aboutsummaryrefslogtreecommitdiff
path: root/system/xen
diff options
context:
space:
mode:
authorMario Preksavec <mario@slackware.hr>2021-11-25 11:47:34 +0100
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2021-11-29 09:43:58 +0700
commite9a0293d9ac899a92268f7776fa93c3c923ddd54 (patch)
tree88495baf5516b5fffba594d3951e9f5087d3395b /system/xen
parentc009232704cb3d262f64e9992d4e864ea849b5a1 (diff)
system/xen: XSA 385-390 update.
Signed-off-by: Mario Preksavec <mario@slackware.hr> Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'system/xen')
-rw-r--r--system/xen/dom0/config-5.15.4-xen.x86_64 (renamed from system/xen/dom0/config-5.14.12-xen.x86_64)293
-rw-r--r--system/xen/dom0/kernel-xen.sh2
-rw-r--r--system/xen/domU/domU.sh2
-rw-r--r--system/xen/xsa/xsa385-4.15.patch96
-rw-r--r--system/xen/xsa/xsa388-4.15-1.patch174
-rw-r--r--system/xen/xsa/xsa388-4.15-2.patch36
-rw-r--r--system/xen/xsa/xsa389-4.15.patch182
-rw-r--r--system/xen/xsa/xsa390.patch46
8 files changed, 715 insertions, 116 deletions
diff --git a/system/xen/dom0/config-5.14.12-xen.x86_64 b/system/xen/dom0/config-5.15.4-xen.x86_64
index ac1e996207592..3fd55fce7c773 100644
--- a/system/xen/dom0/config-5.14.12-xen.x86_64
+++ b/system/xen/dom0/config-5.15.4-xen.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.14.12 Kernel Configuration
+# Linux/x86 5.15.4 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0"
CONFIG_CC_IS_GCC=y
@@ -26,6 +26,7 @@ CONFIG_THREAD_INFO_IN_TASK=y
#
CONFIG_INIT_ENV_ARG_LIMIT=32
# CONFIG_COMPILE_TEST is not set
+# CONFIG_WERROR is not set
CONFIG_LOCALVERSION="-xen"
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_BUILD_SALT=""
@@ -121,9 +122,12 @@ CONFIG_BPF_PRELOAD_UMD=m
CONFIG_BPF_LSM=y
# end of BPF subsystem
-CONFIG_PREEMPT_NONE=y
+# CONFIG_PREEMPT_NONE is not set
# CONFIG_PREEMPT_VOLUNTARY is not set
-# CONFIG_PREEMPT is not set
+CONFIG_PREEMPT=y
+CONFIG_PREEMPT_COUNT=y
+CONFIG_PREEMPTION=y
+CONFIG_PREEMPT_DYNAMIC=y
CONFIG_SCHED_CORE=y
#
@@ -149,10 +153,12 @@ CONFIG_CPU_ISOLATION=y
# RCU Subsystem
#
CONFIG_TREE_RCU=y
+CONFIG_PREEMPT_RCU=y
CONFIG_RCU_EXPERT=y
CONFIG_SRCU=y
CONFIG_TREE_SRCU=y
CONFIG_TASKS_RCU_GENERIC=y
+CONFIG_TASKS_RCU=y
CONFIG_TASKS_RUDE_RCU=y
CONFIG_TASKS_TRACE_RCU=y
CONFIG_RCU_STALL_COMMON=y
@@ -160,6 +166,7 @@ CONFIG_RCU_NEED_SEGCBLIST=y
CONFIG_RCU_FANOUT=32
CONFIG_RCU_FANOUT_LEAF=16
CONFIG_RCU_FAST_NO_HZ=y
+# CONFIG_RCU_BOOST is not set
CONFIG_RCU_NOCB_CPU=y
# CONFIG_TASKS_TRACE_RCU_READ_MB is not set
# end of RCU Subsystem
@@ -171,6 +178,7 @@ CONFIG_IKHEADERS=m
CONFIG_LOG_BUF_SHIFT=18
CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=12
+# CONFIG_PRINTK_INDEX is not set
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
#
@@ -216,7 +224,7 @@ CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_CHECKPOINT_RESTORE=y
