summaryrefslogtreecommitdiff
path: root/system/xen
diff options
context:
space:
mode:
Diffstat (limited to 'system/xen')
-rw-r--r--system/xen/dom0/README.dom02
-rw-r--r--system/xen/dom0/config-4.4.118-xen.i686 (renamed from system/xen/dom0/config-4.4.75-xen.i686)28
-rw-r--r--system/xen/dom0/config-4.4.118-xen.x86_64 (renamed from system/xen/dom0/config-4.4.75-xen.x86_64)32
-rw-r--r--system/xen/dom0/kernel-xen.sh4
-rw-r--r--system/xen/patches/gcc7-fix-incorrect-comparison.patch40
-rw-r--r--system/xen/patches/gcc7-minios-implement-udivmoddi4.patch44
-rw-r--r--system/xen/patches/gcc7-vtpm-implicit-fallthrough.patch46
-rw-r--r--system/xen/patches/gcc7-vtpmmgr-make-inline-static.patch1161
-rw-r--r--system/xen/patches/glibc-memfd_fix_configure_test.patch55
-rw-r--r--system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-ath5k.patch28
-rw-r--r--system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-curses.patch24
-rw-r--r--system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough.patch163
-rw-r--r--system/xen/patches/patch-ipxe-patches-series.patch18
-rw-r--r--system/xen/patches/use_already_present_ipxe.diff21
-rw-r--r--system/xen/xen.SlackBuild32
-rw-r--r--system/xen/xen.info18
-rw-r--r--system/xen/xsa/xsa246-4.9.patch74
-rw-r--r--system/xen/xsa/xsa247-4.9-0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu.patch176
-rw-r--r--system/xen/xsa/xsa247-4.9-0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas.patch109
-rw-r--r--system/xen/xsa/xsa248.patch164
-rw-r--r--system/xen/xsa/xsa249.patch42
-rw-r--r--system/xen/xsa/xsa250.patch67
-rw-r--r--system/xen/xsa/xsa251.patch21
-rw-r--r--system/xen/xsa/xsa252.patch27
-rw-r--r--system/xen/xsa/xsa253.patch26
-rw-r--r--system/xen/xsa/xsa255-1.patch133
-rw-r--r--system/xen/xsa/xsa255-2.patch167
-rw-r--r--system/xen/xsa/xsa256.patch40
28 files changed, 518 insertions, 2244 deletions
diff --git a/system/xen/dom0/README.dom0 b/system/xen/dom0/README.dom0
index d5a40ce67a..2114164f38 100644
--- a/system/xen/dom0/README.dom0
+++ b/system/xen/dom0/README.dom0
@@ -46,7 +46,7 @@ Xen EFI binary.
To make things a bit easier, a copy of Xen EFI binary can be found here:
- http://slackware.hr/~mario/xen/xen-4.9.1.efi.gz
+ http://slackware.hr/~mario/xen/xen-4.10.0.efi.gz
If an automatic boot to Xen kernel is desired, the binary should be renamed and
copied to the following location: /boot/efi/EFI/BOOT/bootx64.efi
diff --git a/system/xen/dom0/config-4.4.75-xen.i686 b/system/xen/dom0/config-4.4.118-xen.i686
index ab22d64f08..2ba089e19f 100644
--- a/system/xen/dom0/config-4.4.75-xen.i686
+++ b/system/xen/dom0/config-4.4.118-xen.i686
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.4.88 Kernel Configuration
+# Linux/x86 4.4.118 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -368,6 +368,7 @@ CONFIG_SMP=y
CONFIG_X86_FEATURE_NAMES=y
CONFIG_X86_MPPARSE=y
CONFIG_X86_BIGSMP=y
+CONFIG_RETPOLINE=y
# CONFIG_X86_EXTENDED_PLATFORM is not set
CONFIG_X86_INTEL_LPSS=y
CONFIG_X86_AMD_PLATFORM_DEVICE=y
@@ -1241,6 +1242,12 @@ CONFIG_BRIDGE=m
CONFIG_BRIDGE_IGMP_SNOOPING=y
CONFIG_BRIDGE_VLAN_FILTERING=y
CONFIG_HAVE_NET_DSA=y
+CONFIG_NET_DSA=m
+CONFIG_NET_DSA_HWMON=y
+CONFIG_NET_DSA_TAG_BRCM=y
+CONFIG_NET_DSA_TAG_DSA=y
+CONFIG_NET_DSA_TAG_EDSA=y
+CONFIG_NET_DSA_TAG_TRAILER=y
CONFIG_VLAN_8021Q=m
CONFIG_VLAN_8021Q_GVRP=y
# CONFIG_VLAN_8021Q_MVRP is not set
@@ -1362,14 +1369,13 @@ CONFIG_OPENVSWITCH_VXLAN=m
CONFIG_OPENVSWITCH_GENEVE=m
CONFIG_VSOCKETS=m
CONFIG_VMWARE_VMCI_VSOCKETS=m
-CONFIG_NETLINK_MMAP=y
CONFIG_NETLINK_DIAG=m
CONFIG_MPLS=y
CONFIG_NET_MPLS_GSO=m
CONFIG_MPLS_ROUTING=m
CONFIG_MPLS_IPTUNNEL=m
CONFIG_HSR=m
-# CONFIG_NET_SWITCHDEV is not set
+CONFIG_NET_SWITCHDEV=y
# CONFIG_NET_L3_MASTER_DEV is not set
CONFIG_RPS=y
CONFIG_RFS_ACCEL=y
@@ -1638,6 +1644,7 @@ CONFIG_NFC_NXP_NCI=m
CONFIG_NFC_NXP_NCI_I2C=m
# CONFIG_NFC_S3FWRN5_I2C is not set
CONFIG_LWTUNNEL=y
+CONFIG_DST_CACHE=y
#
# Device Drivers
@@ -1665,6 +1672,7 @@ CONFIG_DEV_COREDUMP=y
CONFIG_SYS_HYPERVISOR=y
# CONFIG_GENERIC_CPU_DEVICES is not set
CONFIG_GENERIC_CPU_AUTOPROBE=y
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
CONFIG_REGMAP=y
CONFIG_REGMAP_I2C=m
CONFIG_REGMAP_MMIO=y
@@ -2423,8 +2431,14 @@ CONFIG_VHOST=m
#
# Distributed Switch Architecture drivers
#
-# CONFIG_NET_DSA_MV88E6XXX is not set
-# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set
+CONFIG_NET_DSA_MV88E6XXX=m
+CONFIG_NET_DSA_MV88E6060=m
+CONFIG_NET_DSA_MV88E6XXX_NEED_PPU=y
+CONFIG_NET_DSA_MV88E6131=m
+CONFIG_NET_DSA_MV88E6123_61_65=m
+CONFIG_NET_DSA_MV88E6171=m
+CONFIG_NET_DSA_MV88E6352=m
+CONFIG_NET_DSA_BCM_SF2=m
CONFIG_ETHERNET=y
CONFIG_MDIO=m
CONFIG_NET_VENDOR_3COM=y
@@ -2554,6 +2568,8 @@ CONFIG_MLX5_CORE=m
CONFIG_MLX5_CORE_EN=y
CONFIG_MLXSW_CORE=m
CONFIG_MLXSW_PCI=m
+CONFIG_MLXSW_SWITCHX2=m
+CONFIG_MLXSW_SPECTRUM=m
CONFIG_NET_VENDOR_MICREL=y
CONFIG_KS8842=m
CONFIG_KS8851_MLL=m
@@ -2603,6 +2619,7 @@ CONFIG_NET_VENDOR_RENESAS=y
CONFIG_NET_VENDOR_RDC=y
CONFIG_R6040=m
CONFIG_NET_VENDOR_ROCKER=y
+CONFIG_ROCKER=m
CONFIG_NET_VENDOR_SAMSUNG=y
CONFIG_SXGBE_ETH=m
CONFIG_NET_VENDOR_SEEQ=y
@@ -2735,6 +2752,7 @@ CONFIG_USB_NET_NET1080=m
CONFIG_USB_NET_PLUSB=m
CONFIG_USB_NET_MCS7830=m
CONFIG_USB_NET_RNDIS_HOST=m
+CONFIG_USB_NET_CDC_SUBSET_ENABLE=m
CONFIG_USB_NET_CDC_SUBSET=m
CONFIG_USB_ALI_M5632=y
CONFIG_USB_AN2720=y
diff --git a/system/xen/dom0/config-4.4.75-xen.x86_64 b/system/xen/dom0/config-4.4.118-xen.x86_64
index 5b8b948341..b690312fe3 100644
--- a/system/xen/dom0/config-4.4.75-xen.x86_64
+++ b/system/xen/dom0/config-4.4.118-xen.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.4.88 Kernel Configuration
+# Linux/x86 4.4.118 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -380,6 +380,7 @@ CONFIG_SMP=y
CONFIG_X86_FEATURE_NAMES=y
CONFIG_X86_X2APIC=y
CONFIG_X86_MPPARSE=y
+CONFIG_RETPOLINE=y
# CONFIG_X86_EXTENDED_PLATFORM is not set
CONFIG_X86_INTEL_LPSS=y
CONFIG_X86_AMD_PLATFORM_DEVICE=y
@@ -755,7 +756,6 @@ CONFIG_X86_X32=y
CONFIG_COMPAT=y
CONFIG_COMPAT_FOR_U64_ALIGNMENT=y
CONFIG_SYSVIPC_COMPAT=y
-CONFIG_KEYS_COMPAT=y
CONFIG_X86_DEV_DMA_OPS=y
CONFIG_PMC_ATOM=y
CONFIG_NET=y
@@ -1216,6 +1216,12 @@ CONFIG_BRIDGE=m
CONFIG_BRIDGE_IGMP_SNOOPING=y
CONFIG_BRIDGE_VLAN_FILTERING=y
CONFIG_HAVE_NET_DSA=y
+CONFIG_NET_DSA=m
+CONFIG_NET_DSA_HWMON=y
+CONFIG_NET_DSA_TAG_BRCM=y
+CONFIG_NET_DSA_TAG_DSA=y
+CONFIG_NET_DSA_TAG_EDSA=y
+CONFIG_NET_DSA_TAG_TRAILER=y
CONFIG_VLAN_8021Q=m
CONFIG_VLAN_8021Q_GVRP=y
# CONFIG_VLAN_8021Q_MVRP is not set
@@ -1333,14 +1339,13 @@ CONFIG_OPENVSWITCH_VXLAN=m
CONFIG_OPENVSWITCH_GENEVE=m
CONFIG_VSOCKETS=m
CONFIG_VMWARE_VMCI_VSOCKETS=m
-CONFIG_NETLINK_MMAP=y
CONFIG_NETLINK_DIAG=m
CONFIG_MPLS=y
CONFIG_NET_MPLS_GSO=m
CONFIG_MPLS_ROUTING=m
CONFIG_MPLS_IPTUNNEL=m
CONFIG_HSR=m
-# CONFIG_NET_SWITCHDEV is not set
+CONFIG_NET_SWITCHDEV=y
# CONFIG_NET_L3_MASTER_DEV is not set
CONFIG_RPS=y
CONFIG_RFS_ACCEL=y
@@ -1603,7 +1608,9 @@ CONFIG_NFC_NXP_NCI=m
CONFIG_NFC_NXP_NCI_I2C=m
# CONFIG_NFC_S3FWRN5_I2C is not set
CONFIG_LWTUNNEL=y
+CONFIG_DST_CACHE=y
CONFIG_HAVE_BPF_JIT=y
+CONFIG_HAVE_EBPF_JIT=y
#
# Device Drivers
@@ -1631,6 +1638,7 @@ CONFIG_DEV_COREDUMP=y
CONFIG_SYS_HYPERVISOR=y
# CONFIG_GENERIC_CPU_DEVICES is not set
CONFIG_GENERIC_CPU_AUTOPROBE=y
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
CONFIG_REGMAP=y
CONFIG_REGMAP_I2C=m
CONFIG_REGMAP_MMIO=y
@@ -2360,8 +2368,14 @@ CONFIG_VHOST=m
#
# Distributed Switch Architecture drivers
#
-# CONFIG_NET_DSA_MV88E6XXX is not set
-# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set
+CONFIG_NET_DSA_MV88E6XXX=m
+CONFIG_NET_DSA_MV88E6060=m
+CONFIG_NET_DSA_MV88E6XXX_NEED_PPU=y
+CONFIG_NET_DSA_MV88E6131=m
+CONFIG_NET_DSA_MV88E6123_61_65=m
+CONFIG_NET_DSA_MV88E6171=m
+CONFIG_NET_DSA_MV88E6352=m
+CONFIG_NET_DSA_BCM_SF2=m
CONFIG_ETHERNET=y
CONFIG_MDIO=m
CONFIG_NET_VENDOR_3COM=y
@@ -2490,6 +2504,8 @@ CONFIG_MLX5_CORE=m
CONFIG_MLX5_CORE_EN=y
CONFIG_MLXSW_CORE=m
CONFIG_MLXSW_PCI=m
+CONFIG_MLXSW_SWITCHX2=m
+CONFIG_MLXSW_SPECTRUM=m
CONFIG_NET_VENDOR_MICREL=y
CONFIG_KS8842=m
CONFIG_KS8851_MLL=m
@@ -2536,6 +2552,7 @@ CONFIG_NET_VENDOR_RENESAS=y
CONFIG_NET_VENDOR_RDC=y
CONFIG_R6040=m
CONFIG_NET_VENDOR_ROCKER=y
+CONFIG_ROCKER=m
CONFIG_NET_VENDOR_SAMSUNG=y
CONFIG_SXGBE_ETH=m
CONFIG_NET_VENDOR_SEEQ=y
@@ -2668,6 +2685,7 @@ CONFIG_USB_NET_NET1080=m
CONFIG_USB_NET_PLUSB=m
CONFIG_USB_NET_MCS7830=m
CONFIG_USB_NET_RNDIS_HOST=m
+CONFIG_USB_NET_CDC_SUBSET_ENABLE=m
CONFIG_USB_NET_CDC_SUBSET=m
CONFIG_USB_ALI_M5632=y
CONFIG_USB_AN2720=y
@@ -6925,12 +6943,14 @@ CONFIG_X86_DEBUG_FPU=y
# Security options
#
CONFIG_KEYS=y
+CONFIG_KEYS_COMPAT=y
# CONFIG_PERSISTENT_KEYRINGS is not set
# CONFIG_BIG_KEYS is not set
CONFIG_TRUSTED_KEYS=m
CONFIG_ENCRYPTED_KEYS=m
CONFIG_SECURITY_DMESG_RESTRICT=y
CONFIG_SECURITY=y
+CONFIG_PAGE_TABLE_ISOLATION=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
diff --git a/system/xen/dom0/kernel-xen.sh b/system/xen/dom0/kernel-xen.sh
index e33676d042..dba4b3f91a 100644
--- a/system/xen/dom0/kernel-xen.sh
+++ b/system/xen/dom0/kernel-xen.sh
@@ -5,8 +5,8 @@
# Written by Chris Abela <chris.abela@maltats.com>, 20100515
# Modified by Mario Preksavec <mario@slackware.hr>
-KERNEL=${KERNEL:-4.4.88}
-XEN=${XEN:-4.9.0}
+KERNEL=${KERNEL:-4.4.118}
+XEN=${XEN:-4.10.0}
BOOTLOADER=${BOOTLOADER:-lilo}
ROOTMOD=${ROOTMOD:-ext4}
diff --git a/system/xen/patches/gcc7-fix-incorrect-comparison.patch b/system/xen/patches/gcc7-fix-incorrect-comparison.patch
deleted file mode 100644
index 91dc6c08a6..0000000000
--- a/system/xen/patches/gcc7-fix-incorrect-comparison.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From fe4a28ccbfd33cae9e1f56b174d46b4eb2329efd Mon Sep 17 00:00:00 2001
-From: Dandan Bi <dandan.bi@intel.com>
-Date: Sat, 1 Apr 2017 10:31:14 +0800
-Subject: [PATCH] MdeModulePkg/UefiHiiLib:Fix incorrect comparison expression
-
-Fix the incorrect comparison between pointer and constant zero character.
-
-https://bugzilla.tianocore.org/show_bug.cgi?id=416
-
-V2: The pointer StringPtr points to a string returned
-by ExtractConfig/ExportConfig, if it is NULL, function
-InternalHiiIfrValueAction will return FALSE. So in
-current usage model, the StringPtr can not be NULL before
-using it, so we can add ASSERT here.
-
-Cc: Eric Dong <eric.dong@intel.com>
-Cc: Liming Gao <liming.gao@intel.com>
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Dandan Bi <dandan.bi@intel.com>
-Reviewed-by: Eric Dong <eric.dong@intel.com>
----
- MdeModulePkg/Library/UefiHiiLib/HiiLib.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
-index a2abf26980b..cd0cd35a0f3 100644
---- a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
-+++ b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
-@@ -2201,8 +2201,9 @@ InternalHiiIfrValueAction (
- }
-
- StringPtr = ConfigAltResp;
--
-- while (StringPtr != L'\0') {
-+ ASSERT (StringPtr != NULL);
-+
-+ while (*StringPtr != L'\0') {
- //
- // 1. Find <ConfigHdr> GUID=...&NAME=...&PATH=...
- //
diff --git a/system/xen/patches/gcc7-minios-implement-udivmoddi4.patch b/system/xen/patches/gcc7-minios-implement-udivmoddi4.patch
deleted file mode 100644
index 7d6c510944..0000000000
--- a/system/xen/patches/gcc7-minios-implement-udivmoddi4.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From d991bdbc062248221511ecb795617c36b37e1d2e Mon Sep 17 00:00:00 2001
-From: Wei Liu <wei.liu2@citrix.com>
-Date: Wed, 9 Aug 2017 13:15:48 +0100
-Subject: [PATCH] lib/math.c: implement __udivmoddi4
-
-Some code compiled by gcc 7 requires this.
