git: 8b5aa5e08158 - main - {emulators,sysutils}/xen-{kernel,tools}: update to 4.17.2
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 16 Oct 2023 13:23:05 UTC
The branch main has been updated by royger:
URL: https://cgit.FreeBSD.org/ports/commit/?id=8b5aa5e081589cef8450bd472c9f5184d082d922
commit 8b5aa5e081589cef8450bd472c9f5184d082d922
Author: Roger Pau Monné <royger@FreeBSD.org>
AuthorDate: 2023-10-03 09:36:16 +0000
Commit: Roger Pau Monné <royger@FreeBSD.org>
CommitDate: 2023-10-16 13:21:45 +0000
{emulators,sysutils}/xen-{kernel,tools}: update to 4.17.2
Also take the opportunity to switch to fetching the sources from the GitHub
mirror based on commit hash. This makes it easier to update the port when
security fixes or relevant bugfixes are backported to the stable branches,
instead of manually having to cherry pick the changes and add them as patches.
Long term we should look into building emulators/qemu with Xen support so that
the xen-tools package doesn't need to carry its own version of QEMU.
Approved by: bapt (implicit)
---
emulators/xen-kernel/Makefile | 19 ++-
emulators/xen-kernel/distinfo | 6 +-
...Work-around-Clang-IAS-macro-expansion-bug.patch | 107 -----------------
...1-xen-x86-Remove-the-use-of-K-R-functions.patch | 78 ------------
emulators/xen-kernel/files/xsa425.patch | 132 ---------------------
emulators/xen-kernel/files/xsa426.patch | 107 -----------------
sysutils/xen-tools/Makefile | 42 +++++--
sysutils/xen-tools/distinfo | 22 +++-
...001-tools-Remove-the-use-of-K-R-functions.patch | 41 -------
...-tools-convert-bitfields-to-unsigned-type.patch | 71 -----------
...1-xen-x86-Remove-the-use-of-K-R-functions.patch | 78 ------------
sysutils/xen-tools/pkg-plist | 2 +-
12 files changed, 62 insertions(+), 643 deletions(-)
diff --git a/emulators/xen-kernel/Makefile b/emulators/xen-kernel/Makefile
index d08ba8c7fdb3..99845319e3c3 100644
--- a/emulators/xen-kernel/Makefile
+++ b/emulators/xen-kernel/Makefile
@@ -1,9 +1,11 @@
PORTNAME= xen
-PORTVERSION= 4.17.0
-PORTREVISION= 1
-CATEGORIES= emulators
-MASTER_SITES= http://downloads.xenproject.org/release/xen/${PORTVERSION}/
PKGNAMESUFFIX= -kernel
+DISTVERSION= 4.17.2.20230929
+CATEGORIES= emulators
+
+USE_GITLAB= yes
+GL_ACCOUNT= xen-project
+GL_TAGNAME= 0b56bed864ca9b572473957f0254aefa797216f2
MAINTAINER= royger@FreeBSD.org
COMMENT= Hypervisor using a microkernel design
@@ -26,14 +28,7 @@ PLIST_FILES= /boot/xen \
lib/debug/boot/xen.debug \
lib/debug/boot/xen-debug.debug
-# XSAs
-EXTRA_PATCHES+= ${PATCHDIR}/xsa425.patch:-p1 \
- ${PATCHDIR}/xsa426.patch:-p1 \
- ${PATCHDIR}/0001-xen-Work-around-Clang-IAS-macro-expansion-bug.patch:-p1
-# Backports
-# clang build fixes
-EXTRA_PATCHES+= ${PATCHDIR}/0001-xen-x86-Remove-the-use-of-K-R-functions.patch:-p1
-# Support for fetching video mode from PVH dom0
+# Support for fetching video mode for PVH dom0
EXTRA_PATCHES+= ${PATCHDIR}/0001-x86-platform-introduce-hypercall-to-get-initial-vide.patch:-p1 \
${PATCHDIR}/0001-x86-platform-make-XENPF_get_dom0_console-actually-us.patch:-p1
diff --git a/emulators/xen-kernel/distinfo b/emulators/xen-kernel/distinfo
index 843b42797c93..ec623c4d9a85 100644
--- a/emulators/xen-kernel/distinfo
+++ b/emulators/xen-kernel/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1678353105
-SHA256 (xen-4.17.0.tar.gz) = 119fc44fa3f9b581f1929c2ed8e0f97fac59a1828bc5ec5c244df096e7343ef9
-SIZE (xen-4.17.0.tar.gz) = 46484553
+TIMESTAMP = 1697454930
+SHA256 (xen-project-xen-0b56bed864ca9b572473957f0254aefa797216f2_GL0.tar.gz) = 67416c990b22ce989f7a1011482b5a99372b8a6060d55230258daf859524c0e5
+SIZE (xen-project-xen-0b56bed864ca9b572473957f0254aefa797216f2_GL0.tar.gz) = 6703002
diff --git a/emulators/xen-kernel/files/0001-xen-Work-around-Clang-IAS-macro-expansion-bug.patch b/emulators/xen-kernel/files/0001-xen-Work-around-Clang-IAS-macro-expansion-bug.patch
deleted file mode 100644
index 62f912f089e7..000000000000
--- a/emulators/xen-kernel/files/0001-xen-Work-around-Clang-IAS-macro-expansion-bug.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From a2adacff0b91cc7b977abb209dc419a2ef15963f Mon Sep 17 00:00:00 2001
-From: Andrew Cooper <andrew.cooper3@citrix.com>
-Date: Fri, 17 Feb 2023 00:12:24 +0000
-Subject: [PATCH] xen: Work around Clang-IAS macro \@ expansion bug
-
-https://github.com/llvm/llvm-project/issues/60792
-
-It turns out that Clang-IAS does not expand \@ uniquely in a translaition
-unit, and the XSA-426 change tickles this bug:
-
- <instantiation>:4:1: error: invalid symbol redefinition
- .L1_fill_rsb_loop:
- ^
- make[3]: *** [Rules.mk:247: arch/x86/acpi/cpu_idle.o] Error 1
-
-Extend DO_OVERWRITE_RSB with an optional parameter so C callers can mix %= in
-too, which Clang does seem to expand properly.