-# CONFIG_SCHED_AUTOGROUP is not set
+CONFIG_SCHED_AUTOGROUP=y
# CONFIG_SYSFS_DEPRECATED is not set
CONFIG_RELAY=y
CONFIG_BLK_DEV_INITRD=y
@@ -244,7 +252,6 @@ CONFIG_SYSFS_SYSCALL=y
CONFIG_FHANDLE=y
CONFIG_POSIX_TIMERS=y
CONFIG_PRINTK=y
-CONFIG_PRINTK_NMI=y
CONFIG_BUG=y
CONFIG_ELF_CORE=y
CONFIG_PCSPKR_PLATFORM=y
@@ -321,6 +328,7 @@ CONFIG_HAVE_SETUP_PER_CPU_AREA=y
CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
CONFIG_ARCH_HIBERNATION_POSSIBLE=y
+CONFIG_ARCH_NR_GPIO=1024
CONFIG_ARCH_SUSPEND_POSSIBLE=y
CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
CONFIG_AUDIT_ARCH=y
@@ -359,13 +367,14 @@ CONFIG_XEN=y
CONFIG_XEN_PV=y
CONFIG_XEN_512GB=y
CONFIG_XEN_PV_SMP=y
-CONFIG_XEN_DOM0=y
+CONFIG_XEN_PV_DOM0=y
CONFIG_XEN_PVHVM=y
CONFIG_XEN_PVHVM_SMP=y
CONFIG_XEN_PVHVM_GUEST=y
CONFIG_XEN_SAVE_RESTORE=y
# CONFIG_XEN_DEBUG_FS is not set
CONFIG_XEN_PVH=y
+CONFIG_XEN_DOM0=y
CONFIG_KVM_GUEST=y
CONFIG_ARCH_CPUIDLE_HALTPOLL=y
CONFIG_PVH=y
@@ -422,6 +431,7 @@ CONFIG_PERF_EVENTS_INTEL_UNCORE=y
CONFIG_PERF_EVENTS_INTEL_RAPL=m
CONFIG_PERF_EVENTS_INTEL_CSTATE=m
CONFIG_PERF_EVENTS_AMD_POWER=m
+CONFIG_PERF_EVENTS_AMD_UNCORE=y
# end of Performance monitoring
CONFIG_X86_16BIT=y
@@ -665,7 +675,6 @@ CONFIG_MMCONF_FAM10H=y
# CONFIG_ISA_BUS is not set
CONFIG_ISA_DMA_API=y
CONFIG_AMD_NB=y
-# CONFIG_X86_SYSFB is not set
# end of Bus options (PCI etc.)
#
@@ -679,54 +688,6 @@ CONFIG_COMPAT_FOR_U64_ALIGNMENT=y
CONFIG_SYSVIPC_COMPAT=y
# end of Binary Emulations
-#
-# Firmware Drivers
-#
-CONFIG_EDD=m
-CONFIG_EDD_OFF=y
-CONFIG_FIRMWARE_MEMMAP=y
-CONFIG_DMIID=y
-CONFIG_DMI_SYSFS=m
-CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
-CONFIG_ISCSI_IBFT_FIND=y
-CONFIG_ISCSI_IBFT=m
-CONFIG_FW_CFG_SYSFS=m
-CONFIG_FW_CFG_SYSFS_CMDLINE=y
-# CONFIG_GOOGLE_FIRMWARE is not set
-
-#
-# EFI (Extensible Firmware Interface) Support
-#
-CONFIG_EFI_VARS=y
-CONFIG_EFI_ESRT=y
-CONFIG_EFI_VARS_PSTORE=y
-CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y
-CONFIG_EFI_RUNTIME_MAP=y
-# CONFIG_EFI_FAKE_MEMMAP is not set
-CONFIG_EFI_SOFT_RESERVE=y
-CONFIG_EFI_RUNTIME_WRAPPERS=y
-CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
-CONFIG_EFI_BOOTLOADER_CONTROL=m
-CONFIG_EFI_CAPSULE_LOADER=m
-# CONFIG_EFI_TEST is not set
-CONFIG_APPLE_PROPERTIES=y
-CONFIG_RESET_ATTACK_MITIGATION=y
-# CONFIG_EFI_RCI2_TABLE is not set
-# CONFIG_EFI_DISABLE_PCI_DMA is not set
-# end of EFI (Extensible Firmware Interface) Support
-
-CONFIG_UEFI_CPER=y
-CONFIG_UEFI_CPER_X86=y
-CONFIG_EFI_DEV_PATH_PARSER=y
-CONFIG_EFI_EARLYCON=y
-CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
-
-#
-# Tegra firmware driver
-#
-# end of Tegra firmware driver
-# end of Firmware Drivers
-
CONFIG_HAVE_KVM=y
CONFIG_HAVE_KVM_IRQCHIP=y
CONFIG_HAVE_KVM_IRQFD=y
@@ -779,6 +740,7 @@ CONFIG_HAVE_OPTPROBES=y
CONFIG_HAVE_KPROBES_ON_FTRACE=y
CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y
CONFIG_HAVE_NMI=y
+CONFIG_TRACE_IRQFLAGS_SUPPORT=y
CONFIG_HAVE_ARCH_TRACEHOOK=y
CONFIG_HAVE_DMA_CONTIGUOUS=y
CONFIG_GENERIC_SMP_IDLE_THREAD=y
@@ -862,12 +824,14 @@ CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y
CONFIG_ARCH_USE_MEMREMAP_PROT=y
# CONFIG_LOCK_EVENT_COUNTS is not set
CONFIG_ARCH_HAS_MEM_ENCRYPT=y
+CONFIG_ARCH_HAS_CC_PLATFORM=y
CONFIG_HAVE_STATIC_CALL=y
CONFIG_HAVE_STATIC_CALL_INLINE=y
CONFIG_HAVE_PREEMPT_DYNAMIC=y
CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y
CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
CONFIG_ARCH_HAS_ELFCORE_COMPAT=y
+CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y
#
# GCOV-based kernel profiling
@@ -902,16 +866,14 @@ CONFIG_MODPROBE_PATH="/sbin/modprobe"
CONFIG_MODULES_TREE_LOOKUP=y
CONFIG_BLOCK=y
CONFIG_BLK_RQ_ALLOC_TIME=y
-CONFIG_BLK_SCSI_REQUEST=y
CONFIG_BLK_CGROUP_RWSTAT=y
-CONFIG_BLK_DEV_BSG=y
+CONFIG_BLK_DEV_BSG_COMMON=y
CONFIG_BLK_DEV_BSGLIB=y
CONFIG_BLK_DEV_INTEGRITY=y
CONFIG_BLK_DEV_INTEGRITY_T10=y
CONFIG_BLK_DEV_ZONED=y
CONFIG_BLK_DEV_THROTTLING=y
# CONFIG_BLK_DEV_THROTTLING_LOW is not set
-# CONFIG_BLK_CMDLINE_PARSER is not set
CONFIG_BLK_WBT=y
CONFIG_BLK_WBT_MQ=y
CONFIG_BLK_CGROUP_IOLATENCY=y
@@ -954,6 +916,7 @@ CONFIG_BLK_MQ_PCI=y
CONFIG_BLK_MQ_VIRTIO=y
CONFIG_BLK_MQ_RDMA=y
CONFIG_BLK_PM=y
+CONFIG_BLOCK_HOLDER_DEPRECATED=y
#
# IO Schedulers
@@ -968,11 +931,7 @@ CONFIG_BFQ_GROUP_IOSCHED=y
CONFIG_PREEMPT_NOTIFIERS=y
CONFIG_PADATA=y
CONFIG_ASN1=y
-CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
-CONFIG_INLINE_READ_UNLOCK=y
-CONFIG_INLINE_READ_UNLOCK_IRQ=y
-CONFIG_INLINE_WRITE_UNLOCK=y
-CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
+CONFIG_UNINLINE_SPIN_UNLOCK=y
CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
CONFIG_MUTEX_SPIN_ON_OWNER=y
CONFIG_RWSEM_SPIN_ON_OWNER=y
@@ -1088,6 +1047,12 @@ CONFIG_ARCH_HAS_PKEYS=y
CONFIG_ARCH_HAS_PTE_SPECIAL=y
CONFIG_MAPPING_DIRTY_HELPERS=y
CONFIG_SECRETMEM=y
+
+#
+# Data Access Monitoring
+#
+# CONFIG_DAMON is not set
+# end of Data Access Monitoring
# end of Memory Management options
CONFIG_NET=y
@@ -1104,6 +1069,7 @@ CONFIG_PACKET=y
CONFIG_PACKET_DIAG=m
CONFIG_UNIX=y
CONFIG_UNIX_SCM=y
+CONFIG_AF_UNIX_OOB=y
CONFIG_UNIX_DIAG=m
CONFIG_TLS=m
# CONFIG_TLS_DEVICE is not set
@@ -1209,6 +1175,7 @@ CONFIG_IPV6_SUBTREES=y
CONFIG_IPV6_SEG6_LWTUNNEL=y
CONFIG_IPV6_SEG6_HMAC=y
CONFIG_IPV6_RPL_LWTUNNEL=y
+# CONFIG_IPV6_IOAM6_LWTUNNEL is not set
# CONFIG_NETLABEL is not set
CONFIG_MPTCP=y
CONFIG_INET_MPTCP_DIAG=m
@@ -1640,6 +1607,8 @@ CONFIG_NET_DSA_TAG_EDSA=m
CONFIG_NET_DSA_TAG_MTK=m
CONFIG_NET_DSA_TAG_KSZ=m
CONFIG_NET_DSA_TAG_RTL4_A=m
+CONFIG_NET_DSA_TAG_OCELOT=m
+CONFIG_NET_DSA_TAG_OCELOT_8021Q=m
CONFIG_NET_DSA_TAG_QCA=m
CONFIG_NET_DSA_TAG_LAN9303=m
CONFIG_NET_DSA_TAG_SJA1105=m
@@ -1988,6 +1957,7 @@ CONFIG_AF_RXRPC_IPV6=y
# CONFIG_RXKAD is not set
# CONFIG_AF_KCM is not set
CONFIG_STREAM_PARSER=y
+# CONFIG_MCTP is not set
CONFIG_FIB_RULES=y
CONFIG_WIRELESS=y
CONFIG_WIRELESS_EXT=y
@@ -2248,6 +2218,63 @@ CONFIG_MHI_BUS_PCI_GENERIC=m
CONFIG_CONNECTOR=y
CONFIG_PROC_EVENTS=y
+
+#
+# Firmware Drivers
+#
+
+#
+# ARM System Control and Management Interface Protocol
+#
+# end of ARM System Control and Management Interface Protocol
+
+CONFIG_EDD=m
+CONFIG_EDD_OFF=y
+CONFIG_FIRMWARE_MEMMAP=y
+CONFIG_DMIID=y
+CONFIG_DMI_SYSFS=m
+CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
+CONFIG_ISCSI_IBFT_FIND=y
+CONFIG_ISCSI_IBFT=m
+CONFIG_FW_CFG_SYSFS=m
+CONFIG_FW_CFG_SYSFS_CMDLINE=y
+CONFIG_SYSFB=y
+# CONFIG_SYSFB_SIMPLEFB is not set
+# CONFIG_GOOGLE_FIRMWARE is not set
+
+#
+# EFI (Extensible Firmware Interface) Support
+#
+CONFIG_EFI_VARS=y
+CONFIG_EFI_ESRT=y
+CONFIG_EFI_VARS_PSTORE=y
+CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y
+CONFIG_EFI_RUNTIME_MAP=y
+# CONFIG_EFI_FAKE_MEMMAP is not set
+CONFIG_EFI_SOFT_RESERVE=y
+CONFIG_EFI_RUNTIME_WRAPPERS=y
+CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
+CONFIG_EFI_BOOTLOADER_CONTROL=m
+CONFIG_EFI_CAPSULE_LOADER=m
+# CONFIG_EFI_TEST is not set
+CONFIG_APPLE_PROPERTIES=y
+CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_EFI_RCI2_TABLE is not set
+# CONFIG_EFI_DISABLE_PCI_DMA is not set
+# end of EFI (Extensible Firmware Interface) Support
+
+CONFIG_UEFI_CPER=y
+CONFIG_UEFI_CPER_X86=y
+CONFIG_EFI_DEV_PATH_PARSER=y
+CONFIG_EFI_EARLYCON=y
+CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
+
+#
+# Tegra firmware driver
+#
+# end of Tegra firmware driver
+# end of Firmware Drivers
+
# CONFIG_GNSS is not set
CONFIG_MTD=m
CONFIG_MTD_TESTS=m
@@ -2269,6 +2296,10 @@ CONFIG_MTD_REDBOOT_DIRECTORY_BLOCK=-1
CONFIG_MTD_BLKDEVS=m
CONFIG_MTD_BLOCK=m
CONFIG_MTD_BLOCK_RO=m
+
+#
+# Note that in some cases UBI block is preferred. See MTD_UBI_BLOCK.
