diff --git a/emulators/xen-kernel/Makefile b/emulators/xen-kernel/Makefile index bb8cdb93dab0..72ace54c0a32 100644 --- a/emulators/xen-kernel/Makefile +++ b/emulators/xen-kernel/Makefile @@ -1,51 +1,65 @@ PORTNAME= xen -PORTVERSION= 4.15.0 -PORTREVISION= 2 +PORTVERSION= 4.16.0 +PORTREVISION= 0 CATEGORIES= emulators MASTER_SITES= http://downloads.xenproject.org/release/xen/${PORTVERSION}/ PKGNAMESUFFIX= -kernel MAINTAINER= royger@FreeBSD.org COMMENT= Hypervisor using a microkernel design LICENSE= GPLv2 ONLY_FOR_ARCHS= amd64 USES= cpe gmake python:build bison # Ports build environment has ARCH=amd64 set which disables Xen automatic arch # detection, but amd64 is not a valid arch for Xen. Hardcode x86_64 on the # command line in order to overwrite the one from the environment. MAKE_ARGS= clang=y PYTHON=${PYTHON_CMD} ARCH=x86_64 NO_MTREE= yes STRIP= # PLIST_FILES= /boot/xen \ - lib/debug/boot/xen.debug + /boot/xen-debug \ + lib/debug/boot/xen.debug \ + lib/debug/boot/xen-debug.debug -# Fix grant/foreign mapping cache attributes on Intel. -EXTRA_PATCHES+= ${PATCHDIR}/0001-x86-mtrr-remove-stale-function-prototype.patch:-p1 \ - ${PATCHDIR}/0002-x86-mtrr-move-epte_get_entry_emt-to-p2m-ept.c.patch:-p1 \ - ${PATCHDIR}/0003-x86-ept-force-WB-cache-attributes-for-grant-and-fore.patch:-p1 +# XSA-395 +EXTRA_PATCHES+= ${PATCHDIR}/xsa395.patch:-p1 -# Fix build with clang 13.0.0 -EXTRA_PATCHES+= ${PATCHDIR}/0001-efi-fix-alignment-of-function-parameters-in-compat-m.patch:-p1 +# XSA-398 +EXTRA_PATCHES+= ${PATCHDIR}/0001-x86-spec-ctrl-Drop-use_spec_ctrl-boolean.patch:-p1 \ + ${PATCHDIR}/0002-x86-spec-ctrl-Introduce-new-has_spec_ctrl-boolean.patch:-p1 \ + ${PATCHDIR}/xsa398-4.16-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch:-p1 + +# Add retpoline support for clang builds +EXTRA_PATCHES+= ${PATCHDIR}/0001-x86-retpoline-split-retpoline-compiler-support-into-.patch:-p1 \ + ${PATCHDIR}/0002-x86-clang-add-retpoline-support.patch:-p1 .include .if ${OPSYS} != FreeBSD IGNORE= only supported on FreeBSD .endif # The ports native 'build' target cannot be used because it sets # CFLAGS, and that breaks the Xen build system. +# +# Build both a production and a debug hypervisor. do-build: + ${MAKE_CMD} -j${MAKE_JOBS_NUMBER} -C ${WRKSRC} build-xen ${MAKE_ARGS} debug=y + cp ${WRKSRC}/xen/xen ${WRKSRC}/xen/xen-debug + cp ${WRKSRC}/xen/xen-syms ${WRKSRC}/xen/xen-debug-syms + ${MAKE_CMD} -j${MAKE_JOBS_NUMBER} -C ${WRKSRC} clean-xen ${MAKE_ARGS} ${MAKE_CMD} -j${MAKE_JOBS_NUMBER} -C ${WRKSRC} build-xen ${MAKE_ARGS} do-install: ${MKDIR} ${STAGEDIR}/boot ${MKDIR} ${STAGEDIR}${PREFIX}/lib/debug/boot/ ${INSTALL_PROGRAM} ${WRKSRC}/xen/xen ${STAGEDIR}/boot ${INSTALL_DATA} ${WRKSRC}/xen/xen-syms ${STAGEDIR}${PREFIX}/lib/debug/boot/xen.debug + ${INSTALL_PROGRAM} ${WRKSRC}/xen/xen-debug ${STAGEDIR}/boot + ${INSTALL_DATA} ${WRKSRC}/xen/xen-debug-syms ${STAGEDIR}${PREFIX}/lib/debug/boot/xen-debug.debug .include diff --git a/emulators/xen-kernel/distinfo b/emulators/xen-kernel/distinfo index 740fd456bc18..d197e536add4 100644 --- a/emulators/xen-kernel/distinfo +++ b/emulators/xen-kernel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1620647879 -SHA256 (xen-4.15.0.tar.gz) = 6cf41394726c9f2913edcd6707457d9b7a910a4d75d95e9ecdebf02b00f1adad -SIZE (xen-4.15.0.tar.gz) = 40785399 +TIMESTAMP = 1648563575 +SHA256 (xen-4.16.0.tar.gz) = adc87a90e614d090a2014b9aebae8d815a7348bf329d169b3cb655256d0ee995 +SIZE (xen-4.16.0.tar.gz) = 44982322 diff --git a/emulators/xen-kernel/files/0001-efi-fix-alignment-of-function-parameters-in-compat-m.patch b/emulators/xen-kernel/files/0001-efi-fix-alignment-of-function-parameters-in-compat-m.patch deleted file mode 100644 index 1612c5a113a1..000000000000 --- a/emulators/xen-kernel/files/0001-efi-fix-alignment-of-function-parameters-in-compat-m.patch +++ /dev/null @@ -1,105 +0,0 @@ -From be12fcca8b784e456df3adedbffe657d753c5ff9 Mon Sep 17 00:00:00 2001 -From: Roger Pau Monne -Date: Thu, 18 Nov 2021 09:28:06 +0100 -Subject: [PATCH] efi: fix alignment of function parameters in compat mode -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Currently the max_store_size, remain_store_size and max_size in -compat_pf_efi_runtime_call are 4 byte aligned, which makes clang -13.0.0 complain with: - -In file included from compat.c:30: -./runtime.c:646:13: error: passing 4-byte aligned argument to 8-byte aligned parameter 2 of 'QueryVariableInfo' may result in an unaligned pointer access [-Werror,-Walign-mismatch] - &op->u.query_variable_info.max_store_size, - ^ -./runtime.c:647:13: error: passing 4-byte aligned argument to 8-byte aligned parameter 3 of 'QueryVariableInfo' may result in an unaligned pointer access [-Werror,-Walign-mismatch] - &op->u.query_variable_info.remain_store_size, - ^ -./runtime.c:648:13: error: passing 4-byte aligned argument to 8-byte aligned parameter 4 of 'QueryVariableInfo' may result in an unaligned pointer access [-Werror,-Walign-mismatch] - &op->u.query_variable_info.max_size); - ^ -Fix this by bouncing the variables on the stack in order for them to -be 8 byte aligned. - -Note this could be done in a more selective manner to only apply to -compat code calls, but given the overhead of making an EFI call doing -an extra copy of 3 variables doesn't seem to warrant the special -casing. - -Signed-off-by: Roger Pau Monné -Release-Acked-by: Ian Jackson -Reviewed-by: Ian Jackson -Signed-off-by: Ian Jackson -Reviewed-by: Jan Beulich - ---- -Changes since v3: - - Remove hard tabs. Apply Jan's r-b as authorised in email. -Changes since v2: - - Adjust the commentary as per discussion. -Changes since v1: - - Copy back the results. ---- - xen/common/efi/runtime.c | 31 +++++++++++++++++++++++++++---- - 1 file changed, 27 insertions(+), 4 deletions(-) - -diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c -index 375b94229e..d2fdc28df3 100644 ---- a/xen/common/efi/runtime.c -+++ b/xen/common/efi/runtime.c -@@ -607,6 +607,9 @@ int efi_runtime_call(struct xenpf_efi_runtime_call *op) - break; - - case XEN_EFI_query_variable_info: -+ { -+ uint64_t max_store_size, remain_store_size, max_size; -+ - if ( op->misc & ~XEN_EFI_VARINFO_BOOT_SNAPSHOT ) - return -EINVAL; - -@@ -638,16 +641,36 @@ int efi_runtime_call(struct xenpf_efi_runtime_call *op) - - if ( !efi_enabled(EFI_RS) || (efi_rs->Hdr.Revision >> 16) < 2 ) - return -EOPNOTSUPP; -+ -+ /* -+ * Bounce the variables onto the stack to make them 8 byte aligned when -+ * called from the compat handler, as their placement in -+ * compat_pf_efi_runtime_call will make them 4 byte aligned instead and -+ * and compilers may validly complain. -+ * -+ * Note that while the function parameters are OUT only, copy the -+ * values here anyway just in case. This is done regardless of whether -+ * called from the compat handler or not, as it's not worth the extra -+ * logic to differentiate. -+ */ -+ max_store_size = op->u.query_variable_info.max_store_size; -+ remain_store_size = op->u.query_variable_info.remain_store_size; -+ max_size = op->u.query_variable_info.max_size; -+ - state = efi_rs_enter(); - if ( !state.cr3 ) - return -EOPNOTSUPP; - status = efi_rs->QueryVariableInfo( -- op->u.query_variable_info.attr, -- &op->u.query_variable_info.max_store_size, -- &op->u.query_variable_info.remain_store_size, -- &op->u.query_variable_info.max_size); -+ op->u.query_variable_info.attr, &max_store_size, &remain_store_size, -+ &max_size); - efi_rs_leave(&state); -+ -+ op->u.query_variable_info.max_store_size = max_store_size; -+ op->u.query_variable_info.remain_store_size = remain_store_size; -+ op->u.query_variable_info.max_size = max_size; -+ - break; -+ } - - case XEN_EFI_query_capsule_capabilities: - case XEN_EFI_update_capsule: --- -2.33.0 - diff --git a/emulators/xen-kernel/files/0001-x86-mtrr-remove-stale-function-prototype.patch b/emulators/xen-kernel/files/0001-x86-mtrr-remove-stale-function-prototype.patch deleted file mode 100644 index b4cd1a4061ce..000000000000 --- a/emulators/xen-kernel/files/0001-x86-mtrr-remove-stale-function-prototype.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c8aaa97f84170192b05b3020a55c69f71d84629f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= -Date: Mon, 31 May 2021 12:47:12 +0200 -Subject: [PATCH 1/3] x86/mtrr: remove stale function prototype -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Fixes: 1c84d04673 ('VMX: remove the problematic set_uc_mode logic') -Signed-off-by: Roger Pau Monné -Acked-by: Jan Beulich ---- - xen/include/asm-x86/mtrr.h | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/xen/include/asm-x86/mtrr.h b/xen/include/asm-x86/mtrr.h -index 4be704cb6a..24e5de5c22 100644 ---- a/xen/include/asm-x86/mtrr.h -+++ b/xen/include/asm-x86/mtrr.h -@@ -78,8 +78,6 @@ extern u32 get_pat_flags(struct vcpu *v, u32 gl1e_flags, paddr_t gpaddr, - extern int epte_get_entry_emt(struct domain *, unsigned long gfn, mfn_t mfn, - unsigned int order, uint8_t *ipat, - bool_t direct_mmio); --extern void ept_change_entry_emt_with_range( -- struct domain *d, unsigned long start_gfn, unsigned long end_gfn); - extern unsigned char pat_type_2_pte_flags(unsigned char pat_type); - extern int hold_mtrr_updates_on_aps; - extern void mtrr_aps_sync_begin(void); --- -2.31.1 - diff --git a/emulators/xen-kernel/files/0001-x86-retpoline-split-retpoline-compiler-support-into-.patch b/emulators/xen-kernel/files/0001-x86-retpoline-split-retpoline-compiler-support-into-.patch new file mode 100644 index 000000000000..bee5db0ab16c --- /dev/null +++ b/emulators/xen-kernel/files/0001-x86-retpoline-split-retpoline-compiler-support-into-.patch @@ -0,0 +1,66 @@ +From e245bc154300b5d0367b64e8b937c9d1da508ad3 Mon Sep 17 00:00:00 2001 +From: Roger Pau Monne +Date: Fri, 18 Feb 2022 15:34:14 +0100 +Subject: [PATCH 1/2] x86/retpoline: split retpoline compiler support into + separate option +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Keep the previous option as a way to signal generic retpoline support +regardless of the underlying compiler, while introducing a new +CC_HAS_INDIRECT_THUNK that signals whether the underlying compiler +supports retpoline. + +No functional change intended. + +Signed-off-by: Roger Pau Monné +Acked-by: Andrew Cooper +--- + xen/arch/x86/Kconfig | 6 +++++- + xen/arch/x86/arch.mk | 10 ++++++---- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig +index b4abfca46f..fe89fa7274 100644 +--- a/xen/arch/x86/Kconfig ++++ b/xen/arch/x86/Kconfig +@@ -32,9 +32,13 @@ config ARCH_DEFCONFIG + string + default "arch/x86/configs/x86_64_defconfig" + +-config INDIRECT_THUNK ++config CC_HAS_INDIRECT_THUNK + def_bool $(cc-option,-mindirect-branch-register) + ++config INDIRECT_THUNK ++ def_bool y ++ depends on CC_HAS_INDIRECT_THUNK ++ + config HAS_AS_CET_SS + # binutils >= 2.29 or LLVM >= 6 + def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) +diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk +index bfd5eaa35f..15d0cbe487 100644 +--- a/xen/arch/x86/arch.mk ++++ b/xen/arch/x86/arch.mk +@@ -42,10 +42,12 @@ CFLAGS += -mno-red-zone -fpic + # SSE setup for variadic function calls. + CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) + +-# Compile with thunk-extern, indirect-branch-register if avaiable. +-CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern +-CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register +-CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables ++ifeq ($(CONFIG_INDIRECT_THUNK),y) ++# Compile with gcc thunk-extern, indirect-branch-register if available. ++CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch=thunk-extern ++CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch-register ++CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables ++endif + + # If supported by the compiler, reduce stack alignment to 8 bytes. But allow + # this to be overridden elsewhere. +-- +2.35.1 + diff --git a/emulators/xen-kernel/files/0001-x86-spec-ctrl-Drop-use_spec_ctrl-boolean.patch b/emulators/xen-kernel/files/0001-x86-spec-ctrl-Drop-use_spec_ctrl-boolean.patch new file mode 100644 index 000000000000..42bde92c5de5 --- /dev/null +++ b/emulators/xen-kernel/files/0001-x86-spec-ctrl-Drop-use_spec_ctrl-boolean.patch @@ -0,0 +1,65 @@ +From 7f34b6a895d10744bab32fc843246c45da444d8b Mon Sep 17 00:00:00 2001 +From: Andrew Cooper +Date: Tue, 25 Jan 2022 16:09:59 +0000 +Subject: [PATCH 1/2] x86/spec-ctrl: Drop use_spec_ctrl boolean + +Several bugfixes have reduced the utility of this variable from it's original +purpose, and now all it does is aid in the setup of SCF_ist_wrmsr. + +Simplify the logic by drop the variable, and doubling up the setting of +SCF_ist_wrmsr for the PV and HVM blocks, which will make the AMD SPEC_CTRL +support easier to follow. Leave a comment explaining why SCF_ist_wrmsr is +still necessary for the VMExit case. + +No functional change. + +Signed-off-by: Andrew Cooper +Reviewed-by: Jan Beulich +(cherry picked from commit ec083bf552c35e10347449e21809f4780f8155d2) +--- + xen/arch/x86/spec_ctrl.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c +index c18cc8aa49..8a550d0a09 100644 +--- a/xen/arch/x86/spec_ctrl.c ++++ b/xen/arch/x86/spec_ctrl.c +@@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) + void __init init_speculation_mitigations(void) + { + enum ind_thunk thunk = THUNK_DEFAULT; +- bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; ++ bool ibrs = false, hw_smt_enabled; + bool cpu_has_bug_taa; + uint64_t caps = 0; + +@@ -1016,19 +1016,21 @@ void __init init_speculation_mitigations(void) + { + if ( opt_msr_sc_pv ) + { +- use_spec_ctrl = true; ++ default_spec_ctrl_flags |= SCF_ist_wrmsr; + setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); + } + + if ( opt_msr_sc_hvm ) + { +- use_spec_ctrl = true; ++ /* ++ * While the guest MSR_SPEC_CTRL value is loaded/saved atomically, ++ * Xen's value is not restored atomically. An early NMI hitting ++ * the VMExit path needs to restore Xen's value for safety. ++ */ ++ default_spec_ctrl_flags |= SCF_ist_wrmsr; + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } + +- if ( use_spec_ctrl ) +- default_spec_ctrl_flags |= SCF_ist_wrmsr; +- + if ( ibrs ) + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + } +-- +2.35.1 + diff --git a/emulators/xen-kernel/files/0002-x86-clang-add-retpoline-support.patch b/emulators/xen-kernel/files/0002-x86-clang-add-retpoline-support.patch new file mode 100644 index 000000000000..e650a71b59ab --- /dev/null +++ b/emulators/xen-kernel/files/0002-x86-clang-add-retpoline-support.patch @@ -0,0 +1,56 @@ +From 9412486707f8f1ca2eb31c2ef330c5e39c0a2f30 Mon Sep 17 00:00:00 2001 +From: Roger Pau Monne +Date: Fri, 18 Feb 2022 15:34:15 +0100 +Subject: [PATCH 2/2] x86/clang: add retpoline support +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Detect whether the compiler supports clang retpoline option and enable +by default if available, just like it's done for gcc. + +Note clang already disables jump tables when retpoline is enabled, so +there's no need to also pass the fno-jump-tables parameter. Also clang +already passes the return address in a register always on amd64, so +there's no need for any equivalent mindirect-branch-register +parameter. + +Reported-by: Andrew Cooper +Signed-off-by: Roger Pau Monné +Acked-by: Andrew Cooper +--- + xen/arch/x86/Kconfig | 3 ++- + xen/arch/x86/arch.mk | 3 +++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig +index fe89fa7274..1465874097 100644 +--- a/xen/arch/x86/Kconfig ++++ b/xen/arch/x86/Kconfig +@@ -33,7 +33,8 @@ config ARCH_DEFCONFIG + default "arch/x86/configs/x86_64_defconfig" + + config CC_HAS_INDIRECT_THUNK +- def_bool $(cc-option,-mindirect-branch-register) ++ def_bool $(cc-option,-mindirect-branch-register) || \ ++ $(cc-option,-mretpoline-external-thunk) + + config INDIRECT_THUNK + def_bool y +diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk +index 15d0cbe487..edfc043dbb 100644 +--- a/xen/arch/x86/arch.mk ++++ b/xen/arch/x86/arch.mk +@@ -47,6 +47,9 @@ ifeq ($(CONFIG_INDIRECT_THUNK),y) + CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch=thunk-extern + CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch-register + CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables ++ ++# Enable clang retpoline support if available. ++CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpoline-external-thunk + endif + + # If supported by the compiler, reduce stack alignment to 8 bytes. But allow +-- +2.35.1 + diff --git a/emulators/xen-kernel/files/0002-x86-mtrr-move-epte_get_entry_emt-to-p2m-ept.c.patch b/emulators/xen-kernel/files/0002-x86-mtrr-move-epte_get_entry_emt-to-p2m-ept.c.patch deleted file mode 100644 index 5490b63534c0..000000000000 --- a/emulators/xen-kernel/files/0002-x86-mtrr-move-epte_get_entry_emt-to-p2m-ept.c.patch +++ /dev/null @@ -1,377 +0,0 @@ -From bad7fc7a20452f5ba5e2aaf0019affec7fa87271 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= -Date: Thu, 17 Jun 2021 17:58:11 +0200 -Subject: [PATCH 2/3] x86/mtrr: move epte_get_entry_emt to p2m-ept.c -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is an EPT specific function, so it shouldn't live in the generic -mtrr file. Such movement is also needed for future work that will -require passing a p2m_type_t parameter to epte_get_entry_emt, and -making that type visible to the mtrr users is cumbersome and -unneeded. - -Moving epte_get_entry_emt out of mtrr.c requires making the helper to -get the MTRR type of an address from the mtrr state public. While -there rename the function to start with the mtrr prefix, like other -mtrr related functions. - -While there fix some of the types of the function parameters. - -No functional change intended. - -Signed-off-by: Roger Pau Monné -Reviewed-by: Jan Beulich -Reviewed-by: Kevin Tian ---- - xen/arch/x86/hvm/mtrr.c | 109 +--------------------------- - xen/arch/x86/mm/p2m-ept.c | 115 ++++++++++++++++++++++++++++-- - xen/include/asm-x86/hvm/vmx/vmx.h | 2 + - xen/include/asm-x86/mtrr.h | 5 +- - 4 files changed, 117 insertions(+), 114 deletions(-) - -diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c -index fb051d59c3..4a9f3177ed 100644 ---- a/xen/arch/x86/hvm/mtrr.c -+++ b/xen/arch/x86/hvm/mtrr.c -@@ -194,8 +194,7 @@ void hvm_vcpu_cacheattr_destroy(struct vcpu *v) - * May return a negative value when order > 0, indicating to the caller - * that the respective mapping needs splitting. - */ --static int get_mtrr_type(const struct mtrr_state *m, -- paddr_t pa, unsigned int order) -+int mtrr_get_type(const struct mtrr_state *m, paddr_t pa, unsigned int order) - { - uint8_t overlap_mtrr = 0; - uint8_t overlap_mtrr_pos = 0; -@@ -323,7 +322,7 @@ static uint8_t effective_mm_type(struct mtrr_state *m, - * just use it - */ - if ( gmtrr_mtype == NO_HARDCODE_MEM_TYPE ) -- mtrr_mtype = get_mtrr_type(m, gpa, 0); -+ mtrr_mtype = mtrr_get_type(m, gpa, 0); - else - mtrr_mtype = gmtrr_mtype; - -@@ -350,7 +349,7 @@ uint32_t get_pat_flags(struct vcpu *v, - guest_eff_mm_type = effective_mm_type(g, pat, gpaddr, - gl1e_flags, gmtrr_mtype); - /* 2. Get the memory type of host physical address, with MTRR */ -- shadow_mtrr_type = get_mtrr_type(&mtrr_state, spaddr, 0); -+ shadow_mtrr_type = mtrr_get_type(&mtrr_state, spaddr, 0); - - /* 3. Find the memory type in PAT, with host MTRR memory type - * and guest effective memory type. -@@ -789,108 +788,6 @@ void memory_type_changed(struct domain *d) - } - } - --int epte_get_entry_emt(struct domain *d, unsigned long gfn, mfn_t mfn, -- unsigned int order, uint8_t *ipat, bool_t direct_mmio) --{ -- int gmtrr_mtype, hmtrr_mtype; -- struct vcpu *v = current; -- unsigned long i; -- -- *ipat = 0; -- -- if ( v->domain != d ) -- v = d->vcpu ? d->vcpu[0] : NULL; -- -- /* Mask, not add, for order so it works with INVALID_MFN on unmapping */ -- if ( rangeset_overlaps_range(mmio_ro_ranges, mfn_x(mfn), -- mfn_x(mfn) | ((1UL << order) - 1)) ) -- { -- if ( !order || rangeset_contains_range(mmio_ro_ranges, mfn_x(mfn), -- mfn_x(mfn) | ((1UL << order) - 1)) ) -- { -- *ipat = 1; -- return MTRR_TYPE_UNCACHABLE; -- } -- /* Force invalid memory type so resolve_misconfig() will split it */ -- return -1; -- } -- -- if ( !mfn_valid(mfn) ) -- { -- *ipat = 1; -- return MTRR_TYPE_UNCACHABLE; -- } -- -- if ( !direct_mmio && !is_iommu_enabled(d) && !cache_flush_permitted(d) ) -- { -- *ipat = 1; -- return MTRR_TYPE_WRBACK; -- } -- -- for ( i = 0; i < (1ul << order); i++ ) -- { -- if ( is_special_page(mfn_to_page(mfn_add(mfn, i))) ) -- { -- if ( order ) -- return -1; -- *ipat = 1; -- return MTRR_TYPE_WRBACK; -- } -- } -- -- if ( direct_mmio ) -- return MTRR_TYPE_UNCACHABLE; -- -- gmtrr_mtype = hvm_get_mem_pinned_cacheattr(d, _gfn(gfn), order); -- if ( gmtrr_mtype >= 0 ) -- { -- *ipat = 1; -- return gmtrr_mtype != PAT_TYPE_UC_MINUS ? gmtrr_mtype -- : MTRR_TYPE_UNCACHABLE; -- } -- if ( gmtrr_mtype == -EADDRNOTAVAIL ) -- return -1; -- -- gmtrr_mtype = is_hvm_domain(d) && v ? -- get_mtrr_type(&v->arch.hvm.mtrr, -- gfn << PAGE_SHIFT, order) : -- MTRR_TYPE_WRBACK; -- hmtrr_mtype = get_mtrr_type(&mtrr_state, mfn_x(mfn) << PAGE_SHIFT, order); -- if ( gmtrr_mtype < 0 || hmtrr_mtype < 0 ) -- return -1; -- -- /* If both types match we're fine. */ -- if ( likely(gmtrr_mtype == hmtrr_mtype) ) -- return hmtrr_mtype; -- -- /* If either type is UC, we have to go with that one. */ -- if ( gmtrr_mtype == MTRR_TYPE_UNCACHABLE || -- hmtrr_mtype == MTRR_TYPE_UNCACHABLE ) -- return MTRR_TYPE_UNCACHABLE; -- -- /* If either type is WB, we have to go with the other one. */ -- if ( gmtrr_mtype == MTRR_TYPE_WRBACK ) -- return hmtrr_mtype; -- if ( hmtrr_mtype == MTRR_TYPE_WRBACK ) -- return gmtrr_mtype; -- -- /* -- * At this point we have disagreeing WC, WT, or WP types. The only -- * combination that can be cleanly resolved is WT:WP. The ones involving -- * WC need to be converted to UC, both due to the memory ordering -- * differences and because WC disallows reads to be cached (WT and WP -- * permit this), while WT and WP require writes to go straight to memory -- * (WC can buffer them). -- */ -- if ( (gmtrr_mtype == MTRR_TYPE_WRTHROUGH && -- hmtrr_mtype == MTRR_TYPE_WRPROT) || -- (gmtrr_mtype == MTRR_TYPE_WRPROT && -- hmtrr_mtype == MTRR_TYPE_WRTHROUGH) ) -- return MTRR_TYPE_WRPROT; -- -- return MTRR_TYPE_UNCACHABLE; --} -- - /* - * Local variables: - * mode: C -diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c -index 23d411f01d..542fe5ef34 100644 ---- a/xen/arch/x86/mm/p2m-ept.c -+++ b/xen/arch/x86/mm/p2m-ept.