D3854.diff
No OneTemporary
Actions

Size

74 KB

Referenced Files

None

Subscribers

None

D3854.diff
View Options

	Index: emulators/xen-kernel/Makefile
	===================================================================
	--- emulators/xen-kernel/Makefile
	+++ emulators/xen-kernel/Makefile
	@@ -2,8 +2,7 @@

	PORTNAME= xen
	PKGNAMESUFFIX= -kernel
	-PORTVERSION= 4.5.0
	-PORTREVISION= 5
	+PORTVERSION= 4.5.1
	CATEGORIES= emulators
	MASTER_SITES= http://bits.xensource.com/oss-xen/release/${PORTVERSION}/

	@@ -24,20 +23,14 @@
	ALL_TARGET= build
	STRIP= #
	WRKSRC_SUBDIR= xen
	-EXTRA_PATCHES= ${FILESDIR}/iommu_share_p2m_table.patch:-p2 \
	- ${FILESDIR}/0001-x86-pvh-disable-posted-interrupts.patch:-p2 \
	- ${FILESDIR}/xsa117.patch:-p2 \
	- ${FILESDIR}/xsa118-4.5-unstable-1.patch:-p2 \
	- ${FILESDIR}/xsa118-4.5-unstable-2.patch:-p2 \
	- ${FILESDIR}/xsa121.patch:-p2 \
	- ${FILESDIR}/xsa122.patch:-p2 \
	- ${FILESDIR}/xsa123.patch:-p2 \
	- ${FILESDIR}/xsa125.patch:-p2 \
	- ${FILESDIR}/xsa127-4.x.patch:-p2 \
	- ${FILESDIR}/xsa132.patch:-p2 \
	- ${FILESDIR}/xsa134.patch:-p2 \
	- ${FILESDIR}/xsa136.patch:-p2 \
	- ${FILESDIR}/0001-libelf-fix-elf_parse_bsdsyms-call.patch:-p2
	+EXTRA_PATCHES= ${FILESDIR}/0001-introduce-a-helper-to-allocate-non-contiguous-memory.patch:-p2 \
	+ ${FILESDIR}/0002-vmap-avoid-hitting-an-ASSERT-with-vfree-NULL.patch:-p2 \
	+ ${FILESDIR}/0003-x86-shadow-fix-shadow_track_dirty_vram-to-work-on-hv.patch:-p2 \
	+ ${FILESDIR}/0004-x86-hap-make-hap_track_dirty_vram-use-non-contiguous.patch:-p2 \
	+ ${FILESDIR}/0005-x86-rework-paging_log_dirty_op-to-work-with-hvm-gues.patch:-p2 \
	+ ${FILESDIR}/0006-xen-pvh-enable-mmu_update-hypercall.patch:-p2 \
	+ ${FILESDIR}/0007-iommu-fix-usage-of-shared-EPT-IOMMU-page-tables-on-P.patch:-p2 \
	+ ${FILESDIR}/0008-xen-arm-mm-Do-not-dump-the-p2m-when-mapping-a-foreig.patch:-p2

