head 1.2; access; symbols pkgsrc-2015Q4:1.1.0.4 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2016.01.08.13.24.29; author bouyer; state dead; branches; next 1.1; commitid dF0w51B9H3ZR98Qy; 1.1 date 2015.10.29.20.40.53; author bouyer; state Exp; branches 1.1.2.1 1.1.4.1; next ; commitid ggSawe8Fa058S2Hy; 1.1.2.1 date 2015.10.29.20.40.53; author bsiegert; state dead; branches; next 1.1.2.2; commitid 7532M62EP3rPUOHy; 1.1.2.2 date 2015.11.04.21.22.27; author bsiegert; state Exp; branches; next ; commitid 7532M62EP3rPUOHy; 1.1.4.1 date 2016.01.11.22.12.33; author bsiegert; state dead; branches; next ; commitid KbJ6DapSMpov0zQy; desc @@ 1.2 log @Update xenkernel45 and xentools45 to 4.5.2. Changes since 4.5.1 includes security fixes (most of which were already in our local patches) and bug fixes. The complete list of changes is there: http://www.xenproject.org/downloads/xen-archives/xen-45-series/xen-452.html @ text @$NetBSD: patch-CVE-2015-7970,v 1.1 2015/10/29 20:40:53 bouyer Exp $ Patch for CVE-2015-7970 aka XSA-150, from http://xenbits.xenproject.org/xsa/xsa150.patch --- xen/arch/x86/mm/p2m-pod.c.orig +++ xen/arch/x86/mm/p2m-pod.c @@@@ -920,28 +920,6 @@@@ p2m_pod_zero_check(struct p2m_domain *p2 } #define POD_SWEEP_LIMIT 1024 - -/* When populating a new superpage, look at recently populated superpages - * hoping that they've been zeroed. This will snap up zeroed pages as soon as - * the guest OS is done with them. */ -static void -p2m_pod_check_last_super(struct p2m_domain *p2m, unsigned long gfn_aligned) -{ - unsigned long check_gfn; - - ASSERT(p2m->pod.last_populated_index < POD_HISTORY_MAX); - - check_gfn = p2m->pod.last_populated[p2m->pod.last_populated_index]; - - p2m->pod.last_populated[p2m->pod.last_populated_index] = gfn_aligned; - - p2m->pod.last_populated_index = - ( p2m->pod.last_populated_index + 1 ) % POD_HISTORY_MAX; - - p2m_pod_zero_check_superpage(p2m, check_gfn); -} - - #define POD_SWEEP_STRIDE 16 static void p2m_pod_emergency_sweep(struct p2m_domain *p2m) @@@@ -982,7 +960,7 @@@@ p2m_pod_emergency_sweep(struct p2m_domai * NB that this is a zero-sum game; we're increasing our cache size * by re-increasing our 'debt'. Since we hold the pod lock, * (entry_count - count) must remain the same. */ - if ( p2m->pod.count > 0 && i < limit ) + if ( i < limit && (p2m->pod.count > 0 || hypercall_preempt_check()) ) break; } @@@@ -994,6 +972,58 @@@@ p2m_pod_emergency_sweep(struct p2m_domai } +static void pod_eager_reclaim(struct p2m_domain *p2m) +{ + struct pod_mrp_list *mrp = &p2m->pod.mrp; + unsigned int i = 0; + + /* + * Always check one page for reclaimation. + * + * If the PoD pool is empty, keep checking some space is found, or all + * entries have been exhaused. + */ + do + { + unsigned int idx = (mrp->idx + i++) % ARRAY_SIZE(mrp->list); + unsigned long gfn = mrp->list[idx]; + + if ( gfn != INVALID_GFN ) + { + if ( gfn & POD_LAST_SUPERPAGE ) + { + gfn &= ~POD_LAST_SUPERPAGE; + + if ( p2m_pod_zero_check_superpage(p2m, gfn) == 0 ) + { + unsigned int x; + + for ( x = 0; x < SUPERPAGE_PAGES; ++x, ++gfn ) + p2m_pod_zero_check(p2m, &gfn, 1); + } + } + else + p2m_pod_zero_check(p2m, &gfn, 1); + + mrp->list[idx] = INVALID_GFN; + } + + } while ( (p2m->pod.count == 0) && (i < ARRAY_SIZE(mrp->list)) ); +} + +static void pod_eager_record(struct p2m_domain *p2m, + unsigned long gfn, unsigned int order) +{ + struct pod_mrp_list *mrp = &p2m->pod.mrp; + + ASSERT(mrp->list[mrp->idx] == INVALID_GFN); + ASSERT(gfn != INVALID_GFN); + + mrp->list[mrp->idx++] = + gfn | (order == PAGE_ORDER_2M ? POD_LAST_SUPERPAGE : 0); + mrp->idx %= ARRAY_SIZE(mrp->list); +} + int p2m_pod_demand_populate(struct p2m_domain *p2m, unsigned long gfn, unsigned int order, @@@@ -1034,6 +1064,8 @@@@ p2m_pod_demand_populate(struct p2m_domai return 0; } + pod_eager_reclaim(p2m); + /* Only sweep if we're actually out of memory. Doing anything else * causes unnecessary time and fragmentation of superpages in the p2m. */ if ( p2m->pod.count == 0 ) @@@@ -1070,6 +1102,8 @@@@ p2m_pod_demand_populate(struct p2m_domai p2m->pod.entry_count -= (1 << order); BUG_ON(p2m->pod.entry_count < 0); + pod_eager_record(p2m, gfn_aligned, order); + if ( tb_init_done ) { struct { @@@@ -1085,12 +1119,6 @@@@ p2m_pod_demand_populate(struct p2m_domai __trace_var(TRC_MEM_POD_POPULATE, 0, sizeof(t), &t); } - /* Check the last guest demand-populate */ - if ( p2m->pod.entry_count > p2m->pod.count - && (order == PAGE_ORDER_2M) - && (q & P2M_ALLOC) ) - p2m_pod_check_last_super(p2m, gfn_aligned); - pod_unlock(p2m); return 0; out_of_memory: --- xen/arch/x86/mm/p2m.c.orig +++ xen/arch/x86/mm/p2m.c @@@@ -58,6 +58,7 @@@@ boolean_param("hap_2mb", opt_hap_2mb); /* Init the datastructures for later use by the p2m code */ static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) { + unsigned int i; int ret = 0; mm_rwlock_init(&p2m->lock); @@@@ -73,6 +74,9 @@@@ static int p2m_initialise(struct domain p2m->np2m_base = P2M_BASE_EADDR; + for ( i = 0; i < ARRAY_SIZE(p2m->pod.mrp.list); ++i ) + p2m->pod.mrp.list[i] = INVALID_GFN; + if ( hap_enabled(d) && cpu_has_vmx ) ret = ept_p2m_init(p2m); else --- xen/include/asm-x86/p2m.h.orig +++ xen/include/asm-x86/p2m.h @@@@ -292,10 +292,20 @@@@ struct p2m_domain { entry_count; /* # of pages in p2m marked pod */ unsigned long reclaim_single; /* Last gpfn of a scan */ unsigned long max_guest; /* gpfn of max guest demand-populate */ -#define POD_HISTORY_MAX 128 - /* gpfn of last guest superpage demand-populated */ - unsigned long last_populated[POD_HISTORY_MAX]; - unsigned int last_populated_index; + + /* + * Tracking of the most recently populated PoD pages, for eager + * reclamation. + */ + struct pod_mrp_list { +#define NR_POD_MRP_ENTRIES 32 + +/* Encode ORDER_2M superpage in top bit of GFN */ +#define POD_LAST_SUPERPAGE (INVALID_GFN & ~(INVALID_GFN >> 1)) + + unsigned long list[NR_POD_MRP_ENTRIES]; + unsigned int idx; + } mrp; mm_lock_t lock; /* Locking of private pod structs, * * not relying on the p2m lock. */ } pod; @ 1.1 log @Add patches from Xen security advisory, fixing: CVE-2015-7835 aka XSA-148 CVE-2015-7869 aka XSA-149 + XSA-151 CVE-2015-7970 aka XSA-150 CVE-2015-7971 aka XSA-152 Bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: patch-CVE-2015-2752,v 