xen: update to 4.5.2

...and add XSA-156.

Sponsored by:		Citrix Systems R&D
Reviewed by:		bapt
Differential Revision:	https://reviews.freebsd.org/D4150

10 files changed, 134 insertions, 382 deletions

diff --git a/emulators/xen-kernel/Makefile b/emulators/xen-kernel/Makefile
index 5067c56963bb..c5cf67dc3100 100644
--- a/emulators/xen-kernel/Makefile
+++ b/emulators/xen-kernel/Makefile
@@ -2,12 +2,11 @@
 
 PORTNAME=	xen
 PKGNAMESUFFIX=	-kernel
-PORTVERSION=	4.5.1
-PORTREVISION=	1
+PORTVERSION=	4.5.2
 CATEGORIES=	emulators
 MASTER_SITES=	http://bits.xensource.com/oss-xen/release/${PORTVERSION}/
 
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	royger@FreeBSD.org
 COMMENT=	Hypervisor using a microkernel design
 
 LICENSE=	GPLv2
@@ -31,12 +30,7 @@ EXTRA_PATCHES=	${FILESDIR}/0001-introduce-a-helper-to-allocate-non-contiguous-me
 		${FILESDIR}/0005-x86-rework-paging_log_dirty_op-to-work-with-hvm-gues.patch:-p2 \
 		${FILESDIR}/0006-xen-pvh-enable-mmu_update-hypercall.patch:-p2 \
 		${FILESDIR}/0007-iommu-fix-usage-of-shared-EPT-IOMMU-page-tables-on-P.patch:-p2 \
-		${FILESDIR}/0008-xen-arm-mm-Do-not-dump-the-p2m-when-mapping-a-foreig.patch:-p2 \
-		${FILESDIR}/xsa148-4.5.patch:-p2 \
-		${FILESDIR}/xsa149.patch:-p2 \
-		${FILESDIR}/xsa150.patch:-p2 \
-		${FILESDIR}/xsa151.patch:-p2 \
-		${FILESDIR}/xsa152-4.5.patch:-p2
+		${FILESDIR}/xsa156-4.5.patch:-p2
 
 .include <bsd.port.options.mk>
 
diff --git a/emulators/xen-kernel/distinfo b/emulators/xen-kernel/distinfo
index aa5db781ba0d..bbc57b46fa18 100644
--- a/emulators/xen-kernel/distinfo
+++ b/emulators/xen-kernel/distinfo
@@ -1,2 +1,2 @@
-SHA256 (xen-4.5.1.tar.gz) = 668c11d4fca67ac44329e369f810356eacd37b28d28fb96e66aac77f3c5e1371
-SIZE (xen-4.5.1.tar.gz) = 18410400
+SHA256 (xen-4.5.2.tar.gz) = 4c9e5dac4eea484974e9f76da2756c8e0973b4e884d28d37e955df9ebf00e7e8
+SIZE (xen-4.5.2.tar.gz) = 18416220
diff --git a/emulators/xen-kernel/files/0008-xen-arm-mm-Do-not-dump-the-p2m-when-mapping-a-foreig.patch b/emulators/xen-kernel/files/0008-xen-arm-mm-Do-not-dump-the-p2m-when-mapping-a-foreig.patch
deleted file mode 100644
index cbe26f888dd8..000000000000
--- a/emulators/xen-kernel/files/0008-xen-arm-mm-Do-not-dump-the-p2m-when-mapping-a-foreig.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 403805aca7a4a508cf193d63aa525b3a76bb09dd Mon Sep 17 00:00:00 2001
-From: Julien Grall <julien.grall@citrix.com>
-Date: Fri, 9 Oct 2015 13:00:35 +0200
-Subject: [PATCH 8/8] xen/arm: mm: Do not dump the p2m when mapping a foreign
- gfn
-
-The physmap operation XENMAPSPACE_gfmn_foreign is dumping the p2m when
-an error occured by calling dump_p2m_lookup. But this function is not
-using ratelimited printk.
-
-Any domain able to map foreign gfmn would be able to flood the Xen
-console.
-
-The information wasn't not useful so drop it.
-
-This is XSA-141.
