diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a0ae9ce..ae31b94 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,11 +1,7 @@ include: - project: QubesOS/qubes-continuous-integration - file: /r4.1/gitlab-base.yml + file: /r4.3/gitlab-base.yml - project: QubesOS/qubes-continuous-integration - file: /r4.1/gitlab-dom0.yml + file: /r4.3/gitlab-host.yml - project: QubesOS/qubes-continuous-integration - file: /r4.2/gitlab-base.yml - - project: QubesOS/qubes-continuous-integration - file: /r4.2/gitlab-host.yml - - project: QubesOS/qubes-continuous-integration - file: /r4.2/gitlab-host-openqa.yml + file: /r4.3/gitlab-host-openqa.yml diff --git a/.qubesbuilder b/.qubesbuilder index b4ab3c9..3766843 100644 --- a/.qubesbuilder +++ b/.qubesbuilder @@ -8,21 +8,21 @@ source: # it treats component as external source like "xen", "grub", etc. create-archive: true files: - - url: https://download.qemu.org/qemu-8.1.2.tar.xz - signature: https://download.qemu.org/qemu-8.1.2.tar.xz.sig + - url: https://download.qemu.org/qemu-9.0.2.tar.xz + signature: https://download.qemu.org/qemu-9.0.2.tar.xz.sig pubkeys: - keys/qemu/mdroth.asc - keys/qemu/pbonzini.asc - - url: https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.200.tar.xz - signature: https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.200.tar.sign + - url: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.6.44.tar.xz + signature: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.6.44.tar.sign uncompress: true pubkeys: - keys/linux/greg.asc - - url: https://busybox.net/downloads/busybox-1.31.1.tar.bz2 -# signature: https://busybox.net/downloads/busybox-1.31.1.tar.bz2.sig + - url: https://busybox.net/downloads/busybox-1.36.1.tar.bz2 +# signature: https://busybox.net/downloads/busybox-1.36.1.tar.bz2.sig # pubkeys: # - keys/busybox/vda_pubkey.asc - sha512: checksums/busybox-1.31.1.tar.bz2.sha512 + sha512: checksums/busybox-1.36.1.tar.bz2.sha512 - url: https://www.freedesktop.org/software/pulseaudio/releases/pulseaudio-14.2.tar.xz sha512: checksums/pulseaudio-14.2.tar.xz.sha512 - url: https://github.com/libusb/libusb/releases/download/v1.0.23/libusb-1.0.23.tar.bz2 diff --git a/Makefile.stubdom b/Makefile.stubdom index 7d628fe..cbe9049 100644 --- a/Makefile.stubdom +++ b/Makefile.stubdom @@ -256,10 +256,8 @@ build/qemu/build/config.status: build/qemu/.patched build/qemu/.gui-agent-copied --disable-numa \ --disable-qom-cast-debug \ --disable-virglrenderer \ - --enable-stubdom \ --disable-tools \ --disable-replication \ - --disable-hax \ --disable-opengl \ --disable-virglrenderer \ --disable-tcg \ diff --git a/Makefile.vars b/Makefile.vars index ff47157..868bd3c 100644 --- a/Makefile.vars +++ b/Makefile.vars @@ -1,5 +1,5 @@ -QEMU_VERSION := 8.1.2 -LINUX_VERSION := 5.10.200 -BUSYBOX_VERSION := 1.31.1 +QEMU_VERSION := 9.0.2 +LINUX_VERSION := 6.6.44 +BUSYBOX_VERSION := 1.36.1 PULSEAUDIO_VERSION := 14.2 LIBUSB_VERSION := 1.0.23 diff --git a/busybox/busybox.config b/busybox/busybox.config index 13d6c54..b61e07c 100644 --- a/busybox/busybox.config +++ b/busybox/busybox.config @@ -794,6 +794,7 @@ CONFIG_FEATURE_IP_NEIGH=y # CONFIG_ROUTE is not set # CONFIG_SLATTACH is not set # CONFIG_SSL_CLIENT is not set +# CONFIG_TC is not set # CONFIG_TCPSVD is not set # CONFIG_UDPSVD is not set # CONFIG_TELNET is not set diff --git a/checksums/busybox-1.31.1.tar.bz2.sha512 b/checksums/busybox-1.31.1.tar.bz2.sha512 deleted file mode 100644 index bab426a..0000000 --- a/checksums/busybox-1.31.1.tar.bz2.sha512 +++ /dev/null @@ -1 +0,0 @@ -0d1197c25d963d7f95ef21e08c06c0d6124ac7b59c99989e891f744ffee4878a3b1fe44a247241a9da39fa5de0ba87f1b6d862401b591f277e66e89c02764bbf diff --git a/checksums/busybox-1.36.1.tar.bz2.sha512 b/checksums/busybox-1.36.1.tar.bz2.sha512 new file mode 100644 index 0000000..d37a3fb --- /dev/null +++ b/checksums/busybox-1.36.1.tar.bz2.sha512 @@ -0,0 +1 @@ +8c0c754c9ae04b5e6b23596283a7d3a4ef96225fe179f92d6f6a99c69c0caa95b1aa56c267f52d7c807f6cc69e1f0b7dd29a8ac624098f601738f8c0c57980d4 diff --git a/helpers/vchan-socket-proxy.c b/helpers/vchan-socket-proxy.c index 635cb87..3d428e6 100644 --- a/helpers/vchan-socket-proxy.c +++ b/helpers/vchan-socket-proxy.c @@ -227,7 +227,7 @@ static struct libxenvchan *connect_vchan(int domid, const char *path) { struct libxenvchan *ctrl = NULL; struct xs_handle *xs = NULL; xc_interface *xc = NULL; - xc_dominfo_t dominfo; + xc_domaininfo_t dominfo; char **watch_ret; unsigned int watch_num; int ret; @@ -259,12 +259,12 @@ static struct libxenvchan *connect_vchan(int domid, const char *path) { if (ctrl) break; - ret = xc_domain_getinfo(xc, domid, 1, &dominfo); + ret = xc_domain_getinfo_single(xc, domid, &dominfo); /* break the loop if domain is definitely not there anymore, but * continue if it is or the call failed (like EPERM) */ if (ret == -1 && errno == ESRCH) break; - if (ret == 1 && (dominfo.domid != (uint32_t)domid || dominfo.dying)) + if (ret == 0 && (dominfo.flags & XEN_DOMINF_dying)) break; } diff --git a/linux/config/05-base b/linux/config/05-base index 2aecc3b..a7da635 100644 --- a/linux/config/05-base +++ b/linux/config/05-base @@ -75,6 +75,7 @@ CONFIG_PROC_FS=y CONFIG_PROC_SYSCTL=y CONFIG_SYSFS=y CONFIG_DEVTMPFS=y +CONFIG_TMPFS=y CONFIG_PRINTK=y CONFIG_BUG=y diff --git a/linux/patches/0001-tty-hvc-setup-hvc-consoles-in-RAW-mode-by-default.patch b/linux/patches/0001-tty-hvc-setup-hvc-consoles-in-RAW-mode-by-default.patch index e58294c..5bcbf59 100644 --- a/linux/patches/0001-tty-hvc-setup-hvc-consoles-in-RAW-mode-by-default.patch +++ b/linux/patches/0001-tty-hvc-setup-hvc-consoles-in-RAW-mode-by-default.patch @@ -31,9 +31,9 @@ index 27284a2dcd2b..cd063b3c6903 100644 + * buffered data */ + drv->init_termios.c_iflag = 0; + drv->init_termios.c_lflag &= ~(ISIG | ICANON); - drv->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_RESET_TERMIOS; tty_set_operations(drv, &hvc_ops); + /* Always start the kthread because there can be hotplug vty adapters -- 2.17.2 diff --git a/qemu/gui-agent b/qemu/gui-agent index 6a2725f..d86e892 160000 --- a/qemu/gui-agent +++ b/qemu/gui-agent @@ -1 +1 @@ -Subproject commit 6a2725f7d17c97f6e1b420ee17b9ac2392a78124 +Subproject commit d86e892ab78d7998b3b2830e6ed13abce4b731a0 diff --git a/qemu/patches/0001-configure-add-enable-stubdom.patch b/qemu/patches/0001-configure-add-enable-stubdom.patch deleted file mode 100644 index 67f44a9..0000000 --- a/qemu/patches/0001-configure-add-enable-stubdom.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 7c32d7e823f5860dda247ac88207b82b36400a92 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= - -Date: Sat, 18 Nov 2023 15:02:33 +0100 -Subject: [PATCH 01/21] configure: add enable-stubdom - ---- - meson.build | 2 ++ - meson_options.txt | 2 ++ - scripts/meson-buildoptions.sh | 3 +++ - 3 files changed, 7 insertions(+) - -diff --git a/meson.build b/meson.build -index a9c4f28247..d6281c4f01 100644 ---- a/meson.build -+++ b/meson.build -@@ -2184,6 +2184,7 @@ if xen.found() - ('0' + xen_version[1]).substring(-2) + \ - ('0' + xen_version[2]).substring(-2) - config_host_data.set('CONFIG_XEN_CTRL_INTERFACE_VERSION', xen_ctrl_version) -+ config_host_data.set('CONFIG_STUBDOM', get_option('stubdom').enabled()) - endif - config_host_data.set('QEMU_VERSION', '"@0@"'.format(meson.project_version())) - config_host_data.set('QEMU_VERSION_MAJOR', meson.project_version().split('.')[0]) -@@ -4149,6 +4150,7 @@ if have_system - if xen.found() - summary_info += {'xen ctrl version': xen.version()} - endif -+ summary_info += {'Xen stubdomain': config_host_data.get('CONFIG_STUBDOM', false)} - summary_info += {'Xen emulation': config_all.has_key('CONFIG_XEN_EMU')} - endif - summary_info += {'TCG support': config_all.has_key('CONFIG_TCG')} -diff --git a/meson_options.txt b/meson_options.txt -index ae6d8f469d..a7505493b2 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -81,6 +81,8 @@ option('xen', type: 'feature', value: 'auto', - description: 'Xen backend support') - option('xen_pci_passthrough', type: 'feature', value: 'auto', - description: 'Xen PCI passthrough support') -+option('stubdom', type: 'feature', value: 'auto', -+ description: 'Build for Xen stubdomain') - option('tcg', type: 'feature', value: 'enabled', - description: 'TCG support') - option('tcg_interpreter', type: 'boolean', value: false, -diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh -index d7020af175..8f69b84429 100644 ---- a/scripts/meson-buildoptions.sh -+++ b/scripts/meson-buildoptions.sh -@@ -168,6 +168,7 @@ meson_options_help() { - printf "%s\n" ' spice Spice server support' - printf "%s\n" ' spice-protocol Spice protocol support' - printf "%s\n" ' stack-protector compiler-provided stack protection' -+ printf "%s\n" ' stubdom Build for Xen stubdomain' - printf "%s\n" ' tcg TCG support' - printf "%s\n" ' tools build support utilities that come with QEMU' - printf "%s\n" ' tpm TPM support' -@@ -454,6 +455,8 @@ _meson_option_parse() { - --disable-stack-protector) printf "%s" -Dstack_protector=disabled ;; - --enable-strip) printf "%s" -Dstrip=true ;; - --disable-strip) printf "%s" -Dstrip=false ;; -+ --enable-stubdom) printf "%s" -Dstubdom=enabled ;; -+ --disable-stubdom) printf "%s" -Dstubdom=disabled ;; - --sysconfdir=*) quote_sh "-Dsysconfdir=$2" ;; - --enable-tcg) printf "%s" -Dtcg=enabled ;; - --disable-tcg) printf "%s" -Dtcg=disabled ;; --- -2.41.0 - diff --git a/qemu/patches/0001-hw-xen-detect-when-running-inside-stubdomain.patch b/qemu/patches/0001-hw-xen-detect-when-running-inside-stubdomain.patch new file mode 100644 index 0000000..9b75f4b --- /dev/null +++ b/qemu/patches/0001-hw-xen-detect-when-running-inside-stubdomain.patch @@ -0,0 +1,95 @@ +From e66aa97dca5120f22e015c19710b2ff04f525720 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Sat, 17 Feb 2024 03:51:44 +0100 +Subject: [PATCH 1/2] hw/xen: detect when running inside stubdomain +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Introduce global xen_is_stubdomain variable when qemu is running inside +a stubdomain instead of dom0. This will be relevant for subsequent +patches, as few things like accessing PCI config space need to be done +differently. + +Signed-off-by: Marek Marczykowski-Górecki +--- +Changes in v3: +- move to xen_hvm_init_pc() +- coding style +Changes in v2: +- use sigend int for domid to match xenstore_read_int() types +- fix code style +--- + hw/i386/xen/xen-hvm.c | 22 ++++++++++++++++++++++ + include/hw/xen/xen.h | 1 + + system/globals.c | 1 + + 3 files changed, 24 insertions(+) + +diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c +index 7745cb3963..3291c177d3 100644 +--- a/hw/i386/xen/xen-hvm.c ++++ b/hw/i386/xen/xen-hvm.c +@@ -583,6 +583,26 @@ static void xen_wakeup_notifier(Notifier *notifier, void *data) + xc_set_hvm_param(xen_xc, xen_domid, HVM_PARAM_ACPI_S_STATE, 0); + } + ++static bool xen_check_stubdomain(struct xs_handle *xsh) ++{ ++ char *dm_path = g_strdup_printf( ++ "/local/domain/%d/image/device-model-domid", xen_domid); ++ char *val; ++ int32_t dm_domid; ++ bool is_stubdom = false; ++ ++ val = xs_read(xsh, 0, dm_path, NULL); ++ if (val) { ++ if (sscanf(val, "%d", &dm_domid) == 1) { ++ is_stubdom = dm_domid != 0; ++ } ++ free(val); ++ } ++ ++ g_free(dm_path); ++ return is_stubdom; ++} ++ + void xen_hvm_init_pc(PCMachineState *pcms, MemoryRegion **ram_memory) + { + MachineState *ms = MACHINE(pcms); +@@ -595,6 +615,8 @@ void xen_hvm_init_pc(PCMachineState *pcms, MemoryRegion **ram_memory) + + xen_register_ioreq(state, max_cpus, &xen_memory_listener); + ++ xen_is_stubdomain = xen_check_stubdomain(state->xenstore); ++ + QLIST_INIT(&xen_physmap); + xen_read_physmap(state); + +diff --git a/include/hw/xen/xen.h b/include/hw/xen/xen.h +index 37ecc91fc3..ecb89ecfc1 100644 +--- a/include/hw/xen/xen.h ++++ b/include/hw/xen/xen.h +@@ -36,6 +36,7 @@ enum xen_mode { + extern uint32_t xen_domid; + extern enum xen_mode xen_mode; + extern bool xen_domid_restrict; ++extern bool xen_is_stubdomain; + + int xen_pci_slot_get_pirq(PCIDevice *pci_dev, int irq_num); + int xen_set_pci_link_route(uint8_t link, uint8_t irq); +diff --git a/system/globals.c b/system/globals.c +index e353584201..d602a04fa2 100644 +--- a/system/globals.c ++++ b/system/globals.c +@@ -60,6 +60,7 @@ bool qemu_uuid_set; + uint32_t xen_domid; + enum xen_mode xen_mode = XEN_DISABLED; + bool xen_domid_restrict; ++bool xen_is_stubdomain; + struct evtchn_backend_ops *xen_evtchn_ops; + struct gnttab_backend_ops *xen_gnttab_ops; + struct foreignmem_backend_ops *xen_foreignmem_ops; +-- +2.45.2 + diff --git a/qemu/patches/0002-xen-fix-stubdom-PCI-addr.patch b/qemu/patches/0002-xen-fix-stubdom-PCI-addr.patch new file mode 100644 index 0000000..b3eced6 --- /dev/null +++ b/qemu/patches/0002-xen-fix-stubdom-PCI-addr.patch @@ -0,0 +1,158 @@ +From 35049e99da634a74578a1ff2cb3ae4cc436ede33 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Wed, 27 Mar 2024 03:23:28 +0100 +Subject: [PATCH 2/2] xen: fix stubdom PCI addr +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When running in a stubdomain, the config space access via sysfs needs to +use BDF as seen inside stubdomain (connected via xen-pcifront), which is +different from the real BDF. For other purposes (hypercall parameters +etc), the real BDF needs to be used. +Get the in-stubdomain BDF by looking up relevant PV PCI xenstore +entries. + +Signed-off-by: Marek Marczykowski-Górecki +--- +Changes in v3: +- reduce 'path' size +- add two missing error_setg() calls +- coding style +Changes in v2: +- use xs_node_scanf +- use %d instead of %u to read values written as %d +- add a comment from another iteration of this patch by Jason Andryuk +--- + hw/xen/xen-host-pci-device.c | 76 +++++++++++++++++++++++++++++++++++- + hw/xen/xen-host-pci-device.h | 6 +++ + 2 files changed, 81 insertions(+), 1 deletion(-) + +diff --git a/hw/xen/xen-host-pci-device.c b/hw/xen/xen-host-pci-device.c +index 8c6e9a1716..eaf32f2710 100644 +--- a/hw/xen/xen-host-pci-device.c ++++ b/hw/xen/xen-host-pci-device.c +@@ -9,6 +9,8 @@ + #include "qemu/osdep.h" + #include "qapi/error.h" + #include "qemu/cutils.h" ++#include "hw/xen/xen-legacy-backend.h" ++#include "hw/xen/xen-bus-helper.h" + #include "xen-host-pci-device.h" + + #define XEN_HOST_PCI_MAX_EXT_CAP \ +@@ -33,13 +35,73 @@ + #define IORESOURCE_PREFETCH 0x00001000 /* No side effects */ + #define IORESOURCE_MEM_64 0x00100000 + ++/* ++ * Non-passthrough (dom0) accesses are local PCI devices and use the given BDF ++ * Passthough (stubdom) accesses are through PV frontend PCI device. Those ++ * either have a BDF identical to the backend's BDF (xen-backend.passthrough=1) ++ * or a local virtual BDF (xen-backend.passthrough=0) ++ * ++ * We are always given the backend's BDF and need to lookup the appropriate ++ * local BDF for sysfs access. ++ */ ++static void xen_host_pci_fill_local_addr(XenHostPCIDevice *d, Error **errp) ++{ ++ unsigned int num_devs, len, i; ++ unsigned int domain, bus, dev, func; ++ char *be_path = NULL; ++ char path[16]; ++ ++ be_path = qemu_xen_xs_read(xenstore, 0, "device/pci/0/backend", &len); ++ if (!be_path) { ++ error_setg(errp, "Failed to read device/pci/0/backend"); ++ goto out; ++ } ++ ++ if (xs_node_scanf(xenstore, 0, be_path, "num_devs", NULL, ++ "%d", &num_devs) != 1) { ++ error_setg(errp, "Failed to read or parse %s/num_devs", be_path); ++ goto out; ++ } ++ ++ for (i = 0; i < num_devs; i++) { ++ snprintf(path, sizeof(path), "dev-%d", i); ++ if (xs_node_scanf(xenstore, 0, be_path, path, NULL, ++ "%x:%x:%x.%x", &domain, &bus, &dev, &func) != 4) { ++ error_setg(errp, "Failed to read or parse %s/%s", be_path, path); ++ goto out; ++ } ++ if (domain != d->domain || ++ bus != d->bus || ++ dev != d->dev || ++ func != d->func) ++ continue; ++ snprintf(path, sizeof(path), "vdev-%d", i); ++ if (xs_node_scanf(xenstore, 0, be_path, path, NULL, ++ "%x:%x:%x.%x", &domain, &bus, &dev, &func) != 4) { ++ error_setg(errp, "Failed to read or parse %s/%s", be_path, path); ++ goto out; ++ } ++ d->local_domain = domain; ++ d->local_bus = bus; ++ d->local_dev = dev; ++ d->local_func = func; ++ goto out; ++ } ++ error_setg(errp, "Failed to find PCI device %x:%x:%x.%x in xenstore", ++ d->domain, d->bus, d->dev, d->func); ++ ++out: ++ free(be_path); ++} ++ + static void xen_host_pci_sysfs_path(const XenHostPCIDevice *d, + const char *name, char *buf, ssize_t size) + { + int rc; + + rc = snprintf(buf, size, "/sys/bus/pci/devices/%04x:%02x:%02x.%d/%s", +- d->domain, d->bus, d->dev, d->func, name); ++ d->local_domain, d->local_bus, d->local_dev, d->local_func, ++ name); + assert(rc >= 0 && rc < size); + } + +@@ -342,6 +404,18 @@ void xen_host_pci_device_get(XenHostPCIDevice *d, uint16_t domain, + d->dev = dev; + d->func = func; + ++ if (xen_is_stubdomain) { ++ xen_host_pci_fill_local_addr(d, errp); ++ if (*errp) { ++ goto error; ++ } ++ } else { ++ d->local_domain = d->domain; ++ d->local_bus = d->bus; ++ d->local_dev = d->dev; ++ d->local_func = d->func; ++ } ++ + xen_host_pci_config_open(d, errp); + if (*errp) { + goto error; +diff --git a/hw/xen/xen-host-pci-device.h b/hw/xen/xen-host-pci-device.h +index 4d8d34ecb0..270dcb27f7 100644 +--- a/hw/xen/xen-host-pci-device.h ++++ b/hw/xen/xen-host-pci-device.h +@@ -23,6 +23,12 @@ typedef struct XenHostPCIDevice { + uint8_t dev; + uint8_t func; + ++ /* different from the above in case of stubdomain */ ++ uint16_t local_domain; ++ uint8_t local_bus; ++ uint8_t local_dev; ++ uint8_t local_func; ++ + uint16_t vendor_id; + uint16_t device_id; + uint32_t class_code; +-- +2.45.2 + diff --git a/qemu/patches/0002-xen-handle-CONFIG_STUBDOM.patch b/qemu/patches/0002-xen-handle-CONFIG_STUBDOM.patch deleted file mode 100644 index 9d4d1de..0000000 --- a/qemu/patches/0002-xen-handle-CONFIG_STUBDOM.