freebsd/ports
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xen: update port and apply security fixes

Browse Source 
* Apply the following Xen security fixes (XSAs): 167, 168, 170.
 * Update SeaBIOS version to 1.8.2, and apply build fix so it builds with
   ELF toolchain objcopy [0].
 * Perform the backport of two functional changes to the Xen kernel in order
   to improve PVH Dom0 hardware support [1].

Security:		CVE-2016-1570
Security:		CVE-2016-1571
Security:		CVE-2016-2271
Sponsored by:		Citrix Systems R&D
Requested by:		Gustau Pérez <gperez@entel.upc.edu> [1]
PR:			207170 [0]
Approved by:		bapt
Differential revision:	https://reviews.freebsd.org/D5420
This commit is contained in:
Roger Pau Monné
2016-02-26 12:56:36 +00:00
parent 755f7c8540
commit 286f646984
11 changed files with 526 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
emulators/xen-kernel/Makefile
View File

@@ -3,7 +3,7 @@
PORTNAME= xen
PKGNAMESUFFIX= -kernel
PORTVERSION= 4.5.2
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= emulators
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${PORTVERSION}/
@@ -31,10 +31,15 @@ EXTRA_PATCHES= ${FILESDIR}/0001-introduce-a-helper-to-allocate-non-contiguous-me
${FILESDIR}/0005-x86-rework-paging_log_dirty_op-to-work-with-hvm-gues.patch:-p2 \
${FILESDIR}/0006-xen-pvh-enable-mmu_update-hypercall.patch:-p2 \
${FILESDIR}/0007-iommu-fix-usage-of-shared-EPT-IOMMU-page-tables-on-P.patch:-p2 \
${FILESDIR}/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch:-p2 \
${FILESDIR}/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch:-p2 \
${FILESDIR}/xsa156-4.5.patch:-p2 \
${FILESDIR}/xsa159.patch:-p2 \
${FILESDIR}/xsa165-4.5.patch:-p2 \
${FILESDIR}/xsa166-4.5.patch:-p2
${FILESDIR}/xsa166-4.5.patch:-p2 \
${FILESDIR}/xsa167-4.6.patch:-p2 \
${FILESDIR}/xsa168.patch:-p2 \
${FILESDIR}/xsa170-4.5.patch:-p2
.include <bsd.port.options.mk>

197
emulators/xen-kernel/files/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch Normal file
View File