-
-Fixes: 63305e5392ec ("x86/spec-ctrl: Mitigate Cross-Thread Return Address Predictions")
-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
----
- xen/arch/x86/include/asm/spec_ctrl.h | 4 ++--
- xen/arch/x86/include/asm/spec_ctrl_asm.h | 19 ++++++++++++-------
- 2 files changed, 14 insertions(+), 9 deletions(-)
-
-diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h
-index 3cf8a7d304..f718f94088 100644
---- a/xen/arch/x86/include/asm/spec_ctrl.h
-+++ b/xen/arch/x86/include/asm/spec_ctrl.h
-@@ -83,7 +83,7 @@ static always_inline void spec_ctrl_new_guest_context(void)
- wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB);
-
- /* (ab)use alternative_input() to specify clobbers. */
-- alternative_input("", "DO_OVERWRITE_RSB", X86_BUG_IBPB_NO_RET,
-+ alternative_input("", "DO_OVERWRITE_RSB xu=%=", X86_BUG_IBPB_NO_RET,
- : "rax", "rcx");
- }
-
-@@ -172,7 +172,7 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info)
- *
- * (ab)use alternative_input() to specify clobbers.
- */
-- alternative_input("", "DO_OVERWRITE_RSB", X86_FEATURE_SC_RSB_IDLE,
-+ alternative_input("", "DO_OVERWRITE_RSB xu=%=", X86_FEATURE_SC_RSB_IDLE,
- : "rax", "rcx");
- }
-
-diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h
-index fab27ff553..f23bb105c5 100644
---- a/xen/arch/x86/include/asm/spec_ctrl_asm.h
-+++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h
-@@ -117,11 +117,16 @@
- .L\@_done:
- .endm
-
--.macro DO_OVERWRITE_RSB tmp=rax
-+.macro DO_OVERWRITE_RSB tmp=rax xu
- /*
- * Requires nothing
- * Clobbers \tmp (%rax by default), %rcx
- *
-+ * xu is an optional parameter to add eXtra Uniqueness. It is intended for
-+ * passing %= in from an asm() block, in order to work around
-+ * https://github.com/llvm/llvm-project/issues/60792 where Clang-IAS doesn't
-+ * expand \@ uniquely.
-+ *
- * Requires 256 bytes of {,shadow}stack space, but %rsp/SSP has no net
- * change. Based on Google's performance numbers, the loop is unrolled to 16
- * iterations and two calls per iteration.
-@@ -136,27 +141,27 @@
- mov $16, %ecx /* 16 iterations, two calls per loop */
- mov %rsp, %\tmp /* Store the current %rsp */
-
--.L\@_fill_rsb_loop:
-+.L\@_fill_rsb_loop\xu:
-
- .irp n, 1, 2 /* Unrolled twice. */
-- call .L\@_insert_rsb_entry_\n /* Create an RSB entry. */
-+ call .L\@_insert_rsb_entry\xu\n /* Create an RSB entry. */
- int3 /* Halt rogue speculation. */
-
--.L\@_insert_rsb_entry_\n:
-+.L\@_insert_rsb_entry\xu\n:
- .endr
-
- sub $1, %ecx
-- jnz .L\@_fill_rsb_loop
-+ jnz .L\@_fill_rsb_loop\xu
- mov %\tmp, %rsp /* Restore old %rsp */
-
- #ifdef CONFIG_XEN_SHSTK
- mov $1, %ecx
- rdsspd %ecx
- cmp $1, %ecx
-- je .L\@_shstk_done
-+ je .L\@_shstk_done\xu
- mov $64, %ecx /* 64 * 4 bytes, given incsspd */
- incsspd %ecx /* Restore old SSP */
--.L\@_shstk_done:
-+.L\@_shstk_done\xu:
- #endif
- .endm
-
---
-2.39.0
-
diff --git a/emulators/xen-kernel/files/0001-xen-x86-Remove-the-use-of-K-R-functions.patch b/emulators/xen-kernel/files/0001-xen-x86-Remove-the-use-of-K-R-functions.patch
deleted file mode 100644
index cab6f0e93b9f..000000000000
--- a/emulators/xen-kernel/files/0001-xen-x86-Remove-the-use-of-K-R-functions.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 22b2fa4766728c3057757c00e79da5f7803fff33 Mon Sep 17 00:00:00 2001
-From: Andrew Cooper <andrew.cooper3@citrix.com>
-Date: Thu, 16 Feb 2023 22:14:12 +0000
-Subject: [PATCH] xen/x86: Remove the use of K&R functions
-
-Clang-15 (as seen in the FreeBSD 14 tests) complains:
-
- arch/x86/time.c:1364:20: error: a function declaration without a
- prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
- s_time_t get_s_time()
- ^
- void
-
-The error message is a bit confusing but appears to new as part of
--Wdeprecated-non-prototype which is part of supporting C2x which formally
-removes K&R syntax.
