Generate a fake EBDA with kexec, removing the need for a custom xen (#227)

This modifies the segment at 0x0 so that it contains enough of a fake Extended BIOS Data Area at addresses 0x40e and 0x413 that Xen can correctly locate its trampoline code. Since custom Xen is no longer required, we can remove the module, the patches and all of the references to it in the board definition files.
2025-01-29 15:44:07 +00:00 · 2018-02-28 10:48:35 -05:00 · 2018-02-28 10:48:35 -05:00 · f618f09a69
commit f618f09a69
parent 2facd55e44
12 changed files with 91 additions and 418 deletions
--- a/3
+++ b/3
@ -325,7 +325,6 @@ bin_modules-$(CONFIG_FLASHROM) += flashrom
 bin_modules-$(CONFIG_CRYPTSETUP) += cryptsetup
 bin_modules-$(CONFIG_GPG) += gpg
 bin_modules-$(CONFIG_LVM2) += lvm2
-bin_modules-$(CONFIG_XEN) += xen
 bin_modules-$(CONFIG_DROPBEAR) += dropbear
 bin_modules-$(CONFIG_FLASHTOOLS) += flashtools
 bin_modules-$(CONFIG_NEWT) += newt
@ -339,8 +338,6 @@ $(foreach m, $(modules-y), \
 	$(call map,initrd_lib_add,$(call libs,$m)) \
 )

-#$(foreach _, $(call outputs,xen), $(eval $(call initrd_bin,$_)))
-
 # hack to install busybox into the initrd
 $(build)/$(BOARD)/heads.cpio: busybox.intermediate
 initrd_bins += $(initrd_bin_dir)/busybox
--- a/boards/r630.config
+++ b/boards/r630.config
@ -16,7 +16,6 @@ CONFIG_PCIUTILS=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
-#CONFIG_XEN=y
 CONFIG_DROPBEAR=y

 CONFIG_LINUX_USB=y
--- a/boards/s2600wf.config
+++ b/boards/s2600wf.config
@ -24,7 +24,6 @@ CONFIG_PCIUTILS=y
 #CONFIG_POPT=y
 #CONFIG_QRENCODE=y
 #CONFIG_TPMTOTP=y
-#CONFIG_XEN=y
 CONFIG_DROPBEAR=y

 CONFIG_LINUX_USB=y
--- a/boards/winterfell.config
+++ b/boards/winterfell.config
@ -26,7 +26,6 @@ CONFIG_PCIUTILS=y
 CONFIG_POPT=y
 #CONFIG_QRENCODE=y
 #CONFIG_TPMTOTP=y
-CONFIG_XEN=y
 CONFIG_DROPBEAR=y
 endif

--- a/boards/x220.config
+++ b/boards/x220.config
@ -15,8 +15,6 @@ CONFIG_PCIUTILS=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
-CONFIG_XEN=y
-CONFIG_XEN_VERSION=4.6
 CONFIG_DROPBEAR=y

 CONFIG_LINUX_USB=y
--- a/boards/x230.config
+++ b/boards/x230.config
@ -14,8 +14,6 @@ CONFIG_PCIUTILS=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
-CONFIG_XEN=y
-CONFIG_XEN_VERSION=4.8
 CONFIG_DROPBEAR=y

 CONFIG_LINUX_USB=y
--- a/modules/kexec
+++ b/modules/kexec
@ -1,10 +1,10 @@
 modules-$(CONFIG_KEXEC) += kexec

-kexec_version := 2.0.12
+kexec_version := 2.0.16
 kexec_dir := kexec-tools-$(kexec_version)
 kexec_tar := kexec-tools-$(kexec_version).tar.gz
 kexec_url := https://kernel.org/pub/linux/utils/kernel/kexec/$(kexec_tar)
-kexec_hash := cc7b60dad0da202004048a6179d8a53606943062dd627a2edba45a8ea3a85135
+kexec_hash := cf17fc99bf77c9b39f06ee88ac0e86d0349c4a0c3f8214a3cc78eece872f6f3a

 kexec_configure := ./configure \
 	$(CROSS_TOOLS) \
--- a/modules/xen
+++ b/modules/xen
@ -1,34 +0,0 @@
-modules-$(CONFIG_XEN) += xen
-
-ifeq "$(CONFIG_XEN_VERSION)" "4.8"
-	xen_base_version := 4.8.2
-	xen_version := $(xen_base_version)-12
-	xen_hash := dbadfcd93f6b9f1735816b59ff8f68bb05056bf8780d93345535af5bc3760531
-else
-	xen_base_version := 4.6.6
-	xen_version := $(xen_base_version)-36
-	xen_hash := fcf0703b2931a9230653e0cf38831bad629ab561f6498b8292e532e873286464
-endif
-
-# We extract the entire Xen tree, but only use the xen/xen hypervisor
-# portion since Qubes provides the rest of it.