-
-Signed-off-by: Wei Liu <wei.liu2@citrix.com>
-Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
----
- lib/math.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/lib/math.c b/lib/math.c
-index 561393e..b98cc1d 100644
---- a/lib/math.c
-+++ b/lib/math.c
-@@ -6,6 +6,7 @@
- * File: math.c
- * Author: Rolf Neugebauer (neugebar@dcs.gla.ac.uk)
- * Changes:
-+ * Implement __udivmoddi4 (Wei Liu <wei.liu2@citrix.com>)
- *
- * Date: Aug 2003
- *
-@@ -397,6 +398,15 @@ __umoddi3(u_quad_t a, u_quad_t b)
- }
-
- /*
-+ * Returns the quotient and places remainder in r
-+ */
-+u_quad_t
-+__udivmoddi4(u_quad_t a, u_quad_t b, u_quad_t *r)
-+{
-+ return __qdivrem(a, b, r);
-+}
-+
-+/*
- * From
- * moddi3.c
- */
---
-2.1.4
-
diff --git a/system/xen/patches/gcc7-vtpm-implicit-fallthrough.patch b/system/xen/patches/gcc7-vtpm-implicit-fallthrough.patch
deleted file mode 100644
index 068752d2d1..0000000000
--- a/system/xen/patches/gcc7-vtpm-implicit-fallthrough.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-GCC-7 have -Wimplicit-fallthrough enabled with -Wextra. Add appropriate
-comment which both mute the warning and improve readibility.
-
-Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
----
- stubdom/Makefile | 1 +
- stubdom/vtpm-implicit-fallthrough.patch | 10 ++++++++++
- 2 files changed, 11 insertions(+)
- create mode 100644 stubdom/vtpm-implicit-fallthrough.patch
-
-diff --git a/stubdom/Makefile b/stubdom/Makefile
-index db01827..5055e31 100644
---- a/stubdom/Makefile
-+++ b/stubdom/Makefile
-@@ -228,6 +228,7 @@ tpm_emulator-$(XEN_TARGET_ARCH): tpm_emulator-$(TPMEMU_VERSION).tar.gz
- patch -d $@ -p1 < vtpm-deepquote.patch
- patch -d $@ -p1 < vtpm-deepquote-anyloc.patch
- patch -d $@ -p1 < vtpm-cmake-Wextra.patch
-+ patch -d $@ -p1 < vtpm-implicit-fallthrough.patch
- mkdir $@/build
- cd $@/build; CC=${CC} $(CMAKE) .. -DCMAKE_C_FLAGS:STRING="-std=c99 -DTPM_NO_EXTERN $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -Wno-declaration-after-statement"
- touch $@
-diff --git a/stubdom/vtpm-implicit-fallthrough.patch b/stubdom/vtpm-implicit-fallthrough.patch
-new file mode 100644
-index 0000000..db97be5
---- /dev/null
-+++ b/stubdom/vtpm-implicit-fallthrough.patch
-@@ -0,0 +1,10 @@
-+--- tpm_emulator-x86_64/tpm/tpm_cmd_handler.c.orig 2017-04-27 13:37:14.408000000 +0200
-++++ tpm_emulator-x86_64/tpm/tpm_cmd_handler.c 2017-04-27 13:39:53.585000000 +0200
-+@@ -3397,6 +3397,7 @@
-+ sizeof(rsp->auth2->nonceOdd.nonce));
-+ tpm_hmac_update(&hmac, (BYTE*)&rsp->auth2->continueAuthSession, 1);
-+ tpm_hmac_final(&hmac, rsp->auth2->auth);
-++ /* fall-thru */
-+ case TPM_TAG_RSP_AUTH1_COMMAND:
-+ tpm_hmac_init(&hmac, rsp->auth1->secret, sizeof(rsp->auth1->secret));
-+ tpm_hmac_update(&hmac, rsp->auth1->digest, sizeof(rsp->auth1->digest));
---
-2.7.4
-
-
-_______________________________________________
-Xen-devel mailing list
-Xen-devel@lists.xen.org
-https://lists.xen.org/xen-devel
diff --git a/system/xen/patches/gcc7-vtpmmgr-make-inline-static.patch b/system/xen/patches/gcc7-vtpmmgr-make-inline-static.patch
deleted file mode 100644
index a2c96691a9..0000000000
--- a/system/xen/patches/gcc7-vtpmmgr-make-inline-static.patch
+++ /dev/null
@@ -1,1161 +0,0 @@
-gcc7 is more strict with functions marked as inline. They are not
-automatically inlined. Instead a function call is generated, but the
-actual code is not visible by the linker.
-
-Do a mechanical change and mark every 'inline' as 'static inline'. For
-simpler review the static goes into an extra line.
-
-Signed-off-by: Olaf Hering <olaf@aepfle.de>
----
- stubdom/vtpmmgr/marshal.h | 76 ++++++++++++++++++++++++++++++++++++++++++
- stubdom/vtpmmgr/tcg.h | 14 ++++++++
- stubdom/vtpmmgr/tpm2_marshal.h | 58 ++++++++++++++++++++++++++++++++
- stubdom/vtpmmgr/tpmrsa.h | 1 +
- 4 files changed, 149 insertions(+)
-
-diff --git a/stubdom/vtpmmgr/marshal.h b/stubdom/vtpmmgr/marshal.h
-index d826f19d89..dce19c6439 100644
---- a/stubdom/vtpmmgr/marshal.h
-+++ b/stubdom/vtpmmgr/marshal.h
-@@ -47,16 +47,19 @@ typedef enum UnpackPtr {
- UNPACK_ALLOC
- } UnpackPtr;
-
-+static
- inline BYTE* pack_BYTE(BYTE* ptr, BYTE t) {
- ptr[0] = t;
- return ++ptr;
- }
-
-+static
- inline BYTE* unpack_BYTE(BYTE* ptr, BYTE* t) {
- t[0] = ptr[0];
- return ++ptr;
- }
-
-+static
- inline int unpack3_BYTE(BYTE* ptr, UINT32* pos, UINT32 max, BYTE *t)
- {
- if (*pos + 1 > max)
-@@ -72,18 +75,21 @@ inline int unpack3_BYTE(BYTE* ptr, UINT32* pos, UINT32 max, BYTE *t)
- #define unpack3_BOOL(p, x, m, t) unpack3_BYTE(p, x, m, t)
- #define sizeof_BOOL(t) 1
-
-+static
- inline BYTE* pack_UINT16(void* ptr, UINT16 t) {
- UINT16* p = ptr;
- *p = cpu_to_be16(t);
- return ptr + sizeof(UINT16);
- }
-
-+static
- inline BYTE* unpack_UINT16(void* ptr, UINT16* t) {
- UINT16* p = ptr;
- *t = be16_to_cpu(*p);
- return ptr + sizeof(UINT16);
- }
-
-+static
- inline int unpack3_UINT16(BYTE* ptr, UINT32* pos, UINT32 max, UINT16 *t)
- {
- if (*pos + 2 > max)
-@@ -93,18 +99,21 @@ inline int unpack3_UINT16(BYTE* ptr, UINT32* pos, UINT32 max, UINT16 *t)
- return 0;
- }
-
-+static
- inline BYTE* pack_UINT32(void* ptr, UINT32 t) {
- UINT32* p = ptr;
- *p = cpu_to_be32(t);
- return ptr + sizeof(UINT32);
- }
-
-+static
- inline BYTE* unpack_UINT32(void* ptr, UINT32* t) {
- UINT32* p = ptr;
- *t = be32_to_cpu(*p);
- return ptr + sizeof(UINT32);
- }
-
-+static
- inline int unpack3_UINT32(BYTE* ptr, UINT32* pos, UINT32 max, UINT32 *t)
- {
- if (*pos + 4 > max)
-@@ -236,16 +245,19 @@ inline int unpack3_UINT32(BYTE* ptr, UINT32* pos, UINT32 max, UINT32 *t)
- #define sizeof_TCS_KEY_HANDLE(t) sizeof_UINT32(t)
-
-
-+static
- inline BYTE* pack_BUFFER(BYTE* ptr, const BYTE* buf, UINT32 size) {
- memcpy(ptr, buf, size);
- return ptr + size;
- }
-
-+static
- inline BYTE* unpack_BUFFER(BYTE* ptr, BYTE* buf, UINT32 size) {
- memcpy(buf, ptr, size);
- return ptr + size;
- }
-
-+static
- inline int unpack3_BUFFER(BYTE* ptr, UINT32* pos, UINT32 max, BYTE* buf, UINT32 size) {
- if (*pos + size > max)
- return TPM_SIZE;
-@@ -256,11 +268,13 @@ inline int unpack3_BUFFER(BYTE* ptr, UINT32* pos, UINT32 max, BYTE* buf, UINT32
-
- #define sizeof_BUFFER(b, s) s
-
-+static
- inline BYTE* unpack_ALIAS(BYTE* ptr, BYTE** buf, UINT32 size) {
- *buf = ptr;
- return ptr + size;
- }
-
-+static
- inline BYTE* unpack_ALLOC(BYTE* ptr, BYTE** buf, UINT32 size) {
- if(size) {
- *buf = malloc(size);
-@@ -271,6 +285,7 @@ inline BYTE* unpack_ALLOC(BYTE* ptr, BYTE** buf, UINT32 size) {
- return ptr + size;
- }
-
-+static
- inline BYTE* unpack_PTR(BYTE* ptr, BYTE** buf, UINT32 size, UnpackPtr alloc) {
- if(alloc == UNPACK_ALLOC) {
- return unpack_ALLOC(ptr, buf, size);
-@@ -279,6 +294,7 @@ inline BYTE* unpack_PTR(BYTE* ptr, BYTE** buf, UINT32 size, UnpackPtr alloc) {
- }
- }
-
-+static
- inline int unpack3_PTR(BYTE* ptr, UINT32* pos, UINT32 max, BYTE** buf, UINT32 size, UnpackPtr alloc) {
- if (size > max || *pos + size > max)
- return TPM_SIZE;
-@@ -292,14 +308,17 @@ inline int unpack3_PTR(BYTE* ptr, UINT32* pos, UINT32 max, BYTE** buf, UINT32 si
- }
- #define unpack3_VPTR(ptr, pos, max, buf, size, alloc) unpack3_PTR(ptr, pos, max, (void*)(buf), size, alloc)
-
-+static
- inline BYTE* pack_TPM_AUTHDATA(BYTE* ptr, const TPM_AUTHDATA* d) {
- return pack_BUFFER(ptr, *d, TPM_DIGEST_SIZE);
- }
-
-+static
- inline BYTE* unpack_TPM_AUTHDATA(BYTE* ptr, TPM_AUTHDATA* d) {
- return unpack_BUFFER(ptr, *d, TPM_DIGEST_SIZE);
- }
-
-+static
- inline int unpack3_TPM_AUTHDATA(BYTE* ptr, UINT32* pos, UINT32 len, TPM_AUTHDATA* d) {
- return unpack3_BUFFER(ptr, pos, len, *d, TPM_DIGEST_SIZE);
- }
-@@ -325,6 +344,7 @@ inline int unpack3_TPM_AUTHDATA(BYTE* ptr, UINT32* pos, UINT32 len, TPM_AUTHDATA
- #define sizeof_TPM_TAG(t) sizeof_UINT16(t)
- #define sizeof_TPM_STRUCTURE_TAG(t) sizeof_UINT16(t)
-
-+static
- inline BYTE* pack_TPM_VERSION(BYTE* ptr, const TPM_VERSION* t) {
- ptr[0] = t->major;
- ptr[1] = t->minor;
-@@ -333,6 +353,7 @@ inline BYTE* pack_TPM_VERSION(BYTE* ptr, const TPM_VERSION* t) {
- return ptr + 4;
- }
-
-+static
- inline BYTE* unpack_TPM_VERSION(BYTE* ptr, TPM_VERSION* t) {
- t->major = ptr[0];
- t->minor = ptr[1];
-@@ -341,6 +362,7 @@ inline BYTE* unpack_TPM_VERSION(BYTE* ptr, TPM_VERSION* t) {
- return ptr + 4;
- }
-
-+static
- inline int unpack3_TPM_VERSION(BYTE* ptr, UINT32 *pos, UINT32 max, TPM_VERSION* t) {
- if (*pos + 4 > max)
- return TPM_SIZE;
-@@ -355,6 +377,7 @@ inline int unpack3_TPM_VERSION(BYTE* ptr, UINT32 *pos, UINT32 max, TPM_VERSION*
-
- #define sizeof_TPM_VERSION(x) 4
-
-+static
- inline BYTE* pack_TPM_CAP_VERSION_INFO(BYTE* ptr, const TPM_CAP_VERSION_INFO* v) {
- ptr = pack_TPM_STRUCTURE_TAG(ptr, v->tag);
- ptr = pack_TPM_VERSION(ptr, &v->version);
-@@ -366,6 +389,7 @@ inline BYTE* pack_TPM_CAP_VERSION_INFO(BYTE* ptr, const TPM_CAP_VERSION_INFO* v)
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPM_CAP_VERSION_INFO(BYTE* ptr, TPM_CAP_VERSION_INFO* v, UnpackPtr alloc) {
- ptr = unpack_TPM_STRUCTURE_TAG(ptr, &v->tag);
- ptr = unpack_TPM_VERSION(ptr, &v->version);
-@@ -377,14 +401,17 @@ inline BYTE* unpack_TPM_CAP_VERSION_INFO(BYTE* ptr, TPM_CAP_VERSION_INFO* v, Unp
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPM_DIGEST(BYTE* ptr, const TPM_DIGEST* d) {
- return pack_BUFFER(ptr, d->digest, TPM_DIGEST_SIZE);
- }
-
-+static
- inline BYTE* unpack_TPM_DIGEST(BYTE* ptr, TPM_DIGEST* d) {
- return unpack_BUFFER(ptr, d->digest, TPM_DIGEST_SIZE);
- }
-
-+static
- inline int unpack3_TPM_DIGEST(BYTE* ptr, UINT32* pos, UINT32 max, TPM_DIGEST* d) {
- return unpack3_BUFFER(ptr, pos, max, d->digest, TPM_DIGEST_SIZE);
- }
-@@ -409,20 +436,24 @@ inline int unpack3_TPM_DIGEST(BYTE* ptr, UINT32* pos, UINT32 max, TPM_DIGEST* d)
- #define pack_TPM_CHOSENID_HASH(ptr, d) pack_TPM_DIGEST(ptr, d)
- #define unpack_TPM_CHOSENID_HASH(ptr, d) unpack_TPM_DIGEST(ptr, d)
-
-+static
- inline BYTE* pack_TPM_NONCE(BYTE* ptr, const TPM_NONCE* n) {
- return pack_BUFFER(ptr, n->nonce, TPM_DIGEST_SIZE);
- }
-
-+static
- inline BYTE* unpack_TPM_NONCE(BYTE* ptr, TPM_NONCE* n) {
- return unpack_BUFFER(ptr, n->nonce, TPM_DIGEST_SIZE);
- }
-
- #define sizeof_TPM_NONCE(x) TPM_DIGEST_SIZE
-
-+static
- inline int unpack3_TPM_NONCE(BYTE* ptr, UINT32* pos, UINT32 max, TPM_NONCE* n) {
- return unpack3_BUFFER(ptr, pos, max, n->nonce, TPM_DIGEST_SIZE);
- }
-
-+static
- inline BYTE* pack_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, const TPM_SYMMETRIC_KEY_PARMS* k) {
- ptr = pack_UINT32(ptr, k->keyLength);
- ptr = pack_UINT32(ptr, k->blockSize);
-@@ -430,6 +461,7 @@ inline BYTE* pack_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, const TPM_SYMMETRIC_KEY_PAR
- return pack_BUFFER(ptr, k->IV, k->ivSize);
- }
-
-+static
- inline BYTE* pack_TPM_SYMMETRIC_KEY(BYTE* ptr, const TPM_SYMMETRIC_KEY* k) {
- ptr = pack_UINT32(ptr, k->algId);
- ptr = pack_UINT16(ptr, k->encScheme);
-@@ -437,6 +469,7 @@ inline BYTE* pack_TPM_SYMMETRIC_KEY(BYTE* ptr, const TPM_SYMMETRIC_KEY* k) {
- return pack_BUFFER(ptr, k->data, k->size);
- }
-
-+static
- inline int unpack3_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 max, TPM_SYMMETRIC_KEY_PARMS* k, UnpackPtr alloc) {
- return unpack3_UINT32(ptr, pos, max, &k->keyLength) ||
- unpack3_UINT32(ptr, pos, max, &k->blockSize) ||
-@@ -444,10 +477,12 @@ inline int unpack3_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 max, T
- unpack3_PTR(ptr, pos, max, &k->IV, k->ivSize, alloc);
- }
-
-+static
- inline int sizeof_TPM_SYMMETRIC_KEY_PARMS(const TPM_SYMMETRIC_KEY_PARMS* k) {
- return 12 + k->ivSize;
- }
-
-+static
- inline int unpack3_TPM_SYMMETRIC_KEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_SYMMETRIC_KEY* k, UnpackPtr alloc) {
- return unpack3_UINT32(ptr, pos, max, &k->algId) ||
- unpack3_UINT16(ptr, pos, max, &k->encScheme) ||
-@@ -455,6 +490,7 @@ inline int unpack3_TPM_SYMMETRIC_KEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_SYM
- unpack3_PTR(ptr, pos, max, &k->data, k->size, alloc);
- }
-
-+static
- inline BYTE* pack_TPM_RSA_KEY_PARMS(BYTE* ptr, const TPM_RSA_KEY_PARMS* k) {
- ptr = pack_UINT32(ptr, k->keyLength);
- ptr = pack_UINT32(ptr, k->numPrimes);
-@@ -462,6 +498,7 @@ inline BYTE* pack_TPM_RSA_KEY_PARMS(BYTE* ptr, const TPM_RSA_KEY_PARMS* k) {
- return pack_BUFFER(ptr, k->exponent, k->exponentSize);
- }
-
-+static
- inline int unpack3_TPM_RSA_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 max, TPM_RSA_KEY_PARMS* k, UnpackPtr alloc) {
- return unpack3_UINT32(ptr, pos, max, &k->keyLength) ||
- unpack3_UINT32(ptr, pos, max, &k->numPrimes) ||
-@@ -469,11 +506,13 @@ inline int unpack3_TPM_RSA_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 max, TPM_RSA
- unpack3_PTR(ptr, pos, max, &k->exponent, k->exponentSize, alloc);
- }
-
-+static
- inline int sizeof_TPM_RSA_KEY_PARMS(const TPM_RSA_KEY_PARMS* k) {
- return 12 + k->exponentSize;
- }
-
-
-+static
- inline BYTE* pack_TPM_KEY_PARMS(BYTE* ptr, const TPM_KEY_PARMS* k) {
- ptr = pack_TPM_ALGORITHM_ID(ptr, k->algorithmID);
- ptr = pack_TPM_ENC_SCHEME(ptr, k->encScheme);
-@@ -493,6 +532,7 @@ inline BYTE* pack_TPM_KEY_PARMS(BYTE* ptr, const TPM_KEY_PARMS* k) {