-
-Either way, fix the identified functions.
-
-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
----
- xen/arch/x86/hvm/vmx/vmcs.c | 2 +-
- xen/arch/x86/time.c | 2 +-
- xen/drivers/passthrough/iommu.c | 4 ++--
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
-index 09edbd23b3..e1c268789e 100644
---- a/xen/arch/x86/hvm/vmx/vmcs.c
-+++ b/xen/arch/x86/hvm/vmx/vmcs.c
-@@ -781,7 +781,7 @@ static int _vmx_cpu_up(bool bsp)
- return 0;
- }
-
--int cf_check vmx_cpu_up()
-+int cf_check vmx_cpu_up(void)
- {
- return _vmx_cpu_up(false);
- }
-diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c
-index 782b11c8a9..4e44a43cc5 100644
---- a/xen/arch/x86/time.c
-+++ b/xen/arch/x86/time.c
-@@ -1361,7 +1361,7 @@ s_time_t get_s_time_fixed(u64 at_tsc)
- return t->stamp.local_stime + scale_delta(delta, &t->tsc_scale);
- }
-
--s_time_t get_s_time()
-+s_time_t get_s_time(void)
- {
- return get_s_time_fixed(0);
- }
-diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
-index 921b71e819..0e187f6ae3 100644
---- a/xen/drivers/passthrough/iommu.c
-+++ b/xen/drivers/passthrough/iommu.c
-@@ -606,7 +606,7 @@ int __init iommu_setup(void)
- return rc;
- }
-
--int iommu_suspend()
-+int iommu_suspend(void)
- {
- if ( iommu_enabled )
- return iommu_call(iommu_get_ops(), suspend);
-@@ -614,7 +614,7 @@ int iommu_suspend()
- return 0;
- }
-
--void iommu_resume()
-+void iommu_resume(void)
- {
- if ( iommu_enabled )
- iommu_vcall(iommu_get_ops(), resume);
---
-2.39.0
-
diff --git a/emulators/xen-kernel/files/xsa425.patch b/emulators/xen-kernel/files/xsa425.patch
deleted file mode 100644
index b36732025e83..000000000000
--- a/emulators/xen-kernel/files/xsa425.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From: Jason Andryuk <jandryuk@gmail.com>
-Subject: Revert "tools/xenstore: simplify loop handling connection I/O"
-
-I'm observing guest kexec trigger xenstored to abort on a double free.
-
-gdb output:
-Program received signal SIGABRT, Aborted.
-__pthread_kill_implementation (no_tid=0, signo=6, threadid=140645614258112) at ./nptl/pthread_kill.c:44
-44 ./nptl/pthread_kill.c: No such file or directory.
-(gdb) bt
- at ./nptl/pthread_kill.c:44
- at ./nptl/pthread_kill.c:78
- at ./nptl/pthread_kill.c:89
- at ../sysdeps/posix/raise.c:26
- at talloc.c:119
- ptr=ptr@entry=0x559fae724290) at talloc.c:232
- at xenstored_core.c:2945
-(gdb) frame 5
- at talloc.c:119
-119 TALLOC_ABORT("Bad talloc magic value - double free");
-(gdb) frame 7
- at xenstored_core.c:2945
-2945 talloc_increase_ref_count(conn);
-(gdb) p conn
-$1 = (struct connection *) 0x559fae724290
-
-Looking at a xenstore trace, we have:
-IN 0x559fae71f250 20230120 17:40:53 READ (/local/domain/3/image/device-model-dom
-id )
-wrl: dom 0 1 msec 10000 credit 1000000 reserve 100 disc
-ard
-wrl: dom 3 1 msec 10000 credit 1000000 reserve 100 disc
-ard
-wrl: dom 0 0 msec 10000 credit 1000000 reserve 0 disc
-ard
-wrl: dom 3 0 msec 10000 credit 1000000 reserve 0 disc
-ard
-OUT 0x559fae71f250 20230120 17:40:53 ERROR (ENOENT )
-wrl: dom 0 1 msec 10000 credit 1000000 reserve 100 disc
-ard
-wrl: dom 3 1 msec 10000 credit 1000000 reserve 100 disc
-ard
-IN 0x559fae71f250 20230120 17:40:53 RELEASE (3 )
-DESTROY watch 0x559fae73f630
-DESTROY watch 0x559fae75ddf0
-DESTROY watch 0x559fae75ec30
-DESTROY watch 0x559fae75ea60
-DESTROY watch 0x559fae732c00
-DESTROY watch 0x559fae72cea0
-DESTROY watch 0x559fae728fc0
-DESTROY watch 0x559fae729570
-DESTROY connection 0x559fae724290
-orphaned node /local/domain/3/device/suspend/event-channel deleted
-orphaned node /local/domain/3/device/vbd/51712 deleted
-orphaned node /local/domain/3/device/vkbd/0 deleted
-orphaned node /local/domain/3/device/vif/0 deleted
-orphaned node /local/domain/3/control/shutdown deleted
-orphaned node /local/domain/3/control/feature-poweroff deleted
-orphaned node /local/domain/3/control/feature-reboot deleted
-orphaned node /local/domain/3/control/feature-suspend deleted
-orphaned node /local/domain/3/control/feature-s3 deleted
-orphaned node /local/domain/3/control/feature-s4 deleted
-orphaned node /local/domain/3/control/sysrq deleted
-orphaned node /local/domain/3/data deleted
-orphaned node /local/domain/3/drivers deleted
-orphaned node /local/domain/3/feature deleted
-orphaned node /local/domain/3/attr deleted
-orphaned node /local/domain/3/error deleted
-orphaned node /local/domain/3/console/backend-id deleted
-
-and no further output.
