From mboxrd@z Thu Jan 1 00:00:00 1970 From: Keir Fraser Subject: Re: [PATCH v2] Enable SMEP CPU feature support for XEN hypervisor Date: Fri, 03 Jun 2011 18:23:27 +0100 Message-ID: References: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="B_3389970218_16575456" Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: "Li, Xin" Cc: xen-devel List-Id: xen-devel@lists.xenproject.org > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --B_3389970218_16575456 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit On 03/06/2011 14:57, "Li, Xin" wrote: > Intel new CPU supports SMEP (Supervisor Mode Execution Protection). SMEP > prevents software operating with CPL < 3 (supervisor mode) from fetching > instructions from any linear address with a valid translation for which the > U/S > flag (bit 2) is 1 in every paging-structure entry controlling the translation > for the linear address. > > This patch enables SMEP in Xen to protect Xen hypervisor from executing pv > guest > instructions, whose translation paging-structure entries' U/S flags are all > set. Xin, I have attached a modified version of your patch which I believe deals with a number of issues. I briefly outline the major ones here: 1. The initialisation in cpu/common.c is misguided. Features like set_in_cr4(), setup_clear_cpu_cap(), and cpu_has_xxx, are designed to allow the feature initialisation to happen close in code to where the feature is used. Hence I have moved the initialisation into traps.c:trap_init(). 2. I have renamed the command-line option to 'smep'. Boolean options can be inverted by prepending 'no-', or appending '={0,false,off,no}'. We don't generally encode the negative within the base option name string. 3. I have pushed interpretation of the pf_type enumeration out to the callers of spurious_page_fault(). This is because a SMEP fault while Xen is executing should *crash Xen*. So that's what I do. Further, when it is a guest fault, we should domain_crash() not domain_crash_synchronous() (which is generally a more dangerous function for Xen's own health). More generally, I wonder whether SMEP should be enabled only for guests (even PV guests) which detect it via CPUID and proactively enable it via their virtualised CR4? I mean, it is off in real hardware by default for a reason: backward compatibility. Furthermore, we only detect spurious page faults for buggy old PV guests, the rest will get the SMEP fault punted up to them, which seems odd if they don't understand SMEP. What do you think? I have cc'ed Jan since he has commented on previous versions of this patch. -- Keir > It crashes a pv guest triggering SMEP fault. > > Signed-off-by: Yang Wei > Signed-off-by: Shan Haitao > Signed-off-by: Li Xin > > diff -r 0791661a32d8 xen/arch/x86/cpu/common.c > --- a/xen/arch/x86/cpu/common.c Thu Jun 02 18:46:35 2011 +0100 > +++ b/xen/arch/x86/cpu/common.c Fri Jun 03 