From xen-users-bounces@lists.xenproject.org Thu Aug 08 12:38:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 08 Aug 2024 12:38:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.774012.1184524 (Exim 4.92) (envelope-from ) id 1sc2PI-0000cW-14; Thu, 08 Aug 2024 12:38:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 774012.1184524; Thu, 08 Aug 2024 12:38:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1sc2PH-0000bD-Ta; Thu, 08 Aug 2024 12:38:15 +0000 Received: by outflank-mailman (input) for mailman id 774012; Thu, 08 Aug 2024 12:38:15 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1sc2PH-0000ZV-0K for xen-users@lists.xenproject.org; Thu, 08 Aug 2024 12:38:15 +0000 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [2a00:1450:4864:20::633]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 136b9cdb-5583-11ef-bc04-fd08da9f4363; Thu, 08 Aug 2024 14:38:13 +0200 (CEST) Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-a7aa4ca9d72so104352266b.0 for ; Thu, 08 Aug 2024 05:38:12 -0700 (PDT) X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" X-Inumbo-ID: 136b9cdb-5583-11ef-bc04-fd08da9f4363 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloud.com; s=cloud; t=1723120692; x=1723725492; darn=lists.xenproject.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=55XU62OwrbRE56FeEwBbVUODmHZOLnWUZZQcJPhxs/g=; b=TjzMcu0FPYwZ3admPkEgaiyo+7MJz1MojbhBVkE9g4tYGkb/zk4cJ/rf74G/nivTtd 6Es4LLIkuNgulA3ntWRDTb7pm5xo/ONGcoCoo9KGnk3vTwnNE62QACHBsbNjV1yUJMEC fyWnHXZj8Zk3U6w+j0gmGQE7agIXXDVI1QxGM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723120692; x=1723725492; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=55XU62OwrbRE56FeEwBbVUODmHZOLnWUZZQcJPhxs/g=; b=xECctKU/HPeyTCCrboHedGYxZytmejXnOujd4303Yz6PMF8bp2H5bsmQsbh4BVU3kQ n9bs5HPSufYcA5y44EN+tWdGkWpwyODRKvToCQJm2DBi3DsBA1mxRvd+Ce9tJ5DWs848 YTQ/4ZL4paXlKHXXFUkmEGsFHYahBmhtMSudOnxcVADPiupsp2mL41eF2QKHSb5ai6jS BmZgeC3MKRrUWfXdi9ZvPn24z5ljnsOua+FxxGeB8ggvzpNlXnyOTB+27gHHHmIbeYYf Az18oF41mF9lc0AkYavLzs3DZ8ke+n1rm71TFA15dgoBJJKLwrakABvi16tFzrYiE0Fd HlSA== X-Forwarded-Encrypted: i=1; AJvYcCWK9E5Ka4UbqRGMngHyOX0xaM0lceGywoS2OlloMZ9rFfAO3eehDmFnDg31ipMjg5FfrIL2JCT/bw5p/gRzrlApsO9l2GNl7+Gr+AvgJQE= X-Gm-Message-State: AOJu0YxbWv6traSb/heIzeZIfkaKWRo8d5T42xy9eUQnLofaEACvfoKS 1XjU01Sgy2Bqvi/pkvWutgwlitbE8n6I0nZ3HStN/H0K+nAzZFIGuCHfRvpoQeXbkZCUDf3tOLW LT/4KUAmrR6MtcvM1QMoFL4kapCaYO/1esvFT2E+rWF3STMbA3g5E4A== X-Google-Smtp-Source: AGHT+IEF0yHfD/OfNb/iEL++ru35DvH+3RPQjcGRl9TxWNfKEUU0Hc+ff8dJR+qMlsjj806sCSt5s0Tj8zX39Hq75+k= X-Received: by 2002:a17:907:7e8b:b0:a7a:b385:37cd with SMTP id a640c23a62f3a-a8090dafd3fmr136769666b.30.1723120691338; Thu, 08 Aug 2024 05:38:11 -0700 (PDT) MIME-Version: 1.0 From: Kelly Choi Date: Thu, 8 Aug 2024 13:37:35 +0100 Message-ID: Subject: Call for help - Xen user documentation To: xen-devel , xen-users@lists.xenproject.org Cc: Alejandro Vallejo Content-Type: multipart/alternative; boundary="000000000000b67dcd061f2b4c38" --000000000000b67dcd061f2b4c38 Content-Type: text/plain; charset="UTF-8" Hi all, As you'll know we've been working on an initiative to update documentation so that others in the community find it easier to learn about the Xen Project. @Alejandro Vallejo has kindly started our Sphinx user documentation but we need your help adding to this! *All members of the community can contribute to this. * *GitLab Link: *https://gitlab.com/xen-project/people/agvallejo/xen-userguide *User facing link: * https://xen-project.gitlab.io/people/agvallejo/xen-userguide/introduction.html Once we have enough in our get started documentation, we will look to move it into the Xen namespace. *Why is this important?* Documentation and user guides may take time to create, but ultimately they help us by attracting new members into the community and getting more people involved with Xen. As a project we want more people contributing, helping with reviews, and engaging. To do this, we need to have guides in place to allow them to get started! We appreciate this is a community effort, and any time or resource you can contribute will help the Xen Project project thrive. Many thanks, Kelly Choi Community Manager Xen Project --000000000000b67dcd061f2b4c38 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi all,

As you'll know we've be= en working on an initiative=C2=A0to update documentation so that others in = the community find it easier to learn about the Xen Project.=C2=A0



=C2=A0
Once we have enough in our get start= ed documentation, we will look to move it into the Xen namespace.=C2=A0

Why is this important?