	.include <bsd.port.options.mk>

	Index: emulators/xen-kernel/distinfo
	===================================================================
	--- emulators/xen-kernel/distinfo
	+++ emulators/xen-kernel/distinfo
	@@ -1,2 +1,2 @@
	-SHA256 (xen-4.5.0.tar.gz) = 5bdb40e2b28d2eeb541bd71a9777f40cbe2ae444b987521d33f099541a006f3b
	-SIZE (xen-4.5.0.tar.gz) = 18404933
	+SHA256 (xen-4.5.1.tar.gz) = 668c11d4fca67ac44329e369f810356eacd37b28d28fb96e66aac77f3c5e1371
	+SIZE (xen-4.5.1.tar.gz) = 18410400
	Index: emulators/xen-kernel/files/0001-introduce-a-helper-to-allocate-non-contiguous-memory.patch
	===================================================================
	--- /dev/null
	+++ emulators/xen-kernel/files/0001-introduce-a-helper-to-allocate-non-contiguous-memory.patch
	@@ -0,0 +1,141 @@
	+From 411801087603a1a070de7abbfa4373afe91ca3f5 Mon Sep 17 00:00:00 2001
	+From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
	+Date: Fri, 9 Oct 2015 12:57:31 +0200
	+Subject: [PATCH 1/8] introduce a helper to allocate non-contiguous memory
	+MIME-Version: 1.0
	+Content-Type: text/plain; charset=UTF-8
	+Content-Transfer-Encoding: 8bit
	+
	+The allocator uses independent calls to alloc_domheap_pages in order to get
	+the desired amount of memory and then maps all the independent physical
	+addresses into a contiguous virtual address space.
	+
	+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
	+Tested-by: Julien Grall <julien.grall@citrix.com> (ARM)
	+Reviewed-by: Tim Deegan <tim@xen.org>
	+---
	+ xen/common/vmap.c \| 67 ++++++++++++++++++++++++++++++++++++++++++++++
	+ xen/include/asm-arm/mm.h \| 2 ++
	+ xen/include/asm-x86/page.h \| 2 ++
	+ xen/include/xen/vmap.h \| 3 +++
	+ 4 files changed, 74 insertions(+)
	+
	+diff --git a/xen/common/vmap.c b/xen/common/vmap.c
	+index 783cea3..b6827b5 100644
	+--- a/xen/common/vmap.c
	++++ b/xen/common/vmap.c
	+@@ -215,4 +215,71 @@ void vunmap(const void *va)
	+ #endif
	+ vm_free(va);
	+ }
	++
	++void *vmalloc(size_t size)
	++{
	++ unsigned long *mfn;
	++ size_t pages, i;
	++ struct page_info *pg;
	++ void *va;
	++
	++ ASSERT(size);
	++
	++ pages = PFN_UP(size);
	++ mfn = xmalloc_array(unsigned long, pages);
	++ if ( mfn == NULL )
	++ return NULL;
	++
	++ for ( i = 0; i < pages; i++ )
	++ {
	++ pg = alloc_domheap_page(NULL, 0);
	++ if ( pg == NULL )
	++ goto error;
	++ mfn[i] = page_to_mfn(pg);
	++ }
	++
	++ va = vmap(mfn, pages);
	++ if ( va == NULL )
	++ goto error;
	++
	++ xfree(mfn);
	++ return va;
	++
	++ error:
	++ while ( i-- )
	++ free_domheap_page(mfn_to_page(mfn[i]));
	++ xfree(mfn);
	++ return NULL;
	++}
	++
	++void *vzalloc(size_t size)
	++{
	++ void *p = vmalloc(size);
	++ int i;
	++
	++ if ( p == NULL )
	++ return NULL;
	++
	++ for ( i = 0; i < size; i += PAGE_SIZE )
	++ clear_page(p + i);
	++
	++ return p;
	++}
	++
	++void vfree(void *va)
	++{
	++ unsigned int i, pages = vm_size(va);
	++ struct page_info *pg;
	++ PAGE_LIST_HEAD(pg_list);
	++
	++ ASSERT(pages);
	++
	++ for ( i = 0; i < pages; i++ )
	++ page_list_add(vmap_to_page(va + i * PAGE_SIZE), &pg_list);
	++
	++ vunmap(va);
	++
	++ while ( (pg = page_list_remove_head(&pg_list)) != NULL )
	++ free_domheap_page(pg);
	++}
	+ #endif
	+diff --git a/xen/include/asm-arm/mm.h b/xen/include/asm-arm/mm.h
	+index d25e485..c0afcec 100644
	+--- a/xen/include/asm-arm/mm.h
	++++ b/xen/include/asm-arm/mm.h
	+@@ -208,6 +208,8 @@ static inline void __iomem *ioremap_wc(paddr_t start, size_t len)
	+ #define pfn_to_paddr(pfn) ((paddr_t)(pfn) << PAGE_SHIFT)
	+ #define paddr_to_pfn(pa) ((unsigned long)((pa) >> PAGE_SHIFT))
	+ #define paddr_to_pdx(pa) pfn_to_pdx(paddr_to_pfn(pa))
	++#define vmap_to_mfn(va) paddr_to_pfn(virt_to_maddr((vaddr_t)va))
	++#define vmap_to_page(va) mfn_to_page(vmap_to_mfn(va))
	+
	+ /* Page-align address and convert to frame number format */
	+ #define paddr_to_pfn_aligned(paddr) paddr_to_pfn(PAGE_ALIGN(paddr))
	+diff --git a/xen/include/asm-x86/page.h b/xen/include/asm-x86/page.h
	+index ccf0752..27c2ae7 100644
	+--- a/xen/include/asm-x86/page.h
	++++ b/xen/include/asm-x86/page.h
	+@@ -262,6 +262,8 @@ void copy_page_sse2(void , const void );
	+ #define pfn_to_paddr(pfn) __pfn_to_paddr(pfn)
	+ #define paddr_to_pfn(pa) __paddr_to_pfn(pa)
	+ #define paddr_to_pdx(pa) pfn_to_pdx(paddr_to_pfn(pa))
	++#define vmap_to_mfn(va) l1e_get_pfn(*virt_to_xen_l1e((unsigned long)(va)))
	++#define vmap_to_page(va) mfn_to_page(vmap_to_mfn(va))
	+
	+ #endif /* !defined(__ASSEMBLY__) */
	+
	+diff --git a/xen/include/xen/vmap.h b/xen/include/xen/vmap.h
	+index b1923dd..a13591d 100644
	+--- a/xen/include/xen/vmap.h
	++++ b/xen/include/xen/vmap.h
	+@@ -11,6 +11,9 @@ void __vmap(const unsigned long mfn, unsigned int granularity,
	+ unsigned int nr, unsigned int align, unsigned int flags);
	+ void vmap(const unsigned long mfn, unsigned int nr);
	+ void vunmap(const void *);
	++void *vmalloc(size_t size);
	++void *vzalloc(size_t size);
	++void vfree(void *va);
	+
	+ void __iomem *ioremap(paddr_t, size_t);
	+
	+--
	+1.9.5 (Apple Git-50.3)
	+
	Index: emulators/xen-kernel/files/0001-libelf-fix-elf_parse_bsdsyms-call.patch
	===================================================================
	--- emulators/xen-kernel/files/0001-libelf-fix-elf_parse_bsdsyms-call.patch
	+++ /dev/null
	@@ -1,36 +0,0 @@
	-From c2da83662498a5cd66512c684a0af178228f9d5a Mon Sep 17 00:00:00 2001
	-From: Roger Pau Monne <roger.pau@citrix.com>
	-Date: Thu, 11 Jun 2015 17:08:26 +0200
	-Subject: [PATCH 1/2] libelf: fix elf_parse_bsdsyms call
	-MIME-Version: 1.0
	-Content-Type: text/plain; charset=UTF-8
	-Content-Transfer-Encoding: 8bit
	-
	-elf_parse_bsdsyms expects the second paramater to be a physical address, not
	-a virtual one.
	-
	-Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
	-Cc: Ian Campbell <ian.campbell@citrix.com>
	-Cc: Ian Jackson <ian.jackson@eu.citrix.com>
	-Cc: Jan Beulich <jbeulich@suse.com>
	-Cc: Tim Deegan <tim@xen.org>
	----
	- xen/common/libelf/libelf-dominfo.c \| 2 +-
	- 1 file changed, 1 insertion(+), 1 deletion(-)
	-
	-diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c
	-index 6120dd4..86403b9 100644
	---- a/xen/common/libelf/libelf-dominfo.c
	-+++ b/xen/common/libelf/libelf-dominfo.c
	-@@ -438,7 +438,7 @@ static elf_errorstatus elf_xen_addr_calc_check(struct elf_binary *elf,
	-
	- if ( parms->bsd_symtab )
	- {
	-- elf_parse_bsdsyms(elf, parms->virt_kend);
	-+ elf_parse_bsdsyms(elf, elf->pend);
	- if ( elf->bsd_symtab_pend )
	- parms->virt_kend = elf->bsd_symtab_pend + parms->virt_offset;
	- }
	---
	-1.9.5 (Apple Git-50.3)
	-
	Index: emulators/xen-kernel/files/0001-x86-pvh-disable-posted-interrupts.patch
	===================================================================
	--- emulators/xen-kernel/files/0001-x86-pvh-disable-posted-interrupts.patch
	+++ /dev/null
	@@ -1,41 +0,0 @@
	-From 29debf629b50536343eaa9d6c0779f63721f6f59 Mon Sep 17 00:00:00 2001
	-From: Roger Pau Monne <roger.pau@citrix.com>
	-Date: Thu, 21 May 2015 14:12:46 +0200
	-Subject: [PATCH] x86/pvh: disable posted interrupts
	-MIME-Version: 1.0
	-Content-Type: text/plain; charset=UTF-8
	-Content-Transfer-Encoding: 8bit
	-
	-Enabling posted interrupts requires the virtual interrupt delivery feature,
	-which is disabled for PVH guests, so make sure posted interrupts are also
	-disabled or else vmlaunch will fail.
	-
	-Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
	-Reported-and-Tested-by: Lars Eggert <lars@netapp.com>
	-Cc: Jun Nakajima <jun.nakajima@intel.com>
	-Cc: Eddie Dong <eddie.dong@intel.com>
	-Cc: Kevin Tian <kevin.tian@intel.com>
	-Cc: Jan Beulich <jbeulich@suse.com>
	-Cc: Andrew Cooper <andrew.cooper3@citrix.com>
	----
	- xen/arch/x86/hvm/vmx/vmcs.c \| 4 ++++
	- 1 file changed, 4 insertions(+)
	-
	-diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
	-index a714549..9827a8e 100644
	---- a/xen/arch/x86/hvm/vmx/vmcs.c
	-+++ b/xen/arch/x86/hvm/vmx/vmcs.c
	-@@ -980,6 +980,10 @@ static int construct_vmcs(struct vcpu *v)
	- v->arch.hvm_vmx.secondary_exec_control &=
	- ~SECONDARY_EXEC_UNRESTRICTED_GUEST;
	-
	-+ /* Disable posted interrupts */
	-+ __vmwrite(PIN_BASED_VM_EXEC_CONTROL,
	-+ vmx_pin_based_exec_control & ~PIN_BASED_POSTED_INTERRUPT);
	-+
	- /* Start in 64-bit mode. PVH 32bitfixme. */
	- vmentry_ctl \|= VM_ENTRY_IA32E_MODE; /* GUEST_EFER.LME/LMA ignored */
	-
	---
	-1.9.5 (Apple Git-50.3)
	-
	Index: emulators/xen-kernel/files/0002-vmap-avoid-hitting-an-ASSERT-with-vfree-NULL.patch
	===================================================================
	--- /dev/null
	+++ emulators/xen-kernel/files/0002-vmap-avoid-hitting-an-ASSERT-with-vfree-NULL.patch
	@@ -0,0 +1,43 @@
	+From ed4a7917a6faa8b7e8f211eaeda270f96e45de7d Mon Sep 17 00:00:00 2001
	+From: Andrew Cooper <andrew.cooper3@citrix.com>
	+Date: Fri, 9 Oct 2015 12:57:31 +0200
	+Subject: [PATCH 2/8] vmap: avoid hitting an ASSERT with vfree(NULL)
	+MIME-Version: 1.0
	+Content-Type: text/plain; charset=UTF-8
	+Content-Transfer-Encoding: 8bit
	+
	+and unconditionally defer the vm_size() call, as it doesn't have a NULL
	+short circuit.
	+
	+Reported-by: Wei Liu <wei.liu2@citrix.com>
	+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
	+Tested-by: Wei Liu <wei.liu2@citrix.com>
	+Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
	+Acked-by: Tim Deegan <tim@xen.org>
	+---
	+ xen/common/vmap.c \| 6 +++++-
	+ 1 file changed, 5 insertions(+), 1 deletion(-)
	+
	+diff --git a/xen/common/vmap.c b/xen/common/vmap.c
	+index b6827b5..9028802 100644
	+--- a/xen/common/vmap.c
	++++ b/xen/common/vmap.c
	+@@ -268,10 +268,14 @@ void *vzalloc(size_t size)
	+
	+ void vfree(void *va)
	+ {
	+- unsigned int i, pages = vm_size(va);
	++ unsigned int i, pages;
	+ struct page_info *pg;
	+ PAGE_LIST_HEAD(pg_list);
	+
	++ if ( !va )
	++ return;
	++
	++ pages = vm_size(va);
	+ ASSERT(pages);
	+
	+ for ( i = 0; i < pages; i++ )
	+--
	+1.9.5 (Apple Git-50.3)
	+
	Index: emulators/xen-kernel/files/0003-x86-shadow-fix-shadow_track_dirty_vram-to-work-on-hv.patch
	===================================================================
	--- /dev/null
	+++ emulators/xen-kernel/files/0003-x86-shadow-fix-shadow_track_dirty_vram-to-work-on-hv.patch
	@@ -0,0 +1,120 @@
	+From 055ee44e3cc7c40dc3a3319370d287591771a7f3 Mon Sep 17 00:00:00 2001
	+From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
	+Date: Fri, 9 Oct 2015 12:57:32 +0200
	+Subject: [PATCH 3/8] x86/shadow: fix shadow_track_dirty_vram to work on hvm
	+ guests
	+MIME-Version: 1.0
	+Content-Type: text/plain; charset=UTF-8
	+Content-Transfer-Encoding: 8bit
	+
	+Modify shadow_track_dirty_vram to use a local buffer and then flush to the
	+guest without the paging_lock held. This is modeled after
	+hap_track_dirty_vram.
	+
	+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
	+Reviewed-by: Tim Deegan <tim@xen.org>
	+---
	+ xen/arch/x86/mm/shadow/common.c \| 49 +++++++++++++++++++++++++----------------
	+ 1 file changed, 30 insertions(+), 19 deletions(-)
	+
	+diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c
	+index a5eed28..6b91b8c 100644
	+--- a/xen/arch/x86/mm/shadow/common.c
	++++ b/xen/arch/x86/mm/shadow/common.c
	+@@ -3478,7 +3478,7 @@ void shadow_clean_dirty_bitmap(struct domain *d)
	+ int shadow_track_dirty_vram(struct domain *d,
	+ unsigned long begin_pfn,
	+ unsigned long nr,
	+- XEN_GUEST_HANDLE_64(uint8) dirty_bitmap)
	++ XEN_GUEST_HANDLE_64(uint8) guest_dirty_bitmap)
	+ {
	+ int rc;
	+ unsigned long end_pfn = begin_pfn + nr;
	+@@ -3488,6 +3488,7 @@ int shadow_track_dirty_vram(struct domain *d,
	+ p2m_type_t t;
	+ struct sh_dirty_vram *dirty_vram;
	+ struct p2m_domain *p2m = p2m_get_hostp2m(d);
	++ uint8_t *dirty_bitmap = NULL;
	+
	+ if ( end_pfn < begin_pfn \|\| end_pfn > p2m->max_mapped_pfn + 1 )
	+ return -EINVAL;
	+@@ -3516,6 +3517,12 @@ int shadow_track_dirty_vram(struct domain *d,
	+ goto out;
	+ }
	+
	++ dirty_bitmap = vzalloc(dirty_size);
	++ if ( dirty_bitmap == NULL )
	++ {
	++ rc = -ENOMEM;
	++ goto out;
	++ }
	+ /* This should happen seldomly (Video mode change),
	+ * no need to be careful. */
	+ if ( !dirty_vram )
	+@@ -3546,12 +3553,8 @@ int shadow_track_dirty_vram(struct domain *d,
	+ rc = -ENODATA;
	+ }
	+ else if (dirty_vram->last_dirty == -1)
	+- {
	+ /* still completely clean, just copy our empty bitmap */
	+- rc = -EFAULT;
	+- if ( copy_to_guest(dirty_bitmap, dirty_vram->dirty_bitmap, dirty_size) == 0 )
	+- rc = 0;
	+- }
	++ memcpy(dirty_bitmap, dirty_vram->dirty_bitmap, dirty_size);
	+ else
	+ {
	+ unsigned long map_mfn = INVALID_MFN;
	+@@ -3630,21 +3633,19 @@ int shadow_track_dirty_vram(struct domain *d,
	+ if ( map_sl1p )
	+ sh_unmap_domain_page(map_sl1p);
	+
	+- rc = -EFAULT;
