D5420.diff
No OneTemporary
Actions

Size

24 KB

Referenced Files

None

Subscribers

None

D5420.diff
View Options

	Index: head/emulators/xen-kernel/Makefile
	===================================================================
	--- head/emulators/xen-kernel/Makefile
	+++ head/emulators/xen-kernel/Makefile
	@@ -3,7 +3,7 @@
	PORTNAME= xen
	PKGNAMESUFFIX= -kernel
	PORTVERSION= 4.5.2
	-PORTREVISION= 1
	+PORTREVISION= 2
	CATEGORIES= emulators
	MASTER_SITES= http://bits.xensource.com/oss-xen/release/${PORTVERSION}/

	@@ -31,10 +31,15 @@
	${FILESDIR}/0005-x86-rework-paging_log_dirty_op-to-work-with-hvm-gues.patch:-p2 \
	${FILESDIR}/0006-xen-pvh-enable-mmu_update-hypercall.patch:-p2 \
	${FILESDIR}/0007-iommu-fix-usage-of-shared-EPT-IOMMU-page-tables-on-P.patch:-p2 \
	+ ${FILESDIR}/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch:-p2 \
	+ ${FILESDIR}/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch:-p2 \
	${FILESDIR}/xsa156-4.5.patch:-p2 \
	${FILESDIR}/xsa159.patch:-p2 \
	${FILESDIR}/xsa165-4.5.patch:-p2 \
	- ${FILESDIR}/xsa166-4.5.patch:-p2
	+ ${FILESDIR}/xsa166-4.5.patch:-p2 \
	+ ${FILESDIR}/xsa167-4.6.patch:-p2 \
	+ ${FILESDIR}/xsa168.patch:-p2 \
	+ ${FILESDIR}/xsa170-4.5.patch:-p2


