| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
This allows a domU with an arbitrary kernel and initrd to take advantage
of the static root of trust provided by a vTPM.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Acked-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The vTPM protocol now contains a field allowing the locality of a
command to be specified; pass this to the TPM when processing a packet.
While the locality is not currently checked for validity, a binding
between locality and some distinguishing feature of the client domain
(such as the XSM label) will need to be defined in order to properly
support a multi-client vTPM.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
|
|
|
|
|
|
|
|
| |
The vtpm2 ABI supports packets of up to 4088 bytes by default; expose
this property though the TPM's interface so clients do not attempt to
send larger packets.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
|
|
|
|
|
|
|
|
|
| |
When NEWLIB_STAMPFILE is updated but gmp has already been extracted, the mv
command will incorrectly create a subdirectory instead of renaming. Remove the
old target before renaming to fix this.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
| |
If the path to xen-unstable.hg changes (i.e. you move the repo), the symlinks
inside xen-unstable.hg/stubdom/libxc-x86_[32|64]/ all become broken, which
breaks distclean because make attempts to clean inside those first and fails to
find Makefile (which is also a symlink).
Signed-off-by: Andrei Lifchits <andrei.lifchits@citrix.com>
|
|
|
|
|
|
|
|
| |
Removes hardcoded /usr prefix.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These files were left over after
$ git clean -f -dx
$ ./configure
$ make distclean
and picked up by a subsequent.
$ git clean -f -dx
Ensure that these files are also correctly ignored.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Roger Pau Monné <roger.pau@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
| |
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stub domains now use autoconf to build.
This configure script can enable or disable specific domains
and also specify custom download locations for stubdom library
packages. See ./configure --help for details.
C and Caml are disabled by default. vtpm-stubdom is conditional
on the presense of cmake.
Rename vtpmmgrdom to vtpmmgr-stubdom
Also update .*ignore
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add 3 new libraries to stubdom:
libgmp
polarssl
Berlios TPM Emulator 0.7.4
Add makefile structure for vtpm and vtpmmgrdom. Both
vtpm domains are optional builds as vtpm depends on
cmake. To build either of them, you must do so explicitly.
make vtpm-stubdom vtpmmgrdom
Finally, also update .*ignore
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ijc, folded in fix from Matthew to workaround cmake 2.8.2 build failure]
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rpmlint complains a script helper which is only sourced:
[ 1875s] xen-tools.i586: W: script-without-shebang /usr/lib/xen/bin/stubdompath.sh
[ 1875s] This text file has executable bits set or is located in a path dedicated for
[ 1875s] executables, but lacks a shebang and cannot thus be executed. If the file is
[ 1875s] meant to be an executable script, add the shebang, otherwise remove the
[ 1875s] executable bits or move the file elsewhere.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
[ 1758s] xen-tools.x86_64: E: spurious-executable-perm (Badness: 50) /usr/lib/xen/boot/xenstore-stubdom.gz
[ 1758s] The file is installed with executable permissions, but was identified as one
[ 1758s] that probably should not be executable. Verify if the executable bits are
[ 1758s] desired, and remove if not. NOTE: example scripts should be packaged under
[ 1758s] %docdir/examples, which will avoid this warning.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recently I changed my rpm xen.spec file from doing
'make -C tools -j N && make stubdom' to 'make -j N stubdom' because
stubdom depends on tools, so both get built.
The result was the failure below.
....
mkdir -p grub-x86_64
CPPFLAGS="-isystem /home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/../extras/mini-os/include -D__MINIOS__ -DHAVE_LIBC -isystem /home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/../extras/mini-os/include/posix -isystem /home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/../tools/xenstore -isystem /home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/../extras/mini-os/include/x86 -isystem /home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/../extras/mini-os/include/x86/x86_64 -U __linux__ -U __FreeBSD__ -U __sun__ -nostdinc -isystem /home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/../extras/mini-os/include/posix -isystem /home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/cross-root-x86_64/x86_64-xen-elf/include -isystem /usr/lib64/gcc/x86_64-suse-linux/4.7/include -isystem /home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/lwip-x86_64/src/include -isystem /home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/lwip-x86_64/src/include/ipv4 -I/home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/include -I/home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/../xen/include" CFLAGS="-mno-red-zone -O1 -fno-omit-frame-pointer -m64 -mno-red-zone -fno-reorder-blocks -fno-asynchronous-unwind-tables -m64 -g -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -Wno-unused-but-set-variable -fno-stack-protector -fno-exceptions" make DESTDIR= -C grub OBJ_DIR=/home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/grub-x86_64
make[2]: Entering directory `/home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/grub'
make[2]: warning: jobserver unavailable: using -j1. Add `+' to parent make rule.
make[2]: *** INTERNAL: readdir: Bad file descriptor
. Stop.
make[2]: Makefile: Field 'stem' not cached: Makefile
make[2]: Leaving directory `/home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/grub'
make[1]: *** [grub] Error 2
[ -d mini-os-x86_64-xenstore ] || \
for i in $(cd /home/abuild/rpmbuild/BUILD/xen-4.2.25602/non-dbg/stubdom/../extras/mini-os ; find . -type d) ; do \
mkdir -p mini-os-x86_64-xenstore/$i ; \
done
....
