diff options
Diffstat (limited to 'system')
28 files changed, 518 insertions, 2244 deletions
diff --git a/system/xen/dom0/README.dom0 b/system/xen/dom0/README.dom0 index d5a40ce67a661..2114164f38a4d 100644 --- a/system/xen/dom0/README.dom0 +++ b/system/xen/dom0/README.dom0 @@ -46,7 +46,7 @@ Xen EFI binary. To make things a bit easier, a copy of Xen EFI binary can be found here: - http://slackware.hr/~mario/xen/xen-4.9.1.efi.gz + http://slackware.hr/~mario/xen/xen-4.10.0.efi.gz If an automatic boot to Xen kernel is desired, the binary should be renamed and copied to the following location: /boot/efi/EFI/BOOT/bootx64.efi diff --git a/system/xen/dom0/config-4.4.75-xen.i686 b/system/xen/dom0/config-4.4.118-xen.i686 index ab22d64f08e07..2ba089e19fefb 100644 --- a/system/xen/dom0/config-4.4.75-xen.i686 +++ b/system/xen/dom0/config-4.4.118-xen.i686 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.4.88 Kernel Configuration +# Linux/x86 4.4.118 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -368,6 +368,7 @@ CONFIG_SMP=y CONFIG_X86_FEATURE_NAMES=y CONFIG_X86_MPPARSE=y CONFIG_X86_BIGSMP=y +CONFIG_RETPOLINE=y # CONFIG_X86_EXTENDED_PLATFORM is not set CONFIG_X86_INTEL_LPSS=y CONFIG_X86_AMD_PLATFORM_DEVICE=y @@ -1241,6 +1242,12 @@ CONFIG_BRIDGE=m CONFIG_BRIDGE_IGMP_SNOOPING=y CONFIG_BRIDGE_VLAN_FILTERING=y CONFIG_HAVE_NET_DSA=y +CONFIG_NET_DSA=m +CONFIG_NET_DSA_HWMON=y +CONFIG_NET_DSA_TAG_BRCM=y +CONFIG_NET_DSA_TAG_DSA=y +CONFIG_NET_DSA_TAG_EDSA=y +CONFIG_NET_DSA_TAG_TRAILER=y CONFIG_VLAN_8021Q=m CONFIG_VLAN_8021Q_GVRP=y # CONFIG_VLAN_8021Q_MVRP is not set @@ -1362,14 +1369,13 @@ CONFIG_OPENVSWITCH_VXLAN=m CONFIG_OPENVSWITCH_GENEVE=m CONFIG_VSOCKETS=m CONFIG_VMWARE_VMCI_VSOCKETS=m -CONFIG_NETLINK_MMAP=y CONFIG_NETLINK_DIAG=m CONFIG_MPLS=y CONFIG_NET_MPLS_GSO=m CONFIG_MPLS_ROUTING=m CONFIG_MPLS_IPTUNNEL=m CONFIG_HSR=m -# CONFIG_NET_SWITCHDEV is not set +CONFIG_NET_SWITCHDEV=y # CONFIG_NET_L3_MASTER_DEV is not set CONFIG_RPS=y CONFIG_RFS_ACCEL=y @@ -1638,6 +1644,7 @@ CONFIG_NFC_NXP_NCI=m CONFIG_NFC_NXP_NCI_I2C=m # CONFIG_NFC_S3FWRN5_I2C is not set CONFIG_LWTUNNEL=y +CONFIG_DST_CACHE=y # # Device Drivers @@ -1665,6 +1672,7 @@ CONFIG_DEV_COREDUMP=y CONFIG_SYS_HYPERVISOR=y # CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=m CONFIG_REGMAP_MMIO=y @@ -2423,8 +2431,14 @@ CONFIG_VHOST=m # # Distributed Switch Architecture drivers # -# CONFIG_NET_DSA_MV88E6XXX is not set -# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set +CONFIG_NET_DSA_MV88E6XXX=m +CONFIG_NET_DSA_MV88E6060=m +CONFIG_NET_DSA_MV88E6XXX_NEED_PPU=y +CONFIG_NET_DSA_MV88E6131=m +CONFIG_NET_DSA_MV88E6123_61_65=m +CONFIG_NET_DSA_MV88E6171=m +CONFIG_NET_DSA_MV88E6352=m +CONFIG_NET_DSA_BCM_SF2=m CONFIG_ETHERNET=y CONFIG_MDIO=m CONFIG_NET_VENDOR_3COM=y @@ -2554,6 +2568,8 @@ CONFIG_MLX5_CORE=m CONFIG_MLX5_CORE_EN=y CONFIG_MLXSW_CORE=m CONFIG_MLXSW_PCI=m +CONFIG_MLXSW_SWITCHX2=m +CONFIG_MLXSW_SPECTRUM=m CONFIG_NET_VENDOR_MICREL=y CONFIG_KS8842=m CONFIG_KS8851_MLL=m @@ -2603,6 +2619,7 @@ CONFIG_NET_VENDOR_RENESAS=y CONFIG_NET_VENDOR_RDC=y CONFIG_R6040=m CONFIG_NET_VENDOR_ROCKER=y +CONFIG_ROCKER=m CONFIG_NET_VENDOR_SAMSUNG=y CONFIG_SXGBE_ETH=m CONFIG_NET_VENDOR_SEEQ=y @@ -2735,6 +2752,7 @@ CONFIG_USB_NET_NET1080=m CONFIG_USB_NET_PLUSB=m CONFIG_USB_NET_MCS7830=m CONFIG_USB_NET_RNDIS_HOST=m +CONFIG_USB_NET_CDC_SUBSET_ENABLE=m CONFIG_USB_NET_CDC_SUBSET=m CONFIG_USB_ALI_M5632=y CONFIG_USB_AN2720=y diff --git a/system/xen/dom0/config-4.4.75-xen.x86_64 b/system/xen/dom0/config-4.4.118-xen.x86_64 index 5b8b948341203..b690312fe3add 100644 --- a/system/xen/dom0/config-4.4.75-xen.x86_64 +++ b/system/xen/dom0/config-4.4.118-xen.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.4.88 Kernel Configuration +# Linux/x86 4.4.118 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -380,6 +380,7 @@ CONFIG_SMP=y CONFIG_X86_FEATURE_NAMES=y CONFIG_X86_X2APIC=y CONFIG_X86_MPPARSE=y +CONFIG_RETPOLINE=y # CONFIG_X86_EXTENDED_PLATFORM is not set CONFIG_X86_INTEL_LPSS=y CONFIG_X86_AMD_PLATFORM_DEVICE=y @@ -755,7 +756,6 @@ CONFIG_X86_X32=y CONFIG_COMPAT=y CONFIG_COMPAT_FOR_U64_ALIGNMENT=y CONFIG_SYSVIPC_COMPAT=y -CONFIG_KEYS_COMPAT=y CONFIG_X86_DEV_DMA_OPS=y CONFIG_PMC_ATOM=y CONFIG_NET=y @@ -1216,6 +1216,12 @@ CONFIG_BRIDGE=m CONFIG_BRIDGE_IGMP_SNOOPING=y CONFIG_BRIDGE_VLAN_FILTERING=y CONFIG_HAVE_NET_DSA=y +CONFIG_NET_DSA=m +CONFIG_NET_DSA_HWMON=y +CONFIG_NET_DSA_TAG_BRCM=y +CONFIG_NET_DSA_TAG_DSA=y +CONFIG_NET_DSA_TAG_EDSA=y +CONFIG_NET_DSA_TAG_TRAILER=y CONFIG_VLAN_8021Q=m CONFIG_VLAN_8021Q_GVRP=y # CONFIG_VLAN_8021Q_MVRP is not set @@ -1333,14 +1339,13 @@ CONFIG_OPENVSWITCH_VXLAN=m CONFIG_OPENVSWITCH_GENEVE=m CONFIG_VSOCKETS=m CONFIG_VMWARE_VMCI_VSOCKETS=m -CONFIG_NETLINK_MMAP=y CONFIG_NETLINK_DIAG=m CONFIG_MPLS=y CONFIG_NET_MPLS_GSO=m CONFIG_MPLS_ROUTING=m CONFIG_MPLS_IPTUNNEL=m CONFIG_HSR=m -# CONFIG_NET_SWITCHDEV is not set +CONFIG_NET_SWITCHDEV=y # CONFIG_NET_L3_MASTER_DEV is not set CONFIG_RPS=y CONFIG_RFS_ACCEL=y @@ -1603,7 +1608,9 @@ CONFIG_NFC_NXP_NCI=m CONFIG_NFC_NXP_NCI_I2C=m # CONFIG_NFC_S3FWRN5_I2C is not set CONFIG_LWTUNNEL=y +CONFIG_DST_CACHE=y CONFIG_HAVE_BPF_JIT=y +CONFIG_HAVE_EBPF_JIT=y # # Device Drivers @@ -1631,6 +1638,7 @@ CONFIG_DEV_COREDUMP=y CONFIG_SYS_HYPERVISOR=y # CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=m CONFIG_REGMAP_MMIO=y @@ -2360,8 +2368,14 @@ CONFIG_VHOST=m # # Distributed Switch Architecture drivers # -# CONFIG_NET_DSA_MV88E6XXX is not set -# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set +CONFIG_NET_DSA_MV88E6XXX=m +CONFIG_NET_DSA_MV88E6060=m +CONFIG_NET_DSA_MV88E6XXX_NEED_PPU=y +CONFIG_NET_DSA_MV88E6131=m +CONFIG_NET_DSA_MV88E6123_61_65=m +CONFIG_NET_DSA_MV88E6171=m +CONFIG_NET_DSA_MV88E6352=m +CONFIG_NET_DSA_BCM_SF2=m CONFIG_ETHERNET=y CONFIG_MDIO=m CONFIG_NET_VENDOR_3COM=y @@ -2490,6 +2504,8 @@ CONFIG_MLX5_CORE=m CONFIG_MLX5_CORE_EN=y CONFIG_MLXSW_CORE=m CONFIG_MLXSW_PCI=m +CONFIG_MLXSW_SWITCHX2=m +CONFIG_MLXSW_SPECTRUM=m CONFIG_NET_VENDOR_MICREL=y CONFIG_KS8842=m CONFIG_KS8851_MLL=m @@ -2536,6 +2552,7 @@ CONFIG_NET_VENDOR_RENESAS=y CONFIG_NET_VENDOR_RDC=y CONFIG_R6040=m CONFIG_NET_VENDOR_ROCKER=y +CONFIG_ROCKER=m CONFIG_NET_VENDOR_SAMSUNG=y CONFIG_SXGBE_ETH=m CONFIG_NET_VENDOR_SEEQ=y @@ -2668,6 +2685,7 @@ CONFIG_USB_NET_NET1080=m CONFIG_USB_NET_PLUSB=m CONFIG_USB_NET_MCS7830=m CONFIG_USB_NET_RNDIS_HOST=m +CONFIG_USB_NET_CDC_SUBSET_ENABLE=m CONFIG_USB_NET_CDC_SUBSET=m CONFIG_USB_ALI_M5632=y CONFIG_USB_AN2720=y @@ -6925,12 +6943,14 @@ CONFIG_X86_DEBUG_FPU=y # Security options # CONFIG_KEYS=y +CONFIG_KEYS_COMPAT=y # CONFIG_PERSISTENT_KEYRINGS is not set # CONFIG_BIG_KEYS is not set CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITY=y +CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y diff --git a/system/xen/dom0/kernel-xen.sh b/system/xen/dom0/kernel-xen.sh index e33676d04225c..dba4b3f91a7e7 100644 --- a/system/xen/dom0/kernel-xen.sh +++ b/system/xen/dom0/kernel-xen.sh @@ -5,8 +5,8 @@ # Written by Chris Abela <chris.abela@maltats.com>, 20100515 # Modified by Mario Preksavec <mario@slackware.hr> -KERNEL=${KERNEL:-4.4.88} -XEN=${XEN:-4.9.0} +KERNEL=${KERNEL:-4.4.118} +XEN=${XEN:-4.10.0} BOOTLOADER=${BOOTLOADER:-lilo} ROOTMOD=${ROOTMOD:-ext4} diff --git a/system/xen/patches/gcc7-fix-incorrect-comparison.patch b/system/xen/patches/gcc7-fix-incorrect-comparison.patch deleted file mode 100644 index 91dc6c08a6e8e..0000000000000 --- a/system/xen/patches/gcc7-fix-incorrect-comparison.patch +++ /dev/null @@ -1,40 +0,0 @@ -From fe4a28ccbfd33cae9e1f56b174d46b4eb2329efd Mon Sep 17 00:00:00 2001 -From: Dandan Bi <dandan.bi@intel.com> -Date: Sat, 1 Apr 2017 10:31:14 +0800 -Subject: [PATCH] MdeModulePkg/UefiHiiLib:Fix incorrect comparison expression - -Fix the incorrect comparison between pointer and constant zero character. - -https://bugzilla.tianocore.org/show_bug.cgi?id=416 - -V2: The pointer StringPtr points to a string returned -by ExtractConfig/ExportConfig, if it is NULL, function -InternalHiiIfrValueAction will return FALSE. So in -current usage model, the StringPtr can not be NULL before -using it, so we can add ASSERT here. - -Cc: Eric Dong <eric.dong@intel.com> -Cc: Liming Gao <liming.gao@intel.com> -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Dandan Bi <dandan.bi@intel.com> -Reviewed-by: Eric Dong <eric.dong@intel.com> ---- - MdeModulePkg/Library/UefiHiiLib/HiiLib.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c -index a2abf26980b..cd0cd35a0f3 100644 ---- a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c -+++ b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c -@@ -2201,8 +2201,9 @@ InternalHiiIfrValueAction ( - }
-
- StringPtr = ConfigAltResp;
--
-- while (StringPtr != L'\0') {
-+ ASSERT (StringPtr != NULL);
-+
-+ while (*StringPtr != L'\0') {
- //
- // 1. Find <ConfigHdr> GUID=...&NAME=...&PATH=...