	+- if ( copy_to_guest(dirty_bitmap, dirty_vram->dirty_bitmap, dirty_size) == 0 ) {
	+- memset(dirty_vram->dirty_bitmap, 0, dirty_size);
	+- if (dirty_vram->last_dirty + SECONDS(2) < NOW())
	++ memcpy(dirty_bitmap, dirty_vram->dirty_bitmap, dirty_size);
	++ memset(dirty_vram->dirty_bitmap, 0, dirty_size);
	++ if ( dirty_vram->last_dirty + SECONDS(2) < NOW() )
	++ {
	++ /* was clean for more than two seconds, try to disable guest
	++ * write access */
	++ for ( i = begin_pfn; i < end_pfn; i++ )
	+ {
	+- /* was clean for more than two seconds, try to disable guest
	+- * write access */
	+- for ( i = begin_pfn; i < end_pfn; i++ ) {
	+- mfn_t mfn = get_gfn_query_unlocked(d, i, &t);
	+- if (mfn_x(mfn) != INVALID_MFN)
	+- flush_tlb \|= sh_remove_write_access(d->vcpu[0], mfn, 1, 0);
	+- }
	+- dirty_vram->last_dirty = -1;
	++ mfn_t mfn = get_gfn_query_unlocked(d, i, &t);
	++ if ( mfn_x(mfn) != INVALID_MFN )
	++ flush_tlb \|= sh_remove_write_access(d->vcpu[0], mfn, 1, 0);
	+ }
	+- rc = 0;
	++ dirty_vram->last_dirty = -1;
	+ }
	+ }
	+ if ( flush_tlb )
	+@@ -3659,6 +3660,16 @@ out_dirty_vram:
	+
	+ out:
	+ paging_unlock(d);
	++ if ( rc == 0 && dirty_bitmap != NULL &&
	++ copy_to_guest(guest_dirty_bitmap, dirty_bitmap, dirty_size) )
	++ {
	++ paging_lock(d);
	++ for ( i = 0; i < dirty_size; i++ )
	++ dirty_vram->dirty_bitmap[i] \|= dirty_bitmap[i];
	++ paging_unlock(d);
	++ rc = -EFAULT;
	++ }
	++ vfree(dirty_bitmap);
	+ p2m_unlock(p2m_get_hostp2m(d));
	+ return rc;
	+ }
	+--
	+1.9.5 (Apple Git-50.3)
	+
	Index: emulators/xen-kernel/files/0004-x86-hap-make-hap_track_dirty_vram-use-non-contiguous.patch
	===================================================================
	--- /dev/null
	+++ emulators/xen-kernel/files/0004-x86-hap-make-hap_track_dirty_vram-use-non-contiguous.patch
	@@ -0,0 +1,44 @@
	+From 50ca52274eda838f0562938fae3432a0f05f2585 Mon Sep 17 00:00:00 2001
	+From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
	+Date: Fri, 9 Oct 2015 12:57:32 +0200
	+Subject: [PATCH 4/8] x86/hap: make hap_track_dirty_vram use non-contiguous
	+ memory for temporary map
	+MIME-Version: 1.0
	+Content-Type: text/plain; charset=UTF-8
	+Content-Transfer-Encoding: 8bit
	+
	+Just like it's done for shadow_track_dirty_vram allocate the temporary
	+buffer using non-contiguous memory.
	+
	+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
	+Reviewed-by: Tim Deegan <tim@xen.org>
	+---
	+ xen/arch/x86/mm/hap/hap.c \| 5 ++---
	+ 1 file changed, 2 insertions(+), 3 deletions(-)
	+
	+diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c
	+index abf3d7a..f7b12a8 100644
	+--- a/xen/arch/x86/mm/hap/hap.c
	++++ b/xen/arch/x86/mm/hap/hap.c
	+@@ -87,7 +87,7 @@ int hap_track_dirty_vram(struct domain *d,
	+ }
	+
	+ rc = -ENOMEM;
	+- dirty_bitmap = xzalloc_bytes(size);
	++ dirty_bitmap = vzalloc(size);
	+ if ( !dirty_bitmap )
	+ goto out;
	+
	+@@ -168,8 +168,7 @@ int hap_track_dirty_vram(struct domain *d,
	+ p2m_ram_logdirty, p2m_ram_rw);
	+ }
	+ out:
	+- if ( dirty_bitmap )
	+- xfree(dirty_bitmap);
	++ vfree(dirty_bitmap);
	+
	+ return rc;
	+ }
	+--
	+1.9.5 (Apple Git-50.3)
	+
	Index: emulators/xen-kernel/files/0005-x86-rework-paging_log_dirty_op-to-work-with-hvm-gues.patch
	===================================================================
	--- /dev/null
	+++ emulators/xen-kernel/files/0005-x86-rework-paging_log_dirty_op-to-work-with-hvm-gues.patch
	@@ -0,0 +1,214 @@
	+From 63d4838f2f5644060c064f356078a748ca413364 Mon Sep 17 00:00:00 2001
	+From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
	+Date: Fri, 9 Oct 2015 12:57:32 +0200
	+Subject: [PATCH 5/8] x86: rework paging_log_dirty_op to work with hvm guests
	+MIME-Version: 1.0
	+Content-Type: text/plain; charset=UTF-8
	+Content-Transfer-Encoding: 8bit
	+
	+When the caller of paging_log_dirty_op is a hvm guest Xen would choke when
	+trying to copy the dirty bitmap to the guest because the paging lock is
	+already held.
	+
	+Fix this by independently mapping each page of the guest bitmap as needed
	+without the paging lock held.
	+
	+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
	+Reviewed-by: Tim Deegan <tim@xen.org>
	+---
	+ xen/arch/x86/mm/paging.c \| 98 +++++++++++++++++++++++++++++++++++++++-----
	+ xen/include/asm-x86/domain.h \| 1 +
	+ 2 files changed, 88 insertions(+), 11 deletions(-)
	+
	+diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
	+index 6b788f7..06dc7fa 100644
	+--- a/xen/arch/x86/mm/paging.c
	++++ b/xen/arch/x86/mm/paging.c
	+@@ -397,6 +397,51 @@ int paging_mfn_is_dirty(struct domain *d, mfn_t gmfn)
	+ return rv;
	+ }
	+
	++static inline void *map_dirty_bitmap(XEN_GUEST_HANDLE_64(uint8) dirty_bitmap,
	++ unsigned long pages,
	++ struct page_info **page)
	++{
	++ uint32_t pfec = PFEC_page_present \| PFEC_write_access;
	++ unsigned long gfn;
	++ p2m_type_t p2mt;
	++
	++ gfn = paging_gva_to_gfn(current,
	++ (unsigned long)(dirty_bitmap.p + (pages >> 3)),
	++ &pfec);
	++ if ( gfn == INVALID_GFN )
	++ return NULL;
	++
	++ *page = get_page_from_gfn(current->domain, gfn, &p2mt, P2M_UNSHARE);
	++
	++ if ( !p2m_is_ram(p2mt) )
	++ {
	++ put_page(*page);
	++ return NULL;
	++ }
	++ if ( p2m_is_paging(p2mt) )
	++ {
	++ put_page(*page);
	++ p2m_mem_paging_populate(current->domain, gfn);
	++ return NULL;
	++ }
	++ if ( p2m_is_shared(p2mt) )
	++ {
	++ put_page(*page);
	++ return NULL;
	++ }
	++
	++ return __map_domain_page(*page);
	++}
	++
	++static inline void unmap_dirty_bitmap(void addr, struct page_info page)
	++{
	++ if ( addr != NULL )
	++ {
	++ unmap_domain_page(addr);
	++ put_page(page);
	++ }
	++}
	++
	+
	+ /* Read a domain's log-dirty bitmap and stats. If the operation is a CLEAN,
	+ * clear the bitmap and stats as well. */
	+@@ -409,9 +454,22 @@ static int paging_log_dirty_op(struct domain *d,
	+ mfn_t l4 = NULL, l3 = NULL, *l2 = NULL;
	+ unsigned long *l1 = NULL;
	+ int i4, i3, i2;
	++ uint8_t *dirty_bitmap;
	++ struct page_info *page;
	++ unsigned long index_mapped;
	+
	++ again:
	+ if ( !resuming )
	+ domain_pause(d);
	++
	++ index_mapped = resuming ? d->arch.paging.preempt.log_dirty.done : 0;
	++ dirty_bitmap = map_dirty_bitmap(sc->dirty_bitmap, index_mapped, &page);
	++ if ( dirty_bitmap == NULL )
	++ {
	++ domain_unpause(d);
	++ return -EFAULT;
	++ }
	++
	+ paging_lock(d);
	+
	+ if ( !d->arch.paging.preempt.dom )
	+@@ -451,18 +509,18 @@ static int paging_log_dirty_op(struct domain *d,
	+ l4 = paging_map_log_dirty_bitmap(d);
	+ i4 = d->arch.paging.preempt.log_dirty.i4;
	+ i3 = d->arch.paging.preempt.log_dirty.i3;
	++ i2 = d->arch.paging.preempt.log_dirty.i2;
	+ pages = d->arch.paging.preempt.log_dirty.done;
	+
	+ for ( ; (pages < sc->pages) && (i4 < LOGDIRTY_NODE_ENTRIES); i4++, i3 = 0 )
	+ {
	+ l3 = (l4 && mfn_valid(l4[i4])) ? map_domain_page(mfn_x(l4[i4])) : NULL;
	+- for ( ; (pages < sc->pages) && (i3 < LOGDIRTY_NODE_ENTRIES); i3++ )
	++ for ( ; (pages < sc->pages) && (i3 < LOGDIRTY_NODE_ENTRIES);
	++ i3++, i2 = 0 )
	+ {
	+ l2 = ((l3 && mfn_valid(l3[i3])) ?
	+ map_domain_page(mfn_x(l3[i3])) : NULL);
	+- for ( i2 = 0;
	+- (pages < sc->pages) && (i2 < LOGDIRTY_NODE_ENTRIES);
	+- i2++ )
	++ for ( ; (pages < sc->pages) && (i2 < LOGDIRTY_NODE_ENTRIES); i2++ )
	+ {
	+ unsigned int bytes = PAGE_SIZE;
	+ l1 = ((l2 && mfn_valid(l2[i2])) ?
	+@@ -471,15 +529,28 @@ static int paging_log_dirty_op(struct domain *d,
	+ bytes = (unsigned int)((sc->pages - pages + 7) >> 3);
	+ if ( likely(peek) )
	+ {
	+- if ( (l1 ? copy_to_guest_offset(sc->dirty_bitmap,
	+- pages >> 3, (uint8_t *)l1,
	+- bytes)
	+- : clear_guest_offset(sc->dirty_bitmap,
	+- pages >> 3, bytes)) != 0 )
	++ if ( pages >> (3 + PAGE_SHIFT) !=
	++ index_mapped >> (3 + PAGE_SHIFT) )
	+ {
	+- rv = -EFAULT;
	+- goto out;
	++ /* We need to map next page */
	++ d->arch.paging.preempt.log_dirty.i4 = i4;
	++ d->arch.paging.preempt.log_dirty.i3 = i3;
	++ d->arch.paging.preempt.log_dirty.i2 = i2;
	++ d->arch.paging.preempt.log_dirty.done = pages;
	++ d->arch.paging.preempt.dom = current->domain;
	++ d->arch.paging.preempt.op = sc->op;
	++ resuming = 1;
	++ paging_unlock(d);
	++ unmap_dirty_bitmap(dirty_bitmap, page);
	++ goto again;
	+ }
	++ ASSERT(((pages >> 3) % PAGE_SIZE) + bytes <= PAGE_SIZE);
	++ if ( l1 )
	++ memcpy(dirty_bitmap + ((pages >> 3) % PAGE_SIZE), l1,
	++ bytes);
	++ else
	++ memset(dirty_bitmap + ((pages >> 3) % PAGE_SIZE), 0,
	++ bytes);
	+ }
	+ pages += bytes << 3;
	+ if ( l1 )
	+@@ -496,6 +567,7 @@ static int paging_log_dirty_op(struct domain *d,
	+ {
	+ d->arch.paging.preempt.log_dirty.i4 = i4;
	+ d->arch.paging.preempt.log_dirty.i3 = i3 + 1;
	++ d->arch.paging.preempt.log_dirty.i2 = 0;
	+ rv = -ERESTART;
	+ break;
	+ }
	+@@ -508,6 +580,7 @@ static int paging_log_dirty_op(struct domain *d,
	+ {
	+ d->arch.paging.preempt.log_dirty.i4 = i4 + 1;
	+ d->arch.paging.preempt.log_dirty.i3 = 0;
	++ d->arch.paging.preempt.log_dirty.i2 = 0;
	+ rv = -ERESTART;
	+ }
	+ if ( rv )
	+@@ -537,6 +610,7 @@ static int paging_log_dirty_op(struct domain *d,
	+ if ( rv )
	+ {
	+ /* Never leave the domain paused on real errors. */
	++ unmap_dirty_bitmap(dirty_bitmap, page);
	+ ASSERT(rv == -ERESTART);
	+ return rv;
	+ }
	+@@ -549,12 +623,14 @@ static int paging_log_dirty_op(struct domain *d,
	+ * paging modes (shadow or hap). Safe because the domain is paused. */
	+ d->arch.paging.log_dirty.clean_dirty_bitmap(d);
	+ }
	++ unmap_dirty_bitmap(dirty_bitmap, page);
	+ domain_unpause(d);
	+ return rv;
	+
	+ out:
	+ d->arch.paging.preempt.dom = NULL;
	+ paging_unlock(d);
	++ unmap_dirty_bitmap(dirty_bitmap, page);
	+ domain_unpause(d);
	+
	+ if ( l1 )
	+diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h
	+index 6a77a93..63dea9c 100644
	+--- a/xen/include/asm-x86/domain.h
	++++ b/xen/include/asm-x86/domain.h
	+@@ -197,6 +197,7 @@ struct paging_domain {
	+ unsigned long done:PADDR_BITS - PAGE_SHIFT;
	+ unsigned long i4:PAGETABLE_ORDER;
	+ unsigned long i3:PAGETABLE_ORDER;
	++ unsigned long i2:PAGETABLE_ORDER;
	+ } log_dirty;
	+ };
	+ } preempt;
	+--
	+1.9.5 (Apple Git-50.3)
	+
	Index: emulators/xen-kernel/files/0006-xen-pvh-enable-mmu_update-hypercall.patch
	===================================================================
	--- /dev/null
	+++ emulators/xen-kernel/files/0006-xen-pvh-enable-mmu_update-hypercall.patch
	@@ -0,0 +1,33 @@
	+From bec71ff2b61acc42e71a2bd79ec5cf172130e5f8 Mon Sep 17 00:00:00 2001
	+From: Roger Pau Monne <roger.pau@citrix.com>
	+Date: Fri, 9 Oct 2015 12:57:32 +0200
	+Subject: [PATCH 6/8] xen/pvh: enable mmu_update hypercall
	+MIME-Version: 1.0
	+Content-Type: text/plain; charset=UTF-8
	+Content-Transfer-Encoding: 8bit
	+
	+This is needed for performing save/restore of PV guests.
	+
	+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
	+Cc: Tim Deegan <tim@xen.org>
	+Cc: Jan Beulich <jbeulich@suse.com>
	+Cc: Andrew Cooper <andrew.cooper3@citrix.com>
	+---
	+ xen/arch/x86/hvm/hvm.c \| 1 +
	+ 1 file changed, 1 insertion(+)
	+
	+diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
	+index 7d53c6c..d3fdc3d 100644
	+--- a/xen/arch/x86/hvm/hvm.c
	++++ b/xen/arch/x86/hvm/hvm.c
	+@@ -4843,6 +4843,7 @@ static hvm_hypercall_t *const pvh_hypercall64_table[NR_hypercalls] = {
	+ [ __HYPERVISOR_grant_table_op ] = (hvm_hypercall_t *)hvm_grant_table_op,
	+ HYPERCALL(vcpu_op),
	+ HYPERCALL(mmuext_op),
	++ HYPERCALL(mmu_update),
	+ HYPERCALL(xsm_op),
	+ HYPERCALL(sched_op),
	+ HYPERCALL(event_channel_op),
	+--
	+1.9.5 (Apple Git-50.3)
	+
	Index: emulators/xen-kernel/files/0007-iommu-fix-usage-of-shared-EPT-IOMMU-page-tables-on-P.patch
	===================================================================
	--- emulators/xen-kernel/files/0007-iommu-fix-usage-of-shared-EPT-IOMMU-page-tables-on-P.patch
	+++ emulators/xen-kernel/files/0007-iommu-fix-usage-of-shared-EPT-IOMMU-page-tables-on-P.patch
	@@ -1,9 +1,10 @@
	-From 7978429727a9da328444749951005b595de41098 Mon Sep 17 00:00:00 2001
	-From: =?utf8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
	-Date: Mon, 9 Mar 2015 14:01:40 +0100
	-Subject: [PATCH] iommu: fix usage of shared EPT/IOMMU page tables on PVH guests
	+From 43f76b1443c8fc3b54dbb9fb466becbb9d584d6d Mon Sep 17 00:00:00 2001
	+From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
	+Date: Fri, 9 Oct 2015 12:57:33 +0200
	+Subject: [PATCH 7/8] iommu: fix usage of shared EPT/IOMMU page tables on PVH
	+ guests
	MIME-Version: 1.0
	-Content-Type: text/plain; charset=utf8
	+Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	iommu_share_p2m_table should not prevent PVH guests from using a shared page
	@@ -15,16 +16,16 @@
	arch_iommu_populate_page_table. This has not given problems so far because
	all the pages in PVH guests are of type PGT_writable_page.