19:59:43 2011 +0800 > @@ -222,6 +222,22 @@ static void __init early_cpu_detect(void > c->x86_capability[4] = cap4; > } > > +/* nosmep: if true, Intel SMEP is disabled. */ > +static bool_t disable_smep __cpuinitdata; > +boolean_param("nosmep", disable_smep); > + > +static void __cpuinit setup_smep(struct cpuinfo_x86 *c) > +{ > + if ( cpu_has(c, X86_FEATURE_SMEP) ) { > + if ( unlikely(disable_smep) ) > + setup_clear_cpu_cap(X86_FEATURE_SMEP); > + else { > + set_in_cr4(X86_CR4_SMEP); > + mmu_cr4_features |= X86_CR4_SMEP; > + } > + } > +} > + > void __cpuinit generic_identify(struct cpuinfo_x86 * c) > { > u32 tfms, xlvl, capability, excap, ebx; > @@ -268,6 +284,8 @@ void __cpuinit generic_identify(struct c > c->x86_capability[X86_FEATURE_FSGSBASE / 32] = ebx; > } > > + setup_smep(c); > + > early_intel_workaround(c); > > #ifdef CONFIG_X86_HT > diff -r 0791661a32d8 xen/arch/x86/traps.c > --- a/xen/arch/x86/traps.c Thu Jun 02 18:46:35 2011 +0100 > +++ b/xen/arch/x86/traps.c Fri Jun 03 19:59:43 2011 +0800 > @@ -1139,7 +1139,13 @@ static int handle_gdt_ldt_mapping_fault( > (((va) >= HYPERVISOR_VIRT_START)) > #endif > > -static int __spurious_page_fault( > +enum pf_type { > + real_page_fault, > + smep_fault, > + spurious_fault > +}; > + > +static enum pf_type __page_fault_type( > unsigned long addr, unsigned int error_code) > { > unsigned long mfn, cr3 = read_cr3(); > @@ -1151,7 +1157,7 @@ static int __spurious_page_fault( > #endif > l2_pgentry_t l2e, *l2t; > l1_pgentry_t l1e, *l1t; > - unsigned int required_flags, disallowed_flags; > + unsigned int required_flags, disallowed_flags, u_flag; > > /* > * We do not take spurious page faults in IRQ handlers as we do not > @@ -1159,11 +1165,11 @@ static int __spurious_page_fault( > * map_domain_page() is not IRQ-safe. > */ > if ( in_irq() ) > - return 0; > + return real_page_fault; > > /* Reserved bit violations are never spurious faults. */ > if ( error_code & PFEC_reserved_bit ) > - return 0; > + return real_page_fault; > > required_flags = _PAGE_PRESENT; > if ( error_code & PFEC_write_access ) > @@ -1175,6 +1181,8 @@ static int __spurious_page_fault( > if ( error_code & PFEC_insn_fetch ) > disallowed_flags |= _PAGE_NX_BIT; > > + u_flag = _PAGE_USER; > + > mfn = cr3 >> PAGE_SHIFT; > > #if CONFIG_PAGING_LEVELS >= 4 > @@ -1184,7 +1192,9 @@ static int __spurious_page_fault( > unmap_domain_page(l4t); > if ( ((l4e_get_flags(l4e) & required_flags) != required_flags) || > (l4e_get_flags(l4e) & disallowed_flags) ) > - return 0; > + return real_page_fault; > + > + u_flag &= l4e_get_flags(l4e); > #endif > > #if CONFIG_PAGING_LEVELS >= 3 > @@ -1197,13 +1207,23 @@ static int __spurious_page_fault( > unmap_domain_page(l3t); > #if CONFIG_PAGING_LEVELS == 3 > if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) ) > - return 0; > + return real_page_fault; > #else > if ( ((l3e_get_flags(l3e) & required_flags) != required_flags) || > (l3e_get_flags(l3e) & disallowed_flags) ) > - return 0; > - if ( l3e_get_flags(l3e) & _PAGE_PSE ) > - return 1; > + return real_page_fault; > + > + u_flag &= l3e_get_flags(l3e); > + > + if ( l3e_get_flags(l3e) & _PAGE_PSE ) { > + /* SMEP fault error code 10001b */ > + if ( (error_code & PFEC_insn_fetch) && > + !