Documentation= =C2=A0and user guides may take time to create, but ultimately=C2=A0they hel= p us by attracting new members into the community and getting more people i= nvolved with Xen. As a project we want more people contributing, helping wi= th reviews, and engaging. To do this, we need to have guides in place to al= low them to get started!=C2=A0

We appreciate this= =C2=A0is a community effort, and any time or resource you can contribute wi= ll help the Xen Project project thrive.=C2=A0

Many thanks,
Kelly Choi

<= /div>
Community Manager
Xen Project=C2=A0
--000000000000b67dcd061f2b4c38-- From xen-users-bounces@lists.xenproject.org Wed Aug 14 13:26:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 14 Aug 2024 13:26:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.777228.1187414 (Exim 4.92) (envelope-from ) id 1seE0V-0000d6-AE; Wed, 14 Aug 2024 13:25:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 777228.1187414; Wed, 14 Aug 2024 13:25:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1seE0V-0000cX-6X; Wed, 14 Aug 2024 13:25:43 +0000 Received: by outflank-mailman (input) for mailman id 777228; Wed, 14 Aug 2024 13:25:42 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1seE0U-0000Zz-2M for xen-users@lists.xen.org; Wed, 14 Aug 2024 13:25:42 +0000 Received: from mail.xenproject.org (mail.xenproject.org [104.130.215.37]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id b19b2799-5a40-11ef-a505-bb4a2ccca743; Wed, 14 Aug 2024 15:25:40 +0200 (CEST) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1seE0L-00015O-PH; Wed, 14 Aug 2024 13:25:33 +0000 Received: from julieng by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1seE0L-0001xk-NV; Wed, 14 Aug 2024 13:25:33 +0000 X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" X-Inumbo-ID: b19b2799-5a40-11ef-a505-bb4a2ccca743 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type; bh=Y7PBCM24upHm5ZQZt2uHvLuBCEM77iHd0QNUm65etq8=; b=mHpuv4VPDxFyMpp5QLnhLZfZQ7 zZxypwhs+Wncl8rjU9e3yNhADBYP/MWTdj8JpuUSS/CoVyyfyk+6s9qUBMVg1w0yFYkBbPu29/daN rPW8xu1ZQzISF1heFn2tEmJMPD0D8dj/TYVlQQhBkiPTQD/DrL8tnWShSMxOWkOl//sc=; Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 460 v2 (CVE-2024-31145) - error handling in x86 IOMMU identity mapping Message-Id: Date: Wed, 14 Aug 2024 13:25:33 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2024-31145 / XSA-460 version 2 error handling in x86 IOMMU identity mapping UPDATES IN VERSION 2 ==================== Wording updated. Public release. ISSUE DESCRIPTION ================= Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. In the logic establishing these mappings, error handling was flawed, resulting in such mappings to potentially remain in place when they should have been removed again. Respective guests would then gain access to memory regions which they aren't supposed to have access to. IMPACT ====== The precise impact is system specific. Denial of Service (DoS) affecting the entire host or individual guests, privilege escalation, and information leaks cannot be ruled out. VULNERABLE SYSTEMS ================== Only x86 systems passing PCI devices with RMRR/Unity regions through to guests are potentially affected. PCI devices listed in a vm.cfg file have error handling which causes `xl create` to abort and tear down the domain, and is thus believed to be safe. PCI devices attached using `xl pci-attach` will