@@ -0,0 +1,197 @@
From 8ddb99287cd18da99a95a9f70904a97b52893599 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
Date: Wed, 20 May 2015 13:26:43 +0200
Subject: [PATCH 1/2] x86/pvh: use a custom IO bitmap for PVH hardware domains
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since a PVH hardware domain has access to the physical hardware create a
custom more permissive IO bitmap. The permissions set on the bitmap are
populated based on the contents of the ioports rangeset.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
xen/arch/x86/hvm/hvm.c | 24 ++++++++++++++++++++++--
xen/arch/x86/hvm/svm/vmcb.c | 2 +-
xen/arch/x86/hvm/vmx/vmcs.c | 4 ++--
xen/arch/x86/setup.c | 28 ++++++++++++++++++++++++++++
xen/common/domain.c | 3 +++
xen/include/asm-x86/hvm/domain.h | 2 ++
xen/include/asm-x86/setup.h | 1 +
7 files changed, 59 insertions(+), 5 deletions(-)
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 689e402..89423fa 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -77,9 +77,13 @@ integer_param("hvm_debug", opt_hvm_debug_level);
struct hvm_function_table hvm_funcs __read_mostly;
-/* I/O permission bitmap is globally shared by all HVM guests. */
+/*
+ * The I/O permission bitmap is globally shared by all HVM guests except
+ * the hardware domain which needs a more permissive one.
+ */
+#define HVM_IOBITMAP_SIZE (3 * PAGE_SIZE)
unsigned long __attribute__ ((__section__ (".bss.page_aligned")))
- hvm_io_bitmap[3*PAGE_SIZE/BYTES_PER_LONG];
+ hvm_io_bitmap[HVM_IOBITMAP_SIZE / BYTES_PER_LONG];
/* Xen command-line option to enable HAP */
static bool_t __initdata opt_hap_enabled = 1;
@@ -1461,6 +1465,20 @@ int hvm_domain_initialise(struct domain *d)
goto fail1;
d->arch.hvm_domain.io_handler->num_slot = 0;
+ /* Set the default IO Bitmap. */
+ if ( is_hardware_domain(d) )
+ {
+ d->arch.hvm_domain.io_bitmap = _xmalloc(HVM_IOBITMAP_SIZE, PAGE_SIZE);
+ if ( d->arch.hvm_domain.io_bitmap == NULL )
+ {
+ rc = -ENOMEM;
+ goto fail1;
+ }
+ memset(d->arch.hvm_domain.io_bitmap, ~0, HVM_IOBITMAP_SIZE);
+ }
+ else
+ d->arch.hvm_domain.io_bitmap = hvm_io_bitmap;
+
if ( is_pvh_domain(d) )
{
register_portio_handler(d, 0, 0x10003, handle_pvh_io);
@@ -1496,6 +1514,8 @@ int hvm_domain_initialise(struct domain *d)
stdvga_deinit(d);
vioapic_deinit(d);
fail1:
+ if ( is_hardware_domain(d) )
+ xfree(d->arch.hvm_domain.io_bitmap);
xfree(d->arch.hvm_domain.io_handler);
xfree(d->arch.hvm_domain.params);
fail0:
diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c
index 21292bb..6339d2a 100644
--- a/xen/arch/x86/hvm/svm/vmcb.c
+++ b/xen/arch/x86/hvm/svm/vmcb.c
@@ -118,7 +118,7 @@ static int construct_vmcb(struct vcpu *v)
svm_disable_intercept_for_msr(v, MSR_AMD64_LWP_CBADDR);
vmcb->_msrpm_base_pa = (u64)virt_to_maddr(arch_svm->msrpm);
- vmcb->_iopm_base_pa = (u64)virt_to_maddr(hvm_io_bitmap);
+ vmcb->_iopm_base_pa = __pa(v->domain->arch.hvm_domain.io_bitmap);
/* Virtualise EFLAGS.IF and LAPIC TPR (CR8). */
vmcb->_vintr.fields.intr_masking = 1;
diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index 3123706..355d1b5 100644
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -1032,8 +1032,8 @@ static int construct_vmcs(struct vcpu *v)
}
/* I/O access bitmap. */
- __vmwrite(IO_BITMAP_A, virt_to_maddr((char *)hvm_io_bitmap + 0));
- __vmwrite(IO_BITMAP_B, virt_to_maddr((char *)hvm_io_bitmap + PAGE_SIZE));
+ __vmwrite(IO_BITMAP_A, __pa(d->arch.hvm_domain.io_bitmap));
+ __vmwrite(IO_BITMAP_B, __pa(d->arch.hvm_domain.io_bitmap) + PAGE_SIZE);
if ( cpu_has_vmx_virtual_intr_delivery )
{
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 2b9787a..cd333f9 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -1446,6 +1446,8 @@ void __init noreturn __start_xen(unsigned long mbi_p)
dmi_end_boot();
+ setup_io_bitmap(dom0);
+
system_state = SYS_STATE_active;
domain_unpause_by_systemcontroller(dom0);
@@ -1509,6 +1511,32 @@ int __hwdom_init xen_in_range(unsigned long mfn)
return 0;
}
+static int __hwdom_init io_bitmap_cb(unsigned long s, unsigned long e,
+ void *ctx)
+{
+ struct domain *d = ctx;
+ unsigned int i;
+
+ ASSERT(e <= INT_MAX);
+ for ( i = s; i <= e; i++ )
+ __clear_bit(i, d->arch.hvm_domain.io_bitmap);
+
+ return 0;
+}
+
+void __hwdom_init setup_io_bitmap(struct domain *d)
+{
+ int rc;
+
+ if ( has_hvm_container_domain(d) )
+ {
+ bitmap_fill(d->arch.hvm_domain.io_bitmap, 0x10000);
+ rc = rangeset_report_ranges(d->arch.ioport_caps, 0, 0x10000,
+ io_bitmap_cb, d);
+ BUG_ON(rc);
+ }
+}
+
/*
* Local variables:
* mode: C
diff --git a/xen/common/domain.c b/xen/common/domain.c
index 6803c4d..b0e83f5 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -42,6 +42,7 @@
#include <xsm/xsm.h>
#include <xen/trace.h>
#include <xen/tmem.h>
+#include <asm/setup.h>
/* Linux config option: propageted to domain0 */
/* xen_processor_pmbits: xen control Cx, Px, ... */
@@ -219,6 +220,8 @@ static int late_hwdom_init(struct domain *d)
rangeset_swap(d->iomem_caps, dom0->iomem_caps);
#ifdef CONFIG_X86
rangeset_swap(d->arch.ioport_caps, dom0->arch.ioport_caps);
+ setup_io_bitmap(d);
+ setup_io_bitmap(dom0);
#endif
rcu_unlock_domain(dom0);
diff --git a/xen/include/asm-x86/hvm/domain.h b/xen/include/asm-x86/hvm/domain.h
index 0f8b19a..bdab45d 100644
--- a/xen/include/asm-x86/hvm/domain.h
+++ b/xen/include/asm-x86/hvm/domain.h
@@ -141,6 +141,8 @@ struct hvm_domain {
*/
uint64_t sync_tsc;
+ unsigned long *io_bitmap;
+
union {
struct vmx_domain vmx;
struct svm_domain svm;
diff --git a/xen/include/asm-x86/setup.h b/xen/include/asm-x86/setup.h
index 08bc23a..381d9f8 100644
--- a/xen/include/asm-x86/setup.h
+++ b/xen/include/asm-x86/setup.h
@@ -32,6 +32,7 @@ int construct_dom0(
module_t *initrd,
void *(*bootstrap_map)(const module_t *),
char *cmdline);
+void setup_io_bitmap(struct domain *d);
unsigned long initial_images_nrpages(nodeid_t node);
void discard_initial_images(void);
--
2.5.4 (Apple Git-61)