-
-The trace shows that DESTROY was called for connection 0x559fae724290,
-but that is the same pointer (conn) main() was looping through from
-connections. So it wasn't actually removed from the connections list?
-
-Reverting commit e8e6e42279a5 "tools/xenstore: simplify loop handling
-connection I/O" fixes the abort/double free. I think the use of
-list_for_each_entry_safe is incorrect. list_for_each_entry_safe makes
-traversal safe for deleting the current iterator, but RELEASE/do_release
-will delete some other entry in the connections list. I think the
-observed abort is because list_for_each_entry has next pointing to the
-deleted connection, and it is used in the subsequent iteration.
-
-Add a comment explaining the unsuitability of list_for_each_entry_safe.
-Also notice that the old code takes a reference on next which would
-prevents a use-after-free.
-
-This reverts commit e8e6e42279a5723239c5c40ba4c7f579a979465d.
-
-This is XSA-425/CVE-2022-42330.
-
-Fixes: e8e6e42279a5 ("tools/xenstore: simplify loop handling connection I/O")
-Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
-Reviewed-by: Juergen Gross <jgross@suse.com>
-Reviewed-by: Julien Grall <jgrall@amazon.com>
----
- tools/xenstore/xenstored_core.c | 19 +++++++++++++++++--
- 1 file changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
-index 78a3edaa4e..029e3852fc 100644
---- a/tools/xenstore/xenstored_core.c
-+++ b/tools/xenstore/xenstored_core.c
-@@ -2941,8 +2941,23 @@ int main(int argc, char *argv[])
- }
- }
-
-- list_for_each_entry_safe(conn, next, &connections, list) {
-- talloc_increase_ref_count(conn);
-+ /*
-+ * list_for_each_entry_safe is not suitable here because
-+ * handle_input may delete entries besides the current one, but
-+ * those may be in the temporary next which would trigger a
-+ * use-after-free. list_for_each_entry_safe is only safe for
-+ * deleting the current entry.
-+ */
-+ next = list_entry(connections.next, typeof(*conn), list);
-+ if (&next->list != &connections)
-+ talloc_increase_ref_count(next);
-+ while (&next->list != &connections) {
-+ conn = next;
-+
-+ next = list_entry(conn->list.next,
-+ typeof(*conn), list);
-+ if (&next->list != &connections)
-+ talloc_increase_ref_count(next);
-
- if (conn_can_read(conn))
- handle_input(conn);
---
-2.34.1
diff --git a/emulators/xen-kernel/files/xsa426.patch b/emulators/xen-kernel/files/xsa426.patch
deleted file mode 100644
index 3f5f9527ea87..000000000000
--- a/emulators/xen-kernel/files/xsa426.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From: Andrew Cooper <andrew.cooper3@citrix.com>
-Subject: x86/spec-ctrl: Mitigate Cross-Thread Return Address Predictions
-
-This is XSA-426 / CVE-2022-27672
-
-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
-
-diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc
-index 923910f553c5..a2ff38cdebf2 100644
---- a/docs/misc/xen-command-line.pandoc
-+++ b/docs/misc/xen-command-line.pandoc
-@@ -2355,7 +2355,7 @@ guests to use.
- on entry and exit. These blocks are necessary to virtualise support for
- guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc.
- * `rsb=` offers control over whether to overwrite the Return Stack Buffer /
-- Return Address Stack on entry to Xen.
-+ Return Address Stack on entry to Xen and on idle.
