Wed Apr 29 21:11:13 2015 UTC ()
Pullup ticket #4698 - requested by spz
Pullup ticket #4698 - requested by spz
sysutils/xenkernel41: security patch
sysutils/xenkernel42: security patch
sysutils/xenkernel45: security patch
Revisions pulled up:
- sysutils/xenkernel41/Makefile 1.45
- sysutils/xenkernel41/distinfo 1.36
- sysutils/xenkernel41/patches/patch-CVE-2015-2752 1.1
- sysutils/xenkernel41/patches/patch-CVE-2015-2756 1.1
- sysutils/xenkernel42/Makefile 1.15
- sysutils/xenkernel42/distinfo 1.13
- sysutils/xenkernel42/patches/patch-CVE-2015-2752 1.1
- sysutils/xenkernel42/patches/patch-CVE-2015-2756 1.1
- sysutils/xenkernel45/Makefile 1.6
- sysutils/xenkernel45/distinfo 1.5
- sysutils/xenkernel45/patches/patch-CVE-2015-2752 1.1
- sysutils/xenkernel45/patches/patch-CVE-2015-2756 1.1
- sysutils/xentools41/Makefile 1.50
- sysutils/xentools41/distinfo 1.38
- sysutils/xentools41/patches/patch-CVE-2015-2752 1.1
- sysutils/xentools41/patches/patch-CVE-2015-2756 1.1
- sysutils/xentools42/Makefile 1.27
- sysutils/xentools42/distinfo 1.16
- sysutils/xentools42/patches/patch-CVE-2015-2752 1.1
- sysutils/xentools42/patches/patch-CVE-2015-2756 1.1
- sysutils/xentools45/Makefile 1.6
- sysutils/xentools45/distinfo 1.6
- sysutils/xentools45/patches/patch-CVE-2015-2752 1.1
- sysutils/xentools45/patches/patch-CVE-2015-2756 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Sun Apr 19 13:13:21 UTC 2015
Modified Files:
pkgsrc/sysutils/xenkernel41: Makefile distinfo
pkgsrc/sysutils/xenkernel42: Makefile distinfo
pkgsrc/sysutils/xenkernel45: Makefile distinfo
pkgsrc/sysutils/xentools41: Makefile distinfo
pkgsrc/sysutils/xentools42: Makefile distinfo
pkgsrc/sysutils/xentools45: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2015-2752
patch-CVE-2015-2756
pkgsrc/sysutils/xenkernel42/patches: patch-CVE-2015-2752
patch-CVE-2015-2756
pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-2752
patch-CVE-2015-2756
pkgsrc/sysutils/xentools41/patches: patch-CVE-2015-2752
patch-CVE-2015-2756
pkgsrc/sysutils/xentools42/patches: patch-CVE-2015-2752
patch-CVE-2015-2756
pkgsrc/sysutils/xentools45/patches: patch-CVE-2015-2752
patch-CVE-2015-2756
Log Message:
apply fixes from upstream for
XSA-125 Long latency MMIO mapping operations are not preemptible
XSA-126 Unmediated PCI command register access in qemu
(tron)
diff -r1.44 -r1.44.2.1 pkgsrc/sysutils/xenkernel41/Makefile
diff -r1.35 -r1.35.2.1 pkgsrc/sysutils/xenkernel41/distinfo
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xenkernel41/patches/patch-CVE-2015-2752
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xenkernel41/patches/patch-CVE-2015-2756
diff -r1.14 -r1.14.2.1 pkgsrc/sysutils/xenkernel42/Makefile
diff -r1.12 -r1.12.2.1 pkgsrc/sysutils/xenkernel42/distinfo
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xenkernel42/patches/patch-CVE-2015-2752
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xenkernel42/patches/patch-CVE-2015-2756
diff -r1.5 -r1.5.2.1 pkgsrc/sysutils/xenkernel45/Makefile
diff -r1.4 -r1.4.2.1 pkgsrc/sysutils/xenkernel45/distinfo
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xenkernel45/patches/patch-CVE-2015-2752
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xenkernel45/patches/patch-CVE-2015-2756
diff -r1.49 -r1.49.4.1 pkgsrc/sysutils/xentools41/Makefile
diff -r1.37 -r1.37.6.1 pkgsrc/sysutils/xentools41/distinfo
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xentools41/patches/patch-CVE-2015-2752
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xentools41/patches/patch-CVE-2015-2756
diff -r1.26 -r1.26.2.1 pkgsrc/sysutils/xentools42/Makefile
diff -r1.15 -r1.15.2.1 pkgsrc/sysutils/xentools42/distinfo
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xentools42/patches/patch-CVE-2015-2752
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xentools42/patches/patch-CVE-2015-2756
diff -r1.5 -r1.5.2.1 pkgsrc/sysutils/xentools45/Makefile
diff -r1.5 -r1.5.2.1 pkgsrc/sysutils/xentools45/distinfo
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xentools45/patches/patch-CVE-2015-2752
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xentools45/patches/patch-CVE-2015-2756
--- pkgsrc/sysutils/xenkernel41/Attic/Makefile 2015/03/10 20:27:16 1.44
+++ pkgsrc/sysutils/xenkernel41/Attic/Makefile 2015/04/29 21:11:12 1.44.2.1
| @@ -1,19 +1,19 @@ | | | @@ -1,19 +1,19 @@ |
1 | # $NetBSD: Makefile,v 1.44 2015/03/10 20:27:16 spz Exp $ | | 1 | # $NetBSD: Makefile,v 1.44.2.1 2015/04/29 21:11:12 tron Exp $ |
2 | | | 2 | |
3 | VERSION= 4.1.6.1 | | 3 | VERSION= 4.1.6.1 |
4 | DISTNAME= xen-${VERSION} | | 4 | DISTNAME= xen-${VERSION} |
5 | PKGNAME= xenkernel41-${VERSION} | | 5 | PKGNAME= xenkernel41-${VERSION} |
6 | PKGREVISION= 15 | | 6 | PKGREVISION= 16 |
7 | CATEGORIES= sysutils | | 7 | CATEGORIES= sysutils |
8 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | | 8 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ |
9 | | | 9 | |
10 | MAINTAINER= cegger@NetBSD.org | | 10 | MAINTAINER= cegger@NetBSD.org |
11 | HOMEPAGE= http://xen.org/ | | 11 | HOMEPAGE= http://xen.org/ |
12 | COMMENT= Xen 4.1.x Kernel | | 12 | COMMENT= Xen 4.1.x Kernel |
13 | | | 13 | |
14 | LICENSE= gnu-gpl-v2 | | 14 | LICENSE= gnu-gpl-v2 |
15 | | | 15 | |
16 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 | | 16 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 |
17 | ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 | | 17 | ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 |
18 | | | 18 | |
19 | NO_CONFIGURE= yes | | 19 | NO_CONFIGURE= yes |
--- pkgsrc/sysutils/xenkernel41/Attic/distinfo 2015/03/10 20:27:16 1.35
+++ pkgsrc/sysutils/xenkernel41/Attic/distinfo 2015/04/29 21:11:12 1.35.2.1
| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | $NetBSD: distinfo,v 1.35 2015/03/10 20:27:16 spz Exp $ | | 1 | $NetBSD: distinfo,v 1.35.2.1 2015/04/29 21:11:12 tron Exp $ |
2 | | | 2 | |
3 | SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0 | | 3 | SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0 |
4 | RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19 | | 4 | RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19 |
5 | Size (xen-4.1.6.1.tar.gz) = 10428485 bytes | | 5 | Size (xen-4.1.6.1.tar.gz) = 10428485 bytes |
6 | SHA1 (patch-CVE-2013-1442) = 7aa43513ea7cddc50b4e6802412cfc2903cce8e1 | | 6 | SHA1 (patch-CVE-2013-1442) = 7aa43513ea7cddc50b4e6802412cfc2903cce8e1 |
7 | SHA1 (patch-CVE-2013-4355_1) = 56dde995d7df4f18576040007fd5532de61d9069 | | 7 | SHA1 (patch-CVE-2013-4355_1) = 56dde995d7df4f18576040007fd5532de61d9069 |
8 | SHA1 (patch-CVE-2013-4355_2) = 70fd2f2e45a05a53d8ce7d0bd72b18165dd13509 | | 8 | SHA1 (patch-CVE-2013-4355_2) = 70fd2f2e45a05a53d8ce7d0bd72b18165dd13509 |
9 | SHA1 (patch-CVE-2013-4355_3) = 93f7bf877945e585fb906dbfc8159e688813c12f | | 9 | SHA1 (patch-CVE-2013-4355_3) = 93f7bf877945e585fb906dbfc8159e688813c12f |
10 | SHA1 (patch-CVE-2013-4355_4) = 88f478997d2631ec41adfd42a9d79f2d87bb44d8 | | 10 | SHA1 (patch-CVE-2013-4355_4) = 88f478997d2631ec41adfd42a9d79f2d87bb44d8 |
11 | SHA1 (patch-CVE-2013-4361) = b9074af976ba98c02aeb84288a10527bf7693241 | | 11 | SHA1 (patch-CVE-2013-4361) = b9074af976ba98c02aeb84288a10527bf7693241 |
12 | SHA1 (patch-CVE-2013-4368) = 77caf392b472e5586eb2fa6a37d173cd856f6f15 | | 12 | SHA1 (patch-CVE-2013-4368) = 77caf392b472e5586eb2fa6a37d173cd856f6f15 |
13 | SHA1 (patch-CVE-2013-4494) = d74dfc898d1128f3c205bd178c8cf663935711e3 | | 13 | SHA1 (patch-CVE-2013-4494) = d74dfc898d1128f3c205bd178c8cf663935711e3 |
14 | SHA1 (patch-CVE-2013-4553) = 6708dcef1737b119a3fcf2e3414c22c115cbacc1 | | 14 | SHA1 (patch-CVE-2013-4553) = 6708dcef1737b119a3fcf2e3414c22c115cbacc1 |
| @@ -18,20 +18,22 @@ SHA1 (patch-CVE-2014-1666) = acf27080799 | | | @@ -18,20 +18,22 @@ SHA1 (patch-CVE-2014-1666) = acf27080799 |
18 | SHA1 (patch-CVE-2014-3124) = 59a48eed88abcda5de2fc7e398451a492e5d2145 | | 18 | SHA1 (patch-CVE-2014-3124) = 59a48eed88abcda5de2fc7e398451a492e5d2145 |
19 | SHA1 (patch-CVE-2014-4021) = ee8ee800b35f7eaa242b06536c1ffa6568305b36 | | 19 | SHA1 (patch-CVE-2014-4021) = ee8ee800b35f7eaa242b06536c1ffa6568305b36 |
20 | SHA1 (patch-CVE-2014-7154) = 5f0541559d911778aa5267bb5c0e1e8a9a3904e2 | | 20 | SHA1 (patch-CVE-2014-7154) = 5f0541559d911778aa5267bb5c0e1e8a9a3904e2 |