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -485,6 +486,109 @@ static int ept_invalidate_emt_range(struct p2m_domain *p2m, - return rc; - } - -+int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, -+ unsigned int order, bool *ipat, bool direct_mmio) -+{ -+ int gmtrr_mtype, hmtrr_mtype; -+ struct vcpu *v = current; -+ unsigned long i; -+ -+ *ipat = false; -+ -+ if ( v->domain != d ) -+ v = d->vcpu ? d->vcpu[0] : NULL; -+ -+ /* Mask, not add, for order so it works with INVALID_MFN on unmapping */ -+ if ( rangeset_overlaps_range(mmio_ro_ranges, mfn_x(mfn), -+ mfn_x(mfn) | ((1UL << order) - 1)) ) -+ { -+ if ( !order || rangeset_contains_range(mmio_ro_ranges, mfn_x(mfn), -+ mfn_x(mfn) | ((1UL << order) - 1)) ) -+ { -+ *ipat = true; -+ return MTRR_TYPE_UNCACHABLE; -+ } -+ /* Force invalid memory type so resolve_misconfig() will split it */ -+ return -1; -+ } -+ -+ if ( !mfn_valid(mfn) ) -+ { -+ *ipat = true; -+ return MTRR_TYPE_UNCACHABLE; -+ } -+ -+ if ( !direct_mmio && !is_iommu_enabled(d) && !cache_flush_permitted(d) ) -+ { -+ *ipat = true; -+ return MTRR_TYPE_WRBACK; -+ } -+ -+ for ( i = 0; i < (1ul << order); i++ ) -+ { -+ if ( is_special_page(mfn_to_page(mfn_add(mfn, i))) ) -+ { -+ if ( order ) -+ return -1; -+ *ipat = true; -+ return MTRR_TYPE_WRBACK; -+ } -+ } -+ -+ if ( direct_mmio ) -+ return MTRR_TYPE_UNCACHABLE; -+ -+ gmtrr_mtype = hvm_get_mem_pinned_cacheattr(d, gfn, order); -+ if ( gmtrr_mtype >= 0 ) -+ { -+ *ipat = true; -+ return gmtrr_mtype != PAT_TYPE_UC_MINUS ? gmtrr_mtype -+ : MTRR_TYPE_UNCACHABLE; -+ } -+ if ( gmtrr_mtype == -EADDRNOTAVAIL ) -+ return -1; -+ -+ gmtrr_mtype = is_hvm_domain(d) && v ? -+ mtrr_get_type(&v->arch.hvm.mtrr, -+ gfn << PAGE_SHIFT, order) : -+ MTRR_TYPE_WRBACK; -+ hmtrr_mtype = mtrr_get_type(&mtrr_state, mfn_x(mfn) << PAGE_SHIFT, -+ order); -+ if ( gmtrr_mtype < 0 || hmtrr_mtype < 0 ) -+ return -1; -+ -+ /* If both types match we're fine. */ -+ if ( likely(gmtrr_mtype == hmtrr_mtype) ) -+ return hmtrr_mtype; -+ -+ /* If either type is UC, we have to go with that one. */ -+ if ( gmtrr_mtype == MTRR_TYPE_UNCACHABLE || -+ hmtrr_mtype == MTRR_TYPE_UNCACHABLE ) -+ return MTRR_TYPE_UNCACHABLE; -+ -+ /* If either type is WB, we have to go with the other one. */ -+ if ( gmtrr_mtype == MTRR_TYPE_WRBACK ) -+ return hmtrr_mtype; -+ if ( hmtrr_mtype == MTRR_TYPE_WRBACK ) -+ return gmtrr_mtype; -+ -+ /* -+ * At this point we have disagreeing WC, WT, or WP types. The only -+ * combination that can be cleanly resolved is WT:WP. The ones involving -+ * WC need to be converted to UC, both due to the memory ordering -+ * differences and because WC disallows reads to be cached (WT and WP -+ * permit this), while WT and WP require writes to go straight to memory -+ * (WC can buffer them). -+ */ -+ if ( (gmtrr_mtype == MTRR_TYPE_WRTHROUGH && -+ hmtrr_mtype == MTRR_TYPE_WRPROT) || -+ (gmtrr_mtype == MTRR_TYPE_WRPROT && -+ hmtrr_mtype == MTRR_TYPE_WRTHROUGH) ) -+ return MTRR_TYPE_WRPROT; -+ -+ return MTRR_TYPE_UNCACHABLE; -+} -+ - /* - * Resolve deliberately mis-configured (EMT field set to an invalid value) - * entries in the page table hierarchy for the given GFN: -@@ -519,7 +623,7 @@ static int resolve_misconfig(struct p2m_domain *p2m, unsigned long gfn) - - if ( level == 0 || is_epte_superpage(&e) ) - { -- uint8_t ipat = 0; -+ bool ipat; - - if ( e.emt != MTRR_NUM_TYPES ) - break; -@@ -535,7 +639,7 @@ static int resolve_misconfig(struct p2m_domain *p2m, unsigned long gfn) - e.emt = 0; - if ( !is_epte_valid(&e) || !is_epte_present(&e) ) - continue; -- e.emt = epte_get_entry_emt(p2m->domain, gfn + i, -+ e.emt = epte_get_entry_emt(p2m->domain, _gfn(gfn + i), - _mfn(e.mfn), 0, &ipat, - e.sa_p2mt == p2m_mmio_direct); - e.ipat = ipat; -@@ -553,7 +657,8 @@ static int resolve_misconfig(struct p2m_domain *p2m, unsigned long gfn) - } - else - { -- int emt = epte_get_entry_emt(p2m->domain, gfn, _mfn(e.mfn), -+ int emt = epte_get_entry_emt(p2m->domain, _gfn(gfn), -+ _mfn(e.mfn), - level * EPT_TABLE_ORDER, &ipat, - e.sa_p2mt == p2m_mmio_direct); - bool_t recalc = e.recalc; -@@ -678,7 +783,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, - int ret, rc = 0; - bool_t entry_written = 0; - bool_t direct_mmio = (p2mt == p2m_mmio_direct); -- uint8_t ipat = 0; -+ bool ipat = false; - bool_t need_modify_vtd_table = 1; - bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); -@@ -790,7 +895,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, - - if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) - { -- int emt = epte_get_entry_emt(p2m->domain, gfn, mfn, -+ int emt = epte_get_entry_emt(p2m->domain, _gfn(gfn), mfn, - i * EPT_TABLE_ORDER, &ipat, direct_mmio); - - if ( emt >= 0 ) -diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h b/xen/include/asm-x86/hvm/vmx/vmx.h -index 534e9fc221..f668ee1f09 100644 ---- a/xen/include/asm-x86/hvm/vmx/vmx.h -+++ b/xen/include/asm-x86/hvm/vmx/vmx.h -@@ -599,6 +599,8 @@ void ept_p2m_uninit(struct p2m_domain *p2m); - - void ept_walk_table(struct domain *d, unsigned long gfn); - bool_t ept_handle_misconfig(uint64_t gpa); -+int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, -+ unsigned int order, bool *ipat, bool direct_mmio); - void setup_ept_dump(void); - void p2m_init_altp2m_ept(struct domain *d, unsigned int i); - /* Locate an alternate p2m by its EPTP */ -diff --git a/xen/include/asm-x86/mtrr.h b/xen/include/asm-x86/mtrr.h -index 24e5de5c22..e0fd1005ce 100644 ---- a/xen/include/asm-x86/mtrr.h -+++ b/xen/include/asm-x86/mtrr.h -@@ -72,12 +72,11 @@ extern int mtrr_add_page(unsigned long base, unsigned long size, - unsigned int type, char increment); - extern int mtrr_del(int reg, unsigned long base, unsigned long size); - extern int mtrr_del_page(int reg, unsigned long base, unsigned long size); -+extern int mtrr_get_type(const struct mtrr_state *m, paddr_t pa, -+ unsigned int order); - extern void mtrr_centaur_report_mcr(int mcr, u32 lo, u32 hi); - extern u32 get_pat_flags(struct vcpu *v, u32 gl1e_flags, paddr_t gpaddr, - paddr_t spaddr, uint8_t gmtrr_mtype); --extern int epte_get_entry_emt(struct domain *, unsigned long gfn, mfn_t mfn, -- unsigned int order, uint8_t *ipat, -- bool_t direct_mmio); - extern unsigned char pat_type_2_pte_flags(unsigned char pat_type); - extern int hold_mtrr_updates_on_aps; - extern void mtrr_aps_sync_begin(void); --- -2.31.1 - diff --git a/emulators/xen-kernel/files/0002-x86-spec-ctrl-Introduce-new-has_spec_ctrl-boolean.patch b/emulators/xen-kernel/files/0002-x86-spec-ctrl-Introduce-new-has_spec_ctrl-boolean.patch new file mode 100644 index 000000000000..7b6b1e062721 --- /dev/null +++ b/emulators/xen-kernel/files/0002-x86-spec-ctrl-Introduce-new-has_spec_ctrl-boolean.patch @@ -0,0 +1,97 @@ +From 08fc03c855c071e9b1aaaa96403f2a90433336a7 Mon Sep 17 00:00:00 2001 +From: Andrew Cooper +Date: Tue, 25 Jan 2022 17:14:48 +0000 +Subject: [PATCH 2/2] x86/spec-ctrl: Introduce new has_spec_ctrl boolean + +Most MSR_SPEC_CTRL setup will be common between Intel and AMD. Instead of +opencoding an OR of two features everywhere, introduce has_spec_ctrl instead. + +Reword the comment above the Intel specific alternatives block to highlight +that it is Intel specific, and pull the setting of default_xen_spec_ctrl.IBRS +out because it will want to be common. + +No functional change. + +Signed-off-by: Andrew Cooper +Reviewed-by: Jan Beulich +(cherry picked from commit 5d9eff3a312763d889cfbf3c8468b6dfb3ab490c) +--- + xen/arch/x86/spec_ctrl.