+#
CONFIG_FTL=m
CONFIG_NFTL=m
CONFIG_NFTL_RW=y
@@ -2609,6 +2640,7 @@ CONFIG_PVPANIC_PCI=m
#
CONFIG_SCSI_MOD=y
CONFIG_RAID_ATTRS=y
+CONFIG_SCSI_COMMON=y
CONFIG_SCSI=y
CONFIG_SCSI_DMA=y
CONFIG_SCSI_NETLINK=y
@@ -2621,6 +2653,7 @@ CONFIG_BLK_DEV_SD=y
CONFIG_CHR_DEV_ST=m
CONFIG_BLK_DEV_SR=y
CONFIG_CHR_DEV_SG=m
+CONFIG_BLK_DEV_BSG=y
CONFIG_CHR_DEV_SCH=m
CONFIG_SCSI_ENCLOSURE=m
# CONFIG_SCSI_CONSTANTS is not set
@@ -2695,6 +2728,7 @@ CONFIG_SCSI_UFS_CDNS_PLATFORM=m
# CONFIG_SCSI_UFS_DWC_TC_PLATFORM is not set
# CONFIG_SCSI_UFS_BSG is not set
CONFIG_SCSI_UFS_CRYPTO=y
+# CONFIG_SCSI_UFS_HPB is not set
CONFIG_SCSI_HPTIOP=m
CONFIG_SCSI_BUSLOGIC=m
CONFIG_SCSI_FLASHPOINT=y
@@ -2888,7 +2922,7 @@ CONFIG_DM_THIN_PROVISIONING=m
CONFIG_DM_CACHE=m
CONFIG_DM_CACHE_SMQ=m
# CONFIG_DM_WRITECACHE is not set
-CONFIG_DM_EBS=m
+# CONFIG_DM_EBS is not set
CONFIG_DM_ERA=m
# CONFIG_DM_CLONE is not set
CONFIG_DM_MIRROR=y
@@ -3198,6 +3232,7 @@ CONFIG_IGC=m
CONFIG_NET_VENDOR_MICROSOFT=y
CONFIG_MICROSOFT_MANA=m
CONFIG_JME=m
+CONFIG_NET_VENDOR_LITEX=y
CONFIG_NET_VENDOR_MARVELL=y
CONFIG_MVMDIO=m
CONFIG_SKGE=m
@@ -3403,6 +3438,7 @@ CONFIG_LSI_ET1011C_PHY=m
CONFIG_MARVELL_PHY=m
CONFIG_MARVELL_10G_PHY=m
CONFIG_MARVELL_88X2222_PHY=m
+CONFIG_MAXLINEAR_GPHY=m
CONFIG_MEDIATEK_GE_PHY=m
CONFIG_MICREL_PHY=m
CONFIG_MICROCHIP_PHY=m
@@ -3676,7 +3712,6 @@ CONFIG_P54_USB=m
CONFIG_P54_PCI=m
# CONFIG_P54_SPI is not set
CONFIG_P54_LEDS=y
-CONFIG_PRISM54=m
CONFIG_WLAN_VENDOR_MARVELL=y
CONFIG_LIBERTAS=m
CONFIG_LIBERTAS_USB=m
@@ -3831,8 +3866,6 @@ CONFIG_PCI200SYN=m
CONFIG_WANXL=m
# CONFIG_PC300TOO is not set
CONFIG_FARSYNC=m
-CONFIG_SBNI=m
-# CONFIG_SBNI_MULTILINE is not set
CONFIG_IEEE802154_DRIVERS=m
CONFIG_IEEE802154_FAKELB=m
# CONFIG_IEEE802154_AT86RF230 is not set
@@ -3850,6 +3883,7 @@ CONFIG_IEEE802154_ATUSB=m
CONFIG_WWAN=y
# CONFIG_WWAN_HWSIM is not set
CONFIG_MHI_WWAN_CTRL=m
+# CONFIG_MHI_WWAN_MBIM is not set
# CONFIG_RPMSG_WWAN_CTRL is not set
CONFIG_IOSM=m
# end of Wireless WAN
@@ -3884,8 +3918,6 @@ CONFIG_MISDN_NETJET=m
CONFIG_MISDN_HDLC=m
CONFIG_MISDN_IPAC=m
CONFIG_MISDN_ISAR=m
-CONFIG_NVM=y
-# CONFIG_NVM_PBLK is not set
#
# Input device support
@@ -4348,10 +4380,9 @@ CONFIG_TELCLOCK=m
CONFIG_XILLYBUS_CLASS=m
# CONFIG_XILLYBUS is not set
CONFIG_XILLYUSB=m
-# end of Character devices
-
CONFIG_RANDOM_TRUST_CPU=y
# CONFIG_RANDOM_TRUST_BOOTLOADER is not set
+# end of Character devices
#
# I2C support
@@ -4444,6 +4475,7 @@ CONFIG_I2C_VIPERBOARD=m
#
# CONFIG_I2C_MLXCPLD is not set
CONFIG_I2C_CROS_EC_TUNNEL=m
+CONFIG_I2C_VIRTIO=m
# end of I2C Hardware Bus support
CONFIG_I2C_STUB=m
@@ -4531,6 +4563,7 @@ CONFIG_PPS_CLIENT_GPIO=m
# PTP clock support
#
CONFIG_PTP_1588_CLOCK=y
+CONFIG_PTP_1588_CLOCK_OPTIONAL=y
CONFIG_DP83640_PHY=m
# CONFIG_PTP_1588_CLOCK_INES is not set
CONFIG_PTP_1588_CLOCK_KVM=m
@@ -4664,6 +4697,7 @@ CONFIG_GPIO_VIPERBOARD=m
#
CONFIG_GPIO_AGGREGATOR=m
# CONFIG_GPIO_MOCKUP is not set
+CONFIG_GPIO_VIRTIO=m
# end of Virtual GPIO drivers
CONFIG_W1=m
@@ -4752,6 +4786,7 @@ CONFIG_BATTERY_GOLDFISH=m
# CONFIG_BATTERY_RT5033 is not set
CONFIG_CHARGER_RT9455=m
CONFIG_CHARGER_CROS_USBPD=m
+CONFIG_CHARGER_CROS_PCHG=m
CONFIG_CHARGER_BD99954=m
CONFIG_CHARGER_WILCO=m
CONFIG_BATTERY_SURFACE=m
@@ -4783,6 +4818,7 @@ CONFIG_SENSORS_ADT7462=m
CONFIG_SENSORS_ADT7470=m
CONFIG_SENSORS_ADT7475=m
CONFIG_SENSORS_AHT10=m
+CONFIG_SENSORS_AQUACOMPUTER_D5NEXT=m
# CONFIG_SENSORS_AS370 is not set
CONFIG_SENSORS_ASC7621=m
CONFIG_SENSORS_AXI_FAN_CONTROL=m
@@ -4920,6 +4956,7 @@ CONFIG_SENSORS_UCD9200=m
CONFIG_SENSORS_XDPE122=m
CONFIG_SENSORS_ZL6100=m
CONFIG_SENSORS_SBTSI=m
+CONFIG_SENSORS_SBRMI=m
CONFIG_SENSORS_SHT15=m
CONFIG_SENSORS_SHT21=m
CONFIG_SENSORS_SHT3x=m
@@ -5013,6 +5050,7 @@ CONFIG_PROC_THERMAL_MMIO_RAPL=m
CONFIG_INTEL_BXT_PMIC_THERMAL=m
CONFIG_INTEL_PCH_THERMAL=m
CONFIG_INTEL_TCC_COOLING=m
+CONFIG_INTEL_MENLOW=m
# end of Intel thermal drivers
CONFIG_GENERIC_ADC_THERMAL=m
@@ -5255,7 +5293,9 @@ CONFIG_REGULATOR_RT4801=m
CONFIG_REGULATOR_RT4831=m
CONFIG_REGULATOR_RT6160=m
CONFIG_REGULATOR_RT6245=m
+CONFIG_REGULATOR_RTQ2134=m
CONFIG_REGULATOR_RTMV20=m
+CONFIG_REGULATOR_RTQ6752=m
CONFIG_REGULATOR_SKY81452=m
CONFIG_REGULATOR_SLG51000=m
CONFIG_REGULATOR_TPS51632=m
@@ -5304,10 +5344,13 @@ CONFIG_RC_XBOX_DVD=m
CONFIG_IR_TOY=m
CONFIG_CEC_CORE=m
CONFIG_CEC_NOTIFIER=y
+CONFIG_CEC_PIN=y