21 | SHA1 (patch-CVE-2014-7155) = 0f1aa6a5d4fdb8403fc1e01b884491a63de501f8 | | 21 | SHA1 (patch-CVE-2014-7155) = 0f1aa6a5d4fdb8403fc1e01b884491a63de501f8 |
22 | SHA1 (patch-CVE-2014-7156) = 85043bdcf2644227d135f725cb442aade565c9d6 | | 22 | SHA1 (patch-CVE-2014-7156) = 85043bdcf2644227d135f725cb442aade565c9d6 |
23 | SHA1 (patch-CVE-2014-8594) = 39d9d220d89c2356fa745dad5bf8c7ef5e8f2516 | | 23 | SHA1 (patch-CVE-2014-8594) = 39d9d220d89c2356fa745dad5bf8c7ef5e8f2516 |
24 | SHA1 (patch-CVE-2014-8595) = 46bd285b7eb8f2e23984f7917b12af2191bfef80 | | 24 | SHA1 (patch-CVE-2014-8595) = 46bd285b7eb8f2e23984f7917b12af2191bfef80 |
25 | SHA1 (patch-CVE-2014-8866) = ee0bc3afb767b50e973d6065b84adc7e51949def | | 25 | SHA1 (patch-CVE-2014-8866) = ee0bc3afb767b50e973d6065b84adc7e51949def |
26 | SHA1 (patch-CVE-2014-8867) = 576433746660f62b753088a66c5315a1a2ff8f76 | | 26 | SHA1 (patch-CVE-2014-8867) = 576433746660f62b753088a66c5315a1a2ff8f76 |
27 | SHA1 (patch-CVE-2014-9030) = f52c302585b0f4b074f7562e6b8cddacb26deee4 | | 27 | SHA1 (patch-CVE-2014-9030) = f52c302585b0f4b074f7562e6b8cddacb26deee4 |
28 | SHA1 (patch-CVE-2015-2044) = 00d32273d0a9f51927ff94a13f916382c3126e60 | | 28 | SHA1 (patch-CVE-2015-2044) = 00d32273d0a9f51927ff94a13f916382c3126e60 |
29 | SHA1 (patch-CVE-2015-2045) = e1874bbde0cce7db4ee9260440f5280d404027d7 | | 29 | SHA1 (patch-CVE-2015-2045) = e1874bbde0cce7db4ee9260440f5280d404027d7 |
30 | SHA1 (patch-CVE-2015-2151) = aed92f50d162febc3074f7edecaf6ca418d0b42c | | 30 | SHA1 (patch-CVE-2015-2151) = aed92f50d162febc3074f7edecaf6ca418d0b42c |
| | | 31 | SHA1 (patch-CVE-2015-2752) = 37f44989a3b3c69dea8e9de9fc34ffd5c2e8b087 |
| | | 32 | SHA1 (patch-CVE-2015-2756) = b3b133d42229ecc8c308644b17e5317cd77f9a98 |
31 | SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 | | 33 | SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 |
32 | SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b | | 34 | SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b |
33 | SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 | | 35 | SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 |
34 | SHA1 (patch-xen_arch_x86_cpu_mcheck_vmce.c) = 5afd01780a13654f1d21bf1562f6431c8370be0b | | 36 | SHA1 (patch-xen_arch_x86_cpu_mcheck_vmce.c) = 5afd01780a13654f1d21bf1562f6431c8370be0b |
35 | SHA1 (patch-xen_arch_x86_time.c) = 1611959c08ad79e3f042ac70c8d9d57b60225289 | | 37 | SHA1 (patch-xen_arch_x86_time.c) = 1611959c08ad79e3f042ac70c8d9d57b60225289 |
36 | SHA1 (patch-xen_drivers_char_console_c) = 0fe186369602ccffaeec6f4bfbee8bb4298d3ff0 | | 38 | SHA1 (patch-xen_drivers_char_console_c) = 0fe186369602ccffaeec6f4bfbee8bb4298d3ff0 |
37 | SHA1 (patch-xen_include_xen_stdarg.h) = e9df974a9b783ed442ab17497198432cb9844b70 | | 39 | SHA1 (patch-xen_include_xen_stdarg.h) = e9df974a9b783ed442ab17497198432cb9844b70 |
$NetBSD: patch-CVE-2015-2752,v 1.1.2.2 2015/04/29 21:11:12 tron Exp $
Patch for CVE-2015-2752 aka XSA-125 from
http://xenbits.xenproject.org/xsa/xsa125-4.2.patch
--- tools/libxc/xc_domain.c.orig 2013-09-10 06:42:18.000000000 +0000
+++ tools/libxc/xc_domain.c
@@ -1322,6 +1322,13 @@ int xc_domain_bind_pt_isa_irq(
PT_IRQ_TYPE_ISA, 0, 0, 0, machine_irq));
}
+#ifndef min
+#define min(X, Y) ({ \
+ const typeof (X) _x = (X); \
+ const typeof (Y) _y = (Y); \
+ (void) (&_x == &_y); \
+ (_x < _y) ? _x : _y; })
+#endif
int xc_domain_memory_mapping(
xc_interface *xch,
uint32_t domid,
@@ -1331,17 +1338,55 @@ int xc_domain_memory_mapping(
uint32_t add_mapping)
{
DECLARE_DOMCTL;
+ int ret = 0, err;
+ unsigned long done = 0, nr, max_batch_sz;
+
+ if ( !nr_mfns )
+ return 0;
domctl.cmd = XEN_DOMCTL_memory_mapping;
domctl.domain = domid;
- domctl.u.memory_mapping.first_gfn = first_gfn;
- domctl.u.memory_mapping.first_mfn = first_mfn;
- domctl.u.memory_mapping.nr_mfns = nr_mfns;
domctl.u.memory_mapping.add_mapping = add_mapping;
+ max_batch_sz = nr_mfns;
+ do
+ {
+ nr = min(nr_mfns - done, max_batch_sz);
+ domctl.u.memory_mapping.nr_mfns = nr;
+ domctl.u.memory_mapping.first_gfn = first_gfn + done;
+ domctl.u.memory_mapping.first_mfn = first_mfn + done;
+ err = do_domctl(xch, &domctl);
+ if ( err && errno == E2BIG )
+ {
+ if ( max_batch_sz <= 1 )
+ break;
+ max_batch_sz >>= 1;
+ continue;
+ }
+ /* Save the first error... */
+ if ( !ret )
+ ret = err;
+ /* .. and ignore the rest of them when removing. */
+ if ( err && add_mapping != DPCI_REMOVE_MAPPING )
+ break;
+
+ done += nr;
+ } while ( done < nr_mfns );
+
+ /*
+ * Undo what we have done unless unmapping, by unmapping the entire region.
+ * Errors here are ignored.
+ */
+ if ( ret && add_mapping != DPCI_REMOVE_MAPPING )
+ xc_domain_memory_mapping(xch, domid, first_gfn, first_mfn, nr_mfns,
+ DPCI_REMOVE_MAPPING);
+
+ /* We might get E2BIG so many times that we never advance. */
+ if ( !done && !ret )
+ ret = -1;
- return do_domctl(xch, &domctl);
+ return ret;
}
-
+#undef min
int xc_domain_ioport_mapping(
xc_interface *xch,
uint32_t domid,
--- xen/arch/x86/domctl.c.orig 2015-04-19 10:54:27.000000000 +0000
+++ xen/arch/x86/domctl.c
@@ -998,6 +998,11 @@ long arch_do_domctl(
(gfn + nr_mfns - 1) < gfn ) /* wrap? */
break;
+ ret = -E2BIG;
+ /* Must break hypercall up as this could take a while. */
+ if ( nr_mfns > 64 )
+ break;
+
ret = -EPERM;
if ( !IS_PRIV(current->domain) &&
!iomem_access_permitted(current->domain, mfn, mfn + nr_mfns - 1) )
--- xen/include/public/domctl.h.orig 2013-09-10 06:42:18.000000000 +0000
+++ xen/include/public/domctl.h
@@ -505,6 +505,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_domctl_bind_
/* Bind machine I/O address range -> HVM address range. */
+/* If this returns -E2BIG lower nr_mfns value. */
/* XEN_DOMCTL_memory_mapping */
#define DPCI_ADD_MAPPING 1
#define DPCI_REMOVE_MAPPING 0
$NetBSD: patch-CVE-2015-2756,v 1.1.2.2 2015/04/29 21:11:12 tron Exp $
patch for CVE-2015-2756 aka XSA-126 from
http://xenbits.xenproject.org/xsa/xsa126-qemut.patch
--- tools/ioemu-qemu-xen/hw/pass-through.c.orig 2013-07-17 10:59:40.000000000 +0000
+++ tools/ioemu-qemu-xen/hw/pass-through.c
@@ -171,9 +171,6 @@ static int pt_word_reg_read(struct pt_de
static int pt_long_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask);
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
@@ -277,9 +274,9 @@ static struct pt_reg_info_tbl pt_emu_reg
.size = 2,
.init_val = 0x0000,
.ro_mask = 0xF880,
- .emu_mask = 0x0740,
+ .emu_mask = 0x0743,
.init = pt_common_reg_init,
- .u.w.read = pt_cmd_reg_read,
+ .u.w.read = pt_word_reg_read,
.u.w.write = pt_cmd_reg_write,
.u.w.restore = pt_cmd_reg_restore,
},
@@ -1865,7 +1862,7 @@ static int pt_dev_is_virtfn(struct pci_d
return rc;
}
-static int pt_register_regions(struct pt_dev *assigned_device)
+static int pt_register_regions(struct pt_dev *assigned_device, uint16_t *cmd)
{
int i = 0;
uint32_t bar_data = 0;
@@ -1885,17 +1882,26 @@ static int pt_register_regions(struct pt
/* Register current region */
if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_IO )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_IO,
pt_ioport_map);
+ *cmd |= PCI_COMMAND_IO;
+ }
else if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_MEM_PREFETCH )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM_PREFETCH,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
else
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
PT_LOG("IO region registered (size=0x%08x base_addr=0x%08x)\n",
(uint32_t)(pci_dev->size[i]),
@@ -3221,27 +3227,6 @@ static int pt_long_reg_read(struct pt_de
return 0;
}
-/* read Command register */
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask)
-{
- struct pt_reg_info_tbl *reg = cfg_entry->reg;
- uint16_t valid_emu_mask = 0;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
-
- /* emulate word register */
- valid_emu_mask = emu_mask & valid_mask;
- *value = PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
-
/* read BAR */
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
@@ -3376,19 +3361,13 @@ static int pt_cmd_reg_write(struct pt_de
uint16_t writable_mask = 0;
uint16_t throughable_mask = 0;
uint16_t wr_value = *value;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
/* modify emulate register */
writable_mask = ~reg->ro_mask & valid_mask;
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~emu_mask & valid_mask;
