3++ )
+++ for ( ; i3 < LOGDIRTY_NODE_ENTRIES; i3++ )
++ {
++ if ( !mfn_valid(l3[i3]) )
++ continue;
++@@ -148,20 +169,54 @@ void paging_free_log_dirty_bitmap(struct domain *d)
++
++ unmap_domain_page(l2);
++ paging_free_log_dirty_page(d, l3[i3]);
+++ l3[i3] = _mfn(INVALID_MFN);
+++
+++ if ( i3 < LOGDIRTY_NODE_ENTRIES - 1 && hypercall_preempt_check() )
+++ {
+++ d->arch.paging.preempt.log_dirty.i3 = i3 + 1;
+++ d->arch.paging.preempt.log_dirty.i4 = i4;
+++ rc = -EAGAIN;
+++ break;
+++ }
++ }
++
++ unmap_domain_page(l3);
+++ if ( rc )
+++ break;
++ paging_free_log_dirty_page(d, l4[i4]);
+++ l4[i4] = _mfn(INVALID_MFN);
+++
+++ if ( i4 < LOGDIRTY_NODE_ENTRIES - 1 && hypercall_preempt_check() )
+++ {
+++ d->arch.paging.preempt.log_dirty.i3 = 0;
+++ d->arch.paging.preempt.log_dirty.i4 = i4 + 1;
+++ rc = -EAGAIN;
+++ break;
+++ }
++ }
++
++ unmap_domain_page(l4);
++- paging_free_log_dirty_page(d, d->arch.paging.log_dirty.top);
++- d->arch.paging.log_dirty.top = _mfn(INVALID_MFN);
++
++- ASSERT(d->arch.paging.log_dirty.allocs == 0);
++- d->arch.paging.log_dirty.failed_allocs = 0;
+++ if ( !rc )
+++ {
+++ paging_free_log_dirty_page(d, d->arch.paging.log_dirty.top);
+++ d->arch.paging.log_dirty.top = _mfn(INVALID_MFN);
+++
+++ ASSERT(d->arch.paging.log_dirty.allocs == 0);
+++ d->arch.paging.log_dirty.failed_allocs = 0;
+++
+++ rc = -d->arch.paging.preempt.log_dirty.done;
+++ d->arch.paging.preempt.dom = NULL;
+++ }
+++ else
+++ {
+++ d->arch.paging.preempt.dom = current->domain;
+++ d->arch.paging.preempt.op = XEN_DOMCTL_SHADOW_OP_OFF;
+++ }
++
++ paging_unlock(d);
+++
+++ return rc;
++ }
++
++ int paging_log_dirty_enable(struct domain *d, bool_t log_global)
++@@ -178,15 +233,25 @@ int paging_log_dirty_enable(struct domain *d, bool_t log_global)
++ return ret;
++ }
++
++-int paging_log_dirty_disable(struct domain *d)
+++static int paging_log_dirty_disable(struct domain *d, bool_t resuming)
++ {
++- int ret;
+++ int ret = 1;
+++
+++ if ( !resuming )
+++ {
+++ domain_pause(d);
+++ /* Safe because the domain is paused. */
+++ if ( paging_mode_log_dirty(d) )
+++ {
+++ ret = d->arch.paging.log_dirty.disable_log_dirty(d);
+++ ASSERT(ret <= 0);
+++ }
+++ }
+++
+++ ret = paging_free_log_dirty_bitmap(d, ret);
+++ if ( ret == -EAGAIN )
+++ return ret;
++
++- domain_pause(d);
++- /* Safe because the domain is paused. */
++- ret = d->arch.paging.log_dirty.disable_log_dirty(d);
++- if ( !paging_mode_log_dirty(d) )
++- paging_free_log_dirty_bitmap(d);
++ domain_unpause(d);
++
++ return ret;
++@@ -326,7 +391,9 @@ int paging_mfn_is_dirty(struct domain *d, mfn_t gmfn)
++
++ /* Read a domain's log-dirty bitmap and stats. If the operation is a CLEAN,
++ * clear the bitmap and stats as well. */
++-int paging_log_dirty_op(struct domain *d, struct xen_domctl_shadow_op *sc)
+++static int paging_log_dirty_op(struct domain *d,
+++ struct xen_domctl_shadow_op *sc,
+++ bool_t resuming)
++ {
++ int rv = 0, clean = 0, peek = 1;
++ unsigned long pages = 0;
++@@ -334,9 +401,22 @@ int paging_log_dirty_op(struct domain *d, struct xen_domctl_shadow_op *sc)
++ unsigned long *l1 = NULL;
++ int i4, i3, i2;
++
++- domain_pause(d);
+++ if ( !resuming )
+++ domain_pause(d);
++ paging_lock(d);
++
+++ if ( !d->arch.paging.preempt.dom )
+++ memset(&d->arch.paging.preempt.log_dirty, 0,