CONFIG_MEDIA_CEC_RC=y
+# CONFIG_CEC_PIN_ERROR_INJ is not set
CONFIG_MEDIA_CEC_SUPPORT=y
CONFIG_CEC_CH7322=m
CONFIG_CEC_CROS_EC=m
+CONFIG_CEC_GPIO=m
CONFIG_CEC_SECO=m
CONFIG_CEC_SECO_RC=y
CONFIG_USB_PULSE8_CEC=m
@@ -6197,12 +6240,12 @@ CONFIG_DRM_VGEM=m
# CONFIG_DRM_VKMS is not set
CONFIG_DRM_VMWGFX=m
CONFIG_DRM_VMWGFX_FBCON=y
+# CONFIG_DRM_VMWGFX_MKSSTATS is not set
CONFIG_DRM_GMA500=m
CONFIG_DRM_UDL=m
CONFIG_DRM_AST=m
CONFIG_DRM_MGAG200=m
CONFIG_DRM_QXL=m
-CONFIG_DRM_BOCHS=m
CONFIG_DRM_VIRTIO_GPU=m
CONFIG_DRM_PANEL=y
@@ -6210,6 +6253,7 @@ CONFIG_DRM_PANEL=y
# Display Panels
#
CONFIG_DRM_PANEL_RASPBERRYPI_TOUCHSCREEN=m
+# CONFIG_DRM_PANEL_WIDECHIPS_WS2401 is not set
# end of Display Panels
CONFIG_DRM_BRIDGE=y
@@ -6223,6 +6267,7 @@ CONFIG_DRM_ANALOGIX_DP=m
# end of Display Interface Bridges
# CONFIG_DRM_ETNAVIV is not set
+CONFIG_DRM_BOCHS=m
CONFIG_DRM_CIRRUS_QEMU=m
CONFIG_DRM_GM12U320=m
# CONFIG_DRM_SIMPLEDRM is not set
@@ -6241,7 +6286,6 @@ CONFIG_DRM_HYPERV=m
CONFIG_DRM_LEGACY=y
# CONFIG_DRM_TDFX is not set
# CONFIG_DRM_R128 is not set
-# CONFIG_DRM_I810 is not set
# CONFIG_DRM_MGA is not set
# CONFIG_DRM_SIS is not set
# CONFIG_DRM_VIA is not set
@@ -6567,6 +6611,7 @@ CONFIG_SND_HDA_CODEC_SIGMATEL=m
CONFIG_SND_HDA_CODEC_VIA=m
CONFIG_SND_HDA_CODEC_HDMI=m
CONFIG_SND_HDA_CODEC_CIRRUS=m
+CONFIG_SND_HDA_CODEC_CS8409=m
CONFIG_SND_HDA_CODEC_CONEXANT=m
CONFIG_SND_HDA_CODEC_CA0110=m
CONFIG_SND_HDA_CODEC_CA0132=m
@@ -6635,6 +6680,7 @@ CONFIG_SND_SOC_AMD_ACP3x=m
CONFIG_SND_SOC_AMD_RV_RT5682_MACH=m
CONFIG_SND_SOC_AMD_RENOIR=m
CONFIG_SND_SOC_AMD_RENOIR_MACH=m
+CONFIG_SND_SOC_AMD_ACP5x=m
# CONFIG_SND_ATMEL_SOC is not set
# CONFIG_SND_BCM63XX_I2S_WHISTLER is not set
CONFIG_SND_DESIGNWARE_I2S=m
@@ -6758,7 +6804,6 @@ CONFIG_SND_SOC_SOF_ALDERLAKE=m
CONFIG_SND_SOC_SOF_HDA_COMMON=m
CONFIG_SND_SOC_SOF_HDA_LINK=y
CONFIG_SND_SOC_SOF_HDA_AUDIO_CODEC=y
-# CONFIG_SND_SOC_SOF_HDA_ALWAYS_ENABLE_DMI_L1 is not set
CONFIG_SND_SOC_SOF_HDA_LINK_BASELINE=m
CONFIG_SND_SOC_SOF_HDA=m
CONFIG_SND_SOC_SOF_INTEL_SOUNDWIRE_LINK_BASELINE=m
@@ -6841,6 +6886,7 @@ CONFIG_SND_SOC_ES8328_SPI=m
# CONFIG_SND_SOC_GTM601 is not set
CONFIG_SND_SOC_HDAC_HDMI=m
CONFIG_SND_SOC_HDAC_HDA=m
+# CONFIG_SND_SOC_ICS43432 is not set
# CONFIG_SND_SOC_INNO_RK3036 is not set
CONFIG_SND_SOC_MAX98088=m
CONFIG_SND_SOC_MAX98090=m
@@ -6906,6 +6952,7 @@ CONFIG_SND_SOC_RT711_SDCA_SDW=m
CONFIG_SND_SOC_RT715=m
CONFIG_SND_SOC_RT715_SDW=m
CONFIG_SND_SOC_RT715_SDCA_SDW=m
+CONFIG_SND_SOC_SDW_MOCKUP=m
# CONFIG_SND_SOC_SGTL5000 is not set
CONFIG_SND_SOC_SIGMADSP=m
CONFIG_SND_SOC_SIGMADSP_REGMAP=m
@@ -7509,12 +7556,10 @@ CONFIG_LEDS_BRIGHTNESS_HW_CHANGED=y
# LED drivers
#
CONFIG_LEDS_APU=m
-CONFIG_LEDS_AS3645A=m
CONFIG_LEDS_LM3530=m
CONFIG_LEDS_LM3532=m
CONFIG_LEDS_LM3533=m
CONFIG_LEDS_LM3642=m
-CONFIG_LEDS_LM3601X=m
CONFIG_LEDS_MT6323=m
CONFIG_LEDS_PCA9532=m
# CONFIG_LEDS_PCA9532_GPIO is not set
@@ -7549,12 +7594,14 @@ CONFIG_LEDS_NIC78BX=m
CONFIG_LEDS_TI_LMU_COMMON=m
CONFIG_LEDS_LM36274=m
CONFIG_LEDS_TPS6105X=m
-CONFIG_LEDS_SGM3140=m
#
# Flash and Torch LED drivers
#
+CONFIG_LEDS_AS3645A=m
+CONFIG_LEDS_LM3601X=m
# CONFIG_LEDS_RT8515 is not set
+CONFIG_LEDS_SGM3140=m
#
# LED Triggers
@@ -7796,8 +7843,10 @@ CONFIG_DMA_ACPI=y
CONFIG_ALTERA_MSGDMA=m
CONFIG_INTEL_IDMA64=m
# CONFIG_INTEL_IDXD is not set
+# CONFIG_INTEL_IDXD_COMPAT is not set
CONFIG_INTEL_IOATDMA=m
CONFIG_PLX_DMA=m
+# CONFIG_AMD_PTDMA is not set
# CONFIG_QCOM_HIDMA_MGMT is not set
# CONFIG_QCOM_HIDMA is not set
CONFIG_DW_DMAC_CORE=m
@@ -7826,6 +7875,7 @@ CONFIG_UDMABUF=y
# CONFIG_DMABUF_DEBUG is not set
# CONFIG_DMABUF_SELFTESTS is not set
CONFIG_DMABUF_HEAPS=y
+# CONFIG_DMABUF_SYSFS_STATS is not set
CONFIG_DMABUF_HEAPS_SYSTEM=y
CONFIG_DMABUF_HEAPS_CMA=y
# end of DMABUF options
@@ -7855,14 +7905,15 @@ CONFIG_UIO_NETX=m
CONFIG_UIO_PRUSS=m
CONFIG_UIO_MF624=m
CONFIG_UIO_HV_GENERIC=m
+CONFIG_VFIO=m
CONFIG_VFIO_IOMMU_TYPE1=m
CONFIG_VFIO_VIRQFD=m
-CONFIG_VFIO=m
# CONFIG_VFIO_NOIOMMU is not set
-CONFIG_VFIO_PCI=m
-CONFIG_VFIO_PCI_VGA=y
+CONFIG_VFIO_PCI_CORE=m
CONFIG_VFIO_PCI_MMAP=y
CONFIG_VFIO_PCI_INTX=y
+CONFIG_VFIO_PCI=m
+CONFIG_VFIO_PCI_VGA=y
CONFIG_VFIO_PCI_IGD=y
CONFIG_VFIO_MDEV=m
CONFIG_IRQ_BYPASS_MANAGER=m
@@ -7888,6 +7939,7 @@ CONFIG_VDPA=m
CONFIG_VDPA_SIM=m
# CONFIG_VDPA_SIM_NET is not set
# CONFIG_VDPA_SIM_BLOCK is not set
+CONFIG_VDPA_USER=m