+ throughable_mask = ~reg->emu_mask & valid_mask;
if (*value & PCI_COMMAND_DISABLE_INTx)
{
@@ -4151,6 +4130,7 @@ static struct pt_dev * register_real_dev
struct pt_dev *assigned_device = NULL;
struct pci_dev *pci_dev;
uint8_t e_device, e_intx;
+ uint16_t cmd = 0;
char *key, *val;
int msi_translate, power_mgmt;
@@ -4240,7 +4220,7 @@ static struct pt_dev * register_real_dev
assigned_device->dev.config[i] = pci_read_byte(pci_dev, i);
/* Handle real device's MMIO/PIO BARs */
- pt_register_regions(assigned_device);
+ pt_register_regions(assigned_device, &cmd);
/* Setup VGA bios for passthroughed gfx */
if ( setup_vga_pt(assigned_device) < 0 )
@@ -4318,6 +4298,10 @@ static struct pt_dev * register_real_dev
}
out:
+ if (cmd)
+ pci_write_word(pci_dev, PCI_COMMAND,
+ *(uint16_t *)(&assigned_device->dev.config[PCI_COMMAND]) | cmd);
+
PT_LOG("Real physical device %02x:%02x.%x registered successfuly!\n"
"IRQ type = %s\n", r_bus, r_dev, r_func,
assigned_device->msi_trans_en? "MSI-INTx":"INTx");
--- pkgsrc/sysutils/xenkernel42/Attic/Makefile 2015/03/18 15:05:51 1.14
+++ pkgsrc/sysutils/xenkernel42/Attic/Makefile 2015/04/29 21:11:12 1.14.2.1
| @@ -1,19 +1,19 @@ | | | @@ -1,19 +1,19 @@ |
1 | # $NetBSD: Makefile,v 1.14 2015/03/18 15:05:51 joerg Exp $ | | 1 | # $NetBSD: Makefile,v 1.14.2.1 2015/04/29 21:11:12 tron Exp $ |
2 | | | 2 | |
3 | VERSION= 4.2.5 | | 3 | VERSION= 4.2.5 |
4 | DISTNAME= xen-${VERSION} | | 4 | DISTNAME= xen-${VERSION} |
5 | PKGNAME= xenkernel42-${VERSION} | | 5 | PKGNAME= xenkernel42-${VERSION} |
6 | PKGREVISION= 5 | | 6 | PKGREVISION= 6 |
7 | CATEGORIES= sysutils | | 7 | CATEGORIES= sysutils |
8 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | | 8 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ |
9 | | | 9 | |
10 | MAINTAINER= pkgsrc-users@NetBSD.org | | 10 | MAINTAINER= pkgsrc-users@NetBSD.org |
11 | HOMEPAGE= http://xenproject.org/ | | 11 | HOMEPAGE= http://xenproject.org/ |
12 | COMMENT= Xen 4.2.x Kernel | | 12 | COMMENT= Xen 4.2.x Kernel |
13 | | | 13 | |
14 | LICENSE= gnu-gpl-v2 | | 14 | LICENSE= gnu-gpl-v2 |
15 | | | 15 | |
16 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 | | 16 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 |
17 | ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 | | 17 | ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 |
18 | | | 18 | |
19 | NO_CONFIGURE= yes | | 19 | NO_CONFIGURE= yes |
--- pkgsrc/sysutils/xenkernel42/Attic/distinfo 2015/03/18 15:05:51 1.12
+++ pkgsrc/sysutils/xenkernel42/Attic/distinfo 2015/04/29 21:11:12 1.12.2.1
| @@ -1,25 +1,27 @@ | | | @@ -1,25 +1,27 @@ |
1 | $NetBSD: distinfo,v 1.12 2015/03/18 15:05:51 joerg Exp $ | | 1 | $NetBSD: distinfo,v 1.12.2.1 2015/04/29 21:11:12 tron Exp $ |
2 | | | 2 | |
3 | SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a | | 3 | SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a |
4 | RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19 | | 4 | RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19 |
5 | Size (xen-4.2.5.tar.gz) = 15671925 bytes | | 5 | Size (xen-4.2.5.tar.gz) = 15671925 bytes |
6 | SHA1 (patch-CVE-2014-8594) = 8599e5007e8f15eddc1385aa1d90accf1690952e | | 6 | SHA1 (patch-CVE-2014-8594) = 8599e5007e8f15eddc1385aa1d90accf1690952e |
7 | SHA1 (patch-CVE-2014-8595) = 46bd285b7eb8f2e23984f7917b12af2191bfef80 | | 7 | SHA1 (patch-CVE-2014-8595) = 46bd285b7eb8f2e23984f7917b12af2191bfef80 |
8 | SHA1 (patch-CVE-2014-8866) = 9888e9585364681dfaa43af953eb104715cc4f99 | | 8 | SHA1 (patch-CVE-2014-8866) = 9888e9585364681dfaa43af953eb104715cc4f99 |
9 | SHA1 (patch-CVE-2014-8867) = 576433746660f62b753088a66c5315a1a2ff8f76 | | 9 | SHA1 (patch-CVE-2014-8867) = 576433746660f62b753088a66c5315a1a2ff8f76 |
10 | SHA1 (patch-CVE-2014-9030) = f4646ab2b0d01ad2a3bf47839fe0ffd35479b4a6 | | 10 | SHA1 (patch-CVE-2014-9030) = f4646ab2b0d01ad2a3bf47839fe0ffd35479b4a6 |
11 | SHA1 (patch-CVE-2015-2044) = bcb7152da8d37902540cbfbdfd7309536cffa61e | | 11 | SHA1 (patch-CVE-2015-2044) = bcb7152da8d37902540cbfbdfd7309536cffa61e |
12 | SHA1 (patch-CVE-2015-2045) = f70839fabd4ef9086c8fb808e4f3448a8e844c98 | | 12 | SHA1 (patch-CVE-2015-2045) = f70839fabd4ef9086c8fb808e4f3448a8e844c98 |
13 | SHA1 (patch-CVE-2015-2151) = df05750b86331b88102b41f065c314c38c6bc396 | | 13 | SHA1 (patch-CVE-2015-2151) = df05750b86331b88102b41f065c314c38c6bc396 |
| | | 14 | SHA1 (patch-CVE-2015-2752) = 62547b55385aaf54af23270939fe086b996d5744 |
| | | 15 | SHA1 (patch-CVE-2015-2756) = cb1be46c28e6f88c13fc0d26ff0606bdb877283c |
14 | SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 | | 16 | SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 |
15 | SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a | | 17 | SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a |
16 | SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 | | 18 | SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 |
17 | SHA1 (patch-xen_arch_x86_hvm_hvm.c) = b6bac1d466ba5bc276bc3aea9d4c9df37f2b9b0f | | 19 | SHA1 (patch-xen_arch_x86_hvm_hvm.c) = b6bac1d466ba5bc276bc3aea9d4c9df37f2b9b0f |
18 | SHA1 (patch-xen_arch_x86_mm_shadow_common.c) = 89dce860cc6aef7d0ec31f3137616b592490e60a | | 20 | SHA1 (patch-xen_arch_x86_mm_shadow_common.c) = 89dce860cc6aef7d0ec31f3137616b592490e60a |
19 | SHA1 (patch-xen_arch_x86_x86_emulate_x86_emulate.c) = 8b906e762c8f94a670398b4e033d50a2fb012f0a | | 21 | SHA1 (patch-xen_arch_x86_x86_emulate_x86_emulate.c) = 8b906e762c8f94a670398b4e033d50a2fb012f0a |
20 | SHA1 (patch-xen_common_spinlock.c) = 06f06b5e9b098262ebaa8af0be4837005fb5b8b4 | | 22 | SHA1 (patch-xen_common_spinlock.c) = 06f06b5e9b098262ebaa8af0be4837005fb5b8b4 |
21 | SHA1 (patch-xen_include_asm-arm_spinlock.h) = fe2e35a5ebec4c551df5d1680c93e6ad19348d93 | | 23 | SHA1 (patch-xen_include_asm-arm_spinlock.h) = fe2e35a5ebec4c551df5d1680c93e6ad19348d93 |
22 | SHA1 (patch-xen_include_asm-x86_atomic.h) = d406c6071ea3823c25113a801dd77ff32146d162 | | 24 | SHA1 (patch-xen_include_asm-x86_atomic.h) = d406c6071ea3823c25113a801dd77ff32146d162 |
23 | SHA1 (patch-xen_include_asm-x86_spinlock.h) = fbaaf264e9aa4857635a81b63c4a77cba4bf560f | | 25 | SHA1 (patch-xen_include_asm-x86_spinlock.h) = fbaaf264e9aa4857635a81b63c4a77cba4bf560f |
24 | SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044 | | 26 | SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044 |
25 | SHA1 (patch-xen_include_xen_spinlock.h) = 8e06de55c9b4bfc360e0b8ac5a605adedab8eb8f | | 27 | SHA1 (patch-xen_include_xen_spinlock.h) = 8e06de55c9b4bfc360e0b8ac5a605adedab8eb8f |
$NetBSD: patch-CVE-2015-2752,v 1.1.2.2 2015/04/29 21:11:12 tron Exp $
Patch for CVE-2015-2752 aka XSA-125 from
http://xenbits.xenproject.org/xsa/xsa125-4.2.patch
--- tools/libxc/xc_domain.c.orig 2014-09-02 06:22:57.000000000 +0000
+++ tools/libxc/xc_domain.c
@@ -1352,6 +1352,13 @@ int xc_domain_bind_pt_isa_irq(
PT_IRQ_TYPE_ISA, 0, 0, 0, machine_irq));
}
+#ifndef min
+#define min(X, Y) ({ \
+ const typeof (X) _x = (X); \
+ const typeof (Y) _y = (Y); \
+ (void) (&_x == &_y); \
+ (_x < _y) ? _x : _y; })
+#endif
int xc_domain_memory_mapping(
xc_interface *xch,
uint32_t domid,
@@ -1361,17 +1368,55 @@ int xc_domain_memory_mapping(
uint32_t add_mapping)
{
DECLARE_DOMCTL;
+ int ret = 0, err;
+ unsigned long done = 0, nr, max_batch_sz;
+
+ if ( !nr_mfns )
+ return 0;
domctl.cmd = XEN_DOMCTL_memory_mapping;
domctl.domain = domid;
- domctl.u.memory_mapping.first_gfn = first_gfn;
- domctl.u.memory_mapping.first_mfn = first_mfn;
- domctl.u.memory_mapping.nr_mfns = nr_mfns;
domctl.u.memory_mapping.add_mapping = add_mapping;
+ max_batch_sz = nr_mfns;
+ do
+ {
+ nr = min(nr_mfns - done, max_batch_sz);
+ domctl.u.memory_mapping.nr_mfns = nr;
+ domctl.u.memory_mapping.first_gfn = first_gfn + done;
+ domctl.u.memory_mapping.first_mfn = first_mfn + done;
+ err = do_domctl(xch, &domctl);
+ if ( err && errno == E2BIG )
+ {
+ if ( max_batch_sz <= 1 )
+ break;
+ max_batch_sz >>= 1;
+ continue;
+ }
+ /* Save the first error... */
+ if ( !ret )
+ ret = err;
+ /* .. and ignore the rest of them when removing. */
+ if ( err && add_mapping != DPCI_REMOVE_MAPPING )
+ break;
+
+ done += nr;
+ } while ( done < nr_mfns );
+
+ /*
+ * Undo what we have done unless unmapping, by unmapping the entire region.