(error_code & PFEC_user_mode) && > + cpu_has_smep && u_flag ) > + return smep_fault; > + > + return spurious_fault; > + } > #endif > #endif > > @@ -1213,9 +1233,19 @@ static int __spurious_page_fault( > unmap_domain_page(l2t); > if ( ((l2e_get_flags(l2e) & required_flags) != required_flags) || > (l2e_get_flags(l2e) & disallowed_flags) ) > - return 0; > - if ( l2e_get_flags(l2e) & _PAGE_PSE ) > - return 1; > + return real_page_fault; > + > + u_flag &= l2e_get_flags(l2e); > + > + if ( l2e_get_flags(l2e) & _PAGE_PSE ) { > + /* SMEP fault error code 10001b */ > + if ( (error_code & PFEC_insn_fetch) && > + !(error_code & PFEC_user_mode) && > + cpu_has_smep && u_flag ) > + return smep_fault; > + > + return spurious_fault; > + } > > l1t = map_domain_page(mfn); > l1e = l1e_read_atomic(&l1t[l1_table_offset(addr)]); > @@ -1223,26 +1253,37 @@ static int __spurious_page_fault( > unmap_domain_page(l1t); > if ( ((l1e_get_flags(l1e) & required_flags) != required_flags) || > (l1e_get_flags(l1e) & disallowed_flags) ) > - return 0; > - > - return 1; > + return real_page_fault; > + > + u_flag &= l1e_get_flags(l1e); > + > + /* SMEP fault error code 10001b */ > + if ( (error_code & PFEC_insn_fetch) && > + !(error_code & PFEC_user_mode) && > + cpu_has_smep && u_flag ) > + return smep_fault; > + > + return spurious_fault; > } > > static int spurious_page_fault( > unsigned long addr, unsigned int error_code) > { > unsigned long flags; > - int is_spurious; > + enum pf_type pf_type; > > /* > * Disabling interrupts prevents TLB flushing, and hence prevents > * page tables from becoming invalid under our feet during the walk. > */ > local_irq_save(flags); > - is_spurious = __spurious_page_fault(addr, error_code); > + pf_type = __page_fault_type(addr, error_code); > local_irq_restore(flags); > > - return is_spurious; > + if ( pf_type == smep_fault ) > + domain_crash_synchronous(); > + > + return (pf_type == spurious_fault); > } > > static int fixup_page_fault(unsigned long addr, struct cpu_user_regs *regs) > diff -r 0791661a32d8 xen/include/asm-x86/cpufeature.h > --- a/xen/include/asm-x86/cpufeature.h Thu Jun 02 18:46:35 2011 +0100 > +++ b/xen/include/asm-x86/cpufeature.h Fri Jun 03 19:59:43 2011 +0800 > @@ -141,8 +141,9 @@ > #define X86_FEATURE_TBM (6*32+21) /* trailing bit manipulations */ > #define X86_FEATURE_TOPOEXT (6*32+22) /* topology extensions CPUID leafs > */ > > -/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */ > +/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 7 */ > #define X86_FEATURE_FSGSBASE (7*32+ 