	-Signed-off-by: Roger Pau MonnÃ© <roger.pau@citrix.com>
	+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
	Reviewed-by: Jan Beulich <jbeulich@suse.com>
	Tested-by: David Vrabel <david.vrabel@citrix.com>
	Reviewed-by: Tim Deegan <tim@xen.org>
	Acked-by: Kevin Tian <kevin.tian@intel.com>
	---
	- xen/drivers/passthrough/amd/iommu_map.c \| 2 --
	- xen/drivers/passthrough/iommu.c \| 3 ++-
	- xen/drivers/passthrough/vtd/iommu.c \| 2 --
	- xen/drivers/passthrough/x86/iommu.c \| 2 +-
	+ xen/drivers/passthrough/amd/iommu_map.c \| 2 --
	+ xen/drivers/passthrough/iommu.c \| 3 ++-
	+ xen/drivers/passthrough/vtd/iommu.c \| 2 --
	+ xen/drivers/passthrough/x86/iommu.c \| 2 +-
	4 files changed, 3 insertions(+), 6 deletions(-)

	diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c
	@@ -55,10 +56,10 @@
	}

	diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c
	-index 1063677..48676c5 100644
	+index 5a946d4..a5a111c 100644
	--- a/xen/drivers/passthrough/vtd/iommu.c
	+++ b/xen/drivers/passthrough/vtd/iommu.c
	-@@ -1789,8 +1789,6 @@ static void iommu_set_pgd(struct domain *d)
	+@@ -1802,8 +1802,6 @@ static void iommu_set_pgd(struct domain *d)
	struct hvm_iommu *hd = domain_hvm_iommu(d);
	mfn_t pgd_mfn;

	@@ -68,7 +69,7 @@
	return;

	diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c
	-index 52d8948..9eb8d33 100644
	+index ce0ca5a..3d2c12a 100644
	--- a/xen/drivers/passthrough/x86/iommu.c
	+++ b/xen/drivers/passthrough/x86/iommu.c
	@@ -56,7 +56,7 @@ int arch_iommu_populate_page_table(struct domain *d)
	@@ -81,5 +82,5 @@
	{
	BUG_ON(SHARED_M2P(mfn_to_gmfn(d, page_to_mfn(page))));
	--
	-1.7.2.5
	+1.9.5 (Apple Git-50.3)