- return ptr;
- }
-
-+static
- inline int unpack3_TPM_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 len, TPM_KEY_PARMS* k, UnpackPtr alloc) {
- int rc = unpack3_TPM_ALGORITHM_ID(ptr, pos, len, &k->algorithmID) ||
- unpack3_TPM_ENC_SCHEME(ptr, pos, len, &k->encScheme) ||
-@@ -511,6 +551,7 @@ inline int unpack3_TPM_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 len, TPM_KEY_PAR
- return TPM_FAIL;
- }
-
-+static
- inline int sizeof_TPM_KEY_PARMS(const TPM_KEY_PARMS* k) {
- int rc = 0;
- rc += sizeof_TPM_ALGORITHM_ID(&k->algorithmID);
-@@ -532,52 +573,62 @@ inline int sizeof_TPM_KEY_PARMS(const TPM_KEY_PARMS* k) {
- return rc;
- }
-
-+static
- inline BYTE* pack_TPM_STORE_PUBKEY(BYTE* ptr, const TPM_STORE_PUBKEY* k) {
- ptr = pack_UINT32(ptr, k->keyLength);
- ptr = pack_BUFFER(ptr, k->key, k->keyLength);
- return ptr;
- }
-
-+static
- inline int unpack3_TPM_STORE_PUBKEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_STORE_PUBKEY* k, UnpackPtr alloc) {
- return unpack3_UINT32(ptr, pos, max, &k->keyLength) ||
- unpack3_PTR(ptr, pos, max, &k->key, k->keyLength, alloc);
- }
-
-+static
- inline int sizeof_TPM_STORE_PUBKEY(const TPM_STORE_PUBKEY* k) {
- return 4 + k->keyLength;
- }
-
-+static
- inline BYTE* pack_TPM_PUBKEY(BYTE* ptr, const TPM_PUBKEY* k) {
- ptr = pack_TPM_KEY_PARMS(ptr, &k->algorithmParms);
- return pack_TPM_STORE_PUBKEY(ptr, &k->pubKey);
- }
-
-+static
- inline int unpack3_TPM_PUBKEY(BYTE* ptr, UINT32* pos, UINT32 len, TPM_PUBKEY* k, UnpackPtr alloc) {
- return unpack3_TPM_KEY_PARMS(ptr, pos, len, &k->algorithmParms, alloc) ||
- unpack3_TPM_STORE_PUBKEY(ptr, pos, len, &k->pubKey, alloc);
- }
-
-+static
- inline BYTE* pack_TPM_PCR_SELECTION(BYTE* ptr, const TPM_PCR_SELECTION* p) {
- ptr = pack_UINT16(ptr, p->sizeOfSelect);
- ptr = pack_BUFFER(ptr, p->pcrSelect, p->sizeOfSelect);
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPM_PCR_SELECTION(BYTE* ptr, TPM_PCR_SELECTION* p, UnpackPtr alloc) {
- ptr = unpack_UINT16(ptr, &p->sizeOfSelect);
- ptr = unpack_PTR(ptr, &p->pcrSelect, p->sizeOfSelect, alloc);
- return ptr;
- }
-
-+static
- inline int unpack3_TPM_PCR_SELECTION(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR_SELECTION* p, UnpackPtr alloc) {
- return unpack3_UINT16(ptr, pos, max, &p->sizeOfSelect) ||
- unpack3_PTR(ptr, pos, max, &p->pcrSelect, p->sizeOfSelect, alloc);
- }
-
-+static
- inline int sizeof_TPM_PCR_SELECTION(const TPM_PCR_SELECTION* p) {
- return 2 + p->sizeOfSelect;
- }
-
-+static
- inline BYTE* pack_TPM_PCR_INFO(BYTE* ptr, const TPM_PCR_INFO* p) {
- ptr = pack_TPM_PCR_SELECTION(ptr, &p->pcrSelection);
- ptr = pack_TPM_COMPOSITE_HASH(ptr, &p->digestAtRelease);
-@@ -585,12 +636,14 @@ inline BYTE* pack_TPM_PCR_INFO(BYTE* ptr, const TPM_PCR_INFO* p) {
- return ptr;
- }
-
-+static
- inline int unpack3_TPM_PCR_INFO(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR_INFO* p, UnpackPtr alloc) {
- return unpack3_TPM_PCR_SELECTION(ptr, pos, max, &p->pcrSelection, alloc) ||
- unpack3_TPM_COMPOSITE_HASH(ptr, pos, max, &p->digestAtRelease) ||
- unpack3_TPM_COMPOSITE_HASH(ptr, pos, max, &p->digestAtCreation);
- }
-
-+static
- inline int sizeof_TPM_PCR_INFO(const TPM_PCR_INFO* p) {
- int rc = 0;
- rc += sizeof_TPM_PCR_SELECTION(&p->pcrSelection);
-@@ -599,6 +652,7 @@ inline int sizeof_TPM_PCR_INFO(const TPM_PCR_INFO* p) {
- return rc;
- }
-
-+static
- inline BYTE* pack_TPM_PCR_INFO_LONG(BYTE* ptr, const TPM_PCR_INFO_LONG* p) {
- ptr = pack_TPM_STRUCTURE_TAG(ptr, p->tag);
- ptr = pack_TPM_LOCALITY_SELECTION(ptr, p->localityAtCreation);
-@@ -610,6 +664,7 @@ inline BYTE* pack_TPM_PCR_INFO_LONG(BYTE* ptr, const TPM_PCR_INFO_LONG* p) {
- return ptr;
- }
-
-+static
- inline int sizeof_TPM_PCR_INFO_LONG(const TPM_PCR_INFO_LONG* p) {
- int rc = 0;
- rc += sizeof_TPM_STRUCTURE_TAG(p->tag);
-@@ -622,6 +677,7 @@ inline int sizeof_TPM_PCR_INFO_LONG(const TPM_PCR_INFO_LONG* p) {
- return rc;
- }
-
-+static
- inline int unpack3_TPM_PCR_INFO_LONG(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR_INFO_LONG* p, UnpackPtr alloc) {
- return unpack3_TPM_STRUCTURE_TAG(ptr, pos, max, &p->tag) ||
- unpack3_TPM_LOCALITY_SELECTION(ptr, pos, max,
-@@ -637,6 +693,7 @@ inline int unpack3_TPM_PCR_INFO_LONG(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR
- unpack3_TPM_COMPOSITE_HASH(ptr, pos, max, &p->digestAtRelease);
- }
-
-+static
- inline BYTE* pack_TPM_PCR_COMPOSITE(BYTE* ptr, const TPM_PCR_COMPOSITE* p) {
- ptr = pack_TPM_PCR_SELECTION(ptr, &p->select);
- ptr = pack_UINT32(ptr, p->valueSize);
-@@ -644,12 +701,14 @@ inline BYTE* pack_TPM_PCR_COMPOSITE(BYTE* ptr, const TPM_PCR_COMPOSITE* p) {
- return ptr;
- }
-
-+static
- inline int unpack3_TPM_PCR_COMPOSITE(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR_COMPOSITE* p, UnpackPtr alloc) {
- return unpack3_TPM_PCR_SELECTION(ptr, pos, max, &p->select, alloc) ||
- unpack3_UINT32(ptr, pos, max, &p->valueSize) ||
- unpack3_PTR(ptr, pos, max, (BYTE**)&p->pcrValue, p->valueSize, alloc);
- }
-
-+static
- inline BYTE* pack_TPM_KEY(BYTE* ptr, const TPM_KEY* k) {
- ptr = pack_TPM_VERSION(ptr, &k->ver);
- ptr = pack_TPM_KEY_USAGE(ptr, k->keyUsage);
-@@ -665,6 +724,7 @@ inline BYTE* pack_TPM_KEY(BYTE* ptr, const TPM_KEY* k) {
- return pack_BUFFER(ptr, k->encData, k->encDataSize);
- }
-
-+static
- inline int unpack3_TPM_KEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_KEY* k, UnpackPtr alloc) {
- int rc = unpack3_TPM_VERSION(ptr, pos, max, &k->ver) ||
- unpack3_TPM_KEY_USAGE(ptr, pos, max, &k->keyUsage) ||
-@@ -682,6 +742,7 @@ inline int unpack3_TPM_KEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_KEY* k, Unpac
- unpack3_PTR(ptr, pos, max, &k->encData, k->encDataSize, alloc);
- }
-
-+static
- inline int sizeof_TPM_KEY(const TPM_KEY* k) {
- int rc = 0;
- rc += sizeof_TPM_VERSION(&k->ver);
-@@ -699,18 +760,21 @@ inline int sizeof_TPM_KEY(const TPM_KEY* k) {
- return rc;
- }
-
-+static
- inline BYTE* pack_TPM_BOUND_DATA(BYTE* ptr, const TPM_BOUND_DATA* b, UINT32 payloadSize) {
- ptr = pack_TPM_VERSION(ptr, &b->ver);
- ptr = pack_TPM_PAYLOAD_TYPE(ptr, b->payload);
- return pack_BUFFER(ptr, b->payloadData, payloadSize);
- }
-
-+static
- inline BYTE* unpack_TPM_BOUND_DATA(BYTE* ptr, TPM_BOUND_DATA* b, UINT32 payloadSize, UnpackPtr alloc) {
- ptr = unpack_TPM_VERSION(ptr, &b->ver);
- ptr = unpack_TPM_PAYLOAD_TYPE(ptr, &b->payload);
- return unpack_PTR(ptr, &b->payloadData, payloadSize, alloc);
- }
-
-+static
- inline BYTE* pack_TPM_STORED_DATA(BYTE* ptr, const TPM_STORED_DATA* d) {
- ptr = pack_TPM_VERSION(ptr, &d->ver);
- ptr = pack_UINT32(ptr, d->sealInfoSize);
-@@ -722,6 +786,7 @@ inline BYTE* pack_TPM_STORED_DATA(BYTE* ptr, const TPM_STORED_DATA* d) {
- return ptr;
- }
-
-+static
- inline int sizeof_TPM_STORED_DATA(const TPM_STORED_DATA* d) {
- int rv = sizeof_TPM_VERSION(&d->ver) + sizeof_UINT32(d->sealInfoSize);
- if (d->sealInfoSize) {
-@@ -732,6 +797,7 @@ inline int sizeof_TPM_STORED_DATA(const TPM_STORED_DATA* d) {
- return rv;
- }
-
-+static
- inline int unpack3_TPM_STORED_DATA(BYTE* ptr, UINT32* pos, UINT32 len, TPM_STORED_DATA* d, UnpackPtr alloc) {
- int rc = unpack3_TPM_VERSION(ptr, pos, len, &d->ver) ||
- unpack3_UINT32(ptr, pos, len, &d->sealInfoSize);
-@@ -746,6 +812,7 @@ inline int unpack3_TPM_STORED_DATA(BYTE* ptr, UINT32* pos, UINT32 len, TPM_STORE
- return rc;
- }
-
-+static
- inline BYTE* pack_TPM_STORED_DATA12(BYTE* ptr, const TPM_STORED_DATA12* d) {
- ptr = pack_TPM_STRUCTURE_TAG(ptr, d->tag);
- ptr = pack_TPM_ENTITY_TYPE(ptr, d->et);
-@@ -758,6 +825,7 @@ inline BYTE* pack_TPM_STORED_DATA12(BYTE* ptr, const TPM_STORED_DATA12* d) {
- return ptr;
- }
-
-+static
- inline int sizeof_TPM_STORED_DATA12(const TPM_STORED_DATA12* d) {
- int rv = sizeof_TPM_STRUCTURE_TAG(&d->ver) +
- sizeof_TPM_ENTITY_TYPE(&d->et) +
-@@ -770,6 +838,7 @@ inline int sizeof_TPM_STORED_DATA12(const TPM_STORED_DATA12* d) {
- return rv;
- }
-
-+static
- inline int unpack3_TPM_STORED_DATA12(BYTE* ptr, UINT32* pos, UINT32 len, TPM_STORED_DATA12* d, UnpackPtr alloc) {
- int rc = unpack3_TPM_STRUCTURE_TAG(ptr, pos, len, &d->tag) ||
- unpack3_TPM_ENTITY_TYPE(ptr, pos, len, &d->et) ||
-@@ -786,6 +855,7 @@ inline int unpack3_TPM_STORED_DATA12(BYTE* ptr, UINT32* pos, UINT32 len, TPM_STO
- return rc;
- }
-
-+static
- inline BYTE* pack_TPM_AUTH_SESSION(BYTE* ptr, const TPM_AUTH_SESSION* auth) {
- ptr = pack_TPM_AUTH_HANDLE(ptr, auth->AuthHandle);
- ptr = pack_TPM_NONCE(ptr, &auth->NonceOdd);
-@@ -794,6 +864,7 @@ inline BYTE* pack_TPM_AUTH_SESSION(BYTE* ptr, const TPM_AUTH_SESSION* auth) {
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPM_AUTH_SESSION(BYTE* ptr, TPM_AUTH_SESSION* auth) {
- ptr = unpack_TPM_NONCE(ptr, &auth->NonceEven);
- ptr = unpack_BOOL(ptr, &auth->fContinueAuthSession);
-@@ -801,6 +872,7 @@ inline BYTE* unpack_TPM_AUTH_SESSION(BYTE* ptr, TPM_AUTH_SESSION* auth) {
- return ptr;
- }
-
-+static
- inline int unpack3_TPM_AUTH_SESSION(BYTE* ptr, UINT32* pos, UINT32 len, TPM_AUTH_SESSION* auth) {
- return unpack3_TPM_NONCE(ptr, pos, len, &auth->NonceEven) ||
- unpack3_BOOL(ptr, pos, len, &auth->fContinueAuthSession) ||
-@@ -808,6 +880,7 @@ inline int unpack3_TPM_AUTH_SESSION(BYTE* ptr, UINT32* pos, UINT32 len, TPM_AUTH
- }
-
-
-+static
- inline int sizeof_TPM_AUTH_SESSION(const TPM_AUTH_SESSION* auth) {
- int rv = 0;
- rv += sizeof_TPM_AUTH_HANDLE(auth->AuthHandle);
-@@ -817,6 +890,7 @@ inline int sizeof_TPM_AUTH_SESSION(const TPM_AUTH_SESSION* auth) {
- return rv;
- }
-
-+static
- inline BYTE* pack_TPM_RQU_HEADER(BYTE* ptr,
- TPM_TAG tag,
- UINT32 size,
-@@ -826,6 +900,7 @@ inline BYTE* pack_TPM_RQU_HEADER(BYTE* ptr,
- return pack_UINT32(ptr, ord);
- }
-
-+static
- inline BYTE* unpack_TPM_RQU_HEADER(BYTE* ptr,
- TPM_TAG* tag,
- UINT32* size,
-@@ -836,6 +911,7 @@ inline BYTE* unpack_TPM_RQU_HEADER(BYTE* ptr,
- return ptr;
- }
-
-+static
- inline int unpack3_TPM_RQU_HEADER(BYTE* ptr, UINT32* pos, UINT32 max,
- TPM_TAG* tag, UINT32* size, TPM_COMMAND_CODE* ord) {
- return
-diff --git a/stubdom/vtpmmgr/tcg.h b/stubdom/vtpmmgr/tcg.h
-index 813ce57a2d..423131dc25 100644
---- a/stubdom/vtpmmgr/tcg.h
-+++ b/stubdom/vtpmmgr/tcg.h
-@@ -461,6 +461,7 @@ typedef struct TPM_CAP_VERSION_INFO {
- BYTE* vendorSpecific;
- } TPM_CAP_VERSION_INFO;
-
-+static
- inline void free_TPM_CAP_VERSION_INFO(TPM_CAP_VERSION_INFO* v) {
- free(v->vendorSpecific);
- v->vendorSpecific = NULL;
-@@ -494,6 +495,7 @@ typedef struct TPM_SYMMETRIC_KEY {
- BYTE* data;
- } TPM_SYMMETRIC_KEY;
-
-+static
- inline void free_TPM_SYMMETRIC_KEY_PARMS(TPM_SYMMETRIC_KEY_PARMS* p) {
- free(p->IV);
- p->IV = NULL;
-@@ -510,6 +512,7 @@ typedef struct TPM_RSA_KEY_PARMS {
-
- #define TPM_RSA_KEY_PARMS_INIT { 0, 0, 0, NULL }
-
-+static
- inline void free_TPM_RSA_KEY_PARMS(TPM_RSA_KEY_PARMS* p) {
- free(p->exponent);
- p->exponent = NULL;
-@@ -528,6 +531,7 @@ typedef struct TPM_KEY_PARMS {
-
- #define TPM_KEY_PARMS_INIT { 0, 0, 0, 0 }
-
-+static
- inline void free_TPM_KEY_PARMS(TPM_KEY_PARMS* p) {
- if(p->parmSize) {
- switch(p->algorithmID) {
-@@ -550,6 +554,7 @@ typedef struct TPM_STORE_PUBKEY {
-
- #define TPM_STORE_PUBKEY_INIT { 0, NULL }
-
-+static
- inline void free_TPM_STORE_PUBKEY(TPM_STORE_PUBKEY* p) {
- free(p->key);
- p->key = NULL;
-@@ -562,6 +567,7 @@ typedef struct TPM_PUBKEY {
-
- #define TPM_PUBKEY_INIT { TPM_KEY_PARMS_INIT, TPM_STORE_PUBKEY_INIT }
-
-+static
- inline void free_TPM_PUBKEY(TPM_PUBKEY* k) {
- free_TPM_KEY_PARMS(&k->algorithmParms);
- free_TPM_STORE_PUBKEY(&k->pubKey);
-@@ -574,6 +580,7 @@ typedef struct TPM_PCR_SELECTION {
-
- #define TPM_PCR_SELECTION_INIT { 0, NULL }
-
-+static
- inline void free_TPM_PCR_SELECTION(TPM_PCR_SELECTION* p) {
- free(p->pcrSelect);
- p->pcrSelect = NULL;
-@@ -594,6 +601,7 @@ typedef struct TPM_PCR_INFO_LONG {
- #define TPM_PCR_INFO_LONG_INIT { 0, 0, 0, TPM_PCR_SELECTION_INIT, \
- TPM_PCR_SELECTION_INIT }
-
-+static
- inline void free_TPM_PCR_INFO_LONG(TPM_PCR_INFO_LONG* p) {
- free_TPM_PCR_SELECTION(&p->creationPCRSelection);
- free_TPM_PCR_SELECTION(&p->releasePCRSelection);
-@@ -607,6 +615,7 @@ typedef struct TPM_PCR_INFO {
-
- #define TPM_PCR_INFO_INIT { TPM_PCR_SELECTION_INIT }
-
-+static
- inline void free_TPM_PCR_INFO(TPM_PCR_INFO* p) {
- free_TPM_PCR_SELECTION(&p->pcrSelection);
- }
-@@ -619,6 +628,7 @@ typedef struct TPM_PCR_COMPOSITE {
-
- #define TPM_PCR_COMPOSITE_INIT { TPM_PCR_SELECTION_INIT, 0, NULL }
-
-+static
- inline void free_TPM_PCR_COMPOSITE(TPM_PCR_COMPOSITE* p) {
- free_TPM_PCR_SELECTION(&p->select);
- free(p->pcrValue);
-@@ -643,6 +653,7 @@ typedef struct TPM_KEY {
- .pubKey = TPM_STORE_PUBKEY_INIT, \
- .encDataSize = 0, .encData = NULL }
-
-+static
- inline void free_TPM_KEY(TPM_KEY* k) {
- if(k->PCRInfoSize) {
- free_TPM_PCR_INFO(&k->PCRInfo);
-@@ -660,6 +671,7 @@ typedef struct TPM_BOUND_DATA {
-
- #define TPM_BOUND_DATA_INIT { .payloadData = NULL }
-
-+static
- inline void free_TPM_BOUND_DATA(TPM_BOUND_DATA* d) {
- free(d->payloadData);
- d->payloadData = NULL;
-@@ -676,6 +688,7 @@ typedef struct TPM_STORED_DATA {
- #define TPM_STORED_DATA_INIT { .sealInfoSize = 0, sealInfo = TPM_PCR_INFO_INIT,\