+ * Errors here are ignored.
+ */
+ if ( ret && add_mapping != DPCI_REMOVE_MAPPING )
+ xc_domain_memory_mapping(xch, domid, first_gfn, first_mfn, nr_mfns,
+ DPCI_REMOVE_MAPPING);
+
+ /* We might get E2BIG so many times that we never advance. */
+ if ( !done && !ret )
+ ret = -1;
- return do_domctl(xch, &domctl);
+ return ret;
}
-
+#undef min
int xc_domain_ioport_mapping(
xc_interface *xch,
uint32_t domid,
--- xen/arch/x86/domctl.c.orig 2014-09-02 06:22:57.000000000 +0000
+++ xen/arch/x86/domctl.c
@@ -865,6 +865,11 @@ long arch_do_domctl(
(gfn + nr_mfns - 1) < gfn ) /* wrap? */
break;
+ ret = -E2BIG;
+ /* Must break hypercall up as this could take a while. */
+ if ( nr_mfns > 64 )
+ break;
+
ret = -EPERM;
if ( !IS_PRIV(current->domain) &&
!iomem_access_permitted(current->domain, mfn, mfn + nr_mfns - 1) )
--- xen/include/public/domctl.h.orig 2014-09-02 06:22:57.000000000 +0000
+++ xen/include/public/domctl.h
@@ -507,6 +507,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_domctl_bind_
/* Bind machine I/O address range -> HVM address range. */
+/* If this returns -E2BIG lower nr_mfns value. */
/* XEN_DOMCTL_memory_mapping */
#define DPCI_ADD_MAPPING 1
#define DPCI_REMOVE_MAPPING 0
$NetBSD: patch-CVE-2015-2756,v 1.1.2.2 2015/04/29 21:11:12 tron Exp $
patch for CVE-2015-2756 aka XSA-126 from
http://xenbits.xenproject.org/xsa/xsa126-qemut.patch
--- tools/qemu-xen-traditional/hw/pass-through.c.orig 2014-01-09 12:44:42.000000000 +0000
+++ tools/qemu-xen-traditional/hw/pass-through.c
@@ -172,9 +172,6 @@ static int pt_word_reg_read(struct pt_de
static int pt_long_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask);
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
@@ -286,9 +283,9 @@ static struct pt_reg_info_tbl pt_emu_reg
.size = 2,
.init_val = 0x0000,
.ro_mask = 0xF880,
- .emu_mask = 0x0740,
+ .emu_mask = 0x0743,
.init = pt_common_reg_init,
- .u.w.read = pt_cmd_reg_read,
+ .u.w.read = pt_word_reg_read,
.u.w.write = pt_cmd_reg_write,
.u.w.restore = pt_cmd_reg_restore,
},
@@ -1905,7 +1902,7 @@ static int pt_dev_is_virtfn(struct pci_d
return rc;
}
-static int pt_register_regions(struct pt_dev *assigned_device)
+static int pt_register_regions(struct pt_dev *assigned_device, uint16_t *cmd)
{
int i = 0;
uint32_t bar_data = 0;
@@ -1925,17 +1922,26 @@ static int pt_register_regions(struct pt
/* Register current region */
if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_IO )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_IO,
pt_ioport_map);
+ *cmd |= PCI_COMMAND_IO;
+ }
else if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_MEM_PREFETCH )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM_PREFETCH,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
else
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
PT_LOG("IO region registered (size=0x%08x base_addr=0x%08x)\n",
(uint32_t)(pci_dev->size[i]),
@@ -3263,27 +3269,6 @@ static int pt_long_reg_read(struct pt_de
return 0;
}
-/* read Command register */
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask)
-{
- struct pt_reg_info_tbl *reg = cfg_entry->reg;
- uint16_t valid_emu_mask = 0;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
-
- /* emulate word register */
- valid_emu_mask = emu_mask & valid_mask;
- *value = PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
-
/* read BAR */
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
@@ -3418,19 +3403,13 @@ static int pt_cmd_reg_write(struct pt_de
uint16_t writable_mask = 0;
uint16_t throughable_mask = 0;
uint16_t wr_value = *value;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
/* modify emulate register */
writable_mask = ~reg->ro_mask & valid_mask;
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~emu_mask & valid_mask;
+ throughable_mask = ~reg->emu_mask & valid_mask;
if (*value & PCI_COMMAND_DISABLE_INTx)
{
@@ -4205,6 +4184,7 @@ static struct pt_dev * register_real_dev
struct pt_dev *assigned_device = NULL;
struct pci_dev *pci_dev;
uint8_t e_device, e_intx;
+ uint16_t cmd = 0;
char *key, *val;
int msi_translate, power_mgmt;
@@ -4294,7 +4274,7 @@ static struct pt_dev * register_real_dev
assigned_device->dev.config[i] = pci_read_byte(pci_dev, i);
/* Handle real device's MMIO/PIO BARs */
- pt_register_regions(assigned_device);
+ pt_register_regions(assigned_device, &cmd);
/* Setup VGA bios for passthroughed gfx */
if ( setup_vga_pt(assigned_device) < 0 )
@@ -4372,6 +4352,10 @@ static struct pt_dev * register_real_dev
}
out:
+ if (cmd)
+ pci_write_word(pci_dev, PCI_COMMAND,
+ *(uint16_t *)(&assigned_device->dev.config[PCI_COMMAND]) | cmd);
+
PT_LOG("Real physical device %02x:%02x.%x registered successfuly!\n"
"IRQ type = %s\n", r_bus, r_dev, r_func,
assigned_device->msi_trans_en? "MSI-INTx":"INTx");
--- pkgsrc/sysutils/xenkernel45/Attic/Makefile 2015/03/10 20:08:43 1.5
+++ pkgsrc/sysutils/xenkernel45/Attic/Makefile 2015/04/29 21:11:12 1.5.2.1
| @@ -1,19 +1,19 @@ | | | @@ -1,19 +1,19 @@ |
1 | # $NetBSD: Makefile,v 1.5 2015/03/10 20:08:43 spz Exp $ | | 1 | # $NetBSD: Makefile,v 1.5.2.1 2015/04/29 21:11:12 tron Exp $ |
2 | | | 2 | |
3 | VERSION= 4.5.0 | | 3 | VERSION= 4.5.0 |
4 | DISTNAME= xen-${VERSION} | | 4 | DISTNAME= xen-${VERSION} |
5 | PKGNAME= xenkernel45-${VERSION} | | 5 | PKGNAME= xenkernel45-${VERSION} |
6 | PKGREVISION= 2 | | 6 | PKGREVISION= 3 |
7 | CATEGORIES= sysutils | | 7 | CATEGORIES= sysutils |
8 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | | 8 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ |
9 | | | 9 | |
10 | MAINTAINER= pkgsrc-users@NetBSD.org | | 10 | MAINTAINER= pkgsrc-users@NetBSD.org |
11 | HOMEPAGE= http://xenproject.org/ | | 11 | HOMEPAGE= http://xenproject.org/ |
12 | COMMENT= Xen 4.5.x Kernel | | 12 | COMMENT= Xen 4.5.x Kernel |
13 | | | 13 | |
14 | LICENSE= gnu-gpl-v2 | | 14 | LICENSE= gnu-gpl-v2 |
15 | | | 15 | |
16 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 | | 16 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 |
17 | ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 | | 17 | ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 |
18 | | | 18 | |
19 | NO_CONFIGURE= yes | | 19 | NO_CONFIGURE= yes |
--- pkgsrc/sysutils/xenkernel45/Attic/distinfo 2015/03/10 20:08:43 1.4
+++ pkgsrc/sysutils/xenkernel45/Attic/distinfo 2015/04/29 21:11:12 1.4.2.1
| @@ -1,13 +1,15 @@ | | | @@ -1,13 +1,15 @@ |
1 | $NetBSD: distinfo,v 1.4 2015/03/10 20:08:43 spz Exp $ | | 1 | $NetBSD: distinfo,v 1.4.2.1 2015/04/29 21:11:12 tron Exp $ |
2 | | | 2 | |
3 | SHA1 (xen-4.5.0.tar.gz) = c4aab5fb366496ad1edc7fe0a935a0d604335637 | | 3 | SHA1 (xen-4.5.0.tar.gz) = c4aab5fb366496ad1edc7fe0a935a0d604335637 |
4 | RMD160 (xen-4.5.0.tar.gz) = e35ba0cb484492c1a289218eb9bf53b57dbd3a45 | | 4 | RMD160 (xen-4.5.0.tar.gz) = e35ba0cb484492c1a289218eb9bf53b57dbd3a45 |
5 | Size (xen-4.5.0.tar.gz) = 18404933 bytes | | 5 | Size (xen-4.5.0.tar.gz) = 18404933 bytes |
6 | SHA1 (patch-CVE-2015-2044) = 354fe44df0c3b464137f50e2b9de3930f3910c0d | | 6 | SHA1 (patch-CVE-2015-2044) = 354fe44df0c3b464137f50e2b9de3930f3910c0d |
7 | SHA1 (patch-CVE-2015-2045) = 98e3f8064b7c190b2ae69c7d4c8f71febf8fbf52 | | 7 | SHA1 (patch-CVE-2015-2045) = 98e3f8064b7c190b2ae69c7d4c8f71febf8fbf52 |
8 | SHA1 (patch-CVE-2015-2151) = 30344d233eade872fa7062493d754f8bccaf9d2a | | 8 | SHA1 (patch-CVE-2015-2151) = 30344d233eade872fa7062493d754f8bccaf9d2a |
| | | 9 | SHA1 (patch-CVE-2015-2752) = 390edab296a91c83197205dce7030cbdd60e0d78 |
| | | 10 | SHA1 (patch-CVE-2015-2756) = e76490b858e213d09d326b413004d29a7e177b20 |
9 | SHA1 (patch-Config.mk) = a2a104d023cea4e551a3ad40927d4884d6c610bf | | 11 | SHA1 (patch-Config.mk) = a2a104d023cea4e551a3ad40927d4884d6c610bf |
10 | SHA1 (patch-xen_Makefile) = 750d0c8d4fea14d3ef3f872de5242a1f5104cbbe | | 12 | SHA1 (patch-xen_Makefile) = 750d0c8d4fea14d3ef3f872de5242a1f5104cbbe |
11 | SHA1 (patch-xen_arch_x86_Rules.mk) = 7b0894ba7311edb02118a021671f304cf3872154 | | 13 | SHA1 (patch-xen_arch_x86_Rules.mk) = 7b0894ba7311edb02118a021671f304cf3872154 |