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c +index 8a550d0a09..2072daf662 100644 +--- a/xen/arch/x86/spec_ctrl.c ++++ b/xen/arch/x86/spec_ctrl.c +@@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) + void __init init_speculation_mitigations(void) + { + enum ind_thunk thunk = THUNK_DEFAULT; +- bool ibrs = false, hw_smt_enabled; ++ bool has_spec_ctrl, ibrs = false, hw_smt_enabled; + bool cpu_has_bug_taa; + uint64_t caps = 0; + +@@ -936,6 +936,8 @@ void __init init_speculation_mitigations(void) + + hw_smt_enabled = check_smt_enabled(); + ++ has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); ++ + /* + * First, disable the use of retpolines if Xen is using shadow stacks, as + * they are incompatible. +@@ -973,11 +975,11 @@ void __init init_speculation_mitigations(void) + */ + else if ( retpoline_safe(caps) ) + thunk = THUNK_RETPOLINE; +- else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) ++ else if ( has_spec_ctrl ) + ibrs = true; + } + /* Without compiler thunk support, use IBRS if available. */ +- else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) ++ else if ( has_spec_ctrl ) + ibrs = true; + } + +@@ -1008,10 +1010,7 @@ void __init init_speculation_mitigations(void) + else if ( thunk == THUNK_JMP ) + setup_force_cpu_cap(X86_FEATURE_IND_THUNK_JMP); + +- /* +- * If we are on hardware supporting MSR_SPEC_CTRL, see about setting up +- * the alternatives blocks so we can virtualise support for guests. +- */ ++ /* Intel hardware: MSR_SPEC_CTRL alternatives setup. */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { + if ( opt_msr_sc_pv ) +@@ -1030,11 +1029,12 @@ void __init init_speculation_mitigations(void) + default_spec_ctrl_flags |= SCF_ist_wrmsr; + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } +- +- if ( ibrs ) +- default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + } + ++ /* If we have IBRS available, see whether we should use it. */ ++ if ( has_spec_ctrl && ibrs ) ++ default_xen_spec_ctrl |= SPEC_CTRL_IBRS; ++ + /* If we have SSBD available, see whether we should use it. */ + if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) + default_xen_spec_ctrl |= SPEC_CTRL_SSBD; +@@ -1268,7 +1268,7 @@ void __init init_speculation_mitigations(void) + * boot won't have any other code running in a position to mount an + * attack. + */ +- if ( boot_cpu_has(X86_FEATURE_IBRSB) ) ++ if ( has_spec_ctrl ) + { + bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; + +-- +2.35.1 + diff --git a/emulators/xen-kernel/files/0003-x86-ept-force-WB-cache-attributes-for-grant-and-fore.patch b/emulators/xen-kernel/files/0003-x86-ept-force-WB-cache-attributes-for-grant-and-fore.patch deleted file mode 100644 index 8119283dd746..000000000000 --- a/emulators/xen-kernel/files/0003-x86-ept-force-WB-cache-attributes-for-grant-and-fore.patch +++ /dev/null @@ -1,139 +0,0 @@ -From 8ce6832518035a17e2d89a98235359f3d551f2c1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= -Date: Thu, 17 Jun 2021 18:00:57 +0200 -Subject: [PATCH 3/3] x86/ept: force WB cache attributes for grant and foreign - maps -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Force WB type for grants and foreign pages. Those are usually mapped -over unpopulated physical ranges in the p2m, and those ranges would -usually be UC in the MTRR state, which is unlikely to be the correct -cache attribute. It's also cumbersome (or even impossible) for the -guest to be setting the MTRR type for all those mappings as WB, as -MTRR ranges are finite. - -Note that this is not an issue on AMD because WB cache attribute is -already set on grants and foreign mappings in the p2m and MTRR types -are ignored. Also on AMD Xen cannot force a cache attribute because of -the lack of ignore PAT equivalent, so the behavior here slightly -diverges between AMD and Intel (or EPT vs NPT/shadow). - -Signed-off-by: Roger Pau Monné -Reviewed-by: Jan Beulich -Reviewed-by: Kevin Tian ---- - xen/arch/x86/mm/p2m-ept.c | 38 +++++++++++++++++++++++++------ - xen/include/asm-x86/hvm/vmx/vmx.h | 2 +- - 2 files changed, 32 insertions(+), 8 deletions(-) - -diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c -index 542fe5ef34..41ab3c199a 100644 ---- a/xen/arch/x86/mm/p2m-ept.c -+++ b/xen/arch/x86/mm/p2m-ept.c -@@ -487,7 +487,7 @@ static int ept_invalidate_emt_range(struct p2m_domain *p2m, - } - - int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, -- unsigned int order, bool *ipat, bool direct_mmio) -+ unsigned int order, bool *ipat, p2m_type_t type) - { - int gmtrr_mtype, hmtrr_mtype; - struct vcpu *v = current; -@@ -518,7 +518,8 @@ int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, - return MTRR_TYPE_UNCACHABLE; - } - -- if ( !direct_mmio && !is_iommu_enabled(d) && !cache_flush_permitted(d) ) -+ if ( type != p2m_mmio_direct && !is_iommu_enabled(d) && -+ !cache_flush_permitted(d) ) - { - *ipat = true; - return MTRR_TYPE_WRBACK; -@@ -535,9 +536,33 @@ int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, - } - } - -- if ( direct_mmio ) -+ switch ( type ) -+ { -+ case p2m_mmio_direct: - return MTRR_TYPE_UNCACHABLE; - -+ case p2m_grant_map_ro: -+ case p2m_grant_map_rw: -+ case p2m_map_foreign: -+ /* -+ * Force WB type for grants and foreign pages. Those are usually mapped -+ * over unpopulated physical ranges in the p2m, and those would usually -+ * be UC in the MTRR state, which is unlikely to be the correct cache -+ * attribute. It's also cumbersome (or even impossible) for the guest -+ * to be setting the MTRR type for all those mappings as WB, as MTRR -+ * ranges are finite. -+ * -+ * Note that on AMD we cannot force a cache attribute because of the -+ * lack of ignore PAT equivalent, so the behavior here slightly -+ * diverges. See p2m_type_to_flags for the AMD attributes. -+ */ -+ *ipat = true; -+ return MTRR_TYPE_WRBACK; -+ -+ default: -+ break; -+ } -+ - gmtrr_mtype = hvm_get_mem_pinned_cacheattr(d, gfn, order); - if ( gmtrr_mtype >= 0 ) - { -@@ -641,7 +666,7 @@ static int resolve_misconfig(struct p2m_domain *p2m, unsigned long gfn) - continue; - e.emt = epte_get_entry_emt(p2m->domain, _gfn(gfn + i), - _mfn(e.mfn), 0, &ipat, -- e.sa_p2mt == p2m_mmio_direct); -+ e.sa_p2mt); - e.ipat = ipat; - - nt = p2m_recalc_type(e.recalc, e.sa_p2mt, p2m, gfn + i); -@@ -660,7 +685,7 @@ static int resolve_misconfig(struct p2m_domain *p2m, unsigned long gfn) - int emt = epte_get_entry_emt(p2m->domain, _gfn(gfn), - _mfn(e.mfn), - level * EPT_TABLE_ORDER, &ipat, -- e.sa_p2mt == p2m_mmio_direct); -+ e.sa_p2mt); - bool_t recalc = e.recalc; - - if ( recalc && p2m_is_changeable(e.sa_p2mt) ) -@@ -782,7 +807,6 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, - unsigned long fn_mask = !mfn_eq(mfn, INVALID_MFN) ? (gfn | mfn_x(mfn)) : gfn; - int ret, rc = 0; - bool_t entry_written = 0; -- bool_t direct_mmio = (p2mt == p2m_mmio_direct); - bool ipat = false; - bool_t need_modify_vtd_table = 1; - bool_t vtd_pte_present = 0; -@@ -896,7 +920,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, - if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) - { - int emt = epte_get_entry_emt(p2m->domain, _gfn(gfn), mfn, -- i * EPT_TABLE_ORDER, &ipat, direct_mmio); -+ i * EPT_TABLE_ORDER, &ipat, p2mt); - - if ( emt >= 0 ) - new_entry.emt = emt; -diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h b/xen/include/asm-x86/hvm/vmx/vmx.h -index f668ee1f09..0deb507490 100644 ---- a/xen/include/asm-x86/hvm/vmx/vmx.h -+++ b/xen/include/asm-x86/hvm/vmx/vmx.h -@@ -600,7 +600,7 @@ void ept_p2m_uninit(struct p2m_domain *p2m); - void ept_walk_table(struct domain *d, unsigned long gfn); - bool_t ept_handle_misconfig(uint64_t gpa); - int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, -- unsigned int order, bool *ipat, bool direct_mmio); -+ unsigned int order, bool *ipat, p2m_type_t type); - void setup_ept_dump(void); - void p2m_init_altp2m_ept(struct domain *d, unsigned int i); - /* Locate an alternate p2m by its EPTP */ --- -2.31.1 - diff --git a/emulators/xen-kernel/files/xsa395.patch b/emulators/xen-kernel/files/xsa395.patch new file mode 100644 index 000000000000..13b731102d41 --- /dev/null +++ b/emulators/xen-kernel/files/xsa395.patch @@ -0,0 +1,42 @@ +From 4cc924c3e3a0d53306d08b04720c427d1c298ba8 Mon Sep 17 00:00:00 2001 +From: Julien Grall +Date: Wed, 5 Jan 2022 18:09:20 +0000 +Subject: [PATCH] passthrough/x86: stop pirq iteration immediately in case of + error + +pt_pirq_iterate() will iterate in batch over all the PIRQs. The outer +loop will bail out if 'rc' is non-zero but the inner loop will continue. + +This means 'rc' will get clobbered and we may miss any errors (such as +-ERESTART in the case of the callback pci_clean_dpci_irq()). + +This is CVE-2022-23035 / XSA-395. + +Fixes: c24536b636f2 ("replace d->nr_pirqs sized arrays with radix tree") +Fixes: f6dd295381f4 ("dpci: replace tasklet with softirq") +Signed-off-by: Julien Grall +Signed-off-by: Jan Beulich +Reviewed-by: Roger Pau Monné +--- + xen/drivers/passthrough/x86/hvm.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c +index 351daafdc9bf..0b37cd145b60 100644 +--- a/xen/drivers/passthrough/x86/hvm.c ++++ b/xen/drivers/passthrough/x86/hvm.c +@@ -732,7 +732,11 @@ int pt_pirq_iterate(struct domain *d, + + pirq = pirqs[i]->pirq; + if ( (pirq_dpci->flags & HVM_IRQ_DPCI_MAPPED) ) ++ { + rc = cb(d, pirq_dpci, arg); ++ if ( rc ) ++ break; ++ } + } + } while ( !rc && ++pirq < d->nr_pirqs && n == ARRAY_SIZE(pirqs) ); + +-- +2.32.0 + diff --git a/emulators/xen-kernel/files/xsa398-4.16-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch b/emulators/xen-kernel/files/xsa398-4.16-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch new file mode 100644 index 000000000000..7c28ac096ad0 --- /dev/null +++ b/emulators/xen-kernel/files/xsa398-4.16-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch @@ -0,0 +1,118 @@ +From c374a8c5cc74535e16410b7a0d9e92bf5de54f79 Mon Sep 17 00:00:00 2001 +From: Andrew Cooper +Date: Mon, 7 Mar 2022 16:35:52 +0000 +Subject: x86/spec-ctrl: Cease using thunk=lfence on AMD + +AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer +considered safe. AMD are recommending using retpoline everywhere. + +Retpoline is incompatible with CET. All CET-capable hardware has efficient +IBRS (specifically, not something retrofitted in microcode), so use IBRS (and +STIBP for consistency sake). + +This is a logical change on AMD, but not on Intel as the default calculations +would end up with these settings anyway. Leave behind a message if IBRS is +found to be missing. + +Also update the default heuristics to never select THUNK_LFENCE. This causes +AMD CPUs to change their default to retpoline. + +Also update the printed message to include the AMD MSR_SPEC_CTRL settings, and +STIBP now that we set it for consistency sake. + +This is part of XSA-398 / CVE-2021-26401. + +Signed-off-by: Andrew Cooper +Reviewed-by: Jan Beulich +(cherry picked from commit 8d03080d2a339840d3a59e0932a94f804e45110d) + +diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc +index 995197f4b23e..f606dc0e14c1 100644 +--- a/docs/misc/xen-command-line.pandoc ++++ b/docs/misc/xen-command-line.pandoc +@@ -2269,9 +2269,9 @@ to use. + + If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to + select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` +-locations. The default thunk is `retpoline` (generally preferred for Intel +-hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal +-overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). ++locations. The default thunk is `retpoline` (generally preferred), with the ++alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and ++`lfence` (an `lfence; jmp *%reg` gadget). + + On hardware supporting IBRS (Indirect Branch Restricted Speculation), the + `ibrs=` option can be used to force or prevent Xen using the feature itself. +diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c +index cbeeb199037e..ae076bec3ab0 100644 +--- a/xen/arch/x86/spec_ctrl.c ++++ b/xen/arch/x86/spec_ctrl.c +@@ -367,14 +367,19 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) + "\n"); + + /* Settings for Xen's protection, irrespective of guests. */ +- printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s%s\n", ++ printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", + thunk == THUNK_NONE ? "N/A" : + thunk == THUNK_RETPOLINE ? "RETPOLINE" : + thunk == THUNK_LFENCE ? "LFENCE" : + thunk == THUNK_JMP ? "JMP" : "?", +- !boot_cpu_has(X86_FEATURE_IBRSB) ? "No" : ++ (!boot_cpu_has(X86_FEATURE_IBRSB) && ++ !