Update to 4.11.4nb1 Keep PKGREVISION at 1 to reflect that it's not a stock Xen 4.11.4 kernel, we have additinnal security fixes (all relevant patches from upstream to date). Changes: mosly bug fixes and improvements; better support for newer AMD CPUs. full changelog at https://xenproject.org/downloads/xen-project-archives/xen-proj ect-4-11-series/xen-project-4-11-4/diff -r1.14 -r1.15 pkgsrc/sysutils/xenkernel411/Makefile
(bouyer)
| @@ -1,17 +1,18 @@ | @@ -1,17 +1,18 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.14 2020/07/16 09:57:17 bouyer Exp $ | 1 | # $NetBSD: Makefile,v 1.15 2020/08/24 10:35:35 bouyer Exp $ | |
| 2 | 2 | |||
| 3 | VERSION= 4.11.3 | 3 | VERSION= 4.11.4 | |
| 4 | PKGREVISION= 3 | 4 | #keep >= 1 if we have security patches | |
| 5 | PKGREVISION= 1 | |||
| 5 | DISTNAME= xen-${VERSION} | 6 | DISTNAME= xen-${VERSION} | |
| 6 | PKGNAME= xenkernel411-${VERSION} | 7 | PKGNAME= xenkernel411-${VERSION} | |
| 7 | CATEGORIES= sysutils | 8 | CATEGORIES= sysutils | |
| 8 | MASTER_SITES= https://downloads.xenproject.org/release/xen/${VERSION}/ | 9 | MASTER_SITES= https://downloads.xenproject.org/release/xen/${VERSION}/ | |
| 9 | DIST_SUBDIR= xen411 | 10 | DIST_SUBDIR= xen411 | |
| 10 | 11 | |||
| 11 | MAINTAINER= bouyer@NetBSD.org | 12 | MAINTAINER= bouyer@NetBSD.org | |
| 12 | HOMEPAGE= https://xenproject.org/ | 13 | HOMEPAGE= https://xenproject.org/ | |
| 13 | COMMENT= Xen 4.11.x Kernel | 14 | COMMENT= Xen 4.11.x Kernel | |
| 14 | 15 | |||
| 15 | LICENSE= gnu-gpl-v2 | 16 | LICENSE= gnu-gpl-v2 | |
| 16 | 17 | |||
| 17 | ONLY_FOR_PLATFORM= Linux-2.6*-x86_64 | 18 | ONLY_FOR_PLATFORM= Linux-2.6*-x86_64 |
| @@ -1,26 +1,18 @@ | @@ -1,26 +1,18 @@ | |||
| 1 | $NetBSD: distinfo,v 1.12 2020/07/16 09:57:17 bouyer Exp $ | 1 | $NetBSD: distinfo,v 1.13 2020/08/24 10:35:35 bouyer Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (xen411/xen-4.11.3.tar.gz) = 2d77152168d6f9dcea50db9cb8e3e6a0720a4a1b | 3 | SHA1 (xen411/xen-4.11.4.tar.gz) = 6c8cdf441621c14dc5345196b48df6982c060c4f | |
| 4 | RMD160 (xen411/xen-4.11.3.tar.gz) = cfb2e699842867b60d25a01963c564a6c5e580da | 4 | RMD160 (xen411/xen-4.11.4.tar.gz) = 49819fcd1de3985d4dea370be962548c862f2933 | |
| 5 | SHA512 (xen411/xen-4.11.3.tar.gz) = 2204e490e9fc357a05983a9bf4e7345e1d364fe00400ce473988dcb9ca7d4e2b921fe10f095cbbc64248130a92d22c6f0d154dcae250a57a7f915df32e3dc436 | 5 | SHA512 (xen411/xen-4.11.4.tar.gz) = 8383f0b369fa08c8ecfdd68f902a2aaad140146a183131c50c020fe04c2f1e829c219b9bd9923fa8f1c180e1e7c6e73d0d68b7015fc39fd3b7f59e55c680cedb | |
| 6 | Size (xen411/xen-4.11.3.tar.gz) = 25180826 bytes | 6 | Size (xen411/xen-4.11.4.tar.gz) = 25184564 bytes | |
| 7 | SHA1 (patch-Config.mk) = 9372a09efd05c9fbdbc06f8121e411fcb7c7ba65 | 7 | SHA1 (patch-Config.mk) = 9372a09efd05c9fbdbc06f8121e411fcb7c7ba65 | |
| 8 | SHA1 (patch-XSA307) = afd88b8294b0dbbc32e1d1aa74eb887d2da6695a | |||
| 9 | SHA1 (patch-XSA308) = bda9ef732e0b6578ce8f7f0f7aa0a4189da41e86 | |||
| 10 | SHA1 (patch-XSA309) = 78cf7306e9d1efcbf2ebf425025d46948ae83019 | |||
