From 41f49237c636bf6ff12938253641b317a932fa09 Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Wed, 13 Sep 2017 22:10:46 -0400 Subject: [PATCH] Added configurable xen version for Qubes 4 support also addresses issue #238 --- config/purism13v1-qubes.config | 1 + config/qemu-moc.config | 1 + config/x220-qubes.config | 1 + config/x230-generic.config | 1 + modules/xen | 16 +++- patches/xen-4.8.2-2.patch | 130 +++++++++++++++++++++++++++++++++ 6 files changed, 146 insertions(+), 4 deletions(-) create mode 100644 patches/xen-4.8.2-2.patch diff --git a/config/purism13v1-qubes.config b/config/purism13v1-qubes.config index 21b24806..abbd5ea3 100644 --- a/config/purism13v1-qubes.config +++ b/config/purism13v1-qubes.config @@ -13,6 +13,7 @@ CONFIG_POPT=y CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_XEN=y +CONFIG_XEN_VERSION=4.6 CONFIG_LINUX_USB=y #CONFIG_LINUX_E1000E=y diff --git a/config/qemu-moc.config b/config/qemu-moc.config index 553487d5..7f8f0f6c 100644 --- a/config/qemu-moc.config +++ b/config/qemu-moc.config @@ -15,6 +15,7 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_DROPBEAR=y CONFIG_XEN=y +CONFIG_XEN_VERSION=4.6 CONFIG_LINUX_USB=y CONFIG_LINUX_E1000=y diff --git a/config/x220-qubes.config b/config/x220-qubes.config index a2ca71f1..dbc1ede8 100644 --- a/config/x220-qubes.config +++ b/config/x220-qubes.config @@ -13,6 +13,7 @@ CONFIG_POPT=y CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_XEN=y +CONFIG_XEN_VERSION=4.6 CONFIG_DROPBEAR=y CONFIG_LINUX_USB=y diff --git a/config/x230-generic.config b/config/x230-generic.config index 373a090b..53ad7346 100644 --- a/config/x230-generic.config +++ b/config/x230-generic.config @@ -13,6 +13,7 @@ CONFIG_POPT=y CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_XEN=y +CONFIG_XEN_VERSION=4.8 CONFIG_DROPBEAR=y CONFIG_LINUX_USB=y diff --git a/modules/xen b/modules/xen index 66f163f6..7279536e 100644 --- a/modules/xen +++ b/modules/xen @@ -1,13 +1,20 @@ modules-$(CONFIG_XEN) += xen +ifeq "$(CONFIG_XEN_VERSION)" "4.8" + xen_base_version := 4.8.2 + xen_version := $(xen_base_version)-2 + xen_hash := 866855dfbe1e7d6086738e2e82fa0475bf831f4a65df224abf6dc5589122c7d5 +else + xen_base_version := 4.6.6 + xen_version := $(xen_base_version)-30 + xen_hash := 65cdbdb77d30475d77d849011343cba970b61c99d6638ccfeca4b7bbc308dc36 +endif + # We extract the entire Xen tree, but only use the xen/xen hypervisor # portion since Qubes provides the rest of it. -xen_base_version := 4.6.6 -xen_version := $(xen_base_version)-30 -xen_dir := qubes-vmm-xen-$(xen_version)/ +xen_dir := qubes-vmm-xen-$(xen_version) xen_tar := qubes-vmm-xen-$(xen_version).tar.gz xen_url := https://github.com/QubesOS/qubes-vmm-xen/archive/v$(xen_version).tar.gz -xen_hash := 65cdbdb77d30475d77d849011343cba970b61c99d6638ccfeca4b7bbc308dc36 xen_depends := musl-cross @@ -23,4 +30,5 @@ xen_target := \ XEN_BUILD_TIME=00:00:00 \ XEN_BUILD_HOST=xen-buildhost \ CC="$(CROSS)gcc -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-builtin-macro-redefined -D__FILE__=\\\"__FILE__\\\"" \ + HOSTCC="gcc" \ xen.gz diff --git a/patches/xen-4.8.2-2.patch b/patches/xen-4.8.2-2.patch new file mode 100644 index 00000000..dbd69d93 --- /dev/null +++ b/patches/xen-4.8.2-2.patch @@ -0,0 +1,130 @@ +diff --git ./Makefile ./Makefile +index 75df729..4113caa 100644 +--- ./Makefile ++++ ./Makefile +@@ -122,6 +122,7 @@ verrel: + + .PHONY: clean + clean:: ++ rm -rf xen-$(version)/ + @echo "Running the %clean script of the rpmbuild..." + -$(RPMBUILD) --clean --nodeps $(SPECFILE) + +@@ -153,6 +154,14 @@ update-repo-installer: + for pkg in $(xen-pkgs); do ln -f rpm/x86_64/$$pkg*.rpm ../installer/yum/qubes-dom0/rpm/; done + ln -f rpm/x86_64/xen-hvm-$(version)gui2*-$(release).