| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit b5cc3c25a242ddb9c5b108884061b17f35c3084b, reinstating the
original change as per e1d75084443f676be681fdaf47585cc9a5f5b820.
We think the OSSTest failure has been addressed now.
Link: https://lore.kernel.org/xen-devel/20d41dd0-19d1-47fb-92ab-4de458ddd56f@perard/
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
| |
|
|
|
| |
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Julien Grall <jgrall@amazon.com>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit e1d75084443f676be681fdaf47585cc9a5f5b820.
After spending ages sorting out Gitlab CI, it appears that OSSTest too has an
out-of-date Lets Encrypt cert. Revert again in the short term while we fix
this up.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Obtaining code over an insecure transport is a terrible idea for
blatently obvious reasons. Even for non-executable data, insecure
transports are considered deprecated.
This patch enforces the use of secure transports for all xenbits.xen.org
URLs. All altered links have been tested and are known to work.
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Obtaining code over an insecure transport is a terrible idea for
blatently obvious reasons. Even for non-executable data, insecure
transports are considered deprecated.
This patch enforces the use of secure transports for all xenbits git
repositories. It was generated with the following shell script:
git ls-files -z |
xargs -0 -- sed -Ei -- 's@(git://xenbits\.xen\.org|http://xenbits\.xen\.org/git-http)/@https://xenbits.xen.org/git-http/@g'
All altered links have been tested and are known to work.
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
| |
|
|
|
|
|
|
|
| |
This reverts the build system relevant half of commit
a4557f515fb002010b34b79102278ea03d6b31a3, as gitlab CI can't fully cope
with the change just yet.
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
| |
|
|
|
|
|
| |
Also switch to xenbits.xenproject.org at this occasion.
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
|
| |
|
|
|
| |
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
| |
|
|
|
|
|
|
| |
The branch is unstable again.
This reverts commit b4ddd34d3a199167d48a50c72729be397c50f8cd.
Signed-off-by: Julien Grall <jgrall@amazon.com>
|
| |
|
|
|
| |
Signed-off-by: Julien Grall <jgrall@amazon.com>
Release-acked-by: Henry Wang <Henry.Wang@arm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This breaks all Clang builds, as demostrated by Gitlab CI.
Contrary to the description in ecd6b9759919, -no-pie is not even an option
passed to the linker. GCC's actual behaviour is to inhibit the passing of
-pie to the linker, as well as selecting different cr0 artefacts to be linked.
EMBEDDED_EXTRA_CFLAGS is not used for $(CC)-doing-linking, and not liable to
gain such a usecase.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Fixes: ecd6b9759919 ("Config.mk: correct PIE-related option(s) in EMBEDDED_EXTRA_CFLAGS")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I haven't been able to find evidence of "-nopie" ever having been a
supported compiler option. The correct spelling is "-no-pie".
Furthermore like "-pie" this is an option which is solely passed to the
linker. The compiler only recognizes "-fpie" / "-fPIE" / "-fno-pie", and
it doesn't infer these options from "-pie" / "-no-pie".
Add the compiler recognized form, but for the possible case of the
variable also being used somewhere for linking keep the linker option as
well (with corrected spelling).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Julien Grall <jgrall@amazon.com>
|
| |
|
|
|
|
|
|
| |
Switch to use the newest Mini-OS commit in order to get the recent
fixes.
Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
|
| |
|
|
|
| |
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Julien Grall <jgrall@amazon.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prevent the assembler from creating a .note.gnu.property section on
the output objects, as it's not useful for firmware related binaries,
and breaks the resulting rombios image.
This requires modifying the cc-option Makefile macro so it can test
assembler options (by replacing the usage of the -S flag with -c) and
also stripping the -Wa, prefix if present when checking for the test
output.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CET Indirect Branch Tracking is a hardware feature designed to provide
forward-edge control flow integrity, protecting against jump/call oriented
programming.
IBT requires the placement of endbr{32,64} instructions at the target of every
indirect call/jmp, and every entrypoint.
However, the default -fcf-protection=branch places an endbr{32,64} on every
function which far more than necessary, and reduces the quantity of protection
afforded. Therefore, we use manual placement using the cf_check attribute.