+++ sizeof(d->arch.paging.preempt.log_dirty));
+++ else if ( d->arch.paging.preempt.dom != current->domain ||
+++ d->arch.paging.preempt.op != sc->op )
+++ {
+++ paging_unlock(d);
+++ ASSERT(!resuming);
+++ domain_unpause(d);
+++ return -EBUSY;
+++ }
+++
++ clean = (sc->op == XEN_DOMCTL_SHADOW_OP_CLEAN);
++
++ PAGING_DEBUG(LOGDIRTY, "log-dirty %s: dom %u faults=%u dirty=%u\n",
++@@ -348,12 +428,6 @@ int paging_log_dirty_op(struct domain *d, struct xen_domctl_shadow_op *sc)
++ sc->stats.fault_count = d->arch.paging.log_dirty.fault_count;
++ sc->stats.dirty_count = d->arch.paging.log_dirty.dirty_count;
++
++- if ( clean )
++- {
++- d->arch.paging.log_dirty.fault_count = 0;
++- d->arch.paging.log_dirty.dirty_count = 0;
++- }
++-
++ if ( guest_handle_is_null(sc->dirty_bitmap) )
++ /* caller may have wanted just to clean the state or access stats. */
++ peek = 0;
++@@ -365,17 +439,15 @@ int paging_log_dirty_op(struct domain *d, struct xen_domctl_shadow_op *sc)
++ goto out;
++ }
++
++- pages = 0;
++ l4 = paging_map_log_dirty_bitmap(d);
+++ i4 = d->arch.paging.preempt.log_dirty.i4;
+++ i3 = d->arch.paging.preempt.log_dirty.i3;
+++ pages = d->arch.paging.preempt.log_dirty.done;
++
++- for ( i4 = 0;
++- (pages < sc->pages) && (i4 < LOGDIRTY_NODE_ENTRIES);
++- i4++ )
+++ for ( ; (pages < sc->pages) && (i4 < LOGDIRTY_NODE_ENTRIES); i4++, i3 = 0 )
++ {
++ l3 = (l4 && mfn_valid(l4[i4])) ? map_domain_page(mfn_x(l4[i4])) : NULL;
++- for ( i3 = 0;
++- (pages < sc->pages) && (i3 < LOGDIRTY_NODE_ENTRIES);
++- i3++ )
+++ for ( ; (pages < sc->pages) && (i3 < LOGDIRTY_NODE_ENTRIES); i3++ )
++ {
++ l2 = ((l3 && mfn_valid(l3[i3])) ?
++ map_domain_page(mfn_x(l3[i3])) : NULL);
++@@ -410,18 +482,58 @@ int paging_log_dirty_op(struct domain *d, struct xen_domctl_shadow_op *sc)
++ }
++ if ( l2 )
++ unmap_domain_page(l2);
+++
+++ if ( i3 < LOGDIRTY_NODE_ENTRIES - 1 && hypercall_preempt_check() )
+++ {
+++ d->arch.paging.preempt.log_dirty.i4 = i4;
+++ d->arch.paging.preempt.log_dirty.i3 = i3 + 1;
+++ rv = -EAGAIN;
+++ break;
+++ }
++ }
++ if ( l3 )
++ unmap_domain_page(l3);
+++
+++ if ( !rv && i4 < LOGDIRTY_NODE_ENTRIES - 1 &&
+++ hypercall_preempt_check() )
+++ {
+++ d->arch.paging.preempt.log_dirty.i4 = i4 + 1;
+++ d->arch.paging.preempt.log_dirty.i3 = 0;
+++ rv = -EAGAIN;
+++ }
+++ if ( rv )
+++ break;
++ }
++ if ( l4 )
++ unmap_domain_page(l4);
++
++- if ( pages < sc->pages )
++- sc->pages = pages;
+++ if ( !rv )
+++ {
+++ d->arch.paging.preempt.dom = NULL;
+++ if ( clean )
+++ {
+++ d->arch.paging.log_dirty.fault_count = 0;
+++ d->arch.paging.log_dirty.dirty_count = 0;
+++ }
+++ }
+++ else
+++ {
+++ d->arch.paging.preempt.dom = current->domain;
+++ d->arch.paging.preempt.op = sc->op;
+++ d->arch.paging.preempt.log_dirty.done = pages;
+++ }
++
++ paging_unlock(d);
++
+++ if ( rv )
+++ {
+++ /* Never leave the domain paused on real errors. */
+++ ASSERT(rv == -EAGAIN);
+++ return rv;
+++ }
+++
+++ if ( pages < sc->pages )
+++ sc->pages = pages;
++ if ( clean )
++ {
++ /* We need to further call clean_dirty_bitmap() functions of specific
++@@ -432,6 +544,7 @@ int paging_log_dirty_op(struct domain *d, struct xen_domctl_shadow_op *sc)
++ return rv;
++
++ out:
+++ d->arch.paging.preempt.dom = NULL;
++ paging_unlock(d);
++ domain_unpause(d);
++
++@@ -499,12 +612,6 @@ void paging_log_dirty_init(struct domain *d,