result in the command returning nonzero, but will not tear down the domain. VMs which continue to run after `xl pci-attach` has failed expose the vulnerability. For x86 Intel hardware, Xen versions 4.0 and later are affected. For all x86 hardware, Xen versions having the XSA-378 fixes applied / backported are affected. MITIGATION ========== Assigning devices using the vm.cfg file for attachment at boot avoids the vulnerability. CREDITS ======= This issue was discovered by Teddy Astie of Vates and diagnosed as a security issue by Jan Beulich of SUSE. RESOLUTION ========== Applying the attached patch resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the respective stable branch before applying these patches. xsa460.patch xen-unstable - Xen 4.16.x $ sha256sum xsa460* f4ca598f71e9ef6b9bc50803df2996b92d2e69afd8e36d9544823d7e56ec1819 xsa460.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAma8sCIMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZiSUIAMFWxhjNzhsuUGbrUVsO6oDIs7gOcVEsC3BlcsIp LqetutOWHwR8B9jHeOjewZjgL/q1031qX+nCCcU/ilZtA7cAiVhPNrh4PSD/D9S5 RqUG3oSsFjSTtGwVl2JlqlHoE90tXOqLBhZFCJixQzaW3kbCfhDZdmufj8TQYBCQ N3ioNAGwvmSeV8QPh8l3P7TRRsMwr0OTWQYtj7r4QuW+dDPJaKzbCpmWVaCPVeI2 uKUxwwIxSE9J9L1mUR34HIJR/clCFNqlcpc/MmQVz0qprBOh4jNDunN+JNDY1VXR 3P+N50ZnHCK5w1z+vjeVvZRyp9JDt2LDUj6XJ6G9IdvN1xA= =vNzh -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa460.patch" Content-Disposition: attachment; filename="xsa460.patch" Content-Transfer-Encoding: base64 RnJvbTogVGVkZHkgQXN0aWUgPHRlZGR5LmFzdGllQHZhdGVzLnRlY2g+ClN1 YmplY3Q6IHg4Ni9JT01NVTogbW92ZSB0cmFja2luZyBpbiBpb21tdV9pZGVu dGl0eV9tYXBwaW5nKCkKCklmIGZvciBzb21lIHJlYXNvbiB4bWFsbG9jKCkg ZmFpbHMgYWZ0ZXIgaGF2aW5nIG1hcHBlZCB0aGUgcmVzZXJ2ZWQKcmVnaW9u cywgYW4gZXJyb3IgaXMgcmVwb3J0ZWQsIGJ1dCB0aGUgcmVnaW9ucyByZW1h aW4gbWFwcGVkIGluIHRoZSBQMk0uCgpTaW1pbGFybHkgaWYgYW4gZXJyb3Ig b2NjdXJzIGR1cmluZyBzZXRfaWRlbnRpdHlfcDJtX2VudHJ5KCkgKGV4Y2Vw dCBvbgp0aGUgZmlyc3QgY2FsbCksIHRoZSBwYXJ0aWFsIG1hcHBpbmdzIG9m IHRoZSByZWdpb24gd291bGQgYmUgcmV0YWluZWQKd2l0aG91dCBiZWluZyB0 cmFja2VkIGFueXdoZXJlLCBhbmQgaGVuY2Ugd2l0aG91dCB0aGVyZSBiZWlu ZyBhIHdheSB0bwpyZW1vdmUgdGhlbSBhZ2FpbiBmcm9tIHRoZSBkb21haW4n cyBQMk0uCgpNb3ZlIHRoZSBzZXR0aW5nIHVwIG9mIHRoZSBsaXN0IGVudHJ5 IGFoZWFkIG9mIHRyeWluZyB0byBtYXAgdGhlIHJlZ2lvbi4KSW4gY2FzZXMg b3RoZXIgdGhhbiB0aGUgZmlyc3QgbWFwcGluZyBmYWlsaW5nLCBrZWVwIHJl Y29yZCBvZiB0aGUgZnVsbApyZWdpb24sIHN1Y2ggdGhhdCBhIHN1YnNlcXVl bnQgdW5tYXBwaW5nIHJlcXVlc3QgY2FuIGJlIHByb3Blcmx5IHRvcm4KZG93 bi4KClRvIGNvbXBlbnNhdGUgZm9yIHRoZSBwb3RlbnRpYWxseSBleGNlc3Mg dW5tYXBwaW5nIHJlcXVlc3RzLCBkb24ndCBsb2cgYQp3YXJuaW5nIGZyb20g cDJtX3JlbW92ZV9pZGVudGl0eV9lbnRyeSgpIHdoZW4gdGhlcmUgcmVhbGx5 IHdhcyBub3RoaW5nCm1hcHBlZCBhdCBhIGdpdmVuIEdGTi4KClRoaXMgaXMg WFNBLTQ2MCAvIENWRS0yMDI0LTMxMTQ1LgoKRml4ZXM6IDIyMDFiNjdiOTEy OCAoIlZULWQ6IGltcHJvdmUgUk1SUiByZWdpb24gaGFuZGxpbmciKQpGaXhl czogYzBlMTlkN2M2YzQyICgiSU9NTVU6IGdlbmVyYWxpemUgVlQtZCdzIHRy YWNraW5nIG9mIG1hcHBlZCBSTVJSIHJlZ2lvbnMiKQpTaWduZWQtb2ZmLWJ5 OiBUZWRkeSBBc3RpZSA8dGVkZHkuYXN0aWVAdmF0ZXMudGVjaD4KU2lnbmVk LW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZp ZXdlZC1ieTogUm9nZXIgUGF1IE1vbm7DqSA8cm9nZXIucGF1QGNpdHJpeC5j b20+CgotLS0gYS94ZW4vYXJjaC94ODYvbW0vcDJtLmMKKysrIGIveGVuL2Fy Y2gveDg2L21tL3AybS5jCkBAIC0xMjY3LDkgKzEyNjcsMTEgQEAgaW50IHAy bV9yZW1vdmVfaWRlbnRpdHlfZW50cnkoc3RydWN0IGRvbQogICAgIGVsc2UK ICAgICB7CiAgICAgICAgIGdmbl91bmxvY2socDJtLCBnZm4sIDApOwotICAg