0) /* {RD,WR}{FS,GS}BASE instructions */ > +#define X86_FEATURE_SMEP (7*32+ 7) /* Supervisor Mode Execution Protection */ > > #define cpu_has(c, bit) test_bit(bit, (c)->x86_capability) > #define boot_cpu_has(bit) test_bit(bit, boot_cpu_data.x86_capability) > @@ -202,6 +203,8 @@ > #define cpu_has_fsgsbase boot_cpu_has(X86_FEATURE_FSGSBASE) > #endif > > +#define cpu_has_smep boot_cpu_has(X86_FEATURE_SMEP) > + > #define cpu_has_ffxsr ((boot_cpu_data.x86_vendor == X86_VENDOR_AMD) > \ > && boot_cpu_has(X86_FEATURE_FFXSR)) > > diff -r 0791661a32d8 xen/include/asm-x86/domain.h > --- a/xen/include/asm-x86/domain.h Thu Jun 02 18:46:35 2011 +0100 > +++ b/xen/include/asm-x86/domain.h Fri Jun 03 19:59:43 2011 +0800 > @@ -527,12 +527,14 @@ unsigned long pv_guest_cr4_fixup(const s > /* Convert between guest-visible and real CR4 values. */ > #define pv_guest_cr4_to_real_cr4(v) \ > (((v)->arch.pv_vcpu.ctrlreg[4] \ > - | (mmu_cr4_features & (X86_CR4_PGE | X86_CR4_PSE)) \ > - | ((v)->domain->arch.vtsc ? X86_CR4_TSD : 0) \ > - | ((xsave_enabled(v))? X86_CR4_OSXSAVE : 0)) \ > - & ~X86_CR4_DE) > -#define real_cr4_to_pv_guest_cr4(c) \ > - ((c) & ~(X86_CR4_PGE | X86_CR4_PSE | X86_CR4_TSD | X86_CR4_OSXSAVE)) > + | (mmu_cr4_features \ > + & (X86_CR4_PGE | X86_CR4_PSE | X86_CR4_SMEP)) \ > + | ((v)->domain->arch.vtsc ? X86_CR4_TSD : 0) \ > + | ((xsave_enabled(v))? X86_CR4_OSXSAVE : 0)) \ > + & ~X86_CR4_DE) > +#define real_cr4_to_pv_guest_cr4(c) \ > + ((c) & ~(X86_CR4_PGE | X86_CR4_PSE | X86_CR4_TSD \ > + | X86_CR4_OSXSAVE | X86_CR4_SMEP)) > > void domain_cpuid(struct domain *d, > unsigned int input, > diff -r 0791661a32d8 xen/include/asm-x86/processor.h > --- a/xen/include/asm-x86/processor.h Thu Jun 02 18:46:35 2011 +0100 > +++ b/xen/include/asm-x86/processor.h Fri Jun 03 19:59:43 2011 +0800 > @@ -85,6 +85,7 @@ > #define X86_CR4_SMXE 0x4000 /* enable SMX */ > #define X86_CR4_FSGSBASE 0x10000 /* enable {rd,wr}{fs,gs}base */ > #define X86_CR4_OSXSAVE 0x40000 /* enable XSAVE/XRSTOR */ > +#define X86_CR4_SMEP 0x100000/* enable SMEP */ > > /* > * Trap/fault mnemonics. --B_3389970218_16575456 Content-type: application/octet-stream; name="00-xen-smep" Content-disposition: attachment; filename="00-xen-smep" Content-transfer-encoding: base64 ZGlmZiAtciBiY2QyNDc2YzJlMmQgeGVuL2FyY2gveDg2L3RyYXBzLmMKLS0tIGEveGVuL2Fy Y2gveDg2L3RyYXBzLmMJRnJpIEp1biAwMyAxNzoyNzowMSAyMDExICswMTAwCisrKyBiL3hl bi9hcmNoL3g4Ni90cmFwcy5jCUZyaSBKdW4gMDMgMTg6MTc6NDQgMjAxMSArMDEwMApAQCAt ODUsNiArODUsMTAgQEAgc3RhdGljIGNoYXIgX19yZWFkX21vc3RseSBvcHRfbm1pWzEwXSA9 IAogI2VuZGlmCiBzdHJpbmdfcGFyYW0oIm5taSIsIG9wdF9ubWkpOwogCisvKiBzbWVwOiBl bmFibGUvZGlzYWJsZSBTdXBlcnZpc29yIE1vZGUgRXhlY3V0aW9uIFByb3RlY3Rpb24gKGRl ZmF1bHQgb24pLiAqLworc3RhdGljIGJvb2xfdCBfX2luaXRkYXRhIGRpc2FibGVfc21lcDsK K2ludmJvb2xfcGFyYW0oInNtZXAiLCBkaXNhYmxlX3NtZXApOworCiBERUZJTkVfUEVSX0NQ VSh1NjQsIGVmZXIpOwogCiBERUZJTkVfUEVSX0NQVV9SRUFEX01PU1RMWSh1MzIsIGxlcl9t