- * `md-clear=` offers control over whether to use VERW to flush
- microarchitectural buffers on idle and exit from Xen. *Note: For
- compatibility with development versions of this fix, `mds=` is also accepted
-diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h
-index 865f1109866d..da0593de8542 100644
---- a/xen/arch/x86/include/asm/cpufeatures.h
-+++ b/xen/arch/x86/include/asm/cpufeatures.h
-@@ -35,7 +35,8 @@ XEN_CPUFEATURE(SC_RSB_HVM, X86_SYNTH(19)) /* RSB overwrite needed for HVM
- XEN_CPUFEATURE(XEN_SELFSNOOP, X86_SYNTH(20)) /* SELFSNOOP gets used by Xen itself */
- XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle */
- XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */
--/* Bits 23,24 unused. */
-+/* Bits 23 unused. */
-+XEN_CPUFEATURE(SC_RSB_IDLE, X86_SYNTH(24)) /* RSB overwrite needed for idle. */
- XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */
- XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */
- XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */
-diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h
-index 6a77c3937844..391973ef6a28 100644
---- a/xen/arch/x86/include/asm/spec_ctrl.h
-+++ b/xen/arch/x86/include/asm/spec_ctrl.h
-@@ -159,6 +159,21 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info)
- */
- alternative_input("", "verw %[sel]", X86_FEATURE_SC_VERW_IDLE,
- [sel] "m" (info->verw_sel));
-+
-+ /*
-+ * Cross-Thread Return Address Predictions:
-+ *
-+ * On vulnerable systems, the return predictions (RSB/RAS) are statically
-+ * partitioned between active threads. When entering idle, our entries
-+ * are re-partitioned to allow the other threads to use them.
-+ *
-+ * In some cases, we might still have guest entries in the RAS, so flush
-+ * them before injecting them sideways to our sibling thread.
-+ *
-+ * (ab)use alternative_input() to specify clobbers.
-+ */
-+ alternative_input("", "DO_OVERWRITE_RSB", X86_FEATURE_SC_RSB_IDLE,
-+ : "rax", "rcx");
- }
-
- /* WARNING! `ret`, `call *`, `jmp *` not safe before this call. */
-diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
-index a320b81947c8..e80e2a5ed1a9 100644
---- a/xen/arch/x86/spec_ctrl.c
-+++ b/xen/arch/x86/spec_ctrl.c
-@@ -1327,13 +1327,38 @@ void __init init_speculation_mitigations(void)
- * 3) Some CPUs have RSBs which are not full width, which allow the
- * attacker's entries to alias Xen addresses.
- *
-+ * 4) Some CPUs have RSBs which are re-partitioned based on thread
-+ * idleness, which allows an attacker to inject entries into the other
-+ * thread. We still active the optimisation in this case, and mitigate
-+ * in the idle path which has lower overhead.
-+ *
- * It is safe to turn off RSB stuffing when Xen is using SMEP itself, and
- * 32bit PV guests are disabled, and when the RSB is full width.
- */
- BUILD_BUG_ON(RO_MPT_VIRT_START != PML4_ADDR(256));
-- if ( opt_rsb_pv == -1 && boot_cpu_has(X86_FEATURE_XEN_SMEP) &&
-- !opt_pv32 && rsb_is_full_width() )
-- opt_rsb_pv = 0;
-+ if ( opt_rsb_pv == -1 )
-+ {
-+ opt_rsb_pv = (opt_pv32 || !boot_cpu_has(X86_FEATURE_XEN_SMEP) ||
-+ !rsb_is_full_width());
-+
-+ /*
-+ * Cross-Thread Return Address Predictions.
-+ *
-+ * Vulnerable systems are Zen1/Zen2 uarch, which is AMD Fam17 / Hygon
-+ * Fam18, when SMT is active.
-+ *
-+ * To mitigate, we must flush the RSB/RAS/RAP once between entering
-+ * Xen and going idle.
-+ *
-+ * Most cases flush on entry to Xen anyway. The one case where we
-+ * don't is when using the SMEP optimisation for PV guests. Flushing