-xen_dir := qubes-vmm-xen-$(xen_version)
-xen_tar := qubes-vmm-xen-$(xen_version).tar.gz
-xen_url := https://github.com/QubesOS/qubes-vmm-xen/archive/v$(xen_version).tar.gz
-
-xen_depends := musl-cross
-
-xen_output := xen-$(xen_base_version)/xen/xen.gz
-xen_configure :=
-
-xen_target := \
-	$(MAKE_JOBS) \
-	$(CROSS_TOOLS_NOCC) \
-	XEN_WHOAMI=$(GIT_HASH) \
-	XEN_DOMAIN=heads \
-	XEN_BUILD_DATE=1970-01-01 \
-	XEN_BUILD_TIME=00:00:00 \
-	XEN_BUILD_HOST=xen-buildhost \
-	CC="$(CROSS)gcc -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-builtin-macro-redefined -D__FILE__=\\\"__FILE__\\\"" \
-	HOSTCC="gcc" \
-	xen.gz
--- a/patches/kexec-2.0.12.patch
+++ b/patches/kexec-2.0.12.patch
@ -1,102 +0,0 @@
-diff -u --recursive ../clean/kexec-tools-2.0.12/include/config.h kexec-tools-2.0.12/include/config.h
--- ../clean/kexec-tools-2.0.12/include/config.h	2016-03-21 21:08:17.000000000 -0400
-+++ kexec-tools-2.0.12/include/config.h	2017-04-08 11:28:01.644379416 -0400
-@@ -11,7 +11,7 @@
- /* #undef HAVE_LIBLZMA */
- 
- /* Define to 1 if you have the `xenctrl' library (-lxenctrl). */
-#define HAVE_LIBXENCTRL 1
-+/* #undef HAVE_LIBXENCTRL */
- 
- /* Define to 1 if you have the `z' library (-lz). */
- #define HAVE_LIBZ 1
-diff -u --recursive ../clean/kexec-tools-2.0.12/kexec/arch/i386/kexec-x86-common.c kexec-tools-2.0.12/kexec/arch/i386/kexec-x86-common.c
--- ../clean/kexec-tools-2.0.12/kexec/arch/i386/kexec-x86-common.c	2015-11-29 18:52:07.000000000 -0500
-+++ kexec-tools-2.0.12/kexec/arch/i386/kexec-x86-common.c	2017-04-08 11:28:00.688368402 -0400
-@@ -24,6 +24,7 @@
- #include <fcntl.h>
- #include <stddef.h>
- #include <stdio.h>
-+#include <inttypes.h>
- #include <errno.h>
- #include <stdint.h>
- #include <string.h>
-@@ -74,20 +75,20 @@
- 		return -1;
- 	}
- 	while(fgets(line, sizeof(line), fp) != 0) {
-		unsigned long long start, end;
-+		uintptr_t start, end;
- 		char *str;
- 		int type;
- 		int consumed;
- 		int count;
- 		if (memory_ranges >= MAX_MEMORY_RANGES)
- 			break;
-		count = sscanf(line, "%Lx-%Lx : %n",
-+		count = sscanf(line, "%"SCNxPTR"-%"SCNxPTR" : %n",
- 			&start, &end, &consumed);
- 		if (count != 2)
- 			continue;
- 		str = line + consumed;
- 
-		dbgprintf("%016Lx-%016Lx : %s", start, end, str);
-+		dbgprintf("%016"PRIxPTR"-%016"PRIxPTR" : %s", start, end, str);
- 
- 		if (memcmp(str, "System RAM\n", 11) == 0) {
- 			type = RANGE_RAM;
-@@ -114,7 +115,7 @@
- 		memory_range[memory_ranges].end = end;
- 		memory_range[memory_ranges].type = type;
- 
-		dbgprintf("%016Lx-%016Lx : %x\n", start, end, type);
-+		dbgprintf("%016"PRIxPTR"-%016"PRIxPTR" : %x\n", start, end, type);
- 
- 		memory_ranges++;