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 22b7c7c00e01a7534787940f206b5e78a2f788eb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= - -Date: Mon, 1 Nov 2021 18:09:33 +0100 -Subject: [PATCH 02/21] xen: handle CONFIG_STUBDOM - -Adapted from https://github.com/QubesOS/qubes-vmm-xen-stubdom-linux/blob/2a814bd1edaf549ef9252eb6747aa6137abf9831/qemu/patches/qemu-xen-h.patch - -Authors: HW42 - -Contributors: fepitre ---- - include/hw/xen/xen.h | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/include/hw/xen/xen.h b/include/hw/xen/xen.h -index 37ecc91fc3..8a16ec951e 100644 ---- a/include/hw/xen/xen.h -+++ b/include/hw/xen/xen.h -@@ -37,6 +37,15 @@ extern uint32_t xen_domid; - extern enum xen_mode xen_mode; - extern bool xen_domid_restrict; - -+static inline int xen_stubdom_enable(void) -+{ -+#ifdef CONFIG_STUBDOM -+ return 1; -+#else -+ return 0; -+#endif -+} -+ - int xen_pci_slot_get_pirq(PCIDevice *pci_dev, int irq_num); - int xen_set_pci_link_route(uint8_t link, uint8_t irq); - void xen_intx_set_irq(void *opaque, int irq_num, int level); --- -2.41.0 - diff --git a/qemu/patches/0003-xen-hvm-handle-CONFIG_STUBDOM.patch b/qemu/patches/0003-xen-hvm-handle-CONFIG_STUBDOM.patch deleted file mode 100644 index 6aee838..0000000 --- a/qemu/patches/0003-xen-hvm-handle-CONFIG_STUBDOM.patch +++ /dev/null @@ -1,38 +0,0 @@ -From cfc37b970faa05c08b0b8c80f3a8e550769a3457 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= - -Date: Mon, 1 Nov 2021 18:10:35 +0100 -Subject: [PATCH 03/21] xen-hvm: handle CONFIG_STUBDOM - -Adapted from https://github.com/QubesOS/qubes-vmm-xen-stubdom-linux/blob/2a814bd1edaf549ef9252eb6747aa6137abf9831/qemu/patches/qemu-xen-hvm.patch - -Original authors: HW42 - -Contributors: alcreator, fepitre, DemiMarie ---- - hw/xen/xen-hvm-common.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/hw/xen/xen-hvm-common.c b/hw/xen/xen-hvm-common.c -index 565dc39c8f..f2f3c200c8 100644 ---- a/hw/xen/xen-hvm-common.c -+++ b/hw/xen/xen-hvm-common.c -@@ -869,7 +869,15 @@ void xen_register_ioreq(XenIOState *state, unsigned int max_cpus, - - xen_bus_init(); - -+#ifndef CONFIG_STUBDOM - xen_be_init(); -+#else -+ xenstore = qemu_xen_xs_open(); -+ if (!xenstore) { -+ error_report("can't connect to xenstored"); -+ goto err; -+ } -+#endif - - return; - --- -2.41.0 - diff --git a/qemu/patches/0004-QubesGUI-display-options.patch b/qemu/patches/0004-QubesGUI-display-options.patch index dafc2c6..028299a 100644 --- a/qemu/patches/0004-QubesGUI-display-options.patch +++ b/qemu/patches/0004-QubesGUI-display-options.patch @@ -31,18 +31,22 @@ index 37557c3442..3206bcb0ff 100644 if (s->line_offset != s->last_line_offset || disp_width != s->last_width || -diff --git a/include/ui/console.h b/include/ui/console.h +diff --git a/include/ui/surface.h b/include/ui/surface.h index 3e8b22d6c6..f3f0dfa5c3 100644 ---- a/include/ui/console.h -+++ b/include/ui/console.h -@@ -148,6 +148,7 @@ typedef struct DisplaySurface { +--- a/include/ui/surface.h ++++ b/include/ui/surface.h +@@ -27,6 +27,7 @@ typedef struct DisplaySurface { HANDLE handle; uint32_t handle_offset; #endif + uint32_t *xen_refs; } DisplaySurface; - typedef struct QemuUIInfo { + PixelFormat qemu_default_pixelformat(int bpp); +diff --git a/include/ui/console.h b/include/ui/console.h +index 3e8b22d6c6..f3f0dfa5c3 100644 +--- a/include/ui/console.h ++++ b/include/ui/console.h @@ -437,6 +438,11 @@ static inline pixman_format_code_t surface_format(DisplaySurface *s) return s->format; } @@ -107,6 +111,15 @@ index 006616aa77..0950bc05d4 100644 ## # @DisplayType: # +@@ -1520,6 +1520,8 @@ + # + # @dbus: Start a D-Bus service for the display. (Since 7.0) + # ++# @qubes-gui: Qubes GUI ++# + # Since: 2.12 + ## + { 'enum' : 'DisplayType', @@ -1488,7 +1503,8 @@ { 'name': 'curses', 'if': 'CONFIG_CURSES' }, { 'name': 'cocoa', 'if': 'CONFIG_COCOA' }, @@ -147,9 +160,9 @@ index bca610b72a..9d6131e3cf 100644 + data = qubesgui_alloc_surface_data(width, height, &surface->xen_refs); + assert(data != NULL); + - surface->format = format; - surface->image = pixman_image_create_bits(surface->format, + surface->image = pixman_image_create_bits(format, width, height, + (void *)data, linesize); diff --git a/ui/meson.build b/ui/meson.build index d81609fb0e..c86d533d97 100644 --- a/ui/meson.build diff --git a/qemu/patches/0010-xen-fix-stubdom-PCI-addr.patch b/qemu/patches/0010-xen-fix-stubdom-PCI-addr.patch deleted file mode 100644 index 9417c2a..0000000 --- a/qemu/patches/0010-xen-fix-stubdom-PCI-addr.patch +++ /dev/null @@ -1,144 +0,0 @@ -From e4a3bb4db38e04c88b34fc5cb516af01248d25b3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= - -Date: Mon, 1 Nov 2021 18:30:55 +0100 -Subject: [PATCH 10/21] xen: fix stubdom PCI addr - -Adapted from https://github.com/QubesOS/qubes-vmm-xen-stubdom-linux/blob/2a814bd1edaf549ef9252eb6747aa6137abf9831/qemu/patches/stubdom-pci-addr-fix.patch - -Author: marmarek - -Contributors: HW42, fepitre ---- - hw/xen/xen-host-pci-device.c | 77 +++++++++++++++++++++++++++++++++++- - hw/xen/xen-host-pci-device.h | 6 +++ - 2 files changed, 82 insertions(+), 1 deletion(-) - -diff --git a/hw/xen/xen-host-pci-device.c b/hw/xen/xen-host-pci-device.c -index 8c6e9a1716..fec4863db8 100644 ---- a/hw/xen/xen-host-pci-device.c -+++ b/hw/xen/xen-host-pci-device.c -@@ -9,6 +9,7 @@ - #include "qemu/osdep.h" - #include "qapi/error.h" - #include "qemu/cutils.h" -+#include "hw/xen/xen-legacy-backend.h" - #include "xen-host-pci-device.h" - - #define XEN_HOST_PCI_MAX_EXT_CAP \ -@@ -33,13 +34,76 @@ - #define IORESOURCE_PREFETCH 0x00001000 /* No side effects */ - #define IORESOURCE_MEM_64 0x00100000 - -+static void xen_host_pci_fill_local_addr(XenHostPCIDevice *d, Error **errp) -+{ -+ unsigned int num_devs, len, i; -+ unsigned int domain, bus, dev, func; -+ char *be_path = NULL; -+ char path[80]; -+ char *msg = NULL; -+ -+ be_path = qemu_xen_xs_read(xenstore, 0, "device/pci/0/backend", &len); -+ if (!be_path) -+ goto err_out; -+ snprintf(path, sizeof(path), "%s/num_devs", be_path); -+ msg = qemu_xen_xs_read(xenstore, 0, path, &len); -+ if (!msg) -+ goto err_out; -+ -+ if (sscanf(msg, "%u", &num_devs) != 1) { -+ error_setg(errp, "Failed to parse %s (%s)\n", msg, path); -+ goto err_out; -+ } -+ free(msg); -+ -+ for (i = 0; i < num_devs; i++) { -+ snprintf(path, sizeof(path), "%s/dev-%u", be_path, i); -+ msg = qemu_xen_xs_read(xenstore, 0, path, &len); -+ if (!msg) { -+ error_setg(errp, "Failed to read %s\n", path); -+ goto err_out; -+ } -+ if (sscanf(msg, "%x:%x:%x.%x", &domain, &bus, &dev, &func) != 4) { -+ error_setg(errp, "Failed to parse %s (%s)\n", msg, path); -+ goto err_out; -+ } -+ free(msg); -+ if (domain != d->domain || -+ bus != d->bus || -+ dev != d->dev || -+ func!= d->func) -+ continue; -+ snprintf(path, sizeof(path), "%s/vdev-%u", be_path, i); -+ msg = qemu_xen_xs_read(xenstore, 0, path, &len); -+ if (!msg) { -+ error_setg(errp, "Failed to read %s\n", path); -+ goto out; -+ } -+ if (sscanf(msg, "%x:%x:%x.%x", &domain, &bus, &dev, &func) != 4) { -+ error_setg(errp, "Failed to parse %s (%s)\n", msg, path); -+ goto err_out; -+ } -+ free(msg); -+ d->local_domain = domain; -+ d->local_bus = bus; -+ d->local_dev = dev; -+ d->local_func = func; -+ goto out; -+ } -+ -+err_out: -+ free(msg); -+out: -+ free(be_path); -+} -+ - static void xen_host_pci_sysfs_path(const XenHostPCIDevice *d, - const char *name, char *buf, ssize_t size) - { - int rc; - - rc = snprintf(buf, size, "/sys/bus/pci/devices/%04x:%02x:%02x.%d/%s", -- d->domain, d->bus, d->dev, d->func, name); -+ d->local_domain, d->local_bus, d->local_dev, d->local_func, name); - assert(rc >= 0 && rc < size); - } - -@@ -342,6 +406,17 @@ void xen_host_pci_device_get(XenHostPCIDevice *d, uint16_t domain, - d->dev = dev; - d->func = func; - -+ if (xen_stubdom_enable()) { -+ xen_host_pci_fill_local_addr(d, errp); -+ if (*errp) -+ goto error; -+ } else { -+ d->local_domain = d->domain; -+ d->local_bus = d->bus; -+ d->local_dev = d->dev; -+ d->local_func = d->func; -+ } -+ - xen_host_pci_config_open(d, errp); - if (*errp) { - goto error; -diff --git a/hw/xen/xen-host-pci-device.h b/hw/xen/xen-host-pci-device.h -index 4d8d34ecb0..270dcb27f7 100644 ---- a/hw/xen/xen-host-pci-device.h -+++ b/hw/xen/xen-host-pci-device.h -@@ -23,6 +23,12 @@ typedef struct XenHostPCIDevice { - uint8_t dev; - uint8_t func; - -+ /* different from the above in case of stubdomain */ -+ uint16_t local_domain; -+ uint8_t local_bus; -+ uint8_t local_dev; -+ uint8_t local_func; -+ - uint16_t vendor_id; - uint16_t device_id; - uint32_t class_code; --- -2.41.0 - diff --git a/qemu/patches/0011-Additional-seccomp-filters.patch b/qemu/patches/0011-Additional-seccomp-filters.patch index a7455b5..eb55ae1 100644 --- a/qemu/patches/0011-Additional-seccomp-filters.patch +++ b/qemu/patches/0011-Additional-seccomp-filters.patch @@ -10,13 +10,13 @@ Author: alcreator Contributors: fepitre --- - softmmu/qemu-seccomp.c | 16 ++++++++++++++++ + system/qemu-seccomp.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) -diff --git a/softmmu/qemu-seccomp.c b/softmmu/qemu-seccomp.c +diff --git a/system/qemu-seccomp.c b/system/qemu-seccomp.c index d66a2a1226..d552fb9377 100644 ---- a/softmmu/qemu-seccomp.c -+++ b/softmmu/qemu-seccomp.c +--- a/system/qemu-seccomp.c ++++ b/system/qemu-seccomp.c @@ -136,6 +136,8 @@ static const struct QemuSeccompSyscall denylist[] = { 0, NULL, SCMP_ACT_TRAP }, { SCMP_SYS(umount), QEMU_SECCOMP_SET_DEFAULT, @@ -53,13 +53,13 @@ index d66a2a1226..d552fb9377 100644 0, NULL, SCMP_ACT_TRAP }, { SCMP_SYS(sgetmask), QEMU_SECCOMP_SET_OBSOLETE, @@ -219,6 +233,8 @@ static const struct QemuSeccompSyscall denylist[] = { - 0, NULL, SCMP_ACT_TRAP }, + 0, NULL, SCMP_ACT_ERRNO(EPERM) }, { SCMP_SYS(execve), QEMU_SECCOMP_SET_SPAWN, - 