- //
diff --git a/system/xen/patches/gcc7-minios-implement-udivmoddi4.patch b/system/xen/patches/gcc7-minios-implement-udivmoddi4.patch deleted file mode 100644 index 7d6c510944d62..0000000000000 --- a/system/xen/patches/gcc7-minios-implement-udivmoddi4.patch +++ /dev/null @@ -1,44 +0,0 @@ -From d991bdbc062248221511ecb795617c36b37e1d2e Mon Sep 17 00:00:00 2001 -From: Wei Liu <wei.liu2@citrix.com> -Date: Wed, 9 Aug 2017 13:15:48 +0100 -Subject: [PATCH] lib/math.c: implement __udivmoddi4 - -Some code compiled by gcc 7 requires this. - -Signed-off-by: Wei Liu <wei.liu2@citrix.com> -Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org> ---- - lib/math.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/lib/math.c b/lib/math.c -index 561393e..b98cc1d 100644 ---- a/lib/math.c -+++ b/lib/math.c -@@ -6,6 +6,7 @@ - * File: math.c - * Author: Rolf Neugebauer (neugebar@dcs.gla.ac.uk) - * Changes: -+ * Implement __udivmoddi4 (Wei Liu <wei.liu2@citrix.com>) - * - * Date: Aug 2003 - * -@@ -397,6 +398,15 @@ __umoddi3(u_quad_t a, u_quad_t b) - } - - /* -+ * Returns the quotient and places remainder in r -+ */ -+u_quad_t -+__udivmoddi4(u_quad_t a, u_quad_t b, u_quad_t *r) -+{ -+ return __qdivrem(a, b, r); -+} -+ -+/* - * From - * moddi3.c - */ --- -2.1.4 - diff --git a/system/xen/patches/gcc7-vtpm-implicit-fallthrough.patch b/system/xen/patches/gcc7-vtpm-implicit-fallthrough.patch deleted file mode 100644 index 068752d2d1a04..0000000000000 --- a/system/xen/patches/gcc7-vtpm-implicit-fallthrough.patch +++ /dev/null @@ -1,46 +0,0 @@ -GCC-7 have -Wimplicit-fallthrough enabled with -Wextra. Add appropriate -comment which both mute the warning and improve readibility. - -Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> ---- - stubdom/Makefile | 1 + - stubdom/vtpm-implicit-fallthrough.patch | 10 ++++++++++ - 2 files changed, 11 insertions(+) - create mode 100644 stubdom/vtpm-implicit-fallthrough.patch - -diff --git a/stubdom/Makefile b/stubdom/Makefile -index db01827..5055e31 100644 ---- a/stubdom/Makefile -+++ b/stubdom/Makefile -@@ -228,6 +228,7 @@ tpm_emulator-$(XEN_TARGET_ARCH): tpm_emulator-$(TPMEMU_VERSION).tar.gz - patch -d $@ -p1 < vtpm-deepquote.patch - patch -d $@ -p1 < vtpm-deepquote-anyloc.patch - patch -d $@ -p1 < vtpm-cmake-Wextra.patch -+ patch -d $@ -p1 < vtpm-implicit-fallthrough.patch - mkdir $@/build - cd $@/build; CC=${CC} $(CMAKE) .. -DCMAKE_C_FLAGS:STRING="-std=c99 -DTPM_NO_EXTERN $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -Wno-declaration-after-statement" - touch $@ -diff --git a/stubdom/vtpm-implicit-fallthrough.patch b/stubdom/vtpm-implicit-fallthrough.patch -new file mode 100644 -index 0000000..db97be5 ---- /dev/null -+++ b/stubdom/vtpm-implicit-fallthrough.patch -@@ -0,0 +1,10 @@ -+--- tpm_emulator-x86_64/tpm/tpm_cmd_handler.c.orig 2017-04-27 13:37:14.408000000 +0200 -++++ tpm_emulator-x86_64/tpm/tpm_cmd_handler.c 2017-04-27 13:39:53.585000000 +0200 -+@@ -3397,6 +3397,7 @@ -+ sizeof(rsp->auth2->nonceOdd.nonce)); -+ tpm_hmac_update(&hmac, (BYTE*)&rsp->auth2->continueAuthSession, 1); -+ tpm_hmac_final(&hmac, rsp->auth2->auth); -++ /* fall-thru */ -+ case TPM_TAG_RSP_AUTH1_COMMAND: -+ tpm_hmac_init(&hmac, rsp->auth1->secret, sizeof(rsp->auth1->secret)); -+ tpm_hmac_update(&hmac, rsp->auth1->digest, sizeof(rsp->auth1->digest)); --- -2.7.4 - - -_______________________________________________ -Xen-devel mailing list -Xen-devel@lists.xen.org -https://lists.xen.org/xen-devel diff --git a/system/xen/patches/gcc7-vtpmmgr-make-inline-static.patch b/system/xen/patches/gcc7-vtpmmgr-make-inline-static.patch deleted file mode 100644 index a2c96691a95f0..0000000000000 --- a/system/xen/patches/gcc7-vtpmmgr-make-inline-static.patch +++ /dev/null @@ -1,1161 +0,0 @@ -gcc7 is more strict with functions marked as inline. They are not -automatically inlined. Instead a function call is generated, but the -actual code is not visible by the linker. - -Do a mechanical change and mark every 'inline' as 'static inline'. For -simpler review the static goes into an extra line. - -Signed-off-by: Olaf Hering <olaf@aepfle.de> ---- - stubdom/vtpmmgr/marshal.h | 76 ++++++++++++++++++++++++++++++++++++++++++ - stubdom/vtpmmgr/tcg.h | 14 ++++++++ - stubdom/vtpmmgr/tpm2_marshal.h | 58 ++++++++++++++++++++++++++++++++ - stubdom/vtpmmgr/tpmrsa.h | 1 + - 4 files changed, 149 insertions(+) - -diff --git a/stubdom/vtpmmgr/marshal.h b/stubdom/vtpmmgr/marshal.h -index d826f19d89..dce19c6439 100644 ---- a/stubdom/vtpmmgr/marshal.h -+++ b/stubdom/vtpmmgr/marshal.h -@@ -47,16 +47,19 @@ typedef enum UnpackPtr { - UNPACK_ALLOC - } UnpackPtr; - -+static - inline BYTE* pack_BYTE(BYTE* ptr, BYTE t) { - ptr[0] = t; - return ++ptr; - } - -+static - inline BYTE* unpack_BYTE(BYTE* ptr, BYTE* t) { - t[0] = ptr[0]; - return ++ptr; - } - -+static - inline int unpack3_BYTE(BYTE* ptr, UINT32* pos, UINT32 max, BYTE *t) - { - if (*pos + 1 > max) -@@ -72,18 +75,21 @@ inline int unpack3_BYTE(BYTE* ptr, UINT32* pos, UINT32 max, BYTE *t) - #define unpack3_BOOL(p, x, m, t) unpack3_BYTE(p, x, m, t) - #define sizeof_BOOL(t) 1 - -+static - inline BYTE* pack_UINT16(void* ptr, UINT16 t) { - UINT16* p = ptr; - *p = cpu_to_be16(t); - return ptr + sizeof(UINT16); - } - -+static - inline BYTE* unpack_UINT16(void* ptr, UINT16* t) { - UINT16* p = ptr; - *t = be16_to_cpu(*p); - return ptr + sizeof(UINT16); - } - -+static - inline int unpack3_UINT16(BYTE* ptr, UINT32* pos, UINT32 max, UINT16 *t) - { - if (*pos + 2 > max) -@@ -93,18 +99,21 @@ inline int unpack3_UINT16(BYTE* ptr, UINT32* pos, UINT32 max, UINT16 *t) - return 0; - } - -+static - inline BYTE* pack_UINT32(void* ptr, UINT32 t) { - UINT32* p = ptr; - *p = cpu_to_be32(t); - return ptr + sizeof(UINT32); - } - -+static - inline BYTE* unpack_UINT32(void* ptr, UINT32* t) { - UINT32* p = ptr; - *t = be32_to_cpu(*p); - return ptr + sizeof(UINT32); - } - -+static - inline int unpack3_UINT32(BYTE* ptr, UINT32* pos, UINT32 max, UINT32 *t) - { - if (*pos + 4 > max) -@@ -236,16 +245,19 @@ inline int unpack3_UINT32(BYTE* ptr, UINT32* pos, UINT32 max, UINT32 *t) - #define sizeof_TCS_KEY_HANDLE(t) sizeof_UINT32(t) - - -+static - inline BYTE* pack_BUFFER(BYTE* ptr, const BYTE* buf, UINT32 size) { - memcpy(ptr, buf, size); - return ptr + size; - } - -+static - inline BYTE* unpack_BUFFER(BYTE* ptr, BYTE* buf, UINT32 size) { - memcpy(buf, ptr, size); - return ptr + size; - } - -+static - inline int unpack3_BUFFER(BYTE* ptr, UINT32* pos, UINT32 max, BYTE* buf, UINT32 size) { - if (*pos + size > max) - return TPM_SIZE; -@@ -256,11 +268,13 @@ inline int unpack3_BUFFER(BYTE* ptr, UINT32* pos, UINT32 max, BYTE* buf, UINT32 - - #define sizeof_BUFFER(b, s) s - -+static - inline BYTE* unpack_ALIAS(BYTE* ptr, BYTE** buf, UINT32 size) { - *buf = ptr; - return ptr + size; - } - -+static - inline BYTE* unpack_ALLOC(BYTE* ptr, BYTE** buf, UINT32 size) { - if(size) { - *buf = malloc(size); -@@ -271,6 +285,7 @@ inline BYTE* unpack_ALLOC(BYTE* ptr, BYTE** buf, UINT32 size) { - return ptr + size; - } - -+static - inline BYTE* unpack_PTR(BYTE* ptr, BYTE** buf, UINT32 size, UnpackPtr alloc) { - if(alloc == UNPACK_ALLOC) { - return unpack_ALLOC(ptr, buf, size); -@@ -279,6 +294,7 @@ inline BYTE* unpack_PTR(BYTE* ptr, BYTE** buf, UINT32 size, UnpackPtr alloc) { - } - } - -+static - inline int unpack3_PTR(BYTE* ptr, UINT32* pos, UINT32 max, BYTE** buf, UINT32 size, UnpackPtr alloc) { - if (size > max || *pos + size > max) - return TPM_SIZE; -@@ -292,14 +308,17 @@ inline int unpack3_PTR(BYTE* ptr, UINT32* pos, UINT32 max, BYTE** buf, UINT32 si - } - #define unpack3_VPTR(ptr, pos, max, buf, size, alloc) unpack3_PTR(ptr, pos, max, (void*)(buf), size, alloc) - -+static - inline BYTE* pack_TPM_AUTHDATA(BYTE* ptr, const TPM_AUTHDATA* d) { - return pack_BUFFER(ptr, *d, TPM_DIGEST_SIZE); - } - -+static - inline BYTE* unpack_TPM_AUTHDATA(BYTE* ptr, TPM_AUTHDATA* d) { - return unpack_BUFFER(ptr, *d, TPM_DIGEST_SIZE); - } - -+static - inline int unpack3_TPM_AUTHDATA(BYTE* ptr, UINT32* pos, UINT32 len, TPM_AUTHDATA* d) { - return unpack3_BUFFER(ptr, pos, len, *d, TPM_DIGEST_SIZE); - } -@@ -325,6 +344,7 @@ inline int unpack3_TPM_AUTHDATA(BYTE* ptr, UINT32* pos, UINT32 len, TPM_AUTHDATA - #define sizeof_TPM_TAG(t) sizeof_UINT16(t) - #define sizeof_TPM_STRUCTURE_TAG(t) sizeof_UINT16(t) - -+static - inline BYTE* pack_TPM_VERSION(BYTE* ptr, const TPM_VERSION* t) { - ptr[0] = t->major; - ptr[1] = t->minor; -@@ -333,6 +353,7 @@ inline BYTE* pack_TPM_VERSION(BYTE* ptr, const TPM_VERSION* t) { - return ptr + 4; - } - -+static - inline BYTE* unpack_TPM_VERSION(BYTE* ptr, TPM_VERSION* t) { - t->major = ptr[0]; - t->minor = ptr[1]; -@@ -341,6 +362,7 @@ inline BYTE* unpack_TPM_VERSION(BYTE* ptr, TPM_VERSION* t) { - return ptr + 4; - } - -+static - inline int unpack3_TPM_VERSION(BYTE* ptr, UINT32 *pos, UINT32 max, TPM_VERSION* t) { - if (*pos + 4 > max) - return TPM_SIZE; -@@ -355,6 +377,7 @@ inline int unpack3_TPM_VERSION(BYTE* ptr, UINT32 *pos, UINT32 max, TPM_VERSION* - - #define sizeof_TPM_VERSION(x) 4 - -+static - inline BYTE* pack_TPM_CAP_VERSION_INFO(BYTE* ptr, const TPM_CAP_VERSION_INFO* v) { - ptr = pack_TPM_STRUCTURE_TAG(ptr, v->tag); - ptr = pack_TPM_VERSION(ptr, &v->version); -@@ -366,6 +389,7 @@ inline BYTE* pack_TPM_CAP_VERSION_INFO(BYTE* ptr, const TPM_CAP_VERSION_INFO* v) - return ptr; - } - -+static - inline BYTE* unpack_TPM_CAP_VERSION_INFO(BYTE* ptr, TPM_CAP_VERSION_INFO* v, UnpackPtr alloc) { - ptr = unpack_TPM_STRUCTURE_TAG(ptr, &v->tag); - ptr = unpack_TPM_VERSION(ptr, &v->version); -@@ -377,14 +401,17 @@ inline BYTE* unpack_TPM_CAP_VERSION_INFO(BYTE* ptr, TPM_CAP_VERSION_INFO* v, Unp - return ptr; - } - -+static - inline BYTE* pack_TPM_DIGEST(BYTE* ptr, const TPM_DIGEST* d) { - return pack_BUFFER(ptr, d->digest, TPM_DIGEST_SIZE); - } - -+static - inline BYTE* unpack_TPM_DIGEST(BYTE* ptr, TPM_DIGEST* d) { - return unpack_BUFFER(ptr, d->digest, TPM_DIGEST_SIZE); - } - -+static - inline int unpack3_TPM_DIGEST(BYTE* ptr, UINT32* pos, UINT32 max, TPM_DIGEST* d) { - return unpack3_BUFFER(ptr, pos, max, d->digest, TPM_DIGEST_SIZE); - } -@@ -409,20 +436,24 @@ inline int unpack3_TPM_DIGEST(BYTE* ptr, UINT32* pos, UINT32 max, TPM_DIGEST* d) - #define pack_TPM_CHOSENID_HASH(ptr, d) pack_TPM_DIGEST(ptr, d) - #define unpack_TPM_CHOSENID_HASH(ptr, d) unpack_TPM_DIGEST(ptr, d) - -+static - inline BYTE* pack_TPM_NONCE(BYTE* ptr, const TPM_NONCE* n) { - return pack_BUFFER(ptr, n->nonce, TPM_DIGEST_SIZE); - } - -+static - inline BYTE* unpack_TPM_NONCE(BYTE* ptr, TPM_NONCE* n) { - return unpack_BUFFER(ptr, n->nonce, TPM_DIGEST_SIZE); - } - - #define sizeof_TPM_NONCE(x) TPM_DIGEST_SIZE - -+static - inline int unpack3_TPM_NONCE(BYTE* ptr, UINT32* pos, UINT32 max, TPM_NONCE* n) { - return unpack3_BUFFER(ptr, pos, max, n->nonce, TPM_DIGEST_SIZE); - } - -+static - inline BYTE* pack_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, const TPM_SYMMETRIC_KEY_PARMS* k) { - ptr = pack_UINT32(ptr, k->keyLength); - ptr = pack_UINT32(ptr, k->blockSize); -@@ -430,6 +461,7 @@ inline BYTE* pack_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, const TPM_SYMMETRIC_KEY_PAR - return pack_BUFFER(ptr, k->IV, k->ivSize); - } - -+static - inline BYTE* pack_TPM_SYMMETRIC_KEY(BYTE* ptr, const TPM_SYMMETRIC_KEY* k) { - ptr = pack_UINT32(ptr, k->algId); - ptr = pack_UINT16(ptr, k->encScheme); -@@ -437,6 +469,7 @@ inline BYTE* pack_TPM_SYMMETRIC_KEY(BYTE* ptr, const TPM_SYMMETRIC_KEY* k) { - return pack_BUFFER(ptr, k->data, k->size); - } - -+static - inline int unpack3_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 max, TPM_SYMMETRIC_KEY_PARMS* k, UnpackPtr alloc) { - return unpack3_UINT32(ptr, pos, max, &k->keyLength) || - unpack3_UINT32(ptr, pos, max, &k->blockSize) || -@@ -444,10 +477,12 @@ inline int unpack3_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 max, T - unpack3_PTR(ptr, pos, max, &k->IV, k->ivSize, alloc); - } - -+static - inline int sizeof_TPM_SYMMETRIC_KEY_PARMS(const TPM_SYMMETRIC_KEY_PARMS* k) { - return 12 + k->ivSize; - } - -+static - inline int unpack3_TPM_SYMMETRIC_KEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_SYMMETRIC_KEY* k, UnpackPtr alloc) { - return unpack3_UINT32(ptr, pos, max, &k->algId) || - unpack3_UINT16(ptr, pos, max, &k->encScheme) || -@@ -455,6 +490,7 @@ inline int unpack3_TPM_SYMMETRIC_KEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_SYM - unpack3_PTR(ptr, pos, max, &k->data, k->size, alloc); - } - -+static - inline BYTE* pack_TPM_RSA_KEY_PARMS(BYTE* ptr, const TPM_RSA_KEY_PARMS* k) { - ptr = pack_UINT32(ptr, k->keyLength); - ptr = pack_UINT32(ptr, k->numPrimes); -@@ -462,6 +498,7 @@ inline BYTE* pack_TPM_RSA_KEY_PARMS(BYTE* ptr, const TPM_RSA_KEY_PARMS* k) { - return pack_BUFFER(ptr, k->exponent, k->exponentSize); - } - -+static - inline int unpack3_TPM_RSA_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 max, TPM_RSA_KEY_PARMS* k, UnpackPtr alloc) { - return unpack3_UINT32(ptr, pos, max, &k->keyLength) || - unpack3_UINT32(ptr, pos, max, &k->numPrimes) || -@@ -469,11 +506,13 @@ inline int unpack3_TPM_RSA_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 max, TPM_RSA - unpack3_PTR(ptr, pos, max, &k->exponent, k->exponentSize, alloc); - } - -+static - inline int sizeof_TPM_RSA_KEY_PARMS(const TPM_RSA_KEY_PARMS* k) { - return 12 + k->exponentSize; - } - - -+static - inline BYTE* pack_TPM_KEY_PARMS(BYTE* ptr, const TPM_KEY_PARMS* k) { - ptr = pack_TPM_ALGORITHM_ID(ptr, k->algorithmID); - ptr = pack_TPM_ENC_SCHEME(ptr, k->encScheme); -@@ -493,6 +532,7 @@ inline BYTE* pack_TPM_KEY_PARMS(BYTE* ptr, const TPM_KEY_PARMS* k) { - return ptr; - } - -+static - inline int unpack3_TPM_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 