-
-Signed-off-by: Julien Grall <julien.grall@citrix.com>
-Acked-by: Ian Campbell <ian.campbell@citrix.com>
-(cherry picked from commit afc13fe5e21d18c09e44f8ae6f7f4484e9f1de7f)
----
- xen/arch/arm/mm.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
-index 7d4ba0c..7d95961 100644
---- a/xen/arch/arm/mm.c
-+++ b/xen/arch/arm/mm.c
-@@ -1103,7 +1103,6 @@ int xenmem_add_to_physmap_one(
-         page = get_page_from_gfn(od, idx, &p2mt, P2M_ALLOC);
-         if ( !page )
-         {
--            dump_p2m_lookup(od, pfn_to_paddr(idx));
-             rcu_unlock_domain(od);
-             return -EINVAL;
-         }
--- 
-1.9.5 (Apple Git-50.3)
-
diff --git a/emulators/xen-kernel/files/xsa148-4.5.patch b/emulators/xen-kernel/files/xsa148-4.5.patch
deleted file mode 100644
index 6b56bc19d23c..000000000000
--- a/emulators/xen-kernel/files/xsa148-4.5.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-x86: guard against undue super page PTE creation
-
-When optional super page support got added (commit bd1cd81d64 "x86: PV
-support for hugepages"), two adjustments were missed: mod_l2_entry()
-needs to consider the PSE and RW bits when deciding whether to use the
-fast path, and the PSE bit must not be removed from L2_DISALLOW_MASK
-unconditionally.
-
-This is XSA-148.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -162,7 +162,10 @@ static void put_superpage(unsigned long 
- static uint32_t base_disallow_mask;
- /* Global bit is allowed to be set on L1 PTEs. Intended for user mappings. */
- #define L1_DISALLOW_MASK ((base_disallow_mask | _PAGE_GNTTAB) & ~_PAGE_GLOBAL)
--#define L2_DISALLOW_MASK (base_disallow_mask & ~_PAGE_PSE)
-+
-+#define L2_DISALLOW_MASK (unlikely(opt_allow_superpage) \
-+                          ? base_disallow_mask & ~_PAGE_PSE \
-+                          : base_disallow_mask)
- 
- #define l3_disallow_mask(d) (!is_pv_32on64_domain(d) ?  \
-                              base_disallow_mask :       \
-@@ -1770,7 +1773,10 @@ static int mod_l2_entry(l2_pgentry_t *pl
-         }
- 
-         /* Fast path for identical mapping and presence. */
--        if ( !l2e_has_changed(ol2e, nl2e, _PAGE_PRESENT) )
-+        if ( !l2e_has_changed(ol2e, nl2e,
-+                              unlikely(opt_allow_superpage)
-+                              ? _PAGE_PSE | _PAGE_RW | _PAGE_PRESENT
-+                              : _PAGE_PRESENT) )
-         {
-             adjust_guest_l2e(nl2e, d);
-             if ( UPDATE_ENTRY(l2, pl2e, ol2e, nl2e, pfn, vcpu, preserve_ad) )
diff --git a/emulators/xen-kernel/files/xsa149.patch b/emulators/xen-kernel/files/xsa149.patch
deleted file mode 100644
index 41103b298356..000000000000
--- a/emulators/xen-kernel/files/xsa149.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-xen: free domain's vcpu array
-
-This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per
-guest").
-
-This is XSA-149.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
-
---- a/xen/common/domain.c
-+++ b/xen/common/domain.c
-@@ -841,6 +841,7 @@ static void complete_domain_destroy(stru
- 
-     xsm_free_security_domain(d);
-     free_cpumask_var(d->domain_dirty_cpumask);
-+    xfree(d->vcpu);
-     free_domain_struct(d);
- 
-     send_global_virq(VIRQ_DOM_EXC);
diff --git a/emulators/xen-kernel/files/xsa150.patch b/emulators/xen-kernel/files/xsa150.patch
deleted file mode 100644
index f5ef12e45b98..000000000000
--- a/emulators/xen-kernel/files/xsa150.patch
+++ /dev/null
@@ -1,201 +0,0 @@
-x86/PoD: Eager sweep for zeroed pages
-
-Based on the contents of a guests physical address space,
-p2m_pod_emergency_sweep() could degrade into a linear memcmp() from 0 to
-max_gfn, which runs non-preemptibly.