-+ * before going idle is less overhead than flushing on PV entry.
-+ */
-+ if ( !opt_rsb_pv && hw_smt_enabled &&
-+ (boot_cpu_data.x86_vendor & (X86_VENDOR_AMD|X86_VENDOR_HYGON)) &&
-+ (boot_cpu_data.x86 == 0x17 || boot_cpu_data.x86 == 0x18) )
-+ setup_force_cpu_cap(X86_FEATURE_SC_RSB_IDLE);
-+ }
-
- if ( opt_rsb_pv )
- {
diff --git a/sysutils/xen-tools/Makefile b/sysutils/xen-tools/Makefile
index c35ffd1e2b57..76502f6babda 100644
--- a/sysutils/xen-tools/Makefile
+++ b/sysutils/xen-tools/Makefile
@@ -1,13 +1,23 @@
PORTNAME= xen
PKGNAMESUFFIX= -tools
-PORTVERSION= 4.17.0
-PORTREVISION= 1
+DISTVERSION= 4.17.2.20230929
CATEGORIES= sysutils emulators
-MASTER_SITES= http://downloads.xenproject.org/release/xen/${PORTVERSION}/
+
+USE_GITLAB= yes
+GL_ACCOUNT= xen-project
+GL_TAGNAME= 0b56bed864ca9b572473957f0254aefa797216f2
+GL_TUPLE= qemu-project:qemu:v7.0.0:qemu \
+ qemu-project:dtc:b6910bec:dtc \
+ qemu-project:capstone:f8b1b833:capstone \
+ qemu-project:meson:12f9f04b:meson \
+ qemu-project:libslirp:a88d9ace:libslirp \
+ qemu-project:keycodemapdb:d21009b1:keycodemapdb \
+ qemu-project:berkeley-testfloat-3:5a59dcec:testfloat \
+ qemu-project:berkeley-softfloat-3:b64af41c:softfloat
MAINTAINER= royger@FreeBSD.org
-COMMENT= Xen management tools
-WWW= https://wiki.xen.org/wiki/XL
+COMMENT= Xen Hypervisor management tools
+WWW= https://www.xenproject.org/
LICENSE= GPLv2 LGPL3
LICENSE_COMB= multi
@@ -61,11 +71,6 @@ DOCS_ALL_TARGET= docs
INSTALL_TARGET= install-tools
DOCS_INSTALL_TARGET= install-docs
-# clang build fixes
-EXTRA_PATCHES+= ${PATCHDIR}/0001-xen-x86-Remove-the-use-of-K-R-functions.patch:-p1 \
- ${PATCHDIR}/0001-tools-Remove-the-use-of-K-R-functions.patch:-p1 \
- ${PATCHDIR}/0001-tools-convert-bitfields-to-unsigned-type.patch:-p1
-
.include <bsd.port.options.mk>
.if ${OPSYS} != FreeBSD
@@ -76,6 +81,23 @@ IGNORE= only supported on FreeBSD
BROKEN= SPICE support requires FreeBSD version 13.0 or higher
.endif
+post-extract:
+ ${MV} ${WRKSRC_qemu} ${WRKSRC}/tools/qemu-xen
+ ${RM} -rf ${WRKSRC}/tools/qemu-xen/dtc
+ ${MV} ${WRKSRC_dtc} ${WRKSRC}/tools/qemu-xen/dtc
+ ${RM} -rf ${WRKSRC}/tools/qemu-xen/capstone
+ ${MV} ${WRKSRC_capstone} ${WRKSRC}/tools/qemu-xen/capstone
+ ${RM} -rf ${WRKSRC}/tools/qemu-xen/meson
+ ${MV} ${WRKSRC_meson} ${WRKSRC}/tools/qemu-xen/meson
+ ${RM} -rf ${WRKSRC}/tools/qemu-xen/slirp
+ ${MV} ${WRKSRC_libslirp} ${WRKSRC}/tools/qemu-xen/slirp
+ ${RM} -rf ${WRKSRC}/tools/qemu-xen/ui/keycodemapdb
+ ${MV} ${WRKSRC_keycodemapdb} ${WRKSRC}/tools/qemu-xen/ui/keycodemapdb
+ ${RM} -rf ${WRKSRC}/tools/qemu-xen/tests/fp/berkeley-testfloat-3
+ ${MV} ${WRKSRC_testfloat} ${WRKSRC}/tools/qemu-xen/tests/fp/berkeley-testfloat-3
+ ${RM} -rf ${WRKSRC}/tools/qemu-xen/tests/fp/berkeley-softfloat-3
+ ${MV} ${WRKSRC_softfloat} ${WRKSRC}/tools/qemu-xen/tests/fp/berkeley-softfloat-3
+
post-patch:
@for p in `ls ${FILESDIR}/*qemuu*.patch 2>/dev/null`; do \
${ECHO_CMD} "====> Applying $${p##*/}" ; \
diff --git a/sysutils/xen-tools/distinfo b/sysutils/xen-tools/distinfo
index f2d81847b685..8a80791946ce 100644
--- a/sysutils/xen-tools/distinfo
+++ b/sysutils/xen-tools/distinfo
@@ -1,3 +1,19 @@
-TIMESTAMP = 1678354304
-SHA256 (xen-4.17.0.tar.gz) = 119fc44fa3f9b581f1929c2ed8e0f97fac59a1828bc5ec5c244df096e7343ef9
-SIZE (xen-4.17.0.tar.gz) = 46484553
+TIMESTAMP = 1697454986
+SHA256 (xen-project-xen-0b56bed864ca9b572473957f0254aefa797216f2_GL0.tar.gz) = 67416c990b22ce989f7a1011482b5a99372b8a6060d55230258daf859524c0e5
+SIZE (xen-project-xen-0b56bed864ca9b572473957f0254aefa797216f2_GL0.tar.gz) = 6703002