- .encDataSize = 0, .encData = NULL }
-
-+static
- inline void free_TPM_STORED_DATA(TPM_STORED_DATA* d) {
- if(d->sealInfoSize) {
- free_TPM_PCR_INFO(&d->sealInfo);
-@@ -696,6 +709,7 @@ typedef struct TPM_STORED_DATA12 {
- #define TPM_STORED_DATA12_INIT { .sealInfoLongSize = 0, \
- sealInfoLong = TPM_PCR_INFO_INIT, .encDataSize = 0, .encData = NULL }
-
-+static
- inline void free_TPM_STORED_DATA12(TPM_STORED_DATA12* d) {
- if(d->sealInfoLongSize) {
- free_TPM_PCR_INFO_LONG(&d->sealInfoLong);
-diff --git a/stubdom/vtpmmgr/tpm2_marshal.h b/stubdom/vtpmmgr/tpm2_marshal.h
-index aaa44645a2..ba070ad38e 100644
---- a/stubdom/vtpmmgr/tpm2_marshal.h
-+++ b/stubdom/vtpmmgr/tpm2_marshal.h
-@@ -52,6 +52,7 @@
- #define pack_TPM_BUFFER(ptr, buf, size) pack_BUFFER(ptr, buf, size)
- #define unpack_TPM_BUFFER(ptr, buf, size) unpack_BUFFER(ptr, buf, size)
-
-+static
- inline BYTE* pack_BYTE_ARRAY(BYTE* ptr, const BYTE* array, UINT32 size)
- {
- int i;
-@@ -60,21 +61,25 @@ inline BYTE* pack_BYTE_ARRAY(BYTE* ptr, const BYTE* array, UINT32 size)
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMA_SESSION(BYTE* ptr, const TPMA_SESSION *attr)
- {
- return pack_BYTE(ptr, (BYTE)(*attr));
- }
-
-+static
- inline BYTE* unpack_TPMA_SESSION(BYTE* ptr, TPMA_SESSION *attr)
- {
- return unpack_BYTE(ptr, (BYTE *)attr);
- }
-
-+static
- inline BYTE* pack_TPMI_ALG_HASH(BYTE* ptr, const TPMI_ALG_HASH *hash)
- {
- return pack_UINT16(ptr, *hash);
- }
-
-+static
- inline BYTE* unpack_TPMI_ALG_HASH(BYTE *ptr, TPMI_ALG_HASH *hash)
- {
- return unpack_UINT16(ptr, hash);
-@@ -125,6 +130,7 @@ inline BYTE* unpack_TPMI_ALG_HASH(BYTE *ptr, TPMI_ALG_HASH *hash)
- #define pack_TPMI_RH_LOCKOUT(ptr, l) pack_TPM2_HANDLE(ptr, l)
- #define unpack_TPMI_RH_LOCKOUT(ptr, l) unpack_TPM2_HANDLE(ptr, l)
-
-+static
- inline BYTE* pack_TPM2B_DIGEST(BYTE* ptr, const TPM2B_DIGEST *digest)
- {
- ptr = pack_UINT16(ptr, digest->size);
-@@ -132,6 +138,7 @@ inline BYTE* pack_TPM2B_DIGEST(BYTE* ptr, const TPM2B_DIGEST *digest)
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPM2B_DIGEST(BYTE* ptr, TPM2B_DIGEST *digest)
- {
- ptr = unpack_UINT16(ptr, &digest->size);
-@@ -139,6 +146,7 @@ inline BYTE* unpack_TPM2B_DIGEST(BYTE* ptr, TPM2B_DIGEST *digest)
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMT_TK_CREATION(BYTE* ptr,const TPMT_TK_CREATION *ticket )
- {
- ptr = pack_TPM_ST(ptr , &ticket->tag);
-@@ -147,6 +155,7 @@ inline BYTE* pack_TPMT_TK_CREATION(BYTE* ptr,const TPMT_TK_CREATION *ticket )
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPMT_TK_CREATION(BYTE* ptr, TPMT_TK_CREATION *ticket )
- {
- ptr = unpack_TPM_ST(ptr, &ticket->tag);
-@@ -155,6 +164,7 @@ inline BYTE* unpack_TPMT_TK_CREATION(BYTE* ptr, TPMT_TK_CREATION *ticket )
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPM2B_NAME(BYTE* ptr,const TPM2B_NAME *name )
- {
- ptr = pack_UINT16(ptr, name->size);
-@@ -162,6 +172,7 @@ inline BYTE* pack_TPM2B_NAME(BYTE* ptr,const TPM2B_NAME *name )
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPM2B_NAME(BYTE* ptr, TPM2B_NAME *name)
- {
- ptr = unpack_UINT16(ptr, &name->size);
-@@ -169,6 +180,7 @@ inline BYTE* unpack_TPM2B_NAME(BYTE* ptr, TPM2B_NAME *name)
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPM2B_NONCE(BYTE* ptr, const TPM2B_NONCE *nonce)
- {
- return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)nonce);
-@@ -176,6 +188,7 @@ inline BYTE* pack_TPM2B_NONCE(BYTE* ptr, const TPM2B_NONCE *nonce)
-
- #define unpack_TPM2B_NONCE(ptr, nonce) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)nonce)
-
-+static
- inline BYTE* pack_TPM2B_AUTH(BYTE* ptr, const TPM2B_AUTH *auth)
- {
- return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)auth);
-@@ -183,6 +196,7 @@ inline BYTE* pack_TPM2B_AUTH(BYTE* ptr, const TPM2B_AUTH *auth)
-
- #define unpack_TPM2B_AUTH(ptr, auth) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)auth)
-
-+static
- inline BYTE* pack_TPM2B_DATA(BYTE* ptr, const TPM2B_DATA *data)
- {
- return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)data);
-@@ -190,6 +204,7 @@ inline BYTE* pack_TPM2B_DATA(BYTE* ptr, const TPM2B_DATA *data)
-
- #define unpack_TPM2B_DATA(ptr, data) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)data)
-
-+static
- inline BYTE* pack_TPM2B_SENSITIVE_DATA(BYTE* ptr, const TPM2B_SENSITIVE_DATA *data)
- {
- return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)data);
-@@ -197,6 +212,7 @@ inline BYTE* pack_TPM2B_SENSITIVE_DATA(BYTE* ptr, const TPM2B_SENSITIVE_DATA *da
-
- #define unpack_TPM2B_SENSITIVE_DATA(ptr, data) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)data)
-
-+static
- inline BYTE* pack_TPM2B_PUBLIC_KEY_RSA(BYTE* ptr, const TPM2B_PUBLIC_KEY_RSA *rsa)
- {
- return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)rsa);
-@@ -204,6 +220,7 @@ inline BYTE* pack_TPM2B_PUBLIC_KEY_RSA(BYTE* ptr, const TPM2B_PUBLIC_KEY_RSA *rs
-
- #define unpack_TPM2B_PUBLIC_KEY_RSA(ptr, rsa) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)rsa)
-
-+static
- inline BYTE* pack_TPM2B_PRIVATE(BYTE* ptr, const TPM2B_PRIVATE *Private)
- {
- ptr = pack_UINT16(ptr, Private->size);
-@@ -211,6 +228,7 @@ inline BYTE* pack_TPM2B_PRIVATE(BYTE* ptr, const TPM2B_PRIVATE *Private)
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPM2B_PRIVATE(BYTE* ptr, TPM2B_PRIVATE *Private)
- {
- ptr = unpack_UINT16(ptr, &Private->size);
-@@ -218,6 +236,7 @@ inline BYTE* unpack_TPM2B_PRIVATE(BYTE* ptr, TPM2B_PRIVATE *Private)
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMS_PCR_SELECTION_ARRAY(BYTE* ptr, const TPMS_PCR_SELECTION *sel, UINT32 count)
- {
- int i;
-@@ -229,6 +248,7 @@ inline BYTE* pack_TPMS_PCR_SELECTION_ARRAY(BYTE* ptr, const TPMS_PCR_SELECTION *
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPMS_PCR_SELECTION_ARRAY(BYTE* ptr, TPMS_PCR_SELECTION *sel, UINT32 count)
- {
- int i;
-@@ -240,6 +260,7 @@ inline BYTE* unpack_TPMS_PCR_SELECTION_ARRAY(BYTE* ptr, TPMS_PCR_SELECTION *sel,
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPML_PCR_SELECTION(BYTE* ptr, const TPML_PCR_SELECTION *sel)
- {
- ptr = pack_UINT32(ptr, sel->count);
-@@ -247,6 +268,7 @@ inline BYTE* pack_TPML_PCR_SELECTION(BYTE* ptr, const TPML_PCR_SELECTION *sel)
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPML_PCR_SELECTION(BYTE* ptr, TPML_PCR_SELECTION *sel)
- {
- ptr = unpack_UINT32(ptr, &sel->count);
-@@ -254,6 +276,7 @@ inline BYTE* unpack_TPML_PCR_SELECTION(BYTE* ptr, TPML_PCR_SELECTION *sel)
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPML_DIGEST(BYTE* ptr,TPML_DIGEST *digest)
- {
- int i;
-@@ -265,6 +288,7 @@ inline BYTE* unpack_TPML_DIGEST(BYTE* ptr,TPML_DIGEST *digest)
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMS_CREATION_DATA(BYTE* ptr,const TPMS_CREATION_DATA *data)
- {
- ptr = pack_TPML_PCR_SELECTION(ptr, &data->pcrSelect);
-@@ -276,6 +300,7 @@ inline BYTE* pack_TPMS_CREATION_DATA(BYTE* ptr,const TPMS_CREATION_DATA *data)
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPMS_CREATION_DATA(BYTE* ptr, TPMS_CREATION_DATA *data)
- {
- ptr = unpack_TPML_PCR_SELECTION(ptr, &data->pcrSelect);
-@@ -288,6 +313,7 @@ inline BYTE* unpack_TPMS_CREATION_DATA(BYTE* ptr, TPMS_CREATION_DATA *data)
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPM2B_CREATION_DATA(BYTE* ptr, const TPM2B_CREATION_DATA *data )
- {
- ptr = pack_UINT16(ptr, data->size);
-@@ -295,6 +321,7 @@ inline BYTE* pack_TPM2B_CREATION_DATA(BYTE* ptr, const TPM2B_CREATION_DATA *data
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPM2B_CREATION_DATA(BYTE* ptr, TPM2B_CREATION_DATA * data)
- {
- ptr = unpack_UINT16(ptr, &data->size);
-@@ -302,6 +329,7 @@ inline BYTE* unpack_TPM2B_CREATION_DATA(BYTE* ptr, TPM2B_CREATION_DATA * data)
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMS_SENSITIVE_CREATE(BYTE* ptr, const TPMS_SENSITIVE_CREATE *create)
- {
- ptr = pack_TPM2B_AUTH(ptr, &create->userAuth);
-@@ -309,6 +337,7 @@ inline BYTE* pack_TPMS_SENSITIVE_CREATE(BYTE* ptr, const TPMS_SENSITIVE_CREATE *
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPM2B_SENSITIVE_CREATE(BYTE* ptr, const TPM2B_SENSITIVE_CREATE *create)
- {
- BYTE* sizePtr = ptr;
-@@ -318,6 +347,7 @@ inline BYTE* pack_TPM2B_SENSITIVE_CREATE(BYTE* ptr, const TPM2B_SENSITIVE_CREATE
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMU_SYM_MODE(BYTE* ptr, const TPMU_SYM_MODE *p,
- const TPMI_ALG_SYM_OBJECT *sel)
- {
-@@ -336,6 +366,7 @@ inline BYTE* pack_TPMU_SYM_MODE(BYTE* ptr, const TPMU_SYM_MODE *p,
- }
- return ptr;
- }
-+static
- inline BYTE* unpack_TPMU_SYM_MODE(BYTE* ptr, TPMU_SYM_MODE *p,
- const TPMI_ALG_SYM_OBJECT *sel)
- {
-@@ -355,6 +386,7 @@ inline BYTE* unpack_TPMU_SYM_MODE(BYTE* ptr, TPMU_SYM_MODE *p,
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMU_SYM_KEY_BITS(BYTE* ptr, const TPMU_SYM_KEY_BITS *p,
- const TPMI_ALG_SYM_OBJECT *sel)
- {
-@@ -376,6 +408,7 @@ inline BYTE* pack_TPMU_SYM_KEY_BITS(BYTE* ptr, const TPMU_SYM_KEY_BITS *p,
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPMU_SYM_KEY_BITS(BYTE* ptr, TPMU_SYM_KEY_BITS *p,
- const TPMI_ALG_SYM_OBJECT *sel)
- {
-@@ -397,6 +430,7 @@ inline BYTE* unpack_TPMU_SYM_KEY_BITS(BYTE* ptr, TPMU_SYM_KEY_BITS *p,
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMT_SYM_DEF_OBJECT(BYTE* ptr, const TPMT_SYM_DEF_OBJECT *p)
- {
- ptr = pack_TPMI_ALG_SYM_OBJECT(ptr, &p->algorithm);
-@@ -405,6 +439,7 @@ inline BYTE* pack_TPMT_SYM_DEF_OBJECT(BYTE* ptr, const TPMT_SYM_DEF_OBJECT *p)
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPMT_SYM_DEF_OBJECT(BYTE *ptr, TPMT_SYM_DEF_OBJECT *p)
- {
- ptr = unpack_TPMI_ALG_SYM_OBJECT(ptr, &p->algorithm);
-@@ -416,6 +451,7 @@ inline BYTE* unpack_TPMT_SYM_DEF_OBJECT(BYTE *ptr, TPMT_SYM_DEF_OBJECT *p)
- #define pack_TPMS_SCHEME_OAEP(p, t) pack_TPMI_ALG_HASH(p, &((t)->hashAlg))
- #define unpack_TPMS_SCHEME_OAEP(p, t) unpack_TPMI_ALG_HASH(p, &((t)->hashAlg))
-
-+static
- inline BYTE* pack_TPMU_ASYM_SCHEME(BYTE *ptr, const TPMU_ASYM_SCHEME *p,
- const TPMI_ALG_RSA_SCHEME *s)
- {
-@@ -438,6 +474,7 @@ inline BYTE* pack_TPMU_ASYM_SCHEME(BYTE *ptr, const TPMU_ASYM_SCHEME *p,
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPMU_ASYM_SCHEME(BYTE *ptr, TPMU_ASYM_SCHEME *p,
- const TPMI_ALG_RSA_SCHEME *s)
- {
-@@ -462,6 +499,7 @@ inline BYTE* unpack_TPMU_ASYM_SCHEME(BYTE *ptr, TPMU_ASYM_SCHEME *p,
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMT_RSA_SCHEME(BYTE* ptr, const TPMT_RSA_SCHEME *p)
- {
- ptr = pack_TPMI_ALG_RSA_SCHEME(ptr, &p->scheme);
-@@ -469,6 +507,7 @@ inline BYTE* pack_TPMT_RSA_SCHEME(BYTE* ptr, const TPMT_RSA_SCHEME *p)
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPMT_RSA_SCHEME(BYTE* ptr, TPMT_RSA_SCHEME *p)
- {
- ptr = unpack_TPMI_ALG_RSA_SCHEME(ptr, &p->scheme);
-@@ -476,6 +515,7 @@ inline BYTE* unpack_TPMT_RSA_SCHEME(BYTE* ptr, TPMT_RSA_SCHEME *p)
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMT_RSA_DECRYPT(BYTE* ptr, const TPMT_RSA_DECRYPT *p)
- {
- ptr = pack_TPMI_ALG_RSA_SCHEME(ptr, &p->scheme);
-@@ -483,6 +523,7 @@ inline BYTE* pack_TPMT_RSA_DECRYPT(BYTE* ptr, const TPMT_RSA_DECRYPT *p)
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMS_RSA_PARMS(BYTE* ptr, const TPMS_RSA_PARMS *p)
- {
- ptr = pack_TPMT_SYM_DEF_OBJECT(ptr, &p->symmetric);
-@@ -492,6 +533,7 @@ inline BYTE* pack_TPMS_RSA_PARMS(BYTE* ptr, const TPMS_RSA_PARMS *p)
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPMS_RSA_PARMS(BYTE *ptr, TPMS_RSA_PARMS *p)
- {
- ptr = unpack_TPMT_SYM_DEF_OBJECT(ptr, &p->symmetric);
-@@ -501,6 +543,7 @@ inline BYTE* unpack_TPMS_RSA_PARMS(BYTE *ptr, TPMS_RSA_PARMS *p)
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMU_PUBLIC_PARMS(BYTE* ptr, const TPMU_PUBLIC_PARMS *param,
- const TPMI_ALG_PUBLIC *selector)
- {
-@@ -518,6 +561,7 @@ inline BYTE* pack_TPMU_PUBLIC_PARMS(BYTE* ptr, const TPMU_PUBLIC_PARMS *param,
- return NULL;
- }
-
-+static
- inline BYTE* unpack_TPMU_PUBLIC_PARMS(BYTE* ptr, TPMU_PUBLIC_PARMS *param,
- const TPMI_ALG_PUBLIC *selector)
- {
-@@ -535,18 +579,21 @@ inline BYTE* unpack_TPMU_PUBLIC_PARMS(BYTE* ptr, TPMU_PUBLIC_PARMS *param,
- return NULL;
- }
-
-+static
- inline BYTE* pack_TPMS_ECC_POINT(BYTE* ptr, const TPMS_ECC_POINT *point)
- {
- assert(false);
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPMS_ECC_POINT(BYTE* ptr, TPMS_ECC_POINT *point)
- {
- assert(false);
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMU_PUBLIC_ID(BYTE* ptr, const TPMU_PUBLIC_ID *id,
- const TPMI_ALG_PUBLIC *selector)
- {
-@@ -564,6 +611,7 @@ inline BYTE* pack_TPMU_PUBLIC_ID(BYTE* ptr, const TPMU_PUBLIC_ID *id,
- return NULL;
- }
-
-+static
- inline BYTE* unpack_TPMU_PUBLIC_ID(BYTE* ptr, TPMU_PUBLIC_ID *id, TPMI_ALG_PUBLIC *selector)
- {
- switch (*selector) {
-@@ -580,6 +628,7 @@ inline BYTE* unpack_TPMU_PUBLIC_ID(BYTE* ptr, TPMU_PUBLIC_ID *id, TPMI_ALG_PUBLI
- return NULL;
- }
-
-+static
- inline BYTE* pack_TPMT_PUBLIC(BYTE* ptr, const TPMT_PUBLIC *public)
- {
- ptr = pack_TPMI_ALG_PUBLIC(ptr, &public->type);
-@@ -591,6 +640,7 @@ inline BYTE* pack_TPMT_PUBLIC(BYTE* ptr, const TPMT_PUBLIC *public)
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPMT_PUBLIC(BYTE* ptr, TPMT_PUBLIC *public)