52
emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch Normal file
View File

@@ -0,0 +1,52 @@
From 72d5acdc1d5b83107066e25054f9119e7771cf70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
Date: Wed, 20 May 2015 13:27:23 +0200
Subject: [PATCH 2/2] x86/pvh: trap access to sensitive IO ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is needed so Xen can properly trap 4 byte accesses to 0xcf8 in order to
keep consistency with accesses to 0xcfc.
The access to RTC ports also needs to be trapped in order to keep
consistency, this includes RTC_PORT(0) and RTC_PORT(1) (0x70 and 0x71
respectively).
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
xen/arch/x86/setup.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index cd333f9..2cc9185 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -49,6 +49,7 @@
#include <xen/cpu.h>
#include <asm/nmi.h>
#include <asm/alternative.h>
+#include <asm/mc146818rtc.h>
/* opt_nosmp: If true, secondary processors are ignored. */
static bool_t __initdata opt_nosmp;
@@ -1534,6 +1535,16 @@ void __hwdom_init setup_io_bitmap(struct domain *d)
rc = rangeset_report_ranges(d->arch.ioport_caps, 0, 0x10000,
io_bitmap_cb, d);
BUG_ON(rc);
+ /*
+ * NB: we need to trap accesses to 0xcf8 in order to intercept
+ * 4 byte accesses, that need to be handled by Xen in order to
+ * keep consistency.
+ * Access to 1 byte RTC ports also needs to be trapped in order
+ * to keep consistency with PV.
+ */
+ __set_bit(0xcf8, d->arch.hvm_domain.io_bitmap);
+ __set_bit(RTC_PORT(0), d->arch.hvm_domain.io_bitmap);
+ __set_bit(RTC_PORT(1), d->arch.hvm_domain.io_bitmap);
}
}
--
2.5.4 (Apple Git-61)