Expanding every occurrence of CROSS_MAKE avoids this error. It also has
the nice side effect of actually enabling parallel build for stubdom.
According to the GNU make documentation $(MAKE) gets its special meaning
only if it appears directly in the recipe:
http://www.gnu.org/software/make/manual/html_node/MAKE-Variable.html
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
We want to ensure that patches apply cleanly without rejects. Bail if
patch returns a non-zero exit code.
Signed-off-by: Matt Wilson <msw@amazon.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of using CONFIG_QEMU and CONFIG_GRUB to enable or disable minios
code, create CONFIG_ items for features and use application-specific
configuration files to enable or disable the features.
The configuration flags are currently added to the compiler command
line; as the number of flags grows this may need to move to a header.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
| |
From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
| |
GNU make prior to 3.81 doesn't support $(realpath ...). This fixes a
regression introduced in 23368:0f670f5146c8 (the option tested via
cc-option-add got interpreted as the argument of the -I compiler
option, as its intended argument was blank, and hence the compiler was
falsely considered to support *any* option in the pciutils sub-tree).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
| |
Otherwise make can search the path relative to certain standard paths
such as /usr/include (e.g., the line '-include $(XEN_ROOT)/.config' in
Config.mk suffers from this).
Signed-off-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
| |
The changeset
qemu-xen: build adjustments to support out-of-tree builds
works after all. Sorry for the noise.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
| |
It appears that the changeset
qemu-xen: build adjustments to support out-of-tree builds
broke the build.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QEMU by itself can be built outside of its source directory. With the
qemu repository being separate from the hypervisor/tools one it seems
to make sense to make use of this feature, but doing so requires a
couple of adjustments to the Xen changes to it. Basically, if
CONFIG_QEMU is found to indicate an existing directory, this directory
will be used rather than cloning the git repo into the build tree.
[ This changeset is the xen-unstable part of the patch but also
includes the QEMU_TAG update to pull in the qemu part. -iwj ]
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
| |
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the AMD64 ABI, the 128-byte area below %rsp is reserved
for scratch space and should not be used by signal, interrupt, or
exception handlers. However, Mini-OS does not adhere to this
interface. As a result, the -mno-red-zone flag must be provided to gcc
in order to force code to be compiled without this assumption. In the
case of the c-stubdom or the ioemu stubdom, Makefile configuration and
flags are inherited from Xen, which includes this flag. However, in
the case of the ocaml stubdom, since an independent ocaml version is
pulled and compiled, with its own make system in place, this flag is
not present.
As a default optimisation (no optimisation flags specified), gcc
generates function header code that uses mov instead of push (to save
a few instructions). However, with the 128-byte scratch space
assumption in place, registers are moved onto the stack *before* %rsp
is updated. This results in cases where when a function is being
called, *after* the first mov <foo>, <offset>(%rsp) but *before* the
%rsp update, sub <bar>, %rsp, if an interrupt is fired, then the stack
will be clobbered (as Mini-OS uses the application stack for its
stack, pushing registers onto the stack on entry and popping them off
on exit).
This patch fixes this issue by passing the -mno-red-zone flag to the
ocaml configure script in the stubdom Makefile.
Signed-off-by: Patrick Colp <pjcolp@cs.ubc.ca>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The provided sample caml stubdom needs to use the ocaml cross
compiler, but if it hasn't been downloaded and compiled, then it won't
find it and the build will fail. This makes caml-stubdom depend on
the cross compiler, so it will automatically get built before the
stubdom.
Signed-off-by: Patrick Colp <pjcolp@cs.ubc.ca>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
| |
targets.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The stubdom/Makefile expects components to install themselves to
stubdom/$(CROSS_ROOT) and passes the appropriate configure and make
variables to make this happen.
However if the top-level build uses DESTDIR then this not only effects
the installation targets in stubdom/Makefile but is also propagated to
the individual components' build causing them to install into an
unexpected location and breaking the build.
In other words "make -C stubdom DESTDIR=/tmp/a-dest-dir" fails due to missing
headers because they had been installed into /tmp/a-dest-dir instead of
stubdom/$(CROSS_ROOT).
The existing attempt to clear DESTDIR for the newlib install phase was
insufficient.
Define a CROSS_MAKE variable which should be used to recurse into the
cross compiled components and which clears DESTDIR.
Also move the definition of the genpath target to after the first
"all" target so that the default target is all.