++ d->arch.paging.log_dirty.clean_dirty_bitmap = clean_dirty_bitmap;
++ }
++
++-/* This function fress log dirty bitmap resources. */
++-static void paging_log_dirty_teardown(struct domain*d)
++-{
++- paging_free_log_dirty_bitmap(d);
++-}
++-
++ /************************************************/
++ /* CODE FOR PAGING SUPPORT */
++ /************************************************/
++@@ -546,7 +653,7 @@ void paging_vcpu_init(struct vcpu *v)
++
++
++ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t *sc,
++- XEN_GUEST_HANDLE_PARAM(void) u_domctl)
+++ XEN_GUEST_HANDLE_PARAM(void) u_domctl, bool_t resuming)
++ {
++ int rc;
++
++@@ -570,6 +677,21 @@ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t *sc,
++ return -EINVAL;
++ }
++
+++ if ( resuming
+++ ? (d->arch.paging.preempt.dom != current->domain ||
+++ d->arch.paging.preempt.op != sc->op)
+++ : (d->arch.paging.preempt.dom &&
+++ sc->op != XEN_DOMCTL_SHADOW_OP_GET_ALLOCATION) )
+++ {
+++ printk(XENLOG_G_DEBUG
+++ "d%d:v%d: Paging op %#x on Dom%u with unfinished prior op %#x by Dom%u\n",
+++ current->domain->domain_id, current->vcpu_id,
+++ sc->op, d->domain_id, d->arch.paging.preempt.op,
+++ d->arch.paging.preempt.dom
+++ ? d->arch.paging.preempt.dom->domain_id : DOMID_INVALID);
+++ return -EBUSY;
+++ }
+++
++ rc = xsm_shadow_control(XSM_HOOK, d, sc->op);
++ if ( rc )
++ return rc;
++@@ -594,14 +716,13 @@ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t *sc,
++ return paging_log_dirty_enable(d, 1);
++
++ case XEN_DOMCTL_SHADOW_OP_OFF:
++- if ( paging_mode_log_dirty(d) )
++- if ( (rc = paging_log_dirty_disable(d)) != 0 )
++- return rc;
+++ if ( (rc = paging_log_dirty_disable(d, resuming)) != 0 )
+++ return rc;
++ break;
++
++ case XEN_DOMCTL_SHADOW_OP_CLEAN:
++ case XEN_DOMCTL_SHADOW_OP_PEEK:
++- return paging_log_dirty_op(d, sc);
+++ return paging_log_dirty_op(d, sc, resuming);
++ }
++
++ /* Here, dispatch domctl to the appropriate paging code */
++@@ -611,19 +732,67 @@ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t *sc,
++ return shadow_domctl(d, sc, u_domctl);
++ }
++
+++long paging_domctl_continuation(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
+++{
+++ struct xen_domctl op;
+++ struct domain *d;
+++ int ret;
+++
+++ if ( copy_from_guest(&op, u_domctl, 1) )
+++ return -EFAULT;
+++
+++ if ( op.interface_version != XEN_DOMCTL_INTERFACE_VERSION ||
+++ op.cmd != XEN_DOMCTL_shadow_op )
+++ return -EBADRQC;
+++
+++ d = rcu_lock_domain_by_id(op.domain);
+++ if ( d == NULL )
+++ return -ESRCH;
+++
+++ ret = xsm_domctl(XSM_OTHER, d, op.cmd);
+++ if ( !ret )
+++ {
+++ if ( domctl_lock_acquire() )
+++ {
+++ ret = paging_domctl(d, &op.u.shadow_op,
+++ guest_handle_cast(u_domctl, void), 1);
+++
+++ domctl_lock_release();
+++ }
+++ else
+++ ret = -EAGAIN;
+++ }
+++
+++ rcu_unlock_domain(d);
+++
+++ if ( ret == -EAGAIN )
+++ ret = hypercall_create_continuation(__HYPERVISOR_arch_1,
+++ "h", u_domctl);
+++ else if ( __copy_field_to_guest(u_domctl, &op, u.shadow_op) )
+++ ret = -EFAULT;
+++
+++ return ret;
+++}
+++
++ /* Call when destroying a domain */
++-void paging_teardown(struct domain *d)
+++int paging_teardown(struct domain *d)
++ {
+++ int rc;
+++
++ if ( hap_enabled(d) )
++ hap_teardown(d);
++ else
++ shadow_teardown(d);
++
++ /* clean up log dirty resources. */
