7fe0f9a8c0
Bumping xen to version RELEASE-4.17.3-53-g0ebd2e49bc, which comprises the following commits:
0ebd2e49bc x86: protect conditional lock taking from speculative execution
074b4c8987 x86/mm: add speculation barriers to open coded locks
2cc5e57be6 locking: attempt to ensure lock wrappers are always inline
468a368b2e percpu-rwlock: introduce support for blocking speculation into critical regions
7454dad6ee rwlock: introduce support for blocking speculation into critical regions
9d2f136328 x86/spinlock: introduce support for blocking speculation into critical regions
0a53565f18 xen: Swap order of actions in the FREE*() macros
bf70ce8b34 x86/paging: Delete update_cr3()'s do_locking parameter
d85481135d x86/spec-ctrl: Mitigation Register File Data Sampling
6663430b44 x86/spec-ctrl: VERW-handling adjustments
d55d52961d x86/spec-ctrl: Rename VERW related options
76af773de5 x86/spec-ctrl: Perform VERW flushing later in exit paths
77f2bec134 x86/vmx: Perform VERW flushing later in the VMExit path
abc43cf5a6 x86: Resync intel-family.h from Linux
e691f99f17 x86/entry: Introduce EFRAME_* constants
1f94117bec x86/mm: fix detection of last L1 entry in modify_xen_mappings_lite()
1e9808227c hvmloader/PCI: skip huge BARs in certain calculations
54dacb5c02 x86/cpu-policy: Allow for levelling of VERW side effects
2f49d9f89c x86/altcall: always use a temporary parameter stashing variable
c4ee68eda9 libxl: Fix segfault in device_model_spawn_outcome
a59106b276 xen/livepatch: properly build the noapply and norevert tests
5564323f64 xen/livepatch: fix norevert test attempt to open-code revert
c54cf903b0 xen/livepatch: search for symbols in all loaded payloads
b11917de0c xen/livepatch: register livepatch regions when loaded
0ce25b46ab x86/spec: do not print thunk option selection if not built-in
693455c3c3 x86/spec: fix INDIRECT_THUNK option to only be set when build-enabled
76ea2aab36 x86/spec: print the built-in SPECULATIVE_HARDEN_* options
b75bee1832 xen/sched: Fix UB shift in compat_set_timer_op()
9c0d518eb8 x86/HVM: hide SVM/VMX when their enabling is prohibited by firmware
6cbccc4071 xen/arm: Fix UBSAN failure in start_xen()
49f7760237 x86: account for shadow stack in exception-from-stub recovery
9165001081 x86/spec: fix BRANCH_HARDEN option to only be set when build-enabled
1aafe054e7 x86/altcall: use a union as register type for function parameters on clang
229e8a72ee xen/cmdline: fix printf format specifier in no_config_param()
f6b1279254 xen/livepatch: fix norevert test hook setup typo
16f2e47eb1 x86emul: add missing EVEX.R' checks
ea86997727 build: make sure build fails when running kconfig fails
b974528073 libxl: Disable relocating memory for qemu-xen in stubdomain too
1330a5fe44 build: Replace `which` with `command -v`
b3ae0e6201 x86/HVM: tidy state on hvmemul_map_linear_addr()'s error path
415f770d23 x86/hvm: Fix fast singlestep state persistence
463aaf3fbf amd-vi: fix IVMD memory type checks
61da71968e tools/xentop: fix sorting bug for some columns
091466ba55 x86/p2m-pt: fix off by one in entry check assert
afb85cf1e8 lib{fdt,elf}: move lib{fdt,elf}-temp.o and their deps to $(targets)
7bd612727d x86/vmx: Disallow the use of inactivity states
eca5416f9b x86/vmx: Fix IRQ handling for EXIT_REASON_INIT
d0ad2cc5ea x86/intel: ensure Global Performance Counter Control is setup correctly
0ef1fb43dd CirrusCI: drop FreeBSD 12
abcc32f063 x86/amd: Extend CPU erratum #1474 fix to more affected models
6b1864afc1 VT-d: Fix "else" vs "#endif" misplacement
f9e1ed51bd pci: fail device assignment if phantom functions cannot be assigned
4f6e9d4327 update Xen version to 4.17.4-pre
949a4aad41 update Xen version to 4.17.3
958706fd2e xen/arm: page: Avoid pointer overflow on cache clean & invalidate
e2caee491a xen/sched: fix sched_move_domain()
4000522008 Only compile the hypervisor with -Wdeclaration-after-statement
83ae677d2a x86/x2apic: introduce a mixed physical/cluster mode
6eb98dda5c xen/domain: fix error path in domain_create()
5d01aa7ad5 xen/sched: fix adding offline cpu to cpupool
7d8bd64e11 x86emul: avoid triggering event related assertions
4923450c0e tools/xg: Fix potential memory leak in cpu policy getters/setters
eac655d6be xen/x86: In x2APIC mode, derive LDR from APIC ID
e3c1ffb2a3 livepatch: do not use .livepatch.funcs section to store internal state
32c3403e4c x86/mem_sharing: Release domain if we are not able to enable memory sharing