	.include <bsd.port.options.mk>
	Index: head/emulators/xen-kernel/files/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch
	===================================================================
	--- head/emulators/xen-kernel/files/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch
	+++ head/emulators/xen-kernel/files/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch
	@@ -0,0 +1,197 @@
	+From 8ddb99287cd18da99a95a9f70904a97b52893599 Mon Sep 17 00:00:00 2001
	+From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
	+Date: Wed, 20 May 2015 13:26:43 +0200
	+Subject: [PATCH 1/2] x86/pvh: use a custom IO bitmap for PVH hardware domains
	+MIME-Version: 1.0
	+Content-Type: text/plain; charset=UTF-8
	+Content-Transfer-Encoding: 8bit
	+
	+Since a PVH hardware domain has access to the physical hardware create a
	+custom more permissive IO bitmap. The permissions set on the bitmap are
	+populated based on the contents of the ioports rangeset.
	+
	+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
	+Signed-off-by: Jan Beulich <jbeulich@suse.com>
	+---
	+ xen/arch/x86/hvm/hvm.c \| 24 ++++++++++++++++++++++--
	+ xen/arch/x86/hvm/svm/vmcb.c \| 2 +-
	+ xen/arch/x86/hvm/vmx/vmcs.c \| 4 ++--
	+ xen/arch/x86/setup.c \| 28 ++++++++++++++++++++++++++++
	+ xen/common/domain.c \| 3 +++
	+ xen/include/asm-x86/hvm/domain.h \| 2 ++
	+ xen/include/asm-x86/setup.h \| 1 +
	+ 7 files changed, 59 insertions(+), 5 deletions(-)
	+
	+diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
	+index 689e402..89423fa 100644
	+--- a/xen/arch/x86/hvm/hvm.c
	++++ b/xen/arch/x86/hvm/hvm.c
	+@@ -77,9 +77,13 @@ integer_param("hvm_debug", opt_hvm_debug_level);
	+
	+ struct hvm_function_table hvm_funcs __read_mostly;
	+
	+-/* I/O permission bitmap is globally shared by all HVM guests. */
	++/*
	++ * The I/O permission bitmap is globally shared by all HVM guests except
	++ * the hardware domain which needs a more permissive one.
	++ */
	++#define HVM_IOBITMAP_SIZE (3 * PAGE_SIZE)
	+ unsigned long __attribute__ ((__section__ (".bss.page_aligned")))
	+- hvm_io_bitmap[3*PAGE_SIZE/BYTES_PER_LONG];
	++ hvm_io_bitmap[HVM_IOBITMAP_SIZE / BYTES_PER_LONG];
	+
	+ /* Xen command-line option to enable HAP */
	+ static bool_t __initdata opt_hap_enabled = 1;
	+@@ -1461,6 +1465,20 @@ int hvm_domain_initialise(struct domain *d)
	+ goto fail1;
	+ d->arch.hvm_domain.io_handler->num_slot = 0;
	+
	++ /* Set the default IO Bitmap. */
	++ if ( is_hardware_domain(d) )
	++ {
	++ d->arch.hvm_domain.io_bitmap = _xmalloc(HVM_IOBITMAP_SIZE, PAGE_SIZE);
	++ if ( d->arch.hvm_domain.io_bitmap == NULL )
	++ {
	++ rc = -ENOMEM;
	++ goto fail1;
	++ }
	++ memset(d->arch.hvm_domain.io_bitmap, ~0, HVM_IOBITMAP_SIZE);
	++ }
	++ else
	++ d->arch.hvm_domain.io_bitmap = hvm_io_bitmap;
	++
	+ if ( is_pvh_domain(d) )
	+ {
	+ register_portio_handler(d, 0, 0x10003, handle_pvh_io);
	+@@ -1496,6 +1514,8 @@ int hvm_domain_initialise(struct domain *d)
	+ stdvga_deinit(d);
	+ vioapic_deinit(d);
	+ fail1:
	++ if ( is_hardware_domain(d) )
	++ xfree(d->arch.hvm_domain.io_bitmap);
	+ xfree(d->arch.hvm_domain.io_handler);
	+ xfree(d->arch.hvm_domain.params);
	+ fail0:
	+diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c
