 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.11 2020/12/16 17:15:22 bouyer Exp $
+# $NetBSD: Makefile,v 1.12 2021/02/03 22:27:16 bouyer Exp $
 VERSION=	4.13.2
-PKGREVISION=	4
+PKGREVISION=	5
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel413-${VERSION}
 CATEGORIES=	sysutils
 MASTER_SITES=	https://downloads.xenproject.org/release/xen/${VERSION}/
 DIST_SUBDIR=	xen413
 MAINTAINER=	bouyer@NetBSD.org
 HOMEPAGE=	https://xenproject.org/
 COMMENT=	Xen 4.13.x Kernel
 LICENSE=	gnu-gpl-v2
 ONLY_FOR_PLATFORM=	NetBSD-*.*-x86_64

 @@ -1,19 +1,21 @@
-$NetBSD: distinfo,v 1.8 2020/12/16 17:15:22 bouyer Exp $
+$NetBSD: distinfo,v 1.9 2021/02/03 22:27:16 bouyer Exp $
 SHA1 (xen413/xen-4.13.2.tar.gz) = d514f1de9582c58676420bb2c9fb1c765b44fbff
 RMD160 (xen413/xen-4.13.2.tar.gz) = 96727c20bd84338f8c67c7c584c01ef877bbcb18
 SHA512 (xen413/xen-4.13.2.tar.gz) = cd3092281c97e9421e303aa288aac04dcccd5536ba7c0ff4d51fbf3d07b5ffacfe3456ba06f5cf63577dafbf8cf3a5d9825ceb5e9ef8ca1427900cc3e57b50a3
 Size (xen413/xen-4.13.2.tar.gz) = 39037826 bytes
 SHA1 (patch-Config.mk) = 9372a09efd05c9fbdbc06f8121e411fcb7c7ba65
 SHA1 (patch-XSA348) = 70de325f88e004228d2b69b7ae3b4106175be1e0
 SHA1 (patch-XSA351) = edb0975ab0aa53d7a0ae7816fe170a081eea695e
 SHA1 (patch-XSA355) = 73ca5dff042a4a54b06af36e6ace7d09673c05f0
 SHA1 (patch-XSA358) = 71d5b2e3d19223b986b8572adfbe7355a3a03db6
 SHA1 (patch-XSA359) = 4b778a86fffbe0e2a364e1589d573bbc7c27ff99
 SHA1 (patch-XSA360) = c1aa4bdade4d3318bc2dffa83e359f66997b11df
 SHA1 (patch-fixpvh) = fd71e150e0b3a461875c02c4419dbfb30548d8f6
 SHA1 (patch-xen_Makefile) = 465388d80de414ca3bb84faefa0f52d817e423a6
 SHA1 (patch-xen_Rules.mk) = c743dc63f51fc280d529a7d9e08650292c171dac
 SHA1 (patch-xen_arch_x86_Rules.mk) = 0bedfc53a128a87b6a249ae04fbdf6a053bfb70b
 SHA1 (patch-xen_arch_x86_boot_build32.mk) = b82c20de9b86ddaa9d05bbc1ff28f970eb78473c
 SHA1 (patch-xen_arch_x86_mm_p2m.c) = 6e9b84dc8448eca9677f184e720bbfcb3c6d314e
 SHA1 (patch-xen_drivers_passthrough_x86_iommu.c) = 76dd564d5740df587b5ebe4a593dac82ab18edac
 SHA1 (patch-xen_tools_symbols.c) = 6070b3b5ccc38a196283cfc1c52f5d87858beb18

$NetBSD: patch-XSA355,v 1.1 2021/02/03 22:27:16 bouyer Exp $ From: Jan Beulich <jbeulich@suse.com> Subject: memory: fix off-by-one in XSA-346 change The comparison against ARRAY_SIZE() needs to be >= in order to avoid overrunning the pages[] array. This is XSA-355. Fixes: 5777a3742d88 ("IOMMU: hold page ref until after deferred TLB flush") Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Julien Grall <jgrall@amazon.com> --- xen/common/memory.c.orig +++ xen/common/memory.c @@ -854,7 +854,7 @@ int xenmem_add_to_physmap(struct domain ++extra.ppage; /* Check for continuation if it's not the last iteration. */ - if ( (++done > ARRAY_SIZE(pages) && extra.ppage) || + if ( (++done >= ARRAY_SIZE(pages) && extra.ppage) || (xatp->size > done && hypercall_preempt_check()) ) { rc = start + done;