len, TPM_KEY_PARMS* k, UnpackPtr alloc) { - int rc = unpack3_TPM_ALGORITHM_ID(ptr, pos, len, &k->algorithmID) || - unpack3_TPM_ENC_SCHEME(ptr, pos, len, &k->encScheme) || -@@ -511,6 +551,7 @@ inline int unpack3_TPM_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 len, TPM_KEY_PAR - return TPM_FAIL; - } - -+static - inline int sizeof_TPM_KEY_PARMS(const TPM_KEY_PARMS* k) { - int rc = 0; - rc += sizeof_TPM_ALGORITHM_ID(&k->algorithmID); -@@ -532,52 +573,62 @@ inline int sizeof_TPM_KEY_PARMS(const TPM_KEY_PARMS* k) { - return rc; - } - -+static - inline BYTE* pack_TPM_STORE_PUBKEY(BYTE* ptr, const TPM_STORE_PUBKEY* k) { - ptr = pack_UINT32(ptr, k->keyLength); - ptr = pack_BUFFER(ptr, k->key, k->keyLength); - return ptr; - } - -+static - inline int unpack3_TPM_STORE_PUBKEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_STORE_PUBKEY* k, UnpackPtr alloc) { - return unpack3_UINT32(ptr, pos, max, &k->keyLength) || - unpack3_PTR(ptr, pos, max, &k->key, k->keyLength, alloc); - } - -+static - inline int sizeof_TPM_STORE_PUBKEY(const TPM_STORE_PUBKEY* k) { - return 4 + k->keyLength; - } - -+static - inline BYTE* pack_TPM_PUBKEY(BYTE* ptr, const TPM_PUBKEY* k) { - ptr = pack_TPM_KEY_PARMS(ptr, &k->algorithmParms); - return pack_TPM_STORE_PUBKEY(ptr, &k->pubKey); - } - -+static - inline int unpack3_TPM_PUBKEY(BYTE* ptr, UINT32* pos, UINT32 len, TPM_PUBKEY* k, UnpackPtr alloc) { - return unpack3_TPM_KEY_PARMS(ptr, pos, len, &k->algorithmParms, alloc) || - unpack3_TPM_STORE_PUBKEY(ptr, pos, len, &k->pubKey, alloc); - } - -+static - inline BYTE* pack_TPM_PCR_SELECTION(BYTE* ptr, const TPM_PCR_SELECTION* p) { - ptr = pack_UINT16(ptr, p->sizeOfSelect); - ptr = pack_BUFFER(ptr, p->pcrSelect, p->sizeOfSelect); - return ptr; - } - -+static - inline BYTE* unpack_TPM_PCR_SELECTION(BYTE* ptr, TPM_PCR_SELECTION* p, UnpackPtr alloc) { - ptr = unpack_UINT16(ptr, &p->sizeOfSelect); - ptr = unpack_PTR(ptr, &p->pcrSelect, p->sizeOfSelect, alloc); - return ptr; - } - -+static - inline int unpack3_TPM_PCR_SELECTION(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR_SELECTION* p, UnpackPtr alloc) { - return unpack3_UINT16(ptr, pos, max, &p->sizeOfSelect) || - unpack3_PTR(ptr, pos, max, &p->pcrSelect, p->sizeOfSelect, alloc); - } - -+static - inline int sizeof_TPM_PCR_SELECTION(const TPM_PCR_SELECTION* p) { - return 2 + p->sizeOfSelect; - } - -+static - inline BYTE* pack_TPM_PCR_INFO(BYTE* ptr, const TPM_PCR_INFO* p) { - ptr = pack_TPM_PCR_SELECTION(ptr, &p->pcrSelection); - ptr = pack_TPM_COMPOSITE_HASH(ptr, &p->digestAtRelease); -@@ -585,12 +636,14 @@ inline BYTE* pack_TPM_PCR_INFO(BYTE* ptr, const TPM_PCR_INFO* p) { - return ptr; - } - -+static - inline int unpack3_TPM_PCR_INFO(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR_INFO* p, UnpackPtr alloc) { - return unpack3_TPM_PCR_SELECTION(ptr, pos, max, &p->pcrSelection, alloc) || - unpack3_TPM_COMPOSITE_HASH(ptr, pos, max, &p->digestAtRelease) || - unpack3_TPM_COMPOSITE_HASH(ptr, pos, max, &p->digestAtCreation); - } - -+static - inline int sizeof_TPM_PCR_INFO(const TPM_PCR_INFO* p) { - int rc = 0; - rc += sizeof_TPM_PCR_SELECTION(&p->pcrSelection); -@@ -599,6 +652,7 @@ inline int sizeof_TPM_PCR_INFO(const TPM_PCR_INFO* p) { - return rc; - } - -+static - inline BYTE* pack_TPM_PCR_INFO_LONG(BYTE* ptr, const TPM_PCR_INFO_LONG* p) { - ptr = pack_TPM_STRUCTURE_TAG(ptr, p->tag); - ptr = pack_TPM_LOCALITY_SELECTION(ptr, p->localityAtCreation); -@@ -610,6 +664,7 @@ inline BYTE* pack_TPM_PCR_INFO_LONG(BYTE* ptr, const TPM_PCR_INFO_LONG* p) { - return ptr; - } - -+static - inline int sizeof_TPM_PCR_INFO_LONG(const TPM_PCR_INFO_LONG* p) { - int rc = 0; - rc += sizeof_TPM_STRUCTURE_TAG(p->tag); -@@ -622,6 +677,7 @@ inline int sizeof_TPM_PCR_INFO_LONG(const TPM_PCR_INFO_LONG* p) { - return rc; - } - -+static - inline int unpack3_TPM_PCR_INFO_LONG(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR_INFO_LONG* p, UnpackPtr alloc) { - return unpack3_TPM_STRUCTURE_TAG(ptr, pos, max, &p->tag) || - unpack3_TPM_LOCALITY_SELECTION(ptr, pos, max, -@@ -637,6 +693,7 @@ inline int unpack3_TPM_PCR_INFO_LONG(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR - unpack3_TPM_COMPOSITE_HASH(ptr, pos, max, &p->digestAtRelease); - } - -+static - inline BYTE* pack_TPM_PCR_COMPOSITE(BYTE* ptr, const TPM_PCR_COMPOSITE* p) { - ptr = pack_TPM_PCR_SELECTION(ptr, &p->select); - ptr = pack_UINT32(ptr, p->valueSize); -@@ -644,12 +701,14 @@ inline BYTE* pack_TPM_PCR_COMPOSITE(BYTE* ptr, const TPM_PCR_COMPOSITE* p) { - return ptr; - } - -+static - inline int unpack3_TPM_PCR_COMPOSITE(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR_COMPOSITE* p, UnpackPtr alloc) { - return unpack3_TPM_PCR_SELECTION(ptr, pos, max, &p->select, alloc) || - unpack3_UINT32(ptr, pos, max, &p->valueSize) || - unpack3_PTR(ptr, pos, max, (BYTE**)&p->pcrValue, p->valueSize, alloc); - } - -+static - inline BYTE* pack_TPM_KEY(BYTE* ptr, const TPM_KEY* k) { - ptr = pack_TPM_VERSION(ptr, &k->ver); - ptr = pack_TPM_KEY_USAGE(ptr, k->keyUsage); -@@ -665,6 +724,7 @@ inline BYTE* pack_TPM_KEY(BYTE* ptr, const TPM_KEY* k) { - return pack_BUFFER(ptr, k->encData, k->encDataSize); - } - -+static - inline int unpack3_TPM_KEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_KEY* k, UnpackPtr alloc) { - int rc = unpack3_TPM_VERSION(ptr, pos, max, &k->ver) || - unpack3_TPM_KEY_USAGE(ptr, pos, max, &k->keyUsage) || -@@ -682,6 +742,7 @@ inline int unpack3_TPM_KEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_KEY* k, Unpac - unpack3_PTR(ptr, pos, max, &k->encData, k->encDataSize, alloc); - } - -+static - inline int sizeof_TPM_KEY(const TPM_KEY* k) { - int rc = 0; - rc += sizeof_TPM_VERSION(&k->ver); -@@ -699,18 +760,21 @@ inline int sizeof_TPM_KEY(const TPM_KEY* k) { - return rc; - } - -+static - inline BYTE* pack_TPM_BOUND_DATA(BYTE* ptr, const TPM_BOUND_DATA* b, UINT32 payloadSize) { - ptr = pack_TPM_VERSION(ptr, &b->ver); - ptr = pack_TPM_PAYLOAD_TYPE(ptr, b->payload); - return pack_BUFFER(ptr, b->payloadData, payloadSize); - } - -+static - inline BYTE* unpack_TPM_BOUND_DATA(BYTE* ptr, TPM_BOUND_DATA* b, UINT32 payloadSize, UnpackPtr alloc) { - ptr = unpack_TPM_VERSION(ptr, &b->ver); - ptr = unpack_TPM_PAYLOAD_TYPE(ptr, &b->payload); - return unpack_PTR(ptr, &b->payloadData, payloadSize, alloc); - } - -+static - inline BYTE* pack_TPM_STORED_DATA(BYTE* ptr, const TPM_STORED_DATA* d) { - ptr = pack_TPM_VERSION(ptr, &d->ver); - ptr = pack_UINT32(ptr, d->sealInfoSize); -@@ -722,6 +786,7 @@ inline BYTE* pack_TPM_STORED_DATA(BYTE* ptr, const TPM_STORED_DATA* d) { - return ptr; - } - -+static - inline int sizeof_TPM_STORED_DATA(const TPM_STORED_DATA* d) { - int rv = sizeof_TPM_VERSION(&d->ver) + sizeof_UINT32(d->sealInfoSize); - if (d->sealInfoSize) { -@@ -732,6 +797,7 @@ inline int sizeof_TPM_STORED_DATA(const TPM_STORED_DATA* d) { - return rv; - } - -+static - inline int unpack3_TPM_STORED_DATA(BYTE* ptr, UINT32* pos, UINT32 len, TPM_STORED_DATA* d, UnpackPtr alloc) { - int rc = unpack3_TPM_VERSION(ptr, pos, len, &d->ver) || - unpack3_UINT32(ptr, pos, len, &d->sealInfoSize); -@@ -746,6 +812,7 @@ inline int unpack3_TPM_STORED_DATA(BYTE* ptr, UINT32* pos, UINT32 len, TPM_STORE - return rc; - } - -+static - inline BYTE* pack_TPM_STORED_DATA12(BYTE* ptr, const TPM_STORED_DATA12* d) { - ptr = pack_TPM_STRUCTURE_TAG(ptr, d->tag); - ptr = pack_TPM_ENTITY_TYPE(ptr, d->et); -@@ -758,6 +825,7 @@ inline BYTE* pack_TPM_STORED_DATA12(BYTE* ptr, const TPM_STORED_DATA12* d) { - return ptr; - } - -+static - inline int sizeof_TPM_STORED_DATA12(const TPM_STORED_DATA12* d) { - int rv = sizeof_TPM_STRUCTURE_TAG(&d->ver) + - sizeof_TPM_ENTITY_TYPE(&d->et) + -@@ -770,6 +838,7 @@ inline int sizeof_TPM_STORED_DATA12(const TPM_STORED_DATA12* d) { - return rv; - } - -+static - inline int unpack3_TPM_STORED_DATA12(BYTE* ptr, UINT32* pos, UINT32 len, TPM_STORED_DATA12* d, UnpackPtr alloc) { - int rc = unpack3_TPM_STRUCTURE_TAG(ptr, pos, len, &d->tag) || - unpack3_TPM_ENTITY_TYPE(ptr, pos, len, &d->et) || -@@ -786,6 +855,7 @@ inline int unpack3_TPM_STORED_DATA12(BYTE* ptr, UINT32* pos, UINT32 len, TPM_STO - return rc; - } - -+static - inline BYTE* pack_TPM_AUTH_SESSION(BYTE* ptr, const TPM_AUTH_SESSION* auth) { - ptr = pack_TPM_AUTH_HANDLE(ptr, auth->AuthHandle); - ptr = pack_TPM_NONCE(ptr, &auth->NonceOdd); -@@ -794,6 +864,7 @@ inline BYTE* pack_TPM_AUTH_SESSION(BYTE* ptr, const TPM_AUTH_SESSION* auth) { - return ptr; - } - -+static - inline BYTE* unpack_TPM_AUTH_SESSION(BYTE* ptr, TPM_AUTH_SESSION* auth) { - ptr = unpack_TPM_NONCE(ptr, &auth->NonceEven); - ptr = unpack_BOOL(ptr, &auth->fContinueAuthSession); -@@ -801,6 +872,7 @@ inline BYTE* unpack_TPM_AUTH_SESSION(BYTE* ptr, TPM_AUTH_SESSION* auth) { - return ptr; - } - -+static - inline int unpack3_TPM_AUTH_SESSION(BYTE* ptr, UINT32* pos, UINT32 len, TPM_AUTH_SESSION* auth) { - return unpack3_TPM_NONCE(ptr, pos, len, &auth->NonceEven) || - unpack3_BOOL(ptr, pos, len, &auth->fContinueAuthSession) || -@@ -808,6 +880,7 @@ inline int unpack3_TPM_AUTH_SESSION(BYTE* ptr, UINT32* pos, UINT32 len, TPM_AUTH - } - - -+static - inline int sizeof_TPM_AUTH_SESSION(const TPM_AUTH_SESSION* auth) { - int rv = 0; - rv += sizeof_TPM_AUTH_HANDLE(auth->AuthHandle); -@@ -817,6 +890,7 @@ inline int sizeof_TPM_AUTH_SESSION(const TPM_AUTH_SESSION* auth) { - return rv; - } - -+static - inline BYTE* pack_TPM_RQU_HEADER(BYTE* ptr, - TPM_TAG tag, - UINT32 size, -@@ -826,6 +900,7 @@ inline BYTE* pack_TPM_RQU_HEADER(BYTE* ptr, - return pack_UINT32(ptr, ord); - } - -+static - inline BYTE* unpack_TPM_RQU_HEADER(BYTE* ptr, - TPM_TAG* tag, - UINT32* size, -@@ -836,6 +911,7 @@ inline BYTE* unpack_TPM_RQU_HEADER(BYTE* ptr, - return ptr; - } - -+static - inline int unpack3_TPM_RQU_HEADER(BYTE* ptr, UINT32* pos, UINT32 max, - TPM_TAG* tag, UINT32* size, TPM_COMMAND_CODE* ord) { - return -diff --git a/stubdom/vtpmmgr/tcg.h b/stubdom/vtpmmgr/tcg.h -index 813ce57a2d..423131dc25 100644 ---- a/stubdom/vtpmmgr/tcg.h -+++ b/stubdom/vtpmmgr/tcg.h -@@ -461,6 +461,7 @@ typedef struct TPM_CAP_VERSION_INFO { - BYTE* vendorSpecific; - } TPM_CAP_VERSION_INFO; - -+static - inline void free_TPM_CAP_VERSION_INFO(TPM_CAP_VERSION_INFO* v) { - free(v->vendorSpecific); - v->vendorSpecific = NULL; -@@ -494,6 +495,7 @@ typedef struct TPM_SYMMETRIC_KEY { - BYTE* data; - } TPM_SYMMETRIC_KEY; - -+static - inline void free_TPM_SYMMETRIC_KEY_PARMS(TPM_SYMMETRIC_KEY_PARMS* p) { - free(p->IV); - p->IV = NULL; -@@ -510,6 +512,7 @@ typedef struct TPM_RSA_KEY_PARMS { - - #define TPM_RSA_KEY_PARMS_INIT { 0, 0, 0, NULL } - -+static - inline void free_TPM_RSA_KEY_PARMS(TPM_RSA_KEY_PARMS* p) { - free(p->exponent); - p->exponent = NULL; -@@ -528,6 +531,7 @@ typedef struct TPM_KEY_PARMS { - - #define TPM_KEY_PARMS_INIT { 0, 0, 0, 0 } - -+static - inline void free_TPM_KEY_PARMS(TPM_KEY_PARMS* p) { - if(p->parmSize) { - switch(p->algorithmID) { -@@ -550,6 +554,7 @@ typedef struct TPM_STORE_PUBKEY { - - #define TPM_STORE_PUBKEY_INIT { 0, NULL } - -+static - inline void free_TPM_STORE_PUBKEY(TPM_STORE_PUBKEY* p) { - free(p->key); - p->key = NULL; -@@ -562,6 +567,7 @@ typedef struct TPM_PUBKEY { - - #define TPM_PUBKEY_INIT { TPM_KEY_PARMS_INIT, TPM_STORE_PUBKEY_INIT } - -+static - inline void free_TPM_PUBKEY(TPM_PUBKEY* k) { - free_TPM_KEY_PARMS(&k->algorithmParms); - free_TPM_STORE_PUBKEY(&k->pubKey); -@@ -574,6 +580,7 @@ typedef struct TPM_PCR_SELECTION { - - #define TPM_PCR_SELECTION_INIT { 0, NULL } - -+static - inline void free_TPM_PCR_SELECTION(TPM_PCR_SELECTION* p) { - free(p->pcrSelect); - p->pcrSelect = NULL; -@@ -594,6 +601,7 @@ typedef struct TPM_PCR_INFO_LONG { - #define TPM_PCR_INFO_LONG_INIT { 0, 0, 0, TPM_PCR_SELECTION_INIT, \ - TPM_PCR_SELECTION_INIT } - -+static - inline void free_TPM_PCR_INFO_LONG(TPM_PCR_INFO_LONG* p) { - free_TPM_PCR_SELECTION(&p->creationPCRSelection); - free_TPM_PCR_SELECTION(&p->releasePCRSelection); -@@ -607,6 +615,7 @@ typedef struct TPM_PCR_INFO { - - #define TPM_PCR_INFO_INIT { TPM_PCR_SELECTION_INIT } - -+static - inline void free_TPM_PCR_INFO(TPM_PCR_INFO* p) { - free_TPM_PCR_SELECTION(&p->pcrSelection); - } -@@ -619,6 +628,7 @@ typedef struct TPM_PCR_COMPOSITE { - - #define TPM_PCR_COMPOSITE_INIT { TPM_PCR_SELECTION_INIT, 0, NULL } - -+static - inline void free_TPM_PCR_COMPOSITE(TPM_PCR_COMPOSITE* p) { - free_TPM_PCR_SELECTION(&p->select); - free(p->pcrValue); -@@ -643,6 +653,7 @@ typedef struct TPM_KEY { - .pubKey = TPM_STORE_PUBKEY_INIT, \ - .encDataSize = 0, .encData = NULL } - -+static - inline void free_TPM_KEY(TPM_KEY* k) { - if(k->PCRInfoSize) { - free_TPM_PCR_INFO(&k->PCRInfo); -@@ -660,6 +671,7 @@ typedef struct TPM_BOUND_DATA { - - #define TPM_BOUND_DATA_INIT { .payloadData = NULL } - -+static - inline void free_TPM_BOUND_DATA(TPM_BOUND_DATA* d) { - free(d->payloadData); - d->payloadData = NULL; -@@ -676,6 +688,7 @@ typedef struct TPM_STORED_DATA { - #define TPM_STORED_DATA_INIT { .sealInfoSize = 0, sealInfo = TPM_PCR_INFO_INIT,\ - .encDataSize = 0, .encData = NULL } - -+static - inline void free_TPM_STORED_DATA(TPM_STORED_DATA* d) { - if(d->sealInfoSize) { - free_TPM_PCR_INFO(&d->sealInfo); -@@ -696,6 +709,7 @@ typedef struct TPM_STORED_DATA12 { - #define TPM_STORED_DATA12_INIT { .sealInfoLongSize = 0, \ - sealInfoLong = TPM_PCR_INFO_INIT, .encDataSize = 0, .encData = NULL } - -+static - inline void free_TPM_STORED_DATA12(TPM_STORED_DATA12* d) { - if(d->sealInfoLongSize) { - free_TPM_PCR_INFO_LONG(&d->sealInfoLong); -diff --git a/stubdom/vtpmmgr/tpm2_marshal.h b/stubdom/vtpmmgr/tpm2_marshal.h -index aaa44645a2..ba070ad38e 100644 ---- a/stubdom/vtpmmgr/tpm2_marshal.h -+++ b/stubdom/vtpmmgr/tpm2_marshal.h -@@ -52,6 +52,7 @@ - #define