ICAgICBwcmludGsoWEVOTE9HX0dfV0FSTklORwotICAgICAgICAgICAgICAg Im5vbi1pZGVudGl0eSBtYXAgZCVkOiVseCBub3QgY2xlYXJlZCAobWFwcGVk IHRvICVseClcbiIsCi0gICAgICAgICAgICAgICBkLT5kb21haW5faWQsIGdm bl9sLCBtZm5feChtZm4pKTsKKyAgICAgICAgaWYgKCAocDJtdCAhPSBwMm1f aW52YWxpZCAmJiBwMm10ICE9IHAybV9tbWlvX2RtKSB8fAorICAgICAgICAg ICAgIGEgIT0gcDJtX2FjY2Vzc19uIHx8ICFtZm5fZXEobWZuLCBJTlZBTElE X01GTikgKQorICAgICAgICAgICBwcmludGsoWEVOTE9HX0dfV0FSTklORwor ICAgICAgICAgICAgICAgICAgIm5vbi1pZGVudGl0eSBtYXAgJXBkOiVseCBu b3QgY2xlYXJlZCAobWFwcGVkIHRvICVseClcbiIsCisgICAgICAgICAgICAg ICAgICBkLCBnZm5fbCwgbWZuX3gobWZuKSk7CiAgICAgICAgIHJldCA9IDA7 CiAgICAgfQogCi0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL3g4Ni9p b21tdS5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL3g4Ni9pb21t dS5jCkBAIC0yNjcsMjQgKzI2NywzNiBAQCBpbnQgaW9tbXVfaWRlbnRpdHlf bWFwcGluZyhzdHJ1Y3QgZG9tYWluCiAgICAgaWYgKCBwMm1hID09IHAybV9h Y2Nlc3NfeCApCiAgICAgICAgIHJldHVybiAtRU5PRU5UOwogCi0gICAgd2hp bGUgKCBiYXNlX3BmbiA8IGVuZF9wZm4gKQotICAgIHsKLSAgICAgICAgaW50 IGVyciA9IHNldF9pZGVudGl0eV9wMm1fZW50cnkoZCwgYmFzZV9wZm4sIHAy bWEsIGZsYWcpOwotCi0gICAgICAgIGlmICggZXJyICkKLSAgICAgICAgICAg IHJldHVybiBlcnI7Ci0gICAgICAgIGJhc2VfcGZuKys7Ci0gICAgfQotCiAg ICAgbWFwID0geG1hbGxvYyhzdHJ1Y3QgaWRlbnRpdHlfbWFwKTsKICAgICBp ZiAoICFtYXAgKQogICAgICAgICByZXR1cm4gLUVOT01FTTsKKwogICAgIG1h cC0+YmFzZSA9IGJhc2U7CiAgICAgbWFwLT5lbmQgPSBlbmQ7CiAgICAgbWFw LT5hY2Nlc3MgPSBwMm1hOwogICAgIG1hcC0+Y291bnQgPSAxOworCisgICAg LyoKKyAgICAgKiBJbnNlcnQgaW50byBsaXN0IGFoZWFkIG9mIG1hcHBpbmcs IHNvIHRoZSByYW5nZSBjYW4gYmUgZm91bmQgd2hlbgorICAgICAqIHRyeWlu ZyB0byBjbGVhbiB1cC4KKyAgICAgKi8KICAgICBsaXN0X2FkZF90YWlsKCZt YXAtPmxpc3QsICZoZC0+YXJjaC5pZGVudGl0eV9tYXBzKTsKIAorICAgIGZv ciAoIDsgYmFzZV9wZm4gPCBlbmRfcGZuOyArK2Jhc2VfcGZuICkKKyAgICB7 CisgICAgICAgIGludCBlcnIgPSBzZXRfaWRlbnRpdHlfcDJtX2VudHJ5KGQs IGJhc2VfcGZuLCBwMm1hLCBmbGFnKTsKKworICAgICAgICBpZiAoICFlcnIg KQorICAgICAgICAgICAgY29udGludWU7CisKKyAgICAgICAgaWYgKCAobWFw LT5iYXNlID4+IFBBR0VfU0hJRlRfNEspID09IGJhc2VfcGZuICkKKyAgICAg ICAgeworICAgICAgICAgICAgbGlzdF9kZWwoJm1hcC0+bGlzdCk7CisgICAg ICAgICAgICB4ZnJlZShtYXApOworICAgICAgICB9CisgICAgICAgIHJldHVy biBlcnI7CisgICAgfQorCiAgICAgcmV0dXJuIDA7CiB9CiAK --=separator-- From xen-users-bounces@lists.xenproject.org Wed Aug 14 13:27:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 14 Aug 2024 13:27:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.777263.1187476 (Exim 4.92) (envelope-from ) id 1seE1Y-000416-Hz; Wed, 14 Aug 2024 13:26:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 777263.1187476; Wed, 14 Aug 2024 13:26:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1seE1Y-00040z-DE; Wed, 14 Aug 2024 13:26:48 +0000 Received: by outflank-mailman (input) for mailman id 777263; Wed, 14 Aug 2024 13:26:46 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1seE0q-0000NT-65 for xen-users@lists.xen.org; Wed, 14 Aug 2024 13:26:04 +0000 Received: from mail.xenproject.org (mail.xenproject.org [104.130.215.37]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id bd711bdb-5a40-11ef-8776-851b0ebba9a2; Wed, 14 Aug 2024 15:25:59 +0200 (CEST) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1seE0f-000169-Qj; Wed, 14 Aug 2024 13:25:53 +0000 Received: from julieng by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1seE0f-0001zO-Nj; Wed, 14 Aug 2024 13:25:53 +0000 X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" X-Inumbo-ID: bd711bdb-5a40-11ef-8776-851b0ebba9a2 