25c9c87cce
Drop upstreamed patch, otherwise, no other changes.
Bumping xen to version RELEASE-4.18.0-71-g4da8ca9cb9, which comprises the following commits:
4da8ca9cb9 x86: protect conditional lock taking from speculative execution
e107a8ece7 x86/mm: add speculation barriers to open coded locks
9de8a52b0e locking: attempt to ensure lock wrappers are always inline
5a13c81542 percpu-rwlock: introduce support for blocking speculation into critical regions
e7f0f11c88 rwlock: introduce support for blocking speculation into critical regions
1932973ac9 x86/spinlock: introduce support for blocking speculation into critical regions
bdda600406 xen: Swap order of actions in the FREE*() macros
908cbd1893 x86/spec-ctrl: Mitigation Register File Data Sampling
fb85a8fc91 x86/spec-ctrl: VERW-handling adjustments
b7205fc1cb x86/spec-ctrl: Rename VERW related options
95dd34fdbe x86/spec-ctrl: Perform VERW flushing later in exit paths
9f89ec65fb x86/vmx: Perform VERW flushing later in the VMExit path
b91c253e81 x86: Resync intel-family.h from Linux
fe1869a569 x86/entry: Introduce EFRAME_* constants
a96d2d4355 x86/mm: fix detection of last L1 entry in modify_xen_mappings_lite()
4c84fa6cb6 hvmloader/PCI: skip huge BARs in certain calculations
fd7cb7a1d0 x86/cpu-policy: Allow for levelling of VERW side effects
75221fb0f8 x86/altcall: always use a temporary parameter stashing variable
267845a838 libxl: Fix segfault in device_model_spawn_outcome
e9516b73e7 xen/livepatch: properly build the noapply and norevert tests
d81bfc7ff8 xen/livepatch: fix norevert test attempt to open-code revert
50a8f74df7 xen/livepatch: search for symbols in all loaded payloads
5382a6a79c xen/livepatch: register livepatch regions when loaded
7404c25efd x86/spec: do not print thunk option selection if not built-in
09b9db0413 x86/spec: fix INDIRECT_THUNK option to only be set when build-enabled
b7f9168878 x86/spec: print the built-in SPECULATIVE_HARDEN_* options
57f1370536 xen/sched: Fix UB shift in compat_set_timer_op()
3e383bb413 x86/HVM: hide SVM/VMX when their enabling is prohibited by firmware
498b3624d0 xen/arm: Fix UBSAN failure in start_xen()
58bb811510 x86: account for shadow stack in exception-from-stub recovery
4d47dca20d x86/spec: fix BRANCH_HARDEN option to only be set when build-enabled
19fd9ff998 x86/altcall: use a union as register type for function parameters on clang
f6e5ab5fa7 xen/cmdline: fix printf format specifier in no_config_param()
33a0368d3b xen/livepatch: fix norevert test hook setup typo
a751d1321f x86emul: add missing EVEX.R' checks
5fda826414 build: make sure build fails when running kconfig fails
489c2b9ba1 libxl: Disable relocating memory for qemu-xen in stubdomain too
006764b871 build: Replace `which` with `command -v`
59e6ad6597 x86/HVM: tidy state on hvmemul_map_linear_addr()'s error path
b51fd78aed x86/hvm: Fix fast singlestep state persistence
16475909ba block-common: Fix same_vm for no targets
fa9950a527 amd-vi: fix IVMD memory type checks
184d723e7a tools/xentop: fix sorting bug for some columns
b1fdd7d0e4 x86/ucode: Fix stability of the raw CPU Policy rescan
295ab8060d x86/p2m-pt: fix off by one in entry check assert
579a622eb4 lib{fdt,elf}: move lib{fdt,elf}-temp.o and their deps to $(targets)
00550e808c x86/vmx: Disallow the use of inactivity states
4cc0f88c42 x86/vmx: Fix IRQ handling for EXIT_REASON_INIT
6ccf064b0c x86/intel: ensure Global Performance Counter Control is setup correctly
b26c30a408 CirrusCI: drop FreeBSD 12
62b3d7f8e4 x86/amd: Extend CPU erratum #1474 fix to more affected models
c7ac596a57 VT-d: Fix "else" vs "#endif" misplacement
637da04812 pci: fail device assignment if phantom functions cannot be assigned
1792d1723b x86/x2apic: introduce a mixed physical/cluster mode
a4f3f5a62c xen/arm: page: Avoid pointer overflow on cache clean & invalidate
48eb9e9199 xen/sched: fix sched_move_domain()
a56d598e13 Only compile the hypervisor with -Wdeclaration-after-statement
25b7f9ed0f xen/domain: fix error path in domain_create()
5ac87c8afd xen/sched: fix adding offline cpu to cpupool
18f900b77b x86emul: avoid triggering event related assertions
3af9d1cbb6 tools/xg: Fix potential memory leak in cpu policy getters/setters
61d032e322 xen/x86: In x2APIC mode, derive LDR from APIC ID
480168fcb3 livepatch: do not use .livepatch.funcs section to store internal state
90a6d82175 x86/mem_sharing: Release domain if we are not able to enable memory sharing