pack_TPM_BUFFER(ptr, buf, size) pack_BUFFER(ptr, buf, size) - #define unpack_TPM_BUFFER(ptr, buf, size) unpack_BUFFER(ptr, buf, size) - -+static - inline BYTE* pack_BYTE_ARRAY(BYTE* ptr, const BYTE* array, UINT32 size) - { - int i; -@@ -60,21 +61,25 @@ inline BYTE* pack_BYTE_ARRAY(BYTE* ptr, const BYTE* array, UINT32 size) - return ptr; - } - -+static - inline BYTE* pack_TPMA_SESSION(BYTE* ptr, const TPMA_SESSION *attr) - { - return pack_BYTE(ptr, (BYTE)(*attr)); - } - -+static - inline BYTE* unpack_TPMA_SESSION(BYTE* ptr, TPMA_SESSION *attr) - { - return unpack_BYTE(ptr, (BYTE *)attr); - } - -+static - inline BYTE* pack_TPMI_ALG_HASH(BYTE* ptr, const TPMI_ALG_HASH *hash) - { - return pack_UINT16(ptr, *hash); - } - -+static - inline BYTE* unpack_TPMI_ALG_HASH(BYTE *ptr, TPMI_ALG_HASH *hash) - { - return unpack_UINT16(ptr, hash); -@@ -125,6 +130,7 @@ inline BYTE* unpack_TPMI_ALG_HASH(BYTE *ptr, TPMI_ALG_HASH *hash) - #define pack_TPMI_RH_LOCKOUT(ptr, l) pack_TPM2_HANDLE(ptr, l) - #define unpack_TPMI_RH_LOCKOUT(ptr, l) unpack_TPM2_HANDLE(ptr, l) - -+static - inline BYTE* pack_TPM2B_DIGEST(BYTE* ptr, const TPM2B_DIGEST *digest) - { - ptr = pack_UINT16(ptr, digest->size); -@@ -132,6 +138,7 @@ inline BYTE* pack_TPM2B_DIGEST(BYTE* ptr, const TPM2B_DIGEST *digest) - return ptr; - } - -+static - inline BYTE* unpack_TPM2B_DIGEST(BYTE* ptr, TPM2B_DIGEST *digest) - { - ptr = unpack_UINT16(ptr, &digest->size); -@@ -139,6 +146,7 @@ inline BYTE* unpack_TPM2B_DIGEST(BYTE* ptr, TPM2B_DIGEST *digest) - return ptr; - } - -+static - inline BYTE* pack_TPMT_TK_CREATION(BYTE* ptr,const TPMT_TK_CREATION *ticket ) - { - ptr = pack_TPM_ST(ptr , &ticket->tag); -@@ -147,6 +155,7 @@ inline BYTE* pack_TPMT_TK_CREATION(BYTE* ptr,const TPMT_TK_CREATION *ticket ) - return ptr; - } - -+static - inline BYTE* unpack_TPMT_TK_CREATION(BYTE* ptr, TPMT_TK_CREATION *ticket ) - { - ptr = unpack_TPM_ST(ptr, &ticket->tag); -@@ -155,6 +164,7 @@ inline BYTE* unpack_TPMT_TK_CREATION(BYTE* ptr, TPMT_TK_CREATION *ticket ) - return ptr; - } - -+static - inline BYTE* pack_TPM2B_NAME(BYTE* ptr,const TPM2B_NAME *name ) - { - ptr = pack_UINT16(ptr, name->size); -@@ -162,6 +172,7 @@ inline BYTE* pack_TPM2B_NAME(BYTE* ptr,const TPM2B_NAME *name ) - return ptr; - } - -+static - inline BYTE* unpack_TPM2B_NAME(BYTE* ptr, TPM2B_NAME *name) - { - ptr = unpack_UINT16(ptr, &name->size); -@@ -169,6 +180,7 @@ inline BYTE* unpack_TPM2B_NAME(BYTE* ptr, TPM2B_NAME *name) - return ptr; - } - -+static - inline BYTE* pack_TPM2B_NONCE(BYTE* ptr, const TPM2B_NONCE *nonce) - { - return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)nonce); -@@ -176,6 +188,7 @@ inline BYTE* pack_TPM2B_NONCE(BYTE* ptr, const TPM2B_NONCE *nonce) - - #define unpack_TPM2B_NONCE(ptr, nonce) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)nonce) - -+static - inline BYTE* pack_TPM2B_AUTH(BYTE* ptr, const TPM2B_AUTH *auth) - { - return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)auth); -@@ -183,6 +196,7 @@ inline BYTE* pack_TPM2B_AUTH(BYTE* ptr, const TPM2B_AUTH *auth) - - #define unpack_TPM2B_AUTH(ptr, auth) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)auth) - -+static - inline BYTE* pack_TPM2B_DATA(BYTE* ptr, const TPM2B_DATA *data) - { - return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)data); -@@ -190,6 +204,7 @@ inline BYTE* pack_TPM2B_DATA(BYTE* ptr, const TPM2B_DATA *data) - - #define unpack_TPM2B_DATA(ptr, data) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)data) - -+static - inline BYTE* pack_TPM2B_SENSITIVE_DATA(BYTE* ptr, const TPM2B_SENSITIVE_DATA *data) - { - return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)data); -@@ -197,6 +212,7 @@ inline BYTE* pack_TPM2B_SENSITIVE_DATA(BYTE* ptr, const TPM2B_SENSITIVE_DATA *da - - #define unpack_TPM2B_SENSITIVE_DATA(ptr, data) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)data) - -+static - inline BYTE* pack_TPM2B_PUBLIC_KEY_RSA(BYTE* ptr, const TPM2B_PUBLIC_KEY_RSA *rsa) - { - return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)rsa); -@@ -204,6 +220,7 @@ inline BYTE* pack_TPM2B_PUBLIC_KEY_RSA(BYTE* ptr, const TPM2B_PUBLIC_KEY_RSA *rs - - #define unpack_TPM2B_PUBLIC_KEY_RSA(ptr, rsa) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)rsa) - -+static - inline BYTE* pack_TPM2B_PRIVATE(BYTE* ptr, const TPM2B_PRIVATE *Private) - { - ptr = pack_UINT16(ptr, Private->size); -@@ -211,6 +228,7 @@ inline BYTE* pack_TPM2B_PRIVATE(BYTE* ptr, const TPM2B_PRIVATE *Private) - return ptr; - } - -+static - inline BYTE* unpack_TPM2B_PRIVATE(BYTE* ptr, TPM2B_PRIVATE *Private) - { - ptr = unpack_UINT16(ptr, &Private->size); -@@ -218,6 +236,7 @@ inline BYTE* unpack_TPM2B_PRIVATE(BYTE* ptr, TPM2B_PRIVATE *Private) - return ptr; - } - -+static - inline BYTE* pack_TPMS_PCR_SELECTION_ARRAY(BYTE* ptr, const TPMS_PCR_SELECTION *sel, UINT32 count) - { - int i; -@@ -229,6 +248,7 @@ inline BYTE* pack_TPMS_PCR_SELECTION_ARRAY(BYTE* ptr, const TPMS_PCR_SELECTION * - return ptr; - } - -+static - inline BYTE* unpack_TPMS_PCR_SELECTION_ARRAY(BYTE* ptr, TPMS_PCR_SELECTION *sel, UINT32 count) - { - int i; -@@ -240,6 +260,7 @@ inline BYTE* unpack_TPMS_PCR_SELECTION_ARRAY(BYTE* ptr, TPMS_PCR_SELECTION *sel, - return ptr; - } - -+static - inline BYTE* pack_TPML_PCR_SELECTION(BYTE* ptr, const TPML_PCR_SELECTION *sel) - { - ptr = pack_UINT32(ptr, sel->count); -@@ -247,6 +268,7 @@ inline BYTE* pack_TPML_PCR_SELECTION(BYTE* ptr, const TPML_PCR_SELECTION *sel) - return ptr; - } - -+static - inline BYTE* unpack_TPML_PCR_SELECTION(BYTE* ptr, TPML_PCR_SELECTION *sel) - { - ptr = unpack_UINT32(ptr, &sel->count); -@@ -254,6 +276,7 @@ inline BYTE* unpack_TPML_PCR_SELECTION(BYTE* ptr, TPML_PCR_SELECTION *sel) - return ptr; - } - -+static - inline BYTE* unpack_TPML_DIGEST(BYTE* ptr,TPML_DIGEST *digest) - { - int i; -@@ -265,6 +288,7 @@ inline BYTE* unpack_TPML_DIGEST(BYTE* ptr,TPML_DIGEST *digest) - return ptr; - } - -+static - inline BYTE* pack_TPMS_CREATION_DATA(BYTE* ptr,const TPMS_CREATION_DATA *data) - { - ptr = pack_TPML_PCR_SELECTION(ptr, &data->pcrSelect); -@@ -276,6 +300,7 @@ inline BYTE* pack_TPMS_CREATION_DATA(BYTE* ptr,const TPMS_CREATION_DATA *data) - return ptr; - } - -+static - inline BYTE* unpack_TPMS_CREATION_DATA(BYTE* ptr, TPMS_CREATION_DATA *data) - { - ptr = unpack_TPML_PCR_SELECTION(ptr, &data->pcrSelect); -@@ -288,6 +313,7 @@ inline BYTE* unpack_TPMS_CREATION_DATA(BYTE* ptr, TPMS_CREATION_DATA *data) - return ptr; - } - -+static - inline BYTE* pack_TPM2B_CREATION_DATA(BYTE* ptr, const TPM2B_CREATION_DATA *data ) - { - ptr = pack_UINT16(ptr, data->size); -@@ -295,6 +321,7 @@ inline BYTE* pack_TPM2B_CREATION_DATA(BYTE* ptr, const TPM2B_CREATION_DATA *data - return ptr; - } - -+static - inline BYTE* unpack_TPM2B_CREATION_DATA(BYTE* ptr, TPM2B_CREATION_DATA * data) - { - ptr = unpack_UINT16(ptr, &data->size); -@@ -302,6 +329,7 @@ inline BYTE* unpack_TPM2B_CREATION_DATA(BYTE* ptr, TPM2B_CREATION_DATA * data) - return ptr; - } - -+static - inline BYTE* pack_TPMS_SENSITIVE_CREATE(BYTE* ptr, const TPMS_SENSITIVE_CREATE *create) - { - ptr = pack_TPM2B_AUTH(ptr, &create->userAuth); -@@ -309,6 +337,7 @@ inline BYTE* pack_TPMS_SENSITIVE_CREATE(BYTE* ptr, const TPMS_SENSITIVE_CREATE * - return ptr; - } - -+static - inline BYTE* pack_TPM2B_SENSITIVE_CREATE(BYTE* ptr, const TPM2B_SENSITIVE_CREATE *create) - { - BYTE* sizePtr = ptr; -@@ -318,6 +347,7 @@ inline BYTE* pack_TPM2B_SENSITIVE_CREATE(BYTE* ptr, const TPM2B_SENSITIVE_CREATE - return ptr; - } - -+static - inline BYTE* pack_TPMU_SYM_MODE(BYTE* ptr, const TPMU_SYM_MODE *p, - const TPMI_ALG_SYM_OBJECT *sel) - { -@@ -336,6 +366,7 @@ inline BYTE* pack_TPMU_SYM_MODE(BYTE* ptr, const TPMU_SYM_MODE *p, - } - return ptr; - } -+static - inline BYTE* unpack_TPMU_SYM_MODE(BYTE* ptr, TPMU_SYM_MODE *p, - const TPMI_ALG_SYM_OBJECT *sel) - { -@@ -355,6 +386,7 @@ inline BYTE* unpack_TPMU_SYM_MODE(BYTE* ptr, TPMU_SYM_MODE *p, - return ptr; - } - -+static - inline BYTE* pack_TPMU_SYM_KEY_BITS(BYTE* ptr, const TPMU_SYM_KEY_BITS *p, - const TPMI_ALG_SYM_OBJECT *sel) - { -@@ -376,6 +408,7 @@ inline BYTE* pack_TPMU_SYM_KEY_BITS(BYTE* ptr, const TPMU_SYM_KEY_BITS *p, - return ptr; - } - -+static - inline BYTE* unpack_TPMU_SYM_KEY_BITS(BYTE* ptr, TPMU_SYM_KEY_BITS *p, - const TPMI_ALG_SYM_OBJECT *sel) - { -@@ -397,6 +430,7 @@ inline BYTE* unpack_TPMU_SYM_KEY_BITS(BYTE* ptr, TPMU_SYM_KEY_BITS *p, - return ptr; - } - -+static - inline BYTE* pack_TPMT_SYM_DEF_OBJECT(BYTE* ptr, const TPMT_SYM_DEF_OBJECT *p) - { - ptr = pack_TPMI_ALG_SYM_OBJECT(ptr, &p->algorithm); -@@ -405,6 +439,7 @@ inline BYTE* pack_TPMT_SYM_DEF_OBJECT(BYTE* ptr, const TPMT_SYM_DEF_OBJECT *p) - return ptr; - } - -+static - inline BYTE* unpack_TPMT_SYM_DEF_OBJECT(BYTE *ptr, TPMT_SYM_DEF_OBJECT *p) - { - ptr = unpack_TPMI_ALG_SYM_OBJECT(ptr, &p->algorithm); -@@ -416,6 +451,7 @@ inline BYTE* unpack_TPMT_SYM_DEF_OBJECT(BYTE *ptr, TPMT_SYM_DEF_OBJECT *p) - #define pack_TPMS_SCHEME_OAEP(p, t) pack_TPMI_ALG_HASH(p, &((t)->hashAlg)) - #define unpack_TPMS_SCHEME_OAEP(p, t) unpack_TPMI_ALG_HASH(p, &((t)->hashAlg)) - -+static - inline BYTE* pack_TPMU_ASYM_SCHEME(BYTE *ptr, const TPMU_ASYM_SCHEME *p, - const TPMI_ALG_RSA_SCHEME *s) - { -@@ -438,6 +474,7 @@ inline BYTE* pack_TPMU_ASYM_SCHEME(BYTE *ptr, const TPMU_ASYM_SCHEME *p, - return ptr; - } - -+static - inline BYTE* unpack_TPMU_ASYM_SCHEME(BYTE *ptr, TPMU_ASYM_SCHEME *p, - const TPMI_ALG_RSA_SCHEME *s) - { -@@ -462,6 +499,7 @@ inline BYTE* unpack_TPMU_ASYM_SCHEME(BYTE *ptr, TPMU_ASYM_SCHEME *p, - return ptr; - } - -+static - inline BYTE* pack_TPMT_RSA_SCHEME(BYTE* ptr, const TPMT_RSA_SCHEME *p) - { - ptr = pack_TPMI_ALG_RSA_SCHEME(ptr, &p->scheme); -@@ -469,6 +507,7 @@ inline BYTE* pack_TPMT_RSA_SCHEME(BYTE* ptr, const TPMT_RSA_SCHEME *p) - return ptr; - } - -+static - inline BYTE* unpack_TPMT_RSA_SCHEME(BYTE* ptr, TPMT_RSA_SCHEME *p) - { - ptr = unpack_TPMI_ALG_RSA_SCHEME(ptr, &p->scheme); -@@ -476,6 +515,7 @@ inline BYTE* unpack_TPMT_RSA_SCHEME(BYTE* ptr, TPMT_RSA_SCHEME *p) - return ptr; - } - -+static - inline BYTE* pack_TPMT_RSA_DECRYPT(BYTE* ptr, const TPMT_RSA_DECRYPT *p) - { - ptr = pack_TPMI_ALG_RSA_SCHEME(ptr, &p->scheme); -@@ -483,6 +523,7 @@ inline BYTE* pack_TPMT_RSA_DECRYPT(BYTE* ptr, const TPMT_RSA_DECRYPT *p) - return ptr; - } - -+static - inline BYTE* pack_TPMS_RSA_PARMS(BYTE* ptr, const TPMS_RSA_PARMS *p) - { - ptr = pack_TPMT_SYM_DEF_OBJECT(ptr, &p->symmetric); -@@ -492,6 +533,7 @@ inline BYTE* pack_TPMS_RSA_PARMS(BYTE* ptr, const TPMS_RSA_PARMS *p) - return ptr; - } - -+static - inline BYTE* unpack_TPMS_RSA_PARMS(BYTE *ptr, TPMS_RSA_PARMS *p) - { - ptr = unpack_TPMT_SYM_DEF_OBJECT(ptr, &p->symmetric); -@@ -501,6 +543,7 @@ inline BYTE* unpack_TPMS_RSA_PARMS(BYTE *ptr, TPMS_RSA_PARMS *p) - return ptr; - } - -+static - inline BYTE* pack_TPMU_PUBLIC_PARMS(BYTE* ptr, const TPMU_PUBLIC_PARMS *param, - const TPMI_ALG_PUBLIC *selector) - { -@@ -518,6 +561,7 @@ inline BYTE* pack_TPMU_PUBLIC_PARMS(BYTE* ptr, const TPMU_PUBLIC_PARMS *param, - return NULL; - } - -+static - inline BYTE* unpack_TPMU_PUBLIC_PARMS(BYTE* ptr, TPMU_PUBLIC_PARMS *param, - const TPMI_ALG_PUBLIC *selector) - { -@@ -535,18 +579,21 @@ inline BYTE* unpack_TPMU_PUBLIC_PARMS(BYTE* ptr, TPMU_PUBLIC_PARMS *param, - return NULL; - } - -+static - inline BYTE* pack_TPMS_ECC_POINT(BYTE* ptr, const TPMS_ECC_POINT *point) - { - assert(false); - return ptr; - } - -+static - inline BYTE* unpack_TPMS_ECC_POINT(BYTE* ptr, TPMS_ECC_POINT *point) - { - assert(false); - return ptr; - } - -+static - inline BYTE* pack_TPMU_PUBLIC_ID(BYTE* ptr, const TPMU_PUBLIC_ID *id, - const TPMI_ALG_PUBLIC *selector) - { -@@ -564,6 +611,7 @@ inline BYTE* pack_TPMU_PUBLIC_ID(BYTE* ptr, const TPMU_PUBLIC_ID *id, - return NULL; - } - -+static - inline BYTE* unpack_TPMU_PUBLIC_ID(BYTE* ptr, TPMU_PUBLIC_ID *id, TPMI_ALG_PUBLIC *selector) - { - switch (*selector) { -@@ -580,6 +628,7 @@ inline BYTE* unpack_TPMU_PUBLIC_ID(BYTE* ptr, TPMU_PUBLIC_ID *id, TPMI_ALG_PUBLI - return NULL; - } - -+static - inline BYTE* pack_TPMT_PUBLIC(BYTE* ptr, const TPMT_PUBLIC *public) - { - ptr = pack_TPMI_ALG_PUBLIC(ptr, &public->type); -@@ -591,6 +640,7 @@ inline BYTE* pack_TPMT_PUBLIC(BYTE* ptr, const TPMT_PUBLIC *public) - return ptr; - } - -+static - inline BYTE* unpack_TPMT_PUBLIC(BYTE* ptr, TPMT_PUBLIC *public) - { - ptr = unpack_TPMI_ALG_PUBLIC(ptr, &public->type); -@@ -602,6 +652,7 @@ inline BYTE* unpack_TPMT_PUBLIC(BYTE* ptr, TPMT_PUBLIC *public) - return ptr; - } - -+static - inline BYTE* pack_TPM2B_PUBLIC(BYTE* ptr, const TPM2B_PUBLIC *public) - { - BYTE *sizePtr = ptr; -@@ -611,6 +662,7 @@ inline BYTE* pack_TPM2B_PUBLIC(BYTE* ptr, const TPM2B_PUBLIC *public) - return ptr; - } - -+static - inline BYTE* unpack_TPM2B_PUBLIC(BYTE* ptr, TPM2B_PUBLIC *public) - { - ptr = unpack_UINT16(ptr, &public->size); -@@ -618,6 +670,7 @@ inline BYTE* unpack_TPM2B_PUBLIC(BYTE* ptr, TPM2B_PUBLIC *public) - return ptr; - } - -+static - inline BYTE* pack_TPMS_PCR_SELECTION(BYTE* ptr, const TPMS_PCR_SELECTION *selection) - { - ptr = pack_TPMI_ALG_HASH(ptr, &selection->hash); -@@ -626,6 +679,7 @@ inline BYTE* pack_TPMS_PCR_SELECTION(BYTE* ptr, const TPMS_PCR_SELECTION *select - return ptr; - } - -+static - inline BYTE* pack_TPMS_PCR_SELECTION_Array(BYTE* ptr, const TPMS_PCR_SELECTION *selections, - const UINT32 cnt) - { -@@ -635,6 +689,7 @@ inline BYTE* pack_TPMS_PCR_SELECTION_Array(BYTE* ptr, const TPMS_PCR_SELECTION * - return ptr; - } - -+static - inline BYTE* pack_TPM_AuthArea(BYTE* ptr, const TPM_AuthArea *auth) - { - BYTE* sizePtr = ptr; -@@ -647,6 +702,7 @@ inline BYTE* pack_TPM_AuthArea(BYTE* ptr, const TPM_AuthArea *auth) - return ptr; - } - -+static - inline BYTE* unpack_TPM_AuthArea(BYTE* ptr, TPM_AuthArea *auth) - { - ptr = unpack_UINT32(ptr, &auth->size); -@@ -657,6 +713,7 @@ inline BYTE* unpack_TPM_AuthArea(BYTE* ptr, TPM_AuthArea *auth) - return ptr; - } - -+static - inline BYTE* pack_TPM2_RSA_KEY(BYTE* ptr, const TPM2_RSA_KEY *key) - { - ptr = pack_TPM2B_PRIVATE(ptr, &key->Private); -@@ -664,6 +721,7 @@ inline BYTE* pack_TPM2_RSA_KEY(BYTE* ptr, const TPM2_RSA_KEY *key) - return ptr; - } - -+static - inline BYTE* unpack_TPM2_RSA_KEY(BYTE* ptr, TPM2_RSA_KEY *key) - { - ptr = unpack_TPM2B_PRIVATE(ptr, &key->Private); -diff --git a/stubdom/vtpmmgr/tpmrsa.h b/stubdom/vtpmmgr/tpmrsa.h -index 08213bbb7a..65fd32a45c 100644 ---- a/stubdom/vtpmmgr/tpmrsa.h -+++ b/stubdom/vtpmmgr/tpmrsa.h -@@ -62,6 +62,7 @@ TPM_RESULT tpmrsa_pub_encrypt_oaep( tpmrsa_context *ctx, - unsigned char *output ); - - /* free tpmrsa key */ -+static - inline void tpmrsa_free( tpmrsa_context *ctx ) { - mpi_free( &ctx->RN ); mpi_free( &ctx->E ); mpi_free( &ctx->N ); - } - -_______________________________________________ -Xen-devel mailing list -Xen-devel@lists.xen.org -https://lists.xen.org/xen-devel diff --git a/system/xen/patches/glibc-memfd_fix_configure_test.patch b/system/xen/patches/glibc-memfd_fix_configure_test.patch new file mode 100644 index 0000000000000..b1f354ac1ce2d --- /dev/null +++ b/system/xen/patches/glibc-memfd_fix_configure_test.patch @@ -0,0 +1,55 @@ +From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini <pbonzini@redhat.com> +Date: Tue, 28 Nov 2017 11:51:27 +0100 +Subject: [PATCH] memfd: fix configure test +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Recent glibc added memfd_create in sys/mman.h. This conflicts with +the definition in util/memfd.c: + + /builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration + +Fix the configure test, and remove the sys/memfd.h inclusion since the +file actually does not exist---it is a typo in the memfd_create(2) man +page. + +Cc: Marc-André Lureau <marcandre.lureau@redhat.