c3IpOwpAQCAtMTEzOSw3ICsxMTQzLDEzIEBAIHN0YXRpYyBpbnQgaGFuZGxlX2dkdF9sZHRf bWFwcGluZ19mYXVsdCgKICAgICAoKCh2YSkgPj0gSFlQRVJWSVNPUl9WSVJUX1NUQVJUKSkK ICNlbmRpZgogCi1zdGF0aWMgaW50IF9fc3B1cmlvdXNfcGFnZV9mYXVsdCgKK2VudW0gcGZf dHlwZSB7CisgICAgcmVhbF9mYXVsdCwKKyAgICBzbWVwX2ZhdWx0LAorICAgIHNwdXJpb3Vz X2ZhdWx0Cit9OworCitzdGF0aWMgZW51bSBwZl90eXBlIF9fcGFnZV9mYXVsdF90eXBlKAog ICAgIHVuc2lnbmVkIGxvbmcgYWRkciwgdW5zaWduZWQgaW50IGVycm9yX2NvZGUpCiB7CiAg ICAgdW5zaWduZWQgbG9uZyBtZm4sIGNyMyA9IHJlYWRfY3IzKCk7CkBAIC0xMTUxLDcgKzEx NjEsNyBAQCBzdGF0aWMgaW50IF9fc3B1cmlvdXNfcGFnZV9mYXVsdCgKICNlbmRpZgogICAg IGwyX3BnZW50cnlfdCBsMmUsICpsMnQ7CiAgICAgbDFfcGdlbnRyeV90IGwxZSwgKmwxdDsK LSAgICB1bnNpZ25lZCBpbnQgcmVxdWlyZWRfZmxhZ3MsIGRpc2FsbG93ZWRfZmxhZ3M7Cisg ICAgdW5zaWduZWQgaW50IHJlcXVpcmVkX2ZsYWdzLCBkaXNhbGxvd2VkX2ZsYWdzLCBwYWdl X3VzZXI7CiAKICAgICAvKgogICAgICAqIFdlIGRvIG5vdCB0YWtlIHNwdXJpb3VzIHBhZ2Ug ZmF1bHRzIGluIElSUSBoYW5kbGVycyBhcyB3ZSBkbyBub3QKQEAgLTExNTksMTEgKzExNjks MTEgQEAgc3RhdGljIGludCBfX3NwdXJpb3VzX3BhZ2VfZmF1bHQoCiAgICAgICogbWFwX2Rv bWFpbl9wYWdlKCkgaXMgbm90IElSUS1zYWZlLgogICAgICAqLwogICAgIGlmICggaW5faXJx KCkgKQotICAgICAgICByZXR1cm4gMDsKKyAgICAgICAgcmV0dXJuIHJlYWxfZmF1bHQ7CiAK ICAgICAvKiBSZXNlcnZlZCBiaXQgdmlvbGF0aW9ucyBhcmUgbmV2ZXIgc3B1cmlvdXMgZmF1 bHRzLiAqLwogICAgIGlmICggZXJyb3JfY29kZSAmIFBGRUNfcmVzZXJ2ZWRfYml0ICkKLSAg ICAgICAgcmV0dXJuIDA7CisgICAgICAgIHJldHVybiByZWFsX2ZhdWx0OwogCiAgICAgcmVx dWlyZWRfZmxhZ3MgID0gX1BBR0VfUFJFU0VOVDsKICAgICBpZiAoIGVycm9yX2NvZGUgJiBQ RkVDX3dyaXRlX2FjY2VzcyApCkBAIC0xMTc1LDYgKzExODUsOCBAQCBzdGF0aWMgaW50IF9f c3B1cmlvdXNfcGFnZV9mYXVsdCgKICAgICBpZiAoIGVycm9yX2NvZGUgJiBQRkVDX2luc25f ZmV0Y2ggKQogICAgICAgICBkaXNhbGxvd2VkX2ZsYWdzIHw9IF9QQUdFX05YX0JJVDsKIAor ICAgIHBhZ2VfdXNlciA9IF9QQUdFX1VTRVI7CisKICAgICBtZm4gPSBjcjMgPj4gUEFHRV9T SElGVDsKIAogI2lmIENPTkZJR19QQUdJTkdfTEVWRUxTID49IDQKQEAgLTExODQsNyArMTE5 Niw4IEBAIHN0YXRpYyBpbnQgX19zcHVyaW91c19wYWdlX2ZhdWx0KAogICAgIHVubWFwX2Rv bWFpbl9wYWdlKGw0dCk7CiAgICAgaWYgKCAoKGw0ZV9nZXRfZmxhZ3MobDRlKSAmIHJlcXVp cmVkX2ZsYWdzKSAhPSByZXF1aXJlZF9mbGFncykgfHwKICAgICAgICAgIChsNGVfZ2V0X2Zs YWdzKGw0ZSkgJiBkaXNhbGxvd2VkX2ZsYWdzKSApCi0gICAgICAgIHJldHVybiAwOworICAg ICAgICByZXR1cm4gcmVhbF9mYXVsdDsKKyAgICBwYWdlX3VzZXIgJj0gbDRlX2dldF9mbGFn cyhsNGUpOwogI2VuZGlmCiAKICNpZiBDT05GSUdfUEFHSU5HX0xFVkVMUyA+PSAzCkBAIC0x MTk3LDEzICsxMjEwLDE0IEBAIHN0YXRpYyBpbnQgX19zcHVyaW91c19wYWdlX2ZhdWx0KAog ICAgIHVubWFwX2RvbWFpbl9wYWdlKGwzdCk7CiAjaWYgQ09ORklHX1BBR0lOR19MRVZFTFMg PT0gMwogICAgIGlmICggIShsM2VfZ2V0X2ZsYWdzKGwzZSkgJiBfUEFHRV9QUkVTRU5UKSAp Ci0gICAgICAgIHJldHVybiAwOworICAgICAgICByZXR1cm4gcmVhbF9mYXVsdDsKICNlbHNl CiAgICAgaWYgKCAoKGwzZV9nZXRfZmxhZ3MobDNlKSAmIHJlcXVpcmVkX2ZsYWdzKSAhPSBy ZXF1aXJlZF9mbGFncykgfHwKICAgICAgICAgIChsM2VfZ2V0X2ZsYWdzKGwzZSkgJiBkaXNh bGxvd2VkX2ZsYWdzKSApCi0gICAgICAgIHJldHVybiAwOworICAgICAgICByZXR1cm4gcmVh bF9mYXVsdDsKKyAgICBwYWdlX3VzZXIgJj0gbDNlX2dldF9mbGFncyhsM2UpOwogICAgIGlm