	Index: emulators/xen-kernel/files/0008-xen-arm-mm-Do-not-dump-the-p2m-when-mapping-a-foreig.patch
	===================================================================
	--- /dev/null
	+++ emulators/xen-kernel/files/0008-xen-arm-mm-Do-not-dump-the-p2m-when-mapping-a-foreig.patch
	@@ -0,0 +1,39 @@
	+From 403805aca7a4a508cf193d63aa525b3a76bb09dd Mon Sep 17 00:00:00 2001
	+From: Julien Grall <julien.grall@citrix.com>
	+Date: Fri, 9 Oct 2015 13:00:35 +0200
	+Subject: [PATCH 8/8] xen/arm: mm: Do not dump the p2m when mapping a foreign
	+ gfn
	+
	+The physmap operation XENMAPSPACE_gfmn_foreign is dumping the p2m when
	+an error occured by calling dump_p2m_lookup. But this function is not
	+using ratelimited printk.
	+
	+Any domain able to map foreign gfmn would be able to flood the Xen
	+console.
	+
	+The information wasn't not useful so drop it.
	+
	+This is XSA-141.
	+
	+Signed-off-by: Julien Grall <julien.grall@citrix.com>
	+Acked-by: Ian Campbell <ian.campbell@citrix.com>
	+(cherry picked from commit afc13fe5e21d18c09e44f8ae6f7f4484e9f1de7f)
	+---
	+ xen/arch/arm/mm.c \| 1 -
	+ 1 file changed, 1 deletion(-)
	+
	+diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
	+index 7d4ba0c..7d95961 100644
	+--- a/xen/arch/arm/mm.c
	++++ b/xen/arch/arm/mm.c
	+@@ -1103,7 +1103,6 @@ int xenmem_add_to_physmap_one(
	+ page = get_page_from_gfn(od, idx, &p2mt, P2M_ALLOC);
	+ if ( !page )
	+ {
	+- dump_p2m_lookup(od, pfn_to_paddr(idx));
	+ rcu_unlock_domain(od);
	+ return -EINVAL;
	+ }
	+--
	+1.9.5 (Apple Git-50.3)
	+
	Index: emulators/xen-kernel/files/xsa117.patch
	===================================================================
	--- emulators/xen-kernel/files/xsa117.patch
	+++ /dev/null
	@@ -1,42 +0,0 @@
	-From 472dc9e627c8f1b9d7138b142a5b0838550a2072 Mon Sep 17 00:00:00 2001
	-From: Julien Grall <julien.grall@linaro.org>
	-Date: Fri, 23 Jan 2015 14:15:07 +0000
	-Subject: [PATCH] xen/arm: vgic-v2: Don't crash the hypervisor if the SGI
	- target mode is invalid
	-
	-The GICv2 spec reserved the value 0b11 for GICD_SGIR.TargetListFilter.
	-
	-Even if it's an invalid value, a malicious guest could write this value
	-and threfore crash the hypervisor.
	-
	-Replace the BUG() by logging the error and inject a data abort to the guest.
	-
	-This was introduced by commit ea37fd21110b6fbcf9257f814076a243d3873cb7
	-"xen/arm: split vgic driver into generic and vgic-v2 driver".
	-
	-This is CVE-2015-0268 / XSA-117.
	-
	-Signed-off-by: Julien Grall <julien.grall@linaro.org>
	----
	- xen/arch/arm/vgic-v2.c \| 5 ++++-
	- 1 file changed, 4 insertions(+), 1 deletion(-)
	-
	-diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c
	-index 598bf06..9dc9a20 100644
	---- a/xen/arch/arm/vgic-v2.c
	-+++ b/xen/arch/arm/vgic-v2.c
	-@@ -257,7 +257,10 @@ static int vgic_v2_to_sgi(struct vcpu *v, register_t sgir)
	- sgi_mode = SGI_TARGET_SELF;
	- break;
	- default:
	-- BUG();
	-+ printk(XENLOG_G_DEBUG
	-+ "%pv: vGICD: unhandled GICD_SGIR write %"PRIregister" with wrong mode\n",
	-+ v, sgir);
	-+ return 0;
	- }
	-
	- return vgic_to_sgi(v, sgir, sgi_mode, virq, vcpu_mask);
	---
	-2.1.4
	-
	Index: emulators/xen-kernel/files/xsa118-4.5-unstable-1.patch
	===================================================================
	--- emulators/xen-kernel/files/xsa118-4.5-unstable-1.patch
	+++ /dev/null
	@@ -1,253 +0,0 @@
	-From e698f4ab05a710e4463317ea978d426d43107e27 Mon Sep 17 00:00:00 2001
	-From: Julien Grall <julien.grall@linaro.org>
	-Date: Mon, 19 Jan 2015 14:01:09 +0000
	-Subject: [PATCH 1/2] xen/arm: vgic-v3: message in the emulation code should be
	- rate-limited
	-
	-printk by default is not rate-limited by default. Therefore a malicious guest
	-may be able to flood the Xen console.
	-
	-If we use gdprintk, unnecessary information will be printed such as the
	-filename and the line. Instead use XENLOG_G_{ERR,DEBUG} combine with %pv.
	-
	-Also remove the vGICv3 prefix which is not neccessary and update some
	-message which were wrong.
	-
	-Signed-off-by: Julien Grall <julien.grall@linaro.org>
	----
	- xen/arch/arm/vgic-v3.c \| 109 +++++++++++++++++++++++++++----------------------
	- 1 file changed, 61 insertions(+), 48 deletions(-)
	-
	-diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
	-index ae4482c..bece189 100644
	---- a/xen/arch/arm/vgic-v3.c
	-+++ b/xen/arch/arm/vgic-v3.c
	-@@ -168,13 +168,14 @@ static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu v, mmio_info_t info,
	- /* Reserved0 */
	- goto read_as_zero;
	- default:
	-- printk("vGICv3: vGICR: read r%d offset %#08x\n not found",
	-- dabt.reg, gicr_reg);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICR: read r%d offset %#08x\n not found",
	-+ v, dabt.reg, gicr_reg);
	- return 0;
	- }
	- bad_width:
	-- printk("vGICv3: vGICR: bad read width %d r%d offset %#08x\n",
	-- dabt.size, dabt.reg, gicr_reg);
	-+ printk(XENLOG_G_ERR "%pv vGICR: bad read width %d r%d offset %#08x\n",
	-+ v, dabt.size, dabt.reg, gicr_reg);
	- domain_crash_synchronous();
	- return 0;
	-
	-@@ -244,12 +245,14 @@ static int __vgic_v3_rdistr_rd_mmio_write(struct vcpu v, mmio_info_t info,
	- /* RO */
	- goto write_ignore;
	- default:
	-- printk("vGICR: write r%d offset %#08x\n not found", dabt.reg, gicr_reg);
	-+ printk(XENLOG_G_ERR "%pv: vGICR: write r%d offset %#08x\n not found",
	-+ v, dabt.reg, gicr_reg);
	- return 0;
	- }
	- bad_width:
	-- printk("vGICR: bad write width %d r%d=%"PRIregister" offset %#08x\n",
	-- dabt.size, dabt.reg, *r, gicr_reg);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICR: bad write width %d r%d=%"PRIregister" offset %#08x\n",
	-+ v, dabt.size, dabt.reg, *r, gicr_reg);
	- domain_crash_synchronous();
	- return 0;
	-
	-@@ -345,15 +348,16 @@ static int __vgic_v3_distr_common_mmio_read(struct vcpu v, mmio_info_t info,
	- vgic_unlock_rank(v, rank, flags);
	- return 1;
	- default:
	-- printk("vGICv3: vGICD/vGICR: unhandled read r%d offset %#08x\n",
	-- dabt.reg, reg);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICD/vGICR: unhandled read r%d offset %#08x\n",
	-+ v, dabt.reg, reg);
	- return 0;
	- }
	-
	- bad_width:
	-- dprintk(XENLOG_ERR,
	-- "vGICv3: vGICD/vGICR: bad read width %d r%d offset %#08x\n",
	-- dabt.size, dabt.reg, reg);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICD/vGICR: bad read width %d r%d offset %#08x\n",
	-+ v, dabt.size, dabt.reg, reg);
	- domain_crash_synchronous();
	- return 0;
	-
	-@@ -458,15 +462,16 @@ static int __vgic_v3_distr_common_mmio_write(struct vcpu v, mmio_info_t info,
	- vgic_unlock_rank(v, rank, flags);
	- return 1;
	- default:
	-- printk("vGICv3: vGICD/vGICR: unhandled write r%d "
	-- "=%"PRIregister" offset %#08x\n", dabt.reg, *r, reg);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICD/vGICR: unhandled write r%d=%"PRIregister" offset %#08x\n",
	-+ v, dabt.reg, *r, reg);
	- return 0;
	- }
	-
	- bad_width:
	-- dprintk(XENLOG_ERR,
	-- "vGICv3: vGICD/vGICR: bad write width %d r%d=%"PRIregister" "
	-- "offset %#08x\n", dabt.size, dabt.reg, *r, reg);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICD/vGICR: bad write width %d r%d=%"PRIregister" offset %#08x\n",
	-+ v, dabt.size, dabt.reg, *r, reg);
	- domain_crash_synchronous();
	- return 0;
	-
	-@@ -521,13 +526,14 @@ static int vgic_v3_rdistr_sgi_mmio_read(struct vcpu v, mmio_info_t info,
	- if ( dabt.size != DABT_WORD ) goto bad_width;
	- return 1;
	- default:
	-- printk("vGICv3: vGICR: read r%d offset %#08x\n not found",
	-- dabt.reg, gicr_reg);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICR: SGI: read r%d offset %#08x\n not found",
	-+ v, dabt.reg, gicr_reg);
	- return 0;
	- }
	- bad_width:
	-- printk("vGICv3: vGICR: bad read width %d r%d offset %#08x\n",
	-- dabt.size, dabt.reg, gicr_reg);
	-+ printk(XENLOG_G_ERR "%pv: vGICR: SGI: bad read width %d r%d offset %#08x\n",
	-+ v, dabt.size, dabt.reg, gicr_reg);
	- domain_crash_synchronous();
	- return 0;
	-
	-@@ -585,14 +591,16 @@ static int vgic_v3_rdistr_sgi_mmio_write(struct vcpu v, mmio_info_t info,
	- /* We do not implement security extensions for guests, write ignore */
	- goto write_ignore;
	- default:
	-- printk("vGICv3: vGICR SGI: write r%d offset %#08x\n not found",
	-- dabt.reg, gicr_reg);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICR: SGI: write r%d offset %#08x\n not found",
	-+ v, dabt.reg, gicr_reg);
	- return 0;
	- }
	-
	- bad_width:
	-- printk("vGICR SGI: bad write width %d r%d=%"PRIregister" offset %#08x\n",
	-- dabt.size, dabt.reg, *r, gicr_reg);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICR: SGI: bad write width %d r%d=%"PRIregister" offset %#08x\n",
	-+ v, dabt.size, dabt.reg, *r, gicr_reg);
	- domain_crash_synchronous();
	- return 0;
	-
	-@@ -618,9 +626,9 @@ static int vgic_v3_rdistr_mmio_read(struct vcpu v, mmio_info_t info)
	- else if ( (offset >= SZ_64K) && (offset < 2 * SZ_64K) )
	- return vgic_v3_rdistr_sgi_mmio_read(v, info, (offset - SZ_64K));
	- else
	-- gdprintk(XENLOG_WARNING,
	-- "vGICv3: vGICR: unknown gpa read address %"PRIpaddr"\n",
	-- info->gpa);
	-+ printk(XENLOG_G_WARNING
	-+ "%pv: vGICR: unknown gpa read address %"PRIpaddr"\n",
	-+ v, info->gpa);
	-
	- return 0;
	- }
	-@@ -642,9 +650,9 @@ static int vgic_v3_rdistr_mmio_write(struct vcpu v, mmio_info_t info)
	- else if ( (offset >= SZ_64K) && (offset < 2 * SZ_64K) )
	- return vgic_v3_rdistr_sgi_mmio_write(v, info, (offset - SZ_64K));
	- else
	-- gdprintk(XENLOG_WARNING,
	-- "vGICV3: vGICR: unknown gpa write address %"PRIpaddr"\n",
	-- info->gpa);
	-+ printk(XENLOG_G_WARNING
	-+ "%pv: vGICR: unknown gpa write address %"PRIpaddr"\n",
	-+ v, info->gpa);
	-
	- return 0;
	- }
	-@@ -770,18 +778,19 @@ static int vgic_v3_distr_mmio_read(struct vcpu v, mmio_info_t info)
	- case 0xf30 ... 0x5fcc:
	- case 0x8000 ... 0xbfcc:
