diff options
author | Ian Delaney <idell5@iinet.com.au> | 2011-11-29 02:08:55 +0800 |
---|---|---|
committer | Ian Delaney <idell5@iinet.com.au> | 2011-11-29 02:08:55 +0800 |
commit | d6e73198410451ad57c0227af185c4049b75f4eb (patch) | |
tree | 08251a49e992d7156518d0442366f43f5bf16008 /app-emulation/xen | |
parent | Revork ebuilds (diff) | |
download | virtualization-d6e73198410451ad57c0227af185c4049b75f4eb.tar.gz virtualization-d6e73198410451ad57c0227af185c4049b75f4eb.tar.bz2 virtualization-d6e73198410451ad57c0227af185c4049b75f4eb.zip |
Merge branch 'master' of git+ssh://git.overlays.gentoo.org/proj/virtualization
Conflicts:
app-emulation/xen-tools/Manifest
Diffstat (limited to 'app-emulation/xen')
-rw-r--r-- | app-emulation/xen/Manifest | 14 | ||||
-rw-r--r-- | app-emulation/xen/files/Manifest | 7 | ||||
-rw-r--r-- | app-emulation/xen/files/xen-3.3.0-unexported-target-fix.patch | 21 | ||||
-rw-r--r-- | app-emulation/xen/files/xen-3.4.2-CVE-2011-1583.patch | 87 | ||||
-rw-r--r-- | app-emulation/xen/files/xen-3.4.2-dump_registers-watchdog-fix.patch | 19 | ||||
-rw-r--r-- | app-emulation/xen/files/xen-3.4.2-fix-__addr_ok-limit.patch | 101 | ||||
-rw-r--r-- | app-emulation/xen/files/xen-3.4.2-no-DMA.patch | 71 | ||||
-rw-r--r-- | app-emulation/xen/files/xen-3.4.2-werror-idiocy.patch | 429 | ||||
-rw-r--r-- | app-emulation/xen/files/xen-4.1.1-iommu_sec_fix.patch | 74 | ||||
-rw-r--r-- | app-emulation/xen/metadata.xml | 15 | ||||
-rw-r--r-- | app-emulation/xen/xen-3.4.2-r4.ebuild | 114 | ||||
-rw-r--r-- | app-emulation/xen/xen-4.1.1-r2.ebuild | 121 | ||||
-rw-r--r-- | app-emulation/xen/xen-9999.ebuild | 117 |
13 files changed, 1190 insertions, 0 deletions
diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest new file mode 100644 index 0000000..61a4034 --- /dev/null +++ b/app-emulation/xen/Manifest @@ -0,0 +1,14 @@ +AUX Manifest 1462 RMD160 c2090ecd3fcacafcc988563676c028d8b9bd8d0c SHA1 1f1e6db2c197e9a197e876c74131fadca34944cd SHA256 fdbed299dcfeafae7b3fb738912d67f10eef61b337a0315d0b15dc6d984e69b8 +AUX xen-3.3.0-unexported-target-fix.patch 788 RMD160 4b30444c021479cbd3969493639533fc1e43e781 SHA1 9119f06b4a005c385ac27e085e2d96ccf9cd4dc9 SHA256 e46f5fbe4c579b84f895f0ac6e05589553a11305ca30e69405082d58abd9ee07 +AUX xen-3.4.2-CVE-2011-1583.patch 2893 RMD160 c6ae9661202dafc2abdcf3aaf939464d14ded9fd SHA1 b2140fe7d615b542a96dadaaf8ace382e528d2cb SHA256 809c1744aee7569db31e9959c1e2c433ef6f4067134b26f70a689e056a024df9 +AUX xen-3.4.2-dump_registers-watchdog-fix.patch 533 RMD160 766249003d91cbec3b0014a8446e1a4d01cd847a SHA1 6306250671976c638f814a4958211af4bacb53b4 SHA256 17d18f268efd302085bdfa0673e2d9478e84206b6d060d0a63854441233a81c6 +AUX xen-3.4.2-fix-__addr_ok-limit.patch 3380 RMD160 8b8104a370847c1c148255855901b9dd32e6c888 SHA1 e3dd5cfda2410917b0844dff999ccbee2463ccb4 SHA256 dab6954da3cbf7592a36a6234561174d0d117711b87c0868d17f9d21af75a835 +AUX xen-3.4.2-no-DMA.patch 2708 RMD160 9aa83e21e8b07feca1f799f9efb4f9cd5728c6c6 SHA1 e55fa5a04203470af68452762f919b402854fce9 SHA256 87a3fe134b8d3c762d4d229986ccb77898a603a18974f453cfdf6ba9d68fe982 +AUX xen-3.4.2-werror-idiocy.patch 16826 RMD160 14f4678c723fd9241c88786b5b07a8c25252ce6f SHA1 f15d3c4d37b9c11fed49c025de2eaeb6911845a1 SHA256 261ef6541736f1df757476590bb8581cac376c9408e5041e8356336e13025c67 +AUX xen-4.1.1-iommu_sec_fix.patch 2851 RMD160 4367178c10cdc1e752f3e9ffb70f42e6e7179242 SHA1 8487f85dbf81bf245deaccca5ff5b8f46e60d112 SHA256 3a0ab3cb5c18db91f4be457cbba36189a558da7b794e1a35795f4fed3d48a7c8 +DIST xen-3.4.2.tar.gz 11187726 RMD160 2ef81df1f44356d60e04e21df2173ce5357d8509 SHA1 3cd2cafacd52bbac2e2da1cfd846ee6260b43455 SHA256 d17c33136041cc8da69214ccf527fc48637bee7a9ab4d68a88ec50e6a9d20b0b +DIST xen-4.1.1.tar.gz 10355625 RMD160 4b3c0641b0f098889f627662aa6b8fea00c5b636 SHA1 f1b5ef4b663c339faf9c77fc895327cfbcc9776c SHA256 246289227507466b5da8b2d0da84a5b0e68a392527b16cde38898d0348890f5b +EBUILD xen-3.4.2-r4.ebuild 3247 RMD160 73c91e87a06e83faee786268db656531a2dbe71f SHA1 94f6be18689fd09099ad062f829358bfa159d6ef SHA256 385ddd40121b1d415214e9adc619cb39825febcaec21b7cb70c2d2f2e4b60a04 +EBUILD xen-4.1.1-r2.ebuild 3339 RMD160 d70e58cadf5b9c45d67e2c5d05a8061c67d62319 SHA1 06f5c7c6e493f47d476d08663cfdc536ac0ee760 SHA256 6f7089d85d6ab12d22d5acec4efca8a7646a9dfc3c7a6b1b030336cb77867376 +EBUILD xen-9999.ebuild 3170 RMD160 5bbc3bb7dec7d099f639334843c3c6607ff1c5c5 SHA1 799030d125b2acb9976df9e39896937a3c591973 SHA256 b75349eb41edeb16f4571355b963de576cf58e9c7d86a4c4f74d4892d43b094f +MISC metadata.xml 581 RMD160 d22ffb491d9dad33425b97add683dd6b8b9139e1 SHA1 649f65e9fd2ab25e32394c555a24fc0f6b59c37f SHA256 1cf2cc4bb5b5278ac75e74910607518ddd2bd6454f18325319ce1ac102fab535 diff --git a/app-emulation/xen/files/Manifest b/app-emulation/xen/files/Manifest new file mode 100644 index 0000000..236346a --- /dev/null +++ b/app-emulation/xen/files/Manifest @@ -0,0 +1,7 @@ +MISC xen-3.3.0-unexported-target-fix.patch 788 RMD160 4b30444c021479cbd3969493639533fc1e43e781 SHA1 9119f06b4a005c385ac27e085e2d96ccf9cd4dc9 SHA256 e46f5fbe4c579b84f895f0ac6e05589553a11305ca30e69405082d58abd9ee07 +MISC xen-3.4.2-CVE-2011-1583.patch 2893 RMD160 c6ae9661202dafc2abdcf3aaf939464d14ded9fd SHA1 b2140fe7d615b542a96dadaaf8ace382e528d2cb SHA256 809c1744aee7569db31e9959c1e2c433ef6f4067134b26f70a689e056a024df9 +MISC xen-3.4.2-dump_registers-watchdog-fix.patch 533 RMD160 766249003d91cbec3b0014a8446e1a4d01cd847a SHA1 6306250671976c638f814a4958211af4bacb53b4 SHA256 17d18f268efd302085bdfa0673e2d9478e84206b6d060d0a63854441233a81c6 +MISC xen-3.4.2-fix-__addr_ok-limit.patch 3380 RMD160 8b8104a370847c1c148255855901b9dd32e6c888 SHA1 e3dd5cfda2410917b0844dff999ccbee2463ccb4 SHA256 dab6954da3cbf7592a36a6234561174d0d117711b87c0868d17f9d21af75a835 +MISC xen-3.4.2-no-DMA.patch 2708 RMD160 9aa83e21e8b07feca1f799f9efb4f9cd5728c6c6 SHA1 e55fa5a04203470af68452762f919b402854fce9 SHA256 