77
emulators/xen-kernel/files/xsa167-4.6.patch Normal file
View File

@@ -0,0 +1,77 @@
x86/mm: PV superpage handling lacks sanity checks
MMUEXT_{,UN}MARK_SUPER fail to check the input MFN for validity before
dereferencing pointers into the superpage frame table.
get_superpage() has a similar issue.
This is XSA-167.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -2624,6 +2624,9 @@ int get_superpage(unsigned long mfn, str
ASSERT(opt_allow_superpage);
+ if ( !mfn_valid(mfn | (L1_PAGETABLE_ENTRIES - 1)) )
+ return -EINVAL;
+
spage = mfn_to_spage(mfn);
y = spage->type_info;
do {
@@ -3401,42 +3404,26 @@ long do_mmuext_op(
}
case MMUEXT_MARK_SUPER:
+ case MMUEXT_UNMARK_SUPER:
{
unsigned long mfn = op.arg1.mfn;
- if ( unlikely(d != pg_owner) )
- rc = -EPERM;
- else if ( mfn & (L1_PAGETABLE_ENTRIES-1) )
- {
- MEM_LOG("Unaligned superpage reference mfn %lx", mfn);
- okay = 0;
- }
- else if ( !opt_allow_superpage )
+ if ( !opt_allow_superpage )
{
MEM_LOG("Superpages disallowed");
rc = -ENOSYS;
}
- else
- rc = mark_superpage(mfn_to_spage(mfn), d);
- break;
- }
-
- case MMUEXT_UNMARK_SUPER:
- {
- unsigned long mfn = op.arg1.mfn;
-
- if ( unlikely(d != pg_owner) )
+ else if ( unlikely(d != pg_owner) )
rc = -EPERM;
- else if ( mfn & (L1_PAGETABLE_ENTRIES-1) )
+ else if ( mfn & (L1_PAGETABLE_ENTRIES - 1) )
{
MEM_LOG("Unaligned superpage reference mfn %lx", mfn);
- okay = 0;
- }
- else if ( !opt_allow_superpage )
- {
- MEM_LOG("Superpages disallowed");
- rc = -ENOSYS;
+ rc = -EINVAL;
}
+ else if ( !mfn_valid(mfn | (L1_PAGETABLE_ENTRIES - 1)) )
+ rc = -EINVAL;
+ else if ( op.cmd == MMUEXT_MARK_SUPER )
+ rc = mark_superpage(mfn_to_spage(mfn), d);
else
rc = unmark_superpage(mfn_to_spage(mfn));
break;

27
emulators/xen-kernel/files/xsa168.patch Normal file
View File

@@ -0,0 +1,27 @@
x86/VMX: prevent INVVPID failure due to non-canonical guest address
While INVLPG (and on SVM INVLPGA) don't fault on non-canonical
addresses, INVVPID fails (in the "individual address" case) when passed
such an address.
Since such intercepted INVLPG are effectively no-ops anyway, don't fix
this in vmx_invlpg_intercept(), but instead have paging_invlpg() never
return true in such a case.
This is XSA-168.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
--- a/xen/include/asm-x86/paging.h
+++ b/xen/include/asm-x86/paging.h
@@ -245,7 +245,7 @@ paging_fault(unsigned long va, struct cp
* or 0 if it's safe not to do so. */
static inline int paging_invlpg(struct vcpu *v, unsigned long va)
{
- return paging_get_hostmode(v)->invlpg(v, va);
+ return is_canonical_address(va) && paging_get_hostmode(v)->invlpg(v, va);
}
/* Translate a guest virtual address to the frame number that the