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type; bh=0cESxM2Nc/a1Y9sxbNz5glxIoFXz8cls7TNWojCBKls=; b=QRt+ev77BYIZc3zRSzK7lN7N7h HtQFzrEO7QlN1w5asF6q6/a+tsplonxv2w6lQDu2hj6XlRrjC9VJ6InRPccnGALUSZ7pRneaDFQpU uhhzSGScqu2jyBQJfeC+RxJLxt9JoZHNCFB1TIYuwsIZZfTbgAehsdTUzllPIMQVtKBg=; Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 461 v2 (CVE-2024-31146) - PCI device pass-through with shared resources Message-Id: Date: Wed, 14 Aug 2024 13:25:53 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2024-31146 / XSA-461 version 2 PCI device pass-through with shared resources UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be security-supported, yet making that explicit was so far missing. Resources the sharing of which is known to be problematic include, but are not limited to - - PCI Base Address Registers (BARs) of multiple devices mapping to the same page (4k on x86), - - INTx lines. IMPACT ====== The precise effects when shared resources are in use are system, device, guest, and resource specific. None of privilege escalation, information leaks, or Denial of Service (DoS) can be ruled out. VULNERABLE SYSTEMS ================== All systems making use of PCI pass-through are in principle vulnerable, when any kind of resource is shared. Just to re-iterate, even in the absence of resource sharing caveats apply to passing through of PCI devices to entirely untrusted guests. MITIGATION ========== Passing through only SR-IOV virtual functions or devices with well- separated resources will avoid this particular vulnerability. Passing through all devices sharing a given resource to the same guest will also avoid this particular vulnerability. RESOLUTION ========== Applying the appropriate attached patch documents this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa461.patch xen-unstable - Xen 4.16.x $ sha256sum xsa461* 2415504496508ad87c306aa7257e836d7c2f0bd8849656de5b586f0ab93fd17f xsa461.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of patches or mitigations is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because changing the nature of devices being passed through is very likely noticeable by the guest. Deployment is permitted only AFTER the embargo ends. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAma8sCkMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZLDkH/i6esACkik7iglEESFgCj0x6fc3KdpVzsCPznmsn uWZzBO9xuggoPOONJ70Or7tsIdaYDAkealZrBGreXlPEgd0MOtozLYrvB2IIqJEj cKyC4Y04VpBkynaOiLraFvUs0xyC0cew1NZdE/cxr9ewRvvrHVcyBI5GBAMKworh g4hjIDOR9ohhvxN2P7Yz59OY+Ojo57t+IlpvPPm+c53bARYR6H/cxyUDLYVlfrk2 iNPif7Wpi1PU/Sjz5XqBF5mXW+LLsLnbyw8Iyhnjqv1zC/tUdzl1INUBd24eHSjP aXnrlExoGAuvUcf/6YVfU0u2dB7iISGYAs2ESeYuxpJnZ8E= =LkWz -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa461.patch" Content-Disposition: attachment; filename="xsa461.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODYvcGFzcy10aHJvdWdoOiBkb2N1bWVudHMgYXMgc2VjdXJpdHktdW5z dXBwb3J0ZWQgd2hlbiBzaGFyaW5nIHJlc291cmNlcwoKV2hlbiBtdWx0aXBs ZSBkZXZpY2VzIHNoYXJlIHJlc291cmNlcyBhbmQgb25lIG9mIHRoZW0gaXMg dG8gYmUgcGFzc2VkCnRocm91Z2ggdG8gYSBndWVzdCwgc2VjdXJpdHkgb2Yg dGhlIGVudGlyZSBzeXN0ZW0gYW5kIG9mIHJlc3BlY3RpdmUKZ3Vlc3RzIGlu ZGl2aWR1YWxseSBjYW5ub3QgcmVhbGx5IGJlIGd1YXJhbnRlZWQgd2l0aG91 dCBrbm93aW5nCmludGVybmFscyBvZiBhbnkgb2YgdGhlIGludm9sdmVkIGd1 ZXN0cy4gIFRoZXJlZm9yZSBzdWNoIGEgY29uZmlndXJhdGlvbgpjYW5ub3Qg cmVhbGx5IGJlIHNlY3VyaXR5LXN1cHBvcnRlZCwgeWV0IG1ha2luZyB0aGF0 