87a3fe134b8d3c762d4d229986ccb77898a603a18974f453cfdf6ba9d68fe982 +MISC xen-3.4.2-werror-idiocy.patch 16826 RMD160 14f4678c723fd9241c88786b5b07a8c25252ce6f SHA1 f15d3c4d37b9c11fed49c025de2eaeb6911845a1 SHA256 261ef6541736f1df757476590bb8581cac376c9408e5041e8356336e13025c67 +MISC xen-4.1.1-iommu_sec_fix.patch 2851 RMD160 4367178c10cdc1e752f3e9ffb70f42e6e7179242 SHA1 8487f85dbf81bf245deaccca5ff5b8f46e60d112 SHA256 3a0ab3cb5c18db91f4be457cbba36189a558da7b794e1a35795f4fed3d48a7c8 diff --git a/app-emulation/xen/files/xen-3.3.0-unexported-target-fix.patch b/app-emulation/xen/files/xen-3.3.0-unexported-target-fix.patch new file mode 100644 index 0000000..89f91a4 --- /dev/null +++ b/app-emulation/xen/files/xen-3.3.0-unexported-target-fix.patch @@ -0,0 +1,21 @@ +diff -Nru a/tools/ioemu-qemu-xen/xen-setup b/tools/ioemu-qemu-xen/xen-setup +--- a/tools/ioemu-qemu-xen/xen-setup 2008-08-22 17:56:41.000000000 +0800 ++++ b/tools/ioemu-qemu-xen/xen-setup 2009-02-20 10:55:37.000000000 +0800 +@@ -3,6 +3,8 @@ + + # git-clean -x -d && ./xen-setup && make prefix=/usr CMDLINE_CFLAGS='-O0 -g' -j4 && make install DESTDIR=`pwd`/dist/ prefix=/usr && rsync -a --stats --delete . thule:shadow/qemu-iwj.git/ && rsync -a --stats dist/. root@thule:/ + ++target=i386-dm ++ + rm -f $target/Makefile + rm -f $target/config.mak + rm -f config-host.mak +@@ -11,8 +13,6 @@ + + ./configure --disable-gfx-check --disable-gcc-check --disable-curses --disable-slirp "$@" --prefix=/usr + +-target=i386-dm +- + if [ "x$XEN_ROOT" != x ]; then + echo "XEN_ROOT=$XEN_ROOT" >>config-host.mak + fi diff --git a/app-emulation/xen/files/xen-3.4.2-CVE-2011-1583.patch b/app-emulation/xen/files/xen-3.4.2-CVE-2011-1583.patch new file mode 100644 index 0000000..f5cec4d --- /dev/null +++ b/app-emulation/xen/files/xen-3.4.2-CVE-2011-1583.patch @@ -0,0 +1,87 @@ +--- tools/libxc/xc_dom_bzimageloader.c 2009-11-10 23:12:56.000000000 +0800 ++++ tools/libxc/xc_dom_bzimageloader.c 2011-10-09 20:10:08.972815311 +0800 +@@ -308,19 +308,19 @@ + + extern struct xc_dom_loader elf_loader; + +-static unsigned int payload_offset(struct setup_header *hdr) ++static int check_magic(struct xc_dom_image *dom, const void *magic, size_t len) + { +- unsigned int off; ++ if (len > dom->kernel_size) ++ return 0; ++ ++ return (memcmp(dom->kernel_blob, magic, len) == 0); ++ } + +- off = (hdr->setup_sects + 1) * 512; +- off += hdr->payload_offset; +- return off; +-} +- +-static int xc_dom_probe_bzimage_kernel(struct xc_dom_image *dom) ++static int check_bzimage_kernel(struct xc_dom_image *dom, int verbose) + { + struct setup_header *hdr; +- int ret; ++ uint64_t payload_offset, payload_length; ++ /* int ret; */ + + if ( dom->kernel_blob == NULL ) + { +@@ -352,20 +352,47 @@ + return -EINVAL; + } + +- dom->kernel_blob = dom->kernel_blob + payload_offset(hdr); +- dom->kernel_size = hdr->payload_length; ++ /* upcast to 64 bits to avoid overflow */ ++ /* setup_sects is u8 and so cannot overflow */ ++ payload_offset = (hdr->setup_sects + 1) * 512; ++ payload_offset += hdr->payload_offset; ++ payload_length = hdr->payload_length; + +- if ( memcmp(dom->kernel_blob, "\037\213", 2) == 0 ) +- { ++/* if ( memcmp(dom->kernel_blob, "\037\213", 2) == 0 ) ++ { + ret = xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size); +- if ( ret == -1 ) ++ if ( ret == -1 ) */ ++ if ( payload_offset >= dom->kernel_size ) ++ { ++ xc_dom_panic(XC_INVALID_KERNEL, "%s: payload offset overflow", ++ __FUNCTION__); ++ return -EINVAL; ++ } ++ if ( (payload_offset + payload_length) > dom->kernel_size ) ++ { ++ xc_dom_panic(XC_INVALID_KERNEL, "%s: payload length overflow", ++ __FUNCTION__); ++ } ++ ++ dom->kernel_blob = dom->kernel_blob + payload_offset; ++ dom->kernel_size = payload_length; ++ ++ if ( check_magic(dom, "\037\213", 2) ) ++ { ++ if ( xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size) == -1 ) + { +- xc_dom_panic(XC_INVALID_KERNEL, +- "%s: unable to gzip decompress kernel\n", +- __FUNCTION__); ++ if ( verbose ) ++ xc_dom_panic(XC_INVALID_KERNEL, "%s: unable to decompress kernel\$n", ++ __FUNCTION__); + return -EINVAL; + } + } ++ else ++ { ++ xc_dom_panic(XC_INVALID_KERNEL, "%s: unknown compression format\n", ++ __FUNCTION__); ++ return -EINVAL; ++ } + else if ( memcmp(dom->kernel_blob, "\102\132\150", 3) == 0 ) + { + ret = xc_try_bzip2_decode(dom, &dom->kernel_blob, &dom->kernel_size); diff --git a/app-emulation/xen/files/xen-3.4.2-dump_registers-watchdog-fix.patch b/app-emulation/xen/files/xen-3.4.2-dump_registers-watchdog-fix.patch new file mode 100644 index 0000000..7c8ff5b --- /dev/null +++ b/app-emulation/xen/files/xen-3.4.2-dump_registers-watchdog-fix.patch @@ -0,0 +1,19 @@ +diff -r 784caad93325 xen/common/keyhandler.c +--- a/xen/common/keyhandler.c Tue Nov 10 15:03:52 2009 +0000 ++++ b/xen/common/keyhandler.c Tue Jan 05 10:47:49 2010 +0000 +@@ -106,6 +106,7 @@ + unsigned int cpu; + + /* We want to get everything out that we possibly can. */ ++ watchdog_disable(); + console_start_sync(); + + printk("'%c' pressed -> dumping registers\n", key); +@@ -125,6 +126,7 @@ + printk("\n"); + + console_end_sync(); ++ watchdog_enable(); + } + + static void dump_dom0_registers(unsigned char key) diff --git a/app-emulation/xen/files/xen-3.4.2-fix-__addr_ok-limit.patch b/app-emulation/xen/files/xen-3.4.2-fix-__addr_ok-limit.patch new file mode 100644 index 0000000..8616008 --- /dev/null +++ b/app-emulation/xen/files/xen-3.4.2-fix-__addr_ok-limit.patch @@ -0,0 +1,101 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + + Xen Security Advisory CVE-2011-2901 / XSA-4 + revision no.2 + Xen <= 3.3 DoS due to incorrect virtual address validation + +ISSUE DESCRIPTION +================= + +The x86_64 __addr_ok() macro intends to ensure that the checked +address is either in the positive half of the 48-bit virtual address +space, or above the Xen-reserved area. However, the current