- 	}
-diff -u --recursive ../clean/kexec-tools-2.0.12/Makefile.in kexec-tools-2.0.12/Makefile.in
--- ../clean/kexec-tools-2.0.12/Makefile.in	2014-10-14 00:58:06.000000000 -0400
-+++ kexec-tools-2.0.12/Makefile.in	2017-04-08 11:28:00.688368402 -0400
-@@ -158,16 +158,16 @@
- 
- # kdump (read a crashdump from memory)
- #
-include $(srcdir)/kdump/Makefile
-+#include $(srcdir)/kdump/Makefile
- 
- # vmcore-dmesg (read dmesg from a vmcore)
- #
-include $(srcdir)/vmcore-dmesg/Makefile
-+#include $(srcdir)/vmcore-dmesg/Makefile
- 
- #
- # kexec_test (test program)
- #
-include $(srcdir)/kexec_test/Makefile
-+#include $(srcdir)/kexec_test/Makefile
- 
- SPEC=$(PACKAGE_NAME).spec
- GENERATED_SRCS:= $(SPEC)
-diff -u --recursive ../clean/kexec-tools-2.0.12/purgatory/Makefile kexec-tools-2.0.12/purgatory/Makefile
--- ../clean/kexec-tools-2.0.12/purgatory/Makefile	2015-04-30 01:05:17.000000000 -0400
-+++ kexec-tools-2.0.12/purgatory/Makefile	2017-04-08 11:28:00.688368402 -0400
-@@ -45,7 +45,6 @@
- 	mkdir -p $(@D)
- 	$(COMPILE.c) -o $@ $^
- 
-$(PURGATORY): CC=$(TARGET_CC)
- $(PURGATORY): CFLAGS+=$(PURGATORY_EXTRA_CFLAGS) \
- 		      $($(ARCH)_PURGATORY_EXTRA_CFLAGS) \
- 		      -Os -fno-builtin -ffreestanding \
-diff -u --recursive ../clean/kexec-tools-2.0.12/util/Makefile kexec-tools-2.0.12/util/Makefile
--- ../clean/kexec-tools-2.0.12/util/Makefile	2010-07-29 05:22:16.000000000 -0400
-+++ kexec-tools-2.0.12/util/Makefile	2017-04-08 11:32:33.267394444 -0400
-@@ -2,7 +2,7 @@
- 
- $(BIN_TO_HEX): $(srcdir)/util/bin-to-hex.c
- 	@$(MKDIR) -p $(@D)
-	$(LINK.o) $(CFLAGS) -o $@ $^
-+	$(BUILD_CC) $(BUILD_CFLAGS) -o $@ $^
- 
- $(BIN_TO_HEX): CC=$(BUILD_CC)
- $(BIN_TO_HEX): CFLAGS=$(BUILD_CFLAGS)
--- a/patches/kexec-2.0.16.patch
+++ b/patches/kexec-2.0.16.patch
@ -0,0 +1,89 @@
+diff -u --recursive clean/kexec-tools-2.0.16/Makefile.in kexec-tools-2.0.16/Makefile.in
+--- clean/kexec-tools-2.0.16/Makefile.in	2016-12-09 04:42:06.000000000 -0500
+++ kexec-tools-2.0.16/Makefile.in	2018-02-28 05:39:20.461000000 -0500
+@@ -158,16 +158,16 @@
+ 
+ # kdump (read a crashdump from memory)
+ #
+-include $(srcdir)/kdump/Makefile
+#include $(srcdir)/kdump/Makefile
+ 
+ # vmcore-dmesg (read dmesg from a vmcore)
+ #
+-include $(srcdir)/vmcore-dmesg/Makefile
+#include $(srcdir)/vmcore-dmesg/Makefile
+ 
+ #
+ # kexec_test (test program)
+ #
+-include $(srcdir)/kexec_test/Makefile
+#include $(srcdir)/kexec_test/Makefile
+ 
+ SPEC=$(PACKAGE_NAME).spec
+ GENERATED_SRCS:= $(SPEC)
+diff -u --recursive clean/kexec-tools-2.0.16/include/config.h kexec-tools-2.0.16/include/config.h
+--- clean/kexec-tools-2.0.16/include/config.h	2017-11-20 04:17:12.000000000 -0500