| 11 | SHA1 (patch-XSA310) = 77b711f4b75de1d473a6988eb6f2b48e37cc353a | |||
| 12 | SHA1 (patch-XSA311) = 4d3e6cc39c2b95cb3339961271df2bc885667927 | |||
| 13 | SHA1 (patch-XSA313) = b2f281d6aed1207727cd454dcb5e914c7f6fb44b | |||
| 14 | SHA1 (patch-XSA316) = 9cce683315e4c1ca6d53b578e69ae71e1db2b3eb | |||
| 15 | SHA1 (patch-XSA317) = 3a3e7bf8f115bebaf56001afcf68c2bd501c00a5 | 8 | SHA1 (patch-XSA317) = 3a3e7bf8f115bebaf56001afcf68c2bd501c00a5 | |
| 16 | SHA1 (patch-XSA318) = d0dcbb99ab584098aed7995a7a05d5bf4ac28d47 | |||
| 17 | SHA1 (patch-XSA319) = 4954bdc849666e1c735c3281256e4850c0594ee8 | 9 | SHA1 (patch-XSA319) = 4954bdc849666e1c735c3281256e4850c0594ee8 | |
| 18 | SHA1 (patch-XSA320) = 38d84a2ded4ccacee455ba64eb3b369e5661fbfd | 10 | SHA1 (patch-XSA320) = 38d84a2ded4ccacee455ba64eb3b369e5661fbfd | |
| 19 | SHA1 (patch-XSA321) = 5281304282a26ee252344ec26b07d25ac4ce8b54 | 11 | SHA1 (patch-XSA321) = 1f15b2e3c0f7f2d7335879d3a83c1557ac9de806 | |
| 20 | SHA1 (patch-XSA328) = a9b02c183a5dbfb6c0fe50824f18896fcab4a9e9 | 12 | SHA1 (patch-XSA328) = a9b02c183a5dbfb6c0fe50824f18896fcab4a9e9 | |
| 21 | SHA1 (patch-xen_Makefile) = 465388d80de414ca3bb84faefa0f52d817e423a6 | 13 | SHA1 (patch-xen_Makefile) = 465388d80de414ca3bb84faefa0f52d817e423a6 | |
| 22 | SHA1 (patch-xen_Rules.mk) = c743dc63f51fc280d529a7d9e08650292c171dac | 14 | SHA1 (patch-xen_Rules.mk) = c743dc63f51fc280d529a7d9e08650292c171dac | |
| 23 | SHA1 (patch-xen_arch_x86_Rules.mk) = 0bedfc53a128a87b6a249ae04fbdf6a053bfb70b | 15 | SHA1 (patch-xen_arch_x86_Rules.mk) = 0bedfc53a128a87b6a249ae04fbdf6a053bfb70b | |
| 24 | SHA1 (patch-xen_arch_x86_boot_build32.mk) = b82c20de9b86ddaa9d05bbc1ff28f970eb78473c | 16 | SHA1 (patch-xen_arch_x86_boot_build32.mk) = b82c20de9b86ddaa9d05bbc1ff28f970eb78473c | |
| 25 | SHA1 (patch-xen_tools_symbols.c) = 6070b3b5ccc38a196283cfc1c52f5d87858beb18 | 17 | SHA1 (patch-xen_tools_symbols.c) = 6070b3b5ccc38a196283cfc1c52f5d87858beb18 | |
| 26 | SHA1 (patch-zz-bouyer) = bf11b2b81d5c81992c911f670e75dd3aec5ab609 | 18 | SHA1 (patch-zz-bouyer) = bf11b2b81d5c81992c911f670e75dd3aec5ab609 |
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | $NetBSD: patch-XSA321,v 1.1 2020/07/16 09:57:17 bouyer Exp $ | 1 | $NetBSD: patch-XSA321,v 1.2 2020/08/24 10:35:35 bouyer Exp $ | |
| 2 | 2 | |||
| 3 | From: Jan Beulich <jbeulich@suse.com> | 3 | From: Jan Beulich <jbeulich@suse.com> | |
| 4 | Subject: vtd: improve IOMMU TLB flush | 4 | Subject: vtd: improve IOMMU TLB flush | |
| 5 | 5 | |||
| 6 | Do not limit PSI flushes to order 0 pages, in order to avoid doing a | 6 | Do not limit PSI flushes to order 0 pages, in order to avoid doing a | |
| 7 | full TLB flush if the passed in page has an order greater than 0 and | 7 | full TLB flush if the passed in page has an order greater than 0 and | |
| 8 | is aligned. Should increase the performance of IOMMU TLB flushes when | 8 | is aligned. Should increase the performance of IOMMU TLB flushes when | |
| 9 | dealing with page orders greater than 0. | 9 | dealing with page orders greater than 0. | |