shift +count is off-by-one, allowing full access to the "negative half" too, +via certain hypercalls which ignore virtual-address bits [63:48]. +Vulnerable hypercalls exist only in very old versions of the +hypervisor. + +VULNERABLE SYSTEMS +================== + +All systems running a Xen 3.3 or earlier hypervisor with 64-bit PV +guests with untrusted administrators are vulnerable. + +IMPACT +====== + +A malicious guest administrator on a vulnerable system is able to +crash the host. + +There are no known further exploits but these have not been ruled out. + +RESOLUTION +========== + +The attached patch resolves the issue. + +Alternatively, users may choose to upgrade to a more recent hypervisor + +PATCHES +======= + +The following patch resolves this issue. + +Filename: fix-__addr_ok-limit.patch +SHA1: f18bde8d276110451c608a16f577865aa1226b4f +SHA256: 2da5aac72e1ac4849c34d38374ae456795905fd9512eef94b48fc31383c21636 + +This patch should apply cleanly, and fix the problem, for all affected +versions of Xen. + +It is harmless when applied to later hypervisors and will be included +in the Xen unstable branch in due course. + +VERSION HISTORY +=============== + +Analysis following version 1 of this advisory (sent out to the +predisclosure list during the embargo period) indicates that the +actual DoS vulnerability only exists in very old hypervisors, Xen 3.3 +and earlier, contrary to previous reports. + +This advisory is no longer embargoed. +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (GNU/Linux) + +iQEcBAEBAgAGBQJOYLq2AAoJEIP+FMlX6CvZLegH/26/oJBkd/WM/yYhXkzlbnIP +MxF6Fgy96Omu8poQTanD7g1vEcM0TOLY+Kk3GGsfj4aDdEJ5Nq4ZOW8ooI0VnVcD +7VXQqFsXPxre+eZ6g+G0AsmzdsG45C3qujUTRfGKqzYwXqjWjt9nNsdIy1Mrz8/4 +zG1uLDkN0LXnBG2Te4q8ZckYwMq8gFXHHnH35RfQ5Besu6pvJmtK3rFXETdlP12A +JjBh7t5jsCfzvYWFQehVp8mJupuftiOBPClmVh4vrvN9gYd5rzEgB4Q9Ioiqz2qT +2bE1zegR8NeOKBOi9xriTU8F530OdFzeWAbo7D5gyEbYdc60eNwbadcgNGLbzMg= +=09T8 +-----END PGP SIGNATURE----- + +Subject: XSA-4: xen: correct limit checking in x86_64 version of __addr_ok + +The x86_64 __addr_ok() macro intends to ensure that the checked +address is either in the positive half of the 48-bit virtual address +space, or above the Xen-reserved area. However, the current shift +count is off-by-one, allowing full access to the "negative half" +too. Guests may exploit this to gain access to off-limits ranges. + +This issue has been assigned CVE-2011-2901. + +Signed-off-by: Laszlo Ersek <lersek@...hat.com> +Signed-off-by: Ian Campbell <ian.campbell@...rix.com> + +diff --git a/xen/include/asm-x86/x86_64/uaccess.h +b/xen/include/asm-x86/x86_64/uaccess.h +--- a/xen/include/asm-x86/x86_64/uaccess.h ++++ b/xen/include/asm-x86/x86_64/uaccess.h +@@ -34,7 +34,7 @@ + * non-canonical address (and thus fault) before ever reaching VIRT_START. + */ + #define __addr_ok(addr) \ +- (((unsigned long)(addr) < (1UL<<48)) || \ ++ (((unsigned long)(addr) < (1UL<<47)) || \ + ((unsigned long)(addr) >= HYPERVISOR_VIRT_END)) + + #define access_ok(addr, size) \ diff --git a/app-emulation/xen/files/xen-3.4.2-no-DMA.patch b/app-emulation/xen/files/xen-3.4.2-no-DMA.patch new file mode 100644 index 0000000..f04d9e2 --- /dev/null +++ b/app-emulation/xen/files/xen-3.4.2-no-DMA.patch @@ -0,0 +1,71 @@ +# HG changeset patch +# User Tim Deegan <Tim.Deegan@citrix.com> +# Date 1313145221 -3600 +# Node ID 84e3706df07a1963e23cd3875d8603917657d462 +# Parent cb22fa57ff252893b6adb1481e09b1287eacd990 +Passthrough: disable bus-mastering on any card that causes an IOMMU fault. + +This stops the card from raising back-to-back faults and live-locking +the CPU that handles them. + +Signed-off-by: Tim Deegan <tim@xen.org> +Acked-by: Wei Wang2 <wei.wang2@amd.com> +Acked-by: Allen M Kay <allen.m.kay@intel.com> + +--- a/xen/drivers/passthrough/vtd/iommu.c.orig Mon Jul 25 16:48:39 2011 +0100 ++++ b/xen/drivers/passthrough/vtd/iommu.c Fri Aug 12 11:33:41 2011 +0100 +@@ -733,7 +733,7 @@ + while (1) + { + u8 fault_reason; +- u16 source_id; ++ u16 source_id, cword; + u32 data; + u64 guest_addr; + int type; +@@ -766,6 +766,14 @@ + iommu_page_fault_do_one(iommu, type, fault_reason, + source_id, guest_addr); + ++ /* Tell the device to stop DMAing; we can't rely on the guest to ++ * control it for us. */ ++ cword = pci_conf_read16(PCI_BUS(source_id), PCI_SLOT(source_id), ++ PCI_FUNC(source_id), PCI_COMMAND); ++ pci_conf_write16(PCI_BUS(source_id), PCI_SLOT(source_id), ++ PCI_FUNC(source_id), PCI_COMMAND, ++ cword & ~PCI_COMMAND_MASTER); ++ + fault_index++; + if ( fault_index > cap_num_fault_regs(iommu->cap) ) + fault_index = 0; + +--- a/xen/drivers/passthrough/amd/iommu_init.c.orig Mon Jul 25 16:48:39 2011 +0100 ++++ b/xen/drivers/passthrough/amd/iommu_init.c Fri Aug 12 11:33:41 2011 +0100 +@@ -415,7 +415,7 @@ + + static void parse_event_log_entry(u32 entry[]) + { +- u16 domain_id, device_id; ++ u16 domain_id, device_id, bdf, cword; + u32 code; + u64 *addr; + char * event_str[] = {"ILLEGAL_DEV_TABLE_ENTRY", +@@ -449,6 +449,18 @@ + printk(XENLOG_ERR "AMD-Vi: " + "%s: domain = %d, device id = 0x%04x, fault address = 0x%"PRIx64"\n", + event_str[code-1], domain_id, device_id, *addr); ++ ++ /* Tell the device to stop DMAing; we can't rely on the guest to ++ * control it for us. */ ++ for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) ++ if ( get_dma_requestor_id(bdf) == device_id ) ++ { ++ cword = pci_conf_read16(PCI_BUS(bdf), PCI_SLOT(bdf), ++ PCI_FUNC(bdf), PCI_COMMAND); ++ pci_conf_write16(PCI_BUS(bdf), PCI_SLOT(bdf), ++ PCI_FUNC(bdf), PCI_COMMAND, ++ cword & ~PCI_COMMAND_MASTER); ++ } + } + } + diff --git a/app-emulation/xen/files/xen-3.4.2-werror-idiocy.patch b/app-emulation/xen/files/xen-3.4.2-werror-idiocy.patch new file mode 100644 index 0000000..7f5b3cb --- /dev/null +++ b/app-emulation/xen/files/xen-3.4.2-werror-idiocy.patch @@ -0,0 +1,429 @@ +diff -ur xen-3.4.2.orig//Config.mk xen-3.4.2//Config.mk +--- xen-3.4.2.orig//Config.mk 2009-11-10 23:16:03.000000000 +0800 ++++ xen-3.4.2//Config.mk 2011-09-25 02:34:11.605793042 +0800 +@@ -14,7 +14,7 @@ + + # Tools to run on system hosting the build + HOSTCC = gcc +-HOSTCFLAGS = -Wall -Werror -Wstrict-prototypes -O2 -fomit-frame-pointer ++HOSTCFLAGS = -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer + HOSTCFLAGS += -fno-strict-aliasing + + DISTDIR ?