-
-As p2m_pod_emergency_sweep() runs behind the scenes in a number of contexts,
-making it preemptible is not feasible.
-
-Instead, a different approach is taken.  Recently-populated pages are eagerly
-checked for reclaimation, which amortises the p2m_pod_emergency_sweep()
-operation across each p2m_pod_demand_populate() operation.
-
-Note that in the case that a 2M superpage can't be reclaimed as a superpage,
-it is shattered if 4K pages of zeros can be reclaimed.  This is unfortunate
-but matches the previous behaviour, and is required to avoid regressions
-(domain crash from PoD exhaustion) with VMs configured close to the limit.
-
-This is CVE-2015-7970 / XSA-150.
-
-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: George Dunlap <george.dunlap@citrix.com>
-
---- a/xen/arch/x86/mm/p2m-pod.c
-+++ b/xen/arch/x86/mm/p2m-pod.c
-@@ -920,28 +920,6 @@ p2m_pod_zero_check(struct p2m_domain *p2
- }
- 
- #define POD_SWEEP_LIMIT 1024
--
--/* When populating a new superpage, look at recently populated superpages
-- * hoping that they've been zeroed.  This will snap up zeroed pages as soon as 
-- * the guest OS is done with them. */
--static void
--p2m_pod_check_last_super(struct p2m_domain *p2m, unsigned long gfn_aligned)
--{
--    unsigned long check_gfn;
--
--    ASSERT(p2m->pod.last_populated_index < POD_HISTORY_MAX);
--
--    check_gfn = p2m->pod.last_populated[p2m->pod.last_populated_index];
--
--    p2m->pod.last_populated[p2m->pod.last_populated_index] = gfn_aligned;
--
--    p2m->pod.last_populated_index =
--        ( p2m->pod.last_populated_index + 1 ) % POD_HISTORY_MAX;
--
--    p2m_pod_zero_check_superpage(p2m, check_gfn);
--}
--
--
- #define POD_SWEEP_STRIDE  16
- static void
- p2m_pod_emergency_sweep(struct p2m_domain *p2m)
-@@ -982,7 +960,7 @@ p2m_pod_emergency_sweep(struct p2m_domai
-          * NB that this is a zero-sum game; we're increasing our cache size
-          * by re-increasing our 'debt'.  Since we hold the pod lock,
-          * (entry_count - count) must remain the same. */
--        if ( p2m->pod.count > 0 && i < limit )
-+        if ( i < limit && (p2m->pod.count > 0 || hypercall_preempt_check()) )
-             break;
-     }
- 
-@@ -994,6 +972,58 @@ p2m_pod_emergency_sweep(struct p2m_domai
- 
- }
- 
-+static void pod_eager_reclaim(struct p2m_domain *p2m)
-+{
-+    struct pod_mrp_list *mrp = &p2m->pod.mrp;
-+    unsigned int i = 0;
-+
-+    /*
-+     * Always check one page for reclaimation.
-+     *
-+     * If the PoD pool is empty, keep checking some space is found, or all
-+     * entries have been exhaused.