0, NULL, SCMP_ACT_TRAP }, + 0, NULL, SCMP_ACT_ERRNO(EPERM) }, + { SCMP_SYS(execveat), QEMU_SECCOMP_SET_SPAWN, -+ 0, NULL, SCMP_ACT_TRAP }, ++ 0, NULL, SCMP_ACT_ERRNO(EPERM) }, { SCMP_SYS(clone), QEMU_SECCOMP_SET_SPAWN, - ARRAY_SIZE(clone_arg_none), clone_arg_none, SCMP_ACT_TRAP }, + ARRAY_SIZE(clone_arg_none), clone_arg_none, SCMP_ACT_ERRNO(EPERM) }, RULE_CLONE_FLAG(CLONE_VM), -- 2.41.0 diff --git a/qemu/patches/0012-Register-ich6-ich9-soundhw.patch b/qemu/patches/0012-Register-ich6-ich9-soundhw.patch index d8efb6f..d98e154 100644 --- a/qemu/patches/0012-Register-ich6-ich9-soundhw.patch +++ b/qemu/patches/0012-Register-ich6-ich9-soundhw.patch @@ -18,11 +18,11 @@ diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c index b9ed231fe8..d6277916dc 100644 --- a/hw/audio/intel-hda.c +++ b/hw/audio/intel-hda.c -@@ -1321,6 +1321,19 @@ static int intel_hda_and_codec_init(PCIBus *bus, const char *audiodev) +@@ -1321,6 +1321,20 @@ static int intel_hda_and_codec_init(PCIBus *bus, const char *audiodev) return 0; } -+static int intel_ich9_and_codec_init(PCIBus *bus) ++static int intel_ich9_and_codec_init(PCIBus *bus, const char *audiodev) +{ + DeviceState *controller; + BusState *hdabus; @@ -31,6 +31,7 @@ index b9ed231fe8..d6277916dc 100644 + controller = DEVICE(pci_create_simple(bus, -1, "ich9-intel-hda")); + hdabus = QLIST_FIRST(&controller->child_bus); + codec = qdev_new("hda-duplex"); ++ qdev_prop_set_string(codec, "audiodev", audiodev); + qdev_realize_and_unref(codec, hdabus, &error_fatal); + return 0; +} diff --git a/qemu/patches/0013-pc_piix-suppress-vmdesc.patch b/qemu/patches/0013-pc_piix-suppress-vmdesc.patch index cb6d52a..f87811b 100644 --- a/qemu/patches/0013-pc_piix-suppress-vmdesc.patch +++ b/qemu/patches/0013-pc_piix-suppress-vmdesc.patch @@ -21,8 +21,8 @@ index ac72e8f5be..ee46f1e1b3 100644 +++ b/hw/i386/pc_piix.c @@ -473,6 +473,7 @@ static void pc_xen_hvm_init(MachineState *machine) pc_xen_hvm_init_pci(machine); - xen_igd_reserve_slot(pcms->bus); - pci_create_simple(pcms->bus, -1, "xen-platform"); + xen_igd_reserve_slot(pcms->pcibus); + pci_create_simple(pcms->pcibus, -1, "xen-platform"); + machine->suppress_vmdesc = true; } #endif diff --git a/qemu/patches/0014-pc_piix-init-fw_cfg.patch b/qemu/patches/0014-pc_piix-init-fw_cfg.patch index 372de2d..f66cda0 100644 --- a/qemu/patches/0014-pc_piix-init-fw_cfg.patch +++ b/qemu/patches/0014-pc_piix-init-fw_cfg.patch @@ -18,13 +18,13 @@ index ee46f1e1b3..e2d127cb4a 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -69,6 +69,7 @@ - #include "hw/mem/nvdimm.h" #include "hw/i386/acpi-build.h" #include "kvm/kvm-cpu.h" + #include "target/i386/cpu.h" +#include "hw/i386/fw_cfg.h" - #define MAX_IDE_BUS 2 #define XEN_IOAPIC_NUM_PIRQS 128ULL + @@ -254,6 +255,15 @@ static void pc_init1(MachineState *machine, if (machine->kernel_filename != NULL) { /* For xen HVM direct kernel boot, load linux here */ diff --git a/qemu/patches/0015-i386-load-kernel-on-xen-using-DMA.patch b/qemu/patches/0015-i386-load-kernel-on-xen-using-DMA.patch deleted file mode 100644 index 500519d..0000000 --- a/qemu/patches/0015-i386-load-kernel-on-xen-using-DMA.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 446d3391d0e6d070f71493a739295097fce13071 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= - -Date: Mon, 26 Apr 2021 05:40:07 +0200 -Subject: [PATCH 15/21] i386: load kernel on xen using DMA -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Kernel on Xen is loaded via fw_cfg. Previously it used non-DMA version, -which loaded the kernel (and initramfs) byte by byte. Change this -to DMA, to load in bigger chunks. -This change alone reduces load time of a (big) kernel+initramfs from -~10s down to below 1s. - -This change was suggested initially here: -https://lore.kernel.org/xen-devel/20180216204031.000052e9@gmail.com/ -Apparently this alone is already enough to get massive speedup. - -Signed-off-by: Marek Marczykowski-Górecki ---- - hw/i386/pc.