= $(XEN_ROOT)/dist +diff -ur xen-3.4.2.orig//extras/mini-os/minios.mk xen-3.4.2//extras/mini-os/minios.mk +--- xen-3.4.2.orig//extras/mini-os/minios.mk 2009-11-10 23:12:55.000000000 +0800 ++++ xen-3.4.2//extras/mini-os/minios.mk 2011-09-25 02:34:11.855793042 +0800 +@@ -6,7 +6,7 @@ + + # Define some default flags. + # NB. '-Wcast-qual' is nasty, so I omitted it. +-DEF_CFLAGS += -fno-builtin -Wall -Werror -Wredundant-decls -Wno-format -Wno-redundant-decls ++DEF_CFLAGS += -fno-builtin -Wall -Wredundant-decls -Wno-format -Wno-redundant-decls + DEF_CFLAGS += $(call cc-option,$(CC),-fno-stack-protector,) + DEF_CFLAGS += $(call cc-option,$(CC),-fgnu89-inline) + DEF_CFLAGS += -Wstrict-prototypes -Wnested-externs -Wpointer-arith -Winline +diff -ur xen-3.4.2.orig//tools/blktap/drivers/Makefile xen-3.4.2//tools/blktap/drivers/Makefile +--- xen-3.4.2.orig//tools/blktap/drivers/Makefile 2009-11-10 23:12:55.000000000 +0800 ++++ xen-3.4.2//tools/blktap/drivers/Makefile 2011-09-25 02:34:11.750793042 +0800 +@@ -5,7 +5,7 @@ + QCOW_UTIL = img2qcow qcow2raw qcow-create + LIBAIO_DIR = ../../libaio/src + +-CFLAGS += -Werror ++CFLAGS += + CFLAGS += -Wno-unused + CFLAGS += -I../lib + CFLAGS += $(CFLAGS_libxenctrl) +diff -ur xen-3.4.2.orig//tools/blktap/lib/Makefile xen-3.4.2//tools/blktap/lib/Makefile +--- xen-3.4.2.orig//tools/blktap/lib/Makefile 2009-11-10 23:12:55.000000000 +0800 ++++ xen-3.4.2//tools/blktap/lib/Makefile 2011-09-25 02:34:11.748793042 +0800 +@@ -13,7 +13,7 @@ + SRCS := + SRCS += xenbus.c blkif.c xs_api.c + +-CFLAGS += -Werror ++CFLAGS += + CFLAGS += -Wno-unused + CFLAGS += -fPIC + # get asprintf(): +diff -ur xen-3.4.2.orig//tools/console/Makefile xen-3.4.2//tools/console/Makefile +--- xen-3.4.2.orig//tools/console/Makefile 2009-11-10 23:12:55.000000000 +0800 ++++ xen-3.4.2//tools/console/Makefile 2011-09-25 02:34:11.704793042 +0800 +@@ -2,7 +2,7 @@ + XEN_ROOT=../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + + CFLAGS += $(CFLAGS_libxenctrl) + CFLAGS += $(CFLAGS_libxenstore) +diff -ur xen-3.4.2.orig//tools/debugger/xenitp/Makefile xen-3.4.2//tools/debugger/xenitp/Makefile +--- xen-3.4.2.orig//tools/debugger/xenitp/Makefile 2009-11-10 23:12:55.000000000 +0800 ++++ xen-3.4.2//tools/debugger/xenitp/Makefile 2011-09-25 02:34:11.744793042 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT=../../.. + include $(XEN_ROOT)/tools/Rules.mk + +-#CFLAGS += -Werror -g -O0 ++#CFLAGS += -g -O0 + + CFLAGS += $(CFLAGS_libxenctrl) + +diff -ur xen-3.4.2.orig//tools/firmware/Rules.mk xen-3.4.2//tools/firmware/Rules.mk +--- xen-3.4.2.orig//tools/firmware/Rules.mk 2009-11-10 23:12:55.000000000 +0800 ++++ xen-3.4.2//tools/firmware/Rules.mk 2011-09-25 02:34:11.565793045 +0800 +@@ -10,7 +10,7 @@ + CFLAGS += -DNDEBUG + endif + +-CFLAGS += -Werror ++CFLAGS += + + # Disable PIE/SSP if GCC supports them. They can break us. + $(call cc-option-add,CFLAGS,CC,-nopie) +diff -ur xen-3.4.2.orig//tools/flask/libflask/Makefile xen-3.4.2//tools/flask/libflask/Makefile +--- xen-3.4.2.orig//tools/flask/libflask/Makefile 2009-11-10 23:12:56.000000000 +0800 ++++ xen-3.4.2//tools/flask/libflask/Makefile 2011-09-25 02:34:11.657793042 +0800 +@@ -9,7 +9,7 @@ + SRCS := + SRCS += flask_op.c + +-CFLAGS += -Werror ++CFLAGS += + CFLAGS += -fno-strict-aliasing + CFLAGS += $(INCLUDES) -I./include -I$(XEN_LIBXC) -I$(XEN_INCLUDE) + +diff -ur xen-3.4.2.orig//tools/flask/loadpolicy/Makefile xen-3.4.2//tools/flask/loadpolicy/Makefile +--- xen-3.4.2.orig//tools/flask/loadpolicy/Makefile 2009-11-10 23:12:56.000000000 +0800 ++++ xen-3.4.2//tools/flask/loadpolicy/Makefile 2011-09-25 02:34:11.660793042 +0800 +@@ -6,7 +6,7 @@ + LIBFLASK_ROOT = $(XEN_ROOT)/tools/flask/libflask + + PROFILE=#-pg +-BASECFLAGS=-Wall -g -Werror ++BASECFLAGS=-Wall -g + BASECFLAGS+= $(PROFILE) + #BASECFLAGS+= -I$(XEN_ROOT)/tools + BASECFLAGS+= $(CFLAGS_libxenctrl) +diff -ur xen-3.4.2.orig//tools/fs-back/Makefile xen-3.4.2//tools/fs-back/Makefile +--- xen-3.4.2.orig//tools/fs-back/Makefile 2009-11-10 23:12:56.000000000 +0800 ++++ xen-3.4.2//tools/fs-back/Makefile 2011-09-25 02:34:11.637793042 +0800 +@@ -5,7 +5,7 @@ + + IBIN = fs-backend + +-CFLAGS += -Werror ++CFLAGS += + CFLAGS += -Wno-unused + CFLAGS += -fno-strict-aliasing + CFLAGS += $(CFLAGS_libxenctrl) +diff -ur xen-3.4.2.orig//tools/ioemu-qemu-xen/configure xen-3.4.2//tools/ioemu-qemu-xen/configure +--- xen-3.4.2.orig//tools/ioemu-qemu-xen/configure 2009-11-05 19:44:56.000000000 +0800 ++++ xen-3.4.2//tools/ioemu-qemu-xen/configure 2011-09-25 02:34:11.888793042 +0800 +@@ -468,7 +468,7 @@ + CFLAGS="$CFLAGS -Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes -Wstrict-prototypes -Wredundant-decls" + LDFLAGS="$LDFLAGS -g" + if test "$werror" = "yes" ; then +-CFLAGS="$CFLAGS -Werror" ++CFLAGS="$CFLAGS" + fi + + if test "$solaris" = "no" ; then +@@ -1150,7 +1150,7 @@ + echo "sparse enabled $sparse" + echo "profiler $profiler" + echo "static build $static" +-echo "-Werror enabled $werror" ++ + if test "$darwin" = "yes" ; then + echo "Cocoa support $cocoa" + fi +diff -ur xen-3.4.2.orig//tools/ioemu-qemu-xen/Makefile.target xen-3.4.2//tools/ioemu-qemu-xen/Makefile.target +--- xen-3.4.2.orig//tools/ioemu-qemu-xen/Makefile.target 2011-09-25 02:33:23.946793064 +0800 ++++ xen-3.4.2//tools/ioemu-qemu-xen/Makefile.target 2011-09-25 02:34:11.584793042 +0800 +@@ -26,7 +26,7 @@ + TARGET_PATH=$(SRC_PATH)/target-$(TARGET_BASE_ARCH) + VPATH=$(SRC_PATH):$(TARGET_PATH):$(SRC_PATH)/hw + CPPFLAGS=-I. -I.. -I$(TARGET_PATH) -I$(SRC_PATH) -MMD -MT $@ -MP -DNEED_CPU_H +-#CFLAGS+=-Werror ++#CFLAGS+= + LIBS= + # user emulator name + ifndef TARGET_ARCH2 +diff -ur xen-3.4.2.orig//tools/libaio/harness/Makefile xen-3.4.2//tools/libaio/harness/Makefile +--- xen-3.4.2.orig//tools/libaio/harness/Makefile 2009-11-10 23:12:56.000000000 +0800 ++++ xen-3.4.2//tools/libaio/harness/Makefile 2011-09-25 02:34:11.674793042 +0800 +@@ -4,7 +4,7 @@ + HARNESS_SRCS:=main.c + # io_queue.c + +-CFLAGS=-Wall -Werror -g -O -laio ++CFLAGS=-Wall -g -O -laio + #-lpthread -lrt + + all: $(PROGS) +diff -ur xen-3.4.2.orig//tools/libfsimage/Rules.mk xen-3.4.2//tools/libfsimage/Rules.mk +--- xen-3.4.2.orig//tools/libfsimage/Rules.mk 2009-11-10 23:12:56.000000000 +0800 ++++ xen-3.4.2//tools/libfsimage/Rules.mk 2011-09-25 02:34:11.566793044 +0800 +@@ -1,6 +1,6 @@ + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -I$(XEN_ROOT)/tools/libfsimage/common/ -Werror ++CFLAGS += -I$(XEN_ROOT)/tools/libfsimage/common/ + LDFLAGS += -L../common/ + + PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y)) +diff -ur xen-3.4.2.orig//tools/libxc/Makefile xen-3.4.2//tools/libxc/Makefile +--- xen-3.4.2.orig//tools/libxc/Makefile 2011-09-25 02:33:23.987793064 +0800 ++++ xen-3.4.2//tools/libxc/Makefile 2011-09-25 02:34:11.687793042 +0800 +@@ -52,7 +52,7 @@ + + -include $(XEN_TARGET_ARCH)/Makefile + +-CFLAGS += -Werror -Wmissing-prototypes ++CFLAGS += -Wmissing-prototypes + CFLAGS += $(INCLUDES) -I. -I../xenstore -I../include + + # Needed for posix_fadvise64() in xc_linux.c +diff -ur xen-3.4.2.orig//tools/libxen/Makefile.dist xen-3.4.2//tools/libxen/Makefile.dist +--- xen-3.4.2.orig//tools/libxen/Makefile.dist 2009-11-10 23:12:56.000000000 +0800 ++++ xen-3.4.2//tools/libxen/Makefile.dist 2011-09-25 02:34:11.593793042 +0800 +@@ -22,7 +22,7 @@ + CFLAGS = -Iinclude \ + $(shell xml2-config --cflags) \ + $(shell curl-config --cflags) \ +- -W -Wall -Wmissing-prototypes -Werror -std=c99 -O2 -fPIC ++ -W -Wall -Wmissing-prototypes -std=c99 -O2 -fPIC + + LDFLAGS = $(shell xml2-config --libs) \ + $(shell curl-config --libs) +diff -ur xen-3.4.2.orig//tools/misc/lomount/Makefile xen-3.4.2//tools/misc/lomount/Makefile +--- xen-3.4.2.orig//tools/misc/lomount/Makefile 2009-11-10 23:12:56.000000000 +0800 ++++ xen-3.4.2//tools/misc/lomount/Makefile 2011-09-25 02:34:11.666793042 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT=../../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + + HDRS = $(wildcard *.h) + OBJS = $(patsubst %.c,%.o,$(wildcard *.c)) +diff -ur xen-3.4.2.orig//tools/misc/Makefile xen-3.4.2//tools/misc/Makefile +--- xen-3.4.2.orig//tools/misc/Makefile 2009-11-10 23:12:56.000000000 +0800 ++++ xen-3.4.2//tools/misc/Makefile 2011-09-25 02:34:11.669793042 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT=../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + + INCLUDES += -I $(XEN_XC) + INCLUDES += -I $(XEN_LIBXC) +diff -ur xen-3.4.2.orig//tools/pygrub/setup.py xen-3.4.2//tools/pygrub/setup.py +--- xen-3.4.2.orig//tools/pygrub/setup.py 2009-11-10 23:12:56.000000000 +0800 ++++ xen-3.4.2//tools/pygrub/setup.py 2011-09-25 02:34:11.901793042 +0800 +@@ -3,7 +3,7 @@ + import os + import sys + +-extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ] ++extra_compile_args = [ "-fno-strict-aliasing" ] + + XEN_ROOT = "../.." + +diff -ur xen-3.4.2.orig//tools/python/setup.py xen-3.4.2//tools/python/setup.py +--- xen-3.4.2.orig//tools/python/setup.py 2009-11-10 23:12:56.000000000 +0800 ++++ xen-3.4.2//tools/python/setup.py 2011-09-25 02:34:11.897793042 +0800 +@@ -4,7 +4,7 @@ + + XEN_ROOT = "../.." + +-extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ] ++extra_compile_args = [ "-fno-strict-aliasing" ] + + include_dirs = [ XEN_ROOT + "/tools/libxc", + XEN_ROOT + "/tools/xenstore", +diff -ur xen-3.4.2.orig//tools/security/Makefile xen-3.4.2//tools/security/Makefile +--- xen-3.4.2.orig//tools/security/Makefile 2009-11-10 23:12:56.000000000 +0800 ++++ xen-3.4.2//tools/security/Makefile 2011-09-25 02:34:11.701793042 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT = ../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + CFLAGS += -fno-strict-aliasing + CFLAGS += -I. $(CFLAGS_libxenctrl) + +diff -ur xen-3.4.2.orig//tools/vnet/libxutil/Makefile xen-3.4.2//tools/vnet/libxutil/Makefile +--- xen-3.4.2.orig//tools/vnet/libxutil/Makefile 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//tools/vnet/libxutil/Makefile 2011-09-25 02:34:11.694793042 +0800 +@@ -25,7 +25,7 @@ + PIC_OBJS := $(LIB_SRCS:.c=.opic) + + $(call cc-option-add,CFLAGS,CC,-fgnu89-inline) +-CFLAGS += -Werror -fno-strict-aliasing ++CFLAGS += -fno-strict-aliasing + CFLAGS += -O3 + #CFLAGS += -g + +diff -ur xen-3.4.2.orig//tools/vtpm/Rules.mk xen-3.4.2//tools/vtpm/Rules.mk +--- xen-3.4.2.orig//tools/vtpm/Rules.mk 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//tools/vtpm/Rules.mk 2011-09-25 02:34:11.563793044 +0800 +@@ -9,7 +9,7 @@ + TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin + + # General compiler flags +-CFLAGS = -Werror -g3 -I. ++CFLAGS = -g3 -I. + + # Generic project files + HDRS = $(wildcard *.h) +diff -ur xen-3.4.2.orig//tools/vtpm_manager/Rules.mk xen-3.4.2//tools/vtpm_manager/Rules.mk +--- xen-3.4.2.orig//tools/vtpm_manager/Rules.mk 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//tools/vtpm_manager/Rules.mk 2011-09-25 02:34:11.562793042 +0800 +@@ -9,7 +9,7 @@ + TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin + + # General compiler flags +-CFLAGS = -Werror -g3 -I. ++CFLAGS = -g3 -I. + + # Generic project files + HDRS = $(wildcard *.h) +diff -ur xen-3.4.2.orig//tools/xcutils/Makefile xen-3.4.2//tools/xcutils/Makefile +--- xen-3.4.2.orig//tools/xcutils/Makefile 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//tools/xcutils/Makefile 2011-09-25 02:34:11.636793042 +0800 +@@ -11,7 +11,7 @@ + XEN_ROOT = ../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + CFLAGS += $(CFLAGS_libxenctrl) $(CFLAGS_libxenguest) $(CFLAGS_libxenstore) + + PROGRAMS = xc_restore xc_save readnotes lsevtchn +diff -ur xen-3.4.2.orig//tools/xenmon/Makefile xen-3.4.2//tools/xenmon/Makefile +--- xen-3.4.2.orig//tools/xenmon/Makefile 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//tools/xenmon/Makefile 2011-09-25 02:34:11.641793042 +0800 +@@ -13,7 +13,7 @@ + XEN_ROOT=../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + CFLAGS += -I $(XEN_XC) + CFLAGS += $(CFLAGS_libxenctrl) + LDFLAGS += $(LDFLAGS_libxenctrl) +diff -ur xen-3.4.2.orig//tools/xenpmd/Makefile xen-3.4.2//tools/xenpmd/Makefile +--- xen-3.4.2.orig//tools/xenpmd/Makefile 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//tools/xenpmd/Makefile 2011-09-25 02:34:11.656793042 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT=../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + CFLAGS += $(CFLAGS_libxenstore) + LDFLAGS += $(LDFLAGS_libxenstore) + +diff -ur xen-3.4.2.orig//tools/xenstat/libxenstat/Makefile xen-3.4.2//tools/xenstat/libxenstat/Makefile +--- xen-3.4.2.orig//tools/xenstat/libxenstat/Makefile 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//tools/xenstat/libxenstat/Makefile 2011-09-25 02:34:11.681793042 +0800 +@@ -34,7 +34,7 @@ + OBJECTS-$(CONFIG_NetBSD) += src/xenstat_netbsd.o + SONAME_FLAGS=-Wl,$(SONAME_LDFLAG) -Wl,libxenstat.so.$(MAJOR) + +-WARN_FLAGS=-Wall -Werror ++WARN_FLAGS=-Wall + + CFLAGS+=-Isrc -I$(XEN_LIBXC) -I$(XEN_XENSTORE) -I$(XEN_INCLUDE) + LDFLAGS+=-Lsrc -L$(XEN_XENSTORE)/ -L$(XEN_LIBXC)/ +diff -ur xen-3.4.2.orig//tools/xenstat/xentop/Makefile xen-3.4.2//tools/xenstat/xentop/Makefile +--- xen-3.4.2.orig//tools/xenstat/xentop/Makefile 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//tools/xenstat/xentop/Makefile 2011-09-25 02:34:11.684793042 +0800 +@@ -18,7 +18,7 @@ + all install xentop: + else + +-CFLAGS += -DGCC_PRINTF -Wall -Werror -I$(XEN_LIBXENSTAT) ++CFLAGS += -DGCC_PRINTF -Wall -I$(XEN_LIBXENSTAT) + LDFLAGS += -L$(XEN_LIBXENSTAT) + LDLIBS += -lxenstat $(CURSES_LIBS) $(SOCKET_LIBS) + CFLAGS += -DHOST_$(XEN_OS) +diff -ur xen-3.4.2.orig//tools/xenstore/Makefile xen-3.4.2//tools/xenstore/Makefile +--- xen-3.4.2.orig//tools/xenstore/Makefile 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//tools/xenstore/Makefile 2011-09-25 02:34:11.640793042 +0800 +@@ -4,7 +4,7 @@ + MAJOR = 3.0 + MINOR = 0 + +-CFLAGS += -Werror ++CFLAGS += + CFLAGS += -I. + CFLAGS += $(CFLAGS_libxenctrl) + +diff -ur xen-3.4.2.orig//tools/xenstore/xenstored_core.c xen-3.4.2//tools/xenstore/xenstored_core.c +--- xen-3.4.2.orig//tools/xenstore/xenstored_core.c 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//tools/xenstore/xenstored_core.c 2011-09-25 02:34:11.845793042 +0800 +@@ -865,7 +865,7 @@ + { + unsigned int offset, datalen; + struct node *node; +- char *vec[1] = { NULL }; /* gcc4 + -W + -Werror fucks code. */ ++ char *vec[1] = { NULL }; /* gcc4 + -W + fucks code. */ + char *name; + + /* Extra "strings" can be created by binary data. */ +diff -ur xen-3.4.2.orig//tools/xentrace/Makefile xen-3.4.2//tools/xentrace/Makefile +--- xen-3.4.2.orig//tools/xentrace/Makefile 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//tools/xentrace/Makefile 2011-09-25 02:34:11.745793042 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT=../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + + CFLAGS += $(CFLAGS_libxenctrl) + LDFLAGS += $(LDFLAGS_libxenctrl) +Only in xen-3.4.2/: Werror.sh +diff -ur xen-3.4.2.orig//xen/arch/ia64/Rules.mk xen-3.4.2//xen/arch/ia64/Rules.mk +--- xen-3.4.2.orig//xen/arch/ia64/Rules.mk 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//xen/arch/ia64/Rules.mk 2011-09-25 02:34:11.570793042 +0800 +@@ -68,7 +68,7 @@ + CFLAGS += -DCONFIG_XEN_IA64_TLBFLUSH_CLOCK + endif + ifeq ($(no_warns),y) +-CFLAGS += -Wa,--fatal-warnings -Werror -Wno-uninitialized ++CFLAGS += -Wa,--fatal-warnings -Wno-uninitialized + endif + ifneq ($(vhpt_disable),y) + CFLAGS += -DVHPT_ENABLED=1 +diff -ur xen-3.4.2.orig//xen/arch/x86/boot/build32.mk xen-3.4.2//xen/arch/x86/boot/build32.mk +--- xen-3.4.2.orig//xen/arch/x86/boot/build32.mk 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//xen/arch/x86/boot/build32.mk 2011-09-25 02:34:11.914793042 +0800 +@@ -8,7 +8,7 @@ + $(call cc-option-add,CFLAGS,CC,-fno-stack-protector) + $(call cc-option-add,CFLAGS,CC,-fno-stack-protector-all) + +-CFLAGS += -Werror -fno-builtin -msoft-float ++CFLAGS += -fno-builtin -msoft-float + + # NB. awk invocation is a portable alternative to 'head -n -1' + %.S: %.bin +diff -ur xen-3.4.2.orig//xen/arch/x86/Rules.mk xen-3.4.2//xen/arch/x86/Rules.mk +--- xen-3.4.2.orig//xen/arch/x86/Rules.mk 2009-11-10 23:12:57.000000000 +0800 ++++ xen-3.4.2//xen/arch/x86/Rules.mk 2011-09-25 02:34:11.572793042 +0800 +@@ -17,7 +17,7 @@ + endif + + CFLAGS += -fno-builtin -fno-common +-CFLAGS += -iwithprefix include -Werror -Wno-pointer-arith -pipe ++CFLAGS += -iwithprefix include -Wno-pointer-arith -pipe + CFLAGS += -I$(BASEDIR)/include + CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-generic + CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-default