++- paging_log_dirty_teardown(d);
+++ rc = paging_free_log_dirty_bitmap(d, 0);
+++ if ( rc == -EAGAIN )
+++ return rc;
++
++ /* Move populate-on-demand cache back to domain_list for destruction */
++ p2m_pod_empty_cache(d);
+++
+++ return rc;
++ }
++
++ /* Call once all of the references to the domain have gone away */
++diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S
++index 594b0b9..94f5b8d 100644
++--- a/xen/arch/x86/x86_64/compat/entry.S
+++++ b/xen/arch/x86/x86_64/compat/entry.S
++@@ -420,6 +420,7 @@ ENTRY(compat_hypercall_table)
++ .quad compat_ni_hypercall
++ .endr
++ .quad do_mca /* 48 */
+++ .quad paging_domctl_continuation
++ .rept NR_hypercalls-((.-compat_hypercall_table)/8)
++ .quad compat_ni_hypercall
++ .endr
++@@ -468,6 +469,7 @@ ENTRY(compat_hypercall_args_table)
++ .byte 0 /* compat_ni_hypercall */
++ .endr
++ .byte 1 /* do_mca */
+++ .byte 1 /* paging_domctl_continuation */
++ .rept NR_hypercalls-(.-compat_hypercall_args_table)
++ .byte 0 /* compat_ni_hypercall */
++ .endr
++diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S
++index 3ea4683..c634217 100644
++--- a/xen/arch/x86/x86_64/entry.S
+++++ b/xen/arch/x86/x86_64/entry.S
++@@ -761,6 +761,7 @@ ENTRY(hypercall_table)
++ .quad do_ni_hypercall
++ .endr
++ .quad do_mca /* 48 */
+++ .quad paging_domctl_continuation
++ .rept NR_hypercalls-((.-hypercall_table)/8)
++ .quad do_ni_hypercall
++ .endr
++@@ -809,6 +810,7 @@ ENTRY(hypercall_args_table)
++ .byte 0 /* do_ni_hypercall */
++ .endr
++ .byte 1 /* do_mca */ /* 48 */
+++ .byte 1 /* paging_domctl_continuation */
++ .rept NR_hypercalls-(.-hypercall_args_table)
++ .byte 0 /* do_ni_hypercall */
++ .endr
++diff --git a/xen/common/domain.c b/xen/common/domain.c
++index 1308193..f050af5 100644
++--- a/xen/common/domain.c
+++++ b/xen/common/domain.c
++@@ -536,7 +536,6 @@ int domain_kill(struct domain *d)
++ rc = domain_relinquish_resources(d);
++ if ( rc != 0 )
++ {
++- BUG_ON(rc != -EAGAIN);
++ break;
++ }
++ if ( sched_move_domain(d, cpupool0) )
++diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h
++index 4ff89f0..7dfbbcb 100644
++--- a/xen/include/asm-x86/domain.h
+++++ b/xen/include/asm-x86/domain.h
++@@ -186,6 +186,20 @@ struct paging_domain {
++ struct hap_domain hap;
++ /* log dirty support */
++ struct log_dirty_domain log_dirty;
+++
+++ /* preemption handling */
+++ struct {
+++ const struct domain *dom;
+++ unsigned int op;
+++ union {
+++ struct {
+++ unsigned long done:PADDR_BITS - PAGE_SHIFT;
+++ unsigned long i4:PAGETABLE_ORDER;
+++ unsigned long i3:PAGETABLE_ORDER;
+++ } log_dirty;
+++ };
+++ } preempt;
+++
++ /* alloc/free pages from the pool for paging-assistance structures
++ * (used by p2m and log-dirty code for their tries) */
++ struct page_info * (*alloc_page)(struct domain *d);
++diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h
++index 8dd2a61..0a7c73c 100644
++--- a/xen/include/asm-x86/paging.h
+++++ b/xen/include/asm-x86/paging.h
++@@ -133,9 +133,6 @@ struct paging_mode {
++ /*****************************************************************************
++ * Log dirty code */
++
++-/* free log dirty bitmap resource */
++-void paging_free_log_dirty_bitmap(struct domain *d);
++-
++ /* get the dirty bitmap for a specific range of pfns */
++ void paging_log_dirty_range(struct domain *d,
++ unsigned long begin_pfn,