- {
- ptr = unpack_TPMI_ALG_PUBLIC(ptr, &public->type);
-@@ -602,6 +652,7 @@ inline BYTE* unpack_TPMT_PUBLIC(BYTE* ptr, TPMT_PUBLIC *public)
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPM2B_PUBLIC(BYTE* ptr, const TPM2B_PUBLIC *public)
- {
- BYTE *sizePtr = ptr;
-@@ -611,6 +662,7 @@ inline BYTE* pack_TPM2B_PUBLIC(BYTE* ptr, const TPM2B_PUBLIC *public)
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPM2B_PUBLIC(BYTE* ptr, TPM2B_PUBLIC *public)
- {
- ptr = unpack_UINT16(ptr, &public->size);
-@@ -618,6 +670,7 @@ inline BYTE* unpack_TPM2B_PUBLIC(BYTE* ptr, TPM2B_PUBLIC *public)
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMS_PCR_SELECTION(BYTE* ptr, const TPMS_PCR_SELECTION *selection)
- {
- ptr = pack_TPMI_ALG_HASH(ptr, &selection->hash);
-@@ -626,6 +679,7 @@ inline BYTE* pack_TPMS_PCR_SELECTION(BYTE* ptr, const TPMS_PCR_SELECTION *select
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPMS_PCR_SELECTION_Array(BYTE* ptr, const TPMS_PCR_SELECTION *selections,
- const UINT32 cnt)
- {
-@@ -635,6 +689,7 @@ inline BYTE* pack_TPMS_PCR_SELECTION_Array(BYTE* ptr, const TPMS_PCR_SELECTION *
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPM_AuthArea(BYTE* ptr, const TPM_AuthArea *auth)
- {
- BYTE* sizePtr = ptr;
-@@ -647,6 +702,7 @@ inline BYTE* pack_TPM_AuthArea(BYTE* ptr, const TPM_AuthArea *auth)
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPM_AuthArea(BYTE* ptr, TPM_AuthArea *auth)
- {
- ptr = unpack_UINT32(ptr, &auth->size);
-@@ -657,6 +713,7 @@ inline BYTE* unpack_TPM_AuthArea(BYTE* ptr, TPM_AuthArea *auth)
- return ptr;
- }
-
-+static
- inline BYTE* pack_TPM2_RSA_KEY(BYTE* ptr, const TPM2_RSA_KEY *key)
- {
- ptr = pack_TPM2B_PRIVATE(ptr, &key->Private);
-@@ -664,6 +721,7 @@ inline BYTE* pack_TPM2_RSA_KEY(BYTE* ptr, const TPM2_RSA_KEY *key)
- return ptr;
- }
-
-+static
- inline BYTE* unpack_TPM2_RSA_KEY(BYTE* ptr, TPM2_RSA_KEY *key)
- {
- ptr = unpack_TPM2B_PRIVATE(ptr, &key->Private);
-diff --git a/stubdom/vtpmmgr/tpmrsa.h b/stubdom/vtpmmgr/tpmrsa.h
-index 08213bbb7a..65fd32a45c 100644
---- a/stubdom/vtpmmgr/tpmrsa.h
-+++ b/stubdom/vtpmmgr/tpmrsa.h
-@@ -62,6 +62,7 @@ TPM_RESULT tpmrsa_pub_encrypt_oaep( tpmrsa_context *ctx,
- unsigned char *output );
-
- /* free tpmrsa key */
-+static
- inline void tpmrsa_free( tpmrsa_context *ctx ) {
- mpi_free( &ctx->RN ); mpi_free( &ctx->E ); mpi_free( &ctx->N );
- }
-
-_______________________________________________
-Xen-devel mailing list
-Xen-devel@lists.xen.org
-https://lists.xen.org/xen-devel
diff --git a/system/xen/patches/glibc-memfd_fix_configure_test.patch b/system/xen/patches/glibc-memfd_fix_configure_test.patch
new file mode 100644
index 0000000000..b1f354ac1c
--- /dev/null
+++ b/system/xen/patches/glibc-memfd_fix_configure_test.patch
@@ -0,0 +1,55 @@
+From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 28 Nov 2017 11:51:27 +0100
+Subject: [PATCH] memfd: fix configure test
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Recent glibc added memfd_create in sys/mman.h. This conflicts with
+the definition in util/memfd.c:
+
+ /builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration
+
+Fix the configure test, and remove the sys/memfd.h inclusion since the
+file actually does not exist---it is a typo in the memfd_create(2) man
+page.
+
+Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ configure | 2 +-
+ util/memfd.c | 4 +---
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/configure b/configure
+index 9c8aa5a..99ccc17 100755
+--- a/configure
++++ b/configure
+@@ -3923,7 +3923,7 @@ fi
+ # check if memfd is supported
+ memfd=no
+ cat > $TMPC << EOF
+-#include <sys/memfd.h>
++#include <sys/mman.h>
+
+ int main(void)
+ {
+diff --git a/util/memfd.c b/util/memfd.c
+index 4571d1a..412e94a 100644
+--- a/util/memfd.c
++++ b/util/memfd.c
+@@ -31,9 +31,7 @@
+
+ #include "qemu/memfd.h"
+
+-#ifdef CONFIG_MEMFD
+-#include <sys/memfd.h>
+-#elif defined CONFIG_LINUX
++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD
+ #include <sys/syscall.h>
+ #include <asm/unistd.h>
+
+--
+1.8.3.1
+
diff --git a/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-ath5k.patch b/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-ath5k.patch
deleted file mode 100644
index 2de261aa02..0000000000
--- a/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-ath5k.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 45f2265bfcbbf2afd7fac24372ae26e453f2b52d Mon Sep 17 00:00:00 2001
-From: Michael Brown <mcb30@ipxe.org>
-Date: Wed, 22 Mar 2017 11:52:09 +0200
-Subject: [PATCH] [ath] Add missing break statements
-
-Signed-off-by: Michael Brown <mcb30@ipxe.org>
----
- src/drivers/net/ath/ath5k/ath5k_desc.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/drivers/net/ath/ath5k/ath5k_desc.c b/src/drivers/net/ath/ath5k/ath5k_desc.c
-index 30fe1c777..816d26ede 100644
---- a/src/drivers/net/ath/ath5k/ath5k_desc.c
-+++ b/src/drivers/net/ath/ath5k/ath5k_desc.c
-@@ -104,10 +104,13 @@ ath5k_hw_setup_2word_tx_desc(struct ath5k_hw *ah, struct ath5k_desc *desc,
- case AR5K_PKT_TYPE_BEACON:
- case AR5K_PKT_TYPE_PROBE_RESP:
- frame_type = AR5K_AR5210_TX_DESC_FRAME_TYPE_NO_DELAY;
-+ break;
- case AR5K_PKT_TYPE_PIFS:
- frame_type = AR5K_AR5210_TX_DESC_FRAME_TYPE_PIFS;
-+ break;
- default:
- frame_type = type /*<< 2 ?*/;
-+ break;
- }
-
- tx_ctl->tx_control_0 |=
diff --git a/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-curses.patch b/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-curses.patch
deleted file mode 100644
index 5faa5600ba..0000000000
--- a/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough-curses.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 28e26dd2503e6006fabb26f8c33050ba93a99623 Mon Sep 17 00:00:00 2001
-From: Michael Brown <mcb30@ipxe.org>
-Date: Wed, 29 Mar 2017 10:35:05 +0300
-Subject: [PATCH] [mucurses] Fix erroneous __nonnull attribute
-
-Signed-off-by: Michael Brown <mcb30@ipxe.org>
----
- src/include/curses.h | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/include/curses.h b/src/include/curses.h
-index 04060fe27..1f6fe029b 100644
---- a/src/include/curses.h
-+++ b/src/include/curses.h
-@@ -443,7 +443,8 @@ extern int wborder ( WINDOW *, chtype, chtype, chtype, chtype, chtype, chtype,
- extern int wclrtobot ( WINDOW * ) __nonnull;
- extern int wclrtoeol ( WINDOW * ) __nonnull;
- extern void wcursyncup ( WINDOW * );
--extern int wcolour_set ( WINDOW *, short, void * ) __nonnull;
-+extern int wcolour_set ( WINDOW *, short, void * )
-+ __attribute__ (( nonnull (1)));
- #define wcolor_set(w,s,v) wcolour_set((w),(s),(v))
- extern int wdelch ( WINDOW * ) __nonnull;
- extern int wdeleteln ( WINDOW * ) __nonnull;
diff --git a/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough.patch b/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough.patch
deleted file mode 100644
index fe379699b3..0000000000
--- a/system/xen/patches/patch-inbuild-ipxe-gcc7-implicit-fallthrough.patch
+++ /dev/null
@@ -1,163 +0,0 @@
-From 5f85cbb9ee1c00cec81a848a9e871ad5d1e7f53f Mon Sep 17 00:00:00 2001
-From: Michael Brown <mcb30@ipxe.org>
-Date: Wed, 29 Mar 2017 10:36:03 +0300
-Subject: [PATCH] [build] Avoid implicit-fallthrough warnings on GCC 7
-
-Reported-by: Vinson Lee <vlee@freedesktop.org>
-Reported-by: Liang Yan <lyan@suse.com>
-Signed-off-by: Michael Brown <mcb30@ipxe.org>
----
- src/arch/x86/image/bzimage.c | 2 ++
- src/drivers/infiniband/golan.c | 1 +
- src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c | 2 ++
- src/drivers/net/ath/ath9k/ath9k_ar9002_phy.c | 1 +
- src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c | 1 +
- src/drivers/net/igbvf/igbvf_vf.c | 1 +
- src/drivers/net/tg3/tg3_hw.c | 12 ++++++++++++
- src/tests/setjmp_test.c | 5 +++--
- 8 files changed, 23 insertions(+), 2 deletions(-)
-
-diff --git a/src/arch/x86/image/bzimage.c b/src/arch/x86/image/bzimage.c
-index e3c4cb83d..51498bf95 100644
---- a/src/arch/x86/image/bzimage.c
-+++ b/src/arch/x86/image/bzimage.c
-@@ -282,9 +282,11 @@ static int bzimage_parse_cmdline ( struct image *image,
- case 'G':
- case 'g':
- bzimg->mem_limit <<= 10;
-+ /* Fall through */
- case 'M':
- case 'm':
- bzimg->mem_limit <<= 10;
-+ /* Fall through */
- case 'K':
- case 'k':
- bzimg->mem_limit <<= 10;
-diff --git a/src/drivers/infiniband/golan.c b/src/drivers/infiniband/golan.c
-index 30eaabab2..61331d4c1 100755
---- a/src/drivers/infiniband/golan.c
-+++ b/src/drivers/infiniband/golan.c
-@@ -1956,6 +1956,7 @@ static inline void golan_handle_port_event(struct golan *golan, struct golan_eqe
- case GOLAN_PORT_CHANGE_SUBTYPE_CLIENT_REREG:
- case GOLAN_PORT_CHANGE_SUBTYPE_ACTIVE:
- golan_ib_update ( ibdev );
-+ /* Fall through */
- case GOLAN_PORT_CHANGE_SUBTYPE_DOWN:
- case GOLAN_PORT_CHANGE_SUBTYPE_LID:
- case GOLAN_PORT_CHANGE_SUBTYPE_PKEY:
-diff --git a/src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c b/src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c
-index 2b6c133cb..a98e4bb66 100644
---- a/src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c
-+++ b/src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c
-@@ -640,12 +640,14 @@ static void ar5008_hw_init_chain_masks(struct ath_hw *ah)
- case 0x5:
- REG_SET_BIT(ah, AR_PHY_ANALOG_SWAP,
- AR_PHY_SWAP_ALT_CHAIN);
-+ /* Fall through */
- case 0x3:
- if (ah->hw_version.macVersion == AR_SREV_REVISION_5416_10) {
- REG_WRITE(ah, AR_PHY_RX_CHAINMASK, 0x7);
- REG_WRITE(ah, AR_PHY_CAL_CHAINMASK, 0x7);
- break;
- }
-+ /* Fall through */
- case 0x1:
- case 0x2:
- case 0x7:
-diff --git a/src/drivers/net/ath/ath9k/ath9k_ar9002_phy.c b/src/drivers/net/ath/ath9k/ath9k_ar9002_phy.c
-index 72203ba48..65cfad597 100644
---- a/src/drivers/net/ath/ath9k/ath9k_ar9002_phy.c
-+++ b/src/drivers/net/ath/ath9k/ath9k_ar9002_phy.c
-@@ -122,6 +122,7 @@ static int ar9002_hw_set_channel(struct ath_hw *ah, struct ath9k_channel *chan)
- aModeRefSel = 2;
- if (aModeRefSel)
- break;
-+ /* Fall through */
- case 1:
- default:
- aModeRefSel = 0;
-diff --git a/src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c b/src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c
-index 2244b775a..b66358b92 100644
---- a/src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c
-+++ b/src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c
-@@ -539,6 +539,7 @@ void ar9003_hw_set_chain_masks(struct ath_hw *ah, u8 rx, u8 tx)
- case 0x5:
- REG_SET_BIT(ah, AR_PHY_ANALOG_SWAP,
- AR_PHY_SWAP_ALT_CHAIN);
-+ /* Fall through */
- case 0x3:
- case 0x1:
- case 0x2:
-diff --git a/src/drivers/net/igbvf/igbvf_vf.c b/src/drivers/net/igbvf/igbvf_vf.c
-index f2dac8be7..f841d5e3d 100644
---- a/src/drivers/net/igbvf/igbvf_vf.c
-+++ b/src/drivers/net/igbvf/igbvf_vf.c
-@@ -357,6 +357,7 @@ s32 igbvf_promisc_set_vf(struct e1000_hw *hw, enum e1000_promisc_type type)
- break;
- case e1000_promisc_enabled:
- msgbuf |= E1000_VF_SET_PROMISC_MULTICAST;
-+ /* Fall through */
- case e1000_promisc_unicast:
- msgbuf |= E1000_VF_SET_PROMISC_UNICAST;
- case e1000_promisc_disabled:
-diff --git a/src/drivers/net/tg3/tg3_hw.c b/src/drivers/net/tg3/tg3_hw.c
-index 50353cf36..798f8519f 100644
---- a/src/drivers/net/tg3/tg3_hw.c
-+++ b/src/drivers/net/tg3/tg3_hw.c
-@@ -2518,28 +2518,40 @@ static int tg3_reset_hw(struct tg3 *tp, int reset_phy)
- switch (limit) {
- case 16:
- tw32(MAC_RCV_RULE_15, 0); tw32(MAC_RCV_VALUE_15, 0);
-+ /* Fall through */
- case 15:
- tw32(MAC_RCV_RULE_14, 0); tw32(MAC_RCV_VALUE_14, 0);
-+ /* Fall through */
- case 14:
- tw32(MAC_RCV_RULE_13, 0); tw32(MAC_RCV_VALUE_13, 0);
-+ /* Fall through */
- case 13:
- tw32(MAC_RCV_RULE_12, 0); tw32(MAC_RCV_VALUE_12, 0);
-+ /* Fall through */
- case 12:
- tw32(MAC_RCV_RULE_11, 0); tw32(MAC_RCV_VALUE_11, 0);
-+ /* Fall through */
- case 11:
- tw32(MAC_RCV_RULE_10, 0); tw32(MAC_RCV_VALUE_10, 0);
-+ /* Fall through */
- case 10:
- tw32(MAC_RCV_RULE_9, 0); tw32(MAC_RCV_VALUE_9, 0);
-+ /* Fall through */
- case 9:
- tw32(MAC_RCV_RULE_8, 0); tw32(MAC_RCV_VALUE_8, 0);
-+ /* Fall through */
- case 8:
- tw32(MAC_RCV_RULE_7, 0); tw32(MAC_RCV_VALUE_7, 0);
-+ /* Fall through */
- case 7:
- tw32(MAC_RCV_RULE_6, 0); tw32(MAC_RCV_VALUE_6, 0);
-+ /* Fall through */
- case 6:
- tw32(MAC_RCV_RULE_5, 0); tw32(MAC_RCV_VALUE_5, 0);
-+ /* Fall through */
- case 5:
- tw32(MAC_RCV_RULE_4, 0); tw32(MAC_RCV_VALUE_4, 0);
-+ /* Fall through */
- case 4:
- /* tw32(MAC_RCV_RULE_3, 0); tw32(MAC_RCV_VALUE_3, 0); */
- case 3:
-diff --git a/src/tests/setjmp_test.c b/src/tests/setjmp_test.c
-index 50ad13f3c..deafcee09 100644
---- a/src/tests/setjmp_test.c
-+++ b/src/tests/setjmp_test.c
-@@ -111,8 +111,9 @@ static void setjmp_return_ok ( struct setjmp_test *test, int value ) {
- * @v file Test code file
- * @v line Test code line
- */
--static void longjmp_okx ( struct setjmp_test *test, int value,
-- const char *file, unsigned int line ) {
-+static void __attribute__ (( noreturn ))
-+longjmp_okx ( struct setjmp_test *test, int value,
-+ const char *file, unsigned int line ) {
-
- /* Record expected value. A zero passed to longjmp() should
- * result in setjmp() returning a value of one.