It is necessary to check for both compiler and assembler support, as the
notrack prefix can be emitted in certain cases.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
|
| |
|
|
|
| |
Signed-off-by: Wei Liu <wl@xen.org>
Acked-by: Jan Beulich <jbeulich@suse.com>
|
| |
|
|
|
|
|
|
| |
In order to be able to use the recent Mini-OS features switch to the
most recent commit.
Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
| |
|
|
|
|
|
|
| |
In order to be able to use the recent Mini-OS features switch to the
most recent commit.
Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This avoid the need to generate the _paths.h header when the
information is from autoconf anyway.
They are no more users of the "buildmakevars2header" macro, so it can
be removed from "Config.mk".
Also removed the extra "-f" flag where "$(RM)" is used (xl/Makefile).
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
|
| |
|
|
|
|
| |
This branch is unstable again now.
This reverts commit c9ce6afbf2d7772f47fc572bb7fc9555724927ed.
|
| |
|
|
| |
Signed-off-by: Ian Jackson <iwj@xenproject.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows to easily add more override which depends on the
environment.
Also, move the check out of Config.mk and into xen/ build system.
Nothing in tools/ is using that information as it's done by
./configure.
We named the new file ".allconfig.tmp" as ".*.tmp" are already ignored
via .gitignore.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Luca Fancellu <luca.fancellu@arm.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Switch the used Mini-OS commit to 9f09744aa3e5982 in xen-unstable.
[ 9f09744aa3e5982 is current mini-os.git#master -iwj. ]
Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Ian Jackson <iwj@xenproject.org>
|
| |/
|
|
|
|
| |
Update to the latest stable tag.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A platform introduced in EDK II named OvmfXen is now the one to use for
Xen instead of OvmfX64. It comes with PVH support.
Also, the Xen support in OvmfX64 is deprecated,
"deprecation notice: *dynamic* multi-VMM (QEMU vs. Xen) support in OvmfPkg"
https://edk2.groups.io/g/devel/message/75498
and has been removed upstream.
We need to also update to a newer version of OVMF as OvmfXen in the
release "edk2-stable202105" doesn't work well with Xen, so we need the
fix b37cfdd28071 ("OvmfPkg/XenPlatformPei: Relocate shared_info page
mapping").
Also, don't set anymore the number of thread for parallel build when
building the newer platform, OvmfPkg/build.sh is now doing parallel
build by default.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Ian Jackson <iwj@xenproject.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
qemu-xen tree have a osstest gate and doesn't need to be pinned.
On the other hand, OVMF's xen repository doesn't have a gate and needs
to be pinned. The "master" branch correspond now to the tag
"edk2-stable202105", so pin to that commit.
Fixes: a04509d34d72 ("Branching: Update version files etc. for newly unstable")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Ian Jackson <iwj@xenproject.org>
|
| |
|
|
| |
Signed-off-by: Ian Jackson <iwj@xenproject.org>
|
| |
|
|
| |
Signed-off-by: Ian Jackson <iwj@xenproject.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
d6b12add90da ("DEPS handling: Remove absolute paths from references to
cwd") took care of massaging the dependencies of the output file, but
for our passing of -MP to the compiler to take effect the same needs to
be done on the "phony" rules that the compiler emits.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Jackson <iwj@xenproject.org>
Release-Acked-by: Ian Jackson <iwj@xenproject.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 82c3d15c903aa43 ("minios: Revert recent change and revert to
working minios") switched the used commit for the build of Xen unstable
from master to a rather old commit (the one used for Xen 4.13 instead
of the last one without a known problem).
Switch to Mini-OS commit 051b87bb9c196 instead, which doesn't contain
the problematic modification being reason for switching away from
master.
Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Wei Liu <wl@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, xen.git#staging does not build in many environments because
of issues with minios master. This regression was introduced in an
uncontrolled manner by an update to mini-os.git#master.
This is because in e013e8514389 "config: use mini-os master for
unstable" we switched to tracking minios master in an uncontrolled
manner. At the time we thought it was unlikely that minios changes
would break the Xen build. This turns out to have been overly
optimistic.
Xen currently uses unstable internal interfaces of minios. Until this
can be sorted out, internal changes to minios can require lockstep
changes in Xen.
All this means that "config: use mini-os master for unstable" was
wrong. We should undo it. Instead, we go back to the previous
situation: xen.git names a specific minios commit.
This scheme is the model used for qemu-xen-traditional.