12 | SHA1 (patch-xen_include_asm-x86_current.h) = 8a21577be06383c0c7f53c15ba828f77fb6314ad | | 14 | SHA1 (patch-xen_include_asm-x86_current.h) = 8a21577be06383c0c7f53c15ba828f77fb6314ad |
13 | SHA1 (patch-xen_include_xen_lib.h) = b9f5dff5b4cf11333d95d9835941c6bc19b776ad | | 15 | SHA1 (patch-xen_include_xen_lib.h) = b9f5dff5b4cf11333d95d9835941c6bc19b776ad |
$NetBSD: patch-CVE-2015-2752,v 1.1.2.2 2015/04/29 21:11:12 tron Exp $
Patch for CVE-2015-2752 aka XSA-125 from
http://xenbits.xenproject.org/xsa/xsa125-4.2.patch
--- tools/libxc/xc_domain.c.orig 2015-01-12 16:53:24.000000000 +0000
+++ tools/libxc/xc_domain.c
@@ -1992,6 +1992,8 @@ int xc_domain_memory_mapping(
{
DECLARE_DOMCTL;
xc_dominfo_t info;
+ int ret = 0, err;
+ unsigned long done = 0, nr, max_batch_sz;
if ( xc_domain_getinfo(xch, domid, 1, &info) != 1 ||
info.domid != domid )
@@ -2002,14 +2004,50 @@ int xc_domain_memory_mapping(
if ( !xc_core_arch_auto_translated_physmap(&info) )
return 0;
+ if ( !nr_mfns )
+ return 0;
+
domctl.cmd = XEN_DOMCTL_memory_mapping;
domctl.domain = domid;
- domctl.u.memory_mapping.first_gfn = first_gfn;
- domctl.u.memory_mapping.first_mfn = first_mfn;
- domctl.u.memory_mapping.nr_mfns = nr_mfns;
domctl.u.memory_mapping.add_mapping = add_mapping;
+ max_batch_sz = nr_mfns;
+ do
+ {
+ nr = min(nr_mfns - done, max_batch_sz);
+ domctl.u.memory_mapping.nr_mfns = nr;
+ domctl.u.memory_mapping.first_gfn = first_gfn + done;
+ domctl.u.memory_mapping.first_mfn = first_mfn + done;
+ err = do_domctl(xch, &domctl);
+ if ( err && errno == E2BIG )
+ {
+ if ( max_batch_sz <= 1 )
+ break;
+ max_batch_sz >>= 1;
+ continue;
+ }
+ /* Save the first error... */
+ if ( !ret )
+ ret = err;
+ /* .. and ignore the rest of them when removing. */
+ if ( err && add_mapping != DPCI_REMOVE_MAPPING )
+ break;
+
+ done += nr;
+ } while ( done < nr_mfns );
+
+ /*
+ * Undo what we have done unless unmapping, by unmapping the entire region.
+ * Errors here are ignored.
+ */
+ if ( ret && add_mapping != DPCI_REMOVE_MAPPING )
+ xc_domain_memory_mapping(xch, domid, first_gfn, first_mfn, nr_mfns,
+ DPCI_REMOVE_MAPPING);
+
+ /* We might get E2BIG so many times that we never advance. */
+ if ( !done && !ret )
+ ret = -1;
- return do_domctl(xch, &domctl);
+ return ret;
}
int xc_domain_ioport_mapping(
--- xen/common/domctl.c.orig 2015-01-12 16:53:24.000000000 +0000
+++ xen/common/domctl.c
@@ -1036,6 +1036,11 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe
(gfn + nr_mfns - 1) < gfn ) /* wrap? */
break;
+ ret = -E2BIG;
+ /* Must break hypercall up as this could take a while. */
+ if ( nr_mfns > 64 )
+ break;
+
ret = -EPERM;
if ( !iomem_access_permitted(current->domain, mfn, mfn_end) ||
!iomem_access_permitted(d, mfn, mfn_end) )
--- xen/include/public/domctl.h.orig 2015-01-12 16:53:24.000000000 +0000
+++ xen/include/public/domctl.h
@@ -543,6 +543,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_domctl_bind_
/* Bind machine I/O address range -> HVM address range. */
+/* If this returns -E2BIG lower nr_mfns value. */
/* XEN_DOMCTL_memory_mapping */
#define DPCI_ADD_MAPPING 1
#define DPCI_REMOVE_MAPPING 0
$NetBSD: patch-CVE-2015-2756,v 1.1.2.2 2015/04/29 21:11:12 tron Exp $
patch for CVE-2015-2756 aka XSA-126 from
http://xenbits.xenproject.org/xsa/xsa126-qemuu.patch
and
http://xenbits.xenproject.org/xsa/xsa126-qemut.patch
--- tools/qemu-xen/hw/xen/xen_pt.c.orig 2014-12-02 10:41:02.000000000 +0000
+++ tools/qemu-xen/hw/xen/xen_pt.c
@@ -388,7 +388,7 @@ static const MemoryRegionOps ops = {
.write = xen_pt_bar_write,
};
-static int xen_pt_register_regions(XenPCIPassthroughState *s)
+static int xen_pt_register_regions(XenPCIPassthroughState *s, uint16_t *cmd)
{
int i = 0;
XenHostPCIDevice *d = &s->real_device;
@@ -406,6 +406,7 @@ static int xen_pt_register_regions(XenPC
if (r->type & XEN_HOST_PCI_REGION_TYPE_IO) {
type = PCI_BASE_ADDRESS_SPACE_IO;
+ *cmd |= PCI_COMMAND_IO;
} else {
type = PCI_BASE_ADDRESS_SPACE_MEMORY;
if (r->type & XEN_HOST_PCI_REGION_TYPE_PREFETCH) {
@@ -414,6 +415,7 @@ static int xen_pt_register_regions(XenPC
if (r->type & XEN_HOST_PCI_REGION_TYPE_MEM_64) {
type |= PCI_BASE_ADDRESS_MEM_TYPE_64;
}
+ *cmd |= PCI_COMMAND_MEMORY;
}
memory_region_init_io(&s->bar[i], OBJECT(s), &ops, &s->dev,
@@ -657,6 +659,7 @@ static int xen_pt_initfn(PCIDevice *d)
XenPCIPassthroughState *s = DO_UPCAST(XenPCIPassthroughState, dev, d);
int rc = 0;
uint8_t machine_irq = 0;
+ uint16_t cmd = 0;
int pirq = XEN_PT_UNASSIGNED_PIRQ;
/* register real device */
@@ -691,7 +694,7 @@ static int xen_pt_initfn(PCIDevice *d)
s->io_listener = xen_pt_io_listener;
/* Handle real device's MMIO/PIO BARs */
- xen_pt_register_regions(s);
+ xen_pt_register_regions(s, &cmd);
/* reinitialize each config register to be emulated */
if (xen_pt_config_init(s)) {
@@ -755,6 +758,11 @@ static int xen_pt_initfn(PCIDevice *d)
}
out:
+ if (cmd) {
+ xen_host_pci_set_word(&s->real_device, PCI_COMMAND,
+ pci_get_word(d->config + PCI_COMMAND) | cmd);
+ }
+
memory_listener_register(&s->memory_listener, &address_space_memory);
memory_listener_register(&s->io_listener, &address_space_io);
XEN_PT_LOG(d,
--- tools/qemu-xen/hw/xen/xen_pt_config_init.c.orig 2014-12-02 10:41:02.000000000 +0000
+++ tools/qemu-xen/hw/xen/xen_pt_config_init.c
@@ -286,23 +286,6 @@ static int xen_pt_irqpin_reg_init(XenPCI
}
/* Command register */
-static int xen_pt_cmd_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
- uint16_t *value, uint16_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint16_t valid_emu_mask = 0;
- uint16_t emu_mask = reg->emu_mask;
-
- if (s->is_virtfn) {
- emu_mask |= PCI_COMMAND_MEMORY;
- }
-
- /* emulate word register */
- valid_emu_mask = emu_mask & valid_mask;
- *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
static int xen_pt_cmd_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
uint16_t *val, uint16_t dev_value,
uint16_t valid_mask)
@@ -310,18 +293,13 @@ static int xen_pt_cmd_reg_write(XenPCIPa
XenPTRegInfo *reg = cfg_entry->reg;
uint16_t writable_mask = 0;
uint16_t throughable_mask = 0;
- uint16_t emu_mask = reg->emu_mask;
-
- if (s->is_virtfn) {
- emu_mask |= PCI_COMMAND_MEMORY;
- }
/* modify emulate register */
writable_mask = ~reg->ro_mask & valid_mask;
cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~emu_mask & valid_mask;
+ throughable_mask = ~reg->emu_mask & valid_mask;
if (*val & PCI_COMMAND_INTX_DISABLE) {
throughable_mask |= PCI_COMMAND_INTX_DISABLE;
@@ -605,9 +583,9 @@ static XenPTRegInfo xen_pt_emu_reg_heade
.size = 2,
.init_val = 0x0000,
.ro_mask = 0xF880,
- .emu_mask = 0x0740,
+ .emu_mask = 0x0743,
.init = xen_pt_common_reg_init,
- .u.w.read = xen_pt_cmd_reg_read,
+ .u.w.read = xen_pt_word_reg_read,
.u.w.write = xen_pt_cmd_reg_write,
},
/* Capabilities Pointer reg */
--- tools/qemu-xen-traditional/hw/pass-through.c.orig 2014-10-06 15:50:24.000000000 +0000
+++ tools/qemu-xen-traditional/hw/pass-through.c
@@ -172,9 +172,6 @@ static int pt_word_reg_read(struct pt_de
static int pt_long_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask);
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
@@ -286,9 +283,9 @@ static struct pt_reg_info_tbl pt_emu_reg
.size = 2,
.init_val = 0x0000,
.ro_mask = 0xF880,
- .emu_mask = 0x0740,
+ .emu_mask = 0x0743,
.init = pt_common_reg_init,
- .u.w.read = pt_cmd_reg_read,
+ .u.w.read = pt_word_reg_read,
.u.w.write = pt_cmd_reg_write,
.u.w.restore = pt_cmd_reg_restore,
},
@@ -1905,7 +1902,7 @@ static int pt_dev_is_virtfn(struct pci_d
return rc;
}
-static int pt_register_regions(struct pt_dev *assigned_device)
+static int pt_register_regions(struct pt_dev *assigned_device, uint16_t *cmd)
{
int i = 0;
uint32_t bar_data = 0;
@@ -1925,17 +1922,26 @@ static int pt_register_regions(struct pt
/* Register current region */
if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_IO )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_IO,
pt_ioport_map);
+ *cmd |= PCI_COMMAND_IO;
+ }