	- /* These are reserved register addresses */
	-- printk("vGICv3: vGICD: read unknown 0x00c .. 0xfcc r%d offset %#08x\n",
	-- dabt.reg, gicd_reg);
	-+ printk(XENLOG_G_DEBUG
	-+ "%pv: vGICD: RAZ on reserved register offset %#08x\n",
	-+ v, gicd_reg);
	- goto read_as_zero;
	- default:
	-- printk("vGICv3: vGICD: unhandled read r%d offset %#08x\n",
	-- dabt.reg, gicd_reg);
	-+ printk(XENLOG_G_ERR "%pv: vGICD: unhandled read r%d offset %#08x\n",
	-+ v, dabt.reg, gicd_reg);
	- return 0;
	- }
	-
	- bad_width:
	-- dprintk(XENLOG_ERR, "vGICv3: vGICD: bad read width %d r%d offset %#08x\n",
	-- dabt.size, dabt.reg, gicd_reg);
	-+ printk(XENLOG_G_ERR "%pv: vGICD: bad read width %d r%d offset %#08x\n",
	-+ v, dabt.size, dabt.reg, gicd_reg);
	- domain_crash_synchronous();
	- return 0;
	-
	-@@ -840,8 +849,9 @@ static int vgic_v3_distr_mmio_write(struct vcpu v, mmio_info_t info)
	- case 0x020 ... 0x03c:
	- case 0xc000 ... 0xffcc:
	- /* Implementation defined -- write ignored */
	-- printk("vGICv3: vGICD: write unknown 0x020 - 0x03c r%d offset %#08x\n",
	-- dabt.reg, gicd_reg);
	-+ printk(XENLOG_G_DEBUG
	-+ "%pv: vGICD: WI on implementation defined register offset %#08x\n",
	-+ v, gicd_reg);
	- goto write_ignore;
	- case GICD_IGROUPR ... GICD_IGROUPRN:
	- case GICD_ISENABLER ... GICD_ISENABLERN:
	-@@ -885,8 +895,9 @@ static int vgic_v3_distr_mmio_write(struct vcpu v, mmio_info_t info)
	- new_target = new_irouter & MPIDR_AFF0_MASK;
	- if ( new_target >= v->domain->max_vcpus )
	- {
	-- printk("vGICv3: vGICD: wrong irouter at offset %#08x\n val 0x%lx vcpu %x",
	-- gicd_reg, new_target, v->domain->max_vcpus);
	-+ printk(XENLOG_G_DEBUG
	-+ "%pv: vGICD: wrong irouter at offset %#08x\n val 0x%lx vcpu %x",
	-+ v, gicd_reg, new_target, v->domain->max_vcpus);
	- vgic_unlock_rank(v, rank, flags);
	- return 0;
	- }
	-@@ -926,19 +937,21 @@ static int vgic_v3_distr_mmio_write(struct vcpu v, mmio_info_t info)
	- case 0xf30 ... 0x5fcc:
	- case 0x8000 ... 0xbfcc:
	- /* Reserved register addresses */
	-- printk("vGICv3: vGICD: write unknown 0x00c 0xfcc r%d offset %#08x\n",
	-- dabt.reg, gicd_reg);
	-+ printk(XENLOG_G_DEBUG
	-+ "%pv: vGICD: write unknown 0x00c 0xfcc r%d offset %#08x\n",
	-+ v, dabt.reg, gicd_reg);
	- goto write_ignore;
	- default:
	-- printk("vGICv3: vGICD: unhandled write r%d=%"PRIregister" "
	-- "offset %#08x\n", dabt.reg, *r, gicd_reg);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICD: unhandled write r%d=%"PRIregister" offset %#08x\n",
	-+ v, dabt.reg, *r, gicd_reg);
	- return 0;
	- }
	-
	- bad_width:
	-- dprintk(XENLOG_ERR,
	-- "VGICv3: vGICD: bad write width %d r%d=%"PRIregister" "
	-- "offset %#08x\n", dabt.size, dabt.reg, *r, gicd_reg);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICD: bad write width %d r%d=%"PRIregister" offset %#08x\n",
	-+ v, dabt.size, dabt.reg, *r, gicd_reg);
	- domain_crash_synchronous();
	- return 0;
	-
	---
	-2.1.4
	-
	Index: emulators/xen-kernel/files/xsa118-4.5-unstable-2.patch
	===================================================================
	--- emulators/xen-kernel/files/xsa118-4.5-unstable-2.patch
	+++ /dev/null
	@@ -1,115 +0,0 @@
	-From e8fa469595e29b2dbe6dde3a77ee2ea2d9e93283 Mon Sep 17 00:00:00 2001
	-From: Julien Grall <julien.grall@linaro.org>
	-Date: Mon, 19 Jan 2015 12:59:42 +0000
	-Subject: [PATCH 2/2] xen/arm: vgic-v2: message in the emulation code should be
	- rate-limited
	-
	-printk is not rated-limited by default. Therefore a malicious guest may
	-be able to flood the Xen console.
	-
	-If we use gdprintk, unecessary information will be printed such as the
	-filename and the line. Instead use XENLOG_G_ERR combine with %pv.
	-
	-Signed-off-by: Julien Grall <julien.grall@linaro.org>
	----
	- xen/arch/arm/vgic-v2.c \| 40 +++++++++++++++++++++++-----------------
	- 1 file changed, 23 insertions(+), 17 deletions(-)
	-
	-diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c
	-index 9dc9a20..3b87f54 100644
	---- a/xen/arch/arm/vgic-v2.c
	-+++ b/xen/arch/arm/vgic-v2.c
	-@@ -198,7 +198,7 @@ static int vgic_v2_distr_mmio_read(struct vcpu v, mmio_info_t info)
	-
	- case GICD_ICPIDR2:
	- if ( dabt.size != DABT_WORD ) goto bad_width;
	-- printk("vGICD: unhandled read from ICPIDR2\n");
	-+ printk(XENLOG_G_ERR "%pv: vGICD: unhandled read from ICPIDR2\n", v);
	- return 0;
	-
	- /* Implementation defined -- read as zero */
	-@@ -215,14 +215,14 @@ static int vgic_v2_distr_mmio_read(struct vcpu v, mmio_info_t info)
	- goto read_as_zero;
	-
	- default:
	-- printk("vGICD: unhandled read r%d offset %#08x\n",
	-- dabt.reg, gicd_reg);
	-+ printk(XENLOG_G_ERR "%pv: vGICD: unhandled read r%d offset %#08x\n",
	-+ v, dabt.reg, gicd_reg);
	- return 0;
	- }
	-
	- bad_width:
	-- printk("vGICD: bad read width %d r%d offset %#08x\n",
	-- dabt.size, dabt.reg, gicd_reg);
	-+ printk(XENLOG_G_ERR "%pv: vGICD: bad read width %d r%d offset %#08x\n",
	-+ v, dabt.size, dabt.reg, gicd_reg);
	- domain_crash_synchronous();
	- return 0;
	-
	-@@ -331,14 +331,16 @@ static int vgic_v2_distr_mmio_write(struct vcpu v, mmio_info_t info)
	-
	- case GICD_ISPENDR ... GICD_ISPENDRN:
	- if ( dabt.size != DABT_BYTE && dabt.size != DABT_WORD ) goto bad_width;
	-- printk("vGICD: unhandled %s write %#"PRIregister" to ISPENDR%d\n",
	-- dabt.size ? "word" : "byte", *r, gicd_reg - GICD_ISPENDR);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICD: unhandled %s write %#"PRIregister" to ISPENDR%d\n",
	-+ v, dabt.size ? "word" : "byte", *r, gicd_reg - GICD_ISPENDR);
	- return 0;
	-
	- case GICD_ICPENDR ... GICD_ICPENDRN:
	- if ( dabt.size != DABT_BYTE && dabt.size != DABT_WORD ) goto bad_width;
	-- printk("vGICD: unhandled %s write %#"PRIregister" to ICPENDR%d\n",
	-- dabt.size ? "word" : "byte", *r, gicd_reg - GICD_ICPENDR);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICD: unhandled %s write %#"PRIregister" to ICPENDR%d\n",
	-+ v, dabt.size ? "word" : "byte", *r, gicd_reg - GICD_ICPENDR);
	- return 0;
	-
	- case GICD_ISACTIVER ... GICD_ISACTIVERN:
	-@@ -457,14 +459,16 @@ static int vgic_v2_distr_mmio_write(struct vcpu v, mmio_info_t info)
	-
	- case GICD_CPENDSGIR ... GICD_CPENDSGIRN:
	- if ( dabt.size != DABT_BYTE && dabt.size != DABT_WORD ) goto bad_width;
	-- printk("vGICD: unhandled %s write %#"PRIregister" to ICPENDSGIR%d\n",
	-- dabt.size ? "word" : "byte", *r, gicd_reg - GICD_CPENDSGIR);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICD: unhandled %s write %#"PRIregister" to ICPENDSGIR%d\n",
	-+ v, dabt.size ? "word" : "byte", *r, gicd_reg - GICD_CPENDSGIR);
	- return 0;
	-
	- case GICD_SPENDSGIR ... GICD_SPENDSGIRN:
	- if ( dabt.size != DABT_BYTE && dabt.size != DABT_WORD ) goto bad_width;
	-- printk("vGICD: unhandled %s write %#"PRIregister" to ISPENDSGIR%d\n",
	-- dabt.size ? "word" : "byte", *r, gicd_reg - GICD_SPENDSGIR);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICD: unhandled %s write %#"PRIregister" to ISPENDSGIR%d\n",
	-+ v, dabt.size ? "word" : "byte", *r, gicd_reg - GICD_SPENDSGIR);
	- return 0;
	-
	- /* Implementation defined -- write ignored */
	-@@ -489,14 +493,16 @@ static int vgic_v2_distr_mmio_write(struct vcpu v, mmio_info_t info)
	- goto write_ignore;
	-
	- default:
	-- printk("vGICD: unhandled write r%d=%"PRIregister" offset %#08x\n",
	-- dabt.reg, *r, gicd_reg);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICD: unhandled write r%d=%"PRIregister" offset %#08x\n",
	-+ v, dabt.reg, *r, gicd_reg);
	- return 0;
	- }
	-
	- bad_width:
	-- printk("vGICD: bad write width %d r%d=%"PRIregister" offset %#08x\n",
	-- dabt.size, dabt.reg, *r, gicd_reg);
	-+ printk(XENLOG_G_ERR
	-+ "%pv: vGICD: bad write width %d r%d=%"PRIregister" offset %#08x\n",
	-+ v, dabt.size, dabt.reg, *r, gicd_reg);
	- domain_crash_synchronous();
	- return 0;
	-
	---
	-2.1.4
	-
	Index: emulators/xen-kernel/files/xsa121.patch
	===================================================================
	--- emulators/xen-kernel/files/xsa121.patch
	+++ /dev/null
	@@ -1,51 +0,0 @@
	-x86/HVM: return all ones on wrong-sized reads of system device I/O ports
	-
	-So far the value presented to the guest remained uninitialized.
	-
	-This is CVE-2015-2044 / XSA-121.
	-
	-Signed-off-by: Jan Beulich <jbeulich@suse.com>
	-Acked-by: Ian Campbell <ian.campbell@citrix.com>
	-
	---- a/xen/arch/x86/hvm/i8254.c
	-+++ b/xen/arch/x86/hvm/i8254.c
	-@@ -486,6 +486,7 @@ static int handle_pit_io(
	- if ( bytes != 1 )
	- {
	- gdprintk(XENLOG_WARNING, "PIT bad access\n");
	-+ *val = ~0;
	- return X86EMUL_OKAY;
	- }
	-
	---- a/xen/arch/x86/hvm/pmtimer.c
	-+++ b/xen/arch/x86/hvm/pmtimer.c
	-@@ -213,6 +213,7 @@ static int handle_pmt_io(
	- if ( bytes != 4 )
	- {
	- gdprintk(XENLOG_WARNING, "HVM_PMT bad access\n");
	-+ *val = ~0;
	- return X86EMUL_OKAY;
	- }
	-
	---- a/xen/arch/x86/hvm/rtc.c
	-+++ b/xen/arch/x86/hvm/rtc.c
	-@@ -703,7 +703,8 @@ static int handle_rtc_io(
	-
	- if ( bytes != 1 )
	- {
	-- gdprintk(XENLOG_WARNING, "HVM_RTC bas access\n");
	-+ gdprintk(XENLOG_WARNING, "HVM_RTC bad access\n");
	-+ *val = ~0;
	- return X86EMUL_OKAY;
	- }
	-
	---- a/xen/arch/x86/hvm/vpic.c
	-+++ b/xen/arch/x86/hvm/vpic.c
	-@@ -331,6 +331,7 @@ static int vpic_intercept_pic_io(
	- if ( bytes != 1 )
	- {
	- gdprintk(XENLOG_WARNING, "PIC_IO bad access size %d\n", bytes);
	-+ *val = ~0;
	- return X86EMUL_OKAY;
	- }
	-
	Index: emulators/xen-kernel/files/xsa122.patch
	===================================================================
	--- emulators/xen-kernel/files/xsa122.patch
	+++ /dev/null
	@@ -1,40 +0,0 @@
	-pre-fill structures for certain HYPERVISOR_xen_version sub-ops
	-
	-... avoiding to pass hypervisor stack contents back to the caller
	-through space unused by the respective strings.
	-
	-This is CVE-2015-2045 / XSA-122.
	-
	-Signed-off-by: Aaron Adams <Aaron.Adams@nccgroup.com>