IGV4cGxpY2l0IHdhcyBzbyBmYXIKbWlzc2luZy4KClRoaXMgaXMgWFNBLTQ2 MSAvIENWRS0yMDI0LTMxMTQ2LgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1ieTogSnVlcmdlbiBH cm9zcyA8amdyb3NzQHN1c2UuY29tPgotLS0KVEJEOiBPZiBjb3Vyc2UgdGhl IHN5c3RlbSBidXMoZXMpIGlzIGEgLyBhcmUgc2hhcmVkIHJlc291cmNlKHMp LCB0b28uCiAgICAgSSdtIGFmcmFpZCBJIGRvbid0IGtub3cgdGhlIGxvdyBs ZXZlbCBkZXRhaWxzIG9mIFBDSSB0byBiZSBhYmxlIHRvCiAgICAgdGVsbCB3 aGV0aGVyIHRoZXJlIGFyZSBhbnkgZmFpcm5lc3MgZ3VhcmFudGVlcyB0aGVy ZS4KCi0tLSBhL1NVUFBPUlQubWQKKysrIGIvU1VQUE9SVC5tZApAQCAtODQx LDYgKzg0MSwxMSBAQCBUaGlzIGZlYXR1cmUgaXMgbm90IHNlY3VyaXR5IHN1 cHBvcnRlZDoKIAogT25seSBzeXN0ZW1zIHVzaW5nIElPTU1VcyBhcmUgc3Vw cG9ydGVkLgogCitQYXNzaW5nIHRocm91Z2ggb2YgZGV2aWNlcyBzaGFyaW5n IHJlc291cmNlcyB3aXRoIGFub3RoZXIgZGV2aWNlIGlzIG5vdAorc2VjdXJp dHkgc3VwcG9ydGVkLiAgU3VjaCBzaGFyaW5nIGNvdWxkIGUuZy4gYmUgdGhl IHNhbWUgbGluZSBpbnRlcnJ1cHQgYmVpbmcKK3VzZWQgYnkgbXVsdGlwbGUg ZGV2aWNlcywgb25lIG9mIHdoaWNoIGlzIHRvIGJlIHBhc3NlZCB0aHJvdWdo LCBvciB0d28gc3VjaAorZGV2aWNlcyBoYXZpbmcgbWVtb3J5IEJBUnMgd2l0 aGluIHRoZSBzYW1lIDRrIHBhZ2UuCisKIE5vdCBjb21wYXRpYmxlIHdpdGgg bWlncmF0aW9uLCBwb3B1bGF0ZS1vbi1kZW1hbmQsIGFsdHAybSwKIGludHJv c3BlY3Rpb24sIG1lbW9yeSBzaGFyaW5nLCBvciBtZW1vcnkgcGFnaW5nLgog Cg== --=separator-- From xen-users-bounces@lists.xenproject.org Fri Aug 16 23:20:12 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 16 Aug 2024 23:20:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.778787.1188782 (Exim 4.92) (envelope-from ) id 1sf6E6-00059X-Hs; Fri, 16 Aug 2024 23:19:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 778787.1188782; Fri, 16 Aug 2024 23:19:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1sf6E6-00059Q-DB; Fri, 16 Aug 2024 23:19:22 +0000 Received: by outflank-mailman (input) for mailman id 778787; Fri, 16 Aug 2024 23:19:21 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1sf6E5-00059K-6L for xen-users@lists.xenproject.org; Fri, 16 Aug 2024 23:19:21 +0000 Received: from out.good-with-numbers.com (out.good-with-numbers.com [70.36.235.100]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id f3e62830-5c25-11ef-8776-851b0ebba9a2; Sat, 17 Aug 2024 01:19:18 +0200 (CEST) X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" X-Inumbo-ID: f3e62830-5c25-11ef-8776-851b0ebba9a2 Date: Fri, 16 Aug 2024 23:16:35 +0000 From: Mike To: xen-users@lists.xenproject.org Subject: Re: Call for help - Xen user documentation Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline You could start by choosing a documentation format that everyone knows. That's why the wiki was useful. Given that you didn't, you could give basic instructions on how to use it. I know how to check out Git code. I don't know Sphinx, or how to build a Sphinx site in order to check that my changes are correct. I think you've doomed this to never getting updated by the community. Here's an example of a nice-looking documentation site that's GitHub- controlled and easy to update: https://docs.scala-lang.org/tour/tour-of-scala.html From xen-users-bounces@lists.xenproject.org Sat Aug 17 04:40:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 17 Aug 2024 04:40:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.778879.1188882 (Exim 4.92) (envelope-from ) id 1sfBEG-0006u8-Td; Sat, 17 Aug 2024 04:39:52 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 778879.1188882; Sat, 17 Aug 2024 04:39:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1sfBEG-0006u1-Q6; Sat, 