ICggbDNlX2dldF9mbGFncyhsM2UpICYgX1BBR0VfUFNFICkKLSAgICAgICAgcmV0dXJuIDE7 CisgICAgICAgIGdvdG8gbGVhZjsKICNlbmRpZgogI2VuZGlmCiAKQEAgLTEyMTMsOSArMTIy NywxMCBAQCBzdGF0aWMgaW50IF9fc3B1cmlvdXNfcGFnZV9mYXVsdCgKICAgICB1bm1hcF9k b21haW5fcGFnZShsMnQpOwogICAgIGlmICggKChsMmVfZ2V0X2ZsYWdzKGwyZSkgJiByZXF1 aXJlZF9mbGFncykgIT0gcmVxdWlyZWRfZmxhZ3MpIHx8CiAgICAgICAgICAobDJlX2dldF9m bGFncyhsMmUpICYgZGlzYWxsb3dlZF9mbGFncykgKQotICAgICAgICByZXR1cm4gMDsKKyAg ICAgICAgcmV0dXJuIHJlYWxfZmF1bHQ7CisgICAgcGFnZV91c2VyICY9IGwyZV9nZXRfZmxh Z3MobDJlKTsKICAgICBpZiAoIGwyZV9nZXRfZmxhZ3MobDJlKSAmIF9QQUdFX1BTRSApCi0g ICAgICAgIHJldHVybiAxOworICAgICAgICBnb3RvIGxlYWY7CiAKICAgICBsMXQgPSBtYXBf ZG9tYWluX3BhZ2UobWZuKTsKICAgICBsMWUgPSBsMWVfcmVhZF9hdG9taWMoJmwxdFtsMV90 YWJsZV9vZmZzZXQoYWRkcildKTsKQEAgLTEyMjMsMjYgKzEyMzgsMzYgQEAgc3RhdGljIGlu dCBfX3NwdXJpb3VzX3BhZ2VfZmF1bHQoCiAgICAgdW5tYXBfZG9tYWluX3BhZ2UobDF0KTsK ICAgICBpZiAoICgobDFlX2dldF9mbGFncyhsMWUpICYgcmVxdWlyZWRfZmxhZ3MpICE9IHJl cXVpcmVkX2ZsYWdzKSB8fAogICAgICAgICAgKGwxZV9nZXRfZmxhZ3MobDFlKSAmIGRpc2Fs bG93ZWRfZmxhZ3MpICkKLSAgICAgICAgcmV0dXJuIDA7Ci0KLSAgICByZXR1cm4gMTsKKyAg ICAgICAgcmV0dXJuIHJlYWxfZmF1bHQ7CisgICAgcGFnZV91c2VyICY9IGwxZV9nZXRfZmxh Z3MobDFlKTsKKworbGVhZjoKKyAgICAvKgorICAgICAqIFN1cGVydmlzb3IgTW9kZSBFeGVj dXRpb24gUHJvdGVjdGlvbiAoU01FUCk6CisgICAgICogRGlzYWxsb3cgc3VwZXJ2aXNvciBl eGVjdXRpb24gZnJvbSB1c2VyLWFjY2Vzc2libGUgbWFwcGluZ3MKKyAgICAgKi8KKyAgICBp ZiAoIChyZWFkX2NyNCgpICYgWDg2X0NSNF9TTUVQKSAmJiBwYWdlX3VzZXIgJiYKKyAgICAg ICAgICgoZXJyb3JfY29kZSAmIChQRkVDX2luc25fZmV0Y2h8UEZFQ191c2VyX21vZGUpKSA9 PSBQRkVDX2luc25fZmV0Y2gpICkKKyAgICAgICAgcmV0dXJuIHNtZXBfZmF1bHQ7CisKKyAg ICByZXR1cm4gc3B1cmlvdXNfZmF1bHQ7CiB9CiAKLXN0YXRpYyBpbnQgc3B1cmlvdXNfcGFn ZV9mYXVsdCgKK3N0YXRpYyBlbnVtIHBmX3R5cGUgc3B1cmlvdXNfcGFnZV9mYXVsdCgKICAg ICB1bnNpZ25lZCBsb25nIGFkZHIsIHVuc2lnbmVkIGludCBlcnJvcl9jb2RlKQogewogICAg IHVuc2lnbmVkIGxvbmcgZmxhZ3M7Ci0gICAgaW50ICAgICAgICAgICBpc19zcHVyaW91czsK KyAgICBlbnVtIHBmX3R5cGUgcGZfdHlwZTsKIAogICAgIC8qCiAgICAgICogRGlzYWJsaW5n IGludGVycnVwdHMgcHJldmVudHMgVExCIGZsdXNoaW5nLCBhbmQgaGVuY2UgcHJldmVudHMK ICAgICAgKiBwYWdlIHRhYmxlcyBmcm9tIGJlY29taW5nIGludmFsaWQgdW5kZXIgb3VyIGZl ZXQgZHVyaW5nIHRoZSB3YWxrLgogICAgICAqLwogICAgIGxvY2FsX2lycV9zYXZlKGZsYWdz KTsKLSAgICBpc19zcHVyaW91cyA9IF9fc3B1cmlvdXNfcGFnZV9mYXVsdChhZGRyLCBlcnJv cl9jb2RlKTsKKyAgICBwZl90eXBlID0gX19wYWdlX2ZhdWx0X3R5cGUoYWRkciwgZXJyb3Jf Y29kZSk7CiAgICAgbG9jYWxfaXJxX3Jlc3RvcmUoZmxhZ3MpOwogCi0gICAgcmV0dXJuIGlz X3NwdXJpb3VzOworICAgIHJldHVybiBwZl90eXBlOwogfQogCiBzdGF0aWMgaW50IGZpeHVw X3BhZ2VfZmF1bHQodW5zaWduZWQgbG9uZyBhZGRyLCBzdHJ1Y3QgY3B1X3VzZXJfcmVncyAq cmVncykKQEAgLTEzMTcsNiArMTM0Miw3IEBAIGFzbWxpbmthZ2Ugdm9pZCBkb19wYWdlX2Zh dWx0KHN0cnVjdCBjcHUKIHsKICAgICB1bnNpZ25lZCBsb25nIGFkZHIsIGZpeHVwOwogICAg IHVuc2lnbmVkIGludCBlcnJvcl9jb2RlOworICAgIGVudW0gcGZfdHlwZSBwZl90eXBlOwog CiAgICAgYWRkciA9IHJlYWRfY3IyKCk7CiAKQEAgLTEzMzIsNyArMTM1OCw5IEBAIGFzbWxp bmthZ2Ugdm9pZCBkb19wYWdlX2ZhdWx0KHN0cnVjdCBjcHUKIAogICAgIGlmICggdW5saWtl