diff --git a/system/xen/patches/patch-ipxe-patches-series.patch b/system/xen/patches/patch-ipxe-patches-series.patch
deleted file mode 100644
index 30e9164177..0000000000
--- a/system/xen/patches/patch-ipxe-patches-series.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Subject: [PATCH] Fix gcc7 warn
-
----
- tools/firmware/etherboot/patches/series | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/tools/firmware/etherboot/patches/series b/tools/firmware/etherboot/patches/series
-index 86cb300..780c6c6 100644
---- a/tools/firmware/etherboot/patches/series
-+++ b/tools/firmware/etherboot/patches/series
-@@ -1 +1,4 @@
- boot_prompt_option.patch
-+patch-inbuild-ipxe-gcc7-implicit-fallthrough.patch
-+patch-inbuild-ipxe-gcc7-implicit-fallthrough-ath5k.patch
-+patch-inbuild-ipxe-gcc7-implicit-fallthrough-curses.patch
---
-2.13.0
-
diff --git a/system/xen/patches/use_already_present_ipxe.diff b/system/xen/patches/use_already_present_ipxe.diff
deleted file mode 100644
index 631b2b00f4..0000000000
--- a/system/xen/patches/use_already_present_ipxe.diff
+++ /dev/null
@@ -1,21 +0,0 @@
---- xen-4.3.0/tools/firmware/etherboot/Makefile.ORIG 2013-07-09 12:46:56.000000000 +0200
-+++ xen-4.3.0/tools/firmware/etherboot/Makefile 2013-07-28 13:34:32.994197893 +0200
-@@ -28,12 +28,12 @@
- $(MAKE) -C $D/src bin/$(*F).rom
-
- $T:
-- if ! $(FETCHER) _$T $(IPXE_TARBALL_URL); then \
-- $(GIT) clone $(IPXE_GIT_URL) $D.git; \
-- (cd $D.git && $(GIT) archive --format=tar --prefix=$D/ \
-- $(IPXE_GIT_TAG) | gzip >../_$T); \
-- rm -rf $D.git; \
-- fi
-+# if ! $(FETCHER) _$T $(IPXE_TARBALL_URL); then \
-+# $(GIT) clone $(IPXE_GIT_URL) $D.git; \
-+# (cd $D.git && $(GIT) archive --format=tar --prefix=$D/ \
-+# $(IPXE_GIT_TAG) | gzip >../_$T); \
-+# rm -rf $D.git; \
-+# fi
- mv _$T $T
-
- $D/src/arch/i386/Makefile: $T Config
diff --git a/system/xen/xen.SlackBuild b/system/xen/xen.SlackBuild
index 4214e973d1..726227650a 100644
--- a/system/xen/xen.SlackBuild
+++ b/system/xen/xen.SlackBuild
@@ -2,7 +2,7 @@
# Slackware build script for xen
-# Copyright 2010, 2011, 2013, 2014, 2015, 2016, 2017 Mario Preksavec, Zagreb, Croatia
+# Copyright 2010, 2011, 2013, 2014, 2015, 2016, 2017, 2018 Mario Preksavec, Zagreb, Croatia
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -23,13 +23,13 @@
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRGNAM=xen
-VERSION=${VERSION:-4.9.1}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-4.10.0}
+BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
-SEABIOS=${SEABIOS:-1.10.0}
-OVMF=${OVMF:-20170321_5920a9d}
-IPXE=${IPXE:-827dd1bfee67daa683935ce65316f7e0f057fe1c}
+SEABIOS=${SEABIOS:-1.10.2}
+OVMF=${OVMF:-20170920_947f3737a}
+IPXE=${IPXE:-356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
@@ -137,9 +137,6 @@ done
# Remove hardlinks
patch -p1 <$CWD/patches/symlinks_instead_of_hardlinks.diff
-# Let's not download stuff during the build...
-patch -p1 <$CWD/patches/use_already_present_ipxe.diff
-
# Copy already present source tarballs
cp $CWD/ipxe-git-$IPXE.tar.gz tools/firmware/etherboot/_ipxe.tar.gz
(
@@ -161,20 +158,9 @@ cp $CWD/{lwip,zlib,newlib,pciutils,grub,gmp,tpm_emulator}-*.tar.?z* \
# Prevent leaks during the build
patch -p1 <$CWD/patches/stubdom_zlib_disable_man_install.diff
-# GCC7 support with help from Mark Pryor (PryMar56) and ArchLinux folks
-if [ $(gcc -dumpfullversion | cut -d. -f1) -eq 7 ]; then
- # OVMF
- patch -d tools/firmware/ovmf-dir \
- -p1 <$CWD/patches/gcc7-fix-incorrect-comparison.patch
- # vTPM
- patch -p1 <$CWD/patches/gcc7-vtpmmgr-make-inline-static.patch
- patch -p1 <$CWD/patches/gcc7-vtpm-implicit-fallthrough.patch
- # Mini-OS
- patch -d extras/mini-os \
- -p1 <$CWD/patches/gcc7-minios-implement-udivmoddi4.patch
- # IPXE
- patch -p1 <$CWD/patches/patch-ipxe-patches-series.patch
- cp $CWD/patches/patch-inbuild-ipxe*.patch tools/firmware/etherboot/patches/
+# Fix glibc-2.27 build
+if [ "$(ldd --version | awk '{print $NF; exit}')" = "2.27" ]; then
+ ( cd tools/qemu-xen && patch -p1 <$CWD/patches/glibc-memfd_fix_configure_test.patch )
fi
CFLAGS="$SLKCFLAGS" \
diff --git a/system/xen/xen.info b/system/xen/xen.info
index aeb2e0e448..b2253a3497 100644
--- a/system/xen/xen.info
+++ b/system/xen/xen.info
@@ -1,8 +1,8 @@
PRGNAM="xen"
-VERSION="4.9.1"
+VERSION="4.10.0"
HOMEPAGE="http://www.xenproject.org/"
-DOWNLOAD="http://mirror.slackware.hr/sources/xen/xen-4.9.1.tar.gz \
- http://mirror.slackware.hr/sources/xen-extfiles/ipxe-git-827dd1bfee67daa683935ce65316f7e0f057fe1c.tar.gz \
+DOWNLOAD="http://mirror.slackware.hr/sources/xen/xen-4.10.0.tar.gz \
+ http://mirror.slackware.hr/sources/xen-extfiles/ipxe-git-356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d.tar.gz \
http://mirror.slackware.hr/sources/xen-extfiles/lwip-1.3.0.tar.gz \
http://mirror.slackware.hr/sources/xen-extfiles/zlib-1.2.3.tar.gz \
http://mirror.slackware.hr/sources/xen-extfiles/newlib-1.16.0.tar.gz \
@@ -11,10 +11,10 @@ DOWNLOAD="http://mirror.slackware.hr/sources/xen/xen-4.9.1.tar.gz \
http://mirror.slackware.hr/sources/xen-extfiles/polarssl-1.1.4-gpl.tgz \
http://mirror.slackware.hr/sources/xen-extfiles/gmp-4.3.2.tar.bz2 \
http://mirror.slackware.hr/sources/xen-extfiles/tpm_emulator-0.7.4.tar.gz \
- http://mirror.slackware.hr/sources/xen-seabios/seabios-1.10.0.tar.gz \
- http://mirror.slackware.hr/sources/xen-ovmf/xen-ovmf-20170321_5920a9d.tar.bz2"
-MD5SUM="8b9d6104694b164d54334194135f7217 \
- 71c69b5e1db9e01d5f246226eca03c22 \
+ http://mirror.slackware.hr/sources/xen-seabios/seabios-1.10.2.tar.gz \
+ http://mirror.slackware.hr/sources/xen-ovmf/xen-ovmf-20170920_947f3737a.tar.bz2"
+MD5SUM="ab9d320d02cb40f6b40506aed1a38d58 \
+ 0061f103c84b25c2e6ac47649b909bde \
36cc57650cffda9a0269493be2a169bb \
debc62758716a169df9f62e6ab2bc634 \
bf8f1f9e3ca83d732c00a79a6ef29bc4 \
@@ -23,8 +23,8 @@ MD5SUM="8b9d6104694b164d54334194135f7217 \
7b72caf22b01464ee7d6165f2fd85f44 \
dd60683d7057917e34630b4a787932e8 \
e26becb8a6a2b6695f6b3e8097593db8 \
- 633ffc9df0295eeeb4182444eb0300ee \
- 8caf4ea54fcc035d604f35556066e312"
+ 03387d3c84c7f43d6b8ab894155e1289 \
+ 779a40b927fb78a0d1732bb688d7a257"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
REQUIRES="acpica yajl"
diff --git a/system/xen/xsa/xsa246-4.9.patch b/system/xen/xsa/xsa246-4.9.patch
deleted file mode 100644
index 6370a10625..0000000000
--- a/system/xen/xsa/xsa246-4.9.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From: Julien Grall <julien.grall@linaro.org>
-Subject: x86/pod: prevent infinite loop when shattering large pages
-
-When populating pages, the PoD may need to split large ones using
-p2m_set_entry and request the caller to retry (see ept_get_entry for
-instance).
-
-p2m_set_entry may fail to shatter if it is not possible to allocate
-memory for the new page table. However, the error is not propagated
-resulting to the callers to retry infinitely the PoD.
-
-Prevent the infinite loop by return false when it is not possible to
-shatter the large mapping.
-
-This is XSA-246.
-
-Signed-off-by: Julien Grall <julien.grall@linaro.org>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: George Dunlap <george.dunlap@citrix.com>
-
---- a/xen/arch/x86/mm/p2m-pod.c
-+++ b/xen/arch/x86/mm/p2m-pod.c
-@@ -1071,9 +1071,8 @@ p2m_pod_demand_populate(struct p2m_domai
- * NOTE: In a fine-grained p2m locking scenario this operation
- * may need to promote its locking from gfn->1g superpage
- */
-- p2m_set_entry(p2m, gfn_aligned, INVALID_MFN, PAGE_ORDER_2M,
-- p2m_populate_on_demand, p2m->default_access);
-- return 0;
-+ return p2m_set_entry(p2m, gfn_aligned, INVALID_MFN, PAGE_ORDER_2M,
-+ p2m_populate_on_demand, p2m->default_access);
- }
-
- /* Only reclaim if we're in actual need of more cache. */
-@@ -1104,8 +1103,12 @@ p2m_pod_demand_populate(struct p2m_domai
-
- gfn_aligned = (gfn >> order) << order;
-
-- p2m_set_entry(p2m, gfn_aligned, mfn, order, p2m_ram_rw,
-- p2m->default_access);
-+ if ( p2m_set_entry(p2m, gfn_aligned, mfn, order, p2m_ram_rw,
-+ p2m->default_access) )
-+ {
-+ p2m_pod_cache_add(p2m, p, order);
-+ goto out_fail;
-+ }
-
- for( i = 0; i < (1UL << order); i++ )
- {
-@@ -1150,13 +1153,18 @@ remap_and_retry:
- BUG_ON(order != PAGE_ORDER_2M);
- pod_unlock(p2m);
-
-- /* Remap this 2-meg region in singleton chunks */
-- /* NOTE: In a p2m fine-grained lock scenario this might
-- * need promoting the gfn lock from gfn->2M superpage */
-+ /*
-+ * Remap this 2-meg region in singleton chunks. See the comment on the
-+ * 1G page splitting path above for why a single call suffices.
-+ *
-+ * NOTE: In a p2m fine-grained lock scenario this might
-+ * need promoting the gfn lock from gfn->2M superpage.
-+ */
- gfn_aligned = (gfn>>order)<<order;
-- for(i=0; i<(1<<order); i++)
-- p2m_set_entry(p2m, gfn_aligned + i, INVALID_MFN, PAGE_ORDER_4K,
-- p2m_populate_on_demand, p2m->default_access);
-+ if ( p2m_set_entry(p2m, gfn_aligned, INVALID_MFN, PAGE_ORDER_4K,
-+ p2m_populate_on_demand, p2m->default_access) )
-+ return -1;
-+
- if ( tb_init_done )
- {
- struct {
diff --git a/system/xen/xsa/xsa247-4.9-0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu.patch b/system/xen/xsa/xsa247-4.9-0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu.patch
deleted file mode 100644
index ad9524a304..0000000000
--- a/system/xen/xsa/xsa247-4.9-0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu.patch
+++ /dev/null
@@ -1,176 +0,0 @@
-From ad208b8b7e45fb2b7c572b86c61c26412609e82d Mon Sep 17 00:00:00 2001
-From: George Dunlap <george.dunlap@citrix.com>
-Date: Fri, 10 Nov 2017 16:53:54 +0000
-Subject: [PATCH 1/2] p2m: Always check to see if removing a p2m entry actually
- worked
-
-The PoD zero-check functions speculatively remove memory from the p2m,
-then check to see if it's completely zeroed, before putting it in the
-cache.
-
-Unfortunately, the p2m_set_entry() calls may fail if the underlying
-pagetable structure needs to change and the domain has exhausted its
-p2m memory pool: for instance, if we're removing a 2MiB region out of
-a 1GiB entry (in the p2m_pod_zero_check_superpage() case), or a 4k
-region out of a 2MiB or larger entry (in the p2m_pod_zero_check()
-case); and the return value is not checked.
-
-The underlying mfn will then be added into the PoD cache, and at some
-point mapped into another location in the p2m. If the guest
-afterwards ballons out this memory, it will be freed to the hypervisor
-and potentially reused by another domain, in spite of the fact that
-the original domain still has writable mappings to it.
-
-There are several places where p2m_set_entry() shouldn't be able to
-fail, as it is guaranteed to write an entry of the same order that
-succeeded before. Add a backstop of crashing the domain just in case,
-and an ASSERT_UNREACHABLE() to flag up the broken assumption on debug
-builds.
-
-While we're here, use PAGE_ORDER_2M rather than a magic constant.
-
-This is part of XSA-247.
-
-Reported-by: George Dunlap <george.dunlap.com>
-Signed-off-by: George Dunlap <george.dunlap@citrix.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
----
-v4:
-- Removed some training whitespace
-v3:
-- Reformat reset clause to be more compact
-- Make sure to set map[i] = NULL when unmapping in case we need to bail
-v2:
-- Crash a domain if a p2m_set_entry we think cannot fail fails anyway.
----
- xen/arch/x86/mm/p2m-pod.c | 77 +++++++++++++++++++++++++++++++++++++----------
- 1 file changed, 61 insertions(+), 16 deletions(-)
-
-diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c
-index 730a48f928..f2ed751892 100644
---- a/xen/arch/x86/mm/p2m-pod.c
-+++ b/xen/arch/x86/mm/p2m-pod.c
-@@ -752,8 +752,10 @@ p2m_pod_zero_check_superpage(struct p2m_domain *p2m, unsigned long gfn)
- }
-
- /* Try to remove the page, restoring old mapping if it fails. */
-- p2m_set_entry(p2m, gfn, INVALID_MFN, PAGE_ORDER_2M,
-- p2m_populate_on_demand, p2m->default_access);
-+ if ( p2m_set_entry(p2m, gfn, INVALID_MFN, PAGE_ORDER_2M,
-+ p2m_populate_on_demand, p2m->default_access) )
-+ goto out;
-+
- p2m_tlb_flush_sync(p2m);
-
- /* Make none of the MFNs are used elsewhere... for example, mapped
-@@ -810,9 +812,18 @@ p2m_pod_zero_check_superpage(struct p2m_domain *p2m, unsigned long gfn)
- ret = SUPERPAGE_PAGES;
-
- out_reset:
-- if ( reset )
-- p2m_set_entry(p2m, gfn, mfn0, 9, type0, p2m->default_access);
--
-+ /*
-+ * This p2m_set_entry() call shouldn't be able to fail, since the same order
-+ * on the same gfn succeeded above. If that turns out to be false, crashing
-+ * the domain should be the safest way of making sure we don't leak memory.
-+ */
-+ if ( reset && p2m_set_entry(p2m, gfn, mfn0, PAGE_ORDER_2M,
-+ type0, p2m->default_access) )
-+ {
-+ ASSERT_UNREACHABLE();
-+ domain_crash(d);
-+ }
-+
- out:
- gfn_unlock(p2m, gfn, SUPERPAGE_ORDER);
- return ret;
-@@ -869,19 +880,30 @@ p2m_pod_zero_check(struct p2m_domain *p2m, unsigned long *gfns, int count)
- }
-
- /* Try to remove the page, restoring old mapping if it fails. */
-- p2m_set_entry(p2m, gfns[i], INVALID_MFN, PAGE_ORDER_4K,
-- p2m_populate_on_demand, p2m->default_access);
-+ if ( p2m_set_entry(p2m, gfns[i], INVALID_MFN, PAGE_ORDER_4K,
-+ p2m_populate_on_demand, p2m->default_access) )
-+ goto skip;
-
- /* See if the page was successfully unmapped. (Allow one refcount
- * for being allocated to a domain.) */
- if ( (mfn_to_page(mfns[i])->count_info & PGC_count_mask) > 1 )
- {
-+ /*
-+ * If the previous p2m_set_entry call succeeded, this one shouldn't
-+ * be able to fail. If it does, crashing the domain should be safe.
-+ */
-+ if ( p2m_set_entry(p2m, gfns[i], mfns[i], PAGE_ORDER_4K,
-+ types[i], p2m->default_access) )
-+ {
-+ ASSERT_UNREACHABLE();
-+ domain_crash(d);
-+ goto out_unmap;
-+ }
-+
-+ skip:
- unmap_domain_page(map[i]);
- map[i] = NULL;
-
-- p2m_set_entry(p2m, gfns[i], mfns[i], PAGE_ORDER_4K,
-- types[i], p2m->default_access);
--
- continue;
- }
- }
-@@ -900,12 +922,25 @@ p2m_pod_zero_check(struct p2m_domain *p2m, unsigned long *gfns, int count)
-
- unmap_domain_page(map[i]);
-
-- /* See comment in p2m_pod_zero_check_superpage() re gnttab
-- * check timing. */
-- if ( j < PAGE_SIZE/sizeof(*map[i]) )
-+ map[i] = NULL;
-+
-+ /*
-+ * See comment in p2m_pod_zero_check_superpage() re gnttab
-+ * check timing.