| 10 | 10 | |||
| 11 | This is part of XSA-321. | 11 | This is part of XSA-321. | |
| 12 | 12 | |||
| 13 | Signed-off-by: Jan Beulich <jbeulich@suse.com> | 13 | Signed-off-by: Jan Beulich <jbeulich@suse.com> | |
| 14 | 14 | |||
@@ -187,26 +187,35 @@ Reviewed-by: Jan Beulich | | @@ -187,26 +187,35 @@ Reviewed-by: Jan Beulich | | ||
| 187 | + iommu_sync_cache(pte, sizeof(struct dma_pte)); | 187 | + iommu_sync_cache(pte, sizeof(struct dma_pte)); | |
| 188 | spin_unlock(&hd->arch.mapping_lock); | 188 | spin_unlock(&hd->arch.mapping_lock); | |
| 189 | unmap_vtd_domain_page(page); | 189 | unmap_vtd_domain_page(page); | |
| 190 | 190 | |||
| 191 | @@ -1862,7 +1853,7 @@ int iommu_pte_flush(struct domain *d, u6 | 191 | @@ -1862,7 +1853,7 @@ int iommu_pte_flush(struct domain *d, u6 | |
| 192 | int iommu_domid; | 192 | int iommu_domid; | |
| 193 | int rc = 0; | 193 | int rc = 0; | |
| 194 | 194 | |||
| 195 | - iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); | 195 | - iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); | |
| 196 | + iommu_sync_cache(pte, sizeof(struct dma_pte)); | 196 | + iommu_sync_cache(pte, sizeof(struct dma_pte)); | |
| 197 | 197 | |||
| 198 | for_each_drhd_unit ( drhd ) | 198 | for_each_drhd_unit ( drhd ) | |
| 199 | { | 199 | { | |
| 200 | @@ -2725,7 +2716,7 @@ static int __init intel_iommu_quarantine | |||
| 201 | dma_set_pte_addr(*pte, maddr); | |||
| 202 | dma_set_pte_readable(*pte); | |||
| 203 | } | |||
| 204 | - iommu_flush_cache_page(parent, 1); | |||
| 205 | + iommu_sync_cache(parent, PAGE_SIZE); | |||
| 206 | ||||
| 207 | unmap_vtd_domain_page(parent); | |||
| 208 | parent = map_vtd_domain_page(maddr); | |||
| 200 | From: <security@xenproject.org> | 209 | From: <security@xenproject.org> | |
| 201 | Subject: x86/iommu: introduce a cache sync hook | 210 | Subject: x86/iommu: introduce a cache sync hook | |
| 202 | 211 | |||
| 203 | The hook is only implemented for VT-d and it uses the already existing | 212 | The hook is only implemented for VT-d and it uses the already existing | |
| 204 | iommu_sync_cache function present in VT-d code. The new hook is | 213 | iommu_sync_cache function present in VT-d code. The new hook is | |
| 205 | added so that the cache can be flushed by code outside of VT-d when | 214 | added so that the cache can be flushed by code outside of VT-d when | |
| 206 | using shared page tables. | 215 | using shared page tables. | |
| 207 | 216 | |||
| 208 | Note that alloc_pgtable_maddr must use the now locally defined | 217 | Note that alloc_pgtable_maddr must use the now locally defined | |
| 209 | sync_cache function, because IOMMU ops are not yet setup the first | 218 | sync_cache function, because IOMMU ops are not yet setup the first | |
| 210 | time the function gets called during IOMMU initialization. | 219 | time the function gets called during IOMMU initialization. | |
| 211 | 220 | |||
| 212 | No functional change intended. | 221 | No functional change intended. |