\ No newline at end of file diff --git a/app-emulation/xen/files/xen-4.1.1-iommu_sec_fix.patch b/app-emulation/xen/files/xen-4.1.1-iommu_sec_fix.patch new file mode 100644 index 0000000..737c2bd --- /dev/null +++ b/app-emulation/xen/files/xen-4.1.1-iommu_sec_fix.patch @@ -0,0 +1,74 @@ + +# HG changeset patch +# User Tim Deegan <Tim.Deegan@citrix.com> +# Date 1313145221 -3600 +# Node ID 84e3706df07a1963e23cd3875d8603917657d462 +# Parent cb22fa57ff252893b6adb1481e09b1287eacd990 +Passthrough: disable bus-mastering on any card that causes an IOMMU fault. + +This stops the card from raising back-to-back faults and live-locking +the CPU that handles them. + +Signed-off-by: Tim Deegan <tim@xen.org> +Acked-by: Wei Wang2 <wei.wang2@amd.com> +Acked-by: Allen M Kay <allen.m.kay@intel.com> + +diff -r cb22fa57ff25 -r 84e3706df07a xen/drivers/passthrough/amd/iommu_init.c +--- a/xen/drivers/passthrough/amd/iommu_init.c Mon Jul 25 16:48:39 2011 +0100 ++++ b/xen/drivers/passthrough/amd/iommu_init.c Fri Aug 12 11:33:41 2011 +0100 +@@ -462,7 +462,7 @@ + + static void parse_event_log_entry(u32 entry[]) + { +- u16 domain_id, device_id; ++ u16 domain_id, device_id, bdf, cword; + u32 code; + u64 *addr; + char * event_str[] = {"ILLEGAL_DEV_TABLE_ENTRY", +@@ -497,6 +497,18 @@ + "%s: domain = %d, device id = 0x%04x, " + "fault address = 0x%"PRIx64"\n", + event_str[code-1], domain_id, device_id, *addr); ++ ++ /* Tell the device to stop DMAing; we can't rely on the guest to ++ * control it for us. */ ++ for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) ++ if ( get_dma_requestor_id(bdf) == device_id ) ++ { ++ cword = pci_conf_read16(PCI_BUS(bdf), PCI_SLOT(bdf), ++ PCI_FUNC(bdf), PCI_COMMAND); ++ pci_conf_write16(PCI_BUS(bdf), PCI_SLOT(bdf), ++ PCI_FUNC(bdf), PCI_COMMAND, ++ cword & ~PCI_COMMAND_MASTER); ++ } + } + else + { +diff -r cb22fa57ff25 -r 84e3706df07a xen/drivers/passthrough/vtd/iommu.c +--- a/xen/drivers/passthrough/vtd/iommu.c Mon Jul 25 16:48:39 2011 +0100 ++++ b/xen/drivers/passthrough/vtd/iommu.c Fri Aug 12 11:33:41 2011 +0100 +@@ -893,7 +893,7 @@ + while (1) + { + u8 fault_reason; +- u16 source_id; ++ u16 source_id, cword; + u32 data; + u64 guest_addr; + int type; +@@ -926,6 +926,14 @@ + iommu_page_fault_do_one(iommu, type, fault_reason, + source_id, guest_addr); + ++ /* Tell the device to stop DMAing; we can't rely on the guest to ++ * control it for us. */ ++ cword = pci_conf_read16(PCI_BUS(source_id), PCI_SLOT(source_id), ++ PCI_FUNC(source_id), PCI_COMMAND); ++ pci_conf_write16(PCI_BUS(source_id), PCI_SLOT(source_id), ++ PCI_FUNC(source_id), PCI_COMMAND, ++ cword & ~PCI_COMMAND_MASTER); ++ + fault_index++; + if ( fault_index > cap_num_fault_regs(iommu->cap) ) + fault_index = 0; + diff --git a/app-emulation/xen/metadata.xml b/app-emulation/xen/metadata.xml new file mode 100644 index 0000000..6550459 --- /dev/null +++ b/app-emulation/xen/metadata.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>xen</herd> + <maintainer> + <email>johneed@hotmail.com</email> + <name>Ian Delaney aka idella4 proxy maintainer</name> + </maintainer> + <use> + <flag name='acm'>Enable the ACM/sHype XSM module from IBM</flag> + <flag name='flask'>Enable the Flask XSM module from NSA</flag> + <flag name='pae'>Enable support for PAE kernels (usually x86-32 with >4GB memory)</flag> + <flag name='xsm'>Enable the Xen Security Modules (XSM)</flag> + </use> +</pkgmetadata> diff --git a/app-emulation/xen/xen-3.4.2-r4.ebuild b/app-emulation/xen/xen-3.4.2-r4.ebuild new file mode 100644 index 0000000..643ade2 --- /dev/null +++ b/app-emulation/xen/xen-3.4.2-r4.ebuild @@ -0,0 +1,114 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-3.4.2-r4.ebuild,v 1.3 2011/10/15 19:38:16 hwoarang Exp $ + +EAPI=2 + +inherit mount-boot flag-o-matic toolchain-funcs base + +DESCRIPTION="The Xen virtual machine monitor" +HOMEPAGE="http://xen.org/" +SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="debug custom-cflags pae acm flask xsm" + +RDEPEND="|| ( sys-boot/grub + sys-boot/grub-static ) + >=sys-kernel/xen-sources-2.6.18" +PDEPEND="~app-emulation/xen-tools-${PV}" +PATCHES=( + "${FILESDIR}/"${PN}-3.3.0-unexported-target-fix.patch + "${FILESDIR}/"${P}-dump_registers-watchdog-fix.patch + "${FILESDIR}/"${P}-no-DMA.patch + "${FILESDIR}/"${P}-werror-idiocy.patch + "${FILESDIR}/"${P}-fix-__addr_ok-limit.patch + "${FILESDIR}/"${P}-CVE-2011-1583.patch +) + +RESTRICT="test" + +# Approved by QA team in bug #144032 +QA_WX_LOAD="boot/xen-syms-${PV}" + +pkg_setup() { + if [ -x "${S}/.config/" ]; then + die "You will need to remove ${S}/.config by hand" + fi + if [[ -z ${XEN_TARGET_ARCH} ]]; then + if use x86 && use amd64; then + die "Confusion! Both x86 and amd64 are set in your use flags!" + elif use x86; then + export XEN_TARGET_ARCH="x86_32" + elif use amd64; then + export XEN_TARGET_ARCH="x86_64" + else + die "Unsupported architecture!" + fi + fi + + if use xsm ; then + export "XSM_ENABLE=y" + use acm && export "ACM_SECURITY=y" + if use flask ; then + ! use acm && export "FLASK_ENABLE=y" + use acm && ewarn "Both acm and flask XSM specified, defaulting to acm." + fi + elif use acm || use flask ; then + ewarn "acm and flask require USE=xsm to be set, dropping use flags" + fi +} + +src_prepare() { + base_src_prepare + + # if the user *really* wants to use their own custom-cflags, let them + if use custom-cflags; then + einfo "User wants their own CFLAGS - removing defaults" + # try and remove all the default custom-cflags + find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ + -i {} \; + fi +} + +src_compile() { + local myopt + use debug && myopt="${myopt} debug=y" + use pae && myopt="${myopt} pae=y" + + if use custom-cflags; then + filter-flags -fPIE -fstack-protector + replace-flags -O3 -O2 + else + unset CFLAGS + fi + + # Send raw LDFLAGS so that --as-needed works + emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" -C xen ${myopt} || die "compile failed" +} + +src_install() { + local myopt + use debug && myopt="${myopt} debug=y" + use pae && myopt="${myopt} pae=y" + + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install || die "install failed" +} + +pkg_postinst() { + elog "Official Xen Guide and the unoffical wiki page:" + elog " http://www.gentoo.org/doc/en/xen-guide.xml" + elog " http://en.gentoo-wiki.com/wiki/Xen/" + + if use pae; then + echo + ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" + fi +} diff --git a/app-emulation/xen/xen-4.1.1-r2.ebuild b/app-emulation/xen/xen-4.1.1-r2.ebuild new file mode 