17 Aug 2024 04:39:52 +0000 Received: by outflank-mailman (input) for mailman id 778879; Sat, 17 Aug 2024 04:39:51 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1sfBEF-0006tv-Gw for xen-users@lists.xenproject.org; Sat, 17 Aug 2024 04:39:51 +0000 Received: from out.good-with-numbers.com (out.good-with-numbers.com [70.36.235.100]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id bba3cb81-5c52-11ef-8776-851b0ebba9a2; Sat, 17 Aug 2024 06:39:49 +0200 (CEST) X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" X-Inumbo-ID: bba3cb81-5c52-11ef-8776-851b0ebba9a2 Date: Sat, 17 Aug 2024 04:37:08 +0000 From: Mike To: xen-users@lists.xenproject.org Subject: permanent credit2 weight Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I've read the suggestion to use ----- xl sched-credit2 -d 0 -w 512 ----- but this resets on reboot. How to make it permanent? From xen-users-bounces@lists.xenproject.org Wed Aug 21 14:22:19 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 21 Aug 2024 14:22:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.780929.1190738 (Exim 4.92) (envelope-from ) id 1sgmDK-00060X-5U; Wed, 21 Aug 2024 14:21:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 780929.1190738; Wed, 21 Aug 2024 14:21:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1sgmDK-00060Q-2f; Wed, 21 Aug 2024 14:21:30 +0000 Received: by outflank-mailman (input) for mailman id 780929; Wed, 21 Aug 2024 06:39:23 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1sgf07-0003Oc-JL for xen-users@lists.xenproject.org; Wed, 21 Aug 2024 06:39:23 +0000 Received: from fllv0015.ext.ti.com (fllv0015.ext.ti.com [198.47.19.141]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 172a0980-5f88-11ef-a508-bb4a2ccca743; Wed, 21 Aug 2024 08:39:21 +0200 (CEST) Received: from fllv0035.itg.ti.com ([10.64.41.0]) by fllv0015.ext.ti.com (8.15.2/8.15.2) with ESMTP id 47L6dEID097839; Wed, 21 Aug 2024 01:39:14 -0500 Received: from DFLE100.ent.ti.com (dfle100.ent.ti.com [10.64.6.21]) by fllv0035.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 47L6dEce107307 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 21 Aug 2024 01:39:14 -0500 Received: from DFLE110.ent.ti.com (10.64.6.31) by DFLE100.ent.ti.com (10.64.6.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23; Wed, 21 Aug 2024 01:39:14 -0500 Received: from lelvsmtp6.itg.ti.com (10.180.75.249) by DFLE110.ent.ti.com (10.64.6.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23 via Frontend Transport; Wed, 21 Aug 2024 01:39:14 -0500 Received: from localhost (nightbug.dhcp.ti.com [10.24.72.75]) by lelvsmtp6.itg.ti.com (8.15.2/8.15.2) with ESMTP id 47L6dDUw098901; Wed, 21 Aug 2024 01:39:13 -0500 X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" X-Inumbo-ID: 172a0980-5f88-11ef-a508-bb4a2ccca743 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1724222354; bh=kUMl0VyI5r7IM+f6zQqKdWimHJx1o3OEnLcih7cx7w8=; h=From:To:CC:Subject:Date; b=Uflas1AlVQ8flkSTBXgz3uVK3UZyaDwverdhNQ/woLUqjc7dJHeU/on/kOijvrwiQ D/0x4Q9zm/utNbNotuUn3WWVw8WaE3CeQazufSgYW9BeUdUOqM6mXWPS8jexv5jvog tbj8XCYdjPFyj9x61zoLFfBPoOG5gsKjkYpBoAzU= From: Amneesh Singh To: CC: Subject: question regarding FIT image generation in imagebuilder Date: Wed, 21 Aug 2024 12:08:33 +0530 Message-ID: <20240821063832.341325-1-a-singh21@ti.