-+ */
-+ if ( j < (PAGE_SIZE / sizeof(*map[i])) )
- {
-- p2m_set_entry(p2m, gfns[i], mfns[i], PAGE_ORDER_4K,
-- types[i], p2m->default_access);
-+ /*
-+ * If the previous p2m_set_entry call succeeded, this one shouldn't
-+ * be able to fail. If it does, crashing the domain should be safe.
-+ */
-+ if ( p2m_set_entry(p2m, gfns[i], mfns[i], PAGE_ORDER_4K,
-+ types[i], p2m->default_access) )
-+ {
-+ ASSERT_UNREACHABLE();
-+ domain_crash(d);
-+ goto out_unmap;
-+ }
- }
- else
- {
-@@ -929,7 +964,17 @@ p2m_pod_zero_check(struct p2m_domain *p2m, unsigned long *gfns, int count)
- p2m->pod.entry_count++;
- }
- }
--
-+
-+ return;
-+
-+out_unmap:
-+ /*
-+ * Something went wrong, probably crashing the domain. Unmap
-+ * everything and return.
-+ */
-+ for ( i = 0; i < count; i++ )
-+ if ( map[i] )
-+ unmap_domain_page(map[i]);
- }
-
- #define POD_SWEEP_LIMIT 1024
---
-2.15.0
-
diff --git a/system/xen/xsa/xsa247-4.9-0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas.patch b/system/xen/xsa/xsa247-4.9-0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas.patch
deleted file mode 100644
index 8c850bd7f5..0000000000
--- a/system/xen/xsa/xsa247-4.9-0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From d4bc7833707351a5341a6bdf04c752a028d9560d Mon Sep 17 00:00:00 2001
-From: George Dunlap <george.dunlap@citrix.com>
-Date: Fri, 10 Nov 2017 16:53:55 +0000
-Subject: [PATCH 2/2] p2m: Check return value of p2m_set_entry() when
- decreasing reservation
-
-If the entire range specified to p2m_pod_decrease_reservation() is marked
-populate-on-demand, then it will make a single p2m_set_entry() call,
-reducing its PoD entry count.
-
-Unfortunately, in the right circumstances, this p2m_set_entry() call
-may fail. It that case, repeated calls to decrease_reservation() may
-cause p2m->pod.entry_count to fall below zero, potentially tripping
-over BUG_ON()s to the contrary.
-
-Instead, check to see if the entry succeeded, and return false if not.
-The caller will then call guest_remove_page() on the gfns, which will
-return -EINVAL upon finding no valid memory there to return.
-
-Unfortunately if the order > 0, the entry may have partially changed.
-A domain_crash() is probably the safest thing in that case.
-
-Other p2m_set_entry() calls in the same function should be fine,
-because they are writing the entry at its current order. Nonetheless,
-check the return value and crash if our assumption turns otu to be
-wrong.
-
-This is part of XSA-247.
-
-Reported-by: George Dunlap <george.dunlap.com>
-Signed-off-by: George Dunlap <george.dunlap@citrix.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
----
-v2: Crash the domain if we're not sure it's safe (or if we think it
-can't happen)
----
- xen/arch/x86/mm/p2m-pod.c | 42 +++++++++++++++++++++++++++++++++---------
- 1 file changed, 33 insertions(+), 9 deletions(-)
-
-diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c
-index f2ed751892..473d6a6dbf 100644
---- a/xen/arch/x86/mm/p2m-pod.c
-+++ b/xen/arch/x86/mm/p2m-pod.c
-@@ -555,11 +555,23 @@ p2m_pod_decrease_reservation(struct domain *d,
-
- if ( !nonpod )
- {
-- /* All PoD: Mark the whole region invalid and tell caller
-- * we're done. */
-- p2m_set_entry(p2m, gpfn, INVALID_MFN, order, p2m_invalid,
-- p2m->default_access);
-- p2m->pod.entry_count-=(1<<order);
-+ /*
-+ * All PoD: Mark the whole region invalid and tell caller
-+ * we're done.
-+ */
-+ if ( p2m_set_entry(p2m, gpfn, INVALID_MFN, order, p2m_invalid,
-+ p2m->default_access) )
-+ {
-+ /*
-+ * If this fails, we can't tell how much of the range was changed.
-+ * Best to crash the domain unless we're sure a partial change is
-+ * impossible.
-+ */
-+ if ( order != 0 )
-+ domain_crash(d);
-+ goto out_unlock;
-+ }
-+ p2m->pod.entry_count -= 1UL << order;
- BUG_ON(p2m->pod.entry_count < 0);
- ret = 1;
- goto out_entry_check;
-@@ -600,8 +612,14 @@ p2m_pod_decrease_reservation(struct domain *d,
- n = 1UL << cur_order;
- if ( t == p2m_populate_on_demand )
- {
-- p2m_set_entry(p2m, gpfn + i, INVALID_MFN, cur_order,
-- p2m_invalid, p2m->default_access);
-+ /* This shouldn't be able to fail */
-+ if ( p2m_set_entry(p2m, gpfn + i, INVALID_MFN, cur_order,
-+ p2m_invalid, p2m->default_access) )
-+ {
-+ ASSERT_UNREACHABLE();
-+ domain_crash(d);
-+ goto out_unlock;
-+ }
- p2m->pod.entry_count -= n;
- BUG_ON(p2m->pod.entry_count < 0);
- pod -= n;
-@@ -622,8 +640,14 @@ p2m_pod_decrease_reservation(struct domain *d,
-
- page = mfn_to_page(mfn);
-
-- p2m_set_entry(p2m, gpfn + i, INVALID_MFN, cur_order,
-- p2m_invalid, p2m->default_access);
-+ /* This shouldn't be able to fail */
-+ if ( p2m_set_entry(p2m, gpfn + i, INVALID_MFN, cur_order,
-+ p2m_invalid, p2m->default_access) )
-+ {
-+ ASSERT_UNREACHABLE();
-+ domain_crash(d);
-+ goto out_unlock;
-+ }
- p2m_tlb_flush_sync(p2m);
- for ( j = 0; j < n; ++j )
- set_gpfn_from_mfn(mfn_x(mfn), INVALID_M2P_ENTRY);
---
-2.15.0
-
diff --git a/system/xen/xsa/xsa248.patch b/system/xen/xsa/xsa248.patch
deleted file mode 100644
index 966c16e043..0000000000
--- a/system/xen/xsa/xsa248.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: x86/mm: don't wrongly set page ownership
-
-PV domains can obtain mappings of any pages owned by the correct domain,
-including ones that aren't actually assigned as "normal" RAM, but used
-by Xen internally. At the moment such "internal" pages marked as owned
-by a guest include pages used to track logdirty bits, as well as p2m
-pages and the "unpaged pagetable" for HVM guests. Since the PV memory
-management and shadow code conflict in their use of struct page_info
-fields, and since shadow code is being used for log-dirty handling for
-PV domains, pages coming from the shadow pool must, for PV domains, not
-have the domain set as their owner.
-
-While the change could be done conditionally for just the PV case in
-shadow code, do it unconditionally (and for consistency also for HAP),
-just to be on the safe side.
-
-There's one special case though for shadow code: The page table used for
-running a HVM guest in unpaged mode is subject to get_page() (in
-set_shadow_status()) and hence must have its owner set.
-
-This is XSA-248.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Tim Deegan <tim@xen.org>
-Reviewed-by: George Dunlap <george.dunlap@citrix.com>
----
-v2: Drop PGC_page_table related pieces.
-
---- a/xen/arch/x86/mm/hap/hap.c
-+++ b/xen/arch/x86/mm/hap/hap.c
-@@ -286,8 +286,7 @@ static struct page_info *hap_alloc_p2m_p
- {
- d->arch.paging.hap.total_pages--;
- d->arch.paging.hap.p2m_pages++;
-- page_set_owner(pg, d);
-- pg->count_info |= 1;
-+ ASSERT(!page_get_owner(pg) && !(pg->count_info & PGC_count_mask));
- }
- else if ( !d->arch.paging.p2m_alloc_failed )
- {
-@@ -302,21 +301,23 @@ static struct page_info *hap_alloc_p2m_p
-
- static void hap_free_p2m_page(struct domain *d, struct page_info *pg)
- {
-+ struct domain *owner = page_get_owner(pg);
-+
- /* This is called both from the p2m code (which never holds the
- * paging lock) and the log-dirty code (which always does). */
- paging_lock_recursive(d);
-
-- ASSERT(page_get_owner(pg) == d);
-- /* Should have just the one ref we gave it in alloc_p2m_page() */
-- if ( (pg->count_info & PGC_count_mask) != 1 ) {
-- HAP_ERROR("Odd p2m page %p count c=%#lx t=%"PRtype_info"\n",
-- pg, pg->count_info, pg->u.inuse.type_info);
-+ /* Should still have no owner and count zero. */
-+ if ( owner || (pg->count_info & PGC_count_mask) )
-+ {
-+ HAP_ERROR("d%d: Odd p2m page %"PRI_mfn" d=%d c=%lx t=%"PRtype_info"\n",
-+ d->domain_id, mfn_x(page_to_mfn(pg)),
-+ owner ? owner->domain_id : DOMID_INVALID,
-+ pg->count_info, pg->u.inuse.type_info);
- WARN();
-+ pg->count_info &= ~PGC_count_mask;
-+ page_set_owner(pg, NULL);
- }
-- pg->count_info &= ~PGC_count_mask;
-- /* Free should not decrement domain's total allocation, since
-- * these pages were allocated without an owner. */
-- page_set_owner(pg, NULL);
- d->arch.paging.hap.p2m_pages--;
- d->arch.paging.hap.total_pages++;
- hap_free(d, page_to_mfn(pg));
---- a/xen/arch/x86/mm/shadow/common.c
-+++ b/xen/arch/x86/mm/shadow/common.c
-@@ -1503,32 +1503,29 @@ shadow_alloc_p2m_page(struct domain *d)
- pg = mfn_to_page(shadow_alloc(d, SH_type_p2m_table, 0));
- d->arch.paging.shadow.p2m_pages++;
- d->arch.paging.shadow.total_pages--;
-+ ASSERT(!page_get_owner(pg) && !(pg->count_info & PGC_count_mask));
-
- paging_unlock(d);
-
-- /* Unlike shadow pages, mark p2m pages as owned by the domain.
-- * Marking the domain as the owner would normally allow the guest to
-- * create mappings of these pages, but these p2m pages will never be
-- * in the domain's guest-physical address space, and so that is not
-- * believed to be a concern. */
-- page_set_owner(pg, d);
-- pg->count_info |= 1;
- return pg;
- }
-
- static void
- shadow_free_p2m_page(struct domain *d, struct page_info *pg)
- {
-- ASSERT(page_get_owner(pg) == d);
-- /* Should have just the one ref we gave it in alloc_p2m_page() */
-- if ( (pg->count_info & PGC_count_mask) != 1 )
-+ struct domain *owner = page_get_owner(pg);
-+
-+ /* Should still have no owner and count zero. */
-+ if ( owner || (pg->count_info & PGC_count_mask) )
- {
-- SHADOW_ERROR("Odd p2m page count c=%#lx t=%"PRtype_info"\n",
-+ SHADOW_ERROR("d%d: Odd p2m page %"PRI_mfn" d=%d c=%lx t=%"PRtype_info"\n",
-+ d->domain_id, mfn_x(page_to_mfn(pg)),
-+ owner ? owner->domain_id : DOMID_INVALID,
- pg->count_info, pg->u.inuse.type_info);
-+ pg->count_info &= ~PGC_count_mask;
-+ page_set_owner(pg, NULL);
- }
-- pg->count_info &= ~PGC_count_mask;
- pg->u.sh.type = SH_type_p2m_table; /* p2m code reuses type-info */
-- page_set_owner(pg, NULL);
-
- /* This is called both from the p2m code (which never holds the
- * paging lock) and the log-dirty code (which always does). */
-@@ -3132,7 +3129,9 @@ int shadow_enable(struct domain *d, u32
- e = __map_domain_page(pg);
- write_32bit_pse_identmap(e);
- unmap_domain_page(e);
-+ pg->count_info = 1;
- pg->u.inuse.type_info = PGT_l2_page_table | 1 | PGT_validated;
-+ page_set_owner(pg, d);
- }
-
- paging_lock(d);
-@@ -3170,7 +3169,11 @@ int shadow_enable(struct domain *d, u32
- if ( rv != 0 && !pagetable_is_null(p2m_get_pagetable(p2m)) )
- p2m_teardown(p2m);
- if ( rv != 0 && pg != NULL )
-+ {
-+ pg->count_info &= ~PGC_count_mask;
-+ page_set_owner(pg, NULL);
- shadow_free_p2m_page(d, pg);
-+ }
- domain_unpause(d);
- return rv;
- }
-@@ -3279,7 +3282,22 @@ out:
-
- /* Must be called outside the lock */
- if ( unpaged_pagetable )
-+ {
-+ if ( page_get_owner(unpaged_pagetable) == d &&
-+ (unpaged_pagetable->count_info & PGC_count_mask) == 1 )
-+ {
-+ unpaged_pagetable->count_info &= ~PGC_count_mask;
-+ page_set_owner(unpaged_pagetable, NULL);
-+ }
-+ /* Complain here in cases where shadow_free_p2m_page() won't. */
-+ else if ( !page_get_owner(unpaged_pagetable) &&
-+ !(unpaged_pagetable->count_info & PGC_count_mask) )
-+ SHADOW_ERROR("d%d: Odd unpaged pt %"PRI_mfn" c=%lx t=%"PRtype_info"\n",
-+ d->domain_id, mfn_x(page_to_mfn(unpaged_pagetable)),
-+ unpaged_pagetable->count_info,
-+ unpaged_pagetable->u.inuse.type_info);
- shadow_free_p2m_page(d, unpaged_pagetable);
-+ }
- }
-
- void shadow_final_teardown(struct domain *d)
diff --git a/system/xen/xsa/xsa249.patch b/system/xen/xsa/xsa249.patch
deleted file mode 100644
index ecfa4305e5..0000000000
--- a/system/xen/xsa/xsa249.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: x86/shadow: fix refcount overflow check
-
-Commit c385d27079 ("x86 shadow: for multi-page shadows, explicitly track
-the first page") reduced the refcount width to 25, without adjusting the
-overflow check. Eliminate the disconnect by using a manifest constant.
-
-Interestingly, up to commit 047782fa01 ("Out-of-sync L1 shadows: OOS
-snapshot") the refcount was 27 bits wide, yet the check was already
-using 26.
-
-This is XSA-249.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: George Dunlap <george.dunlap@citrix.com>
-Reviewed-by: Tim Deegan <tim@xen.org>
----
-v2: Simplify expression back to the style it was.
-
---- a/xen/arch/x86/mm/shadow/private.h
-+++ b/xen/arch/x86/mm/shadow/private.h
-@@ -529,7 +529,7 @@ static inline int sh_get_ref(struct doma
- x = sp->u.sh.count;
- nx = x + 1;
-
-- if ( unlikely(nx >= 1U<<26) )
-+ if ( unlikely(nx >= (1U << PAGE_SH_REFCOUNT_WIDTH)) )
- {
- SHADOW_PRINTK("shadow ref overflow, gmfn=%lx smfn=%lx\n",
- __backpointer(sp), mfn_x(smfn));
---- a/xen/include/asm-x86/mm.h
-+++ b/xen/include/asm-x86/mm.h
-@@ -82,7 +82,8 @@ struct page_info
- unsigned long type:5; /* What kind of shadow is this? */
- unsigned long pinned:1; /* Is the shadow pinned? */
- unsigned long head:1; /* Is this the first page of the shadow? */
-- unsigned long count:25; /* Reference count */
-+#define PAGE_SH_REFCOUNT_WIDTH 25
-+ unsigned long count:PAGE_SH_REFCOUNT_WIDTH; /* Reference count */
- } sh;
-
- /* Page is on a free list: ((count_info & PGC_count_mask) == 0). */
diff --git a/system/xen/xsa/xsa250.patch b/system/xen/xsa/xsa250.patch
deleted file mode 100644
index 26aeb33fed..0000000000
--- a/system/xen/xsa/xsa250.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: x86/shadow: fix ref-counting error handling
-
-The old-Linux handling in shadow_set_l4e() mistakenly ORed together the
-results of sh_get_ref() and sh_pin(). As the latter failing is not a
-correctness problem, simply ignore its return value.
-
-In sh_set_toplevel_shadow() a failing sh_get_ref() must not be
-accompanied by installing the entry, despite the domain being crashed.
-
-This is XSA-250.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/mm/shadow/multi.c
-+++ b/xen/arch/x86/mm/shadow/multi.c
-@@ -923,7 +923,7 @@ static int shadow_set_l4e(struct domain
- shadow_l4e_t new_sl4e,
- mfn_t sl4mfn)
- {
-- int flags = 0, ok;
-+ int flags = 0;
- shadow_l4e_t old_sl4e;
- paddr_t paddr;
- ASSERT(sl4e != NULL);
-@@ -938,15 +938,16 @@ static int shadow_set_l4e(struct domain
- {
- /* About to install a new reference */
- mfn_t sl3mfn = shadow_l4e_get_mfn(new_sl4e);
-- ok = sh_get_ref(d, sl3mfn, paddr);
-- /* Are we pinning l3 shadows to handle wierd linux behaviour? */
-- if ( sh_type_is_pinnable(d, SH_type_l3_64_shadow) )
-- ok |= sh_pin(d, sl3mfn);
-- if ( !ok )
-+
-+ if ( !sh_get_ref(d, sl3mfn, paddr) )
- {
- domain_crash(d);
- return SHADOW_SET_ERROR;
- }
-+
-+ /* Are we pinning l3 shadows to handle weird Linux behaviour? */
-+ if ( sh_type_is_pinnable(d, SH_type_l3_64_shadow) )
-+ sh_pin(d, sl3mfn);
- }
-
- /* Write the new entry */
-@@ -3965,14 +3966,15 @@ sh_set_toplevel_shadow(struct vcpu *v,
-
- /* Take a ref to this page: it will be released in sh_detach_old_tables()
- * or the next call to set_toplevel_shadow() */
-- if ( !sh_get_ref(d, smfn, 0) )
-+ if ( sh_get_ref(d, smfn, 0) )
-+ new_entry = pagetable_from_mfn(smfn);
-+ else
- {
- SHADOW_ERROR("can't install %#lx as toplevel shadow\n", mfn_x(smfn));
- domain_crash(d);
-+ new_entry = pagetable_null();
- }
-
-- new_entry = pagetable_from_mfn(smfn);
--
- install_new_entry:
- /* Done. Install it */
- SHADOW_PRINTK("%u/%u [%u] gmfn %#"PRI_mfn" smfn %#"PRI_mfn"\n",
diff --git a/system/xen/xsa/xsa251.patch b/system/xen/xsa/xsa251.patch
deleted file mode 100644
index 582ef622eb..0000000000
--- a/system/xen/xsa/xsa251.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: x86/paging: don't unconditionally BUG() on finding SHARED_M2P_ENTRY
-
-PV guests can fully control the values written into the P2M.