$(DIST_DOM0)*.rpm ../installer/yum/qubes-dom0/rpm/ + ++xen-$(version)/.canary: xen-$(version).tar.gz ++ tar xzvf xen-$(version).tar.gz ++ cd xen-$(version) && ../apply-patches ../series.conf ../ ++ touch $@ ++ ++xen.gz: xen-$(version)/.canary ++ $(MAKE) -C xen-$(version)/ xen ++ + help: + @echo "Usage: make " + @echo +diff --git ./apply-patches ./apply-patches +index b1c8468..74a4c20 100755 +--- ./apply-patches ++++ ./apply-patches +@@ -6,8 +6,7 @@ + + USAGE="$0 [--vanilla] [symbol ...]" + +-set -e +-set -o pipefail ++set -euf + if test $# -lt 2; then + echo "$USAGE" >&2 + exit 1 +@@ -17,10 +16,7 @@ SERIES_CONF=$1 + PATCH_DIR=$2 + shift 2 + +-( +- echo "trap 'echo \"*** patch \$_ failed ***\"' ERR" +- echo "set -ex" +- egrep -v '^\s*#|^\s*$' <"$SERIES_CONF" | \ +- sed "s|^|patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/|" +-) | sh +- ++for i in `egrep -v '^\s*#|^\s*$' < $SERIES_CONF` ++do ++ patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/$i ++done +diff --git ./patches.heads/heads.patch ./patches.heads/heads.patch +new file mode 100644 +index 0000000..d956f8a +--- /dev/null ++++ ./patches.heads/heads.patch +@@ -0,0 +1,54 @@ ++diff -u --recursive xen-4.8.2-clean/xen/arch/x86/boot/head.S xen-4.8.2/xen/arch/x86/boot/head.S ++--- xen-4.8.2-clean/xen/arch/x86/boot/head.S 2017-09-06 06:26:35.000000000 -0400 +++++ xen-4.8.2/xen/arch/x86/boot/head.S 2017-09-13 21:58:31.186882703 -0400 ++@@ -86,6 +86,8 @@ ++ cmp $MULTIBOOT_BOOTLOADER_MAGIC,%eax ++ jne not_multiboot ++ +++#if 0 +++ ++ /* Set up trampoline segment 64k below EBDA */ ++ movzwl 0x40e,%ecx /* EBDA segment */ ++ cmp $0xa000,%ecx /* sanity check (high) */ ++@@ -108,6 +110,12 @@ ++ shl $10-4,%edx ++ cmp %ecx,%edx /* compare with BDA value */ ++ cmovb %edx,%ecx /* and use the smaller */ +++#else +++ // coreboot does not provide an Extended BIOS Data Area pointer +++ // just stash things the Multiboot structure, adjusted to bytes +++ mov MB_mem_lower(%ebx),%ecx +++ shl $10-4,%ecx +++#endif ++ ++ 2: /* Reserve 64kb for the trampoline */ ++ sub $0x1000,%ecx ++diff -u --recursive xen-4.8.2-clean/xen/arch/x86/boot/mkelf32.c xen-4.8.2/xen/arch/x86/boot/mkelf32.c ++--- xen-4.8.2-clean/xen/arch/x86/boot/mkelf32.c 2017-09-06 06:26:35.000000000 -0400 +++++ xen-4.8.2/xen/arch/x86/boot/mkelf32.c 2017-09-13 21:58:31.186882703 -0400 ++@@ -264,10 +264,10 @@ ++ int bytes, todo, i = 1; ++ int num_phdrs = 1; ++ ++- Elf32_Ehdr in32_ehdr; +++ Elf32_Ehdr in32_ehdr = {}; ++ ++- Elf64_Ehdr in64_ehdr; ++- Elf64_Phdr in64_phdr; +++ Elf64_Ehdr in64_ehdr = {}; +++ Elf64_Phdr in64_phdr = {}; ++ ++ if ( argc < 5 ) ++ { ++diff -u --recursive xen-4.8.2-clean/xen/Makefile xen-4.8.2/xen/Makefile ++--- xen-4.8.2-clean/xen/Makefile 2017-09-06 06:26:35.000000000 -0400 +++++ xen-4.8.2/xen/Makefile 2017-09-13 21:58:31.186882703 -0400 ++@@ -152,7 +152,7 @@ ++ fi ++ ++ .banner: Makefile ++- @if which figlet >/dev/null 2>&1 ; then \ +++ @if false ; then \ ++ echo " Xen $(XEN_FULLVERSION)" | figlet -f tools/xen.flf > $@.tmp; \ ++ else \ ++ echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \ +diff --git ./series.conf ./series.conf +index 18fd577..56174a9 100644 +--- ./series.conf ++++ ./series.conf +@@ -68,6 +68,9 @@ patches.qubes/xenconsoled-enable-logging.patch + patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch + patches.qubes/xen-hotplug-qubesdb-update.patch + ++# Custom patches for Heads ++patches.heads/heads.patch ++ + #python3 + patches.misc/0001-python-check-return-value-of-PyErr_NewException.patch + patches.misc/0002-python-drop-tp_getattr-implementation.patch