That nailed commit must be updated manually, to have xen.git pick up
changes from minios. If the minios changes require changes in xen.git
too, to avoid breaking the Xen build, they can be made freely in
minios without adverse consequences. When the minios commitid is
updated in xen.git, the corresponding changes to the actual source
files in xen.git should be bundled together.
For example, when minios is fixed, 8d990807ec2c "stubdom/grub: update
init_netfront() call for mini-os" will need to be reapplied, folded
into the same commit as updates MINIOS_UPSTREAM_REVISION. For now
that commit must be reverted as we are going back to a previous
version of minios.
This reverts commit 8d990807ec2cde3061222a5ed2df62aba78bace9.
This reverts commit e013e8514389b739153016349e49f5a78e34ddf0.
CC: Jan Beulich <jbeulich@suse.com>
CC: Costin Lupu <costin.lupu@cs.pub.ro>
CC: Wei Liu <wl@xen.org>
CC: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Ian Jackson <iwj@xenproject.org>
|
| |
|
|
| |
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
| |
Signed-off-by: Wei Liu <wl@xen.org>
|
| |
|
|
| |
Signed-off-by: Wei Liu <wl@xen.org>
|
| |
|
|
| |
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
| |
Backport 2 commits to fix building QEMU without PCI passthrough
support.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Wei Liu <wl@xen.org>
Release-acked-by: Paul Durrant <paul@xen.org>
|
| |
|
|
|
|
|
| |
We freeze these during release prep, rather than tracking whatever
osstest passed.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Xen doesn't support CET-IBT yet. At a minimum, logic is required to enable it
for supervisor use, but the livepatch functionality needs to learn not to
overwrite ENDBR64 instructions.
Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy
version of GCC-9 which objects to it in combination with
-mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4).
Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the
beginning of the object. These paths explode when .note.gnu.properties gets
put ahead of .text and we end up executing the notes data.
Disable -fcf-protection for all embedded objects.
Reported-by: Jason Andryuk <jandryuk@gmail.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jason Andryuk <jandryuk@gmail.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
| |
|
|
|
|
|
|
| |
Users of EMBEDDED_EXTRA_CFLAGS already use -fno-asynchronous-unwind-tables, or
ought to. This shrinks the size of the rombios 32bit stubs in guest memory.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
| |
|
|
| |
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We haven't used mini-os master for about 2 years now due to a stubdom
test failing [1]. Booting a guest with mini-os master used for building
stubdom didn't reveal any problem, so use master for unstable in order
to let OSStest find any problems not showing up in the local test.
[1]: https://lists.xen.org/archives/html/minios-devel/2018-04/msg00015.html
Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Wei Liu <wl@xen.org>
|
| |
|
|
|
|
|
|
| |
Only xen/ uses as-option-add and as-insn, so there aren't needed in
Config.mk.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is in preparation of importing Kbuild to build Xen. We won't be
able to include Config.mk so we will need a replacement for the macro
`cc-ifversion'.
This patch imports parts of "scripts/Kbuild.include" from Linux v5.4,
the macro cc-ifversion. It makes use of CONFIG_GCC_VERSION that
Kconfig now provides.
Since they are no other use of Xen's `cc-ifversion' macro, we can
remove it.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This comment isn't about CONFIG_TESTS, but about SEABIOS_DIR that has
been removed.
Originally, the comment was added by 5f82d0858de1 ("tools: support
SeaBIOS. Use by default when upstream qemu is configured."), then
later the SEABIOS_DIR was removed by 14ee3c05f3ef ("Clone and build
Seabios by default") but that comment about the pain was left behind.
The commit that made CONFIG_TESTS painful was 85896a7c4dc7 ("build:
add autoconf to replace custom checks in tools/check").
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
| |
|
|
|
|
|
|
|
| |
And remove all mention of it in docs. It hasn't been used since
9ead9afcb935 ("Add configure --with-sysconfig-leaf-dir=SUBDIR to set
CONFIG_LEAF_DIR").
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
| |
|
|
| |
Signed-off-by: Wei Liu <wl@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were two problems here: The first closing parentheses got parsed
by make to end the $(call invocation, and the escaping of the quotes
wasn't right either, as there's nowhere they would get un-escaped.
Furthermore there appears to be a puzzling problem with \n getting
expanded to an actual newline too early in some environments. Convert
these to semicolons at the same time.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Roger Pau Monné <roger.pau@citrix.com> [On FreeBSD and Debian 9.5]
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
| |
|
|
| |
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