+++ kexec-tools-2.0.16/include/config.h	2018-02-28 05:39:22.420000000 -0500
+@@ -17,7 +17,7 @@
+ /* #undef HAVE_LIBXENCTRL */
+ 
+ /* Define to 1 if you have the `z' library (-lz). */
+-/* #undef HAVE_LIBZ */
+#define HAVE_LIBZ 1
+ 
+ /* Define to 1 if you have the <memory.h> header file. */
+ #define HAVE_MEMORY_H 1
+diff -u --recursive clean/kexec-tools-2.0.16/kexec/kexec.c kexec-tools-2.0.16/kexec/kexec.c
+--- clean/kexec-tools-2.0.16/kexec/kexec.c	2017-03-02 04:45:46.000000000 -0500
+++ kexec-tools-2.0.16/kexec/kexec.c	2018-02-28 10:40:01.662000000 -0500
+@@ -794,6 +794,27 @@
+ 	if (sort_segments(&info) < 0) {
+ 		return -1;
+ 	}
+
+#if 1
+	// force segment 0 to have memsz == bufsz
+	// so that it won't overwrite EBDA
+	if (info.segment[0].mem == 0)
+	{
+		if (kexec_debug)
+			printf("hack ebda into segment 0!\n");
+
+		uint8_t * ebda = calloc(1, info.segment[0].memsz);
+		memcpy(ebda, info.segment[0].buf, info.segment[0].bufsz);
+		info.segment[0].bufsz = info.segment[0].memsz;
+		info.segment[0].buf = ebda;
+
+		// install some default EBDA values that are off scale,
+		// which will force Xen to use the multiboot info
+		*(uint16_t*)(ebda + 0x40e) = 0xFFFF; // segment
+		*(uint16_t*)(ebda + 0x413) = 0xFFFF; // size
+	}
+#endif
+
+ 	/* if purgatory is loaded update it */
+ 	update_purgatory(&info);
+ 	if (entry)
+diff -u --recursive clean/kexec-tools-2.0.16/purgatory/Makefile kexec-tools-2.0.16/purgatory/Makefile
+--- clean/kexec-tools-2.0.16/purgatory/Makefile	2017-01-31 06:23:48.000000000 -0500
+++ kexec-tools-2.0.16/purgatory/Makefile	2018-02-28 05:39:20.461000000 -0500
+@@ -44,7 +44,6 @@
+ 	mkdir -p $(@D)
+ 	$(COMPILE.c) -o $@ $^
+ 
+-$(PURGATORY): CC=$(TARGET_CC)
+ $(PURGATORY): CFLAGS+=$(PURGATORY_EXTRA_CFLAGS) \
+ 		      $($(ARCH)_PURGATORY_EXTRA_CFLAGS) \
+ 		      -Os -fno-builtin -ffreestanding \
+diff -u --recursive clean/kexec-tools-2.0.16/util/Makefile kexec-tools-2.0.16/util/Makefile
+--- clean/kexec-tools-2.0.16/util/Makefile	2010-07-29 05:22:16.000000000 -0400
+++ kexec-tools-2.0.16/util/Makefile	2018-02-28 05:39:20.461000000 -0500
+@@ -2,7 +2,7 @@
+ 
+ $(BIN_TO_HEX): $(srcdir)/util/bin-to-hex.c
+ 	@$(MKDIR) -p $(@D)
+-	$(LINK.o) $(CFLAGS) -o $@ $^
+	$(BUILD_CC) $(BUILD_CFLAGS) -o $@ $^
+ 
+ $(BIN_TO_HEX): CC=$(BUILD_CC)
+ $(BIN_TO_HEX): CFLAGS=$(BUILD_CFLAGS)
--- a/patches/xen-4.6.6-36.patch
+++ b/patches/xen-4.6.6-36.patch
@ -1,140 +0,0 @@
-diff --git ./Makefile ./Makefile
-index 13fa4af..0320888 100644
--- ./Makefile
-+++ ./Makefile
-@@ -122,6 +122,7 @@ verrel:
- 
- .PHONY: clean
- clean::
-+	rm -rf xen-$(version)/
- 	@echo "Running the %clean script of the rpmbuild..."