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/hw/i386/pc.c b/hw/i386/pc.c -index 3109d5e0e0..b8aa2f97b8 100644 ---- a/hw/i386/pc.c -+++ b/hw/i386/pc.c -@@ -813,7 +813,8 @@ void xen_load_linux(PCMachineState *pcms) - - assert(MACHINE(pcms)->kernel_filename != NULL); - -- fw_cfg = fw_cfg_init_io(FW_CFG_IO_BASE); -+ fw_cfg = fw_cfg_init_io_dma(FW_CFG_IO_BASE, FW_CFG_IO_BASE + 4, -+ &address_space_memory); - fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, x86ms->boot_cpus); - rom_set_fw(fw_cfg); - --- -2.41.0 - diff --git a/qemu/patches/0019-pc-bios-ignore-prebuilt-binaries.patch b/qemu/patches/0019-pc-bios-ignore-prebuilt-binaries.patch index 52feb81..c5ab95f 100644 --- a/qemu/patches/0019-pc-bios-ignore-prebuilt-binaries.patch +++ b/qemu/patches/0019-pc-bios-ignore-prebuilt-binaries.patch @@ -12,7 +12,7 @@ diff --git a/pc-bios/meson.build b/pc-bios/meson.build index a7224ef469..e88fd46d98 100644 --- a/pc-bios/meson.build +++ b/pc-bios/meson.build -@@ -24,64 +24,18 @@ if unpack_edk2_blobs +@@ -24,61 +24,19 @@ if unpack_edk2_blobs endif blobs = [ @@ -49,10 +49,6 @@ index a7224ef469..e88fd46d98 100644 - 'efi-e1000e.rom', - 'efi-vmxnet3.rom', 'qemu-nsis.bmp', -- 'bamboo.dtb', -- 'canyonlands.dtb', -- 'petalogix-s3adsp1800.dtb', -- 'petalogix-ml605.dtb', - 'multiboot.bin', - 'multiboot_dma.bin', - 'linuxboot.bin', @@ -69,6 +65,7 @@ index a7224ef469..e88fd46d98 100644 'qemu_vga.ndrv', 'edk2-licenses.txt', 'hppa-firmware.img', + 'hppa-firmware64.img', - 'opensbi-riscv32-generic-fw_dynamic.bin', - 'opensbi-riscv64-generic-fw_dynamic.bin', - 'npcm7xx_bootrom.bin', @@ -76,7 +73,7 @@ index a7224ef469..e88fd46d98 100644 - 'vof-nvram.bin', ] - if get_option('install_blobs') + dtc = find_program('dtc', required: false) -- 2.41.0 diff --git a/qemu/patches/0020-Add-stubdom-xengt-support.patch b/qemu/patches/0020-Add-stubdom-xengt-support.patch index 38745bc..d48531a 100644 --- a/qemu/patches/0020-Add-stubdom-xengt-support.patch +++ b/qemu/patches/0020-Add-stubdom-xengt-support.patch @@ -7,7 +7,7 @@ Subject: [PATCH 20/21] Add stubdom xengt support hw/pci/pci.c | 4 ++++ include/sysemu/sysemu.h | 2 +- qemu-options.hx | 7 ++++++- - softmmu/vl.c | 5 +++++ + system/vl.c | 5 +++++ 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/hw/pci/pci.c b/hw/pci/pci.c @@ -63,10 +63,10 @@ index b56f6b2fb2..26d60e1b85 100644 ``none`` Disable VGA card. ERST -diff --git a/softmmu/vl.c b/softmmu/vl.c +diff --git a/system/vl.c b/system/vl.c index b0b96f67fa..e5a0ee8211 100644 ---- a/softmmu/vl.c -+++ b/softmmu/vl.c +--- a/system/vl.c ++++ b/system/vl.c @@ -941,6 +941,10 @@ static const VGAInterfaceInfo vga_interfaces[VGA_TYPE_MAX] = { .name = "Xen paravirtualized framebuffer", }, diff --git a/qemu/patches/series b/qemu/patches/series index 78aae91..b76d7d8 100644 --- a/qemu/patches/series +++ b/qemu/patches/series @@ -1,18 +1,15 @@ -0001-configure-add-enable-stubdom.patch -0002-xen-handle-CONFIG_STUBDOM.patch -0003-xen-hvm-handle-CONFIG_STUBDOM.patch +0001-hw-xen-detect-when-running-inside-stubdomain.patch +0002-xen-fix-stubdom-PCI-addr.patch 0004-QubesGUI-display-options.patch 0005-hw-xen-xen_pt-Save-back-data-only-for-declared-regis.patch 0006-Do-not-access-dev-mem-in-MSI-X-PCI-passthrough-on-Xe.patch 0007-Conditionally-disable-MSI-X-cap.patch 0008-xen-round-pci-region-sizes.patch 0009-Disable-NIC-option-ROM.patch -0010-xen-fix-stubdom-PCI-addr.patch 0011-Additional-seccomp-filters.patch 0012-Register-ich6-ich9-soundhw.patch 0013-pc_piix-suppress-vmdesc.patch 0014-pc_piix-init-fw_cfg.patch -0015-i386-load-kernel-on-xen-using-DMA.patch 0016-IGD-fix-undefined-behaviour.patch 0017-IGD-improve-legacy-vbios-handling.patch 0018-IGD-move-enabling-opregion-access-to-libxl.patch diff --git a/rootfs/init b/rootfs/init index 2c15f21..864abc3 100755 --- a/rootfs/init +++ b/rootfs/init @@ -60,6 +60,7 @@ if [ -n "$audio_model" ] ; then -L "module-null-sink" \ -L "module-null-source" & fi + dm_args=$(echo "$dm_args" | sed 's/^\(hda-duplex\)$/\0,audiodev=qemupa/') fi # Extract network parameters and remove them from dm_args diff --git a/rpm_spec/xen-hvm-stubdom-linux.spec.in b/rpm_spec/xen-hvm-stubdom-linux.spec.in index b4c3ade..75a93b8 100644 --- a/rpm_spec/xen-hvm-stubdom-linux.spec.in +++ b/rpm_spec/xen-hvm-stubdom-linux.spec.in @@ -1,6 +1,6 @@ -%define QEMU_VERSION 8.1.2 -%define LINUX_VERSION 5.10.200 -%define BUSYBOX_VERSION 1.31.1 +%define QEMU_VERSION 9.0.2 +%define LINUX_VERSION 6.6.44 +%define BUSYBOX_VERSION 1.36.1 %define PULSEAUDIO_VERSION 14.2 %define LIBUSB_VERSION 1.0.23 @@ -23,7 +23,7 @@ BuildRequires: quilt # QEMU BuildRequires: python3 BuildRequires: zlib-devel -BuildRequires: xen-devel +BuildRequires: xen-devel >= 2001:4.18.0 BuildRequires: glib2-devel BuildRequires: autoconf BuildRequires: automake @@ -37,6 +37,8 @@ BuildRequires: libtool BuildRequires: libseccomp-devel BuildRequires: pixman-devel BuildRequires: hostname +BuildRequires: libfdt-devel +BuildRequires: dtc # pulseaudio BuildRequires: gettext-devel @@ -51,6 +53,7 @@ BuildRequires: qubes-libvchan-xen-devel # Linux BuildRequires: bc BuildRequires: bison +BuildRequires: elfutils-libelf-devel BuildRequires: flex # gcc with support for BTI mitigation %if 0%{?fedora} == 25