+SHA256 (qemu-v7.0.0.tar.bz2) = 10262ddbc2386f34538bef06fb8ddf44fdb8b40490d9ad159fa1d9f2ef86fa39
+SIZE (qemu-v7.0.0.tar.bz2) = 26719958
+SHA256 (dtc-b6910bec.tar.bz2) = f180420b105bdd35cfee9977d6ee2ee5d6601aa2a84693c048a985a604bd2c1c
+SIZE (dtc-b6910bec.tar.bz2) = 163044
+SHA256 (capstone-f8b1b833.tar.bz2) = dbc6add9a93bfeb69c38e8d7370b458d264971f629f70fd9d4e0a8fa113599a4
+SIZE (capstone-f8b1b833.tar.bz2) = 4590278
+SHA256 (meson-12f9f04b.tar.bz2) = 58bc8d869195e896053395fe497ef21f6c028d1e71e87fdd72f0518c8045e9eb
+SIZE (meson-12f9f04b.tar.bz2) = 3623904
+SHA256 (libslirp-a88d9ace.tar.bz2) = d27e69c4c53d1cc1c12300ba945c8d8de5ab282c03605c28a72c18646a166060
+SIZE (libslirp-a88d9ace.tar.bz2) = 103024
+SHA256 (keycodemapdb-d21009b1.tar.bz2) = 5b3eb3d9d0bb13e25782b0f7181d6f9d32890662ff54df630193c0eeb3110e1a
+SIZE (keycodemapdb-d21009b1.tar.bz2) = 44265
+SHA256 (berkeley-testfloat-3-5a59dcec.tar.bz2) = 0548a759f2ac4ed6aa8af6a382a3826fe2298cde5cc11d77a11a8e54ca84d312
+SIZE (berkeley-testfloat-3-5a59dcec.tar.bz2) = 89913
+SHA256 (berkeley-softfloat-3-b64af41c.tar.bz2) = d56b54c557485f6126838391088e3a3d3d41c80d68099b0d90bcc09f533f2e9e
+SIZE (berkeley-softfloat-3-b64af41c.tar.bz2) = 83736
diff --git a/sysutils/xen-tools/files/0001-tools-Remove-the-use-of-K-R-functions.patch b/sysutils/xen-tools/files/0001-tools-Remove-the-use-of-K-R-functions.patch
deleted file mode 100644
index 1b7b03c1c441..000000000000
--- a/sysutils/xen-tools/files/0001-tools-Remove-the-use-of-K-R-functions.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From e2312e41f05c0f2e3b714710bd2551a3cd74cedd Mon Sep 17 00:00:00 2001
-From: Andrew Cooper <andrew.cooper3@citrix.com>
-Date: Thu, 16 Feb 2023 22:47:50 +0000
-Subject: [PATCH] tools: Remove the use of K&R functions
-
-Clang-15 (as seen in the FreeBSD 14 tests) complains:
-
- xg_main.c:1248 error: a function declaration without a
- prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
- xg_init()
- ^
- void
-
-The error message is a bit confusing but appears to new as part of
--Wdeprecated-non-prototype which is part of supporting C2x which formally
-removes K&R syntax.
-
-Either way, fix the identified function.
-
-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Acked-by: Anthony PERARD <anthony.perard@citrix.com>
----
- tools/debugger/gdbsx/xg/xg_main.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tools/debugger/gdbsx/xg/xg_main.c b/tools/debugger/gdbsx/xg/xg_main.c
-index 4576c762af..580fe237b2 100644
---- a/tools/debugger/gdbsx/xg/xg_main.c
-+++ b/tools/debugger/gdbsx/xg/xg_main.c
-@@ -121,7 +121,7 @@ xgprt(const char *fn, const char *fmt, ...)
- * -1 failure, errno set.
- */
- int
--xg_init()
-+xg_init(void)
- {
- int flags, saved_errno;
-
---
-2.39.0
-
diff --git a/sysutils/xen-tools/files/0001-tools-convert-bitfields-to-unsigned-type.patch b/sysutils/xen-tools/files/0001-tools-convert-bitfields-to-unsigned-type.patch
deleted file mode 100644
index 83b11f35d373..000000000000
--- a/sysutils/xen-tools/files/0001-tools-convert-bitfields-to-unsigned-type.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 99ab02f63ea813f2e467a39a7736bf460a3f3495 Mon Sep 17 00:00:00 2001
-From: Olaf Hering <olaf@aepfle.de>
-Date: Mon, 8 May 2023 16:46:18 +0000
-Subject: [PATCH] tools: convert bitfields to unsigned type
-
-clang complains about the signed type:
-
-implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
-
-The potential ABI change in libxenvchan is covered by the Xen version based SONAME.