- 	-$(RPMBUILD) --clean --nodeps $(SPECFILE)
- 
-@@ -153,6 +154,14 @@ update-repo-installer:
- 	for pkg in $(xen-pkgs); do ln -f rpm/x86_64/$$pkg*.rpm ../installer/yum/qubes-dom0/rpm/; done
- 	ln -f rpm/x86_64/xen-hvm-$(version)gui2*-$(release).$(DIST_DOM0)*.rpm ../installer/yum/qubes-dom0/rpm/
- 
-+xen-$(version)/.canary: xen-$(version).tar.gz
-+	tar xzvf xen-$(version).tar.gz
-+	cd xen-$(version) && ../apply-patches ../series.conf ../
-+	touch $@
-+
-+xen.gz: xen-$(version)/.canary
-+	$(MAKE) -C xen-$(version)/ xen
-+
- help:
- 	@echo "Usage: make <target>"
- 	@echo
-diff --git ./apply-patches ./apply-patches
-index b1c8468..74a4c20 100755
--- ./apply-patches
-+++ ./apply-patches
-@@ -6,8 +6,7 @@
- 
- USAGE="$0 [--vanilla] <series.conf> <patchdir> [symbol ...]"
- 
-set -e
-set -o pipefail
-+set -euf
- if test $# -lt 2; then
- 	echo "$USAGE" >&2
- 	exit 1
-@@ -17,10 +16,7 @@ SERIES_CONF=$1
- PATCH_DIR=$2
- shift 2
- 
-(
-	echo "trap 'echo \"*** patch \$_ failed ***\"' ERR"
-	echo "set -ex"
-	egrep -v '^\s*#|^\s*$' <"$SERIES_CONF" | \
-	sed "s|^|patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/|"
-) | sh
-
-+for i in `egrep -v '^\s*#|^\s*$' < $SERIES_CONF`
-+do
-+	patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/$i
-+done
-diff --git ./series.conf ./series.conf
-index 80972b7..1466c44 100644
--- ./series.conf
-+++ ./series.conf
-@@ -115,3 +115,5 @@ patches.qubes/libxl-disable-forced-vkb-for-HVM.patch
- patches.qubes/xenconsoled-enable-logging.patch
- patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch
- patches.qubes/xen-hotplug-qubesdb-update.patch
-+
-+patches.heads/heads.patch
-diff --git ./patches.heads/heads.patch ./patches.heads/heads.patch
-new file mode 100644
-index 0000000..bb17c3d
--- /dev/null
-+++ ./patches.heads/heads.patch
-@@ -0,0 +1,68 @@
-+diff --recursive -u ../xen-4.6.5-clean/xen/arch/x86/boot/head.S ./xen/arch/x86/boot/head.S
-+--- ../xen-4.6.5-clean/xen/arch/x86/boot/head.S	2017-03-07 11:19:05.000000000 -0500
-++++ ./xen/arch/x86/boot/head.S	2017-06-23 21:18:50.498798061 -0400
-+@@ -86,6 +86,8 @@
-+         cmp     $MULTIBOOT_BOOTLOADER_MAGIC,%eax
-+         jne     not_multiboot
-+ 
-++#if 0
-++
-+         /* Set up trampoline segment 64k below EBDA */
-+         movzwl  0x40e,%eax          /* EBDA segment */
-+         cmp     $0xa000,%eax        /* sanity check (high) */
-+@@ -108,6 +110,12 @@
-+         shl     $10-4,%edx
-+         cmp     %eax,%edx           /* compare with BDA value */
-+         cmovb   %edx,%eax           /* and use the smaller */
-++#else
-++	// coreboot does not provide an Extended BIOS Data Area pointer
-++	// just stash things the Multiboot structure, adjusted to bytes