CONFIG_IFCVF=m
CONFIG_MLX5_VDPA=y
CONFIG_MLX5_VDPA_NET=m
@@ -8071,8 +8123,6 @@ CONFIG_X86_PLATFORM_DEVICES=y
CONFIG_ACPI_WMI=m
CONFIG_WMI_BMOF=m
CONFIG_HUAWEI_WMI=m
-CONFIG_INTEL_WMI_SBL_FW_UPDATE=m
-CONFIG_INTEL_WMI_THUNDERBOLT=m
CONFIG_MXM_WMI=m
CONFIG_PEAQ_WMI=m
CONFIG_XIAOMI_WMI=m
@@ -8087,6 +8137,7 @@ CONFIG_ASUS_LAPTOP=m
CONFIG_ASUS_WIRELESS=m
CONFIG_ASUS_WMI=m
CONFIG_ASUS_NB_WMI=m
+# CONFIG_MERAKI_MX100 is not set
CONFIG_EEEPC_LAPTOP=m
CONFIG_EEEPC_WMI=m
CONFIG_X86_PLATFORM_DRIVERS_DELL=y
@@ -8124,14 +8175,38 @@ CONFIG_THINKPAD_ACPI_VIDEO=y
CONFIG_THINKPAD_ACPI_HOTKEY_POLL=y
CONFIG_THINKPAD_LMI=m
CONFIG_X86_PLATFORM_DRIVERS_INTEL=y
+CONFIG_INTEL_ATOMISP2_PDX86=y
+CONFIG_INTEL_ATOMISP2_LED=m
+# CONFIG_INTEL_SAR_INT1092 is not set
CONFIG_INTEL_CHT_INT33FE=m
CONFIG_INTEL_SKL_INT3472=m
-CONFIG_INTEL_ATOMISP2_LED=m
+CONFIG_INTEL_PMC_CORE=y
+CONFIG_INTEL_PMT_CLASS=m
+CONFIG_INTEL_PMT_TELEMETRY=m
+CONFIG_INTEL_PMT_CRASHLOG=m
+
+#
+# Intel Speed Select Technology interface support
+#
+CONFIG_INTEL_SPEED_SELECT_INTERFACE=m
+# end of Intel Speed Select Technology interface support
+
+# CONFIG_INTEL_TELEMETRY is not set
+CONFIG_INTEL_WMI=y
+CONFIG_INTEL_WMI_SBL_FW_UPDATE=m
+CONFIG_INTEL_WMI_THUNDERBOLT=m
CONFIG_INTEL_HID_EVENT=m
+CONFIG_INTEL_VBTN=m
CONFIG_INTEL_INT0002_VGPIO=m
-CONFIG_INTEL_MENLOW=m
CONFIG_INTEL_OAKTRAIL=m
-CONFIG_INTEL_VBTN=m
+CONFIG_INTEL_BXTWC_PMIC_TMU=m
+CONFIG_INTEL_CHTDC_TI_PWRBTN=m
+CONFIG_INTEL_MRFLD_PWRBTN=m
+CONFIG_INTEL_PUNIT_IPC=m
+CONFIG_INTEL_RST=m
+CONFIG_INTEL_SMARTCONNECT=m
+CONFIG_INTEL_TURBO_MAX_3=y
+CONFIG_INTEL_UNCORE_FREQ_CONTROL=m
CONFIG_MSI_LAPTOP=m
CONFIG_MSI_WMI=m
CONFIG_PCENGINES_APU2=m
@@ -8153,31 +8228,11 @@ CONFIG_I2C_MULTI_INSTANTIATE=m
CONFIG_MLX_PLATFORM=m
CONFIG_FW_ATTR_CLASS=m
CONFIG_INTEL_IPS=m
-CONFIG_INTEL_RST=m
-CONFIG_INTEL_SMARTCONNECT=m
-
-#
-# Intel Speed Select Technology interface support
-#
-CONFIG_INTEL_SPEED_SELECT_INTERFACE=m
-# end of Intel Speed Select Technology interface support
-
-CONFIG_INTEL_TURBO_MAX_3=y
-CONFIG_INTEL_UNCORE_FREQ_CONTROL=m
-CONFIG_INTEL_BXTWC_PMIC_TMU=m
-CONFIG_INTEL_CHTDC_TI_PWRBTN=m
-CONFIG_INTEL_MRFLD_PWRBTN=m
-CONFIG_INTEL_PMC_CORE=y
-CONFIG_INTEL_PMT_CLASS=m
-CONFIG_INTEL_PMT_TELEMETRY=m
-CONFIG_INTEL_PMT_CRASHLOG=m
-CONFIG_INTEL_PUNIT_IPC=m
CONFIG_INTEL_SCU_IPC=y
CONFIG_INTEL_SCU=y
CONFIG_INTEL_SCU_PCI=y
CONFIG_INTEL_SCU_PLATFORM=m
CONFIG_INTEL_SCU_IPC_UTIL=m
-# CONFIG_INTEL_TELEMETRY is not set
CONFIG_PMC_ATOM=y
CONFIG_CHROME_PLATFORMS=y
CONFIG_CHROMEOS_LAPTOP=m
@@ -8264,6 +8319,8 @@ CONFIG_IOMMU_IO_PGTABLE=y
# end of Generic IOMMU Pagetable Support
# CONFIG_IOMMU_DEBUGFS is not set
+# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set
+CONFIG_IOMMU_DEFAULT_DMA_LAZY=y
# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set
CONFIG_IOMMU_DMA=y
CONFIG_IOMMU_SVA_LIB=y
@@ -8533,6 +8590,7 @@ CONFIG_SCD30_CORE=m
CONFIG_SCD30_I2C=m
CONFIG_SCD30_SERIAL=m
# CONFIG_SENSIRION_SGP30 is not set
+# CONFIG_SENSIRION_SGP40 is not set
# CONFIG_SPS30_I2C is not set
# CONFIG_SPS30_SERIAL is not set
# CONFIG_VZ89X is not set
@@ -8814,6 +8872,7 @@ CONFIG_HID_SENSOR_CUSTOM_INTEL_HINGE=m
#
# Digital potentiometers
#
+# CONFIG_AD5110 is not set
CONFIG_AD5272=m
# CONFIG_DS1803 is not set
# CONFIG_MAX5432 is not set
@@ -9106,10 +9165,11 @@ CONFIG_F2FS_FS_SECURITY=y
# CONFIG_F2FS_FAULT_INJECTION is not set
CONFIG_F2FS_FS_COMPRESSION=y
CONFIG_F2FS_FS_LZO=y
+CONFIG_F2FS_FS_LZORLE=y
CONFIG_F2FS_FS_LZ4=y
CONFIG_F2FS_FS_LZ4HC=y
CONFIG_F2FS_FS_ZSTD=y
-CONFIG_F2FS_FS_LZORLE=y
+CONFIG_F2FS_IOSTAT=y
# CONFIG_ZONEFS_FS is not set
CONFIG_FS_DAX=y
CONFIG_FS_DAX_PMD=y
@@ -9117,7 +9177,6 @@ CONFIG_FS_POSIX_ACL=y
CONFIG_EXPORTFS=y
CONFIG_EXPORTFS_BLOCK_OPS=y
CONFIG_FILE_LOCKING=y
-# CONFIG_MANDATORY_FILE_LOCKING is not set
CONFIG_FS_ENCRYPTION=y
CONFIG_FS_ENCRYPTION_ALGS=m
CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y
@@ -9155,12 +9214,9 @@ CONFIG_NETFS_SUPPORT=m
CONFIG_NETFS_STATS=y
CONFIG_FSCACHE=m
# CONFIG_FSCACHE_STATS is not set
-# CONFIG_FSCACHE_HISTOGRAM is not set
# CONFIG_FSCACHE_DEBUG is not set
-# CONFIG_FSCACHE_OBJECT_LIST is not set
CONFIG_CACHEFILES=m
# CONFIG_CACHEFILES_DEBUG is not set
-# CONFIG_CACHEFILES_HISTOGRAM is not set
# end of Caches
#
@@ -9186,6 +9242,10 @@ CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8"
