| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
The emacs variable to set the C style from a local variable block is
c-file-style, not c-set-style.
Signed-off-by: David Vrabel <david.vrabel@citrix.com
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In particular we need to check that adding 512KB of slack and
rounding up to a 4MB boundary do not overflow the guest's memory
allocation. Otherwise we run off the end of the p2m when building the
guest's initial page tables and populate them with garbage.
Wei noticed this when build tiny (2MB) mini-os domains.
Reported-by: Wei Liu <Wei.Liu2@citrix.com>
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allowing user supplied kernels of arbitrary sizes, especially during
decompression, can swallow up dom0 memory leading to either virtual
address space exhaustion in the builder process or allocation
failures/OOM killing of both toolstack and unrelated processes.
We disable these checks when building in a stub domain for pvgrub
since this uses the guest's own memory and is isolated.
Decompression of gzip compressed kernels and ramdisks has been safe
since 14954:58205257517d (Xen 3.1.0 onwards).
This is XSA-25 / CVE-2012-4544.
Also make explicit checks for buffer overflows in various
decompression routines. These were already ruled out due to other
properties of the code but check them as a belt-and-braces measure.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
| |
This changeset was contaminated by changes hanging around in my
working tree. Sorry :-(.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The goto in both of these places misses the event free which would
normally clean up.
==8655== 80 bytes in 1 blocks are definitely lost in loss record 1 of 1
==8655== at 0x4024370: calloc (vg_replace_malloc.c:593)
==8655== by 0x406EAAE: libxl__zalloc (libxl_internal.c:83)
==8655== by 0x4078173: libxl__event_new (libxl_event.c:1167)
==8655== by 0x4056373: domain_death_occurred (libxl.c:958)
==8655== by 0x4058D06: domain_death_xswatch_callback (libxl.c:1038)
==8655== by 0x4078EB5: watchfd_callback (libxl_event.c:458)
==8655== by 0x407839E: afterpoll_internal (libxl_event.c:949)
==8655== by 0x4079142: eventloop_iteration (libxl_event.c:1371)
==8655== by 0x40799BB: libxl_event_wait (libxl_event.c:1396)
==8655== by 0x805CC67: create_domain (xl_cmdimpl.c:1698)
==8655== by 0x805E001: main_create (xl_cmdimpl.c:3986)
==8655== by 0x804D43D: main (xl.c:285)
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
| |
Includes ARM zImage support.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Stefano Stabellini <Stefano.Stabellini@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
# User Ian Campbell <ian.campbell@citrix.com>
# Date 1282671421 -3600
# Node ID d1dd29a470ef1b9d2c77478a123326036dfe90bb
# Parent d7a4adad9c328decbd384d87b23001aea8951b86
tools/libxc, tools/libelf: Relicense under LGPL v2.1
Relicense these two libraries under LGPL v2.1 only except where
individual files already included the "or later" provision.
Copyright holders have been contacted by Stephen Spector and have all
agreed this change.
Removed tools/libxc/ia64/aclinux.h since it appeared to be
unused. There is a separate, more up to date, copy in
xen/include/acpi/platform/aclinux.h which does appear to be used.
Clarify the license of MiniOS privcmd.h under the same terms as other
tools/include/xen-sys headers.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Stephen Spector <stephen.spector@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch eliminate the global variables in libxenctrl (used for
logging and error reporting).
Instead the information which was in the global variables is now in a
new xc_interface* opaque structure, which xc_interface open returns
instead of the raw file descriptor; furthermore, logging is done via
xentoollog.
There are three new parameters to xc_interface_open to control the
logging, but existing callers can just pass "0" for all three to get
the old behaviour.
All libxc callers have been adjusted accordingly.
Also update QEMU_TAG for corresponding qemu change.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, xc_dom_alloc_segment would go ahead even if the segment
we're trying to create is too big for the domain's RAM (or the
requested addr is out of range). It would pass invalid parameters to
xc_dom_seg_to_ptr giving undefined behaviour.
Fixing xc_dom_seg_to_ptr to fail is not sufficient because we want to
provide a comprehensible explanation to the caller - which may
ultimately be the user.
In particular, with this change attempting "xl create" with a ramdisk
image bigger than the guest's specified RAM will provide a useful
error message mentioning the ramdisk.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, passing a valid pfn but an overly large count to
xc_dom_pfn_to_ptr, and functions which call it, would run off the end
of the pfn array giving undefined behaviour.
It is tempting to change this check to an assert, as no callers should
be providing invalid parameters here. But this is probably best not
done while frozen for 4.0.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
| |
Any call to inflate() must be followed by inflateEnd(), otherwise the
internal zlib state is leaked.
Signed-off-by: Kevin Wolf <kwolf@suse.de>
|
|
|
|
|
|
|
|
|
|
|
| |
This fetches GRUB1 sources, applies the {graphical, print function,
save default, and ext3_256byte} patches from debian, and applies a
patch to make it work on x86_64 and port it to Mini-OS. By using
libxc, PV-GRUB can then "kexec" the loaded kernel from inside the
domain itself, hence permitting to avoid the security-concerned
pygrub.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
|
|
|
|
|
|
|
|
|
|
| |
- use MAP_ANON, that is what both (BSD-)Unix and Linux have
- change last_error handling to use pthreads
- round mlock() parameters to page alignment
- cleanup: No need to include <xen/sys/privcmd.h>
a second time in xg_private.h
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: Hollis Blanchard <hollisb@us.ibm.com>
|
|
|
|
|
|
| |
Unbreaks loading NetBSD kernels with the new ^^ domain builder.
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
| |
boundaries.
From: Gerd Hoffmann <kraxel@suse.de>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@suse.de>
---
tools/libxc/Makefile | 14
tools/libxc/xc_dom.h | 261 +++++++++++++
tools/libxc/xc_dom_binloader.c | 294 +++++++++++++++
tools/libxc/xc_dom_boot.c | 515 +++++++++++++++++++++++++++
tools/libxc/xc_dom_core.c | 773 +++++++++++++++++++++++++++++++++++++++++
tools/libxc/xc_dom_elfloader.c | 283 +++++++++++++++
tools/libxc/xc_dom_ia64.c | 118 ++++++
tools/libxc/xc_dom_powerpc64.c | 100 +++++
tools/libxc/xc_dom_x86.c | 559 +++++++++++++++++++++++++++++
9 files changed, 2917 insertions(+)
|