$NetBSD: patch-XSA360,v 1.1 2021/02/03 22:27:16 bouyer Exp $ From: Roger Pau Monne <roger.pau@citrix.com> Subject: x86/dpci: do not remove pirqs from domain tree on unbind A fix for a previous issue removed the pirqs from the domain tree when they are unbound in order to prevent shared pirqs from triggering a BUG_ON in __pirq_guest_unbind if they are unbound multiple times. That caused free_domain_pirqs to no longer unmap the pirqs because they are gone from the domain pirq tree, thus leaving stale unbound pirqs after domain destruction if the domain had mapped dpci pirqs after shutdown. Take a different approach to fix the original issue, instead of removing the pirq from d->pirq_tree clear the flags of the dpci pirq struct to signal that the pirq is now unbound. This prevents calling pirq_guest_unbind multiple times for the same pirq without having to remove it from the domain pirq tree. This is XSA-360. Fixes: 5b58dad089 ('x86/pass-through: avoid double IRQ unbind during domain cleanup') Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> --- xen/arch/x86/irq.c.orig +++ xen/arch/x86/irq.c @@ -1331,7 +1331,7 @@ void (pirq_cleanup_check)(struct pirq *p } if ( radix_tree_delete(&d->pirq_tree, pirq->pirq) != pirq ) - BUG_ON(!d->is_dying); + BUG(); } /* Flush all ready EOIs from the top of this CPU's pending-EOI stack. */ --- xen/drivers/passthrough/pci.c.orig +++ xen/drivers/passthrough/pci.c @@ -862,6 +862,10 @@ static int pci_clean_dpci_irq(struct dom { struct dev_intx_gsi_link *digl, *tmp; + if ( !pirq_dpci->flags ) + /* Already processed. */ + return 0; + pirq_guest_unbind(d, dpci_pirq(pirq_dpci)); if ( pt_irq_need_timer(pirq_dpci->flags) ) @@ -872,15 +876,10 @@ static int pci_clean_dpci_irq(struct dom list_del(&digl->list); xfree(digl); } + /* Note the pirq is now unbound. */ + pirq_dpci->flags = 0; - radix_tree_delete(&d->pirq_tree, dpci_pirq(pirq_dpci)->pirq); - - if ( !pt_pirq_softirq_active(pirq_dpci) ) - return 0; - - domain_get_irq_dpci(d)->pending_pirq_dpci = pirq_dpci; - - return -ERESTART; + return pt_pirq_softirq_active(pirq_dpci) ? -ERESTART : 0; } static int pci_clean_dpci_irqs(struct domain *d) @@ -897,18 +896,8 @@ static int pci_clean_dpci_irqs(struct do hvm_irq_dpci = domain_get_irq_dpci(d); if ( hvm_irq_dpci != NULL ) { - int ret = 0; - - if ( hvm_irq_dpci->pending_pirq_dpci ) - { - if ( pt_pirq_softirq_active(hvm_irq_dpci->pending_pirq_dpci) ) - ret = -ERESTART; - else - hvm_irq_dpci->pending_pirq_dpci = NULL; - } + int ret = pt_pirq_iterate(d, pci_clean_dpci_irq, NULL); - if ( !ret ) - ret = pt_pirq_iterate(d, pci_clean_dpci_irq, NULL); if ( ret ) { spin_unlock(&d->event_lock); --- xen/include/asm-x86/hvm/irq.h.orig +++ xen/include/asm-x86/hvm/irq.h @@ -160,8 +160,6 @@ struct hvm_irq_dpci { DECLARE_BITMAP(isairq_map, NR_ISAIRQS); /* Record of mapped Links */ uint8_t link_cnt[NR_LINK]; - /* Clean up: Entry with a softirq invocation pending / in progress. */ - struct hvm_pirq_dpci *pending_pirq_dpci; }; /* Machine IRQ to guest device/intx mapping. */