CONFIG_NTFS_FS=m
# CONFIG_NTFS_DEBUG is not set
CONFIG_NTFS_RW=y
+CONFIG_NTFS3_FS=m
+# CONFIG_NTFS3_64BIT_CLUSTER is not set
+CONFIG_NTFS3_LZX_XPRESS=y
+CONFIG_NTFS3_FS_POSIX_ACL=y
# end of DOS/FAT/EXFAT/NT Filesystems
#
@@ -9349,7 +9409,6 @@ CONFIG_CEPH_FS_POSIX_ACL=y
CONFIG_CIFS=m
# CONFIG_CIFS_STATS2 is not set
CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y
-CONFIG_CIFS_WEAK_PW_HASH=y
CONFIG_CIFS_UPCALL=y
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
@@ -9358,6 +9417,8 @@ CONFIG_CIFS_DFS_UPCALL=y
CONFIG_CIFS_SWN_UPCALL=y
# CONFIG_CIFS_SMB_DIRECT is not set
CONFIG_CIFS_FSCACHE=y
+# CONFIG_SMB_SERVER is not set
+CONFIG_SMBFS_COMMON=m
CONFIG_CODA_FS=m
CONFIG_AFS_FS=m
# CONFIG_AFS_DEBUG is not set
@@ -9478,6 +9539,8 @@ CONFIG_INIT_STACK_NONE=y
# CONFIG_GCC_PLUGIN_STACKLEAK is not set
# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
+CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y
+# CONFIG_ZERO_CALL_USED_REGS is not set
# end of Memory initialization
# end of Kernel hardening options
# end of Security options
@@ -9638,6 +9701,8 @@ CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
CONFIG_CRYPTO_SM4=m
+CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64=m
+CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64=m
CONFIG_CRYPTO_TEA=y
CONFIG_CRYPTO_TWOFISH=y
CONFIG_CRYPTO_TWOFISH_COMMON=y
@@ -9696,6 +9761,7 @@ CONFIG_CRYPTO_LIB_POLY1305_GENERIC=m
CONFIG_CRYPTO_LIB_POLY1305=m
CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m
CONFIG_CRYPTO_LIB_SHA256=y
+CONFIG_CRYPTO_LIB_SM4=m
CONFIG_CRYPTO_HW=y
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
@@ -10019,6 +10085,7 @@ CONFIG_SCHED_INFO=y
# end of Scheduler Debugging
# CONFIG_DEBUG_TIMEKEEPING is not set
+CONFIG_DEBUG_PREEMPT=y
#
# Lock Debugging (spinlocks, mutexes, etc...)
@@ -10069,7 +10136,6 @@ CONFIG_RCU_CPU_STALL_TIMEOUT=60
# end of RCU Debugging
# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set
-# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set
# CONFIG_LATENCYTOP is not set
CONFIG_USER_STACKTRACE_SUPPORT=y
@@ -10103,6 +10169,7 @@ CONFIG_DYNAMIC_FTRACE_WITH_ARGS=y
# CONFIG_FUNCTION_PROFILER is not set
# CONFIG_STACK_TRACER is not set
# CONFIG_IRQSOFF_TRACER is not set
+# CONFIG_PREEMPT_TRACER is not set
# CONFIG_SCHED_TRACER is not set
# CONFIG_HWLAT_TRACER is not set
# CONFIG_OSNOISE_TRACER is not set
@@ -10140,7 +10207,6 @@ CONFIG_STRICT_DEVMEM=y
#
# x86 Debugging
#
-CONFIG_TRACE_IRQFLAGS_SUPPORT=y
CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y
CONFIG_EARLY_PRINTK_USB=y
CONFIG_X86_VERBOSE_BOOTUP=y
@@ -10179,7 +10245,6 @@ CONFIG_CC_HAS_SANCOV_TRACE_PC=y
CONFIG_RUNTIME_TESTING_MENU=y
# CONFIG_LKDTM is not set
# CONFIG_TEST_MIN_HEAP is not set
-# CONFIG_TEST_SORT is not set
# CONFIG_TEST_DIV64 is not set
# CONFIG_BACKTRACE_SELF_TEST is not set
# CONFIG_RBTREE_TEST is not set
diff --git a/system/xen/dom0/kernel-xen.sh b/system/xen/dom0/kernel-xen.sh
index b72d2e74b5514..9ef9d3d4663f2 100644
--- a/system/xen/dom0/kernel-xen.sh
+++ b/system/xen/dom0/kernel-xen.sh
@@ -5,7 +5,7 @@
# Written by Chris Abela <chris.abela@maltats.com>, 20100515
# Modified by Mario Preksavec <mario@slackware.hr>
-KERNEL=${KERNEL:-5.14.12}
+KERNEL=${KERNEL:-5.15.4}
XEN=${XEN:-4.15.1}
ROOTMOD=${ROOTMOD:-ext4}
diff --git a/system/xen/domU/domU.sh b/system/xen/domU/domU.sh
index 2abcf652f7017..16fed9d61f2e9 100644
--- a/system/xen/domU/domU.sh
+++ b/system/xen/domU/domU.sh
@@ -7,7 +7,7 @@
set -e
-KERNEL=${KERNEL:-5.14.12}
+KERNEL=${KERNEL:-5.15.4}
# Build an image for the root file system and another for the swap
# Default values : 8GB and 500MB resepectively.
diff --git a/system/xen/xsa/xsa385-4.15.patch b/system/xen/xsa/xsa385-4.15.patch
new file mode 100644
index 0000000000000..69b97049b5f45
--- /dev/null
+++ b/system/xen/xsa/xsa385-4.15.patch
@@ -0,0 +1,96 @@
+From: Julien Grall <jgrall@amazon.com>
+Subject: xen/page_alloc: Harden assign_pages()
+
+domain_tot_pages() and d->max_pages are 32-bit values. While the order
+should always be quite small, it would still be possible to overflow
+if domain_tot_pages() is near to (2^32 - 1).
+
+As this code may be called by a guest via XENMEM_increase_reservation
+and XENMEM_populate_physmap, we want to make sure the guest is not going
+to be able to allocate more than it is allowed.
+
+Rework the allocation check to avoid any possible overflow. While the
+check domain_tot_pages() < d->max_pages should technically not be
+necessary, it is probably best to have it to catch any possible
+inconsistencies in the future.
+
+This is CVE-2021-28706 / XSA-385.
+
+Signed-off-by: Julien Grall <jgrall@amazon.com>
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/common/grant_table.c
++++ b/xen/common/grant_table.c
+@@ -2336,7 +2336,8 @@ gnttab_transfer(
+ * pages when it is dying.
+ */
+ if ( unlikely(e->is_dying) ||
+- unlikely(domain_tot_pages(e) >= e->max_pages) )
++ unlikely(domain_tot_pages(e) >= e->max_pages) ||
++ unlikely(!(e->tot_pages + 1)) )
+ {
+ spin_unlock(&e->page_alloc_lock);
+
+@@ -2345,8 +2346,8 @@ gnttab_transfer(
+ e->domain_id);
+ else
+ gdprintk(XENLOG_INFO,
+- "Transferee d%d has no headroom (tot %u, max %u)\n",
+- e->domain_id, domain_tot_pages(e), e->max_pages);
++ "Transferee %pd has no headroom (tot %u, max %u, ex %u)\n",
++ e, domain_tot_pages(e), e->max_pages, e->extra_pages);
+
+ gop.status = GNTST_general_error;
+ goto unlock_and_copyback;
+--- a/xen/common/page_alloc.c
++++ b/xen/common/page_alloc.c
+@@ -2298,20 +2298,43 @@ int assign_pages(
+ }
+ else if ( !(memflags & MEMF_no_refcount) )
+ {
+- unsigned int tot_pages = domain_tot_pages(d) + (1 << order);
++ unsigned int tot_pages = domain_tot_pages(d), nr = 1u << order;
+
+ if ( unlikely(tot_pages > d->max_pages) )
+ {
+- gprintk(XENLOG_INFO, "Over-allocation for domain %u: "
+- "%u > %u\n", d->domain_id, tot_pages, d->max_pages);
++ gprintk(XENLOG_INFO, "Inconsistent allocation for %pd: %u > %u\n",
++ d, tot_pages, d->max_pages);
++ rc = -EPERM;
++ goto out;
++ }
++
++ if ( unlikely(nr > d->max_pages - tot_pages) )
++ {
++ gprintk(XENLOG_INFO, "Over-allocation for %pd: %Lu > %u\n",
++ d, tot_pages + 0ull + nr, d->max_pages);
+ rc = -E2BIG;
+ goto out;
+ }
+ }
+
+- if ( !(memflags & MEMF_no_refcount) &&
+- unlikely(domain_adjust_tot_pages(d, 1 << order) == (1 << order)) )
+- get_knownalive_domain(d);
++ if ( !(memflags & MEMF_no_refcount) )
++ {
++ unsigned int nr = 1u << order;
++
++ if ( unlikely(d->tot_pages + nr < nr) )
++ {
++ gprintk(XENLOG_INFO,
++ "Excess allocation for %pd: %Lu (%u extra)\n",
++ d, d->tot_pages + 0ull + nr, d->extra_pages);
++ if ( pg[0].count_info & PGC_extra )
++ d->extra_pages -= nr;
++ rc = -E2BIG;
++ goto out;
++ }
++
++ if ( unlikely(domain_adjust_tot_pages(d, nr) == nr) )
++ get_knownalive_domain(d);
++ }
+
+ for ( i = 0; i < (1 << order); i++ )
+ {
diff --git a/system/xen/xsa/xsa388-4.15-1.patch b/system/xen/xsa/xsa388-4.15-1.patch
new file mode 100644
index 0000000000000..b4d900336b485
--- /dev/null
+++ b/system/xen/xsa/xsa388-4.15-1.patch
@@ -0,0 +1,174 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/PoD: deal with misaligned GFNs
+
+Users of XENMEM_decrease_reservation and XENMEM_populate_physmap aren't
+required to pass in order-aligned GFN values. (While I consider this
+bogus, I don't think we can fix this there, as that might break existing
+code, e.g Linux'es swiotlb, which - while affecting PV only - until
+recently had been enforcing only page alignment on the original
+allocation.) Only non-PoD code paths (guest_physmap_{add,remove}_page(),
+p2m_set_entry()) look to be dealing with this properly (in part by being
+implemented inefficiently, handling every 4k page separately).