79
emulators/xen-kernel/files/xsa170-4.5.patch Normal file
View File

@@ -0,0 +1,79 @@
x86/VMX: sanitize rIP before re-entering guest
... to prevent guest user mode arranging for a guest crash (due to
failed VM entry). (On the AMD system I checked, hardware is doing
exactly the canonicalization being added here.)
Note that fixing this in an architecturally correct way would be quite
a bit more involved: Making the x86 instruction emulator check all
branch targets for validity, plus dealing with invalid rIP resulting
from update_guest_eip() or incoming directly during a VM exit. The only
way to get the latter right would be by not having hardware do the
injection.
Note further that there are a two early returns from
vmx_vmexit_handler(): One (through vmx_failed_vmentry()) leads to
domain_crash() anyway, and the other covers real mode only and can
neither occur with a non-canonical rIP nor result in an altered rIP,
so we don't need to force those paths through the checking logic.
This is XSA-170.
Reported-by: 刘令 <liuling-it@360.cn>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -2675,7 +2675,7 @@ void vmx_handle_EOI_induced_exit(struct
void vmx_vmexit_handler(struct cpu_user_regs *regs)
{
unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0;
- unsigned int vector = 0;
+ unsigned int vector = 0, mode;
struct vcpu *v = current;
__vmread(GUEST_RIP, &regs->rip);
@@ -3219,6 +3219,41 @@ void vmx_vmexit_handler(struct cpu_user_
out:
if ( nestedhvm_vcpu_in_guestmode(v) )
nvmx_idtv_handling();
+
+ /*
+ * VM entry will fail (causing the guest to get crashed) if rIP (and
+ * rFLAGS, but we don't have an issue there) doesn't meet certain
+ * criteria. As we must not allow less than fully privileged mode to have
+ * such an effect on the domain, we correct rIP in that case (accepting
+ * this not being architecturally correct behavior, as the injected #GP
+ * fault will then not see the correct [invalid] return address).
+ * And since we know the guest will crash, we crash it right away if it
+ * already is in most privileged mode.
+ */
+ mode = vmx_guest_x86_mode(v);
+ if ( mode == 8 ? !is_canonical_address(regs->rip)
+ : regs->rip != regs->_eip )
+ {
+ struct segment_register ss;
+
+ gdprintk(XENLOG_WARNING, "Bad rIP %lx for mode %u\n", regs->rip, mode);
+
+ vmx_get_segment_register(v, x86_seg_ss, &ss);
+ if ( ss.attr.fields.dpl )
+ {
+ __vmread(VM_ENTRY_INTR_INFO, &intr_info);
+ if ( !(intr_info & INTR_INFO_VALID_MASK) )
+ hvm_inject_hw_exception(TRAP_gp_fault, 0);
+ /* Need to fix rIP nevertheless. */
+ if ( mode == 8 )
+ regs->rip = (long)(regs->rip << (64 - VADDR_BITS)) >>
+ (64 - VADDR_BITS);
+ else
+ regs->rip = regs->_eip;
+ }
+ else
+ domain_crash(v->domain);
+ }
}
void vmx_vmenter_helper(const struct cpu_user_regs *regs)

2
emulators/xen/Makefile
View File

@@ -2,7 +2,7 @@
PORTNAME= xen
PORTVERSION= 4.5.2
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= emulators
MAINTAINER= royger@FreeBSD.org

11
sysutils/xen-tools/Makefile
View File

@@ -2,7 +2,7 @@
PORTNAME= xen
PORTVERSION= 4.5.2
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= sysutils emulators
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${PORTVERSION}/ \
http://code.coreboot.org/p/seabios/downloads/get/:seabios
@@ -24,7 +24,7 @@ OPTIONS_DEFINE= DOCS
ONLY_FOR_ARCHS= amd64
ONLY_FOR_ARCHS_REASON= "not yet ported to anything other than amd64"
SEABIOSVERSION= 1.8.1
SEABIOSVERSION= 1.8.2
DISTFILES+= ${DISTNAME}.tar.gz \
seabios-${SEABIOSVERSION}.tar.gz:seabios
@@ -49,6 +49,7 @@ QEMU_ARGS= --disable-gtk \
--cxx=c++
EXTRA_PATCHES= ${FILESDIR}/0002-libxc-fix-xc_dom_load_elf_symtab.patch:-p1 \
${FILESDIR}/0001-build-fix-.text-section-address-alignment.patch:-p1 \
${FILESDIR}/xsa160-4.6.patch:-p1
CONFIGURE_ARGS+= --with-extra-qemuu-configure-args="${QEMU_ARGS}"
@@ -77,9 +78,9 @@ post-patch:
${WRKSRC}/tools/qemu-xen-traditional/i386-dm/helper2.c \
${WRKSRC}/docs/man/*
@for p in ${FILESDIR}/*qemuu*.patch; do \
${ECHO_CMD} "====> Applying $${p##*/}" ; \
${PATCH} -s -p1 -i $${p} -d ${WRKSRC}/tools/qemu-xen ; \
done
${ECHO_CMD} "====> Applying $${p##*/}" ; \
${PATCH} -s -p1 -i $${p} -d ${WRKSRC}/tools/qemu-xen ; \
done
post-install:
${MKDIR} ${STAGEDIR}/var/run/xen

4
sysutils/xen-tools/distinfo
View File

@@ -1,4 +1,4 @@
SHA256 (xen-4.5.2.tar.gz) = 4c9e5dac4eea484974e9f76da2756c8e0973b4e884d28d37e955df9ebf00e7e8
SIZE (xen-4.5.2.tar.gz) = 18416220
SHA256 (seabios-1.8.1.tar.gz) = 283bd848f5ce9d4bc52add973a856347e02c9ce89a9e6bc92c99359b87c9871d
SIZE (seabios-1.8.1.tar.gz) = 537712
SHA256 (seabios-1.8.2.tar.gz) = f59479307fdae840de398b75aacb2333c8eba24a5964d68c77e32ca6c987ee61
SIZE (seabios-1.8.2.tar.gz) = 538497