-++        mov     MB_mem_lower(%ebx),%eax
-++        shl     $10-4,%eax
-++#endif
-+ 
-+ 2:      /* Reserve 64kb for the trampoline */
-+         sub     $0x1000,%eax
-+diff --recursive -u ../xen-4.6.5-clean/xen/arch/x86/boot/mkelf32.c ./xen/arch/x86/boot/mkelf32.c
-+--- ../xen-4.6.5-clean/xen/arch/x86/boot/mkelf32.c	2017-03-07 11:19:05.000000000 -0500
-++++ ./xen/arch/x86/boot/mkelf32.c	2017-06-23 21:18:50.498798061 -0400
-+@@ -231,14 +231,14 @@
-+     u32        loadbase, dat_siz, mem_siz;
-+     char      *inimage, *outimage;
-+     int        infd, outfd;
-+-    char       buffer[1024];
-++    char       buffer[1024] = {};
-+     int        bytes, todo, i;
-+ 
-+-    Elf32_Ehdr in32_ehdr;
-+-    Elf32_Phdr in32_phdr;
-++    Elf32_Ehdr in32_ehdr = {};
-++    Elf32_Phdr in32_phdr = {};
-+ 
-+-    Elf64_Ehdr in64_ehdr;
-+-    Elf64_Phdr in64_phdr;
-++    Elf64_Ehdr in64_ehdr = {};
-++    Elf64_Phdr in64_phdr = {};
-+ 
-+     if ( argc != 5 )
-+     {
-+--- ../xen-4.6.5-clean/xen/Makefile.orig	2017-06-26 16:11:02.692193372 -0400
-++++ ./xen/Makefile	2017-06-26 16:11:46.528708643 -0400
-+@@ -97,7 +97,7 @@
-+ 	rm -f tags TAGS cscope.files cscope.in.out cscope.out cscope.po.out GTAGS GPATH GRTAGS GSYMS
-+ 
-+ $(TARGET).gz: $(TARGET)
-+-	gzip -f -9 < $< > $@.new
-++	gzip -f -9 -n < $< > $@.new
-+ 	mv $@.new $@
-+ 
-+ $(TARGET): delete-unfresh-files
-+@@ -121,7 +121,7 @@
-+ 	fi
-+ 
-+ .banner: Makefile
-+-	@if which figlet >/dev/null 2>&1 ; then \
-++	@if false ; then \
-+ 		echo " Xen $(XEN_FULLVERSION)" | figlet -f tools/xen.flf > $@.tmp; \
-+ 	else \
-+ 		echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \
--- a/patches/xen-4.8.2-12.patch
+++ b/patches/xen-4.8.2-12.patch
@ -1,130 +0,0 @@
-diff --git ./Makefile ./Makefile
-index 75df729..4113caa 100644
--- ./Makefile
-+++ ./Makefile
-@@ -122,6 +122,7 @@ verrel:
- 
- .PHONY: clean
- clean::
-+	rm -rf xen-$(version)/
- 	@echo "Running the %clean script of the rpmbuild..."
- 	-$(RPMBUILD) --clean --nodeps $(SPECFILE)
- 
-@@ -153,6 +154,14 @@ update-repo-installer:
- 	for pkg in $(xen-pkgs); do ln -f rpm/x86_64/$$pkg*.rpm ../installer/yum/qubes-dom0/rpm/; done
- 	ln -f rpm/x86_64/xen-hvm-$(version)gui2*-$(release).$(DIST_DOM0)*.rpm ../installer/yum/qubes-dom0/rpm/
- 
-+xen-$(version)/.canary: xen-$(version).tar.gz
-+	tar xzvf xen-$(version).tar.gz
-+	cd xen-$(version) && ../apply-patches ../series.conf ../
-+	touch $@
-+
-+xen.gz: xen-$(version)/.canary
-+	$(MAKE) -C xen-$(version)/ xen
-+
- help:
- 	@echo "Usage: make <target>"
- 	@echo
-diff --git ./apply-patches ./apply-patches
-index b1c8468..74a4c20 100755
--- ./apply-patches
-+++ ./apply-patches
-@@ -6,8 +6,7 @@
- 
- USAGE="$0 [--vanilla] <series.conf> <patchdir> [symbol ...]"