-+     */
-+    do
-+    {
-+        unsigned int idx = (mrp->idx + i++) % ARRAY_SIZE(mrp->list);
-+        unsigned long gfn = mrp->list[idx];
-+
-+        if ( gfn != INVALID_GFN )
-+        {
-+            if ( gfn & POD_LAST_SUPERPAGE )
-+            {
-+                gfn &= ~POD_LAST_SUPERPAGE;
-+
-+                if ( p2m_pod_zero_check_superpage(p2m, gfn) == 0 )
-+                {
-+                    unsigned int x;
-+
-+                    for ( x = 0; x < SUPERPAGE_PAGES; ++x, ++gfn )
-+                        p2m_pod_zero_check(p2m, &gfn, 1);
-+                }
-+            }
-+            else
-+                p2m_pod_zero_check(p2m, &gfn, 1);
-+
-+            mrp->list[idx] = INVALID_GFN;
-+        }
-+
-+    } while ( (p2m->pod.count == 0) && (i < ARRAY_SIZE(mrp->list)) );
-+}
-+
-+static void pod_eager_record(struct p2m_domain *p2m,
-+                             unsigned long gfn, unsigned int order)
-+{
-+    struct pod_mrp_list *mrp = &p2m->pod.mrp;
-+
-+    ASSERT(mrp->list[mrp->idx] == INVALID_GFN);
-+    ASSERT(gfn != INVALID_GFN);
-+
-+    mrp->list[mrp->idx++] =
-+        gfn | (order == PAGE_ORDER_2M ? POD_LAST_SUPERPAGE : 0);
-+    mrp->idx %= ARRAY_SIZE(mrp->list);
-+}
-+
- int
- p2m_pod_demand_populate(struct p2m_domain *p2m, unsigned long gfn,
-                         unsigned int order,
-@@ -1034,6 +1064,8 @@ p2m_pod_demand_populate(struct p2m_domai
-         return 0;
-     }
- 
-+    pod_eager_reclaim(p2m);
-+
-     /* Only sweep if we're actually out of memory.  Doing anything else
-      * causes unnecessary time and fragmentation of superpages in the p2m. */
-     if ( p2m->pod.count == 0 )
-@@ -1070,6 +1102,8 @@ p2m_pod_demand_populate(struct p2m_domai
-     p2m->pod.entry_count -= (1 << order);
-     BUG_ON(p2m->pod.entry_count < 0);
- 
-+    pod_eager_record(p2m, gfn_aligned, order);
-+
-     if ( tb_init_done )
-     {
-         struct {
-@@ -1085,12 +1119,6 @@ p2m_pod_demand_populate(struct p2m_domai
-         __trace_var(TRC_MEM_POD_POPULATE, 0, sizeof(t), &t);
-     }
- 
--    /* Check the last guest demand-populate */
--    if ( p2m->pod.entry_count > p2m->pod.count 
--         && (order == PAGE_ORDER_2M)
--         && (q & P2M_ALLOC) )
--        p2m_pod_check_last_super(p2m, gfn_aligned);
--
-     pod_unlock(p2m);
-     return 0;
- out_of_memory:
---- a/xen/arch/x86/mm/p2m.c
-+++ b/xen/arch/x86/mm/p2m.c
-@@ -58,6 +58,7 @@ boolean_param("hap_2mb", opt_hap_2mb);
- /* Init the datastructures for later use by the p2m code */
- static int p2m_initialise(struct domain *d, struct p2m_domain *p2m)
- {
-+    unsigned int i;
-     int ret = 0;
- 
-     mm_rwlock_init(&p2m->lock);
-@@ -73,6 +74,9 @@ static int p2m_initialise(struct domain 
- 
-     p2m->np2m_base = P2M_BASE_EADDR;
- 
-+    for ( i = 0; i < ARRAY_SIZE(p2m->pod.mrp.list); ++i )
-+        p2m->pod.mrp.list[i] = INVALID_GFN;
-+
-     if ( hap_enabled(d) && cpu_has_vmx )
-         ret = ept_p2m_init(p2m);
-     else
---- a/xen/include/asm-x86/p2m.h
-+++ b/xen/include/asm-x86/p2m.h
-@@ -292,10 +292,20 @@ struct p2m_domain {
-                          entry_count;  /* # of pages in p2m marked pod      */
-         unsigned long    reclaim_single; /* Last gpfn of a scan */
-         unsigned long    max_guest;    /* gpfn of max guest demand-populate */
--#define POD_HISTORY_MAX 128
--        /* gpfn of last guest superpage demand-populated */
--        unsigned long    last_populated[POD_HISTORY_MAX]; 
--        unsigned int     last_populated_index;
-+
-+        /*
-+         * Tracking of the most recently populated PoD pages, for eager
-+         * reclamation.