++@@ -145,9 +142,6 @@ void paging_log_dirty_range(struct domain *d,
++ /* enable log dirty */
++ int paging_log_dirty_enable(struct domain *d, bool_t log_global);
++
++-/* disable log dirty */
++-int paging_log_dirty_disable(struct domain *d);
++-
++ /* log dirty initialization */
++ void paging_log_dirty_init(struct domain *d,
++ int (*enable_log_dirty)(struct domain *d,
++@@ -204,10 +198,13 @@ int paging_domain_init(struct domain *d, unsigned int domcr_flags);
++ * and disable ephemeral shadow modes (test mode and log-dirty mode) and
++ * manipulate the log-dirty bitmap. */
++ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t *sc,
++- XEN_GUEST_HANDLE_PARAM(void) u_domctl);
+++ XEN_GUEST_HANDLE_PARAM(void) u_domctl, bool_t resuming);
+++
+++/* Helper hypercall for dealing with continuations. */
+++long paging_domctl_continuation(XEN_GUEST_HANDLE_PARAM(xen_domctl_t));
++
++ /* Call when destroying a domain */
++-void paging_teardown(struct domain *d);
+++int paging_teardown(struct domain *d);
++
++ /* Call once all of the references to the domain have gone away */
++ void paging_final_teardown(struct domain *d);
diff --cc debian/patches/0040-x86-don-t-allow-page-table-updates-on-non-PV-page-ta.patch
index 0000000,0000000..37c49b3
new file mode 100644
--- /dev/null
+++ b/debian/patches/0040-x86-don-t-allow-page-table-updates-on-non-PV-page-ta.patch
@@@ -1,0 -1,0 +1,36 @@@
++From 27d4dc69bc564e8c6307859c74225fe0806721d4 Mon Sep 17 00:00:00 2001
++From: Jan Beulich <jbeulich at suse.com>
++Date: Tue, 18 Nov 2014 14:27:46 +0100
++Subject: x86: don't allow page table updates on non-PV page tables in
++ do_mmu_update()
++
++paging_write_guest_entry() and paging_cmpxchg_guest_entry() aren't
++consistently supported for non-PV guests (they'd deref NULL for PVH or
++non-HAP HVM ones). Don't allow respective MMU_* operations on the
++page tables of such domains.
++
++This is CVE-2014-8594 / XSA-109.
++
++Signed-off-by: Jan Beulich <jbeulich at suse.com>
++Acked-by: Tim Deegan <tim at xen.org>
++master commit: e4292c5aac41b80f33d4877104348d5ee7c95aa4
++master date: 2014-11-18 14:15:21 +0100
++---
++ xen/arch/x86/mm.c | 4 ++++
++ 1 file changed, 4 insertions(+)
++
++diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
++index fdc5ed3..f88323f 100644
++--- a/xen/arch/x86/mm.c
+++++ b/xen/arch/x86/mm.c
++@@ -3508,6 +3508,10 @@ long do_mmu_update(
++ {
++ p2m_type_t p2mt;
++
+++ rc = -EOPNOTSUPP;
+++ if ( unlikely(paging_mode_refcounts(pt_owner)) )
+++ break;
+++
++ xsm_needed |= XSM_MMU_NORMAL_UPDATE;
++ if ( get_pte_flags(req.val) & _PAGE_PRESENT )
++ {
diff --cc debian/patches/0041-x86emul-enforce-privilege-level-restrictions-when-lo.patch
index 0000000,0000000..90a9938
new file mode 100644
--- /dev/null
+++ b/debian/patches/0041-x86emul-enforce-privilege-level-restrictions-when-lo.patch
@@@ -1,0 -1,0 +1,166 @@@
++From f858b972fb83694e140678b8bfdd812299f3af51 Mon Sep 17 00:00:00 2001
++From: Jan Beulich <jbeulich at suse.com>
++Date: Tue, 18 Nov 2014 14:28:45 +0100
++Subject: x86emul: enforce privilege level restrictions when loading CS
++
++Privilege level checks were basically missing for the CS case, the
++only check that was done (RPL == DPL for nonconforming segments)
++was solely covering a single special case (return to non-conforming
++segment).