I have confirmed that with this fix only the Xen build system outputs end up in
/tmp/a-dest-dir.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
Newlib unaccountably defines _daylight, _timezone and _tzname, rather
than daylight, timezone and tzname. The latter are specified in
SuSv3.
So do a global search and replace as part of our newlib patching :-(.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a few places in the tree the Makefiles have constructs like this:
one_file another_file:
$(COMMAND_WHICH_GENERATES_BOTH_AT_ONCE)
This is wrong, because make will run _two copies_ of the same command
at once. This generally causes races and hard-to-reproduce build
failures.
Notably, `make -j4' at the top level will build stubdom libxc twice
simultaneously!
In this patch we replace the occurrences of this construct with the
correct idiom:
one_file: another_file
another_file:
$(COMMAND_WHICH_GENERATES_BOTH_AT_ONCE)
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
|
| |
The headers libelf.h and elfstructs.h were removed from
xen/include/public in 19011:7df072566b8c. But this broke the stubdom
build because parts of libxc depend on them. This patch adds
$(XEN_ROOT)/xen/include/xen to the stubdom -I path.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
|
|
|
| |
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
|
|
|
| |
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
|
|
|
|
|
|
| |
Attached patch installs ioemu-stubdom into XENFIRMWAREDIR
analogous to what we do with hvmloader.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Have the buid system generate a file which exports the install paths
for the hotplug scripts and stubdom / stubdom-dm
- Move file generation code from tools/python/Makefile into a gmake
macro
in Config.mk to avoid maintenance of three duplicates each with its
own
tweaks and bugs
- Export gmake variables into ioemu as shell variables
for upcoming ioemu patches
- Do above as a gmake macro to avoid maintenance of several duplicates
- Adjust hotplug scripts to find the right xen binaries from the
install directory
- Adjust stubdom-dm to use the install directories
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
|
|
|
|
|
|
|
|
| |
if they are to be linked with object files created by ocamlc and the minios
kernel.
This is needed to build stubdoms written in ocaml.
Signed-off-by: Alex Zeffertt <alex.zeffertt@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
|
|
|
|
|
|
|
| |
Add __stack_chk_fail to mini-os and __sprintf_chk __fprintf_chk to
newlib, to cope with ocaml runtimes compiled with -fstack-protector.
From: "George S. Coker, II" <gscoker@alpha.ncsc.mil>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
|
|
|
| |
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
xen-setup runs the upstream configure script, and ends up
autodetecting various properties of the host and then trying to use
them in stubdom, which works badly.
In commit c609854fe18aab3216f28e1e5291b75970d398d5 in
qemu-xen-unstable we provide a new `xen-setup-stubdom' script, which
hardcodes the relevant answers.
With these two changes, stubdom should compile again.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
| |
We need to disable libvde in the stubdom qemu-xen configuration.
Thanks to Jun Koi for the report and testing.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Changeset 19011:7df072566b8c moved some of the libelf headers.
However, no changes were made to stubdom/Makefile.
stubdom/Makefile unfortunately contains embedded in it knowledge about
the header directory structures, and must therefore typically be
updated if new header directories are created.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I have copied the tarballs that the xen-unstable build downloads to
xenbits.xensource.com (which also hosts our hg and git). This patch
changes the download URLs to use that location.
That way the build will depend on only one external machine, under one
administration, rather than many. Also it means that the build won't
break if these sites become permanently unavailable or are rearranged
and we don't run a risk of having to panic and beg if a file should go
missing.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the stubdom/ioemu link farm creation in stubdom/Makefile,
with code which arranges that:
* No symlinks are made for output files - in particular, any
symlinks for .d files would be written through by the compiler
and cause damage to the original tree and other strange
behaviours
* All subdirectories are made as local subdirectories rather than
links
* Any interrupted or half-completed creation of the link farm
leaves the directory in a state where the link farming will be
restarted
* We use make's inherent ability to test for the existence of files
rather than using [ -f ... ] at the start of the rule's commands
* The list of files to be excluded from the link farm can be
easily updated
etc.
This should fix some problems particularly with parallel builds,
or by-hand builds where directories are entered in other than the
usual order.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Move code for generating an absolute version of XEN_ROOT
into a common make variable set in Config.mk
* Use this common code when invoking make -C ioemu-dir clean
from tools/, which avoids a problem where `make clean' fails
because qemu's (ioemu-remote's) build system wants to run
`make clean' in `tests' but XEN_ROOT is a confection involving
../'s.
* Use this common code in stubdom/Makefile, instead of $(abspath...)
as the latter is a relatively new feature in GNU make and is not
available in all the places that we want to be able to build
(cf c/s 17997:3f23e01d31985899dbd1660b166f229f1ee74292)
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
| |
Remove the CONFIG_QEMU override; fixing lwip isystem path.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
| |
It may be used in subdirectories indirectly (e.g., as path component
of $(INSTALL)).
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|