71
sysutils/xen-tools/files/0001-build-fix-.text-section-address-alignment.patch Normal file
View File

@@ -0,0 +1,71 @@
From 70a912f04dec2b556f37a60d1f596fcedb13f8a8 Mon Sep 17 00:00:00 2001
From: Kevin O'Connor <kevin@koconnor.net>
Date: Wed, 24 Feb 2016 11:45:55 +0100
Subject: [PATCH] build: fix .text section address alignment
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Some linkers verify that sections have a start address that is aligned
with the minimum alignment of that section. Add extra padding to the
".text" section to ensure it is always aligned with the maximum
alignment of any section placed in ".text".
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reported by: Ed Maste <emaste@FreeBSD.org>
---
scripts/layoutrom.py | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/tools/firmware/seabios-dir/scripts/layoutrom.py b/tools/firmware/seabios-dir/scripts/layoutrom.py
index dd770fe..c7e406c 100755
--- a/tools/firmware/seabios-dir/scripts/layoutrom.py
+++ b/tools/firmware/seabios-dir/scripts/layoutrom.py
@@ -34,18 +34,22 @@ COMMONTRAILER = """
# Determine section locations
######################################################################
-# Align 'pos' to 'alignbytes' offset
+# Align 'pos' up to 'alignbytes' offset
def alignpos(pos, alignbytes):
mask = alignbytes - 1
return (pos + mask) & ~mask
+# Align 'pos' down to 'alignbytes' offset
+def aligndown(pos, alignbytes):
+ mask = alignbytes - 1
+ return pos & ~mask
+
# Determine the final addresses for a list of sections that end at an
# address.
def setSectionsStart(sections, endaddr, minalign=1, segoffset=0):
totspace = 0
for section in sections:
- if section.align > minalign:
- minalign = section.align
+ minalign = max(minalign, section.align)
totspace = alignpos(totspace, section.align) + section.size
startaddr = int((endaddr - totspace) / minalign) * minalign
curaddr = startaddr
@@ -267,7 +271,7 @@ def doLayout(sections, config, genreloc):
final_sec32low_end = BUILD_LOWRAM_END
zonelow_base = final_sec32low_end - 64*1024
relocdelta = final_sec32low_end - sec32low_end
- li.sec32low_start, li.sec32low_align = setSectionsStart(
+ li.sec32low_start, sec32low_align = setSectionsStart(
sections32low, sec32low_end, 16
, segoffset=zonelow_base - relocdelta)
li.sec32low_end = sec32low_end
@@ -399,6 +403,8 @@ def writeLinkerScripts(li, out16, out32seg, out32flat):
filesections32flat = getSectionsFileid(li.sections, '32flat')
out = outXRefs([], exportsyms=li.varlowsyms
, forcedelta=li.final_sec32low_start-li.sec32low_start)
+ sec32all_align = max([section.align for section in li.sections])
+ sec32all_start = aligndown(sec32all_start, sec32all_align)
out += outXRefs(filesections32flat, exportsyms=[li.entrysym]) + """
_reloc_min_align = 0x%x ;
zonefseg_start = 0x%x ;
--
2.5.4 (Apple Git-61)

14
sysutils/xen-tools/files/patch-tools_firmware_seabios-dir_scripts_buildversion.sh
View File

@@ -1,11 +1,11 @@
--- tools/firmware/seabios-dir/scripts/buildversion.sh.orig 2015-03-13 09:02:17 UTC
+++ tools/firmware/seabios-dir/scripts/buildversion.sh
@@ -11,7 +11,7 @@ elif [ -f .version ]; then
@@ -12,7 +12,7 @@ if [ -z "$BUILD_VERSION" ]; then
else
VERSION="?"
fi
- VERSION="${VERSION}-`date +"%Y%m%d_%H%M%S"`-`hostname`"
+ VERSION="${VERSION}"
else
VERSION="?"
VERSION="$BUILD_VERSION"
fi
-VERSION="${VERSION}-`date +"%Y%m%d_%H%M%S"`-`hostname`"
+VERSION="${VERSION}"
echo "Version: ${VERSION}"
# Build header file