else if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_MEM_PREFETCH )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM_PREFETCH,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
else
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
PT_LOG("IO region registered (size=0x%08x base_addr=0x%08x)\n",
(uint32_t)(pci_dev->size[i]),
@@ -3263,27 +3269,6 @@ static int pt_long_reg_read(struct pt_de
return 0;
}
-/* read Command register */
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask)
-{
- struct pt_reg_info_tbl *reg = cfg_entry->reg;
- uint16_t valid_emu_mask = 0;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
-
- /* emulate word register */
- valid_emu_mask = emu_mask & valid_mask;
- *value = PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
-
/* read BAR */
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
@@ -3418,19 +3403,13 @@ static int pt_cmd_reg_write(struct pt_de
uint16_t writable_mask = 0;
uint16_t throughable_mask = 0;
uint16_t wr_value = *value;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
/* modify emulate register */
writable_mask = ~reg->ro_mask & valid_mask;
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~emu_mask & valid_mask;
+ throughable_mask = ~reg->emu_mask & valid_mask;
if (*value & PCI_COMMAND_DISABLE_INTx)
{
@@ -4211,6 +4190,7 @@ static struct pt_dev * register_real_dev
struct pt_dev *assigned_device = NULL;
struct pci_dev *pci_dev;
uint8_t e_device, e_intx;
+ uint16_t cmd = 0;
char *key, *val;
int msi_translate, power_mgmt;
@@ -4300,7 +4280,7 @@ static struct pt_dev * register_real_dev
assigned_device->dev.config[i] = pci_read_byte(pci_dev, i);
/* Handle real device's MMIO/PIO BARs */
- pt_register_regions(assigned_device);
+ pt_register_regions(assigned_device, &cmd);
/* Setup VGA bios for passthroughed gfx */
if ( setup_vga_pt(assigned_device) < 0 )
@@ -4378,6 +4358,10 @@ static struct pt_dev * register_real_dev
}
out:
+ if (cmd)
+ pci_write_word(pci_dev, PCI_COMMAND,
+ *(uint16_t *)(&assigned_device->dev.config[PCI_COMMAND]) | cmd);
+
PT_LOG("Real physical device %02x:%02x.%x registered successfuly!\n"
"IRQ type = %s\n", r_bus, r_dev, r_func,
assigned_device->msi_trans_en? "MSI-INTx":"INTx");
--- pkgsrc/sysutils/xentools41/Attic/Makefile 2014/12/27 00:27:11 1.49
+++ pkgsrc/sysutils/xentools41/Attic/Makefile 2015/04/29 21:11:13 1.49.4.1
--- pkgsrc/sysutils/xentools41/Attic/distinfo 2014/08/28 14:30:03 1.37
+++ pkgsrc/sysutils/xentools41/Attic/distinfo 2015/04/29 21:11:13 1.37.6.1
$NetBSD: patch-CVE-2015-2752,v 1.1.2.2 2015/04/29 21:11:13 tron Exp $
Patch for CVE-2015-2752 aka XSA-125 from
http://xenbits.xenproject.org/xsa/xsa125-4.2.patch
--- libxc/xc_domain.c.orig 2013-09-10 06:42:18.000000000 +0000
+++ libxc/xc_domain.c
@@ -1322,6 +1322,13 @@ int xc_domain_bind_pt_isa_irq(
PT_IRQ_TYPE_ISA, 0, 0, 0, machine_irq));
}
+#ifndef min
+#define min(X, Y) ({ \
+ const typeof (X) _x = (X); \
+ const typeof (Y) _y = (Y); \
+ (void) (&_x == &_y); \
+ (_x < _y) ? _x : _y; })
+#endif
int xc_domain_memory_mapping(
xc_interface *xch,
uint32_t domid,
@@ -1331,17 +1338,55 @@ int xc_domain_memory_mapping(
uint32_t add_mapping)
{
DECLARE_DOMCTL;
+ int ret = 0, err;
+ unsigned long done = 0, nr, max_batch_sz;
+
+ if ( !nr_mfns )
+ return 0;
domctl.cmd = XEN_DOMCTL_memory_mapping;
domctl.domain = domid;
- domctl.u.memory_mapping.first_gfn = first_gfn;
- domctl.u.memory_mapping.first_mfn = first_mfn;
- domctl.u.memory_mapping.nr_mfns = nr_mfns;
domctl.u.memory_mapping.add_mapping = add_mapping;
+ max_batch_sz = nr_mfns;
+ do
+ {
+ nr = min(nr_mfns - done, max_batch_sz);
+ domctl.u.memory_mapping.nr_mfns = nr;
+ domctl.u.memory_mapping.first_gfn = first_gfn + done;
+ domctl.u.memory_mapping.first_mfn = first_mfn + done;
+ err = do_domctl(xch, &domctl);
+ if ( err && errno == E2BIG )
+ {
+ if ( max_batch_sz <= 1 )
+ break;
+ max_batch_sz >>= 1;
+ continue;
+ }
+ /* Save the first error... */
+ if ( !ret )
+ ret = err;
+ /* .. and ignore the rest of them when removing. */
+ if ( err && add_mapping != DPCI_REMOVE_MAPPING )
+ break;
+
+ done += nr;
+ } while ( done < nr_mfns );
+
+ /*
+ * Undo what we have done unless unmapping, by unmapping the entire region.
+ * Errors here are ignored.
+ */
+ if ( ret && add_mapping != DPCI_REMOVE_MAPPING )
+ xc_domain_memory_mapping(xch, domid, first_gfn, first_mfn, nr_mfns,
+ DPCI_REMOVE_MAPPING);
+
+ /* We might get E2BIG so many times that we never advance. */
+ if ( !done && !ret )
+ ret = -1;
- return do_domctl(xch, &domctl);
+ return ret;
}
-
+#undef min
int xc_domain_ioport_mapping(
xc_interface *xch,
uint32_t domid,
$NetBSD: patch-CVE-2015-2756,v 1.1.2.2 2015/04/29 21:11:13 tron Exp $
patch for CVE-2015-2756 aka XSA-126 from
http://xenbits.xenproject.org/xsa/xsa126-qemut.patch
--- ioemu-qemu-xen/hw/pass-through.c.orig 2013-07-17 10:59:40.000000000 +0000
+++ ioemu-qemu-xen/hw/pass-through.c
@@ -171,9 +171,6 @@ static int pt_word_reg_read(struct pt_de
static int pt_long_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask);
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
@@ -277,9 +274,9 @@ static struct pt_reg_info_tbl pt_emu_reg
.size = 2,
.init_val = 0x0000,
.ro_mask = 0xF880,
- .emu_mask = 0x0740,
+ .emu_mask = 0x0743,
.init = pt_common_reg_init,
- .u.w.read = pt_cmd_reg_read,
+ .u.w.read = pt_word_reg_read,
.u.w.write = pt_cmd_reg_write,
.u.w.restore = pt_cmd_reg_restore,
},
@@ -1865,7 +1862,7 @@ static int pt_dev_is_virtfn(struct pci_d
return rc;
}
-static int pt_register_regions(struct pt_dev *assigned_device)
+static int pt_register_regions(struct pt_dev *assigned_device, uint16_t *cmd)
{
int i = 0;
uint32_t bar_data = 0;
@@ -1885,17 +1882,26 @@ static int pt_register_regions(struct pt
/* Register current region */
if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_IO )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_IO,
pt_ioport_map);
+ *cmd |= PCI_COMMAND_IO;
+ }
else if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_MEM_PREFETCH )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM_PREFETCH,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
else
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
PT_LOG("IO region registered (size=0x%08x base_addr=0x%08x)\n",
(uint32_t)(pci_dev->size[i]),
@@ -3221,27 +3227,6 @@ static int pt_long_reg_read(struct pt_de
return 0;
}
-/* read Command register */
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask)
-{
- struct pt_reg_info_tbl *reg = cfg_entry->reg;
- uint16_t valid_emu_mask = 0;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
-
- /* emulate word register */
- valid_emu_mask = emu_mask & valid_mask;
- *value = PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
-
/* read BAR */
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
@@ -3376,19 +3361,13 @@ static int pt_cmd_reg_write(struct pt_de
uint16_t writable_mask = 0;
uint16_t throughable_mask = 0;
uint16_t wr_value = *value;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
/* modify emulate register */
writable_mask = ~reg->ro_mask & valid_mask;
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~emu_mask & valid_mask;
+ throughable_mask = ~reg->emu_mask & valid_mask;
if (*value & PCI_COMMAND_DISABLE_INTx)
{
@@ -4151,6 +4130,7 @@ static struct pt_dev * register_real_dev
struct pt_dev *assigned_device = NULL;
struct pci_dev *pci_dev;
uint8_t e_device, e_intx;
+ uint16_t cmd = 0;
char *key, *val;
int msi_translate, power_mgmt;
@@ -4240,7 +4220,7 @@ static struct pt_dev * register_real_dev
assigned_device->dev.config[i] = pci_read_byte(pci_dev, i);
/* Handle real device's MMIO/PIO BARs */
- pt_register_regions(assigned_device);
+ pt_register_regions(assigned_device, &cmd);
/* Setup VGA bios for passthroughed gfx */
if ( setup_vga_pt(assigned_device) < 0 )
@@ -4318,6 +4298,10 @@ static struct pt_dev * register_real_dev
}
out:
+ if (cmd)
+ pci_write_word(pci_dev, PCI_COMMAND,
+ *(uint16_t *)(&assigned_device->dev.config[PCI_COMMAND]) | cmd);