-+         */
-+        struct pod_mrp_list {
-+#define NR_POD_MRP_ENTRIES 32
-+
-+/* Encode ORDER_2M superpage in top bit of GFN */
-+#define POD_LAST_SUPERPAGE (INVALID_GFN & ~(INVALID_GFN >> 1))
-+
-+            unsigned long list[NR_POD_MRP_ENTRIES];
-+            unsigned int idx;
-+        } mrp;
-         mm_lock_t        lock;         /* Locking of private pod structs,   *
-                                         * not relying on the p2m lock.      */
-     } pod;
diff --git a/emulators/xen-kernel/files/xsa151.patch b/emulators/xen-kernel/files/xsa151.patch
deleted file mode 100644
index 1f0277ea789a..000000000000
--- a/emulators/xen-kernel/files/xsa151.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-xenoprof: free domain's vcpu array
-
-This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per
-guest").
-
-This is XSA-151.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
-
---- a/xen/common/xenoprof.c
-+++ b/xen/common/xenoprof.c
-@@ -239,6 +239,7 @@ static int alloc_xenoprof_struct(
-     d->xenoprof->rawbuf = alloc_xenheap_pages(get_order_from_pages(npages), 0);
-     if ( d->xenoprof->rawbuf == NULL )
-     {
-+        xfree(d->xenoprof->vcpu);
-         xfree(d->xenoprof);
-         d->xenoprof = NULL;
-         return -ENOMEM;
-@@ -286,6 +287,7 @@ void free_xenoprof_pages(struct domain *
-         free_xenheap_pages(x->rawbuf, order);
-     }
- 
-+    xfree(x->vcpu);
-     xfree(x);
-     d->xenoprof = NULL;
- }
diff --git a/emulators/xen-kernel/files/xsa152-4.5.patch b/emulators/xen-kernel/files/xsa152-4.5.patch
deleted file mode 100644
index f6f06b609c9a..000000000000
--- a/emulators/xen-kernel/files/xsa152-4.5.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-x86: rate-limit logging in do_xen{oprof,pmu}_op()
-
-Some of the sub-ops are acessible to all guests, and hence should be
-rate-limited. In the xenoprof case, just like for XSA-146, include them
-only in debug builds. Since the vPMU code is rather new, allow them to
-be always present, but downgrade them to (rate limited) guest messages.
-
-This is XSA-152.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-
---- a/xen/common/xenoprof.c
-+++ b/xen/common/xenoprof.c
-@@ -676,15 +676,13 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H
-     
-     if ( (op < 0) || (op > XENOPROF_last_op) )
-     {
--        printk("xenoprof: invalid operation %d for domain %d\n",
--               op, current->domain->domain_id);
-+        gdprintk(XENLOG_DEBUG, "invalid operation %d\n", op);
-         return -EINVAL;
-     }
- 
-     if ( !NONPRIV_OP(op) && (current->domain != xenoprof_primary_profiler) )
-     {
--        printk("xenoprof: dom %d denied privileged operation %d\n",
--               current->domain->domain_id, op);
-+        gdprintk(XENLOG_DEBUG, "denied privileged operation %d\n", op);
-         return -EPERM;
-     }
- 
-@@ -907,8 +905,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H
-     spin_unlock(&xenoprof_lock);
- 
-     if ( ret < 0 )
--        printk("xenoprof: operation %d failed for dom %d (status : %d)\n",
--               op, current->domain->domain_id, ret);
-+        gdprintk(XENLOG_DEBUG, "operation %d failed: %d\n", op, ret);
- 
-     return ret;
- }
diff --git a/emulators/xen-kernel/files/xsa156-4.5.patch b/emulators/xen-kernel/files/xsa156-4.5.patch
new file mode 100644
index 000000000000..9b59e16fb4a0
--- /dev/null
+++ b/emulators/xen-kernel/files/xsa156-4.5.patch
@@ -0,0 +1,127 @@
+x86/HVM: always intercept #AC and #DB
+
+Both being benign exceptions, and both being possible to get triggered
+by exception delivery, this is required to prevent a guest from locking
+up a CPU (resulting from no other VM exits occurring once getting into
+such a loop).
+
+The specific scenarios:
+
+1) #AC may be raised during exception delivery if the handler is set to
+be a ring-3 one by a 32-bit guest, and the stack is misaligned.
+
+2) #DB may be raised during exception delivery when a breakpoint got
+placed on a data structure involved in delivering the exception. This
+can result in an endless loop when a 64-bit guest uses a non-zero IST
+for the vector 1 IDT entry, but even without use of IST the time it
+takes until a contributory fault would get raised (results depending
+on the handler) may be quite long.