	+index 21292bb..6339d2a 100644
	+--- a/xen/arch/x86/hvm/svm/vmcb.c
	++++ b/xen/arch/x86/hvm/svm/vmcb.c
	+@@ -118,7 +118,7 @@ static int construct_vmcb(struct vcpu *v)
	+ svm_disable_intercept_for_msr(v, MSR_AMD64_LWP_CBADDR);
	+
	+ vmcb->_msrpm_base_pa = (u64)virt_to_maddr(arch_svm->msrpm);
	+- vmcb->_iopm_base_pa = (u64)virt_to_maddr(hvm_io_bitmap);
	++ vmcb->_iopm_base_pa = __pa(v->domain->arch.hvm_domain.io_bitmap);
	+
	+ /* Virtualise EFLAGS.IF and LAPIC TPR (CR8). */
	+ vmcb->_vintr.fields.intr_masking = 1;
	+diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
	+index 3123706..355d1b5 100644
	+--- a/xen/arch/x86/hvm/vmx/vmcs.c
	++++ b/xen/arch/x86/hvm/vmx/vmcs.c
	+@@ -1032,8 +1032,8 @@ static int construct_vmcs(struct vcpu *v)
	+ }
	+
	+ /* I/O access bitmap. */
	+- __vmwrite(IO_BITMAP_A, virt_to_maddr((char *)hvm_io_bitmap + 0));
	+- __vmwrite(IO_BITMAP_B, virt_to_maddr((char *)hvm_io_bitmap + PAGE_SIZE));
	++ __vmwrite(IO_BITMAP_A, __pa(d->arch.hvm_domain.io_bitmap));
	++ __vmwrite(IO_BITMAP_B, __pa(d->arch.hvm_domain.io_bitmap) + PAGE_SIZE);
	+
	+ if ( cpu_has_vmx_virtual_intr_delivery )
	+ {
	+diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
	+index 2b9787a..cd333f9 100644
	+--- a/xen/arch/x86/setup.c
	++++ b/xen/arch/x86/setup.c
	+@@ -1446,6 +1446,8 @@ void __init noreturn __start_xen(unsigned long mbi_p)
	+
	+ dmi_end_boot();
	+
	++ setup_io_bitmap(dom0);
	++
	+ system_state = SYS_STATE_active;
	+
	+ domain_unpause_by_systemcontroller(dom0);
	+@@ -1509,6 +1511,32 @@ int __hwdom_init xen_in_range(unsigned long mfn)
	+ return 0;
	+ }
	+
	++static int __hwdom_init io_bitmap_cb(unsigned long s, unsigned long e,
	++ void *ctx)
	++{
	++ struct domain *d = ctx;
	++ unsigned int i;
	++
	++ ASSERT(e <= INT_MAX);
	++ for ( i = s; i <= e; i++ )
	++ __clear_bit(i, d->arch.hvm_domain.io_bitmap);
	++
	++ return 0;
	++}
	++
	++void __hwdom_init setup_io_bitmap(struct domain *d)
	++{
	++ int rc;
	++
	++ if ( has_hvm_container_domain(d) )
	++ {
	++ bitmap_fill(d->arch.hvm_domain.io_bitmap, 0x10000);
	++ rc = rangeset_report_ranges(d->arch.ioport_caps, 0, 0x10000,
	++ io_bitmap_cb, d);
	++ BUG_ON(rc);
	++ }
	++}
	++
	+ /*
	+ * Local variables:
	+ * mode: C
	+diff --git a/xen/common/domain.c b/xen/common/domain.c
	+index 6803c4d..b0e83f5 100644
	+--- a/xen/common/domain.c
	++++ b/xen/common/domain.c
	+@@ -42,6 +42,7 @@
	+ #include <xsm/xsm.h>
	+ #include <xen/trace.h>
	+ #include <xen/tmem.h>
	++#include <asm/setup.h>
	+
	+ /* Linux config option: propageted to domain0 */
	+ /* xen_processor_pmbits: xen control Cx, Px, ... */
	+@@ -219,6 +220,8 @@ static int late_hwdom_init(struct domain *d)
	+ rangeset_swap(d->iomem_caps, dom0->iomem_caps);
	+ #ifdef CONFIG_X86
	+ rangeset_swap(d->arch.ioport_caps, dom0->arch.ioport_caps);
	++ setup_io_bitmap(d);
	++ setup_io_bitmap(dom0);
	+ #endif
	+
	+ rcu_unlock_domain(dom0);
	+diff --git a/xen/include/asm-x86/hvm/domain.h b/xen/include/asm-x86/hvm/domain.h
	+index 0f8b19a..bdab45d 100644
	+--- a/xen/include/asm-x86/hvm/domain.h
	++++ b/xen/include/asm-x86/hvm/domain.h
	+@@ -141,6 +141,8 @@ struct hvm_domain {
	+ */
	+ uint64_t sync_tsc;
	+
	++ unsigned long *io_bitmap;
	++
	+ union {