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 I was trying to generate a FIT image and could not understand why is there this check, in the script. if test "$FIT" then memaddr=$(( $MEMORY_END - 2 * ( $memaddr + $offset ) )) else memaddr=$(( $MEMORY_END - $memaddr - $offset )) fi if test $memaddr -lt 0 then echo Error, not enough memory to load all binaries cleanup_and_return_err fi What I do not understand is why there is a 2x for the FIT image? Thanks and regards Amneesh From xen-users-bounces@lists.xenproject.org Wed Aug 21 16:24:11 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 21 Aug 2024 16:24:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.781386.1190940 (Exim 4.92) (envelope-from ) id 1sgo7M-0004di-KV; Wed, 21 Aug 2024 16:23:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 781386.1190940; Wed, 21 Aug 2024 16:23:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1sgo7M-0004db-H7; Wed, 21 Aug 2024 16:23:28 +0000 Received: by outflank-mailman (input) for mailman id 781386; Wed, 21 Aug 2024 16:23:27 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1sgo7L-0004dV-8F for xen-users@lists.xenproject.org; Wed, 21 Aug 2024 16:23:27 +0000 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id b0e07b9e-5fd9-11ef-a508-bb4a2ccca743; Wed, 21 Aug 2024 18:23:25 +0200 (CEST) Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id D1E91A411A1; Wed, 21 Aug 2024 16:23:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1B3DAC32786; Wed, 21 Aug 2024 16:23:22 +0000 (UTC) X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" X-Inumbo-ID: b0e07b9e-5fd9-11ef-a508-bb4a2ccca743 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724257403; bh=ASFFe8QJ/LmP1PH33/PLWMjlQIAg+gznbw4aaaF4rG8=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=rQssNiGrJMRaFqGDRQ5WBVxa/J6Ina5kx/ig+bgEbPqJrRh98wUPJ1jJGd+nMQHug f+I3xhj/gdjpuIsK7Ge94cMFPEBKHxZKFrbK8DOLg7pKSVTiUVQVJ+undnw+hE/ynD K/cNciUXcLdyu2/dQnhXmX3JD0LGTxJ7PELEVdE1ejsnQNXbHMAESJDQblR7hmDVvu MkI8Zq8opwrh1U1zOxoVPq8/nkXGh1/NI/75Xw8audgr87LazswIAeeUKZpfxnS53+ s1EgM7LV5NWuOqvJfkUPM1u4993Rx7fkTZaaEoU6xYWjpLWGrxowqdiTvTVCuUL/EL BvcBh0Z3pj5cQ== Date: Wed, 21 Aug 2024 09:23:14 -0700 (PDT) From: Stefano Stabellini X-X-Sender: sstabellini@ubuntu-linux-20-04-desktop To: Amneesh Singh cc: xen-users@lists.xenproject.org, sstabellini@kernel.org, michal.orzel@amd.com Subject: Re: question regarding FIT image generation in imagebuilder In-Reply-To: <20240821063832.341325-1-a-singh21@ti.com> Message-ID: References: <20240821063832.341325-1-a-singh21@ti.com> User-Agent: Alpine 2.22 (DEB 394 2020-01-19) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII +Michal On Wed, 21 Aug 2024, Amneesh Singh wrote: > I was trying to generate a FIT image and could not understand why is > there this check, in the script. > > if test "$FIT" > then > memaddr=$(( $MEMORY_END - 2 * ( $memaddr + $offset ) )) > else > memaddr=$(( $MEMORY_END - $memaddr - $offset )) > fi > if test $memaddr -lt 0 > then > echo Error, not enough memory to load all binaries > cleanup_and_return_err > fi > > What I do not understand is why there is a 2x for the FIT image? Hi Amneesh, It has been a while since the feature was added, but I think the reason is that with the FIT image the binaries need to be copied out of the FIT image before they can be loaded by Xen into guest memory. So, you need to have at least 2x the amount of memory compared to the non-FIT image case. Cheers, Stefano