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + configure | 2 +- + util/memfd.c | 4 +--- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/configure b/configure +index 9c8aa5a..99ccc17 100755 +--- a/configure ++++ b/configure +@@ -3923,7 +3923,7 @@ fi + # check if memfd is supported + memfd=no + cat > $TMPC << EOF +-#include <sys/memfd.h> ++#include <sys/mman.h> + + int main(void) + { +diff --git a/util/memfd.c b/util/memfd.c +index 4571d1a..412e94a 100644 +--- a/util/memfd.c ++++ b/util/memfd.c +@@ -31,9 +31,7 @@ + + #include "qemu/memfd.h" + +-#ifdef CONFIG_MEMFD +-#include <sys/memfd.h> +-#elif defined CONFIG_LINUX ++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD + #include <sys/syscall.h> + #include <asm/unistd.h> + +-- +1.8.3.1 + diff --git a/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-ath5k.patch b/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-ath5k.patch deleted file mode 100644 index 2de261aa02700..0000000000000 --- a/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-ath5k.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 45f2265bfcbbf2afd7fac24372ae26e453f2b52d Mon Sep 17 00:00:00 2001 -From: Michael Brown <mcb30@ipxe.org> -Date: Wed, 22 Mar 2017 11:52:09 +0200 -Subject: [PATCH] [ath] Add missing break statements - -Signed-off-by: Michael Brown <mcb30@ipxe.org> ---- - src/drivers/net/ath/ath5k/ath5k_desc.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/drivers/net/ath/ath5k/ath5k_desc.c b/src/drivers/net/ath/ath5k/ath5k_desc.c -index 30fe1c777..816d26ede 100644 ---- a/src/drivers/net/ath/ath5k/ath5k_desc.c -+++ b/src/drivers/net/ath/ath5k/ath5k_desc.c -@@ -104,10 +104,13 @@ ath5k_hw_setup_2word_tx_desc(struct ath5k_hw *ah, struct ath5k_desc *desc, - case AR5K_PKT_TYPE_BEACON: - case AR5K_PKT_TYPE_PROBE_RESP: - frame_type = AR5K_AR5210_TX_DESC_FRAME_TYPE_NO_DELAY; -+ break; - case AR5K_PKT_TYPE_PIFS: - frame_type = AR5K_AR5210_TX_DESC_FRAME_TYPE_PIFS; -+ break; - default: - frame_type = type /*<< 2 ?*/; -+ break; - } - - tx_ctl->tx_control_0 |= diff --git a/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-curses.patch b/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-curses.patch deleted file mode 100644 index 5faa5600ba580..0000000000000 --- a/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-curses.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 28e26dd2503e6006fabb26f8c33050ba93a99623 Mon Sep 17 00:00:00 2001 -From: Michael Brown <mcb30@ipxe.org> -Date: Wed, 29 Mar 2017 10:35:05 +0300 -Subject: [PATCH] [mucurses] Fix erroneous __nonnull attribute - -Signed-off-by: Michael Brown <mcb30@ipxe.org> ---- - src/include/curses.h | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/include/curses.h b/src/include/curses.h -index 04060fe27..1f6fe029b 100644 ---- a/src/include/curses.h -+++ b/src/include/curses.h -@@ -443,7 +443,8 @@ extern int wborder ( WINDOW *, chtype, chtype, chtype, chtype, chtype, chtype, - extern int wclrtobot ( WINDOW * ) __nonnull; - extern int wclrtoeol ( WINDOW * ) __nonnull; - extern void wcursyncup ( WINDOW * ); --extern int wcolour_set ( WINDOW *, short, void * ) __nonnull; -+extern int wcolour_set ( WINDOW *, short, void * ) -+ __attribute__ (( nonnull (1))); - #define wcolor_set(w,s,v) wcolour_set((w),(s),(v)) - extern int wdelch ( WINDOW * ) __nonnull; - extern int wdeleteln ( WINDOW * ) __nonnull; diff --git a/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough.patch b/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough.patch deleted file mode 100644 index fe379699b36ee..0000000000000 --- a/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 5f85cbb9ee1c00cec81a848a9e871ad5d1e7f53f Mon Sep 17 00:00:00 2001 -From: Michael Brown <mcb30@ipxe.org> -Date: Wed, 29 Mar 2017 10:36:03 +0300 -Subject: [PATCH] [build] Avoid implicit-fallthrough warnings on GCC 7 - -Reported-by: Vinson Lee <vlee@freedesktop.org> -Reported-by: Liang Yan <lyan@suse.com> -Signed-off-by: Michael Brown <mcb30@ipxe.org> ---- - src/arch/x86/image/bzimage.c | 2 ++ - src/drivers/infiniband/golan.c | 1 + - src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c | 2 ++ - src/drivers/net/ath/ath9k/ath9k_ar9002_phy.c | 1 + - src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c | 1 + - src/drivers/net/igbvf/igbvf_vf.c | 1 + - src/drivers/net/tg3/tg3_hw.c | 12 ++++++++++++ - src/tests/setjmp_test.c | 5 +++-- - 8 files changed, 23 insertions(+), 2 deletions(-) - -diff --git a/src/arch/x86/image/bzimage.c b/src/arch/x86/image/bzimage.c -index e3c4cb83d..51498bf95 100644 ---- a/src/arch/x86/image/bzimage.c -+++ b/src/arch/x86/image/bzimage.c -@@ -282,9 +282,11 @@ static int bzimage_parse_cmdline ( struct image *image, - case 'G': - case 'g': - bzimg->mem_limit <<= 10; -+ /* Fall through */ - case 'M': - case 'm': - bzimg->mem_limit <<= 10; -+ /* Fall through */ - case 'K': - case 'k': - bzimg->mem_limit <<= 10; -diff --git a/src/drivers/infiniband/golan.c b/src/drivers/infiniband/golan.c -index 30eaabab2..61331d4c1 100755 ---- a/src/drivers/infiniband/golan.c -+++ b/src/drivers/infiniband/golan.c -@@ -1956,6 +1956,7 @@ static inline void golan_handle_port_event(struct golan *golan, struct golan_eqe - case GOLAN_PORT_CHANGE_SUBTYPE_CLIENT_REREG: - case GOLAN_PORT_CHANGE_SUBTYPE_ACTIVE: - golan_ib_update ( ibdev ); -+ /* Fall through */ - case GOLAN_PORT_CHANGE_SUBTYPE_DOWN: - case GOLAN_PORT_CHANGE_SUBTYPE_LID: - case GOLAN_PORT_CHANGE_SUBTYPE_PKEY: -diff --git a/src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c b/src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c -index 2b6c133cb..a98e4bb66 100644 ---- a/src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c -+++ b/src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c -@@ -640,12 +640,14 @@ static void ar5008_hw_init_chain_masks(struct ath_hw *ah) - case 0x5: - REG_SET_BIT(ah, AR_PHY_ANALOG_SWAP, - AR_PHY_SWAP_ALT_CHAIN); -+ /* Fall through */ - case 0x3: - if (ah->hw_version.macVersion == AR_SREV_REVISION_5416_10) { - REG_WRITE(ah, AR_PHY_RX_CHAINMASK, 0x7); - REG_WRITE(ah, AR_PHY_CAL_CHAINMASK, 0x7); - break; - } -+ /* Fall through */ - case 0x1: - case 0x2: - case 0x7: -diff --git a/src/drivers/net/ath/ath9k/ath9k_ar9002_phy.c b/src/drivers/net/ath/ath9k/ath9k_ar9002_phy.c -index 72203ba48..65cfad597 100644 ---- a/src/drivers/net/ath/ath9k/ath9k_ar9002_phy.c -+++ b/src/drivers/net/ath/ath9k/ath9k_ar9002_phy.c -@@ -122,6 +122,7 @@ static int ar9002_hw_set_channel(struct ath_hw *ah, struct ath9k_channel *chan) - aModeRefSel = 2; - if (aModeRefSel) - break; -+ /* Fall through */ - case 1: - default: - aModeRefSel = 0; -diff --git a/src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c b/src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c -index 2244b775a..b66358b92 100644 ---- a/src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c -+++ b/src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c -@@ -539,6 +539,7 @@ void ar9003_hw_set_chain_masks(struct ath_hw *ah, u8 rx, u8 tx) - case 0x5: - REG_SET_BIT(ah, AR_PHY_ANALOG_SWAP, - AR_PHY_SWAP_ALT_CHAIN); -+ /* Fall through */ - case 0x3: - case 0x1: - case 0x2: -diff --git a/src/drivers/net/igbvf/igbvf_vf.c b/src/drivers/net/igbvf/igbvf_vf.c -index f2dac8be7..f841d5e3d 100644 ---- a/src/drivers/net/igbvf/igbvf_vf.c -+++ b/src/drivers/net/igbvf/igbvf_vf.c -@@ -357,6 +357,7 @@ s32 igbvf_promisc_set_vf(struct e1000_hw *hw, enum e1000_promisc_type type) - break; - case e1000_promisc_enabled: - msgbuf |= E1000_VF_SET_PROMISC_MULTICAST; -+ /* Fall through */ - case e1000_promisc_unicast: - msgbuf |= E1000_VF_SET_PROMISC_UNICAST; - case e1000_promisc_disabled: -diff --git a/src/drivers/net/tg3/tg3_hw.c b/src/drivers/net/tg3/tg3_hw.c -index 50353cf36..798f8519f 100644 ---- a/src/drivers/net/tg3/tg3_hw.c -+++ b/src/drivers/net/tg3/tg3_hw.c -@@ -2518,28 +2518,40 @@ static int tg3_reset_hw(struct tg3 *tp, int reset_phy) - switch (limit) { - case 16: - tw32(MAC_RCV_RULE_15, 0); tw32(MAC_RCV_VALUE_15, 0); -+ /* Fall through */ - case 15: - tw32(MAC_RCV_RULE_14, 0); tw32(MAC_RCV_VALUE_14, 0); -+ /* Fall through */ - case 14: - tw32(MAC_RCV_RULE_13, 0); tw32(MAC_RCV_VALUE_13, 0); -+ /* Fall through */ - case 13: - tw32(MAC_RCV_RULE_12, 0); tw32(MAC_RCV_VALUE_12, 0); -+ /* Fall through */ - case 12: - tw32(MAC_RCV_RULE_11, 0); tw32(MAC_RCV_VALUE_11, 0); -+ /* Fall through */ - case 11: - tw32(MAC_RCV_RULE_10, 0); tw32(MAC_RCV_VALUE_10, 0); -+ /* Fall through */ - case 10: - tw32(MAC_RCV_RULE_9, 0); tw32(MAC_RCV_VALUE_9, 0); -+ /* Fall through */ - case 9: - tw32(MAC_RCV_RULE_8, 0); tw32(MAC_RCV_VALUE_8, 0); -+ /* Fall through */ - case 8: - tw32(MAC_RCV_RULE_7, 0); tw32(MAC_RCV_VALUE_7, 0); -+ /* Fall through */ - case 7: - tw32(MAC_RCV_RULE_6, 0); tw32(MAC_RCV_VALUE_6, 0); -+ /* Fall through */ - case 6: - tw32(MAC_RCV_RULE_5, 0); tw32(MAC_RCV_VALUE_5, 0); -+ /* Fall through */ - case 5: - tw32(MAC_RCV_RULE_4, 0); tw32(MAC_RCV_VALUE_4, 0); -+ /* Fall through */ - case 4: - /* tw32(MAC_RCV_RULE_3, 0); tw32(MAC_RCV_VALUE_3, 0); */ - case 3: -diff --git a/src/tests/setjmp_test.c b/src/tests/setjmp_test.c -index 50ad13f3c..deafcee09 100644 ---- a/src/tests/setjmp_test.c -+++ b/src/tests/setjmp_test.c -@@ -111,8 +111,9 @@ static void setjmp_return_ok ( struct setjmp_test *test, int value ) { - * @v file Test code file - * @v line Test code line - */ --static void longjmp_okx ( struct setjmp_test *test, int value, -- const char *file, unsigned int line ) { -+static void __attribute__ (( noreturn )) -+longjmp_okx ( struct setjmp_test *test, int value, -+ const char *file, unsigned int line ) { - - /* Record expected value. A zero passed to longjmp() should - * result in setjmp() returning a value of one. diff --git a/system/xen/patches/patch-ipxe-patches-series.patch b/system/xen/patches/patch-ipxe-patches-series.patch deleted file mode 100644 index 30e9164177bff..0000000000000 --- a/system/xen/patches/patch-ipxe-patches-series.patch +++ /dev/null @@ -1,18 +0,0 @@ -Subject: [PATCH] Fix gcc7 warn - ---- - tools/firmware/etherboot/patches/series | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/tools/firmware/etherboot/patches/series b/tools/firmware/etherboot/patches/series -index 86cb300..780c6c6 100644 ---- a/tools/firmware/etherboot/patches/series -+++ b/tools/firmware/etherboot/patches/series -@@ -1 +1,4 @@ - boot_prompt_option.patch -+patch-inbuild-ipxe-gcc7-implicit-fallthrough.patch -+patch-inbuild-ipxe-gcc7-implicit-fallthrough-ath5k.patch -+patch-inbuild-ipxe-gcc7-implicit-fallthrough-curses.patch --- -2.13.0 - diff --git a/system/xen/patches/use_already_present_ipxe.diff b/system/xen/patches/use_already_present_ipxe.diff deleted file mode 100644 index 631b2b00f4b64..0000000000000 --- a/system/xen/patches/use_already_present_ipxe.diff +++ /dev/null @@ -1,21 +0,0 @@ ---- xen-4.3.0/tools/firmware/etherboot/Makefile.ORIG 2013-07-09 12:46:56.000000000 +0200 -+++ xen-4.3.0/tools/firmware/etherboot/Makefile 2013-07-28 13:34:32.994197893 +0200 -@@ -28,12 +28,12 @@ - $(MAKE) -C $D/src bin/$(*F).rom - - $T: -- if ! $(FETCHER) _$T $(IPXE_TARBALL_URL); then \ -- $(GIT) clone $(IPXE_GIT_URL) $D.git; \ -- (cd $D.git && $(GIT) archive --format=tar --prefix=$D/ \ -- $(IPXE_GIT_TAG) | gzip >../_$T); \ -- rm -rf $D.git; \ -- fi -+# if ! $(FETCHER) _$T $(IPXE_TARBALL_URL); then \ -+# $(GIT) clone $(IPXE_GIT_URL) $D.git; \ -+# (cd $D.git && $(GIT) archive --format=tar --prefix=$D/ \ -+# $(IPXE_GIT_TAG) | gzip >../_$T); \ -+# rm -rf $D.git; \ -+# fi - mv _$T $T - - $D/src/arch/i386/Makefile: $T Config diff --git a/system/xen/xen.SlackBuild b/system/xen/xen.SlackBuild index 4214e973d1c83..726227650a466 100644 --- a/system/xen/xen.SlackBuild +++ b/system/xen/xen.SlackBuild @@ -2,7 +2,7 @@ # Slackware build script for xen -# Copyright 