	+ struct vmx_domain vmx;
	+ struct svm_domain svm;
	+diff --git a/xen/include/asm-x86/setup.h b/xen/include/asm-x86/setup.h
	+index 08bc23a..381d9f8 100644
	+--- a/xen/include/asm-x86/setup.h
	++++ b/xen/include/asm-x86/setup.h
	+@@ -32,6 +32,7 @@ int construct_dom0(
	+ module_t *initrd,
	+ void (bootstrap_map)(const module_t *),
	+ char *cmdline);
	++void setup_io_bitmap(struct domain *d);
	+
	+ unsigned long initial_images_nrpages(nodeid_t node);
	+ void discard_initial_images(void);
	+--
	+2.5.4 (Apple Git-61)
	+
	Index: head/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch
	===================================================================
	--- head/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch
	+++ head/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch
	@@ -0,0 +1,52 @@
	+From 72d5acdc1d5b83107066e25054f9119e7771cf70 Mon Sep 17 00:00:00 2001
	+From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
	+Date: Wed, 20 May 2015 13:27:23 +0200
	+Subject: [PATCH 2/2] x86/pvh: trap access to sensitive IO ports
	+MIME-Version: 1.0
	+Content-Type: text/plain; charset=UTF-8
	+Content-Transfer-Encoding: 8bit
	+
	+This is needed so Xen can properly trap 4 byte accesses to 0xcf8 in order to
	+keep consistency with accesses to 0xcfc.
	+
	+The access to RTC ports also needs to be trapped in order to keep
	+consistency, this includes RTC_PORT(0) and RTC_PORT(1) (0x70 and 0x71
	+respectively).
	+
	+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
	+---
	+ xen/arch/x86/setup.c \| 11 +++++++++++
	+ 1 file changed, 11 insertions(+)
	+
	+diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
	+index cd333f9..2cc9185 100644
	+--- a/xen/arch/x86/setup.c
	++++ b/xen/arch/x86/setup.c
	+@@ -49,6 +49,7 @@
	+ #include <xen/cpu.h>
	+ #include <asm/nmi.h>
	+ #include <asm/alternative.h>
	++#include <asm/mc146818rtc.h>
	+
	+ /* opt_nosmp: If true, secondary processors are ignored. */
	+ static bool_t __initdata opt_nosmp;
	+@@ -1534,6 +1535,16 @@ void __hwdom_init setup_io_bitmap(struct domain *d)
	+ rc = rangeset_report_ranges(d->arch.ioport_caps, 0, 0x10000,
	+ io_bitmap_cb, d);
	+ BUG_ON(rc);
	++ /*
	++ * NB: we need to trap accesses to 0xcf8 in order to intercept
	++ * 4 byte accesses, that need to be handled by Xen in order to
	++ * keep consistency.
	++ * Access to 1 byte RTC ports also needs to be trapped in order
	++ * to keep consistency with PV.
	++ */
	++ __set_bit(0xcf8, d->arch.hvm_domain.io_bitmap);
	++ __set_bit(RTC_PORT(0), d->arch.hvm_domain.io_bitmap);
	++ __set_bit(RTC_PORT(1), d->arch.hvm_domain.io_bitmap);
	+ }
	+ }
	+
	+--
	+2.5.4 (Apple Git-61)
	+
	Index: head/emulators/xen-kernel/files/xsa167-4.6.patch
	===================================================================
	--- head/emulators/xen-kernel/files/xsa167-4.6.patch
	+++ head/emulators/xen-kernel/files/xsa167-4.6.patch
	@@ -0,0 +1,77 @@
	+x86/mm: PV superpage handling lacks sanity checks
	+
	+MMUEXT_{,UN}MARK_SUPER fail to check the input MFN for validity before
	+dereferencing pointers into the superpage frame table.
	+
	+get_superpage() has a similar issue.
	+
	+This is XSA-167.
	+
	+Reported-by: Qinghao Tang <luodalongde@gmail.com>
	+Signed-off-by: Jan Beulich <jbeulich@suse.com>