bHkoIWd1ZXN0X21vZGUocmVncykpICkKICAgICB7Ci0gICAgICAgIGlmICggc3B1cmlvdXNf cGFnZV9mYXVsdChhZGRyLCBlcnJvcl9jb2RlKSApCisgICAgICAgIHBmX3R5cGUgPSBzcHVy aW91c19wYWdlX2ZhdWx0KGFkZHIsIGVycm9yX2NvZGUpOworICAgICAgICBCVUdfT04ocGZf dHlwZSA9PSBzbWVwX2ZhdWx0KTsKKyAgICAgICAgaWYgKCBwZl90eXBlICE9IHJlYWxfZmF1 bHQgKQogICAgICAgICAgICAgcmV0dXJuOwogCiAgICAgICAgIGlmICggbGlrZWx5KChmaXh1 cCA9IHNlYXJjaF9leGNlcHRpb25fdGFibGUocmVncy0+ZWlwKSkgIT0gMCkgKQpAQCAtMTM1 NCw5ICsxMzgyLDE3IEBAIGFzbWxpbmthZ2Ugdm9pZCBkb19wYWdlX2ZhdWx0KHN0cnVjdCBj cHUKICAgICAgICAgICAgICAgZXJyb3JfY29kZSwgX3AoYWRkcikpOwogICAgIH0KIAotICAg IGlmICggdW5saWtlbHkoY3VycmVudC0+ZG9tYWluLT5hcmNoLnN1cHByZXNzX3NwdXJpb3Vz X3BhZ2VfZmF1bHRzCi0gICAgICAgICAgICAgICAgICAmJiBzcHVyaW91c19wYWdlX2ZhdWx0 KGFkZHIsIGVycm9yX2NvZGUpKSApCi0gICAgICAgIHJldHVybjsKKyAgICBpZiAoIHVubGlr ZWx5KGN1cnJlbnQtPmRvbWFpbi0+YXJjaC5zdXBwcmVzc19zcHVyaW91c19wYWdlX2ZhdWx0 cykgKQorICAgIHsKKyAgICAgICAgcGZfdHlwZSA9IHNwdXJpb3VzX3BhZ2VfZmF1bHQoYWRk ciwgZXJyb3JfY29kZSk7CisgICAgICAgIGlmICggcGZfdHlwZSA9PSBzbWVwX2ZhdWx0ICkK KyAgICAgICAgeworICAgICAgICAgICAgZ2RwcmludGsoWEVOTE9HX0VSUiwgIkZhdGFsIFNN RVAgZmF1bHRcbiIpOworICAgICAgICAgICAgZG9tYWluX2NyYXNoKGN1cnJlbnQtPmRvbWFp bik7CisgICAgICAgIH0KKyAgICAgICAgaWYgKCBwZl90eXBlICE9IHJlYWxfZmF1bHQgKQor ICAgICAgICAgICAgcmV0dXJuOworICAgIH0KIAogICAgIHByb3BhZ2F0ZV9wYWdlX2ZhdWx0 KGFkZHIsIHJlZ3MtPmVycm9yX2NvZGUpOwogfQpAQCAtMzQyNSw2ICszNDYxLDExIEBAIHZv aWQgX19pbml0IHRyYXBfaW5pdCh2b2lkKQogICAgIGNwdV9pbml0KCk7CiAKICAgICBvcGVu X3NvZnRpcnEoTk1JX01DRV9TT0ZUSVJRLCBubWlfbWNlX3NvZnRpcnEpOworCisgICAgaWYg KCBkaXNhYmxlX3NtZXAgKQorICAgICAgICBzZXR1cF9jbGVhcl9jcHVfY2FwKFg4Nl9GRUFU VVJFX1NNRVApOworICAgIGlmICggY3B1X2hhc19zbWVwICkKKyAgICAgICAgc2V0X2luX2Ny NChYODZfQ1I0X1NNRVApOwogfQogCiBsb25nIHJlZ2lzdGVyX2d1ZXN0X25taV9jYWxsYmFj ayh1bnNpZ25lZCBsb25nIGFkZHJlc3MpCmRpZmYgLXIgYmNkMjQ3NmMyZTJkIHhlbi9pbmNs dWRlL2FzbS14ODYvY3B1ZmVhdHVyZS5oCi0tLSBhL3hlbi9pbmNsdWRlL2FzbS14ODYvY3B1 ZmVhdHVyZS5oCUZyaSBKdW4gMDMgMTc6Mjc6MDEgMjAxMSArMDEwMAorKysgYi94ZW4vaW5j bHVkZS9hc20teDg2L2NwdWZlYXR1cmUuaAlGcmkgSnVuIDAzIDE4OjE3OjQ0IDIwMTEgKzAx MDAKQEAgLTE0MSw4ICsxNDEsOSBAQAogI2RlZmluZSBYODZfRkVBVFVSRV9UQk0gICAgICAg ICAoNiozMisyMSkgLyogdHJhaWxpbmcgYml0IG1hbmlwdWxhdGlvbnMgKi8KICNkZWZpbmUg WDg2X0ZFQVRVUkVfVE9QT0VYVCAgICAgKDYqMzIrMjIpIC8qIHRvcG9sb2d5IGV4dGVuc2lv bnMgQ1BVSUQgbGVhZnMgKi8KIAotLyogSW50ZWwtZGVmaW5lZCBDUFUgZmVhdHVyZXMsIENQ VUlEIGxldmVsIDB4MDAwMDAwMDc6MCAoZWJ4KSwgd29yZCA5ICovCisvKiBJbnRlbC1kZWZp bmVkIENQVSBmZWF0dXJlcywgQ1BVSUQgbGV2ZWwgMHgwMDAwMDAwNzowIChlYngpLCB3b3Jk IDcgKi8KICNkZWZpbmUgWDg2X0ZFQVRVUkVfRlNHU0JBU0UJKDcqMzIrIDApIC8qIHtSRCxX Un17RlMsR1N9QkFTRSBpbnN0cnVjdGlvbnMgKi8KKyNkZWZpbmUgWDg2X0ZFQVRVUkVfU01F UAkoNyozMisgNykgLyogU3VwZXJ2aXNvciBNb2RlIEV4ZWN1dGlvbiBQcm90ZWN0aW9uICov CiAKICNkZWZpbmUgY3B1X2hhcyhjLCBiaXQpCQl0ZXN0X2JpdChiaXQsIChjKS0+eDg2X2Nh cGFiaWxpdHkpCiAjZGVmaW5lIGJvb3RfY3B1X2hhcyhiaXQpCXRlc3RfYml0KGJpdCwgYm9v dF9jcHVfZGF0YS54ODZfY2FwYWJpbGl0eSkKQEAgLTIwMiw2ICsyMDMsOCBAQAogI2RlZmlu