3f9390fea5 xen/sched: fix sched_move_domain()
40bfa9dd57 x86/spec-ctrl: Add SRSO whitepaper URL
fcb1016bbd x86/i8259: do not assume interrupts always target CPU0
9e8edd4c75 x86/x2apic: remove usage of ACPI_FADT_APIC_CLUSTER
880e06fdea x86/pv-shim: fix grant table operations for 32-bit guests
52be29df79 x86/mem_sharing: add missing m2p entry when mapping shared_info page
02f8d0adfb update Xen version to 4.18.1-pre
d75f1e9b74 SUPPORT.md: Update release notes URL
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|---|---|---|
| .. | ||
| files | ||
| README | ||
| xen_4.17.bb | ||
| xen_4.18.bb | ||
| xen_git.bb | ||
| xen-arch.inc | ||
| xen-blktap.inc | ||
| xen-hypervisor.inc | ||
| xen-tools_4.17.bb | ||
| xen-tools_4.18.bb | ||
| xen-tools_git.bb | ||
| xen-tools.inc | ||
| xen.inc | ||
| xtf_git.bb | ||
Xen
For any issues with the Xen recipes please make sure you CC: christopher.w.clark@gmail.com cardoe@gentoo.org
configuring the hypervisor
Since 4.7.0 Xen supports using Kconfig to configure the hypervisor. Similarly to how the recipe for busybox works, you can provide a .config as a defconfig to override the default configuration of the hypervisor. The easiest way for you to take advantage of this is to create a .config for Xen and then copy it to your Yocto layer as 'defconfig' inside of 'recipes-extended/xen/files/' and then create a bbappend adding 'file://defconfig' to your SRC_URI.
To generate your own .config file for Xen, you can use the interactive menuconfig via bitbake:
bitbake xen -c menuconfig
Select the config settings that you want and Save the file. If you save it to the default ".config" file when prompted by menuconfig, you can find it in the 'xen' subdirectory of the build tree.
Configuration fragments are also supported. To use them you need to list the .cfg files in the SRC_URI.
security patches
The base recipe does not include security fixes that the Xen community releases as XSAs (http://xenbits.xen.org/xsa/). The easiest way to include those is to drop patches in 'recipes-extened/xen/files' and create a bbappend adding those patches to SRC_URI and they will be applied. Alternatively, you can override the SRC_URI to a git repo you provide that contains the patches.
recipe maintenance
Xen version update
The following rules shall be followed to define which versions of Xen have recipes in meta-virtualization:
-
Before a Yocto release meta-virtualization shall have recipes for:
-
the latest stable major version of Xen, and
-
the current version of the Xen master branch (known as the git recipes)
-
In addition, there may also be recipes included for the previous stable major version of Xen, in the case where the latest stable major version is new and the prior stable major version of Xen is to be the preferred version for the Yocto release
-
-
On Yocto LTS and the latest stable Yocto release branch, the preferred Xen major version that is present when the Yocto release is issued must stay supported and the recipes shall be regularly updated to follow updates available in the Xen stable branch for that Xen major release.
-
On Yocto LTS and the latest stable Yocto release branch, the recipes for the latest Xen major version shall also be regularly updated to follow updates available in the Xen stable branch for that Xen major release.
-
On the master / in-development Yocto branch, new Xen recipes shall be added when there is a new Xen major release.
-
depending on the timing of the next Yocto release, the new recipes may be preferred, or the prior major version recipes may remain preferred until after the Yocto release
-
the recipes for the previous Xen stable major version shall be removed from the branch when it is no longer the preferred Xen version
-
-
On Yocto LTS and the latest stable Yocto release branch, new Xen recipes shall be added when there is a new Xen major release.
-
The preferred version of the Xen recipes shall always stay at the same Xen major version once a Yocto release has been issued, and shall receive regular updates to track the stable Xen branch of that Xen release.
-
When new Xen recipes are added to a Yocto branch for a new Xen major version, then any older Xen recipes present, except for the original preferred version recipes, shall be marked as not updated anymore by adding a comment inside the recipes. The older recipes will not receive any build tests or be updated to follow the Xen branch.
-