	-Acked-by: Jan Beulich <jbeulich@suse.com>
	-Acked-by: Ian Campbell <ian.campbell@citrix.com>
	-
	---- a/xen/common/kernel.c
	-+++ b/xen/common/kernel.c
	-@@ -240,6 +240,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDL
	- case XENVER_extraversion:
	- {
	- xen_extraversion_t extraversion;
	-+
	-+ memset(extraversion, 0, sizeof(extraversion));
	- safe_strcpy(extraversion, xen_extra_version());
	- if ( copy_to_guest(arg, extraversion, ARRAY_SIZE(extraversion)) )
	- return -EFAULT;
	-@@ -249,6 +251,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDL
	- case XENVER_compile_info:
	- {
	- struct xen_compile_info info;
	-+
	-+ memset(&info, 0, sizeof(info));
	- safe_strcpy(info.compiler, xen_compiler());
	- safe_strcpy(info.compile_by, xen_compile_by());
	- safe_strcpy(info.compile_domain, xen_compile_domain());
	-@@ -284,6 +288,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDL
	- case XENVER_changeset:
	- {
	- xen_changeset_info_t chgset;
	-+
	-+ memset(chgset, 0, sizeof(chgset));
	- safe_strcpy(chgset, xen_changeset());
	- if ( copy_to_guest(arg, chgset, ARRAY_SIZE(chgset)) )
	- return -EFAULT;
	Index: emulators/xen-kernel/files/xsa123.patch
	===================================================================
	--- emulators/xen-kernel/files/xsa123.patch
	+++ /dev/null
	@@ -1,24 +0,0 @@
	-x86emul: fully ignore segment override for register-only operations
	-
	-For ModRM encoded instructions with register operands we must not
	-overwrite ea.mem.seg (if a - bogus in that case - segment override was
	-present) as it aliases with ea.reg.
	-
	-This is CVE-2015-2151 / XSA-123.
	-
	-Reported-by: Felix Wilhelm <fwilhelm@ernw.de>
	-Signed-off-by: Jan Beulich <jbeulich@suse.com>
	-Reviewed-by: Tim Deegan <tim@xen.org>
	-Reviewed-by: Keir Fraser <keir@xen.org>
	-
	---- a/xen/arch/x86/x86_emulate/x86_emulate.c
	-+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
	-@@ -1757,7 +1757,7 @@ x86_emulate(
	- }
	- }
	-
	-- if ( override_seg != -1 )
	-+ if ( override_seg != -1 && ea.type == OP_MEM )
	- ea.mem.seg = override_seg;
	-
	- /* Early operand adjustments. */
	Index: emulators/xen-kernel/files/xsa125.patch
	===================================================================
	--- emulators/xen-kernel/files/xsa125.patch
	+++ /dev/null
	@@ -1,71 +0,0 @@
	-From 98670acc98cad5aee0e0714694a64d3b96675c36 Mon Sep 17 00:00:00 2001
	-From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	-Date: Wed, 19 Nov 2014 12:57:11 -0500
	-Subject: [PATCH] Limit XEN_DOMCTL_memory_mapping hypercall to only process up
	- to 64 GFNs (or less)
	-
	-Said hypercall for large BARs can take quite a while. As such
	-we can require that the hypercall MUST break up the request
	-in smaller values.
	-
	-Another approach is to add preemption to it - whether we do the
	-preemption using hypercall_create_continuation or returning
	-EAGAIN to userspace (and have it re-invocate the call) - either
	-way the issue we cannot easily solve is that in 'map_mmio_regions'
	-if we encounter an error we MUST call 'unmap_mmio_regions' for the
	-whole BAR region.
	-
	-Since the preemption would re-use input fields such as nr_mfns,
	-first_gfn, first_mfn - we would lose the original values -
	-and only undo what was done in the current round (i.e. ignoring
	-anything that was done prior to earlier preemptions).
	-
	-Unless we re-used the return value as 'EAGAIN\|nr_mfns_done<<10' but
	-that puts a limit (since the return value is a long) on the amount
	-of nr_mfns that can provided.
	-
	-This patch sidesteps this problem by:
	- - Setting an hard limit of nr_mfns having to be 64 or less.
	- - Toolstack adjusts correspondingly to the nr_mfn limit.
	- - If the there is an error when adding the toolstack will call the
	- remove operation to remove the whole region.
	-
	-The need to break this hypercall down is for large BARs can take
	-more than the guest (initial domain usually) time-slice. This has
	-the negative result in that the guest is locked out for a long
	-duration and is unable to act on any pending events.
	-
	-We also augment the code to return zero if nr_mfns instead
	-of trying to the hypercall.
	-
	-Suggested-by: Jan Beulich <jbeulich@suse.com>
	-Acked-by: Jan Beulich <jbeulich@suse.com>
	-Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	-Acked-by: Ian Campbell <ian.campbell@citrix.com>
	----
	-[v50: Simplify loop]
	-[v51: If max_batch_sz 1 (or less) we would return zero. Fix that]
	-[v52: Handle nr_mfns being zero]
	-[v53: Fix up return value]
	----
	- tools/libxc/xc_domain.c \| 46 +++++++++++++++++++++++++++++++++++++++++----
	- xen/common/domctl.c \| 5 +++++
	- xen/include/public/domctl.h \| 1 +
	- 3 files changed, 48 insertions(+), 4 deletions(-)
	-
	-diff --git a/xen/common/domctl.c b/xen/common/domctl.c
	-index d396cc4..c2e60a7 100644
	---- a/xen/common/domctl.c
	-+++ b/xen/common/domctl.c
	-@@ -1027,6 +1027,11 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
	- (gfn + nr_mfns - 1) < gfn ) /* wrap? */
	- break;
	-
	-+ ret = -E2BIG;
	-+ /* Must break hypercall up as this could take a while. */
	-+ if ( nr_mfns > 64 )
	-+ break;
	-+
	- ret = -EPERM;
	- if ( !iomem_access_permitted(current->domain, mfn, mfn_end) \|\|
	- !iomem_access_permitted(d, mfn, mfn_end) )
	Index: emulators/xen-kernel/files/xsa127-4.x.patch
	===================================================================
	--- emulators/xen-kernel/files/xsa127-4.x.patch
	+++ /dev/null
	@@ -1,50 +0,0 @@
	-domctl: don't allow a toolstack domain to call domain_pause() on itself
	-
	-These DOMCTL subops were accidentally declared safe for disaggregation
	-in the wake of XSA-77.
	-
	-This is XSA-127.
	-
	-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
	-Reviewed-by: Jan Beulich <jbeulich@suse.com>
	-Acked-by: Ian Campbell <ian.campbell@citrix.com>
	-
	---- a/xen/arch/x86/domctl.c
	-+++ b/xen/arch/x86/domctl.c
	-@@ -888,6 +888,10 @@ long arch_do_domctl(
	- {
	- xen_guest_tsc_info_t info;
	-
	-+ ret = -EINVAL;
	-+ if ( d == current->domain ) /* no domain_pause() */
	-+ break;
	-+
	- domain_pause(d);
	- tsc_get_info(d, &info.tsc_mode,
	- &info.elapsed_nsec,
	-@@ -903,6 +907,10 @@ long arch_do_domctl(
	-
	- case XEN_DOMCTL_settscinfo:
	- {
	-+ ret = -EINVAL;
	-+ if ( d == current->domain ) /* no domain_pause() */
	-+ break;
	-+
	- domain_pause(d);
	- tsc_set_info(d, domctl->u.tsc_info.info.tsc_mode,
	- domctl->u.tsc_info.info.elapsed_nsec,
	---- a/xen/common/domctl.c
	-+++ b/xen/common/domctl.c
	-@@ -522,8 +522,10 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe
	-
	- case XEN_DOMCTL_resumedomain:
	- {
	-- domain_resume(d);
	-- ret = 0;
	-+ if ( d == current->domain ) /* no domain_pause() */
	-+ ret = -EINVAL;
	-+ else
	-+ domain_resume(d);
	- }
	- break;
	-
	Index: emulators/xen-kernel/files/xsa132.patch
	===================================================================
	--- emulators/xen-kernel/files/xsa132.patch
	+++ /dev/null
	@@ -1,29 +0,0 @@
	-domctl/sysctl: don't leak hypervisor stack to toolstacks
	-
	-This is XSA-132.
	-
	-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
	-Reviewed-by: Jan Beulich <jbeulich@suse.com>
	-
	---- a/xen/arch/x86/domctl.c
	-+++ b/xen/arch/x86/domctl.c
	-@@ -884,7 +884,7 @@ long arch_do_domctl(
	-
	- case XEN_DOMCTL_gettscinfo:
	- {
	-- xen_guest_tsc_info_t info;
	-+ xen_guest_tsc_info_t info = { 0 };
	-
	- ret = -EINVAL;
	- if ( d == current->domain ) /* no domain_pause() */
	---- a/xen/common/sysctl.c
	-+++ b/xen/common/sysctl.c
	-@@ -76,7 +76,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xe
	- case XEN_SYSCTL_getdomaininfolist:
	- {
	- struct domain *d;
	-- struct xen_domctl_getdomaininfo info;
	-+ struct xen_domctl_getdomaininfo info = { 0 };
	- u32 num_domains = 0;
	-
	- rcu_read_lock(&domlist_read_lock);
	Index: emulators/xen-kernel/files/xsa134.patch
	===================================================================
	--- emulators/xen-kernel/files/xsa134.patch
	+++ /dev/null
	@@ -1,23 +0,0 @@
	-From: Jan Beulich <jbeulich@suse.com>
	-Subject: gnttab: add missing version check to GNTTABOP_swap_grant_ref handling
	-
	-... avoiding NULL derefs when the version to use wasn't set yet (via
	-GNTTABOP_setup_table or GNTTABOP_set_version).
	-
	-This is XSA-134.
	-
	-Signed-off-by: Jan Beulich <jbeulich@suse.com>
	-Acked-by: Ian Campbell <ian.campbell@citrix.com>
	-
	---- a/xen/common/grant_table.c
	-+++ b/xen/common/grant_table.c
	-@@ -2592,6 +2592,9 @@ __gnttab_swap_grant_ref(grant_ref_t ref_
	-
	- spin_lock(&gt->lock);
	-
	-+ if ( gt->gt_version == 0 )
	-+ PIN_FAIL(out, GNTST_general_error, "grant table not yet set up\n");
	-+
	- /* Bounds check on the grant refs */
	- if ( unlikely(ref_a >= nr_grant_entries(d->grant_table)))
	- PIN_FAIL(out, GNTST_bad_gntref, "Bad ref-a (%d).\n", ref_a);
	Index: emulators/xen-kernel/files/xsa136.patch
	===================================================================
	--- emulators/xen-kernel/files/xsa136.patch
	+++ /dev/null
	@@ -1,19 +0,0 @@
	-From: Andrew Cooper <andrew.cooper3@citrix.com>
	-Subject: x86/traps: loop in the correct direction in compat_iret()
	-
	-This is XSA-136.
	-
	-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
	-Reviewed-by: Jan Beulich <jbeulich@suse.com>
	-
	---- a/xen/arch/x86/x86_64/compat/traps.c
	-+++ b/xen/arch/x86/x86_64/compat/traps.c
	-@@ -119,7 +119,7 @@ unsigned int compat_iret(void)
	- }
	- else if ( ksp > regs->_esp )
	- {
	-- for (i = 9; i > 0; ++i)
	-+ for ( i = 9; i > 0; --i )
	- {
	- rc \|= __get_user(x, (u32 *)regs->rsp + i);
	- rc \|= __put_user(x, (u32 *)(unsigned long)ksp + i);
	Index: sysutils/xen-tools/Makefile
	===================================================================
	--- sysutils/xen-tools/Makefile
	+++ sysutils/xen-tools/Makefile
	@@ -2,6 +2,7 @@