+
+Introduce wrappers taking care of splitting the incoming request into
+aligned chunks, without putting much effort in trying to determine the
+largest possible chunk at every iteration.
+
+Also "handle" p2m_set_entry() failure for non-order-0 requests by
+crashing the domain in one more place. Alongside putting a log message
+there, also add one to the other similar path.
+
+Note regarding locking: This is left in the actual worker functions on
+the assumption that callers aren't guaranteed atomicity wrt acting on
+multiple pages at a time. For mis-aligned GFNs gfn_lock() wouldn't have
+locked the correct GFN range anyway, if it didn't simply resolve to
+p2m_lock(), and for well-behaved callers there continues to be only a
+single iteration, i.e. behavior is unchanged for them. (FTAOD pulling
+out just pod_lock() into p2m_pod_decrease_reservation() would result in
+a lock order violation.)
+
+This is CVE-2021-28704 and CVE-2021-28707 / part of XSA-388.
+
+Fixes: 3c352011c0d3 ("x86/PoD: shorten certain operations on higher order ranges")
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
+
+--- a/xen/arch/x86/mm/p2m-pod.c
++++ b/xen/arch/x86/mm/p2m-pod.c
+@@ -496,7 +496,7 @@ p2m_pod_zero_check_superpage(struct p2m_
+
+
+ /*
+- * This function is needed for two reasons:
++ * This pair of functions is needed for two reasons:
+ * + To properly handle clearing of PoD entries
+ * + To "steal back" memory being freed for the PoD cache, rather than
+ * releasing it.
+@@ -504,8 +504,8 @@ p2m_pod_zero_check_superpage(struct p2m_
+ * Once both of these functions have been completed, we can return and
+ * allow decrease_reservation() to handle everything else.
+ */
+-unsigned long
+-p2m_pod_decrease_reservation(struct domain *d, gfn_t gfn, unsigned int order)
++static unsigned long
++decrease_reservation(struct domain *d, gfn_t gfn, unsigned int order)
+ {
+ unsigned long ret = 0, i, n;
+ struct p2m_domain *p2m = p2m_get_hostp2m(d);
+@@ -552,8 +552,10 @@ p2m_pod_decrease_reservation(struct doma
+ * All PoD: Mark the whole region invalid and tell caller
+ * we're done.
+ */
+- if ( p2m_set_entry(p2m, gfn, INVALID_MFN, order, p2m_invalid,
+- p2m->default_access) )
++ int rc = p2m_set_entry(p2m, gfn, INVALID_MFN, order, p2m_invalid,
++ p2m->default_access);
++
++ if ( rc )
+ {
+ /*
+ * If this fails, we can't tell how much of the range was changed.
+@@ -561,7 +563,12 @@ p2m_pod_decrease_reservation(struct doma
+ * impossible.
+ */
+ if ( order != 0 )
++ {
++ printk(XENLOG_G_ERR
++ "%pd: marking GFN %#lx (order %u) as non-PoD failed: %d\n",
++ d, gfn_x(gfn), order, rc);
+ domain_crash(d);
++ }
+ goto out_unlock;
+ }
+ ret = 1UL << order;
+@@ -670,6 +677,22 @@ out_unlock:
+ return ret;
+ }
+
++unsigned long
++p2m_pod_decrease_reservation(struct domain *d, gfn_t gfn, unsigned int order)
++{
++ unsigned long left = 1UL << order, ret = 0;
++ unsigned int chunk_order = find_first_set_bit(gfn_x(gfn) | left);
++
++ do {
++ ret += decrease_reservation(d, gfn, chunk_order);
++
++ left -= 1UL << chunk_order;
++ gfn = gfn_add(gfn, 1UL << chunk_order);
++ } while ( left );
++
++ return ret;
++}
++
+ void p2m_pod_dump_data(struct domain *d)
+ {
+ struct p2m_domain *p2m = p2m_get_hostp2m(d);
+@@ -1273,19 +1296,15 @@ remap_and_retry:
+ return true;
+ }
+
+-
+-int
+-guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l,
+- unsigned int order)
++static int
++mark_populate_on_demand(struct domain *d, unsigned long gfn_l,
++ unsigned int order)
+ {
+ struct p2m_domain *p2m = p2m_get_hostp2m(d);
+ gfn_t gfn = _gfn(gfn_l);
+ unsigned long i, n, pod_count = 0;
+ int rc = 0;
+
+- if ( !paging_mode_translate(d) )
+- return -EINVAL;
+-
+ gfn_lock(p2m, gfn, order);
+
+ P2M_DEBUG("mark pod gfn=%#lx\n", gfn_l);
+@@ -1325,12 +1344,44 @@ guest_physmap_mark_populate_on_demand(st
+
+ ioreq_request_mapcache_invalidate(d);
+ }
++ else if ( order )
++ {
++ /*
++ * If this failed, we can't tell how much of the range was changed.
++ * Best to crash the domain.
++ */
++ printk(XENLOG_G_ERR
++ "%pd: marking GFN %#lx (order %u) as PoD failed: %d\n",
++ d, gfn_l, order, rc);
++ domain_crash(d);
++ }
+
+ out:
+ gfn_unlock(p2m, gfn, order);
+
+ return rc;
+ }
++
++int
++guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn,
++ unsigned int order)
++{
++ unsigned long left = 1UL << order;
++ unsigned int chunk_order = find_first_set_bit(gfn | left);
++ int rc;
++
++ if ( !paging_mode_translate(d) )
++ return -EINVAL;
++
++ do {
++ rc = mark_populate_on_demand(d, gfn, chunk_order);
++
++ left -= 1UL << chunk_order;
++ gfn += 1UL << chunk_order;
++ } while ( !rc && left );
++
++ return rc;
++}
+
+ void p2m_pod_init(struct p2m_domain *p2m)
+ {
diff --git a/system/xen/xsa/xsa388-4.15-2.patch b/system/xen/xsa/xsa388-4.15-2.patch
new file mode 100644
index 0000000000000..ccccb20263b22
--- /dev/null
+++ b/system/xen/xsa/xsa388-4.15-2.patch
@@ -0,0 +1,36 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/PoD: handle intermediate page orders in p2m_pod_cache_add()
+
+p2m_pod_decrease_reservation() may pass pages to the function which
+aren't 4k, 2M, or 1G. Handle all intermediate orders as well, to avoid
+hitting the BUG() at the switch() statement's "default" case.
+
+This is CVE-2021-28708 / part of XSA-388.
+
+Fixes: 3c352011c0d3 ("x86/PoD: shorten certain operations on higher order ranges")
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
+
+--- a/xen/arch/x86/mm/p2m-pod.c
++++ b/xen/arch/x86/mm/p2m-pod.c
+@@ -112,15 +112,13 @@ p2m_pod_cache_add(struct p2m_domain *p2m
+ /* Then add to the appropriate populate-on-demand list. */
+ switch ( order )
+ {
+- case PAGE_ORDER_1G:
+- for ( i = 0; i < (1UL << PAGE_ORDER_1G); i += 1UL << PAGE_ORDER_2M )
++ case PAGE_ORDER_2M ... PAGE_ORDER_1G:
++ for ( i = 0; i < (1UL << order); i += 1UL << PAGE_ORDER_2M )
+ page_list_add_tail(page + i, &p2m->pod.super);
+ break;
+- case PAGE_ORDER_2M:
+- page_list_add_tail(page, &p2m->pod.super);
+- break;
+- case PAGE_ORDER_4K:
+- page_list_add_tail(page, &p2m->pod.single);
++ case PAGE_ORDER_4K ... PAGE_ORDER_2M - 1:
++ for ( i = 0; i < (1UL << order); i += 1UL << PAGE_ORDER_4K )
++ page_list_add_tail(page + i, &p2m->pod.single);
+ break;
+ default:
+ BUG();
diff --git a/system/xen/xsa/xsa389-4.15.patch b/system/xen/xsa/xsa389-4.15.patch
new file mode 100644
index 0000000000000..402a38e2d4ebb
--- /dev/null
+++ b/system/xen/xsa/xsa389-4.15.patch
@@ -0,0 +1,182 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/P2M: deal with partial success of p2m_set_entry()
+
+M2P and PoD stats need to remain in sync with P2M; if an update succeeds
+only partially, respective adjustments need to be made. If updates get
+made before the call, they may also need undoing upon complete failure
+(i.e. including the single-page case).