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : + (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", +- !boot_cpu_has(X86_FEATURE_SSBD) ? "" : ++ (!boot_cpu_has(X86_FEATURE_STIBP) && ++ !boot_cpu_has(X86_FEATURE_AMD_STIBP)) ? "" : ++ (default_xen_spec_ctrl & SPEC_CTRL_STIBP) ? " STIBP+" : " STIBP-", ++ (!boot_cpu_has(X86_FEATURE_SSBD) && ++ !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", + !(caps & ARCH_CAPS_TSX_CTRL) ? "" : + (opt_tsx & 1) ? " TSX+" : " TSX-", +@@ -945,10 +950,23 @@ void __init init_speculation_mitigations(void) + /* + * First, disable the use of retpolines if Xen is using shadow stacks, as + * they are incompatible. ++ * ++ * In the absence of retpolines, IBRS needs to be used for speculative ++ * safety. All CET-capable hardware has efficient IBRS. + */ +- if ( cpu_has_xen_shstk && +- (opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE) ) +- thunk = THUNK_JMP; ++ if ( cpu_has_xen_shstk ) ++ { ++ if ( !has_spec_ctrl ) ++ printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); ++ else if ( opt_ibrs == -1 ) ++ { ++ opt_ibrs = ibrs = true; ++ default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; ++ } ++ ++ if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) ++ thunk = THUNK_JMP; ++ } + + /* + * Has the user specified any custom BTI mitigations? If so, follow their +@@ -968,16 +986,10 @@ void __init init_speculation_mitigations(void) + if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) + { + /* +- * AMD's recommended mitigation is to set lfence as being dispatch +- * serialising, and to use IND_THUNK_LFENCE. +- */ +- if ( cpu_has_lfence_dispatch ) +- thunk = THUNK_LFENCE; +- /* +- * On Intel hardware, we'd like to use retpoline in preference to ++ * On all hardware, we'd like to use retpoline in preference to + * IBRS, but only if it is safe on this hardware. + */ +- else if ( retpoline_safe(caps) ) ++ if ( retpoline_safe(caps) ) + thunk = THUNK_RETPOLINE; + else if ( has_spec_ctrl ) + ibrs = true; diff --git a/sysutils/xen-tools/Makefile b/sysutils/xen-tools/Makefile index f2b030e49bba..96896455f28d 100644 --- a/sysutils/xen-tools/Makefile +++ b/sysutils/xen-tools/Makefile @@ -1,102 +1,91 @@ PORTNAME= xen PKGNAMESUFFIX= -tools -PORTVERSION= 4.15.0 -PORTREVISION= 4 +PORTVERSION= 4.16.0 +PORTREVISION= 0 CATEGORIES= sysutils emulators MASTER_SITES= http://downloads.xenproject.org/release/xen/${PORTVERSION}/ MAINTAINER= royger@FreeBSD.org COMMENT= Xen management tools LICENSE= GPLv2 LGPL3 LICENSE_COMB= multi LIB_DEPENDS= libyajl.so:devel/yajl \ liblzo2.so:archivers/lzo2 \ libpixman-1.so:x11/pixman \ libargp.so:devel/argp-standalone \ libxml2.so:textproc/libxml2 BUILD_DEPENDS= seabios>0:misc/seabios \ - ${LOCALBASE}/share/edk2-xen/XEN_X64_EFI.fd:sysutils/edk2@xen_x64 + ${LOCALBASE}/share/edk2-xen/XEN_X64_EFI.fd:sysutils/edk2@xen_x64 \ + bash>0:shells/bash RUN_DEPENDS= seabios>0:misc/seabios \ ${LOCALBASE}/share/edk2-xen/XEN_X64_EFI.fd:sysutils/edk2@xen_x64 OPTIONS_DEFINE= DOCS SPICE OPTIONS_DEFAULT= DOCS OPTIONS_SUB= yes SPICE_DESC= Enable SPICE protocol for QEMU SPICE_CONFIGURE_WITH= extra-qemuu-configure-args="--enable-spice" SPICE_BUILD_DEPENDS= spice-protocol>=0.12.10:devel/spice-protocol SPICE_LIB_DEPENDS= libspice-server.so:devel/libspice-server ONLY_FOR_ARCHS= amd64 ONLY_FOR_ARCHS_REASON= not yet ported to anything other than amd64 USES= cpe gettext gmake gnome libtool localbase:ldflags perl5 \ - pkgconfig python:3.6+ shebangfix iconv bison + pkgconfig python:3.6+ shebangfix iconv bison ninja:build USE_GNOME= glib20 USE_LDCONFIG= yes USE_PYTHON= py3kplist HAS_CONFIGURE= yes # Set ARCH=x86_64 in order to overwrite the environment ARCH=amd64 MAKE_ARGS= clang=y ARCH=x86_64 BINARY_ALIAS= python3=${PYTHON_CMD} CONFIGURE_ARGS+= --with-system-seabios=${LOCALBASE}/share/seabios/bios.bin \ --with-system-ovmf=${LOCALBASE}/share/edk2-xen/XEN_X64_EFI.fd \ --mandir=${MANPREFIX}/man \ --disable-golang SHEBANG_FILES= tools/misc/xencov_split \ tools/python/scripts/convert-legacy-stream \ tools/python/scripts/verify-stream-v2 \ tools/xenmon/xenmon.py ALL_TARGET= tools DOCS_ALL_TARGET= docs INSTALL_TARGET= install-tools DOCS_INSTALL_TARGET= install-docs -# Fix pv shim build with clang 13.0.0 -EXTRA_PATCHES+= ${PATCHDIR}/0001-efi-fix-alignment-of-function-parameters-in-compat-m.patch:-p1 - .include .if ${OPSYS} != FreeBSD IGNORE= only supported on FreeBSD .endif .if ${PORT_OPTIONS:MSPICE} && ${OSVERSION} < 1300008 BROKEN= SPICE support requires FreeBSD version 13.0 or higher .endif -# ivshmem requires eventfd -.if ${OSVERSION} >= 1300000 -PLIST_SUB+= IVSHMEM="" -.else -PLIST_SUB+= IVSHMEM="@comment " -.endif - post-patch: @for p in `ls ${FILESDIR}/*qemuu*.patch 2>/dev/null`; do \ ${ECHO_CMD} "====> Applying $${p##*/}" ; \ ${PATCH} -s -p1 -i $${p} -d ${WRKSRC}/tools/qemu-xen ; \ done # The ports native 'build' target cannot be used because it sets CFLAGS, and # that breaks the Xen kernel build system that's used by the tools in order to # build the pv-shim. do-build: ${MAKE_CMD} -j${MAKE_JOBS_NUMBER} -C ${WRKSRC} ${MAKE_ARGS} ${ALL_TARGET} do-install: ${MAKE_CMD} -j${MAKE_JOBS_NUMBER} -C ${WRKSRC} ${MAKE_ARGS} ${INSTALL_TARGET} post-install: ${MKDIR} ${STAGEDIR}/var/run/xen - # Empty dir, purge it. - ${RMDIR} ${STAGEDIR}/${PREFIX}/lib/xen/include .include diff --git a/sysutils/xen-tools/distinfo b/sysutils/xen-tools/distinfo index 740fd456bc18..d197e536add4 100644 --- a/sysutils/xen-tools/distinfo +++ b/sysutils/xen-tools/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1620647879 -SHA256 (xen-4.15.0.tar.gz) = 6cf41394726c9f2913edcd6707457d9b7a910a4d75d95e9ecdebf02b00f1adad -SIZE (xen-4.15.0.tar.gz) = 40785399 +TIMESTAMP = 1648563575 +SHA256 (xen-4.16.0.tar.gz) = adc87a90e614d090a2014b9aebae8d815a7348bf329d169b3cb655256d0ee995 +SIZE (xen-4.16.0.tar.gz) = 44982322 diff --git a/sysutils/xen-tools/files/0001-efi-fix-alignment-of-function-parameters-in-compat-m.patch b/sysutils/xen-tools/files/0001-efi-fix-alignment-of-function-parameters-in-compat-m.patch deleted file mode 100644 index 1612c5a113a1..000000000000 --- a/sysutils/xen-tools/files/0001-efi-fix-alignment-of-function-parameters-in-compat-m.patch +++ /dev/null @@ -1,105 +0,0 @@ -From be12fcca8b784e456df3adedbffe657d753c5ff9 Mon Sep 17 00:00:00 2001 -From: Roger Pau Monne -Date: Thu, 18 Nov 2021 09:28:06 +0100 -Subject: [PATCH] efi: fix alignment of function parameters in compat mode -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Currently the max_store_size, remain_store_size and max_size in -compat_pf_efi_runtime_call are 4 byte aligned, which makes clang -13.0.0 complain with: - -In file included from compat.c:30: -./runtime.c:646:13: error: passing 4-byte aligned argument to 8-byte aligned parameter 2 of 'QueryVariableInfo' may result in an unaligned pointer access [-Werror,-Walign-mismatch] - &op->u.query_variable_info.max_store_size, - ^ -./runtime.c:647:13: error: passing 4-byte aligned argument to 8-byte aligned parameter 3 of 'QueryVariableInfo' may result in an unaligned pointer access [-Werror,-Walign-mismatch] - &op->u.query_variable_info.remain_store_size, - ^ -./runtime.c:648:13: error: passing 4-byte aligned argument to 8-byte aligned parameter 4 of 'QueryVariableInfo' may result in an unaligned pointer access [-Werror,-Walign-mismatch] - &op->u.query_variable_info.max_size); - ^ -Fix this by bouncing the variables on the stack in order for them to -be 8 byte aligned. - -Note this could be done in a more selective manner to only apply to -compat code calls, but given the overhead of making an EFI call doing -an extra copy of 3 variables doesn't seem to warrant the special -casing. - -Signed-off-by: Roger Pau Monné -Release-Acked-by: Ian Jackson -Reviewed-by: Ian Jackson -Signed-off-by: Ian Jackson -Reviewed-by: Jan Beulich - ---- -Changes since v3: - - Remove hard tabs. Apply Jan's r-b as authorised in email. -Changes since v2: - - Adjust the commentary as per discussion. -Changes since v1: - - Copy back the results. ---- - xen/common/efi/runtime.c | 31 +++++++++++++++++++++++++++---- - 1 file changed, 27 insertions(+), 4 deletions(-) - -diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c -index 375b94229e..d2fdc28df3 100644 ---- a/xen/common/efi/runtime.c -+++ b/xen/common/efi/runtime.c -@@ -607,6 +607,9 @@ int efi_runtime_call(struct xenpf_efi_runtime_call *op) - break; - - case XEN_EFI_query_variable_info: -+ { -+ uint64_t max_store_size, remain_store_size, max_size; -+ - if ( op->misc & ~XEN_EFI_VARINFO_BOOT_SNAPSHOT ) - return -EINVAL; - -@@ -638,16 +641,36 @@ int efi_runtime_call(struct xenpf_efi_runtime_call *op) - - if ( !efi_enabled(EFI_RS) || (efi_rs->Hdr.Revision >> 16) < 2 ) - return -EOPNOTSUPP; -+ -+ /* -+ * Bounce the variables onto the stack to make them 8 byte aligned when -+ * called from the compat handler, as their placement in -+ * compat_pf_efi_runtime_call will make them 4 byte aligned instead and -+ * and compilers may validly complain. -+ * -+ * Note that while the function parameters are OUT only, copy the -+ * values here anyway just in case. This is done regardless of whether -+ * called from the compat handler or not, as it's not worth the extra -+ * logic to differentiate. -+ */ -+ max_store_size = op->u.query_variable_info.max_store_size; -+ remain_store_size = op->u.query_variable_info.remain_store_size; -+ max_size = op->u.query_variable_info.max_size; -+ - state = efi_rs_enter(); - if ( !state.cr3 ) - return -EOPNOTSUPP; - status = efi_rs->QueryVariableInfo( -- op->u.query_variable_info.attr, -- &op->u.query_variable_info.max_store_size, -- &op->u.query_variable_info.remain_store_size, -- &op->u.query_variable_info.max_size); -+ op->u.query_variable_info.attr, &max_store_size, &remain_store_size, -+ &max_size); - efi_rs_leave(&state); -+ -+ op->u.query_variable_info.max_store_size = max_store_size; -+ op->u.query_variable_info.remain_store_size = remain_store_size; -+ op->u.query_variable_info.max_size = max_size; -+ - break; -+ } - - case XEN_EFI_query_capsule_capabilities: - case XEN_EFI_update_capsule: --- -2.33.0 - diff --git a/sysutils/xen-tools/pkg-plist b/sysutils/xen-tools/pkg-plist index 2288a58ae2fc..c9ffe5b4645b 100644 --- a/sysutils/xen-tools/pkg-plist +++ b/sysutils/xen-tools/pkg-plist @@ -1,725 +1,732 @@ bin/pygrub bin/xen-cpuid bin/xen-detect bin/xenalyze bin/xencons bin/xencov_split bin/xenstore bin/xenstore-chmod bin/xenstore-control bin/xenstore-exists bin/xenstore-list bin/xenstore-ls bin/xenstore-read bin/xenstore-rm bin/xenstore-watch bin/xenstore-write bin/xentrace_format etc/bash_completion.d/xl etc/rc.d/xencommons etc/rc.d/xendriverdomain %%ETCDIR%%/README %%ETCDIR%%/cpupool %%ETCDIR%%/scripts/block %%ETCDIR%%/scripts/hotplugpath.sh %%ETCDIR%%/scripts/vif-bridge %%ETCDIR%%/xl.conf %%ETCDIR%%/xlexample.hvm %%ETCDIR%%/xlexample.pvhlinux %%ETCDIR%%/xlexample.pvlinux include/_libxl_list.h include/_libxl_types.h include/_libxl_types_json.h include/libxl.h include/libxl_event.h include/libxl_json.h include/libxl_utils.h include/libxl_uuid.h include/libxlutil.h include/xen/COPYING include/xen/arch-arm.h include/xen/arch-arm/hvm/save.h include/xen/arch-arm/smccc.h include/xen/arch-x86/cpufeatureset.h include/xen/arch-x86/cpuid.h include/xen/arch-x86/hvm/save.h include/xen/arch-x86/hvm/start_info.h include/xen/arch-x86/pmu.h include/xen/arch-x86/xen-mca.h include/xen/arch-x86/xen-x86_32.h include/xen/arch-x86/xen-x86_64.h include/xen/arch-x86/xen.h include/xen/arch-x86_32.h include/xen/arch-x86_64.h include/xen/argo.h include/xen/callback.h include/xen/device_tree_defs.h include/xen/dom0_ops.h include/xen/domctl.h include/xen/elfnote.h include/xen/errno.h include/xen/event_channel.h include/xen/features.h include/xen/foreign/arm32.h include/xen/foreign/arm64.h include/xen/foreign/x86_32.h include/xen/foreign/x86_64.h include/xen/grant_table.h include/xen/hvm/dm_op.h include/xen/hvm/e820.h include/xen/hvm/hvm_info_table.h include/xen/hvm/hvm_op.h include/xen/hvm/hvm_vcpu.h include/xen/hvm/hvm_xs_strings.h include/xen/hvm/ioreq.h include/xen/hvm/params.h include/xen/hvm/pvdrivers.h include/xen/hvm/save.h include/xen/hypfs.h include/xen/io/9pfs.h include/xen/io/blkif.h include/xen/io/cameraif.h include/xen/io/console.h include/xen/io/displif.h include/xen/io/fbif.h include/xen/io/fsif.h include/xen/io/kbdif.h include/xen/io/libxenvchan.h include/xen/io/netif.h include/xen/io/pciif.h include/xen/io/protocols.h include/xen/io/pvcalls.h include/xen/io/ring.h include/xen/io/sndif.h include/xen/io/tpmif.h include/xen/io/usbif.h include/xen/io/vscsiif.h include/xen/io/xenbus.h include/xen/io/xs_wire.h include/xen/kexec.h include/xen/memory.h include/xen/nmi.h include/xen/physdev.h include/xen/platform.h include/xen/pmu.h include/xen/sched.h include/xen/sys/evtchn.h include/xen/sys/gntdev.h include/xen/sys/privcmd.h include/xen/sysctl.h include/xen/tmem.h include/xen/trace.h include/xen/vcpu.h include/xen/version.h include/xen/vm_event.h include/xen/xen-compat.h include/xen/xen.h include/xen/xencomm.h include/xen/xenoprof.h include/xen/xsm/flask_op.h include/xencall.h include/xenctrl.h include/xenctrl_compat.h include/xendevicemodel.h include/xenevtchn.h include/xenforeignmemory.h include/xenfsimage.h include/xenfsimage_grub.h include/xenfsimage_plugin.h include/xengnttab.h include/xenguest.h include/xenhypfs.h include/xenstat.h include/xenstore-compat/xs.h include/xenstore-compat/xs_lib.h include/xenstore.h include/xenstore_lib.h include/xentoolcore.h include/xentoolcore_internal.h include/xentoollog.h include/xs.h include/xs_lib.h lib/debug/usr/local/lib/xen/boot/xen-shim-syms lib/libxencall.a lib/libxencall.so lib/libxencall.so.1 -lib/libxencall.so.1.2 +lib/libxencall.so.1.3 lib/libxenctrl.a lib/libxenctrl.so -lib/libxenctrl.so.4.15 -lib/libxenctrl.so.4.15.0 +lib/libxenctrl.so.4.16 +lib/libxenctrl.so.4.16.0 lib/libxendevicemodel.a lib/libxendevicemodel.so lib/libxendevicemodel.so.1 lib/libxendevicemodel.so.1.4 lib/libxenevtchn.a lib/libxenevtchn.so lib/libxenevtchn.so.1 lib/libxenevtchn.so.1.2 lib/libxenforeignmemory.a lib/libxenforeignmemory.so lib/libxenforeignmemory.so.1 lib/libxenforeignmemory.so.1.4 lib/libxenfsimage.so -lib/libxenfsimage.so.4.15 -lib/libxenfsimage.so.4.15.0 +lib/libxenfsimage.so.4.16 +lib/libxenfsimage.so.4.16.0 lib/libxengnttab.a lib/libxengnttab.so lib/libxengnttab.so.1 lib/libxengnttab.so.1.2 lib/libxenguest.a lib/libxenguest.so -lib/libxenguest.so.4.15 -lib/libxenguest.so.4.15.0 +lib/libxenguest.so.4.16 +lib/libxenguest.so.4.16.0 lib/libxenhypfs.a lib/libxenhypfs.so lib/libxenhypfs.so.1 lib/libxenhypfs.so.1.0 lib/libxenlight.a lib/libxenlight.so -lib/libxenlight.so.4.15 -lib/libxenlight.so.4.15.0 +lib/libxenlight.so.4.16 +lib/libxenlight.so.4.16.0 lib/libxenstat.a lib/libxenstat.so -lib/libxenstat.so.4.15 -lib/libxenstat.so.4.15.0 +lib/libxenstat.so.4.16 +lib/libxenstat.so.4.16.0 lib/libxenstore.a lib/libxenstore.so -lib/libxenstore.so.3.0 -lib/libxenstore.so.3.0.3 +lib/libxenstore.so.4 +lib/libxenstore.so.4.0 lib/libxentoolcore.a lib/libxentoolcore.so lib/libxentoolcore.so.1 lib/libxentoolcore.so.1.0 lib/libxentoollog.a lib/libxentoollog.so lib/libxentoollog.so.1 lib/libxentoollog.so.1.0 lib/libxlutil.a lib/libxlutil.so -lib/libxlutil.so.4.15 -lib/libxlutil.so.4.15.0 +lib/libxlutil.so.4.16 +lib/libxlutil.so.4.16.0 %%PYTHON_SITELIBDIR%%/grub/ExtLinuxConf.py %%PYTHON_SITELIBDIR%%/grub/ExtLinuxConf.pyc %%PYTHON_SITELIBDIR%%/grub/GrubConf.py %%PYTHON_SITELIBDIR%%/grub/GrubConf.pyc %%PYTHON_SITELIBDIR%%/grub/LiloConf.py %%PYTHON_SITELIBDIR%%/grub/LiloConf.pyc %%PYTHON_SITELIBDIR%%/grub/__init__.py %%PYTHON_SITELIBDIR%%/grub/__init__.pyc %%PYTHON_SITELIBDIR%%/pygrub-0.6-py%%PYTHON_VER%%.egg-info %%PYTHON_SITELIBDIR%%/xen-3.0-py%%PYTHON_VER%%.egg-info %%PYTHON_SITELIBDIR%%/xen/__init__.py %%PYTHON_SITELIBDIR%%/xen/__init__.pyc %%PYTHON_SITELIBDIR%%/xen/__pycache__/util.cpython-%%PYTHON_SUFFIX%%.pyc %%PYTHON_SITELIBDIR%%/xen/lowlevel/__init__.py %%PYTHON_SITELIBDIR%%/xen/lowlevel/__init__.pyc %%PYTHON_SITELIBDIR%%/xen/lowlevel/xc%%PYTHON_EXT_SUFFIX%%.so %%PYTHON_SITELIBDIR%%/xen/lowlevel/xs%%PYTHON_EXT_SUFFIX%%.so %%PYTHON_SITELIBDIR%%/xen/migration/__init__.py %%PYTHON_SITELIBDIR%%/xen/migration/__init__.pyc %%PYTHON_SITELIBDIR%%/xen/migration/legacy.py %%PYTHON_SITELIBDIR%%/xen/migration/legacy.pyc %%PYTHON_SITELIBDIR%%/xen/migration/libxc.py %%PYTHON_SITELIBDIR%%/xen/migration/libxc.pyc %%PYTHON_SITELIBDIR%%/xen/migration/libxl.py %%PYTHON_SITELIBDIR%%/xen/migration/libxl.pyc %%PYTHON_SITELIBDIR%%/xen/migration/public.py %%PYTHON_SITELIBDIR%%/xen/migration/public.pyc %%PYTHON_SITELIBDIR%%/xen/migration/tests.py %%PYTHON_SITELIBDIR%%/xen/migration/tests.pyc %%PYTHON_SITELIBDIR%%/xen/migration/verify.py %%PYTHON_SITELIBDIR%%/xen/migration/verify.pyc %%PYTHON_SITELIBDIR%%/xen/migration/xl.py %%PYTHON_SITELIBDIR%%/xen/migration/xl.pyc %%PYTHON_SITELIBDIR%%/xen/util.py %%PYTHON_SITELIBDIR%%/xenfsimage%%PYTHON_EXT_SUFFIX%%.so lib/xen/bin/convert-legacy-stream lib/xen/bin/depriv-fd-checker -%%IVSHMEM%%lib/xen/bin/ivshmem-client -%%IVSHMEM%%lib/xen/bin/ivshmem-server lib/xen/bin/libxl-save-helper lib/xen/bin/lsevtchn lib/xen/bin/pygrub lib/xen/bin/qemu-edid lib/xen/bin/qemu-img lib/xen/bin/qemu-io lib/xen/bin/qemu-nbd lib/xen/bin/qemu-storage-daemon lib/xen/bin/qemu-system-i386 lib/xen/bin/readnotes +lib/xen/bin/test-cpu-policy +lib/xen/bin/test-resource +lib/xen/bin/test-tsx +lib/xen/bin/test-xenstore lib/xen/bin/verify-stream-v2 lib/xen/bin/xen-init-dom0 lib/xen/bin/xenconsole lib/xen/bin/xenctx lib/xen/bin/xenpaging lib/xen/bin/xenpvnetboot lib/xen/boot/hvmloader lib/xen/boot/xen-shim +lib/xen/include/qemu-plugin.h lib/xenfsimage/ext2fs/fsimage.so lib/xenfsimage/fat/fsimage.so lib/xenfsimage/iso9660/fsimage.so lib/xenfsimage/reiserfs/fsimage.so lib/xenfsimage/ufs/fsimage.so lib/xenfsimage/xfs/fsimage.so lib/xenfsimage/zfs/fsimage.so libdata/pkgconfig/xencall.pc libdata/pkgconfig/xencontrol.pc libdata/pkgconfig/xendevicemodel.pc libdata/pkgconfig/xenevtchn.pc libdata/pkgconfig/xenforeignmemory.pc libdata/pkgconfig/xengnttab.pc libdata/pkgconfig/xenguest.pc libdata/pkgconfig/xenhypfs.pc libdata/pkgconfig/xenlight.pc libdata/pkgconfig/xenstat.pc libdata/pkgconfig/xenstore.pc libdata/pkgconfig/xentoolcore.pc libdata/pkgconfig/xentoollog.pc libdata/pkgconfig/xlutil.pc %%DOCS%%man/man1/xenhypfs.1.gz %%DOCS%%man/man1/xenstore-chmod.1.gz %%DOCS%%man/man1/xenstore-ls.1.gz %%DOCS%%man/man1/xenstore-read.1.gz %%DOCS%%man/man1/xenstore-write.1.gz %%DOCS%%man/man1/xenstore.1.gz %%DOCS%%man/man1/xentop.1.gz %%DOCS%%man/man1/xentrace_format.1.gz %%DOCS%%man/man1/xl.1.gz %%DOCS%%man/man5/xl-disk-configuration.5.gz %%DOCS%%man/man5/xl-network-configuration.5.gz %%DOCS%%man/man5/xl-pci-configuration.5.gz %%DOCS%%man/man5/xl.cfg.5.gz %%DOCS%%man/man5/xl.conf.5.gz %%DOCS%%man/man5/xlcpupool.cfg.5.gz %%DOCS%%man/man7/xen-pci-device-reservations.7.gz %%DOCS%%man/man7/xen-pv-channel.7.gz %%DOCS%%man/man7/xen-tscmode.7.gz %%DOCS%%man/man7/xen-vtpm.7.gz %%DOCS%%man/man7/xen-vtpmmgr.7.gz %%DOCS%%man/man7/xl-numa-placement.7.gz %%DOCS%%man/man8/xentrace.8.gz sbin/flask-get-bool sbin/flask-getenforce sbin/flask-label-pci sbin/flask-loadpolicy sbin/flask-set-bool sbin/flask-setenforce sbin/gdbsx sbin/xen-access sbin/xen-diag sbin/xen-hptool sbin/xen-hvmcrash sbin/xen-hvmctx sbin/xen-kdd sbin/xen-livepatch sbin/xen-lowmemd +sbin/xen-mceinj sbin/xen-memshare sbin/xen-mfndump sbin/xen-ucode +sbin/xen-vmtrace sbin/xenbaked sbin/xenconsoled sbin/xencov sbin/xenhypfs sbin/xenlockprof sbin/xenmon sbin/xenperf sbin/xenpm sbin/xenpmd sbin/xenstored sbin/xentop sbin/xentrace sbin/xentrace_setmask sbin/xentrace_setsize sbin/xenwatchdogd sbin/xl %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/.deps %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,arch-arm,hvm,save.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,arch-arm,smccc.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,arch-arm.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,argo.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,callback.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,device_tree_defs.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,dom0_ops.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,domctl.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,elfnote.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,errno.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,event_channel.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,features.