ZSBjcHVfaGFzX2ZzZ3NiYXNlCWJvb3RfY3B1X2hhcyhYODZfRkVBVFVSRV9GU0dTQkFTRSkK ICNlbmRpZgogCisjZGVmaW5lIGNwdV9oYXNfc21lcCAgICAgICAgICAgIGJvb3RfY3B1X2hh cyhYODZfRkVBVFVSRV9TTUVQKQorCiAjZGVmaW5lIGNwdV9oYXNfZmZ4c3IgICAgICAgICAg ICgoYm9vdF9jcHVfZGF0YS54ODZfdmVuZG9yID09IFg4Nl9WRU5ET1JfQU1EKSBcCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAmJiBib290X2NwdV9oYXMoWDg2X0ZFQVRV UkVfRkZYU1IpKQogCmRpZmYgLXIgYmNkMjQ3NmMyZTJkIHhlbi9pbmNsdWRlL2FzbS14ODYv ZG9tYWluLmgKLS0tIGEveGVuL2luY2x1ZGUvYXNtLXg4Ni9kb21haW4uaAlGcmkgSnVuIDAz IDE3OjI3OjAxIDIwMTEgKzAxMDAKKysrIGIveGVuL2luY2x1ZGUvYXNtLXg4Ni9kb21haW4u aAlGcmkgSnVuIDAzIDE4OjE3OjQ0IDIwMTEgKzAxMDAKQEAgLTUyNywxMiArNTI3LDE0IEBA IHVuc2lnbmVkIGxvbmcgcHZfZ3Vlc3RfY3I0X2ZpeHVwKGNvbnN0IHMKIC8qIENvbnZlcnQg YmV0d2VlbiBndWVzdC12aXNpYmxlIGFuZCByZWFsIENSNCB2YWx1ZXMuICovCiAjZGVmaW5l IHB2X2d1ZXN0X2NyNF90b19yZWFsX2NyNCh2KSAgICAgICAgICAgICAgICAgICAgICAgICBc CiAgICAgKCgodiktPmFyY2gucHZfdmNwdS5jdHJscmVnWzRdICAgICAgICAgICAgICAgICAg ICAgICAgICBcCi0gICAgICB8IChtbXVfY3I0X2ZlYXR1cmVzICYgKFg4Nl9DUjRfUEdFIHwg WDg2X0NSNF9QU0UpKSAgICBcCi0gICAgICB8ICgodiktPmRvbWFpbi0+YXJjaC52dHNjID8g WDg2X0NSNF9UU0QgOiAwKSAgICAgICAgIFwKLSAgICAgIHwgKCh4c2F2ZV9lbmFibGVkKHYp KT8gWDg2X0NSNF9PU1hTQVZFIDogMCkpICAgICAgICAgICAgICBcCi0gICAgICAmIH5YODZf Q1I0X0RFKQotI2RlZmluZSByZWFsX2NyNF90b19wdl9ndWVzdF9jcjQoYykgXAotICAgICgo YykgJiB+KFg4Nl9DUjRfUEdFIHwgWDg2X0NSNF9QU0UgfCBYODZfQ1I0X1RTRCB8IFg4Nl9D UjRfT1NYU0FWRSkpCisgICAgICB8IChtbXVfY3I0X2ZlYXR1cmVzICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBcCisgICAgICAgICAmIChYODZfQ1I0X1BHRSB8IFg4Nl9D UjRfUFNFIHwgWDg2X0NSNF9TTUVQKSkgICAgICBcCisgICAgICB8ICgodiktPmRvbWFpbi0+ YXJjaC52dHNjID8gWDg2X0NSNF9UU0QgOiAwKSAgICAgICAgICBcCisgICAgICB8ICgoeHNh dmVfZW5hYmxlZCh2KSk/IFg4Nl9DUjRfT1NYU0FWRSA6IDApKSAgICAgICAgICBcCisgICAg ICYgflg4Nl9DUjRfREUpCisjZGVmaW5lIHJlYWxfY3I0X3RvX3B2X2d1ZXN0X2NyNChjKSAg ICAgICAgICAgICAgICAgICAgICAgICBcCisgICAgKChjKSAmIH4oWDg2X0NSNF9QR0UgfCBY ODZfQ1I0X1BTRSB8IFg4Nl9DUjRfVFNEICAgICAgICBcCisgICAgICAgICAgICAgfCBYODZf Q1I0X09TWFNBVkUgfCBYODZfQ1I0X1NNRVApKQogCiB2b2lkIGRvbWFpbl9jcHVpZChzdHJ1 Y3QgZG9tYWluICpkLAogICAgICAgICAgICAgICAgICAgdW5zaWduZWQgaW50ICBpbnB1dCwK ZGlmZiAtciBiY2QyNDc2YzJlMmQgeGVuL2luY2x1ZGUvYXNtLXg4Ni9wcm9jZXNzb3IuaAot LS0gYS94ZW4vaW5jbHVkZS9hc20teDg2L3Byb2Nlc3Nvci5oCUZyaSBKdW4gMDMgMTc6Mjc6 MDEgMjAxMSArMDEwMAorKysgYi94ZW4vaW5jbHVkZS9hc20teDg2L3Byb2Nlc3Nvci5oCUZy aSBKdW4gMDMgMTg6MTc6NDQgMjAxMSArMDEwMApAQCAtODUsNiArODUsNyBAQAogI2RlZmlu ZSBYODZfQ1I0X1NNWEUJCTB4NDAwMCAgLyogZW5hYmxlIFNNWCAqLwogI2RlZmluZSBYODZf Q1I0X0ZTR1NCQVNFCTB4MTAwMDAgLyogZW5hYmxlIHtyZCx3cn17ZnMsZ3N9YmFzZSAqLwog I2RlZmluZSBYODZfQ1I0X09TWFNBVkUJMHg0MDAwMCAvKiBlbmFibGUgWFNBVkUvWFJTVE9S ICovCisjZGVmaW5lIFg4Nl9DUjRfU01FUAkJMHgxMDAwMDAvKiBlbmFibGUgU01FUCAqLwog CiAvKgogICogVHJhcC9mYXVsdCBtbmVtb25pY3MuCg== --B_3389970218_16575456 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --B_3389970218_16575456--