	+Acked-by: Ian Campbell <ian.campbell@citrix.com>
	+
	+--- a/xen/arch/x86/mm.c
	++++ b/xen/arch/x86/mm.c
	+@@ -2624,6 +2624,9 @@ int get_superpage(unsigned long mfn, str
	+
	+ ASSERT(opt_allow_superpage);
	+
	++ if ( !mfn_valid(mfn \| (L1_PAGETABLE_ENTRIES - 1)) )
	++ return -EINVAL;
	++
	+ spage = mfn_to_spage(mfn);
	+ y = spage->type_info;
	+ do {
	+@@ -3401,42 +3404,26 @@ long do_mmuext_op(
	+ }
	+
	+ case MMUEXT_MARK_SUPER:
	++ case MMUEXT_UNMARK_SUPER:
	+ {
	+ unsigned long mfn = op.arg1.mfn;
	+
	+- if ( unlikely(d != pg_owner) )
	+- rc = -EPERM;
	+- else if ( mfn & (L1_PAGETABLE_ENTRIES-1) )
	+- {
	+- MEM_LOG("Unaligned superpage reference mfn %lx", mfn);
	+- okay = 0;
	+- }
	+- else if ( !opt_allow_superpage )
	++ if ( !opt_allow_superpage )
	+ {
	+ MEM_LOG("Superpages disallowed");
	+ rc = -ENOSYS;
	+ }
	+- else
	+- rc = mark_superpage(mfn_to_spage(mfn), d);
	+- break;
	+- }
	+-
	+- case MMUEXT_UNMARK_SUPER:
	+- {
	+- unsigned long mfn = op.arg1.mfn;
	+-
	+- if ( unlikely(d != pg_owner) )
	++ else if ( unlikely(d != pg_owner) )
	+ rc = -EPERM;
	+- else if ( mfn & (L1_PAGETABLE_ENTRIES-1) )
	++ else if ( mfn & (L1_PAGETABLE_ENTRIES - 1) )
	+ {
	+ MEM_LOG("Unaligned superpage reference mfn %lx", mfn);
	+- okay = 0;
	+- }
	+- else if ( !opt_allow_superpage )
	+- {
	+- MEM_LOG("Superpages disallowed");
	+- rc = -ENOSYS;
	++ rc = -EINVAL;
	+ }
	++ else if ( !mfn_valid(mfn \| (L1_PAGETABLE_ENTRIES - 1)) )
	++ rc = -EINVAL;
	++ else if ( op.cmd == MMUEXT_MARK_SUPER )
	++ rc = mark_superpage(mfn_to_spage(mfn), d);
	+ else
	+ rc = unmark_superpage(mfn_to_spage(mfn));
	+ break;
	Index: head/emulators/xen-kernel/files/xsa168.patch
	===================================================================
	--- head/emulators/xen-kernel/files/xsa168.patch
	+++ head/emulators/xen-kernel/files/xsa168.patch
	@@ -0,0 +1,27 @@
	+x86/VMX: prevent INVVPID failure due to non-canonical guest address
	+
	+While INVLPG (and on SVM INVLPGA) don't fault on non-canonical
	+addresses, INVVPID fails (in the "individual address" case) when passed
	+such an address.
	+
	+Since such intercepted INVLPG are effectively no-ops anyway, don't fix
	+this in vmx_invlpg_intercept(), but instead have paging_invlpg() never
	+return true in such a case.
	+
	+This is XSA-168.
	+
	+Signed-off-by: Jan Beulich <jbeulich@suse.com>
	+Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
	+Acked-by: Ian Campbell <ian.campbell@citrix.com>
	+
	+--- a/xen/include/asm-x86/paging.h
	++++ b/xen/include/asm-x86/paging.h
	+@@ -245,7 +245,7 @@ paging_fault(unsigned long va, struct cp
	+ * or 0 if it's safe not to do so. */
	+ static inline int paging_invlpg(struct vcpu *v, unsigned long va)
	+ {
	+- return paging_get_hostmode(v)->invlpg(v, va);
	++ return is_canonical_address(va) && paging_get_hostmode(v)->invlpg(v, va);
	+ }
	+
	+ /* Translate a guest virtual address to the frame number that the
	Index: head/emulators/xen-kernel/files/xsa170-4.5.patch
	===================================================================
	--- head/emulators/xen-kernel/files/xsa170-4.5.patch
	+++ head/emulators/xen-kernel/files/xsa170-4.5.patch
	@@ -0,0 +1,79 @@
	+x86/VMX: sanitize rIP before re-entering guest