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,grant_table.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,hvm,dm_op.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,hvm,e820.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,hvm,hvm_info_table.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,hvm,hvm_op.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,hvm,hvm_vcpu.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,hvm,hvm_xs_strings.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,hvm,ioreq.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,hvm,params.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,hvm,pvdrivers.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,hvm,save.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,hypfs.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,9pfs.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,blkif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,cameraif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,console.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,displif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,fbif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,fsif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,kbdif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,libxenvchan.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,netif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,pciif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,protocols.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,pvcalls.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,ring.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,sndif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,tpmif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,usbif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,vscsiif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,xenbus.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,io,xs_wire.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,kexec.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,memory.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,nmi.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,physdev.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,platform.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,pmu.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,sched.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,sysctl.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,tmem.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,trace.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,vcpu.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,version.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,vm_event.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,xen-compat.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,xen.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,xencomm.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,xenoprof.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,public,xsm,flask_op.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/include,xen,errno.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/arm/index.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/index.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/.deps %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,arch-x86,cpufeatureset.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,arch-x86,cpuid.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,arch-x86,hvm,save.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,arch-x86,hvm,start_info.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,arch-x86,pmu.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,arch-x86,xen-mca.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,arch-x86,xen-x86_32.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,arch-x86,xen.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,arch-x86_32.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,argo.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,callback.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,device_tree_defs.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,dom0_ops.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,domctl.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,elfnote.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,errno.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,event_channel.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,features.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,grant_table.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,hvm,dm_op.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,hvm,e820.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,hvm,hvm_info_table.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,hvm,hvm_op.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,hvm,hvm_vcpu.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,hvm,hvm_xs_strings.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,hvm,ioreq.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,hvm,params.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,hvm,pvdrivers.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,hvm,save.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,hypfs.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,9pfs.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,blkif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,console.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,cameraif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,displif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,fbif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,fsif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,kbdif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,libxenvchan.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,netif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,pciif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,protocols.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,pvcalls.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,ring.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,sndif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,tpmif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,usbif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,vscsiif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,xenbus.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,io,xs_wire.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,kexec.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,memory.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,nmi.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,physdev.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,platform.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,pmu.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,sched.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,sysctl.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,tmem.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,trace.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,vcpu.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,version.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,vm_event.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,xen-compat.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,xen.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,xencomm.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,xenoprof.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,public,xsm,flask_op.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/include,xen,errno.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_32/index.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/.deps %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,arch-x86,cpufeatureset.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,arch-x86,cpuid.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,arch-x86,hvm,save.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,arch-x86,hvm,start_info.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,arch-x86,pmu.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,arch-x86,xen-mca.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,arch-x86,xen-x86_64.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,arch-x86,xen.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,arch-x86_64.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,argo.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,callback.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,device_tree_defs.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,dom0_ops.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,domctl.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,elfnote.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,errno.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,event_channel.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,features.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,grant_table.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,hvm,dm_op.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,hvm,e820.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,hvm,hvm_info_table.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,hvm,hvm_op.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,hvm,hvm_vcpu.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,hvm,hvm_xs_strings.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,hvm,ioreq.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,hvm,params.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,hvm,pvdrivers.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,hvm,save.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,hypfs.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,9pfs.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,blkif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,cameraif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,console.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,displif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,fbif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,fsif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,kbdif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,libxenvchan.