- 
-set -e
-set -o pipefail
-+set -euf
- if test $# -lt 2; then
- 	echo "$USAGE" >&2
- 	exit 1
-@@ -17,10 +16,7 @@ SERIES_CONF=$1
- PATCH_DIR=$2
- shift 2
- 
-(
-	echo "trap 'echo \"*** patch \$_ failed ***\"' ERR"
-	echo "set -ex"
-	egrep -v '^\s*#|^\s*$' <"$SERIES_CONF" | \
-	sed "s|^|patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/|"
-) | sh
-
-+for i in `egrep -v '^\s*#|^\s*$' < $SERIES_CONF`
-+do
-+	patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/$i
-+done
-diff --git ./patches.heads/heads.patch ./patches.heads/heads.patch
-new file mode 100644
-index 0000000..d956f8a
--- /dev/null
-+++ ./patches.heads/heads.patch
-@@ -0,0 +1,54 @@
-+diff -u --recursive xen-4.8.2-clean/xen/arch/x86/boot/head.S xen-4.8.2/xen/arch/x86/boot/head.S
-+--- xen-4.8.2-clean/xen/arch/x86/boot/head.S	2017-09-06 06:26:35.000000000 -0400
-++++ xen-4.8.2/xen/arch/x86/boot/head.S	2017-09-13 21:58:31.186882703 -0400
-+@@ -86,6 +86,8 @@
-+         cmp     $MULTIBOOT_BOOTLOADER_MAGIC,%eax
-+         jne     not_multiboot
-+ 
-++#if 0
-++
-+         /* Set up trampoline segment 64k below EBDA */
-+         movzwl  0x40e,%ecx          /* EBDA segment */
-+         cmp     $0xa000,%ecx        /* sanity check (high) */
-+@@ -108,6 +110,12 @@
-+         shl     $10-4,%edx
-+         cmp     %ecx,%edx           /* compare with BDA value */
-+         cmovb   %edx,%ecx           /* and use the smaller */
-++#else
-++	// coreboot does not provide an Extended BIOS Data Area pointer
-++	// just stash things the Multiboot structure, adjusted to bytes
-++        mov     MB_mem_lower(%ebx),%ecx
-++        shl     $10-4,%ecx
-++#endif
-+ 
-+ 2:      /* Reserve 64kb for the trampoline */
-+         sub     $0x1000,%ecx
-+diff -u --recursive xen-4.8.2-clean/xen/arch/x86/boot/mkelf32.c xen-4.8.2/xen/arch/x86/boot/mkelf32.c
-+--- xen-4.8.2-clean/xen/arch/x86/boot/mkelf32.c	2017-09-06 06:26:35.000000000 -0400
-++++ xen-4.8.2/xen/arch/x86/boot/mkelf32.c	2017-09-13 21:58:31.186882703 -0400
-+@@ -264,10 +264,10 @@
-+     int        bytes, todo, i = 1;
-+     int        num_phdrs = 1;
-+ 
-+-    Elf32_Ehdr in32_ehdr;
-++    Elf32_Ehdr in32_ehdr = {};
-+ 
-+-    Elf64_Ehdr in64_ehdr;
-+-    Elf64_Phdr in64_phdr;
-++    Elf64_Ehdr in64_ehdr = {};
-++    Elf64_Phdr in64_phdr = {};
-+ 
-+     if ( argc < 5 )
-+     {
-+diff -u --recursive xen-4.8.2-clean/xen/Makefile xen-4.8.2/xen/Makefile
-+--- xen-4.8.2-clean/xen/Makefile	2017-09-06 06:26:35.000000000 -0400
-++++ xen-4.8.2/xen/Makefile	2017-09-13 21:58:31.186882703 -0400
-+@@ -152,7 +152,7 @@
-+ 	fi
-+ 
-+ .banner: Makefile
-+-	@if which figlet >/dev/null 2>&1 ; then \
-++	@if false ; then \
-+ 		echo " Xen $(XEN_FULLVERSION)" | figlet -f tools/xen.flf > $@.tmp; \
-+ 	else \
-+ 		echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \
-diff --git ./series.conf ./series.conf
-index 750ec6c..0706300 100644
--- ./series.conf
-+++ ./series.conf
-@@ -97,6 +97,9 @@ patches.qubes/xenconsoled-enable-logging.patch
- patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch
- patches.qubes/xen-hotplug-qubesdb-update.patch
- 
-+# Custom patches for Heads
-+patches.heads/heads.patch
-+
- #python3
- patches.misc/0001-python-check-return-value-of-PyErr_NewException.patch
- patches.misc/0002-python-drop-tp_getattr-implementation.patch