100644 index 0000000..4b3a74b --- /dev/null +++ b/app-emulation/xen/xen-4.1.1-r2.ebuild @@ -0,0 +1,121 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.1.1-r2.ebuild,v 1.7 2011/11/08 23:46:38 mr_bones_ Exp $ + +EAPI="4" + +if [[ $PV == *9999 ]]; then + KEYWORDS="" + REPO="xen-unstable.hg" + EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" + S="${WORKDIR}/${REPO}" + live_eclass="mercurial" +else + KEYWORDS="amd64 x86" + SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz" +fi + +inherit mount-boot flag-o-matic toolchain-funcs ${live_eclass} + +DESCRIPTION="The Xen virtual machine monitor" +HOMEPAGE="http://xen.org/" + +LICENSE="GPL-2" +SLOT="0" +IUSE="custom-cflags debug flask pae xsm" + +RDEPEND="|| ( sys-boot/grub + sys-boot/grub-static )" +PDEPEND="~app-emulation/xen-tools-${PV}" + +RESTRICT="test" + +# Approved by QA team in bug #144032 +QA_WX_LOAD="boot/xen-syms-${PV}" + +REQUIRED_USE=" + flask? ( xsm ) + " + +pkg_setup() { + if [[ -z ${XEN_TARGET_ARCH} ]]; then + if use x86 && use amd64; then + die "Confusion! Both x86 and amd64 are set in your use flags!" + elif use x86; then + export XEN_TARGET_ARCH="x86_32" + elif use amd64; then + export XEN_TARGET_ARCH="x86_64" + else + die "Unsupported architecture!" + fi + fi + + if use flask ; then + export "XSM_ENABLE=y" + export "FLASK_ENABLE=y" + elif use xsm ; then + export "XSM_ENABLE=y" + fi +} + +src_prepare() { + # Drop .config + sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop" + # if the user *really* wants to use their own custom-cflags, let them + if use custom-cflags; then + einfo "User wants their own CFLAGS - removing defaults" + # try and remove all the default custom-cflags + find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ + -i {} \; || die "failed to set custom-cflags" + fi + + # remove -Werror for gcc-4.6's sake + find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \ + xargs sed -i 's/ *-Werror */ /' || die "failed to remove -Werror" + # not strictly necessary to fix this + sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to remove -Werror on setup.py" + + # Add sccurity fix bug #379241 + epatch "${FILESDIR}/${P}-iommu_sec_fix.patch" +} + +src_configure() { + use debug && myopt="${myopt} debug=y" + use pae && myopt="${myopt} pae=y" + + if use custom-cflags; then + filter-flags -fPIE -fstack-protector + replace-flags -O3 -O2 + else + unset CFLAGS + fi +} + +src_compile() { + # Send raw LDFLAGS so that --as-needed works + emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} +} + +src_install() { + local myopt + use debug && myopt="${myopt} debug=y" + use pae && myopt="${myopt} pae=y" + + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install +} + +pkg_postinst() { + elog "Official Xen Guide and the unoffical wiki page:" + elog " http://www.gentoo.org/doc/en/xen-guide.xml" + elog " http://en.gentoo-wiki.com/wiki/Xen/" + + if use pae; then + echo + ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" + fi +} diff --git a/app-emulation/xen/xen-9999.ebuild b/app-emulation/xen/xen-9999.ebuild new file mode 100644 index 0000000..c3e1126 --- /dev/null +++ b/app-emulation/xen/xen-9999.ebuild @@ -0,0 +1,117 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-9999.ebuild,v 1.4 2011/09/11 14:48:15 alexxy Exp $ + +EAPI="4" + +if [[ $PV == *9999 ]]; then + KEYWORDS="" + REPO="xen-unstable.hg" + EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" + S="${WORKDIR}/${REPO}" + live_eclass="mercurial" +else + KEYWORDS="~amd64 ~x86" + SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz" +fi + +inherit mount-boot flag-o-matic toolchain-funcs ${live_eclass} + +DESCRIPTION="The Xen virtual machine monitor" +HOMEPAGE="http://xen.org/" + +LICENSE="GPL-2" +SLOT="0" +IUSE="custom-cflags debug flask pae xsm" + +RDEPEND="|| ( sys-boot/grub + sys-boot/grub-static )" +PDEPEND="~app-emulation/xen-tools-${PV}" + +RESTRICT="test" + +# Approved by QA team in bug #144032 +QA_WX_LOAD="boot/xen-syms-${PV}" + +REQUIRED_USE="flask? ( xsm )" + +pkg_setup() { + if [[ -z ${XEN_TARGET_ARCH} ]]; then + if use x86 && use amd64; then + die "Confusion! Both x86 and amd64 are set in your use flags!" + elif use x86; then + export XEN_TARGET_ARCH="x86_32" + elif use amd64; then + export XEN_TARGET_ARCH="x86_64" + else + die "Unsupported architecture!" + fi + fi + + if use flask ; then + export "XSM_ENABLE=y" + export "FLASK_ENABLE=y" + elif use xsm ; then + export "XSM_ENABLE=y" + fi +} + +src_prepare() { + # Drop .config + sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop" + + # if the user *really* wants to use their own custom-cflags, let them + if use custom-cflags; then + einfo "User wants their own CFLAGS - removing defaults" + # try and remove all the default custom-cflags + find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ + -i {} \; + fi + + # remove -Werror for gcc-4.6's sake + find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \ + xargs sed -i 's/ *-Werror */ /' + # not strictly necessary to fix this + sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" +} + +src_configure() { + use debug && myopt="${myopt} debug=y" + use pae && myopt="${myopt} pae=y" + + if use custom-cflags; then + filter-flags -fPIE -fstack-protector + replace-flags -O3 -O2 + else + unset CFLAGS + fi +} + +src_compile() { + # Send raw LDFLAGS so that --as-needed works + emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} +} + +src_install() { + local myopt + use debug && myopt="${myopt} debug=y" + use pae && myopt="${myopt} pae=y" + + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install +} + +pkg_postinst() { + elog "Official Xen Guide and the unoffical wiki page:" + elog " http://www.gentoo.org/doc/en/xen-guide.xml" + elog " http://en.gentoo-wiki.com/wiki/Xen/" + + if use pae; then + echo + ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" + fi +} |