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,netif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,pciif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,protocols.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,pvcalls.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,ring.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,sndif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,tpmif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,usbif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,vscsiif.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,xenbus.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,io,xs_wire.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,kexec.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,memory.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,nmi.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,physdev.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,platform.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,pmu.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,sched.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,sysctl.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,tmem.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,trace.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,vcpu.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,version.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,vm_event.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,xen-compat.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,xen.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,xencomm.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,xenoprof.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,public,xsm,flask_op.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/include,xen,errno.h.html %%PORTDOCS%%%%DOCSDIR%%/html/hypercall/x86_64/index.html %%PORTDOCS%%%%DOCSDIR%%/html/index.html %%PORTDOCS%%%%DOCSDIR%%/html/man/index.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xen-pci-device-reservations.7.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xen-pv-channel.7.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xen-tscmode.7.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xen-vtpm.7.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xen-vtpmmgr.7.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xenhypfs.1.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xenstore-chmod.1.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xenstore-ls.1.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xenstore-read.1.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xenstore-write.1.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xenstore.1.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xentop.1.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xentrace.8.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xentrace_format.1.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xl-disk-configuration.5.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xl-network-configuration.5.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xl-numa-placement.7.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xl-pci-configuration.5.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xl.1.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xl.cfg.5.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xl.conf.5.html %%PORTDOCS%%%%DOCSDIR%%/html/man/xlcpupool.cfg.5.html %%PORTDOCS%%%%DOCSDIR%%/html/misc/amd-ucode-container.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/arm/big.LITTLE.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/arm/booting.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/arm/device-tree/acpi.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/arm/device-tree/booting.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/arm/device-tree/guest.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/arm/device-tree/index.html %%PORTDOCS%%%%DOCSDIR%%/html/misc/arm/device-tree/passthrough.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/arm/early-printk.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/arm/index.html %%PORTDOCS%%%%DOCSDIR%%/html/misc/arm/passthrough.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/arm/silicon-errata.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/block-scripts.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/console.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/crashdb.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/distro_mapping.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/dump-core-format.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/grant-tables.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/index.html %%PORTDOCS%%%%DOCSDIR%%/html/misc/kexec_and_kdump.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/libxl_memory.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/printk-formats.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/qemu-backends.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/stubdom.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/vtd-pi.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/vtd.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/vtpm-platforms.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/xen-error-handling.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/xenmon.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/xenpaging.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/xenstore-ring.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/xenstore.txt %%PORTDOCS%%%%DOCSDIR%%/html/misc/xsm-flask.txt share/qemu-xen/qemu/QEMU,cgthree.bin share/qemu-xen/qemu/QEMU,tcx.bin share/qemu-xen/qemu/bamboo.dtb share/qemu-xen/qemu/bios-256k.bin share/qemu-xen/qemu/bios-microvm.bin share/qemu-xen/qemu/bios.bin share/qemu-xen/qemu/canyonlands.dtb share/qemu-xen/qemu/efi-e1000.rom share/qemu-xen/qemu/efi-e1000e.rom share/qemu-xen/qemu/efi-eepro100.rom share/qemu-xen/qemu/efi-ne2k_pci.rom share/qemu-xen/qemu/efi-pcnet.rom share/qemu-xen/qemu/efi-rtl8139.rom share/qemu-xen/qemu/efi-virtio.rom share/qemu-xen/qemu/efi-vmxnet3.rom share/qemu-xen/qemu/hppa-firmware.img share/qemu-xen/qemu/keymaps/ar share/qemu-xen/qemu/keymaps/bepo share/qemu-xen/qemu/keymaps/cz share/qemu-xen/qemu/keymaps/da share/qemu-xen/qemu/keymaps/de share/qemu-xen/qemu/keymaps/de-ch share/qemu-xen/qemu/keymaps/en-gb share/qemu-xen/qemu/keymaps/en-us share/qemu-xen/qemu/keymaps/es share/qemu-xen/qemu/keymaps/et share/qemu-xen/qemu/keymaps/fi share/qemu-xen/qemu/keymaps/fo share/qemu-xen/qemu/keymaps/fr share/qemu-xen/qemu/keymaps/fr-be share/qemu-xen/qemu/keymaps/fr-ca share/qemu-xen/qemu/keymaps/fr-ch share/qemu-xen/qemu/keymaps/hr share/qemu-xen/qemu/keymaps/hu share/qemu-xen/qemu/keymaps/is share/qemu-xen/qemu/keymaps/it share/qemu-xen/qemu/keymaps/ja share/qemu-xen/qemu/keymaps/lt share/qemu-xen/qemu/keymaps/lv share/qemu-xen/qemu/keymaps/mk share/qemu-xen/qemu/keymaps/nl share/qemu-xen/qemu/keymaps/no share/qemu-xen/qemu/keymaps/pl share/qemu-xen/qemu/keymaps/pt share/qemu-xen/qemu/keymaps/pt-br share/qemu-xen/qemu/keymaps/ru share/qemu-xen/qemu/keymaps/sl share/qemu-xen/qemu/keymaps/sv share/qemu-xen/qemu/keymaps/th share/qemu-xen/qemu/keymaps/tr share/qemu-xen/qemu/kvmvapic.bin share/qemu-xen/qemu/linuxboot.bin share/qemu-xen/qemu/linuxboot_dma.bin share/qemu-xen/qemu/multiboot.bin -share/qemu-xen/qemu/opensbi-riscv32-sifive_u-fw_jump.bin +share/qemu-xen/qemu/npcm7xx_bootrom.bin share/qemu-xen/qemu/openbios-ppc share/qemu-xen/qemu/openbios-sparc32 share/qemu-xen/qemu/openbios-sparc64 +share/qemu-xen/qemu/opensbi-riscv32-generic-fw_dynamic.bin +share/qemu-xen/qemu/opensbi-riscv32-generic-fw_dynamic.elf +share/qemu-xen/qemu/opensbi-riscv64-generic-fw_dynamic.bin +share/qemu-xen/qemu/opensbi-riscv64-generic-fw_dynamic.elf share/qemu-xen/qemu/palcode-clipper share/qemu-xen/qemu/petalogix-ml605.dtb share/qemu-xen/qemu/petalogix-s3adsp1800.dtb share/qemu-xen/qemu/pxe-e1000.rom share/qemu-xen/qemu/pxe-eepro100.rom share/qemu-xen/qemu/pxe-ne2k_pci.rom share/qemu-xen/qemu/pxe-pcnet.rom share/qemu-xen/qemu/pxe-rtl8139.rom share/qemu-xen/qemu/pxe-virtio.rom +share/qemu-xen/qemu/qboot.rom share/qemu-xen/qemu/qemu_vga.ndrv share/qemu-xen/qemu/s390-ccw.img share/qemu-xen/qemu/s390-netboot.img share/qemu-xen/qemu/sgabios.bin share/qemu-xen/qemu/skiboot.lid share/qemu-xen/qemu/slof.bin share/qemu-xen/qemu/trace-events-all share/qemu-xen/qemu/u-boot-sam460-20100605.bin share/qemu-xen/qemu/u-boot.e500 share/qemu-xen/qemu/vgabios-cirrus.bin share/qemu-xen/qemu/vgabios-qxl.bin share/qemu-xen/qemu/vgabios-stdvga.bin share/qemu-xen/qemu/vgabios-virtio.bin share/qemu-xen/qemu/vgabios-vmware.bin share/qemu-xen/qemu/vgabios.bin share/qemu-xen/applications/qemu.desktop share/qemu-xen/icons/hicolor/128x128/apps/qemu.png share/qemu-xen/icons/hicolor/16x16/apps/qemu.png share/qemu-xen/icons/hicolor/24x24/apps/qemu.png share/qemu-xen/icons/hicolor/256x256/apps/qemu.png share/qemu-xen/icons/hicolor/32x32/apps/qemu.bmp share/qemu-xen/icons/hicolor/32x32/apps/qemu.png share/qemu-xen/icons/hicolor/48x48/apps/qemu.png share/qemu-xen/icons/hicolor/512x512/apps/qemu.png share/qemu-xen/icons/hicolor/64x64/apps/qemu.png share/qemu-xen/icons/hicolor/scalable/apps/qemu.svg share/qemu-xen/qemu/edk2-aarch64-code.fd share/qemu-xen/qemu/edk2-arm-code.fd share/qemu-xen/qemu/edk2-arm-vars.fd share/qemu-xen/qemu/edk2-i386-code.fd share/qemu-xen/qemu/edk2-i386-secure-code.fd share/qemu-xen/qemu/edk2-i386-vars.fd share/qemu-xen/qemu/edk2-licenses.txt share/qemu-xen/qemu/edk2-x86_64-code.fd share/qemu-xen/qemu/edk2-x86_64-secure-code.fd share/qemu-xen/qemu/firmware/50-edk2-i386-secure.json share/qemu-xen/qemu/firmware/50-edk2-x86_64-secure.json share/qemu-xen/qemu/firmware/60-edk2-aarch64.json share/qemu-xen/qemu/firmware/60-edk2-arm.json share/qemu-xen/qemu/firmware/60-edk2-i386.json share/qemu-xen/qemu/firmware/60-edk2-x86_64.json -share/qemu-xen/qemu/opensbi-riscv32-virt-fw_jump.bin -share/qemu-xen/qemu/opensbi-riscv64-sifive_u-fw_jump.bin -share/qemu-xen/qemu/opensbi-riscv64-virt-fw_jump.bin share/qemu-xen/qemu/pvh.bin share/qemu-xen/qemu/qemu-nsis.bmp share/qemu-xen/qemu/vgabios-ati.bin share/qemu-xen/qemu/vgabios-bochs-display.bin share/qemu-xen/qemu/vgabios-ramfb.bin @dir %%ETCDIR%%/auto @dir /var/lib/xen/dump @dir /var/lib/xen/xenpaging @dir /var/lib/xen @dir /var/lib/xenstored @dir /var/lib @dir /var/log/xen @dir /var/run/xen @dir /var/run/xenstored