	+
	+... to prevent guest user mode arranging for a guest crash (due to
	+failed VM entry). (On the AMD system I checked, hardware is doing
	+exactly the canonicalization being added here.)
	+
	+Note that fixing this in an architecturally correct way would be quite
	+a bit more involved: Making the x86 instruction emulator check all
	+branch targets for validity, plus dealing with invalid rIP resulting
	+from update_guest_eip() or incoming directly during a VM exit. The only
	+way to get the latter right would be by not having hardware do the
	+injection.
	+
	+Note further that there are a two early returns from
	+vmx_vmexit_handler(): One (through vmx_failed_vmentry()) leads to
	+domain_crash() anyway, and the other covers real mode only and can
	+neither occur with a non-canonical rIP nor result in an altered rIP,
	+so we don't need to force those paths through the checking logic.
	+
	+This is XSA-170.
	+
	+Reported-by: 刘令 <liuling-it@360.cn>
	+Signed-off-by: Jan Beulich <jbeulich@suse.com>
	+Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
	+Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
	+
	+--- a/xen/arch/x86/hvm/vmx/vmx.c
	++++ b/xen/arch/x86/hvm/vmx/vmx.c
	+@@ -2675,7 +2675,7 @@ void vmx_handle_EOI_induced_exit(struct
	+ void vmx_vmexit_handler(struct cpu_user_regs *regs)
	+ {
	+ unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0;
	+- unsigned int vector = 0;
	++ unsigned int vector = 0, mode;
	+ struct vcpu *v = current;
	+
	+ __vmread(GUEST_RIP, &regs->rip);
	+@@ -3219,6 +3219,41 @@ void vmx_vmexit_handler(struct cpu_user_
	+ out:
	+ if ( nestedhvm_vcpu_in_guestmode(v) )
	+ nvmx_idtv_handling();
	++
	++ /*
	++ * VM entry will fail (causing the guest to get crashed) if rIP (and
	++ * rFLAGS, but we don't have an issue there) doesn't meet certain
	++ * criteria. As we must not allow less than fully privileged mode to have
	++ * such an effect on the domain, we correct rIP in that case (accepting
	++ * this not being architecturally correct behavior, as the injected #GP
	++ * fault will then not see the correct [invalid] return address).
	++ * And since we know the guest will crash, we crash it right away if it
	++ * already is in most privileged mode.
	++ */
	++ mode = vmx_guest_x86_mode(v);
	++ if ( mode == 8 ? !is_canonical_address(regs->rip)
	++ : regs->rip != regs->_eip )
	++ {
	++ struct segment_register ss;
	++
	++ gdprintk(XENLOG_WARNING, "Bad rIP %lx for mode %u\n", regs->rip, mode);
	++
	++ vmx_get_segment_register(v, x86_seg_ss, &ss);
	++ if ( ss.attr.fields.dpl )
	++ {
	++ __vmread(VM_ENTRY_INTR_INFO, &intr_info);
	++ if ( !(intr_info & INTR_INFO_VALID_MASK) )
	++ hvm_inject_hw_exception(TRAP_gp_fault, 0);
	++ /* Need to fix rIP nevertheless. */
	++ if ( mode == 8 )
	++ regs->rip = (long)(regs->rip << (64 - VADDR_BITS)) >>
	++ (64 - VADDR_BITS);
	++ else
	++ regs->rip = regs->_eip;
	++ }
	++ else
	++ domain_crash(v->domain);
	++ }
	+ }
	+
	+ void vmx_vmenter_helper(const struct cpu_user_regs *regs)
	Index: head/emulators/xen/Makefile
	===================================================================
	--- head/emulators/xen/Makefile
	+++ head/emulators/xen/Makefile
	@@ -2,7 +2,7 @@