2010, 2011, 2013, 2014, 2015, 2016, 2017 Mario Preksavec, Zagreb, Croatia +# Copyright 2010, 2011, 2013, 2014, 2015, 2016, 2017, 2018 Mario Preksavec, Zagreb, Croatia # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -23,13 +23,13 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM=xen -VERSION=${VERSION:-4.9.1} -BUILD=${BUILD:-2} +VERSION=${VERSION:-4.10.0} +BUILD=${BUILD:-1} TAG=${TAG:-_SBo} -SEABIOS=${SEABIOS:-1.10.0} -OVMF=${OVMF:-20170321_5920a9d} -IPXE=${IPXE:-827dd1bfee67daa683935ce65316f7e0f057fe1c} +SEABIOS=${SEABIOS:-1.10.2} +OVMF=${OVMF:-20170920_947f3737a} +IPXE=${IPXE:-356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d} if [ -z "$ARCH" ]; then case "$( uname -m )" in @@ -137,9 +137,6 @@ done # Remove hardlinks patch -p1 <$CWD/patches/symlinks_instead_of_hardlinks.diff -# Let's not download stuff during the build... -patch -p1 <$CWD/patches/use_already_present_ipxe.diff - # Copy already present source tarballs cp $CWD/ipxe-git-$IPXE.tar.gz tools/firmware/etherboot/_ipxe.tar.gz ( @@ -161,20 +158,9 @@ cp $CWD/{lwip,zlib,newlib,pciutils,grub,gmp,tpm_emulator}-*.tar.?z* \ # Prevent leaks during the build patch -p1 <$CWD/patches/stubdom_zlib_disable_man_install.diff -# GCC7 support with help from Mark Pryor (PryMar56) and ArchLinux folks -if [ $(gcc -dumpfullversion | cut -d. -f1) -eq 7 ]; then - # OVMF - patch -d tools/firmware/ovmf-dir \ - -p1 <$CWD/patches/gcc7-fix-incorrect-comparison.patch - # vTPM - patch -p1 <$CWD/patches/gcc7-vtpmmgr-make-inline-static.patch - patch -p1 <$CWD/patches/gcc7-vtpm-implicit-fallthrough.patch - # Mini-OS - patch -d extras/mini-os \ - -p1 <$CWD/patches/gcc7-minios-implement-udivmoddi4.patch - # IPXE - patch -p1 <$CWD/patches/patch-ipxe-patches-series.patch - cp $CWD/patches/patch-inbuild-ipxe*.patch tools/firmware/etherboot/patches/ +# Fix glibc-2.27 build +if [ "$(ldd --version | awk '{print $NF; exit}')" = "2.27" ]; then + ( cd tools/qemu-xen && patch -p1 <$CWD/patches/glibc-memfd_fix_configure_test.patch ) fi CFLAGS="$SLKCFLAGS" \ diff --git a/system/xen/xen.info b/system/xen/xen.info index aeb2e0e448610..b2253a3497c84 100644 --- a/system/xen/xen.info +++ b/system/xen/xen.info @@ -1,8 +1,8 @@ PRGNAM="xen" -VERSION="4.9.1" +VERSION="4.10.0" HOMEPAGE="http://www.xenproject.org/" -DOWNLOAD="http://mirror.slackware.hr/sources/xen/xen-4.9.1.tar.gz \ - http://mirror.slackware.hr/sources/xen-extfiles/ipxe-git-827dd1bfee67daa683935ce65316f7e0f057fe1c.tar.gz \ +DOWNLOAD="http://mirror.slackware.hr/sources/xen/xen-4.10.0.tar.gz \ + http://mirror.slackware.hr/sources/xen-extfiles/ipxe-git-356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d.tar.gz \ http://mirror.slackware.hr/sources/xen-extfiles/lwip-1.3.0.tar.gz \ http://mirror.slackware.hr/sources/xen-extfiles/zlib-1.2.3.tar.gz \ http://mirror.slackware.hr/sources/xen-extfiles/newlib-1.16.0.tar.gz \ @@ -11,10 +11,10 @@ DOWNLOAD="http://mirror.slackware.hr/sources/xen/xen-4.9.1.tar.gz \ http://mirror.slackware.hr/sources/xen-extfiles/polarssl-1.1.4-gpl.tgz \ http://mirror.slackware.hr/sources/xen-extfiles/gmp-4.3.2.tar.bz2 \ http://mirror.slackware.hr/sources/xen-extfiles/tpm_emulator-0.7.4.tar.gz \ - http://mirror.slackware.hr/sources/xen-seabios/seabios-1.10.0.tar.gz \ - http://mirror.slackware.hr/sources/xen-ovmf/xen-ovmf-20170321_5920a9d.tar.bz2" -MD5SUM="8b9d6104694b164d54334194135f7217 \ - 71c69b5e1db9e01d5f246226eca03c22 \ + http://mirror.slackware.hr/sources/xen-seabios/seabios-1.10.2.tar.gz \ + http://mirror.slackware.hr/sources/xen-ovmf/xen-ovmf-20170920_947f3737a.tar.bz2" +MD5SUM="ab9d320d02cb40f6b40506aed1a38d58 \ + 0061f103c84b25c2e6ac47649b909bde \ 36cc57650cffda9a0269493be2a169bb \ debc62758716a169df9f62e6ab2bc634 \ bf8f1f9e3ca83d732c00a79a6ef29bc4 \ @@ -23,8 +23,8 @@ MD5SUM="8b9d6104694b164d54334194135f7217 \ 7b72caf22b01464ee7d6165f2fd85f44 \ dd60683d7057917e34630b4a787932e8 \ e26becb8a6a2b6695f6b3e8097593db8 \ - 633ffc9df0295eeeb4182444eb0300ee \ - 8caf4ea54fcc035d604f35556066e312" + 03387d3c84c7f43d6b8ab894155e1289 \ + 779a40b927fb78a0d1732bb688d7a257" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="acpica yajl" diff --git a/system/xen/xsa/xsa246-4.9.patch b/system/xen/xsa/xsa246-4.9.patch deleted file mode 100644 index 6370a106254c8..0000000000000 --- a/system/xen/xsa/xsa246-4.9.patch +++ /dev/null @@ -1,74 +0,0 @@ -From: Julien Grall <julien.grall@linaro.org> -Subject: x86/pod: prevent infinite loop when shattering large pages - -When populating pages, the PoD may need to split large ones using -p2m_set_entry and request the caller to retry (see ept_get_entry for -instance). - -p2m_set_entry may fail to shatter if it is not possible to allocate -memory for the new page table. However, the error is not propagated -resulting to the callers to retry infinitely the PoD. - -Prevent the infinite loop by return false when it is not possible to -shatter the large mapping. - -This is XSA-246. - -Signed-off-by: Julien Grall <julien.grall@linaro.org> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: George Dunlap <george.dunlap@citrix.com> - ---- a/xen/arch/x86/mm/p2m-pod.c -+++ b/xen/arch/x86/mm/p2m-pod.c -@@ -1071,9 +1071,8 @@ p2m_pod_demand_populate(struct p2m_domai - * NOTE: In a fine-grained p2m locking scenario this operation - * may need to promote its locking from gfn->1g superpage - */ -- p2m_set_entry(p2m, gfn_aligned, INVALID_MFN, PAGE_ORDER_2M, -- p2m_populate_on_demand, p2m->default_access); -- return 0; -+ return p2m_set_entry(p2m, gfn_aligned, INVALID_MFN, PAGE_ORDER_2M, -+ p2m_populate_on_demand, p2m->default_access); - } - - /* Only reclaim if we're in actual need of more cache. */ -@@ -1104,8 +1103,12 @@ p2m_pod_demand_populate(struct p2m_domai - - gfn_aligned = (gfn >> order) << order; - -- p2m_set_entry(p2m, gfn_aligned, mfn, order, p2m_ram_rw, -- p2m->default_access); -+ if ( p2m_set_entry(p2m, gfn_aligned, mfn, order, p2m_ram_rw, -+ p2m->default_access) ) -+ { -+ p2m_pod_cache_add(p2m, p, order); -+ goto out_fail; -+ } - - for( i = 0; i < (1UL << order); i++ ) - { -@@ -1150,13 +1153,18 @@ remap_and_retry: - BUG_ON(order != PAGE_ORDER_2M); - pod_unlock(p2m); - -- /* Remap this 2-meg region in singleton chunks */ -- /* NOTE: In a p2m fine-grained lock scenario this might -- * need promoting the gfn lock from gfn->2M superpage */ -+ /* -+ * Remap this 2-meg region in singleton chunks. See the comment on the -+ * 1G page splitting path above for why a single call suffices. -+ * -+ * NOTE: In a p2m fine-grained lock scenario this might -+ * need promoting the gfn lock from gfn->2M superpage. -+ */ - gfn_aligned = (gfn>>order)<<order; -- for(i=0; i<(1<<order); i++) -- p2m_set_entry(p2m, gfn_aligned + i, INVALID_MFN, PAGE_ORDER_4K, -- p2m_populate_on_demand, p2m->default_access); -+ if ( p2m_set_entry(p2m, gfn_aligned, INVALID_MFN, PAGE_ORDER_4K, -+ p2m_populate_on_demand, p2m->default_access) ) -+ return -1; -+ - if ( tb_init_done ) - { - struct { diff --git a/system/xen/xsa/xsa247-4.9-0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu.patch b/system/xen/xsa/xsa247-4.9-0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu.patch deleted file mode 100644 index ad9524a304195..0000000000000 --- a/system/xen/xsa/xsa247-4.9-0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu.patch +++ /dev/null @@ -1,176 +0,0 @@ -From ad208b8b7e45fb2b7c572b86c61c26412609e82d Mon Sep 17 00:00:00 2001 -From: George Dunlap <george.dunlap@citrix.com> -Date: Fri, 10 Nov 2017 16:53:54 +0000 -Subject: [PATCH 1/2] p2m: Always check to see if removing a p2m entry actually - worked - -The PoD zero-check functions speculatively remove memory from the p2m, -then check to see if it's completely zeroed, before putting it in the -cache. - -Unfortunately, the p2m_set_entry() calls may fail if the underlying -pagetable structure needs to change and the domain has exhausted its -p2m memory pool: for instance, if we're removing a 2MiB region out of -a 1GiB entry (in the p2m_pod_zero_check_superpage() case), or a 4k -region out of a 2MiB or larger entry (in the p2m_pod_zero_check() -case); and the return value is not checked. - -The underlying mfn will then be added into the PoD cache, and at some -point mapped into another location in the p2m. If the guest -afterwards ballons out this memory, it will be freed to the hypervisor -and potentially reused by another domain, in spite of the fact that -the original domain still has writable mappings to it. - -There are several places where p2m_set_entry() shouldn't be able to -fail, as it is guaranteed to write an entry of the same order that -succeeded before. Add a backstop of crashing the domain just in case, -and an ASSERT_UNREACHABLE() to flag up the broken assumption on debug -builds. - -While we're here, use PAGE_ORDER_2M rather than a magic constant. - -This is part of XSA-247. - -Reported-by: George Dunlap <george.dunlap.com> -Signed-off-by: George Dunlap <george.dunlap@citrix.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> ---- -v4: -- Removed some training whitespace -v3: -- Reformat reset clause to be more compact -- Make sure to set map[i] = NULL when unmapping in case we need to bail -v2: -- Crash a domain if a p2m_set_entry we think cannot fail fails anyway. ---- - xen/arch/x86/mm/p2m-pod.c | 77 +++++++++++++++++++++++++++++++++++++---------- - 1 file changed, 61 insertions(+), 16 deletions(-) - -diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c -index 730a48f928..f2ed751892 100644 ---- a/xen/arch/x86/mm/p2m-pod.c -+++ b/xen/arch/x86/mm/p2m-pod.c -@@ -752,8 +752,10 @@ p2m_pod_zero_check_superpage(struct p2m_domain *p2m, unsigned long gfn) - } - - /* Try to remove the page, restoring old mapping if it fails. */ -- p2m_set_entry(p2m, gfn, INVALID_MFN, PAGE_ORDER_2M, -- p2m_populate_on_demand, p2m->default_access); -+ if ( p2m_set_entry(p2m, gfn, INVALID_MFN, PAGE_ORDER_2M, -+ p2m_populate_on_demand, p2m->default_access) ) -+ goto out; -+ - p2m_tlb_flush_sync(p2m); - - /* Make none of the MFNs are used elsewhere... for example, mapped -@@ -810,9 +812,18 @@ p2m_pod_zero_check_superpage(struct p2m_domain *p2m, unsigned long gfn) - ret = SUPERPAGE_PAGES; - - out_reset: -- if ( reset ) -- p2m_set_entry(p2m, gfn, mfn0, 9, type0, p2m->default_access); -- -+ /* -+ * This p2m_set_entry() call shouldn't be able to fail, since the same order -+ * on the same gfn succeeded above. If that turns out to be false, crashing -+ * the domain should be the safest way of making sure we don't leak memory. -+ */ -+ if ( reset && p2m_set_entry(p2m, gfn, mfn0, PAGE_ORDER_2M, -+ type0, p2m->default_access) ) -+ { -+ ASSERT_UNREACHABLE(); -+ domain_crash(d); -+ } -+ - out: - gfn_unlock(p2m, gfn, SUPERPAGE_ORDER); - return ret; -@@ -869,19 +880,30 @@ p2m_pod_zero_check(struct p2m_domain *p2m, unsigned long *gfns, int count) - } - - /* Try to remove the page, restoring old mapping if it fails. */ -- p2m_set_entry(p2m, gfns[i], INVALID_MFN, PAGE_ORDER_4K, -- p2m_populate_on_demand, p2m->default_access); -+ if ( p2m_set_entry(p2m, gfns[i], INVALID_MFN, PAGE_ORDER_4K, -+ p2m_populate_on_demand, p2m->default_access) ) -+ goto skip; - - /* See if the page was successfully unmapped. (Allow one refcount - * for being allocated to a domain.) */ - if ( (mfn_to_page(mfns[i])->count_info & PGC_count_mask) > 1 ) - { -+ /* -+ * If the previous p2m_set_entry call succeeded, this one shouldn't -+ * be able to fail. If it does, crashing the domain should be safe. -+ */ -+ if ( p2m_set_entry(p2m, gfns[i], mfns[i], PAGE_ORDER_4K, -+ types[i], p2m->default_access) ) -+ { -+ ASSERT_UNREACHABLE(); -+ domain_crash(d); -+ goto out_unmap; -+ } -+ -+ skip: - unmap_domain_page(map[i]); - map[i] = NULL; - -- p2m_set_entry(p2m, gfns[i], mfns[i], PAGE_ORDER_4K, -- types[i], p2m->default_access); -- - continue; - } - } -@@ -900,12 +922,25 @@ p2m_pod_zero_check(struct p2m_domain *p2m, unsigned long *gfns, int count) - - unmap_domain_page(map[i]); - -- /* See comment in p2m_pod_zero_check_superpage() re gnttab -- * check timing. */ -- if ( j < PAGE_SIZE/sizeof(*map[i]) ) -+ map[i] = NULL; -+ -+ /* -+ * See comment in p2m_pod_zero_check_superpage() re gnttab -+ * check timing. -+ */ -+ if ( j < (PAGE_SIZE / sizeof(*map[i])) ) - { -- p2m_set_entry(p2m, gfns[i], mfns[i], PAGE_ORDER_4K, -- types[i], p2m->default_access); -+ /* -+ * If the previous p2m_set_entry call succeeded, this one shouldn't -+ * be able to fail. If it does, crashing the domain should be safe. -+ */ -+ if ( p2m_set_entry(p2m, gfns[i], mfns[i], PAGE_ORDER_4K, -+ types[i], p2m->default_access) ) -+ { -+ ASSERT_UNREACHABLE(); -+ domain_crash(d); -+ goto out_unmap; -+ } - } - else - { -@@ -929,7 +964,17 @@ p2m_pod_zero_check(struct p2m_domain *p2m, unsigned long *gfns, int count) - p2m->pod.entry_count++; - } - } -- -+ -+ return; -+ -+out_unmap: -+ /* -+ * Something went wrong, probably crashing the domain. Unmap -+ * everything and return. -+ */ -+ for ( i = 0; i < count; i++ ) -+ if ( map[i] ) -+ unmap_domain_page(map[i]); - } - - #define POD_SWEEP_LIMIT 1024 --- -2.15.0 - diff --git a/system/xen/xsa/xsa247-4.9-0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas.patch b/system/xen/xsa/xsa247-4.9-0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas.patch deleted file mode 100644 index 8c850bd7f55d1..0000000000000 --- a/system/xen/xsa/xsa247-4.9-0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas.patch +++ /dev/null @@ -1,109 +0,0 @@ -From d4bc7833707351a5341a6bdf04c752a028d9560d Mon Sep 17 00:00:00 2001 -From: George Dunlap <george.dunlap@citrix.com> -Date: Fri, 10 Nov 2017 16:53:55 +0000 -Subject: [PATCH 2/2] p2m: Check return value of p2m_set_entry() when - decreasing reservation - -If the entire range specified to p2m_pod_decrease_reservation() is marked -populate-on-demand, then it will make a single p2m_set_entry() call, -reducing its PoD entry count. - -Unfortunately, in the right circumstances, this p2m_set_entry() call -may fail. It that case, repeated calls to decrease_reservation() may -cause p2m->pod.entry_count to fall below zero, potentially tripping -over BUG_ON()s to the contrary. - -Instead, check to see if the entry succeeded, and return false if not. -The caller will then call guest_remove_page() on the gfns, which will -return -EINVAL upon finding no valid memory there to return. - -Unfortunately if the order > 0, the entry may have partially changed. -A domain_crash() is probably the safest thing in that case. - -Other p2m_set_entry() calls in the same function should be fine, -because they are writing the entry at its current order. Nonetheless, -check the return value and crash if our assumption turns otu to be -wrong. - -This is part of XSA-247. - -Reported-by: George Dunlap <george.dunlap.com> -Signed-off-by: George Dunlap <george.dunlap@citrix.