| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
This includes a few headers to fix some missing function declarations.
../grub-upstream/stage2/builtins.c:1728:3: warning: implicit declaration of function ‘do_exit’ [-Wimplicit-function-declaration]
stubdom/include/xen/libelf/libelf.h:453:5: warning: implicit declaration of function ‘memcpy’ [-Wimplicit-function-declaration]
Reported-by: IAN DELANEY <della5@iinet.com.au>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
| |
This allows a domU with an arbitrary kernel and initrd to take advantage
of the static root of trust provided by a vTPM.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Acked-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allowing user supplied kernels of arbitrary sizes, especially during
decompression, can swallow up dom0 memory leading to either virtual
address space exhaustion in the builder process or allocation
failures/OOM killing of both toolstack and unrelated processes.
We disable these checks when building in a stub domain for pvgrub
since this uses the guest's own memory and is isolated.
Decompression of gzip compressed kernels and ramdisks has been safe
since 14954:58205257517d (Xen 3.1.0 onwards).
This is XSA-25 / CVE-2012-4544.
Also make explicit checks for buffer overflows in various
decompression routines. These were already ruled out due to other
properties of the code but check them as a belt-and-braces measure.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
| |
This changeset was contaminated by changes hanging around in my
working tree. Sorry :-(.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The goto in both of these places misses the event free which would
normally clean up.
==8655== 80 bytes in 1 blocks are definitely lost in loss record 1 of 1
==8655== at 0x4024370: calloc (vg_replace_malloc.c:593)
==8655== by 0x406EAAE: libxl__zalloc (libxl_internal.c:83)
==8655== by 0x4078173: libxl__event_new (libxl_event.c:1167)
==8655== by 0x4056373: domain_death_occurred (libxl.c:958)
==8655== by 0x4058D06: domain_death_xswatch_callback (libxl.c:1038)
==8655== by 0x4078EB5: watchfd_callback (libxl_event.c:458)
==8655== by 0x407839E: afterpoll_internal (libxl_event.c:949)
==8655== by 0x4079142: eventloop_iteration (libxl_event.c:1371)
==8655== by 0x40799BB: libxl_event_wait (libxl_event.c:1396)
==8655== by 0x805CC67: create_domain (xl_cmdimpl.c:1698)
==8655== by 0x805E001: main_create (xl_cmdimpl.c:3986)
==8655== by 0x804D43D: main (xl.c:285)
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
| |
[ 1333s] mini-os.c: In function 'load_module':
[ 1333s] mini-os.c:244: warning: statement with no effect
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of using CONFIG_QEMU and CONFIG_GRUB to enable or disable minios
code, create CONFIG_ items for features and use application-specific
configuration files to enable or disable the features.
The configuration flags are currently added to the compiler command
line; as the number of flags grows this may need to move to a header.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduction of Linux Kernel git commit
ceefccc93932b920a8ec6f35f596db05202a12fe (x86: default
CONFIG_PHYSICAL_START and CONFIG_PHYSICAL_ALIGN to 16 MB) revealed
deeply hidden bug in pv-grub. During kernel load stage dom->p2m_host[]
list has been incorrectly initialized.
At the beginning of kernel load stage dom->p2m_host[] list is
populated with current PFN->MFN layout. Later during memory allocation
(memory is allocated page by page in kexec_allocate()) page order is
changed to establish linear layout in new domain. It is done by
exchanging subsequent MFNs with newly allocated MFNs. dom->p2m_host[]
list is indexed by currently requested PFN (it is incremented from 0)
and PFN of newly allocated paged. If PFN of newly allocated page is
less than currently requested PFN then earlier allocated MFN is
overwritten which leads to domain crash later. This patch corrects
that issue. If PFN of newly allocated page is less then currently
requested PFN then relevant PFN/MFN pair is properly calculated and
usual exchange occurs later.
Signed-off-by: Daniel Kiper <dkiper@net-space.pl>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
| |
|
|
|
|
|
|
| |
Otherwise make can search the path relative to certain standard paths
such as /usr/include (e.g., the line '-include $(XEN_ROOT)/.config' in
Config.mk suffers from this).
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch eliminate the global variables in libxenctrl (used for
logging and error reporting).
Instead the information which was in the global variables is now in a
new xc_interface* opaque structure, which xc_interface open returns
instead of the raw file descriptor; furthermore, logging is done via
xentoollog.
There are three new parameters to xc_interface_open to control the
logging, but existing callers can just pass "0" for all three to get
the old behaviour.
All libxc callers have been adjusted accordingly.
Also update QEMU_TAG for corresponding qemu change.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
| |
When no fb is available, init_fbfront will return, so the local
semaphore for synchronization with the kbd thread would get dropped.
Using a global static semaphore instead fixes this.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
| |
|
|
|
|
|
|
|
| |
This defines how multiple modules can be passed to a domain by packing
them together into a "multiboot module" in a way very similar to the
multiboot standard. An SIF_ flag is added to announce such package.
This also adds a packing implementation to PV-GRUB.
Signed-Off-By: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
| |
|
|
| |
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
|
|
| |
This requires suffixing obj directories and having grub compiled
outside sources.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
|
| |
|
|
| |
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
|
| |
|
|
| |
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
|
| |
|
|
| |
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
|
| |
|
|
| |
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
|
|
|
This fetches GRUB1 sources, applies the {graphical, print function,
save default, and ext3_256byte} patches from debian, and applies a
patch to make it work on x86_64 and port it to Mini-OS. By using
libxc, PV-GRUB can then "kexec" the loaded kernel from inside the
domain itself, hence permitting to avoid the security-concerned
pygrub.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
|