e1f9cb16e2 xen/sched: fix sched_move_domain()
28f44b603f xen/grant: Fix build in PV_SHIM
0527bab090 x86/spec-ctrl: Add SRSO whitepaper URL
c635c17fde x86/i8259: do not assume interrupts always target CPU0
d10db37b78 x86/x2apic: remove usage of ACPI_FADT_APIC_CLUSTER
267ac3c592 x86/pv-shim: fix grant table operations for 32-bit guests
4bd2c8c8b9 x86/mem_sharing: add missing m2p entry when mapping shared_info page
011d20a69c docs: Fix IOMMU command line docs some more
bb13e63143 x86: support data operand independent timing mode
40685f9283 iommu/vt-d: fix SAGAW capability parsing
ee4ce01198 iommu: fix quarantine mode command line documentation
f6996645d2 x86/pvh: fix identity mapping of low 1MB
e1275e58c7 x86/amd: Address AMD erratum #1485
1a94fc132a x86: Add bit definitions for Automatic IBRS
7eb2a4eba1 tools/pygrub: Fix pygrub's --entry flag for python3
65e1f3d289 cxenstored: wait until after reset to notify dom0less domains
6384cdf0c3 x86: Clarify that only 5 hypercall parameters are supported
2e87f3a03a docs/sphinx: Switch hypercall-abi.rst to named footnotes
4f43614a89 x86/amd: do not expose HWCR.TscFreqSel to guests
0311ff4a2c x86/spec-ctrl: Remove conditional IRQs-on-ness for INT $0x80/0x82 paths
b7a1e10539 iommu/amd-vi: use correct level for quarantine domain page tables
0b56bed864 x86/pv: Correct the auditing of guest breakpoint addresses
3f8b444072 x86/svm: Fix asymmetry with AMD DR MASK context switching
46d00dbf4c libxl: limit bootloader execution in restricted mode
42bf49d74b libxl: add support for running bootloader in restricted mode
f5e211654e tools/pygrub: Deprivilege pygrub
8ee19246ad tools/libfsimage: Export a new function to preload all plugins
3797742067 tools/pygrub: Open the output files earlier
e7059f16f7 tools/pygrub: Small refactors
8a584126ea tools/pygrub: Remove unnecessary hypercall
eb4efdac4c libfsimage/xfs: Add compile-time check to libfsimage
78143c5336 libfsimage/xfs: Sanity-check the superblock during mounts
f1cd620cc3 libfsimage/xfs: Amend mask32lo() to allow the value 32
d665c6690e libfsimage/xfs: Remove dead code
0d8f9f7f27 iommu/amd-vi: flush IOMMU TLB when flushing the DTE
c4e05c97f5 tools/xenstored: domain_entry_fix(): Handle conflicting transaction
90c540c589 x86/shadow: defer releasing of PV's top-level shadow reference
9ac2f49f5f x86/spec-ctrl: Mitigate the Zen1 DIV leakage
19ee1e1faa x86/amd: Introduce is_zen{1,2}_uarch() predicates
2e2c3efcfc x86/spec-ctrl: Issue VERW during IST exit to Xen
e4a71bc0da x86/entry: Track the IST-ness of an entry for the exit paths
5f7efd47c8 x86/entry: Adjust restore_all_xen to hold stack_end in %r14
ba023e93d0 x86/spec-ctrl: Improve all SPEC_CTRL_{ENTER,EXIT}_* comments
3952c73bdb x86/spec-ctrl: Turn the remaining SPEC_CTRL_{ENTRY,EXIT}_* into asm macros
84690fb82c x86/spec-ctrl: Fold DO_SPEC_CTRL_EXIT_TO_XEN into it's single user
dc28aba565 x86/spec-ctrl: Fix confusion between SPEC_CTRL_EXIT_TO_XEN{,_IST}
d2d2dcae87 x86/AMD: extend Zenbleed check to models "good" ucode isn't known for
d31e5b2a9c xen/arm: page: Handle cache flush of an element at the top of the address space
699de51274 x86/irq: fix reporting of spurious i8259 interrupts
8be85d8c0d x86/vmx: Revert "x86/VMX: sanitize rIP before re-entering guest"
a939e953cd x86/svm: Fix valid condition in svm_get_pending_event()
7ca58fbef4 tboot: Disable CET at shutdown
0429822978 libxl: slightly correct JSON generation of CPU policy
ba360fbb64 build: correct gas --noexecstack check
5116fe12d8 x86/iommu: pass full IO-APIC RTE for remapping table update
e08e7330c5 iommu/vtd: rename io_apic_read_remap_rte() local variable
1bd4523d69 x86/ioapic: RTE modifications must use ioapic_write_entry
a885649098 x86/ioapic: add a raw field to RTE struct
d0cdd34dd8 x86/ioapic: sanitize IO-APIC pins before enabling lapic LVTERR/ESR
f04295dd80 xenalyze: Handle start-of-day ->RUNNING transitions
e5f9987d5f x86/head: check base address alignment
7b5155a79e xen/vcpu: ignore VCPU_SSHOTTMR_future
052a8d24bc tools/vchan: Fix -Wsingle-bit-bitfield-constant-conversion
f00d563095 CI: Resync FreeBSD config with staging
e418a77295 rombios: Remove the use of egrep
24487fec3b rombios: Avoid using K&R function syntax
ae1045c429 rombios: Work around GCC issue 99578
37f1d68fa3 x86emul: rework wrapping of libc functions in test and fuzzing harnesses
476d2624ec Config.mk: evaluate XEN_COMPILE_ARCH and XEN_OS immediately