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> ---- -v2: Crash the domain if we're not sure it's safe (or if we think it -can't happen) ---- - xen/arch/x86/mm/p2m-pod.c | 42 +++++++++++++++++++++++++++++++++--------- - 1 file changed, 33 insertions(+), 9 deletions(-) - -diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c -index f2ed751892..473d6a6dbf 100644 ---- a/xen/arch/x86/mm/p2m-pod.c -+++ b/xen/arch/x86/mm/p2m-pod.c -@@ -555,11 +555,23 @@ p2m_pod_decrease_reservation(struct domain *d, - - if ( !nonpod ) - { -- /* All PoD: Mark the whole region invalid and tell caller -- * we're done. */ -- p2m_set_entry(p2m, gpfn, INVALID_MFN, order, p2m_invalid, -- p2m->default_access); -- p2m->pod.entry_count-=(1<<order); -+ /* -+ * All PoD: Mark the whole region invalid and tell caller -+ * we're done. -+ */ -+ if ( p2m_set_entry(p2m, gpfn, INVALID_MFN, order, p2m_invalid, -+ p2m->default_access) ) -+ { -+ /* -+ * If this fails, we can't tell how much of the range was changed. -+ * Best to crash the domain unless we're sure a partial change is -+ * impossible. -+ */ -+ if ( order != 0 ) -+ domain_crash(d); -+ goto out_unlock; -+ } -+ p2m->pod.entry_count -= 1UL << order; - BUG_ON(p2m->pod.entry_count < 0); - ret = 1; - goto out_entry_check; -@@ -600,8 +612,14 @@ p2m_pod_decrease_reservation(struct domain *d, - n = 1UL << cur_order; - if ( t == p2m_populate_on_demand ) - { -- p2m_set_entry(p2m, gpfn + i, INVALID_MFN, cur_order, -- p2m_invalid, p2m->default_access); -+ /* This shouldn't be able to fail */ -+ if ( p2m_set_entry(p2m, gpfn + i, INVALID_MFN, cur_order, -+ p2m_invalid, p2m->default_access) ) -+ { -+ ASSERT_UNREACHABLE(); -+ domain_crash(d); -+ goto out_unlock; -+ } - p2m->pod.entry_count -= n; - BUG_ON(p2m->pod.entry_count < 0); - pod -= n; -@@ -622,8 +640,14 @@ p2m_pod_decrease_reservation(struct domain *d, - - page = mfn_to_page(mfn); - -- p2m_set_entry(p2m, gpfn + i, INVALID_MFN, cur_order, -- p2m_invalid, p2m->default_access); -+ /* This shouldn't be able to fail */ -+ if ( p2m_set_entry(p2m, gpfn + i, INVALID_MFN, cur_order, -+ p2m_invalid, p2m->default_access) ) -+ { -+ ASSERT_UNREACHABLE(); -+ domain_crash(d); -+ goto out_unlock; -+ } - p2m_tlb_flush_sync(p2m); - for ( j = 0; j < n; ++j ) - set_gpfn_from_mfn(mfn_x(mfn), INVALID_M2P_ENTRY); --- -2.15.0 - diff --git a/system/xen/xsa/xsa248.patch b/system/xen/xsa/xsa248.patch deleted file mode 100644 index 966c16e043aae..0000000000000 --- a/system/xen/xsa/xsa248.patch +++ /dev/null @@ -1,164 +0,0 @@ -From: Jan Beulich <jbeulich@suse.com> -Subject: x86/mm: don't wrongly set page ownership - -PV domains can obtain mappings of any pages owned by the correct domain, -including ones that aren't actually assigned as "normal" RAM, but used -by Xen internally. At the moment such "internal" pages marked as owned -by a guest include pages used to track logdirty bits, as well as p2m -pages and the "unpaged pagetable" for HVM guests. Since the PV memory -management and shadow code conflict in their use of struct page_info -fields, and since shadow code is being used for log-dirty handling for -PV domains, pages coming from the shadow pool must, for PV domains, not -have the domain set as their owner. - -While the change could be done conditionally for just the PV case in -shadow code, do it unconditionally (and for consistency also for HAP), -just to be on the safe side. - -There's one special case though for shadow code: The page table used for -running a HVM guest in unpaged mode is subject to get_page() (in -set_shadow_status()) and hence must have its owner set. - -This is XSA-248. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Tim Deegan <tim@xen.org> -Reviewed-by: George Dunlap <george.dunlap@citrix.com> ---- -v2: Drop PGC_page_table related pieces. - ---- a/xen/arch/x86/mm/hap/hap.c -+++ b/xen/arch/x86/mm/hap/hap.c -@@ -286,8 +286,7 @@ static struct page_info *hap_alloc_p2m_p - { - d->arch.paging.hap.total_pages--; - d->arch.paging.hap.p2m_pages++; -- page_set_owner(pg, d); -- pg->count_info |= 1; -+ ASSERT(!page_get_owner(pg) && !(pg->count_info & PGC_count_mask)); - } - else if ( !d->arch.paging.p2m_alloc_failed ) - { -@@ -302,21 +301,23 @@ static struct page_info *hap_alloc_p2m_p - - static void hap_free_p2m_page(struct domain *d, struct page_info *pg) - { -+ struct domain *owner = page_get_owner(pg); -+ - /* This is called both from the p2m code (which never holds the - * paging lock) and the log-dirty code (which always does). */ - paging_lock_recursive(d); - -- ASSERT(page_get_owner(pg) == d); -- /* Should have just the one ref we gave it in alloc_p2m_page() */ -- if ( (pg->count_info & PGC_count_mask) != 1 ) { -- HAP_ERROR("Odd p2m page %p count c=%#lx t=%"PRtype_info"\n", -- pg, pg->count_info, pg->u.inuse.type_info); -+ /* Should still have no owner and count zero. */ -+ if ( owner || (pg->count_info & PGC_count_mask) ) -+ { -+ HAP_ERROR("d%d: Odd p2m page %"PRI_mfn" d=%d c=%lx t=%"PRtype_info"\n", -+ d->domain_id, mfn_x(page_to_mfn(pg)), -+ owner ? owner->domain_id : DOMID_INVALID, -+ pg->count_info, pg->u.inuse.type_info); - WARN(); -+ pg->count_info &= ~PGC_count_mask; -+ page_set_owner(pg, NULL); - } -- pg->count_info &= ~PGC_count_mask; -- /* Free should not decrement domain's total allocation, since -- * these pages were allocated without an owner. */ -- page_set_owner(pg, NULL); - d->arch.paging.hap.p2m_pages--; - d->arch.paging.hap.total_pages++; - hap_free(d, page_to_mfn(pg)); ---- a/xen/arch/x86/mm/shadow/common.c -+++ b/xen/arch/x86/mm/shadow/common.c -@@ -1503,32 +1503,29 @@ shadow_alloc_p2m_page(struct domain *d) - pg = mfn_to_page(shadow_alloc(d, SH_type_p2m_table, 0)); - d->arch.paging.shadow.p2m_pages++; - d->arch.paging.shadow.total_pages--; -+ ASSERT(!page_get_owner(pg) && !(pg->count_info & PGC_count_mask)); - - paging_unlock(d); - -- /* Unlike shadow pages, mark p2m pages as owned by the domain. -- * Marking the domain as the owner would normally allow the guest to -- * create mappings of these pages, but these p2m pages will never be -- * in the domain's guest-physical address space, and so that is not -- * believed to be a concern. */ -- page_set_owner(pg, d); -- pg->count_info |= 1; - return pg; - } - - static void - shadow_free_p2m_page(struct domain *d, struct page_info *pg) - { -- ASSERT(page_get_owner(pg) == d); -- /* Should have just the one ref we gave it in alloc_p2m_page() */ -- if ( (pg->count_info & PGC_count_mask) != 1 ) -+ struct domain *owner = page_get_owner(pg); -+ -+ /* Should still have no owner and count zero. */ -+ if ( owner || (pg->count_info & PGC_count_mask) ) - { -- SHADOW_ERROR("Odd p2m page count c=%#lx t=%"PRtype_info"\n", -+ SHADOW_ERROR("d%d: Odd p2m page %"PRI_mfn" d=%d c=%lx t=%"PRtype_info"\n", -+ d->domain_id, mfn_x(page_to_mfn(pg)), -+ owner ? owner->domain_id : DOMID_INVALID, - pg->count_info, pg->u.inuse.type_info); -+ pg->count_info &= ~PGC_count_mask; -+ page_set_owner(pg, NULL); - } -- pg->count_info &= ~PGC_count_mask; - pg->u.sh.type = SH_type_p2m_table; /* p2m code reuses type-info */ -- page_set_owner(pg, NULL); - - /* This is called both from the p2m code (which never holds the - * paging lock) and the log-dirty code (which always does). */ -@@ -3132,7 +3129,9 @@ int shadow_enable(struct domain *d, u32 - e = __map_domain_page(pg); - write_32bit_pse_identmap(e); - unmap_domain_page(e); -+ pg->count_info = 1; - pg->u.inuse.type_info = PGT_l2_page_table | 1 | PGT_validated; -+ page_set_owner(pg, d); - } - - paging_lock(d); -@@ -3170,7 +3169,11 @@ int shadow_enable(struct domain *d, u32 - if ( rv != 0 && !pagetable_is_null(p2m_get_pagetable(p2m)) ) - p2m_teardown(p2m); - if ( rv != 0 && pg != NULL ) -+ { -+ pg->count_info &= ~PGC_count_mask; -+ page_set_owner(pg, NULL); - shadow_free_p2m_page(d, pg); -+ } - domain_unpause(d); - return rv; - } -@@ -3279,7 +3282,22 @@ out: - - /* Must be called outside the lock */ - if ( unpaged_pagetable ) -+ { -+ if ( page_get_owner(unpaged_pagetable) == d && -+ (unpaged_pagetable->count_info & PGC_count_mask) == 1 ) -+ { -+ unpaged_pagetable->count_info &= ~PGC_count_mask; -+ page_set_owner(unpaged_pagetable, NULL); -+ } -+ /* Complain here in cases where shadow_free_p2m_page() won't. */ -+ else if ( !page_get_owner(unpaged_pagetable) && -+ !(unpaged_pagetable->count_info & PGC_count_mask) ) -+ SHADOW_ERROR("d%d: Odd unpaged pt %"PRI_mfn" c=%lx t=%"PRtype_info"\n", -+ d->domain_id, mfn_x(page_to_mfn(unpaged_pagetable)), -+ unpaged_pagetable->count_info, -+ unpaged_pagetable->u.inuse.type_info); - shadow_free_p2m_page(d, unpaged_pagetable); -+ } - } - - void shadow_final_teardown(struct domain *d) diff --git a/system/xen/xsa/xsa249.patch b/system/xen/xsa/xsa249.patch deleted file mode 100644 index ecfa4305e5bfb..0000000000000 --- a/system/xen/xsa/xsa249.patch +++ /dev/null @@ -1,42 +0,0 @@ -From: Jan Beulich <jbeulich@suse.com> -Subject: x86/shadow: fix refcount overflow check - -Commit c385d27079 ("x86 shadow: for multi-page shadows, explicitly track -the first page") reduced the refcount width to 25, without adjusting the -overflow check. Eliminate the disconnect by using a manifest constant. - -Interestingly, up to commit 047782fa01 ("Out-of-sync L1 shadows: OOS -snapshot") the refcount was 27 bits wide, yet the check was already -using 26. - -This is XSA-249. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: George Dunlap <george.dunlap@citrix.com> -Reviewed-by: Tim Deegan <tim@xen.org> ---- -v2: Simplify expression back to the style it was. - ---- a/xen/arch/x86/mm/shadow/private.h -+++ b/xen/arch/x86/mm/shadow/private.h -@@ -529,7 +529,7 @@ static inline int sh_get_ref(struct doma - x = sp->u.sh.count; - nx = x + 1; - -- if ( unlikely(nx >= 1U<<26) ) -+ if ( unlikely(nx >= (1U << PAGE_SH_REFCOUNT_WIDTH)) ) - { - SHADOW_PRINTK("shadow ref overflow, gmfn=%lx smfn=%lx\n", - __backpointer(sp), mfn_x(smfn)); ---- a/xen/include/asm-x86/mm.h -+++ b/xen/include/asm-x86/mm.h -@@ -82,7 +82,8 @@ struct page_info - unsigned long type:5; /* What kind of shadow is this? */ - unsigned long pinned:1; /* Is the shadow pinned? */ - unsigned long head:1; /* Is this the first page of the shadow? */ -- unsigned long count:25; /* Reference count */ -+#define PAGE_SH_REFCOUNT_WIDTH 25 -+ unsigned long count:PAGE_SH_REFCOUNT_WIDTH; /* Reference count */ - } sh; - - /* Page is on a free list: ((count_info & PGC_count_mask) == 0). */ diff --git a/system/xen/xsa/xsa250.patch b/system/xen/xsa/xsa250.patch deleted file mode 100644 index 26aeb33fedaf7..0000000000000 --- a/system/xen/xsa/xsa250.patch +++ /dev/null @@ -1,67 +0,0 @@ -From: Jan Beulich <jbeulich@suse.com> -Subject: x86/shadow: fix ref-counting error handling - -The old-Linux handling in shadow_set_l4e() mistakenly ORed together the -results of sh_get_ref() and sh_pin(). As the latter failing is not a -correctness problem, simply ignore its return value. - -In sh_set_toplevel_shadow() a failing sh_get_ref() must not be -accompanied by installing the entry, despite the domain being crashed. - -This is XSA-250. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Tim Deegan <tim@xen.org> - ---- a/xen/arch/x86/mm/shadow/multi.c -+++ b/xen/arch/x86/mm/shadow/multi.c -@@ -923,7 +923,7 @@ static int shadow_set_l4e(struct domain - shadow_l4e_t new_sl4e, - mfn_t sl4mfn) - { -- int flags = 0, ok; -+ int flags = 0; - shadow_l4e_t old_sl4e; - paddr_t paddr; - ASSERT(sl4e != NULL); -@@ -938,15 +938,16 @@ static int shadow_set_l4e(struct domain - { - /* About to install a new reference */ - mfn_t sl3mfn = shadow_l4e_get_mfn(new_sl4e); -- ok = sh_get_ref(d, sl3mfn, paddr); -- /* Are we pinning l3 shadows to handle wierd linux behaviour? */ -- if ( sh_type_is_pinnable(d, SH_type_l3_64_shadow) ) -- ok |= sh_pin(d, sl3mfn); -- if ( !ok ) -+ -+ if ( !sh_get_ref(d, sl3mfn, paddr) ) - { - domain_crash(d); - return SHADOW_SET_ERROR; - } -+ -+ /* Are we pinning l3 shadows to handle weird Linux behaviour? */ -+ if ( sh_type_is_pinnable(d, SH_type_l3_64_shadow) ) -+ sh_pin(d, sl3mfn); - } - - /* Write the new entry */ -@@ -3965,14 +3966,15 @@ sh_set_toplevel_shadow(struct vcpu *v, - - /* Take a ref to this page: it will be released in sh_detach_old_tables() - * or the next call to set_toplevel_shadow() */ -- if ( !sh_get_ref(d, smfn, 0) ) -+ if ( sh_get_ref(d, smfn, 0) ) -+ new_entry = pagetable_from_mfn(smfn); -+ else - { - SHADOW_ERROR("can't install %#lx as toplevel shadow\n", mfn_x(smfn)); - domain_crash(d); -+ new_entry = pagetable_null(); - } - -- new_entry = pagetable_from_mfn(smfn); -- - install_new_entry: - /* Done. Install it */ - SHADOW_PRINTK("%u/%u [%u] gmfn %#"PRI_mfn" smfn %#"PRI_mfn"\n", diff --git a/system/xen/xsa/xsa251.patch b/system/xen/xsa/xsa251.patch deleted file mode 100644 index 582ef622eb1a2..0000000000000 --- a/system/xen/xsa/xsa251.patch +++ /dev/null @@ -1,21 +0,0 @@ -From: Jan Beulich <jbeulich@suse.com> -Subject: x86/paging: don't unconditionally BUG() on finding SHARED_M2P_ENTRY - -PV guests can fully control the values written into the P2M. - -This is XSA-251. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> - ---- a/xen/arch/x86/mm/paging.c -+++ b/xen/arch/x86/mm/paging.c -@@ -274,7 +274,7 @@ void paging_mark_pfn_dirty(struct domain - return; - - /* Shared MFNs should NEVER be marked dirty */ -- BUG_ON(SHARED_M2P(pfn_x(pfn))); -+ BUG_ON(paging_mode_translate(d) && SHARED_M2P(pfn_x(pfn))); - - /* - * Values with the MSB set denote MFNs that aren't really part of the diff --git a/system/xen/xsa/xsa252.patch b/system/xen/xsa/xsa252.patch new file mode 100644 index 0000000000000..8615928142a62 --- /dev/null +++ b/system/xen/xsa/xsa252.patch @@ -0,0 +1,27 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: memory: don't implicitly unpin for decrease-reservation + +It very likely was a mistake (copy-and-paste from domain cleanup code) +to implicitly unpin here: The caller should really unpin itself before +(or after, if they so wish) requesting the page to be removed. + +This is XSA-252. + +Reported-by: Jann Horn <jannh@google.com> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/common/memory.c ++++ b/xen/common/memory.c +@@ -357,11 +357,6 @@ int guest_remove_page(struct domain *d, + + rc = guest_physmap_remove_page(d, _gfn(gmfn), mfn, 0); + +-#ifdef _PGT_pinned +- if ( !rc && test_and_clear_bit(_PGT_pinned, &page->u.inuse.type_info) ) +- put_page_and_type(page); +-#endif +- + /* + * With the lack of an IOMMU on some platforms, domains with DMA-capable + * device must retrieve the same pfn when the hypercall populate_physmap diff --git a/system/xen/xsa/xsa253.patch b/system/xen/xsa/xsa253.patch new file mode 100644 index 0000000000000..19e4269358522 --- /dev/null +++ b/system/xen/xsa/xsa253.patch @@ -0,0 +1,26 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: x86/msr: Free msr_vcpu_policy during vcpu destruction + +c/s 4187f79dc7 "x86/msr: introduce struct msr_vcpu_policy" introduced a +per-vcpu memory allocation, but failed to free it in the clean vcpu +destruction case. + +This is XSA-253 + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c +index b17468c..0ae715d 100644 +--- a/xen/arch/x86/domain.c ++++ b/xen/arch/x86/domain.c +@@ -382,6 +382,9 @@ void vcpu_destroy(struct vcpu *v) + + vcpu_destroy_fpu(v); + ++ xfree(v->arch.msr); ++ v->arch.msr = NULL; ++ + if ( !is_idle_domain(v->domain) ) + vpmu_destroy(v); + diff --git a/system/xen/xsa/xsa255-1.patch b/system/xen/xsa/xsa255-1.patch new file mode 100644 index 0000000000000..f8bba9e516c2f --- /dev/null +++ b/system/xen/xsa/xsa255-1.patch @@ -0,0 +1,133 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: gnttab/ARM: don't corrupt shared GFN array + +... by writing status GFNs to it. Introduce a second array instead. +Also implement gnttab_status_gmfn() properly now that the information is +suitably being tracked. + +While touching it anyway, remove a misguided (but luckily benign) upper +bound check from gnttab_shared_gmfn(): We should never access beyond the +bounds of that array. + +This is part of XSA-255. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> +--- +v3: Don't init the ARM GFN arrays to zero anymore, use INVALID_GFN. +v2: New. + +--- a/xen/common/grant_table.c ++++ b/xen/common/grant_table.c +@@ -3775,6 +3775,7 @@ int gnttab_map_frame(struct domain *d, u + { + int rc = 0; + struct grant_table *gt = d->grant_table; ++ bool status = false; + + grant_write_lock(gt); + +@@ -3785,6 +3786,7 @@ int gnttab_map_frame(struct domain *d, u + (idx & XENMAPIDX_grant_table_status) ) + { + idx &= ~XENMAPIDX_grant_table_status; ++ status = true; + if ( idx < nr_status_frames(gt) ) + *mfn = _mfn(virt_to_mfn(gt->status[idx])); + else +@@ -3802,7 +3804,7 @@ int gnttab_map_frame(struct domain *d, u + } + + if ( !rc ) +- gnttab_set_frame_gfn(gt, idx, gfn); ++ gnttab_set_frame_gfn(gt, status, idx, gfn); + + grant_write_unlock(gt); + +--- a/xen/include/asm-arm/grant_table.h ++++ b/xen/include/asm-arm/grant_table.h +@@ -9,7 +9,8 @@ + #define INITIAL_NR_GRANT_FRAMES 1U + + struct grant_table_arch { +- gfn_t *gfn; ++ gfn_t *shared_gfn; ++ gfn_t *status_gfn; + }; + + void gnttab_clear_flag(unsigned long nr, uint16_t *addr); +@@ -21,7 +22,6 @@ int replace_grant_host_mapping(unsigned + unsigned long new_gpaddr, unsigned int flags); + void gnttab_mark_dirty(struct domain *d, unsigned long l); + #define gnttab_create_status_page(d, t, i) do {} while (0) +-#define gnttab_status_gmfn(d, t, i) (0) + #define gnttab_release_host_mappings(domain) 1 + static inline int replace_grant_supported(void) + { +@@ -42,19 +42,35 @@ static inline unsigned int gnttab_dom0_m + + #define gnttab_init_arch(gt) \ + ({ \ +- (gt)->arch.gfn = xzalloc_array(gfn_t, (gt)->max_grant_frames); \ +- ( (gt)->arch.gfn ? 0 : -ENOMEM ); \ ++ unsigned int ngf_ = (gt)->max_grant_frames; \ ++ unsigned int nsf_ = grant_to_status_frames(ngf_); \ ++ \ ++ (gt)->arch.shared_gfn = xmalloc_array(gfn_t, ngf_); \ ++ (gt)->arch.status_gfn = xmalloc_array(gfn_t, nsf_); \ ++ if ( (gt)->arch.shared_gfn && (gt)->arch.status_gfn ) \ ++ { \ ++ while ( ngf_-- ) \ ++ (gt)->arch.shared_gfn[ngf_] = INVALID_GFN; \ ++ while ( nsf_-- ) \ ++ (gt)->arch.status_gfn[nsf_] = INVALID_GFN; \ ++ } \ ++ else \ ++ gnttab_destroy_arch(gt); \ ++ (gt)->arch.shared_gfn ? 0 : -ENOMEM; \ + }) + + #define gnttab_destroy_arch(gt) \ + do { \ +- xfree((gt)->arch.gfn); \ +- (gt)->arch.gfn = NULL; \ ++ xfree((gt)->arch.shared_gfn); \ ++ (gt)->arch.shared_gfn = NULL; \ ++ xfree((gt)->arch.status_gfn); \ ++ (gt)->arch.status_gfn = NULL; \ + } while ( 0 ) + +-#define gnttab_set_frame_gfn(gt, idx, gfn) \ ++#define gnttab_set_frame_gfn(gt, st, idx, gfn) \ + do { \ +- (gt)->arch.gfn[idx] = gfn; \ ++ ((st) ? (gt)->arch.status_gfn : (gt)->arch.shared_gfn)[idx] = \ ++ (gfn); \ + } while ( 0 ) + + #define gnttab_create_shared_page(d, t, i) \ +@@ -65,8 +81,10 @@ static inline unsigned int gnttab_dom0_m + } while ( 0 ) + + #define gnttab_shared_gmfn(d, t, i) \ +- ( ((i >= nr_grant_frames(t)) && \ +- (i < (t)->max_grant_frames))? 0 : gfn_x((t)->arch.gfn[i])) ++ gfn_x(((i) >= nr_grant_frames(t)) ? INVALID_GFN : (t)->arch.shared_gfn[i]) ++ ++#define gnttab_status_gmfn(d, t, i) \ ++ gfn_x(((i) >= nr_status_frames(t)) ? INVALID_GFN : (t)->arch.status_gfn[i]) + + #define gnttab_need_iommu_mapping(d) \ + (is_domain_direct_mapped(d) && need_iommu(d)) +--- a/xen/include/asm-x86/grant_table.h ++++ b/xen/include/asm-x86/grant_table.h +@@ -46,7 +46,7 @@ static inline unsigned int gnttab_dom0_m + + #define gnttab_init_arch(gt) 0 + #define gnttab_destroy_arch(gt) do {} while ( 0 ) +-#define gnttab_set_frame_gfn(gt, idx, gfn) do {} while ( 0 ) ++#define gnttab_set_frame_gfn(gt, st, idx, gfn) do {} while ( 0 ) + + #define gnttab_create_shared_page(d, t, i) \ + do { \ diff --git a/system/xen/xsa/xsa255-2.patch b/system/xen/xsa/xsa255-2.patch new file mode 100644 index 0000000000000..402b6efe98c26 --- /dev/null +++ b/system/xen/xsa/xsa255-2.patch @@ -0,0 +1,167 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: gnttab: don't blindly free status pages upon version change + +There may still be active mappings, which would trigger the respective +BUG_ON(). Split the loop into one dealing with the page attributes and +the second (when the first fully passed) freeing the pages. Return an +error if any pages still have pending references. + +This is part of XSA-255. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> +--- +v4: Add gprintk(XENLOG_ERR, ...) to domain_crash() invocations. +v3: Call guest_physmap_remove_page() from gnttab_map_frame(), making the + code unconditional at the same time. Re-base over changes to first + patch. +v2: Also deal with translated guests. + +--- a/xen/common/grant_table.c ++++ b/xen/common/grant_table.c +@@ -1636,23 +1636,74 @@ status_alloc_failed: + return -ENOMEM; + } + +-static void ++static int + gnttab_unpopulate_status_frames(struct domain *d, struct grant_table *gt) + { +- int i; ++ unsigned int i; + + for ( i = 0; i < nr_status_frames(gt); i++ ) + { + struct page_info *pg = virt_to_page(gt->status[i]); ++ gfn_t gfn = gnttab_get_frame_gfn(gt, true, i); ++ ++ /* ++ * For translated domains, recovering from failure after partial ++ * changes were made is more complicated than it seems worth ++ * implementing at this time. Hence respective error paths below ++ * crash the domain in such a case. ++ */ ++ if ( paging_mode_translate(d) ) ++ { ++ int rc = gfn_eq(gfn, INVALID_GFN) ++ ? 0 ++ : guest_physmap_remove_page(d, gfn, ++ _mfn(page_to_mfn(pg)), 0); ++ ++ if ( rc ) ++ { ++ gprintk(XENLOG_ERR, ++ "Could not remove status frame %u (GFN %#lx) from P2M\n", ++ i, gfn_x(gfn)); ++ domain_crash(d); ++ return rc; ++ } ++ gnttab_set_frame_gfn(gt, true, i, INVALID_GFN); ++ } + + BUG_ON(page_get_owner(pg) != d); + if ( test_and_clear_bit(_PGC_allocated, &pg->count_info) ) + put_page(pg); +- BUG_ON(pg->count_info & ~PGC_xen_heap); ++ ++ if ( pg->count_info & ~PGC_xen_heap ) ++ { ++ if ( paging_mode_translate(d) ) ++ { ++ gprintk(XENLOG_ERR, ++ "Wrong page state %#lx of status frame %u (GFN %#lx)\n", ++ pg->count_info, i, gfn_x(gfn)); ++ domain_crash(d); ++ } ++ else ++ { ++ if ( get_page(pg, d) ) ++ set_bit(_PGC_allocated, &pg->count_info); ++ while ( i-- ) ++ gnttab_create_status_page(d, gt, i); ++ } ++ return -EBUSY; ++ } ++ ++ page_set_owner(pg, NULL); ++ } ++ ++ for ( i = 0; i < nr_status_frames(gt); i++ ) ++ { + free_xenheap_page(gt->status[i]); + gt->status[i] = NULL; + } + gt->nr_status_frames = 0; ++ ++ return 0; + } + + /* +@@ -2962,8 +3013,9 @@ gnttab_set_version(XEN_GUEST_HANDLE_PARA + break; + } + +- if ( op.version < 2 && gt->gt_version == 2 ) +- gnttab_unpopulate_status_frames(currd, gt); ++ if ( op.version < 2 && gt->gt_version == 2 && ++ (res = gnttab_unpopulate_status_frames(currd, gt)) != 0 ) ++ goto out_unlock; + + /* Make sure there's no crud left over from the old version. */ + for ( i = 0; i < nr_grant_frames(gt); i++ ) +@@ -3803,6 +3855,11 @@ int gnttab_map_frame(struct domain *d, u + rc = -EINVAL; + } + ++ if ( !rc && paging_mode_translate(d) && ++ !gfn_eq(gnttab_get_frame_gfn(gt, status, idx), INVALID_GFN) ) ++ rc = guest_physmap_remove_page(d, gnttab_get_frame_gfn(gt, status, idx), ++ *mfn, 0); ++ + if ( !rc ) + gnttab_set_frame_gfn(gt, status, idx, gfn); + +--- a/xen/include/asm-arm/grant_table.h ++++ b/xen/include/asm-arm/grant_table.h +@@ -73,6 +73,11 @@ static inline unsigned int gnttab_dom0_m + (gfn); \ + } while ( 0 ) + ++#define gnttab_get_frame_gfn(gt, st, idx) ({ \ ++ _gfn((st) ? gnttab_status_gmfn(NULL, gt, idx) \ ++ : gnttab_shared_gmfn(NULL, gt, idx)); \ ++}) ++ + #define gnttab_create_shared_page(d, t, i) \ + do { \ + share_xen_page_with_guest( \ +--- a/xen/include/asm-x86/grant_table.h ++++ b/xen/include/asm-x86/grant_table.h +@@ -47,6 +47,12 @@ static inline unsigned int gnttab_dom0_m + #define gnttab_init_arch(gt) 0 + #define gnttab_destroy_arch(gt) do {} while ( 0 ) + #define gnttab_set_frame_gfn(gt, st, idx, gfn) do {} while ( 0 ) ++#define gnttab_get_frame_gfn(gt, st, idx) ({ \ ++ unsigned long mfn_ = (st) ? gnttab_status_mfn(gt, idx) \ ++ : gnttab_shared_mfn(gt, idx); \ ++ unsigned long gpfn_ = get_gpfn_from_mfn(mfn_); \ ++ VALID_M2P(gpfn_) ? _gfn(gpfn_) : INVALID_GFN; \ ++}) + + #define gnttab_create_shared_page(d, t, i) \ + do { \ +@@ -63,11 +69,11 @@ static inline unsigned int gnttab_dom0_m + } while ( 0 ) + + +-#define gnttab_shared_mfn(d, t, i) \ ++#define gnttab_shared_mfn(t, i) \ + ((virt_to_maddr((t)->shared_raw[i]) >> PAGE_SHIFT)) + + #define gnttab_shared_gmfn(d, t, i) \ +- (mfn_to_gmfn(d, gnttab_shared_mfn(d, t, i))) ++ (mfn_to_gmfn(d, gnttab_shared_mfn(t, i))) + + + #define gnttab_status_mfn(t, i) \ diff --git a/system/xen/xsa/xsa256.patch b/system/xen/xsa/xsa256.patch new file mode 100644 index 0000000000000..50ff24e17bd32 --- /dev/null +++ b/system/xen/xsa/xsa256.patch @@ -0,0 +1,40 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: x86/hvm: Disallow the creation of HVM domains without Local APIC emulation + +There are multiple problems, not necesserily limited to: + + * Guests which configure event channels via hvmop_set_evtchn_upcall_vector(), + or which hit %cr8 emulation will cause Xen to fall over a NULL vlapic->regs + pointer. + + * On Intel hardware, disabling the TPR_SHADOW execution control without + reenabling CR8_{LOAD,STORE} interception means that the guests %cr8 + accesses interact with the real TPR. Amongst other things, setting the + real TPR to 0xf blocks even IPIs from interrupting this CPU. + + * On hardware which sets up the use of Interrupt Posting, including + IOMMU-Posting, guests run without the appropriate non-root configuration, + which at a minimum will result in dropped interrupts. + +Whether no-LAPIC mode is of any use at all remains to be seen. + +This is XSA-256. + +Reported-by: Ian Jackson <ian.jackson@eu.citrix.com> +Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c +index f93327b..f65fc12 100644 +--- a/xen/arch/x86/domain.c ++++ b/xen/arch/x86/domain.c +@@ -413,7 +413,7 @@ static bool emulation_flags_ok(const struct domain *d, uint32_t emflags) + if ( is_hardware_domain(d) && + emflags != (XEN_X86_EMU_LAPIC|XEN_X86_EMU_IOAPIC) ) + return false; +- if ( !is_hardware_domain(d) && emflags && ++ if ( !is_hardware_domain(d) && + emflags != XEN_X86_EMU_ALL && emflags != XEN_X86_EMU_LAPIC ) + return false; + } |