	PORTNAME= xen
	PORTVERSION= 4.5.1
	+PORTREVISION= 1
	CATEGORIES= sysutils emulators
	MASTER_SITES= http://bits.xensource.com/oss-xen/release/${PORTVERSION}/ \
	http://code.coreboot.org/p/seabios/downloads/get/:seabios
	@@ -48,6 +49,7 @@
	--cxx=c++

	EXTRA_PATCHES= ${FILESDIR}/xsa137.patch:-p1 \
	+ ${FILESDIR}/xsa142-4.5.patch:-p1 \
	${FILESDIR}/0002-libxc-fix-xc_dom_load_elf_symtab.patch:-p1

	CONFIGURE_ARGS+= --with-extra-qemuu-configure-args="${QEMU_ARGS}"
	@@ -75,10 +77,6 @@
	${WRKSRC}/tools/libxl/libxl_dm.c \
	${WRKSRC}/tools/qemu-xen-traditional/i386-dm/helper2.c \
	${WRKSRC}/docs/man/*
	- @for p in ${FILESDIR}/qemut.patch; do \
	- ${ECHO_CMD} "====> Applying $${p##*/}" ; \
	- ${PATCH} -s -p1 -i $${p} -d ${WRKSRC}/tools/qemu-xen-traditional ; \
	- done
	@for p in ${FILESDIR}/qemuu.patch; do \
	${ECHO_CMD} "====> Applying $${p##*/}" ; \
	${PATCH} -s -p1 -i $${p} -d ${WRKSRC}/tools/qemu-xen ; \
	Index: sysutils/xen-tools/files/xsa135-qemut-1.patch
	===================================================================
	--- sysutils/xen-tools/files/xsa135-qemut-1.patch
	+++ /dev/null
	@@ -1,92 +0,0 @@
	-pcnet: fix Negative array index read
	-
	-From: Gonglei <arei.gonglei@huawei.com>
	-
	-s->xmit_pos maybe assigned to a negative value (-1),
	-but in this branch variable s->xmit_pos as an index to
	-array s->buffer. Let's add a check for s->xmit_pos.
	-
	-upstream-commit-id: 7b50d00911ddd6d56a766ac5671e47304c20a21b
	-
	-Signed-off-by: Gonglei <arei.gonglei@huawei.com>
	-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
	-Reviewed-by: Jason Wang <jasowang@redhat.com>
	-Reviewed-by: Jason Wang <jasowang@redhat.com>
	-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
	-
	-diff --git a/hw/pcnet.c b/hw/pcnet.c
	-index 7cc0637..9f3e1cc 100644
	---- a/hw/pcnet.c
	-+++ b/hw/pcnet.c
	-@@ -1250,7 +1250,7 @@ static void pcnet_transmit(PCNetState *s)
	- target_phys_addr_t xmit_cxda = 0;
	- int count = CSR_XMTRL(s)-1;
	- int add_crc = 0;
	--
	-+ int bcnt;
	- s->xmit_pos = -1;
	-
	- if (!CSR_TXON(s)) {
	-@@ -1276,34 +1276,39 @@ static void pcnet_transmit(PCNetState *s)
	- if (BCR_SWSTYLE(s) != 1)
	- add_crc = GET_FIELD(tmd.status, TMDS, ADDFCS);
	- }
	-+
	-+ if (s->xmit_pos < 0) {
	-+ goto txdone;
	-+ }
	-+
	-+ bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
	-+ s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
	-+ s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
	-+ s->xmit_pos += bcnt;
	-+
	- if (!GET_FIELD(tmd.status, TMDS, ENP)) {
	-- int bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
	-- s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
	-- s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
	-- s->xmit_pos += bcnt;
	-- } else if (s->xmit_pos >= 0) {
	-- int bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
	-- s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
	-- s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
	-- s->xmit_pos += bcnt;
	-+ goto txdone;
	-+ }
	- #ifdef PCNET_DEBUG
	-- printf("pcnet_transmit size=%d\n", s->xmit_pos);
	-+ printf("pcnet_transmit size=%d\n", s->xmit_pos);
	- #endif
	-- if (CSR_LOOP(s)) {
	-- if (BCR_SWSTYLE(s) == 1)
	-- add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS);
	-- s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC;
	-- pcnet_receive(s, s->buffer, s->xmit_pos);
	-- s->looptest = 0;
	-- } else
	-- if (s->vc)
	-- qemu_send_packet(s->vc, s->buffer, s->xmit_pos);
	--
	-- s->csr[0] &= ~0x0008; /* clear TDMD */
	-- s->csr[4] \|= 0x0004; /* set TXSTRT */
	-- s->xmit_pos = -1;
	-+ if (CSR_LOOP(s)) {
	-+ if (BCR_SWSTYLE(s) == 1)
	-+ add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS);
	-+ s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC;
	-+ pcnet_receive(s, s->buffer, s->xmit_pos);
	-+ s->looptest = 0;
	-+ } else {
	-+ if (s->vc) {
	-+ qemu_send_packet(s->vc, s->buffer, s->xmit_pos);
	-+ }
	- }
	-
	-+ s->csr[0] &= ~0x0008; /* clear TDMD */
	-+ s->csr[4] \|= 0x0004; /* set TXSTRT */
	-+ s->xmit_pos = -1;
	-+
	-+ txdone:
	- SET_FIELD(&tmd.status, TMDS, OWN, 0);
	- TMDSTORE(&tmd, PHYSADDR(s,CSR_CXDA(s)));
	- if (!CSR_TOKINTD(s) \|\| (CSR_LTINTEN(s) && GET_FIELD(tmd.status, TMDS, LTINT)))
	Index: sysutils/xen-tools/files/xsa135-qemut-2.patch
	===================================================================
	--- sysutils/xen-tools/files/xsa135-qemut-2.patch
	+++ /dev/null
	@@ -1,45 +0,0 @@
	-From 2630672ab22255de252f877709851c0557a1c647 Mon Sep 17 00:00:00 2001
	-From: Petr Matousek <pmatouse@redhat.com>
	-Date: Sun, 24 May 2015 10:53:44 +0200
	-Subject: [PATCH] pcnet: force the buffer access to be in bounds during tx
	-
	-4096 is the maximum length per TMD and it is also currently the size of
	-the relay buffer pcnet driver uses for sending the packet data to QEMU
	-for further processing. With packet spanning multiple TMDs it can
	-happen that the overall packet size will be bigger than sizeof(buffer),
	-which results in memory corruption.
	-
	-Fix this by only allowing to queue maximum sizeof(buffer) bytes.
	-
	-This is CVE-2015-3209.
	-
	-Signed-off-by: Petr Matousek <pmatouse@redhat.com>
	-Reported-by: Matt Tait <matttait@google.com>
	-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
	-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
	----
	- hw/pcnet.c \| 8 ++++++++
	- 1 file changed, 8 insertions(+)
	-
	-diff --git a/hw/pcnet.c b/hw/pcnet.c
	-index bdfd38f..6d32e4c 100644
	---- a/hw/pcnet.c
	-+++ b/hw/pcnet.c
	-@@ -1241,6 +1241,14 @@ static void pcnet_transmit(PCNetState *s)
	- }
	-
	- bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
	-+
	-+ /* if multi-tmd packet outsizes s->buffer then skip it silently.
	-+ Note: this is not what real hw does */
	-+ if (s->xmit_pos + bcnt > sizeof(s->buffer)) {
	-+ s->xmit_pos = -1;
	-+ goto txdone;
	-+ }
	-+
	- s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
	- s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
	- s->xmit_pos += bcnt;
	---
	-2.1.0
	-
	Index: sysutils/xen-tools/files/xsa138-qemut-1.patch
	===================================================================
	--- sysutils/xen-tools/files/xsa138-qemut-1.patch
	+++ /dev/null
	@@ -1,77 +0,0 @@
	-From 510952d4c33ee69574167ce30829b21c815a165b Mon Sep 17 00:00:00 2001
	-From: Kevin Wolf <kwolf@redhat.com>
	-Date: Wed, 3 Jun 2015 14:13:31 +0200
	-Subject: [PATCH 1/2] ide: Check array bounds before writing to io_buffer
	- (CVE-2015-5154)
	-
	-If the end_transfer_func of a command is called because enough data has
	-been read or written for the current PIO transfer, and it fails to
	-correctly call the command completion functions, the DRQ bit in the
	-status register and s->end_transfer_func may remain set. This allows the
	-guest to access further bytes in s->io_buffer beyond s->data_end, and
	-eventually overflowing the io_buffer.
	-
	-One case where this currently happens is emulation of the ATAPI command
	-START STOP UNIT.
	-
	-This patch fixes the problem by adding explicit array bounds checks
	-before accessing the buffer instead of relying on end_transfer_func to
	-function correctly.
	-
	-Cc: qemu-stable@nongnu.org
	-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
	----
	- hw/ide.c \| 16 ++++++++++++++++
	- 1 file changed, 16 insertions(+)
	-
	-diff --git a/hw/ide.c b/hw/ide.c
	-index 791666b..211ec88 100644
	---- a/hw/ide.c
	-+++ b/hw/ide.c
	-@@ -3002,6 +3002,10 @@ static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
	- buffered_pio_write(s, addr, 2);
	-
	- p = s->data_ptr;
	-+ if (p + 2 > s->data_end) {
	-+ return;
	-+ }
	-+
	- (uint16_t )p = le16_to_cpu(val);
	- p += 2;
	- s->data_ptr = p;
	-@@ -3021,6 +3025,10 @@ static uint32_t ide_data_readw(void *opaque, uint32_t addr)
	- buffered_pio_read(s, addr, 2);
	-
	- p = s->data_ptr;
	-+ if (p + 2 > s->data_end) {
	-+ return 0;
	-+ }
	-+
	- ret = cpu_to_le16((uint16_t )p);
	- p += 2;
	- s->data_ptr = p;
	-@@ -3040,6 +3048,10 @@ static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
	- buffered_pio_write(s, addr, 4);
	-
	- p = s->data_ptr;
	-+ if (p + 4 > s->data_end) {
	-+ return;
	-+ }
	-+
	- (uint32_t )p = le32_to_cpu(val);
	- p += 4;
	- s->data_ptr = p;
	-@@ -3059,6 +3071,10 @@ static uint32_t ide_data_readl(void *opaque, uint32_t addr)
	- buffered_pio_read(s, addr, 4);
	-
	- p = s->data_ptr;
	-+ if (p + 4 > s->data_end) {
	-+ return 0;
	-+ }
	-+
	- ret = cpu_to_le32((uint32_t )p);
	- p += 4;
	- s->data_ptr = p;
	---
	-2.1.4
	-
	Index: sysutils/xen-tools/files/xsa138-qemut-2.patch
	===================================================================
	--- sysutils/xen-tools/files/xsa138-qemut-2.patch
	+++ /dev/null
	@@ -1,71 +0,0 @@
	-From 1ac0f60d558b7fca55c69a61ab4c4538af1f02f9 Mon Sep 17 00:00:00 2001
	-From: Kevin Wolf <kwolf@redhat.com>
	-Date: Wed, 3 Jun 2015 14:41:27 +0200
	-Subject: [PATCH 2/2] ide: Clear DRQ after handling all expected accesses
	-
	-This is additional hardening against an end_transfer_func that fails to
	-clear the DRQ status bit. The bit must be unset as soon as the PIO
	-transfer has completed, so it's better to do this in a central place
	-instead of duplicating the code in all commands (and forgetting it in
	-some).
	-
	-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
	----
	- hw/ide.c \| 16 ++++++++++++----
	- 1 file changed, 12 insertions(+), 4 deletions(-)
	-
	-diff --git a/hw/ide.c b/hw/ide.c
	-index 211ec88..7b84d1b 100644
	---- a/hw/ide.c
	-+++ b/hw/ide.c
	-@@ -3009,8 +3009,10 @@ static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
	- (uint16_t )p = le16_to_cpu(val);
	- p += 2;
	- s->data_ptr = p;
	-- if (p >= s->data_end)
	-+ if (p >= s->data_end) {
	-+ s->status &= ~DRQ_STAT;
	- s->end_transfer_func(s);
	-+ }
	- }
	-
	- static uint32_t ide_data_readw(void *opaque, uint32_t addr)
	-@@ -3032,8 +3034,10 @@ static uint32_t ide_data_readw(void *opaque, uint32_t addr)
	- ret = cpu_to_le16((uint16_t )p);
	- p += 2;
	- s->data_ptr = p;
	-- if (p >= s->data_end)
	-+ if (p >= s->data_end) {
	-+ s->status &= ~DRQ_STAT;
	- s->end_transfer_func(s);
	-+ }
	- return ret;
	- }
	-
	-@@ -3055,8 +3059,10 @@ static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
	- (uint32_t )p = le32_to_cpu(val);
	- p += 4;
	- s->data_ptr = p;
	-- if (p >= s->data_end)
	-+ if (p >= s->data_end) {
	-+ s->status &= ~DRQ_STAT;
	- s->end_transfer_func(s);
	-+ }
	- }
	-
	- static uint32_t ide_data_readl(void *opaque, uint32_t addr)
	-@@ -3078,8 +3084,10 @@ static uint32_t ide_data_readl(void *opaque, uint32_t addr)
	- ret = cpu_to_le32((uint32_t )p);
	- p += 4;
	- s->data_ptr = p;
	-- if (p >= s->data_end)
	-+ if (p >= s->data_end) {
	-+ s->status &= ~DRQ_STAT;
	- s->end_transfer_func(s);
	-+ }
	- return ret;
	- }
	-
	---
	-2.1.4
	-
	Index: sysutils/xen-tools/files/xsa142-4.5.patch
	===================================================================
	--- /dev/null
	+++ sysutils/xen-tools/files/xsa142-4.5.patch
	@@ -0,0 +1,53 @@
	+From 07ca00703f76ad392eda5ee52cce1197cf49c30a Mon Sep 17 00:00:00 2001
	+From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
	+Subject: [PATCH v2.1 for-4.5] libxl: handle read-only drives with qemu-xen
	+
	+The current libxl code doesn't deal with read-only drives at all.
	+
	+Upstream QEMU and qemu-xen only support read-only cdrom drives: make
	+sure to specify "readonly=on" for cdrom drives and return error in case
	+the user requested a non-cdrom read-only drive.
	+
	+This is XSA-142, discovered by Lin Liu
	+(https://bugzilla.redhat.com/show_bug.cgi?id=1257893).
	+
	+Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
	+
	+Backport to Xen 4.5 and earlier, apropos of report and review from
	+Michael Young.
	+
	+Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
	+---
	+ tools/libxl/libxl_dm.c \| 13 +++++++++----
	+ 1 file changed, 9 insertions(+), 4 deletions(-)
	+
	+diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
	+index b4ce523..d74fb14 100644
	+--- a/tools/libxl/libxl_dm.c
	++++ b/tools/libxl/libxl_dm.c
	+@@ -797,13 +797,18 @@ static char ** libxl__build_device_model_args_new(libxl__gc *gc,
	+ if (disks[i].is_cdrom) {
	+ if (disks[i].format == LIBXL_DISK_FORMAT_EMPTY)
	+ drive = libxl__sprintf
	+- (gc, "if=ide,index=%d,media=cdrom,cache=writeback,id=ide-%i",
	+- disk, dev_number);
	++ (gc, "if=ide,index=%d,readonly=%s,media=cdrom,cache=writeback,id=ide-%i",
	++ disk, disks[i].readwrite ? "off" : "on", dev_number);
	+ else
	+ drive = libxl__sprintf
	+- (gc, "file=%s,if=ide,index=%d,media=cdrom,format=%s,cache=writeback,id=ide-%i",
	+- disks[i].pdev_path, disk, format, dev_number);
	++ (gc, "file=%s,if=ide,index=%d,readonly=%s,media=cdrom,format=%s,cache=writeback,id=ide-%i",
	++ disks[i].pdev_path, disk, disks[i].readwrite ? "off" : "on", format, dev_number);
	+ } else {
	++ if (!disks[i].readwrite) {
	++ LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "qemu-xen doesn't support read-only disk drivers");
	++ return NULL;
	++ }
	++
	+ if (disks[i].format == LIBXL_DISK_FORMAT_EMPTY) {
	+ LIBXL__LOG(ctx, LIBXL__LOG_WARNING, "cannot support"
	+ " empty disk format for %s", disks[i].vdev);
	+--
	+1.7.10.4
	+

File Metadata

Mime Type: text/plain
Expires: Fri, Jan 23, 11:10 PM (6 h, 6 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 27891151
Default Alt Text: D3854.diff (74 KB)

D3854.diffNo OneTemporaryActions

D3854.diffView Options

File Metadata

Event Timeline

D3854.diff
No OneTemporary
Actions

D3854.diff
View Options