+
+Log-dirty state would better also be kept in sync.
+
+Note that the change to set_typed_p2m_entry() may not be strictly
+necessary (due to the order restriction enforced near the top of the
+function), but is being kept here to be on the safe side.
+
+This is CVE-2021-28705 and CVE-2021-28709 / XSA-389.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
+
+--- a/xen/arch/x86/mm/p2m.c
++++ b/xen/arch/x86/mm/p2m.c
+@@ -784,6 +784,7 @@ p2m_remove_page(struct p2m_domain *p2m,
+ unsigned long i;
+ p2m_type_t t;
+ p2m_access_t a;
++ int rc;
+
+ /* IOMMU for PV guests is handled in get_page_type() and put_page(). */
+ if ( !paging_mode_translate(p2m->domain) )
+@@ -819,8 +820,27 @@ p2m_remove_page(struct p2m_domain *p2m,
+
+ ioreq_request_mapcache_invalidate(p2m->domain);
+
+- return p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, p2m_invalid,
+- p2m->default_access);
++ rc = p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, p2m_invalid,
++ p2m->default_access);
++ if ( likely(!rc) || !mfn_valid(mfn) )
++ return rc;
++
++ /*
++ * The operation may have partially succeeded. For the failed part we need
++ * to undo the M2P update and, out of precaution, mark the pages dirty
++ * again.
++ */
++ for ( i = 0; i < (1UL << page_order); ++i )
++ {
++ p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL);
++ if ( !p2m_is_hole(t) && !p2m_is_special(t) && !p2m_is_shared(t) )
++ {
++ set_gpfn_from_mfn(mfn_x(mfn) + i, gfn_x(gfn) + i);
++ paging_mark_pfn_dirty(p2m->domain, _pfn(gfn_x(gfn) + i));
++ }
++ }
++
++ return rc;
+ }
+
+ int
+@@ -1009,13 +1029,8 @@ guest_physmap_add_entry(struct domain *d
+
+ /* Now, actually do the two-way mapping */
+ rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, p2m->default_access);
+- if ( rc == 0 )
++ if ( likely(!rc) )
+ {
+- pod_lock(p2m);
+- p2m->pod.entry_count -= pod_count;
+- BUG_ON(p2m->pod.entry_count < 0);
+- pod_unlock(p2m);
+-
+ if ( !p2m_is_grant(t) )
+ {
+ for ( i = 0; i < (1UL << page_order); i++ )
+@@ -1023,6 +1038,42 @@ guest_physmap_add_entry(struct domain *d
+ gfn_x(gfn_add(gfn, i)));
+ }
+ }
++ else
++ {
++ /*
++ * The operation may have partially succeeded. For the successful part
++ * we need to update M2P and dirty state, while for the failed part we
++ * may need to adjust PoD stats as well as undo the earlier M2P update.
++ */
++ for ( i = 0; i < (1UL << page_order); ++i )
++ {
++ omfn = p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, NULL, NULL);
++ if ( p2m_is_pod(ot) )
++ {
++ BUG_ON(!pod_count);
++ --pod_count;
++ }
++ else if ( mfn_eq(omfn, mfn_add(mfn, i)) && ot == t &&
++ a == p2m->default_access && !p2m_is_grant(t) )
++ {
++ set_gpfn_from_mfn(mfn_x(omfn), gfn_x(gfn) + i);
++ paging_mark_pfn_dirty(d, _pfn(gfn_x(gfn) + i));
++ }
++ else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) )
++ {
++ ASSERT(mfn_valid(omfn));
++ set_gpfn_from_mfn(mfn_x(omfn), gfn_x(gfn) + i);
++ }
++ }
++ }
++
++ if ( pod_count )
++ {
++ pod_lock(p2m);
++ p2m->pod.entry_count -= pod_count;
++ BUG_ON(p2m->pod.entry_count < 0);
++ pod_unlock(p2m);
++ }
+
+ out:
+ p2m_unlock(p2m);
+@@ -1314,6 +1365,51 @@ static int set_typed_p2m_entry(struct do
+ return 0;
+ }
+ }
++
++ P2M_DEBUG("set %d %lx %lx\n", gfn_p2mt, gfn_l, mfn_x(mfn));
++ rc = p2m_set_entry(p2m, gfn, mfn, order, gfn_p2mt, access);
++ if ( unlikely(rc) )
++ {
++ gdprintk(XENLOG_ERR, "p2m_set_entry: %#lx:%u -> %d (0x%"PRI_mfn")\n",
++ gfn_l, order, rc, mfn_x(mfn));
++
++ /*
++ * The operation may have partially succeeded. For the successful part
++ * we need to update PoD stats, M2P, and dirty state.
++ */
++ if ( order != PAGE_ORDER_4K )
++ {
++ unsigned long i;
++
++ for ( i = 0; i < (1UL << order); ++i )
++ {
++ p2m_type_t t;
++ mfn_t cmfn = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0,
++ NULL, NULL);
++
++ if ( !mfn_eq(cmfn, mfn_add(mfn, i)) || t != gfn_p2mt ||
++ a != access )
++ continue;
++
++ if ( p2m_is_ram(ot) )
++ {
++ ASSERT(mfn_valid(mfn_add(omfn, i)));
++ set_gpfn_from_mfn(mfn_x(omfn) + i, INVALID_M2P_ENTRY);
++
++ ioreq_request_mapcache_invalidate(d);
++ }
++#ifdef CONFIG_HVM
++ else if ( p2m_is_pod(ot) )
++ {
++ pod_lock(p2m);
++ BUG_ON(!p2m->pod.entry_count);
++ --p2m->pod.entry_count;
++ pod_unlock(p2m);
++ }
++#endif
++ }
++ }
++ }
+ else if ( p2m_is_ram(ot) )
+ {
+ unsigned long i;
+@@ -1326,12 +1422,6 @@ static int set_typed_p2m_entry(struct do
+
+ ioreq_request_mapcache_invalidate(d);
+ }
+-
+- P2M_DEBUG("set %d %lx %lx\n", gfn_p2mt, gfn_l, mfn_x(mfn));
+- rc = p2m_set_entry(p2m, gfn, mfn, order, gfn_p2mt, access);
+- if ( rc )
+- gdprintk(XENLOG_ERR, "p2m_set_entry: %#lx:%u -> %d (0x%"PRI_mfn")\n",
+- gfn_l, order, rc, mfn_x(mfn));
+ #ifdef CONFIG_HVM
+ else if ( p2m_is_pod(ot) )
+ {
diff --git a/system/xen/xsa/xsa390.patch b/system/xen/xsa/xsa390.patch
new file mode 100644
index 0000000000000..3c008a9bc2589
--- /dev/null
+++ b/system/xen/xsa/xsa390.patch
@@ -0,0 +1,46 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: VT-d: fix reduced page table levels support when sharing tables
+
+domain_pgd_maddr() contains logic to adjust the root address to be put
+in the context entry in case 4-level page tables aren't supported by an
+IOMMU. This logic may not be bypassed when sharing page tables.
+
+This is CVE-2021-28710 / XSA-390.
+
+Fixes: 25ccd093425c ("iommu: remove the share_p2m operation")
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Kevin Tian <kevin.tian@intel.com>
+
+--- a/xen/drivers/passthrough/vtd/iommu.c
++++ b/xen/drivers/passthrough/vtd/iommu.c
+@@ -340,19 +340,21 @@ static uint64_t domain_pgd_maddr(struct
+ {
+ pagetable_t pgt = p2m_get_pagetable(p2m_get_hostp2m(d));
+
+- return pagetable_get_paddr(pgt);
++ pgd_maddr = pagetable_get_paddr(pgt);
+ }
+-
+- if ( !hd->arch.vtd.pgd_maddr )
++ else
+ {
+- /* Ensure we have pagetables allocated down to leaf PTE. */
+- addr_to_dma_page_maddr(d, 0, 1);
+-
+ if ( !hd->arch.vtd.pgd_maddr )
+- return 0;
+- }
++ {
++ /* Ensure we have pagetables allocated down to leaf PTE. */
++ addr_to_dma_page_maddr(d, 0, 1);
+
+- pgd_maddr = hd->arch.vtd.pgd_maddr;
++ if ( !hd->arch.vtd.pgd_maddr )
++ return 0;
++ }
++
++ pgd_maddr = hd->arch.vtd.pgd_maddr;
++ }
+
+ /* Skip top levels of page tables for 2- and 3-level DRHDs. */
+ for ( agaw = level_to_agaw(4);
generated by cgit v1.2.3 (git 2.26.2) at 2024-12-20 05:05:40 +0000