-
-Signed-off-by: Olaf Hering <olaf@aepfle.de>
-Reviewed-by: Juergen Gross <jgross@suse.com>
-Acked-by: Anthony PERARD <anthony.perard@citrix.com>
----
- tools/include/libxenvchan.h | 6 +++---
- tools/xentrace/xenalyze.c | 8 ++++----
- 2 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/tools/include/libxenvchan.h b/tools/include/libxenvchan.h
-index 30cc73cf97e3..3d3b8aa8dd79 100644
---- a/tools/include/libxenvchan.h
-+++ b/tools/include/libxenvchan.h
-@@ -79,11 +79,11 @@ struct libxenvchan {
- xenevtchn_handle *event;
- uint32_t event_port;
- /* informative flags: are we acting as server? */
-- int is_server:1;
-+ unsigned int is_server:1;
- /* true if server remains active when client closes (allows reconnection) */
-- int server_persist:1;
-+ unsigned int server_persist:1;
- /* true if operations should block instead of returning 0 */
-- int blocking:1;
-+ unsigned int blocking:1;
- /* communication rings */
- struct libxenvchan_ring read, write;
- /**
-diff --git a/tools/xentrace/xenalyze.c b/tools/xentrace/xenalyze.c
-index 12dcca964645..a50538e9a8c8 100644
---- a/tools/xentrace/xenalyze.c
-+++ b/tools/xentrace/xenalyze.c
-@@ -1377,7 +1377,7 @@ struct hvm_data {
- tsc_t exit_tsc, arc_cycles, entry_tsc;
- unsigned long long rip;
- unsigned exit_reason, event_handler;
-- int short_summary_done:1, prealloc_unpin:1, wrmap_bf:1;
-+ unsigned int short_summary_done:1, prealloc_unpin:1, wrmap_bf:1;
-
- /* Immediate processing */
- void *d;
-@@ -8235,13 +8235,13 @@ void mem_set_p2m_entry_process(struct pcpu_info *p)
-
- struct {
- uint64_t gfn, mfn;
-- int p2mt;
-- int d:16,order:16;
-+ uint32_t p2mt;
-+ uint16_t d, order;
- } *r = (typeof(r))ri->d;
-
- if ( opt.dump_all )
- {
-- printf(" %s set_p2m_entry d%d o%d t %d g %llx m %llx\n",
-+ printf(" %s set_p2m_entry d%u o%u t %u g %llx m %llx\n",
- ri->dump_header,
- r->d, r->order,
- r->p2mt,
---
-2.41.0
-
diff --git a/sysutils/xen-tools/files/0001-xen-x86-Remove-the-use-of-K-R-functions.patch b/sysutils/xen-tools/files/0001-xen-x86-Remove-the-use-of-K-R-functions.patch
deleted file mode 100644
index cab6f0e93b9f..000000000000
--- a/sysutils/xen-tools/files/0001-xen-x86-Remove-the-use-of-K-R-functions.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 22b2fa4766728c3057757c00e79da5f7803fff33 Mon Sep 17 00:00:00 2001
-From: Andrew Cooper <andrew.cooper3@citrix.com>
-Date: Thu, 16 Feb 2023 22:14:12 +0000
-Subject: [PATCH] xen/x86: Remove the use of K&R functions
-
-Clang-15 (as seen in the FreeBSD 14 tests) complains:
-
- arch/x86/time.c:1364:20: error: a function declaration without a
- prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
- s_time_t get_s_time()
- ^
- void
-
-The error message is a bit confusing but appears to new as part of
--Wdeprecated-non-prototype which is part of supporting C2x which formally
-removes K&R syntax.
-
-Either way, fix the identified functions.
-
-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
----
- xen/arch/x86/hvm/vmx/vmcs.c | 2 +-
- xen/arch/x86/time.c | 2 +-
- xen/drivers/passthrough/iommu.c | 4 ++--
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
-index 09edbd23b3..e1c268789e 100644
---- a/xen/arch/x86/hvm/vmx/vmcs.c
-+++ b/xen/arch/x86/hvm/vmx/vmcs.c
-@@ -781,7 +781,7 @@ static int _vmx_cpu_up(bool bsp)
- return 0;
- }
-
--int cf_check vmx_cpu_up()
-+int cf_check vmx_cpu_up(void)
- {
- return _vmx_cpu_up(false);
- }
-diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c
-index 782b11c8a9..4e44a43cc5 100644
---- a/xen/arch/x86/time.c
-+++ b/xen/arch/x86/time.c
-@@ -1361,7 +1361,7 @@ s_time_t get_s_time_fixed(u64 at_tsc)
- return t->stamp.local_stime + scale_delta(delta, &t->tsc_scale);
- }
-
--s_time_t get_s_time()
-+s_time_t get_s_time(void)
- {
- return get_s_time_fixed(0);
- }
-diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
-index 921b71e819..0e187f6ae3 100644
---- a/xen/drivers/passthrough/iommu.c
-+++ b/xen/drivers/passthrough/iommu.c
-@@ -606,7 +606,7 @@ int __init iommu_setup(void)
- return rc;
- }
-
--int iommu_suspend()
-+int iommu_suspend(void)
- {
- if ( iommu_enabled )
- return iommu_call(iommu_get_ops(), suspend);
-@@ -614,7 +614,7 @@ int iommu_suspend()
- return 0;
- }
-
--void iommu_resume()
-+void iommu_resume(void)
- {
- if ( iommu_enabled )
- iommu_vcall(iommu_get_ops(), resume);
---
-2.39.0
-
diff --git a/sysutils/xen-tools/pkg-plist b/sysutils/xen-tools/pkg-plist
index 540f1a1af842..cb512ab9cbc0 100644
--- a/sysutils/xen-tools/pkg-plist
+++ b/sysutils/xen-tools/pkg-plist
@@ -207,7 +207,7 @@ lib/libxlutil.so.4.17.0
%%PYTHON_SITELIBDIR%%/grub/LiloConf.pyc
%%PYTHON_SITELIBDIR%%/grub/__init__.py
%%PYTHON_SITELIBDIR%%/grub/__init__.pyc
-%%PYTHON_SITELIBDIR%%/pygrub-0.6-py%%PYTHON_VER%%.egg-info
+%%PYTHON_SITELIBDIR%%/pygrub-0.7-py%%PYTHON_VER%%.egg-info
%%PYTHON_SITELIBDIR%%/xen-3.0-py%%PYTHON_VER%%.egg-info
%%PYTHON_SITELIBDIR%%/xen/__init__.py
%%PYTHON_SITELIBDIR%%/xen/__init__.pyc