++
++Additionally in long mode the L bit set requires the D bit to be clear,
++as was recently pointed out for KVM by Nadav Amit
++<namit at cs.technion.ac.il>.
++
++Finally we also need to force the loaded selector's RPL to CPL (at
++least as long as lret/retf emulation doesn't support privilege level
++changes).
++
++This is CVE-2014-8595 / XSA-110.
++
++Signed-off-by: Jan Beulich <jbeulich at suse.com>
++Reviewed-by: Tim Deegan <tim at xen.org>
++master commit: 1d68c1a70e00ed95ef0889cfa005379dab27b37d
++master date: 2014-11-18 14:16:23 +0100
++---
++ xen/arch/x86/x86_emulate/x86_emulate.c | 42 ++++++++++++++++++++++------------
++ 1 file changed, 28 insertions(+), 14 deletions(-)
++
++diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
++index 5fbe024..25571c6 100644
++--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++++ b/xen/arch/x86/x86_emulate/x86_emulate.c
++@@ -1114,7 +1114,7 @@ realmode_load_seg(
++ static int
++ protmode_load_seg(
++ enum x86_segment seg,
++- uint16_t sel,
+++ uint16_t sel, bool_t is_ret,
++ struct x86_emulate_ctxt *ctxt,
++ const struct x86_emulate_ops *ops)
++ {
++@@ -1180,9 +1180,23 @@ protmode_load_seg(
++ /* Code segment? */
++ if ( !(desc.b & (1u<<11)) )
++ goto raise_exn;
++- /* Non-conforming segment: check DPL against RPL. */
++- if ( ((desc.b & (6u<<9)) != (6u<<9)) && (dpl != rpl) )
+++ if ( is_ret
+++ ? /*
+++ * Really rpl < cpl, but our sole caller doesn't handle
+++ * privilege level changes.
+++ */
+++ rpl != cpl || (desc.b & (1 << 10) ? dpl > rpl : dpl != rpl)
+++ : desc.b & (1 << 10)
+++ /* Conforming segment: check DPL against CPL. */
+++ ? dpl > cpl
+++ /* Non-conforming segment: check RPL and DPL against CPL. */
+++ : rpl > cpl || dpl != cpl )
+++ goto raise_exn;
+++ /* 64-bit code segments (L bit set) must have D bit clear. */
+++ if ( in_longmode(ctxt, ops) &&
+++ (desc.b & (1 << 21)) && (desc.b & (1 << 22)) )
++ goto raise_exn;
+++ sel = (sel ^ rpl) | cpl;
++ break;
++ case x86_seg_ss:
++ /* Writable data segment? */
++@@ -1247,7 +1261,7 @@ protmode_load_seg(
++ static int
++ load_seg(
++ enum x86_segment seg,
++- uint16_t sel,
+++ uint16_t sel, bool_t is_ret,
++ struct x86_emulate_ctxt *ctxt,
++ const struct x86_emulate_ops *ops)
++ {
++@@ -1256,7 +1270,7 @@ load_seg(
++ return X86EMUL_UNHANDLEABLE;
++
++ if ( in_protmode(ctxt, ops) )
++- return protmode_load_seg(seg, sel, ctxt, ops);
+++ return protmode_load_seg(seg, sel, is_ret, ctxt, ops);
++
++ return realmode_load_seg(seg, sel, ctxt, ops);
++ }
++@@ -1888,7 +1902,7 @@ x86_emulate(
++ if ( (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes),
++ &dst.val, op_bytes, ctxt, ops)) != 0 )
++ goto done;
++- if ( (rc = load_seg(src.val, (uint16_t)dst.val, ctxt, ops)) != 0 )
+++ if ( (rc = load_seg(src.val, dst.val, 0, ctxt, ops)) != 0 )
++ return rc;
++ break;
++
++@@ -2242,7 +2256,7 @@ x86_emulate(
++ enum x86_segment seg = decode_segment(modrm_reg);
++ generate_exception_if(seg == decode_segment_failed, EXC_UD, -1);