+
PT_LOG("Real physical device %02x:%02x.%x registered successfuly!\n"
"IRQ type = %s\n", r_bus, r_dev, r_func,
assigned_device->msi_trans_en? "MSI-INTx":"INTx");
--- pkgsrc/sysutils/xentools42/Attic/Makefile 2015/03/13 09:43:41 1.26
+++ pkgsrc/sysutils/xentools42/Attic/Makefile 2015/04/29 21:11:13 1.26.2.1
--- pkgsrc/sysutils/xentools42/Attic/distinfo 2015/03/13 09:43:41 1.15
+++ pkgsrc/sysutils/xentools42/Attic/distinfo 2015/04/29 21:11:13 1.15.2.1
$NetBSD: patch-CVE-2015-2752,v 1.1.2.2 2015/04/29 21:11:13 tron Exp $
Patch for CVE-2015-2752 aka XSA-125 from
http://xenbits.xenproject.org/xsa/xsa125-4.2.patch
--- libxc/xc_domain.c.orig 2014-09-02 06:22:57.000000000 +0000
+++ libxc/xc_domain.c
@@ -1352,6 +1352,13 @@ int xc_domain_bind_pt_isa_irq(
PT_IRQ_TYPE_ISA, 0, 0, 0, machine_irq));
}
+#ifndef min
+#define min(X, Y) ({ \
+ const typeof (X) _x = (X); \
+ const typeof (Y) _y = (Y); \
+ (void) (&_x == &_y); \
+ (_x < _y) ? _x : _y; })
+#endif
int xc_domain_memory_mapping(
xc_interface *xch,
uint32_t domid,
@@ -1361,17 +1368,55 @@ int xc_domain_memory_mapping(
uint32_t add_mapping)
{
DECLARE_DOMCTL;
+ int ret = 0, err;
+ unsigned long done = 0, nr, max_batch_sz;
+
+ if ( !nr_mfns )
+ return 0;
domctl.cmd = XEN_DOMCTL_memory_mapping;
domctl.domain = domid;
- domctl.u.memory_mapping.first_gfn = first_gfn;
- domctl.u.memory_mapping.first_mfn = first_mfn;
- domctl.u.memory_mapping.nr_mfns = nr_mfns;
domctl.u.memory_mapping.add_mapping = add_mapping;
+ max_batch_sz = nr_mfns;
+ do
+ {
+ nr = min(nr_mfns - done, max_batch_sz);
+ domctl.u.memory_mapping.nr_mfns = nr;
+ domctl.u.memory_mapping.first_gfn = first_gfn + done;
+ domctl.u.memory_mapping.first_mfn = first_mfn + done;
+ err = do_domctl(xch, &domctl);
+ if ( err && errno == E2BIG )
+ {
+ if ( max_batch_sz <= 1 )
+ break;
+ max_batch_sz >>= 1;
+ continue;
+ }
+ /* Save the first error... */
+ if ( !ret )
+ ret = err;
+ /* .. and ignore the rest of them when removing. */
+ if ( err && add_mapping != DPCI_REMOVE_MAPPING )
+ break;
+
+ done += nr;
+ } while ( done < nr_mfns );
+
+ /*
+ * Undo what we have done unless unmapping, by unmapping the entire region.
+ * Errors here are ignored.
+ */
+ if ( ret && add_mapping != DPCI_REMOVE_MAPPING )
+ xc_domain_memory_mapping(xch, domid, first_gfn, first_mfn, nr_mfns,
+ DPCI_REMOVE_MAPPING);
+
+ /* We might get E2BIG so many times that we never advance. */
+ if ( !done && !ret )
+ ret = -1;
- return do_domctl(xch, &domctl);
+ return ret;
}
-
+#undef min
int xc_domain_ioport_mapping(
xc_interface *xch,
uint32_t domid,
$NetBSD: patch-CVE-2015-2756,v 1.1.2.2 2015/04/29 21:11:13 tron Exp $
patch for CVE-2015-2756 aka XSA-126 from
http://xenbits.xenproject.org/xsa/xsa126-qemut.patch
--- qemu-xen-traditional/hw/pass-through.c.orig 2014-01-09 12:44:42.000000000 +0000
+++ qemu-xen-traditional/hw/pass-through.c
@@ -172,9 +172,6 @@ static int pt_word_reg_read(struct pt_de
static int pt_long_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask);
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
@@ -286,9 +283,9 @@ static struct pt_reg_info_tbl pt_emu_reg
.size = 2,
.init_val = 0x0000,
.ro_mask = 0xF880,
- .emu_mask = 0x0740,
+ .emu_mask = 0x0743,
.init = pt_common_reg_init,
- .u.w.read = pt_cmd_reg_read,
+ .u.w.read = pt_word_reg_read,
.u.w.write = pt_cmd_reg_write,
.u.w.restore = pt_cmd_reg_restore,
},
@@ -1905,7 +1902,7 @@ static int pt_dev_is_virtfn(struct pci_d
return rc;
}
-static int pt_register_regions(struct pt_dev *assigned_device)
+static int pt_register_regions(struct pt_dev *assigned_device, uint16_t *cmd)
{
int i = 0;
uint32_t bar_data = 0;
@@ -1925,17 +1922,26 @@ static int pt_register_regions(struct pt
/* Register current region */
if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_IO )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_IO,
pt_ioport_map);
+ *cmd |= PCI_COMMAND_IO;
+ }
else if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_MEM_PREFETCH )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM_PREFETCH,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
else
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
PT_LOG("IO region registered (size=0x%08x base_addr=0x%08x)\n",
(uint32_t)(pci_dev->size[i]),
@@ -3263,27 +3269,6 @@ static int pt_long_reg_read(struct pt_de
return 0;
}
-/* read Command register */
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask)
-{
- struct pt_reg_info_tbl *reg = cfg_entry->reg;
- uint16_t valid_emu_mask = 0;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
-
- /* emulate word register */
- valid_emu_mask = emu_mask & valid_mask;
- *value = PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
-
/* read BAR */
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
@@ -3418,19 +3403,13 @@ static int pt_cmd_reg_write(struct pt_de
uint16_t writable_mask = 0;
uint16_t throughable_mask = 0;
uint16_t wr_value = *value;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
/* modify emulate register */
writable_mask = ~reg->ro_mask & valid_mask;
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~emu_mask & valid_mask;
+ throughable_mask = ~reg->emu_mask & valid_mask;
if (*value & PCI_COMMAND_DISABLE_INTx)
{
@@ -4205,6 +4184,7 @@ static struct pt_dev * register_real_dev
struct pt_dev *assigned_device = NULL;
struct pci_dev *pci_dev;
uint8_t e_device, e_intx;
+ uint16_t cmd = 0;
char *key, *val;
int msi_translate, power_mgmt;
@@ -4294,7 +4274,7 @@ static struct pt_dev * register_real_dev
assigned_device->dev.config[i] = pci_read_byte(pci_dev, i);
/* Handle real device's MMIO/PIO BARs */
- pt_register_regions(assigned_device);
+ pt_register_regions(assigned_device, &cmd);
/* Setup VGA bios for passthroughed gfx */
if ( setup_vga_pt(assigned_device) < 0 )
@@ -4372,6 +4352,10 @@ static struct pt_dev * register_real_dev
}
out:
+ if (cmd)
+ pci_write_word(pci_dev, PCI_COMMAND,
+ *(uint16_t *)(&assigned_device->dev.config[PCI_COMMAND]) | cmd);
+
PT_LOG("Real physical device %02x:%02x.%x registered successfuly!\n"
"IRQ type = %s\n", r_bus, r_dev, r_func,
assigned_device->msi_trans_en? "MSI-INTx":"INTx");
--- pkgsrc/sysutils/xentools45/Attic/Makefile 2015/03/13 10:27:48 1.5
+++ pkgsrc/sysutils/xentools45/Attic/Makefile 2015/04/29 21:11:13 1.5.2.1
--- pkgsrc/sysutils/xentools45/Attic/distinfo 2015/03/13 10:27:48 1.5
+++ pkgsrc/sysutils/xentools45/Attic/distinfo 2015/04/29 21:11:13 1.5.2.1
$NetBSD: patch-CVE-2015-2752,v 1.1.2.2 2015/04/29 21:11:13 tron Exp $
Patch for CVE-2015-2752 aka XSA-125 from
http://xenbits.xenproject.org/xsa/xsa125-4.2.patch
--- libxc/xc_domain.c.orig 2015-01-12 16:53:24.000000000 +0000
+++ libxc/xc_domain.c
@@ -1992,6 +1992,8 @@ int xc_domain_memory_mapping(
{
DECLARE_DOMCTL;
xc_dominfo_t info;
+ int ret = 0, err;
+ unsigned long done = 0, nr, max_batch_sz;
if ( xc_domain_getinfo(xch, domid, 1, &info) != 1 ||
info.domid != domid )
@@ -2002,14 +2004,50 @@ int xc_domain_memory_mapping(
if ( !xc_core_arch_auto_translated_physmap(&info) )
return 0;
+ if ( !nr_mfns )
+ return 0;
+
domctl.cmd = XEN_DOMCTL_memory_mapping;
domctl.domain = domid;
- domctl.u.memory_mapping.first_gfn = first_gfn;
- domctl.u.memory_mapping.first_mfn = first_mfn;
- domctl.u.memory_mapping.nr_mfns = nr_mfns;
domctl.u.memory_mapping.add_mapping = add_mapping;
+ max_batch_sz = nr_mfns;
+ do
+ {
+ nr = min(nr_mfns - done, max_batch_sz);
+ domctl.u.memory_mapping.nr_mfns = nr;
+ domctl.u.memory_mapping.first_gfn = first_gfn + done;
+ domctl.u.memory_mapping.first_mfn = first_mfn + done;
+ err = do_domctl(xch, &domctl);
+ if ( err && errno == E2BIG )
+ {
+ if ( max_batch_sz <= 1 )
+ break;
+ max_batch_sz >>= 1;
+ continue;
+ }
+ /* Save the first error... */
+ if ( !ret )
+ ret = err;
+ /* .. and ignore the rest of them when removing. */
+ if ( err && add_mapping != DPCI_REMOVE_MAPPING )
+ break;
+
+ done += nr;
+ } while ( done < nr_mfns );
+
+ /*
+ * Undo what we have done unless unmapping, by unmapping the entire region.