	PORTNAME= xen
	PORTVERSION= 4.5.2
	-PORTREVISION= 1
	+PORTREVISION= 2
	CATEGORIES= emulators

	MAINTAINER= royger@FreeBSD.org
	Index: head/sysutils/xen-tools/Makefile
	===================================================================
	--- head/sysutils/xen-tools/Makefile
	+++ head/sysutils/xen-tools/Makefile
	@@ -2,7 +2,7 @@

	PORTNAME= xen
	PORTVERSION= 4.5.2
	-PORTREVISION= 1
	+PORTREVISION= 2
	CATEGORIES= sysutils emulators
	MASTER_SITES= http://bits.xensource.com/oss-xen/release/${PORTVERSION}/ \
	http://code.coreboot.org/p/seabios/downloads/get/:seabios
	@@ -24,7 +24,7 @@
	ONLY_FOR_ARCHS= amd64
	ONLY_FOR_ARCHS_REASON= "not yet ported to anything other than amd64"

	-SEABIOSVERSION= 1.8.1
	+SEABIOSVERSION= 1.8.2
	DISTFILES+= ${DISTNAME}.tar.gz \
	seabios-${SEABIOSVERSION}.tar.gz:seabios

	@@ -49,6 +49,7 @@
	--cxx=c++

	EXTRA_PATCHES= ${FILESDIR}/0002-libxc-fix-xc_dom_load_elf_symtab.patch:-p1 \
	+ ${FILESDIR}/0001-build-fix-.text-section-address-alignment.patch:-p1 \
	${FILESDIR}/xsa160-4.6.patch:-p1

	CONFIGURE_ARGS+= --with-extra-qemuu-configure-args="${QEMU_ARGS}"
	@@ -77,9 +78,9 @@
	${WRKSRC}/tools/qemu-xen-traditional/i386-dm/helper2.c \
	${WRKSRC}/docs/man/*
	@for p in ${FILESDIR}/qemuu.patch; do \
	- ${ECHO_CMD} "====> Applying $${p##*/}" ; \
	- ${PATCH} -s -p1 -i $${p} -d ${WRKSRC}/tools/qemu-xen ; \
	- done
	+ ${ECHO_CMD} "====> Applying $${p##*/}" ; \
	+ ${PATCH} -s -p1 -i $${p} -d ${WRKSRC}/tools/qemu-xen ; \
	+ done