++ generate_exception_if(seg == x86_seg_cs, EXC_UD, -1);
++- if ( (rc = load_seg(seg, (uint16_t)src.val, ctxt, ops)) != 0 )
+++ if ( (rc = load_seg(seg, src.val, 0, ctxt, ops)) != 0 )
++ goto done;
++ if ( seg == x86_seg_ss )
++ ctxt->retire.flags.mov_ss = 1;
++@@ -2323,7 +2337,7 @@ x86_emulate(
++ &_regs.eip, op_bytes, ctxt)) )
++ goto done;
++
++- if ( (rc = load_seg(x86_seg_cs, sel, ctxt, ops)) != 0 )
+++ if ( (rc = load_seg(x86_seg_cs, sel, 0, ctxt, ops)) != 0 )
++ goto done;
++ _regs.eip = eip;
++ break;
++@@ -2547,7 +2561,7 @@ x86_emulate(
++ if ( (rc = read_ulong(src.mem.seg, src.mem.off + src.bytes,
++ &sel, 2, ctxt, ops)) != 0 )
++ goto done;
++- if ( (rc = load_seg(dst.val, (uint16_t)sel, ctxt, ops)) != 0 )
+++ if ( (rc = load_seg(dst.val, sel, 0, ctxt, ops)) != 0 )
++ goto done;
++ dst.val = src.val;
++ break;
++@@ -2621,7 +2635,7 @@ x86_emulate(
++ &dst.val, op_bytes, ctxt, ops)) ||
++ (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes + offset),
++ &src.val, op_bytes, ctxt, ops)) ||
++- (rc = load_seg(x86_seg_cs, (uint16_t)src.val, ctxt, ops)) )
+++ (rc = load_seg(x86_seg_cs, src.val, 1, ctxt, ops)) )
++ goto done;
++ _regs.eip = dst.val;
++ break;
++@@ -2668,7 +2682,7 @@ x86_emulate(
++ _regs.eflags &= mask;
++ _regs.eflags |= (uint32_t)(eflags & ~mask) | 0x02;
++ _regs.eip = eip;
++- if ( (rc = load_seg(x86_seg_cs, (uint16_t)cs, ctxt, ops)) != 0 )
+++ if ( (rc = load_seg(x86_seg_cs, cs, 1, ctxt, ops)) != 0 )
++ goto done;
++ break;
++ }
++@@ -3298,7 +3312,7 @@ x86_emulate(
++ generate_exception_if(mode_64bit(), EXC_UD, -1);
++ eip = insn_fetch_bytes(op_bytes);
++ sel = insn_fetch_type(uint16_t);
++- if ( (rc = load_seg(x86_seg_cs, sel, ctxt, ops)) != 0 )
+++ if ( (rc = load_seg(x86_seg_cs, sel, 0, ctxt, ops)) != 0 )
++ goto done;
++ _regs.eip = eip;
++ break;
++@@ -3596,7 +3610,7 @@ x86_emulate(
++ goto done;
++ }
++
++- if ( (rc = load_seg(x86_seg_cs, sel, ctxt, ops)) != 0 )
+++ if ( (rc = load_seg(x86_seg_cs, sel, 0, ctxt, ops)) != 0 )
++ goto done;
++ _regs.eip = src.val;
++
++@@ -3663,7 +3677,7 @@ x86_emulate(
++ generate_exception_if(!in_protmode(ctxt, ops), EXC_UD, -1);
++ generate_exception_if(!mode_ring0(), EXC_GP, 0);
++ if ( (rc = load_seg((modrm_reg & 1) ? x86_seg_tr : x86_seg_ldtr,
++- src.val, ctxt, ops)) != 0 )
+++ src.val, 0, ctxt, ops)) != 0 )
++ goto done;
++ break;
++
diff --cc debian/patches/0042-x86-mm-fix-a-reference-counting-error-in-MMU_MACHPHY.patch
index 0000000,0000000..22a07c4
new file mode 100644
--- /dev/null
+++ b/debian/patches/0042-x86-mm-fix-a-reference-counting-error-in-MMU_MACHPHY.patch
@@@ -1,0 -1,0 +1,53 @@@
++From 8e4e0321788113f90b061267635f9c6b4b98b750 Mon Sep 17 00:00:00 2001
++From: Andrew Cooper <andrew.cooper3 at citrix.com>
++Date: Thu, 20 Nov 2014 17:43:39 +0100
++Subject: x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE
++
++Any domain which can pass the XSM check against a translated guest can cause a
++page reference to be leaked.