a1f68fb567 build: evaluate XEN_BUILD_* and XEN_DOMAIN immediately
36e84ea02e build: remove TARGET_ARCH, a duplicate of SRCARCH
56076ef445 build: remove TARGET_SUBARCH, a duplicate of ARCH
1c3927f8f6 build: define ARCH and SRCARCH later
8d84be5b55 libxl: Use XEN_LIB_DIR to store bootloader from pygrub
7d88979849 x86: fix build with old gcc after CPU policy changes
2f337a04bf update Xen version to 4.17.3-pre
322a20add0 Update Xen to version 4.17.2
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|---|---|---|
| .. | ||
| files | ||
| README | ||
| xen_4.17.bb | ||
| xen_4.18.bb | ||
| xen_git.bb | ||
| xen-arch.inc | ||
| xen-blktap.inc | ||
| xen-hypervisor.inc | ||
| xen-tools_4.17.bb | ||
| xen-tools_4.18.bb | ||
| xen-tools_git.bb | ||
| xen-tools.inc | ||
| xen.inc | ||
| xtf_git.bb | ||
Xen
For any issues with the Xen recipes please make sure you CC: christopher.w.clark@gmail.com cardoe@gentoo.org
configuring the hypervisor
Since 4.7.0 Xen supports using Kconfig to configure the hypervisor. Similarly to how the recipe for busybox works, you can provide a .config as a defconfig to override the default configuration of the hypervisor. The easiest way for you to take advantage of this is to create a .config for Xen and then copy it to your Yocto layer as 'defconfig' inside of 'recipes-extended/xen/files/' and then create a bbappend adding 'file://defconfig' to your SRC_URI.
To generate your own .config file for Xen, you can use the interactive menuconfig via bitbake:
bitbake xen -c menuconfig
Select the config settings that you want and Save the file. If you save it to the default ".config" file when prompted by menuconfig, you can find it in the 'xen' subdirectory of the build tree.
Configuration fragments are also supported. To use them you need to list the .cfg files in the SRC_URI.
security patches
The base recipe does not include security fixes that the Xen community releases as XSAs (http://xenbits.xen.org/xsa/). The easiest way to include those is to drop patches in 'recipes-extened/xen/files' and create a bbappend adding those patches to SRC_URI and they will be applied. Alternatively, you can override the SRC_URI to a git repo you provide that contains the patches.
recipe maintenance
Xen version update
The following rules shall be followed to define which versions of Xen have recipes in meta-virtualization:
-
Before a Yocto release meta-virtualization shall have recipes for:
-
the latest stable major version of Xen, and
-
the current version of the Xen master branch (known as the git recipes)
-
In addition, there may also be recipes included for the previous stable major version of Xen, in the case where the latest stable major version is new and the prior stable major version of Xen is to be the preferred version for the Yocto release
-
-
On Yocto LTS and the latest stable Yocto release branch, the preferred Xen major version that is present when the Yocto release is issued must stay supported and the recipes shall be regularly updated to follow updates available in the Xen stable branch for that Xen major release.
-
On Yocto LTS and the latest stable Yocto release branch, the recipes for the latest Xen major version shall also be regularly updated to follow updates available in the Xen stable branch for that Xen major release.
-
On the master / in-development Yocto branch, new Xen recipes shall be added when there is a new Xen major release.
-
depending on the timing of the next Yocto release, the new recipes may be preferred, or the prior major version recipes may remain preferred until after the Yocto release
-
the recipes for the previous Xen stable major version shall be removed from the branch when it is no longer the preferred Xen version
-
-
On Yocto LTS and the latest stable Yocto release branch, new Xen recipes shall be added when there is a new Xen major release.
-
The preferred version of the Xen recipes shall always stay at the same Xen major version once a Yocto release has been issued, and shall receive regular updates to track the stable Xen branch of that Xen release.
-
When new Xen recipes are added to a Yocto branch for a new Xen major version, then any older Xen recipes present, except for the original preferred version recipes, shall be marked as not updated anymore by adding a comment inside the recipes. The older recipes will not receive any build tests or be updated to follow the Xen branch.
-