	post-install:
	${MKDIR} ${STAGEDIR}/var/run/xen
	Index: head/sysutils/xen-tools/distinfo
	===================================================================
	--- head/sysutils/xen-tools/distinfo
	+++ head/sysutils/xen-tools/distinfo
	@@ -1,4 +1,4 @@
	SHA256 (xen-4.5.2.tar.gz) = 4c9e5dac4eea484974e9f76da2756c8e0973b4e884d28d37e955df9ebf00e7e8
	SIZE (xen-4.5.2.tar.gz) = 18416220
	-SHA256 (seabios-1.8.1.tar.gz) = 283bd848f5ce9d4bc52add973a856347e02c9ce89a9e6bc92c99359b87c9871d
	-SIZE (seabios-1.8.1.tar.gz) = 537712
	+SHA256 (seabios-1.8.2.tar.gz) = f59479307fdae840de398b75aacb2333c8eba24a5964d68c77e32ca6c987ee61
	+SIZE (seabios-1.8.2.tar.gz) = 538497
	Index: head/sysutils/xen-tools/files/0001-build-fix-.text-section-address-alignment.patch
	===================================================================
	--- head/sysutils/xen-tools/files/0001-build-fix-.text-section-address-alignment.patch
	+++ head/sysutils/xen-tools/files/0001-build-fix-.text-section-address-alignment.patch
	@@ -0,0 +1,71 @@
	+From 70a912f04dec2b556f37a60d1f596fcedb13f8a8 Mon Sep 17 00:00:00 2001
	+From: Kevin O'Connor <kevin@koconnor.net>
	+Date: Wed, 24 Feb 2016 11:45:55 +0100
	+Subject: [PATCH] build: fix .text section address alignment
	+MIME-Version: 1.0
	+Content-Type: text/plain; charset=UTF-8
	+Content-Transfer-Encoding: 8bit
	+
	+Some linkers verify that sections have a start address that is aligned
	+with the minimum alignment of that section. Add extra padding to the
	+".text" section to ensure it is always aligned with the maximum
	+alignment of any section placed in ".text".
	+
	+Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
	+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
	+Reported by: Ed Maste <emaste@FreeBSD.org>
	+---
	+ scripts/layoutrom.py \| 14 ++++++++++----
	+ 1 file changed, 10 insertions(+), 4 deletions(-)
	+
	+diff --git a/tools/firmware/seabios-dir/scripts/layoutrom.py b/tools/firmware/seabios-dir/scripts/layoutrom.py
	+index dd770fe..c7e406c 100755
	+--- a/tools/firmware/seabios-dir/scripts/layoutrom.py
	++++ b/tools/firmware/seabios-dir/scripts/layoutrom.py
	+@@ -34,18 +34,22 @@ COMMONTRAILER = """
	+ # Determine section locations
	+ ######################################################################
	+
	+-# Align 'pos' to 'alignbytes' offset
	++# Align 'pos' up to 'alignbytes' offset
	+ def alignpos(pos, alignbytes):
	+ mask = alignbytes - 1
	+ return (pos + mask) & ~mask
	+
	++# Align 'pos' down to 'alignbytes' offset
	++def aligndown(pos, alignbytes):
	++ mask = alignbytes - 1
	++ return pos & ~mask
	++
	+ # Determine the final addresses for a list of sections that end at an
	+ # address.
	+ def setSectionsStart(sections, endaddr, minalign=1, segoffset=0):
	+ totspace = 0
	+ for section in sections:
	+- if section.align > minalign:
	+- minalign = section.align
	++ minalign = max(minalign, section.align)
	+ totspace = alignpos(totspace, section.align) + section.size
	+ startaddr = int((endaddr - totspace) / minalign) * minalign
	+ curaddr = startaddr
	+@@ -267,7 +271,7 @@ def doLayout(sections, config, genreloc):
	+ final_sec32low_end = BUILD_LOWRAM_END
	+ zonelow_base = final_sec32low_end - 64*1024
	+ relocdelta = final_sec32low_end - sec32low_end
	+- li.sec32low_start, li.sec32low_align = setSectionsStart(
	++ li.sec32low_start, sec32low_align = setSectionsStart(
	+ sections32low, sec32low_end, 16
	+ , segoffset=zonelow_base - relocdelta)
	+ li.sec32low_end = sec32low_end
	+@@ -399,6 +403,8 @@ def writeLinkerScripts(li, out16, out32seg, out32flat):
	+ filesections32flat = getSectionsFileid(li.sections, '32flat')
	+ out = outXRefs([], exportsyms=li.varlowsyms
	+ , forcedelta=li.final_sec32low_start-li.sec32low_start)
	++ sec32all_align = max([section.align for section in li.sections])
	++ sec32all_start = aligndown(sec32all_start, sec32all_align)
	+ out += outXRefs(filesections32flat, exportsyms=[li.entrysym]) + """
	+ _reloc_min_align = 0x%x ;
	+ zonefseg_start = 0x%x ;
	+--
	+2.5.4 (Apple Git-61)
	+
	Index: head/sysutils/xen-tools/files/patch-tools_firmware_seabios-dir_scripts_buildversion.sh
	===================================================================
	--- head/sysutils/xen-tools/files/patch-tools_firmware_seabios-dir_scripts_buildversion.sh
	+++ head/sysutils/xen-tools/files/patch-tools_firmware_seabios-dir_scripts_buildversion.sh
	@@ -1,11 +1,11 @@
	--- tools/firmware/seabios-dir/scripts/buildversion.sh.orig 2015-03-13 09:02:17 UTC
	+++ tools/firmware/seabios-dir/scripts/buildversion.sh
	-@@ -11,7 +11,7 @@ elif [ -f .version ]; then
	+@@ -12,7 +12,7 @@ if [ -z "$BUILD_VERSION" ]; then
	+ else
	+ VERSION="?"
	+ fi
	+- VERSION="${VERSION}-`date +"%Y%m%d_%H%M%S"`-`hostname`"
	++ VERSION="${VERSION}"
	else
	- VERSION="?"
	+ VERSION="$BUILD_VERSION"
	fi
	--VERSION="${VERSION}-`date +"%Y%m%d_%H%M%S"`-`hostname`"
	-+VERSION="${VERSION}"
	- echo "Version: ${VERSION}"
	-
	- # Build header file

File Metadata

Mime Type: text/plain
Expires: Wed, Mar 25, 1:35 AM (4 h, 15 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 30288107
Default Alt Text: D5420.diff (24 KB)

D5420.diffNo OneTemporaryActions

D5420.diffView Options

File Metadata

Event Timeline

D5420.diff
No OneTemporary
Actions

D5420.diff
View Options