++
++While shuffling the order of checks, drop the quite-pointless MEM_LOG(). This
++brings the check in line with similar checks in the vicinity.
++
++Discovered while reviewing the XSA-109/110 followup series.
++
++This is XSA-113.
++
++Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
++Reviewed-by: Jan Beulich <jbeulich at suse.com>
++Reviewed-by: Tim Deegan <tim at xen.org>
++---
++ xen/arch/x86/mm.c | 13 ++++++-------
++ 1 file changed, 6 insertions(+), 7 deletions(-)
++
++diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
++index f88323f..db0b6fe 100644
++--- a/xen/arch/x86/mm.c
+++++ b/xen/arch/x86/mm.c
++@@ -3634,6 +3634,12 @@ long do_mmu_update(
++
++ case MMU_MACHPHYS_UPDATE:
++
+++ if ( unlikely(paging_mode_translate(pg_owner)) )
+++ {
+++ rc = -EINVAL;
+++ break;
+++ }
+++
++ mfn = req.ptr >> PAGE_SHIFT;
++ gpfn = req.val;
++
++@@ -3653,13 +3659,6 @@ long do_mmu_update(
++ break;
++ }
++
++- if ( unlikely(paging_mode_translate(pg_owner)) )
++- {
++- MEM_LOG("Mach-phys update on auto-translate guest");
++- rc = -EINVAL;
++- break;
++- }
++-
++ set_gpfn_from_mfn(mfn, gpfn);
++
++ paging_mark_dirty(pg_owner, mfn);
diff --cc debian/patches/series
index 874c871,0000000..03cc4b5
mode 100644,000000..100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -1,38 -1,0 +1,42 @@@
+0001-version.patch
+0002-config-prefix.diff.patch
+0003-tools-libfsimage-abiname.diff.patch
+0004-tools-libxc-abiname.diff.patch
+0005-tools-libxl-abiname.diff.patch
+0006-tools-xenstat-abiname.diff.patch
+0007-tools-rpath.diff.patch
+0008-tools-blktap2-prefix.diff.patch
+0009-tools-console-prefix.diff.patch
+0010-tools-libfsimage-prefix.diff.patch
+0011-tools-libxl-prefix.diff.patch
+0012-tools-misc-prefix.diff.patch
+0013-tools-pygrub-prefix.diff.patch
+0014-tools-python-prefix.diff.patch
+0015-tools-xcutils-rpath.diff.patch
+0016-tools-xenmon-prefix.diff.patch
+0017-tools-xenpaging-prefix.diff.patch
+0018-tools-xenstat-prefix.diff.patch
+0019-tools-xenstore-prefix.diff.patch
+0020-tools-xentrace-prefix.diff.patch
+0021-tools-python-xen-relative-path.diff.patch
+0022-tools-misc-xend-startup.diff.patch
+0023-tools-disable.diff.patch
+0024-tools-examples-xend-disable-network.diff.patch
+0025-tools-examples-xend-disable-relocation.diff.patch
+0026-tools-pygrub-remove-static-solaris-support.patch
+0027-tools-include-install.diff.patch
+0028-tools-xenmon-install.diff.patch
+0029-tools-hotplug-udevrules.diff.patch
+0030-tools-python-shebang.diff.patch
+0031-tools-xenstore-compatibility.diff.patch
+0032-send-xl-coredumps-var-lib-xen-dump-NAME.patch
+0033-evtchn-check-control-block-exists-when-using-FIFO-ba.patch
+0034-x86-shadow-fix-race-condition-sampling-the-dirty-vra.patch
+0035-x86-emulate-check-cpl-for-all-privileged-instruction.patch
+0036-x86emul-only-emulate-software-interrupt-injection-fo.patch
+0037-x86-HVM-properly-bound-x2APIC-MSR-range.patch
+0038-VT-d-suppress-UR-signaling-for-further-desktop-chips.patch
++0039-x86-paging-make-log-dirty-operations-preemptible.patch
++0040-x86-don-t-allow-page-table-updates-on-non-PV-page-ta.patch
++0041-x86emul-enforce-privilege-level-restrictions-when-lo.patch
++0042-x86-mm-fix-a-reference-counting-error-in-MMU_MACHPHY.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xen/xen.git
More information about the Pkg-xen-changes
mailing list