+ * Errors here are ignored.
+ */
+ if ( ret && add_mapping != DPCI_REMOVE_MAPPING )
+ xc_domain_memory_mapping(xch, domid, first_gfn, first_mfn, nr_mfns,
+ DPCI_REMOVE_MAPPING);
+
+ /* We might get E2BIG so many times that we never advance. */
+ if ( !done && !ret )
+ ret = -1;
- return do_domctl(xch, &domctl);
+ return ret;
}
int xc_domain_ioport_mapping(
$NetBSD: patch-CVE-2015-2756,v 1.1.2.2 2015/04/29 21:11:13 tron Exp $
patch for CVE-2015-2756 aka XSA-126 from
http://xenbits.xenproject.org/xsa/xsa126-qemuu.patch
and
http://xenbits.xenproject.org/xsa/xsa126-qemut.patch
--- qemu-xen/hw/xen/xen_pt.c.orig 2014-12-02 10:41:02.000000000 +0000
+++ qemu-xen/hw/xen/xen_pt.c
@@ -388,7 +388,7 @@ static const MemoryRegionOps ops = {
.write = xen_pt_bar_write,
};
-static int xen_pt_register_regions(XenPCIPassthroughState *s)
+static int xen_pt_register_regions(XenPCIPassthroughState *s, uint16_t *cmd)
{
int i = 0;
XenHostPCIDevice *d = &s->real_device;
@@ -406,6 +406,7 @@ static int xen_pt_register_regions(XenPC
if (r->type & XEN_HOST_PCI_REGION_TYPE_IO) {
type = PCI_BASE_ADDRESS_SPACE_IO;
+ *cmd |= PCI_COMMAND_IO;
} else {
type = PCI_BASE_ADDRESS_SPACE_MEMORY;
if (r->type & XEN_HOST_PCI_REGION_TYPE_PREFETCH) {
@@ -414,6 +415,7 @@ static int xen_pt_register_regions(XenPC
if (r->type & XEN_HOST_PCI_REGION_TYPE_MEM_64) {
type |= PCI_BASE_ADDRESS_MEM_TYPE_64;
}
+ *cmd |= PCI_COMMAND_MEMORY;
}
memory_region_init_io(&s->bar[i], OBJECT(s), &ops, &s->dev,
@@ -657,6 +659,7 @@ static int xen_pt_initfn(PCIDevice *d)
XenPCIPassthroughState *s = DO_UPCAST(XenPCIPassthroughState, dev, d);
int rc = 0;
uint8_t machine_irq = 0;
+ uint16_t cmd = 0;
int pirq = XEN_PT_UNASSIGNED_PIRQ;
/* register real device */
@@ -691,7 +694,7 @@ static int xen_pt_initfn(PCIDevice *d)
s->io_listener = xen_pt_io_listener;
/* Handle real device's MMIO/PIO BARs */
- xen_pt_register_regions(s);
+ xen_pt_register_regions(s, &cmd);
/* reinitialize each config register to be emulated */
if (xen_pt_config_init(s)) {
@@ -755,6 +758,11 @@ static int xen_pt_initfn(PCIDevice *d)
}
out:
+ if (cmd) {
+ xen_host_pci_set_word(&s->real_device, PCI_COMMAND,
+ pci_get_word(d->config + PCI_COMMAND) | cmd);
+ }
+
memory_listener_register(&s->memory_listener, &address_space_memory);
memory_listener_register(&s->io_listener, &address_space_io);
XEN_PT_LOG(d,
--- qemu-xen/hw/xen/xen_pt_config_init.c.orig 2014-12-02 10:41:02.000000000 +0000
+++ qemu-xen/hw/xen/xen_pt_config_init.c
@@ -286,23 +286,6 @@ static int xen_pt_irqpin_reg_init(XenPCI
}
/* Command register */
-static int xen_pt_cmd_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
- uint16_t *value, uint16_t valid_mask)
-{
- XenPTRegInfo *reg = cfg_entry->reg;
- uint16_t valid_emu_mask = 0;
- uint16_t emu_mask = reg->emu_mask;
-
- if (s->is_virtfn) {
- emu_mask |= PCI_COMMAND_MEMORY;
- }
-
- /* emulate word register */
- valid_emu_mask = emu_mask & valid_mask;
- *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
static int xen_pt_cmd_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
uint16_t *val, uint16_t dev_value,
uint16_t valid_mask)
@@ -310,18 +293,13 @@ static int xen_pt_cmd_reg_write(XenPCIPa
XenPTRegInfo *reg = cfg_entry->reg;
uint16_t writable_mask = 0;
uint16_t throughable_mask = 0;
- uint16_t emu_mask = reg->emu_mask;
-
- if (s->is_virtfn) {
- emu_mask |= PCI_COMMAND_MEMORY;
- }
/* modify emulate register */
writable_mask = ~reg->ro_mask & valid_mask;
cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~emu_mask & valid_mask;
+ throughable_mask = ~reg->emu_mask & valid_mask;
if (*val & PCI_COMMAND_INTX_DISABLE) {
throughable_mask |= PCI_COMMAND_INTX_DISABLE;
@@ -605,9 +583,9 @@ static XenPTRegInfo xen_pt_emu_reg_heade
.size = 2,
.init_val = 0x0000,
.ro_mask = 0xF880,
- .emu_mask = 0x0740,
+ .emu_mask = 0x0743,
.init = xen_pt_common_reg_init,
- .u.w.read = xen_pt_cmd_reg_read,
+ .u.w.read = xen_pt_word_reg_read,
.u.w.write = xen_pt_cmd_reg_write,
},
/* Capabilities Pointer reg */
--- qemu-xen-traditional/hw/pass-through.c.orig 2014-10-06 15:50:24.000000000 +0000
+++ qemu-xen-traditional/hw/pass-through.c
@@ -172,9 +172,6 @@ static int pt_word_reg_read(struct pt_de
static int pt_long_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask);
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
uint32_t *value, uint32_t valid_mask);
@@ -286,9 +283,9 @@ static struct pt_reg_info_tbl pt_emu_reg
.size = 2,
.init_val = 0x0000,
.ro_mask = 0xF880,
- .emu_mask = 0x0740,
+ .emu_mask = 0x0743,
.init = pt_common_reg_init,
- .u.w.read = pt_cmd_reg_read,
+ .u.w.read = pt_word_reg_read,
.u.w.write = pt_cmd_reg_write,
.u.w.restore = pt_cmd_reg_restore,
},
@@ -1905,7 +1902,7 @@ static int pt_dev_is_virtfn(struct pci_d
return rc;
}
-static int pt_register_regions(struct pt_dev *assigned_device)
+static int pt_register_regions(struct pt_dev *assigned_device, uint16_t *cmd)
{
int i = 0;
uint32_t bar_data = 0;
@@ -1925,17 +1922,26 @@ static int pt_register_regions(struct pt
/* Register current region */
if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_IO )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_IO,
pt_ioport_map);
+ *cmd |= PCI_COMMAND_IO;
+ }
else if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_MEM_PREFETCH )
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM_PREFETCH,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
else
+ {
pci_register_io_region((PCIDevice *)assigned_device, i,
(uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM,
pt_iomem_map);
+ *cmd |= PCI_COMMAND_MEMORY;
+ }
PT_LOG("IO region registered (size=0x%08x base_addr=0x%08x)\n",
(uint32_t)(pci_dev->size[i]),
@@ -3263,27 +3269,6 @@ static int pt_long_reg_read(struct pt_de
return 0;
}
-/* read Command register */
-static int pt_cmd_reg_read(struct pt_dev *ptdev,
- struct pt_reg_tbl *cfg_entry,
- uint16_t *value, uint16_t valid_mask)
-{
- struct pt_reg_info_tbl *reg = cfg_entry->reg;
- uint16_t valid_emu_mask = 0;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
-
- /* emulate word register */
- valid_emu_mask = emu_mask & valid_mask;
- *value = PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
-
- return 0;
-}
-
/* read BAR */
static int pt_bar_reg_read(struct pt_dev *ptdev,
struct pt_reg_tbl *cfg_entry,
@@ -3418,19 +3403,13 @@ static int pt_cmd_reg_write(struct pt_de
uint16_t writable_mask = 0;
uint16_t throughable_mask = 0;
uint16_t wr_value = *value;
- uint16_t emu_mask = reg->emu_mask;
-
- if ( ptdev->is_virtfn )
- emu_mask |= PCI_COMMAND_MEMORY;
- if ( pt_is_iomul(ptdev) )
- emu_mask |= PCI_COMMAND_IO;
/* modify emulate register */
writable_mask = ~reg->ro_mask & valid_mask;
cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
/* create value for writing to I/O device register */
- throughable_mask = ~emu_mask & valid_mask;
+ throughable_mask = ~reg->emu_mask & valid_mask;
if (*value & PCI_COMMAND_DISABLE_INTx)
{
@@ -4211,6 +4190,7 @@ static struct pt_dev * register_real_dev
struct pt_dev *assigned_device = NULL;
struct pci_dev *pci_dev;
uint8_t e_device, e_intx;
+ uint16_t cmd = 0;
char *key, *val;
int msi_translate, power_mgmt;
@@ -4300,7 +4280,7 @@ static struct pt_dev * register_real_dev
assigned_device->dev.config[i] = pci_read_byte(pci_dev, i);
/* Handle real device's MMIO/PIO BARs */
- pt_register_regions(assigned_device);
+ pt_register_regions(assigned_device, &cmd);
/* Setup VGA bios for passthroughed gfx */
if ( setup_vga_pt(assigned_device) < 0 )
@@ -4378,6 +4358,10 @@ static struct pt_dev * register_real_dev
}
out:
+ if (cmd)
+ pci_write_word(pci_dev, PCI_COMMAND,
+ *(uint16_t *)(&assigned_device->dev.config[PCI_COMMAND]) | cmd);
+
PT_LOG("Real physical device %02x:%02x.%x registered successfuly!\n"
"IRQ type = %s\n", r_bus, r_dev, r_func,
assigned_device->msi_trans_en? "MSI-INTx":"INTx");