-
-This is XSA-251.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
---- a/xen/arch/x86/mm/paging.c
-+++ b/xen/arch/x86/mm/paging.c
-@@ -274,7 +274,7 @@ void paging_mark_pfn_dirty(struct domain
- return;
-
- /* Shared MFNs should NEVER be marked dirty */
-- BUG_ON(SHARED_M2P(pfn_x(pfn)));
-+ BUG_ON(paging_mode_translate(d) && SHARED_M2P(pfn_x(pfn)));
-
- /*
- * Values with the MSB set denote MFNs that aren't really part of the
diff --git a/system/xen/xsa/xsa252.patch b/system/xen/xsa/xsa252.patch
new file mode 100644
index 0000000000..8615928142
--- /dev/null
+++ b/system/xen/xsa/xsa252.patch
@@ -0,0 +1,27 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: memory: don't implicitly unpin for decrease-reservation
+
+It very likely was a mistake (copy-and-paste from domain cleanup code)
+to implicitly unpin here: The caller should really unpin itself before
+(or after, if they so wish) requesting the page to be removed.
+
+This is XSA-252.
+
+Reported-by: Jann Horn <jannh@google.com>
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
+
+--- a/xen/common/memory.c
++++ b/xen/common/memory.c
+@@ -357,11 +357,6 @@ int guest_remove_page(struct domain *d,
+
+ rc = guest_physmap_remove_page(d, _gfn(gmfn), mfn, 0);
+
+-#ifdef _PGT_pinned
+- if ( !rc && test_and_clear_bit(_PGT_pinned, &page->u.inuse.type_info) )
+- put_page_and_type(page);
+-#endif
+-
+ /*
+ * With the lack of an IOMMU on some platforms, domains with DMA-capable
+ * device must retrieve the same pfn when the hypercall populate_physmap
diff --git a/system/xen/xsa/xsa253.patch b/system/xen/xsa/xsa253.patch
new file mode 100644
index 0000000000..19e4269358
--- /dev/null
+++ b/system/xen/xsa/xsa253.patch
@@ -0,0 +1,26 @@
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Subject: x86/msr: Free msr_vcpu_policy during vcpu destruction
+
+c/s 4187f79dc7 "x86/msr: introduce struct msr_vcpu_policy" introduced a
+per-vcpu memory allocation, but failed to free it in the clean vcpu
+destruction case.
+
+This is XSA-253
+
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
+index b17468c..0ae715d 100644
+--- a/xen/arch/x86/domain.c
++++ b/xen/arch/x86/domain.c
+@@ -382,6 +382,9 @@ void vcpu_destroy(struct vcpu *v)
+
+ vcpu_destroy_fpu(v);
+
++ xfree(v->arch.msr);
++ v->arch.msr = NULL;
++
+ if ( !is_idle_domain(v->domain) )
+ vpmu_destroy(v);
+
diff --git a/system/xen/xsa/xsa255-1.patch b/system/xen/xsa/xsa255-1.patch
new file mode 100644
index 0000000000..f8bba9e516
--- /dev/null
+++ b/system/xen/xsa/xsa255-1.patch
@@ -0,0 +1,133 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: gnttab/ARM: don't corrupt shared GFN array
+
+... by writing status GFNs to it. Introduce a second array instead.
+Also implement gnttab_status_gmfn() properly now that the information is
+suitably being tracked.
+
+While touching it anyway, remove a misguided (but luckily benign) upper
+bound check from gnttab_shared_gmfn(): We should never access beyond the
+bounds of that array.
+
+This is part of XSA-255.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
+Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
+---
+v3: Don't init the ARM GFN arrays to zero anymore, use INVALID_GFN.
+v2: New.
+
+--- a/xen/common/grant_table.c
++++ b/xen/common/grant_table.c
+@@ -3775,6 +3775,7 @@ int gnttab_map_frame(struct domain *d, u
+ {
+ int rc = 0;
+ struct grant_table *gt = d->grant_table;
++ bool status = false;
+
+ grant_write_lock(gt);
+
+@@ -3785,6 +3786,7 @@ int gnttab_map_frame(struct domain *d, u
+ (idx & XENMAPIDX_grant_table_status) )
+ {
+ idx &= ~XENMAPIDX_grant_table_status;
++ status = true;
+ if ( idx < nr_status_frames(gt) )
+ *mfn = _mfn(virt_to_mfn(gt->status[idx]));
+ else
+@@ -3802,7 +3804,7 @@ int gnttab_map_frame(struct domain *d, u
+ }
+
+ if ( !rc )
+- gnttab_set_frame_gfn(gt, idx, gfn);
++ gnttab_set_frame_gfn(gt, status, idx, gfn);
+
+ grant_write_unlock(gt);
+
+--- a/xen/include/asm-arm/grant_table.h
++++ b/xen/include/asm-arm/grant_table.h
+@@ -9,7 +9,8 @@
+ #define INITIAL_NR_GRANT_FRAMES 1U
+
+ struct grant_table_arch {
+- gfn_t *gfn;
++ gfn_t *shared_gfn;
++ gfn_t *status_gfn;
+ };
+
+ void gnttab_clear_flag(unsigned long nr, uint16_t *addr);
+@@ -21,7 +22,6 @@ int replace_grant_host_mapping(unsigned
+ unsigned long new_gpaddr, unsigned int flags);
+ void gnttab_mark_dirty(struct domain *d, unsigned long l);
+ #define gnttab_create_status_page(d, t, i) do {} while (0)
+-#define gnttab_status_gmfn(d, t, i) (0)
+ #define gnttab_release_host_mappings(domain) 1
+ static inline int replace_grant_supported(void)
+ {
+@@ -42,19 +42,35 @@ static inline unsigned int gnttab_dom0_m
+
+ #define gnttab_init_arch(gt) \
+ ({ \
+- (gt)->arch.gfn = xzalloc_array(gfn_t, (gt)->max_grant_frames); \
+- ( (gt)->arch.gfn ? 0 : -ENOMEM ); \
++ unsigned int ngf_ = (gt)->max_grant_frames; \
++ unsigned int nsf_ = grant_to_status_frames(ngf_); \
++ \
++ (gt)->arch.shared_gfn = xmalloc_array(gfn_t, ngf_); \
++ (gt)->arch.status_gfn = xmalloc_array(gfn_t, nsf_); \
++ if ( (gt)->arch.shared_gfn && (gt)->arch.status_gfn ) \
++ { \
++ while ( ngf_-- ) \
++ (gt)->arch.shared_gfn[ngf_] = INVALID_GFN; \
++ while ( nsf_-- ) \
++ (gt)->arch.status_gfn[nsf_] = INVALID_GFN; \
++ } \
++ else \
++ gnttab_destroy_arch(gt); \
++ (gt)->arch.shared_gfn ? 0 : -ENOMEM; \
+ })
+
+ #define gnttab_destroy_arch(gt) \
+ do { \
+- xfree((gt)->arch.gfn); \
+- (gt)->arch.gfn = NULL; \
++ xfree((gt)->arch.shared_gfn); \
++ (gt)->arch.shared_gfn = NULL; \
++ xfree((gt)->arch.status_gfn); \
++ (gt)->arch.status_gfn = NULL; \
+ } while ( 0 )
+
+-#define gnttab_set_frame_gfn(gt, idx, gfn) \
++#define gnttab_set_frame_gfn(gt, st, idx, gfn) \
+ do { \
+- (gt)->arch.gfn[idx] = gfn; \
++ ((st) ? (gt)->arch.status_gfn : (gt)->arch.shared_gfn)[idx] = \
++ (gfn); \
+ } while ( 0 )
+
+ #define gnttab_create_shared_page(d, t, i) \
+@@ -65,8 +81,10 @@ static inline unsigned int gnttab_dom0_m
+ } while ( 0 )
+
+ #define gnttab_shared_gmfn(d, t, i) \
+- ( ((i >= nr_grant_frames(t)) && \
+- (i < (t)->max_grant_frames))? 0 : gfn_x((t)->arch.gfn[i]))
++ gfn_x(((i) >= nr_grant_frames(t)) ? INVALID_GFN : (t)->arch.shared_gfn[i])
++
++#define gnttab_status_gmfn(d, t, i) \
++ gfn_x(((i) >= nr_status_frames(t)) ? INVALID_GFN : (t)->arch.status_gfn[i])
+
+ #define gnttab_need_iommu_mapping(d) \
+ (is_domain_direct_mapped(d) && need_iommu(d))
+--- a/xen/include/asm-x86/grant_table.h
++++ b/xen/include/asm-x86/grant_table.h
+@@ -46,7 +46,7 @@ static inline unsigned int gnttab_dom0_m
+
+ #define gnttab_init_arch(gt) 0
+ #define gnttab_destroy_arch(gt) do {} while ( 0 )
+-#define gnttab_set_frame_gfn(gt, idx, gfn) do {} while ( 0 )
++#define gnttab_set_frame_gfn(gt, st, idx, gfn) do {} while ( 0 )
+
+ #define gnttab_create_shared_page(d, t, i) \
+ do { \
diff --git a/system/xen/xsa/xsa255-2.patch b/system/xen/xsa/xsa255-2.patch
new file mode 100644
index 0000000000..402b6efe98
--- /dev/null
+++ b/system/xen/xsa/xsa255-2.patch
@@ -0,0 +1,167 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: gnttab: don't blindly free status pages upon version change
+
+There may still be active mappings, which would trigger the respective
+BUG_ON(). Split the loop into one dealing with the page attributes and
+the second (when the first fully passed) freeing the pages. Return an
+error if any pages still have pending references.
+
+This is part of XSA-255.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
+Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
+---
+v4: Add gprintk(XENLOG_ERR, ...) to domain_crash() invocations.
+v3: Call guest_physmap_remove_page() from gnttab_map_frame(), making the
+ code unconditional at the same time. Re-base over changes to first
+ patch.
+v2: Also deal with translated guests.
+
+--- a/xen/common/grant_table.c
++++ b/xen/common/grant_table.c
+@@ -1636,23 +1636,74 @@ status_alloc_failed:
+ return -ENOMEM;
+ }
+
+-static void
++static int
+ gnttab_unpopulate_status_frames(struct domain *d, struct grant_table *gt)
+ {
+- int i;
++ unsigned int i;
+
+ for ( i = 0; i < nr_status_frames(gt); i++ )
+ {
+ struct page_info *pg = virt_to_page(gt->status[i]);
++ gfn_t gfn = gnttab_get_frame_gfn(gt, true, i);
++
++ /*
++ * For translated domains, recovering from failure after partial
++ * changes were made is more complicated than it seems worth
++ * implementing at this time. Hence respective error paths below
++ * crash the domain in such a case.
++ */
++ if ( paging_mode_translate(d) )
++ {
++ int rc = gfn_eq(gfn, INVALID_GFN)
++ ? 0
++ : guest_physmap_remove_page(d, gfn,
++ _mfn(page_to_mfn(pg)), 0);
++
++ if ( rc )
++ {
++ gprintk(XENLOG_ERR,
++ "Could not remove status frame %u (GFN %#lx) from P2M\n",
++ i, gfn_x(gfn));
++ domain_crash(d);
++ return rc;
++ }
++ gnttab_set_frame_gfn(gt, true, i, INVALID_GFN);
++ }
+
+ BUG_ON(page_get_owner(pg) != d);
+ if ( test_and_clear_bit(_PGC_allocated, &pg->count_info) )
+ put_page(pg);
+- BUG_ON(pg->count_info & ~PGC_xen_heap);
++
++ if ( pg->count_info & ~PGC_xen_heap )
++ {
++ if ( paging_mode_translate(d) )
++ {
++ gprintk(XENLOG_ERR,
++ "Wrong page state %#lx of status frame %u (GFN %#lx)\n",
++ pg->count_info, i, gfn_x(gfn));
++ domain_crash(d);
++ }
++ else
++ {
++ if ( get_page(pg, d) )
++ set_bit(_PGC_allocated, &pg->count_info);
++ while ( i-- )
++ gnttab_create_status_page(d, gt, i);
++ }
++ return -EBUSY;
++ }
++
++ page_set_owner(pg, NULL);
++ }
++
++ for ( i = 0; i < nr_status_frames(gt); i++ )
++ {
+ free_xenheap_page(gt->status[i]);
+ gt->status[i] = NULL;
+ }
+ gt->nr_status_frames = 0;
++
++ return 0;
+ }
+
+ /*
+@@ -2962,8 +3013,9 @@ gnttab_set_version(XEN_GUEST_HANDLE_PARA
+ break;
+ }
+
+- if ( op.version < 2 && gt->gt_version == 2 )
+- gnttab_unpopulate_status_frames(currd, gt);
++ if ( op.version < 2 && gt->gt_version == 2 &&
++ (res = gnttab_unpopulate_status_frames(currd, gt)) != 0 )
++ goto out_unlock;
+
+ /* Make sure there's no crud left over from the old version. */
+ for ( i = 0; i < nr_grant_frames(gt); i++ )
+@@ -3803,6 +3855,11 @@ int gnttab_map_frame(struct domain *d, u
+ rc = -EINVAL;
+ }
+
++ if ( !rc && paging_mode_translate(d) &&
++ !gfn_eq(gnttab_get_frame_gfn(gt, status, idx), INVALID_GFN) )
++ rc = guest_physmap_remove_page(d, gnttab_get_frame_gfn(gt, status, idx),
++ *mfn, 0);
++
+ if ( !rc )
+ gnttab_set_frame_gfn(gt, status, idx, gfn);
+
+--- a/xen/include/asm-arm/grant_table.h
++++ b/xen/include/asm-arm/grant_table.h
+@@ -73,6 +73,11 @@ static inline unsigned int gnttab_dom0_m
+ (gfn); \
+ } while ( 0 )
+
++#define gnttab_get_frame_gfn(gt, st, idx) ({ \
++ _gfn((st) ? gnttab_status_gmfn(NULL, gt, idx) \
++ : gnttab_shared_gmfn(NULL, gt, idx)); \
++})
++
+ #define gnttab_create_shared_page(d, t, i) \
+ do { \
+ share_xen_page_with_guest( \
+--- a/xen/include/asm-x86/grant_table.h
++++ b/xen/include/asm-x86/grant_table.h
+@@ -47,6 +47,12 @@ static inline unsigned int gnttab_dom0_m
+ #define gnttab_init_arch(gt) 0
+ #define gnttab_destroy_arch(gt) do {} while ( 0 )
+ #define gnttab_set_frame_gfn(gt, st, idx, gfn) do {} while ( 0 )
++#define gnttab_get_frame_gfn(gt, st, idx) ({ \
++ unsigned long mfn_ = (st) ? gnttab_status_mfn(gt, idx) \
++ : gnttab_shared_mfn(gt, idx); \
++ unsigned long gpfn_ = get_gpfn_from_mfn(mfn_); \
++ VALID_M2P(gpfn_) ? _gfn(gpfn_) : INVALID_GFN; \
++})
+
+ #define gnttab_create_shared_page(d, t, i) \
+ do { \
+@@ -63,11 +69,11 @@ static inline unsigned int gnttab_dom0_m
+ } while ( 0 )
+
+
+-#define gnttab_shared_mfn(d, t, i) \
++#define gnttab_shared_mfn(t, i) \
+ ((virt_to_maddr((t)->shared_raw[i]) >> PAGE_SHIFT))
+
+ #define gnttab_shared_gmfn(d, t, i) \
+- (mfn_to_gmfn(d, gnttab_shared_mfn(d, t, i)))
++ (mfn_to_gmfn(d, gnttab_shared_mfn(t, i)))
+
+
+ #define gnttab_status_mfn(t, i) \
diff --git a/system/xen/xsa/xsa256.patch b/system/xen/xsa/xsa256.patch
new file mode 100644
index 0000000000..50ff24e17b
--- /dev/null
+++ b/system/xen/xsa/xsa256.patch
@@ -0,0 +1,40 @@
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Subject: x86/hvm: Disallow the creation of HVM domains without Local APIC emulation
+
+There are multiple problems, not necesserily limited to:
+
+ * Guests which configure event channels via hvmop_set_evtchn_upcall_vector(),
+ or which hit %cr8 emulation will cause Xen to fall over a NULL vlapic->regs
+ pointer.
+
+ * On Intel hardware, disabling the TPR_SHADOW execution control without
+ reenabling CR8_{LOAD,STORE} interception means that the guests %cr8
+ accesses interact with the real TPR. Amongst other things, setting the
+ real TPR to 0xf blocks even IPIs from interrupting this CPU.
+
+ * On hardware which sets up the use of Interrupt Posting, including
+ IOMMU-Posting, guests run without the appropriate non-root configuration,
+ which at a minimum will result in dropped interrupts.
+
+Whether no-LAPIC mode is of any use at all remains to be seen.
+
+This is XSA-256.
+
+Reported-by: Ian Jackson <ian.jackson@eu.citrix.com>
+Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
+index f93327b..f65fc12 100644
+--- a/xen/arch/x86/domain.c
++++ b/xen/arch/x86/domain.c
+@@ -413,7 +413,7 @@ static bool emulation_flags_ok(const struct domain *d, uint32_t emflags)
+ if ( is_hardware_domain(d) &&
+ emflags != (XEN_X86_EMU_LAPIC|XEN_X86_EMU_IOAPIC) )
+ return false;
+- if ( !is_hardware_domain(d) && emflags &&
++ if ( !is_hardware_domain(d) &&
+ emflags != XEN_X86_EMU_ALL && emflags != XEN_X86_EMU_LAPIC )
+ return false;
+ }