1.1 2015/04/19 13:13:20 spz Exp $ @ 1.1.4.1 log @Pullup ticket #4888 - requested by bouyer sysutils/xenkernel45: security fix sysutils/xentools45: security fix Revisions pulled up: - sysutils/xenkernel45/Makefile 1.12-1.13 - sysutils/xenkernel45/distinfo 1.12-1.13 - sysutils/xenkernel45/patches/patch-CVE-2015-5307 1.1 - sysutils/xenkernel45/patches/patch-CVE-2015-7835 deleted - sysutils/xenkernel45/patches/patch-CVE-2015-7969 deleted - sysutils/xenkernel45/patches/patch-CVE-2015-7970 deleted - sysutils/xenkernel45/patches/patch-CVE-2015-7971 deleted - sysutils/xenkernel45/patches/patch-CVE-2015-8339 1.1 - sysutils/xenkernel45/patches/patch-CVE-2015-8555 1.1 - sysutils/xenkernel45/patches/patch-XSA-166 1.1 - sysutils/xentools45/Makefile 1.22-1.24 - sysutils/xentools45/PLIST 1.4 - sysutils/xentools45/distinfo 1.14-1.16 - sysutils/xentools45/patches/patch-CVE-2015-8341 1.1 - sysutils/xentools45/patches/patch-CVE-2015-8550 1.1 - sysutils/xentools45/patches/patch-CVE-2015-8554 1.1 - sysutils/xentools45/patches/patch-Makefile 1.2 - sysutils/xentools45/patches/patch-XSA135 deleted - sysutils/xentools45/patches/patch-XSA137 deleted - sysutils/xentools45/patches/patch-XSA138 deleted - sysutils/xentools45/patches/patch-XSA139 deleted - sysutils/xentools45/patches/patch-XSA140 deleted --- Module Name: pkgsrc Committed By: jnemeth Date: Thu Dec 31 13:27:10 UTC 2015 Modified Files: pkgsrc/sysutils/xentools45: Makefile PLIST distinfo pkgsrc/sysutils/xentools45/patches: patch-Makefile Log Message: Stop installing xenbackendd. It is leftover cruft from the xm toolstack. Running it will interfere with the operation of the xl toolstack, so it should never be used now that the xm toolstack is gone. --- Module Name: pkgsrc Committed By: bouyer Date: Thu Jan 7 17:48:34 UTC 2016 Modified Files: pkgsrc/sysutils/xenkernel45: Makefile distinfo pkgsrc/sysutils/xentools45: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-5307 patch-CVE-2015-8339 patch-CVE-2015-8555 patch-XSA-166 pkgsrc/sysutils/xentools45/patches: patch-CVE-2015-8341 patch-CVE-2015-8550 patch-CVE-2015-8554 Log Message: Apply patches from Xen repository, fixing: CVE-2015-5307 and CVE-2015-8104 aka XSA-156 CVE-2015-8339 and CVE-2015-8340 aka XSA-159 CVE-2015-8555 aka XSA-165 XSA-166 CVE-2015-8341 aka XSA-160 CVE-2015-8550 aka XSA-155 Bump pkgrevision --- Module Name: pkgsrc Committed By: bouyer Date: Fri Jan 8 13:24:29 UTC 2016 Modified Files: pkgsrc/sysutils/xenkernel45: Makefile distinfo pkgsrc/sysutils/xentools45: Makefile distinfo Removed Files: pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-7835 patch-CVE-2015-7969 patch-CVE-2015-7970 patch-CVE-2015-7971 pkgsrc/sysutils/xentools45/patches: patch-XSA135 patch-XSA137 patch-XSA138 patch-XSA139 patch-XSA140 Log Message: Update xenkernel45 and xentools45 to 4.5.2. Changes since 4.5.1 includes security fixes (most of which were already in our local patches) and bug fixes. The complete list of changes is there: http://www.xenproject.org/downloads/xen-archives/xen-45-series/xen-452.html @ text @d1 1 a1 1 $NetBSD: patch-CVE-2015-7970,v 1.1 2015/10/29 20:40:53 bouyer Exp $ @ 1.1.2.1 log @file patch-CVE-2015-7970 was added on branch pkgsrc-2015Q3 on 2015-11-04 21:22:27 +0000 @ text @d1 182 @ 1.1.2.2 log @Pullup ticket #4850 - requested by bouyer sysutils/xenkernel45: security fix Revisions pulled up: - sysutils/xenkernel45/Makefile 1.10 - sysutils/xenkernel45/distinfo 1.10 - sysutils/xenkernel45/patches/patch-CVE-2015-7835 1.1 - sysutils/xenkernel45/patches/patch-CVE-2015-7969 1.1 - sysutils/xenkernel45/patches/patch-CVE-2015-7970 1.1 - sysutils/xenkernel45/patches/patch-CVE-2015-7971 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Thu Oct 29 20:40:53 UTC 2015 Modified Files: pkgsrc/sysutils/xenkernel45: Makefile Added Files: pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-7835 patch-CVE-2015-7969 patch-CVE-2015-7970 patch-CVE-2015-7971 Log Message: Add patches from Xen security advisory, fixing: CVE-2015-7835 aka XSA-148 CVE-2015-7869 aka XSA-149 + XSA-151 CVE-2015-7970 aka XSA-150 CVE-2015-7971 aka XSA-152 Bump PKGREVISION --- Module Name: pkgsrc Committed By: bouyer Date: Fri Oct 30 07:46:36 UTC 2015 Modified Files: pkgsrc/sysutils/xenkernel45: distinfo Log Message: Add patch entries from previous security commit. Pointed out by Takahiro Hayashi, thanks ! @ text @a0 182 $NetBSD$ Patch for CVE-2015-7970 aka XSA-150, from http://xenbits.xenproject.org/xsa/xsa150.patch --- xen/arch/x86/mm/p2m-pod.c.orig +++ xen/arch/x86/mm/p2m-pod.c @@@@ -920,28 +920,6 @@@@ p2m_pod_zero_check(struct p2m_domain *p2 } #define POD_SWEEP_LIMIT 1024 - -/* When populating a new superpage, look at recently populated superpages - * hoping that they've been zeroed. This will snap up zeroed pages as soon as - * the guest OS is done with them. */ -static void -p2m_pod_check_last_super(struct p2m_domain *p2m, unsigned long gfn_aligned) -{ - unsigned long check_gfn; - - ASSERT(p2m->pod.last_populated_index < POD_HISTORY_MAX); - - check_gfn = p2m->pod.last_populated[p2m->pod.last_populated_index]; - - p2m->pod.last_populated[p2m->pod.last_populated_index] = gfn_aligned; - - p2m->pod.last_populated_index = - ( p2m->pod.last_populated_index + 1 ) % POD_HISTORY_MAX; - - p2m_pod_zero_check_superpage(p2m, check_gfn); -} - - #define POD_SWEEP_STRIDE 16 static void p2m_pod_emergency_sweep(struct p2m_domain *p2m) @@@@ -982,7 +960,7 @@@@ p2m_pod_emergency_sweep(struct p2m_domai * NB that this is a zero-sum game; we're increasing our cache size * by re-increasing our 'debt'. Since we hold the pod lock, * (entry_count - count) must remain the same. */ - if ( p2m->pod.count > 0 && i < limit ) + if ( i < limit && (p2m->pod.count > 0 || hypercall_preempt_check()) ) break; } @@@@ -994,6 +972,58 @@@@ p2m_pod_emergency_sweep(struct p2m_domai } +static void pod_eager_reclaim(struct p2m_domain *p2m) +{ + struct pod_mrp_list *mrp = &p2m->pod.mrp; + unsigned int i = 0; + + /* + * Always check one page for reclaimation. + * + * If the PoD pool is empty, keep checking some space is found, or all + * entries have been exhaused. + */ + do + { + unsigned int idx = (mrp->idx + i++) % ARRAY_SIZE(mrp->list); + unsigned long gfn = mrp->list[idx]; + + if ( gfn != INVALID_GFN ) + { + if ( gfn & POD_LAST_SUPERPAGE ) + { + gfn &= ~POD_LAST_SUPERPAGE; + + if ( p2m_pod_zero_check_superpage(p2m, gfn) == 0 ) + { + unsigned int x; + + for ( x = 0; x < SUPERPAGE_PAGES; ++x, ++gfn ) + p2m_pod_zero_check(p2m, &gfn, 1); + } + } + else + p2m_pod_zero_check(p2m, &gfn, 1); + + mrp->list[idx] = INVALID_GFN; + } + + } while ( (p2m->pod.count == 0) && (i < ARRAY_SIZE(mrp->list)) ); +} + +static void pod_eager_record(struct p2m_domain *p2m, + unsigned long gfn, unsigned int order) +{ + struct pod_mrp_list *mrp = &p2m->pod.mrp; + + ASSERT(mrp->list[mrp->idx] == INVALID_GFN); + ASSERT(gfn != INVALID_GFN); + + mrp->list[mrp->idx++] = + gfn | (order == PAGE_ORDER_2M ? POD_LAST_SUPERPAGE : 0); + mrp->idx %= ARRAY_SIZE(mrp->list); +} + int p2m_pod_demand_populate(struct p2m_domain *p2m, unsigned long gfn, unsigned int order, @@@@ -1034,6 +1064,8 @@@@ p2m_pod_demand_populate(struct p2m_domai return 0; } + pod_eager_reclaim(p2m); + /* Only sweep if we're actually out of memory. Doing anything else * causes unnecessary time and fragmentation of superpages in the p2m. */ if ( p2m->pod.count == 0 ) @@@@ -1070,6 +1102,8 @@@@ p2m_pod_demand_populate(struct p2m_domai p2m->pod.entry_count -= (1 << order); BUG_ON(p2m->pod.entry_count < 0); + pod_eager_record(p2m, gfn_aligned, order); + if ( tb_init_done ) { struct { @@@@ -1085,12 +1119,6 @@@@ p2m_pod_demand_populate(struct p2m_domai __trace_var(TRC_MEM_POD_POPULATE, 0, sizeof(t), &t); } - /* Check the last guest demand-populate */ - if ( p2m->pod.entry_count > p2m->pod.count - && (order == PAGE_ORDER_2M) - && (q & P2M_ALLOC) ) - p2m_pod_check_last_super(p2m, gfn_aligned); - pod_unlock(p2m); return 0; out_of_memory: --- xen/arch/x86/mm/p2m.c.orig +++ xen/arch/x86/mm/p2m.c @@@@ -58,6 +58,7 @@@@ boolean_param("hap_2mb", opt_hap_2mb); /* Init the datastructures for later use by the p2m code */ static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) { + unsigned int i; int ret = 0; mm_rwlock_init(&p2m->lock); @@@@ -73,6 +74,9 @@@@ static int p2m_initialise(struct domain p2m->np2m_base = P2M_BASE_EADDR; + for ( i = 0; i < ARRAY_SIZE(p2m->pod.mrp.list); ++i ) + p2m->pod.mrp.list[i] = INVALID_GFN; + if ( hap_enabled(d) && cpu_has_vmx ) ret = ept_p2m_init(p2m); else --- xen/include/asm-x86/p2m.h.orig +++ xen/include/asm-x86/p2m.h @@@@ -292,10 +292,20 @@@@ struct p2m_domain { entry_count; /* # of pages in p2m marked pod */ unsigned long reclaim_single; /* Last gpfn of a scan */ unsigned long max_guest; /* gpfn of max guest demand-populate */ -#define POD_HISTORY_MAX 128 - /* gpfn of last guest superpage demand-populated */ - unsigned long last_populated[POD_HISTORY_MAX]; - unsigned int last_populated_index; + + /* + * Tracking of the most recently populated PoD pages, for eager + * reclamation. + */ + struct pod_mrp_list { +#define NR_POD_MRP_ENTRIES 32 + +/* Encode ORDER_2M superpage in top bit of GFN */ +#define POD_LAST_SUPERPAGE (INVALID_GFN & ~(INVALID_GFN >> 1)) + + unsigned long list[NR_POD_MRP_ENTRIES]; + unsigned int idx; + } mrp; mm_lock_t lock; /* Locking of private pod structs, * * not relying on the p2m lock. */ } pod; @