+
+This is XSA-156.
+
+Reported-by: Benjamin Serebrin <serebrin@google.com>
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
+
+--- a/xen/arch/x86/hvm/svm/svm.c
++++ b/xen/arch/x86/hvm/svm/svm.c
+@@ -1045,10 +1045,11 @@ static void noreturn svm_do_resume(struc
+         unlikely(v->arch.hvm_vcpu.debug_state_latch != debug_state) )
+     {
+         uint32_t intercepts = vmcb_get_exception_intercepts(vmcb);
+-        uint32_t mask = (1U << TRAP_debug) | (1U << TRAP_int3);
++
+         v->arch.hvm_vcpu.debug_state_latch = debug_state;
+         vmcb_set_exception_intercepts(
+-            vmcb, debug_state ? (intercepts | mask) : (intercepts & ~mask));
++            vmcb, debug_state ? (intercepts | (1U << TRAP_int3))
++                              : (intercepts & ~(1U << TRAP_int3)));
+     }
+ 
+     if ( v->arch.hvm_svm.launch_core != smp_processor_id() )
+@@ -2435,8 +2436,9 @@ void svm_vmexit_handler(struct cpu_user_
+ 
+     case VMEXIT_EXCEPTION_DB:
+         if ( !v->domain->debugger_attached )
+-            goto unexpected_exit_type;
+-        domain_pause_for_debugger();
++            hvm_inject_hw_exception(TRAP_debug, HVM_DELIVER_NO_ERROR_CODE);
++        else
++            domain_pause_for_debugger();
+         break;
+ 
+     case VMEXIT_EXCEPTION_BP:
+@@ -2484,6 +2486,11 @@ void svm_vmexit_handler(struct cpu_user_
+         break;
+     }
+ 
++    case VMEXIT_EXCEPTION_AC:
++        HVMTRACE_1D(TRAP, TRAP_alignment_check);
++        hvm_inject_hw_exception(TRAP_alignment_check, vmcb->exitinfo1);
++        break;
++
+     case VMEXIT_EXCEPTION_UD:
+         svm_vmexit_ud_intercept(regs);
+         break;
+--- a/xen/arch/x86/hvm/vmx/vmx.c
++++ b/xen/arch/x86/hvm/vmx/vmx.c
+@@ -1186,16 +1186,10 @@ static void vmx_update_host_cr3(struct v
+ 
+ void vmx_update_debug_state(struct vcpu *v)
+ {
+-    unsigned long mask;
+-
+-    mask = 1u << TRAP_int3;
+-    if ( !cpu_has_monitor_trap_flag )
+-        mask |= 1u << TRAP_debug;
+-
+     if ( v->arch.hvm_vcpu.debug_state_latch )
+-        v->arch.hvm_vmx.exception_bitmap |= mask;
++        v->arch.hvm_vmx.exception_bitmap |= 1U << TRAP_int3;
+     else
+-        v->arch.hvm_vmx.exception_bitmap &= ~mask;
++        v->arch.hvm_vmx.exception_bitmap &= ~(1U << TRAP_int3);
+ 
+     vmx_vmcs_enter(v);
+     vmx_update_exception_bitmap(v);
+@@ -2801,9 +2795,10 @@ void vmx_vmexit_handler(struct cpu_user_
+             __vmread(EXIT_QUALIFICATION, &exit_qualification);
+             HVMTRACE_1D(TRAP_DEBUG, exit_qualification);
+             write_debugreg(6, exit_qualification | 0xffff0ff0);
+-            if ( !v->domain->debugger_attached || cpu_has_monitor_trap_flag )
+-                goto exit_and_crash;
+-            domain_pause_for_debugger();
++            if ( !v->domain->debugger_attached )
++                hvm_inject_hw_exception(vector, HVM_DELIVER_NO_ERROR_CODE);
++            else
++                domain_pause_for_debugger();
+             break;
+         case TRAP_int3: 
+         {
+@@ -2868,6 +2863,11 @@ void vmx_vmexit_handler(struct cpu_user_
+ 
+             hvm_inject_page_fault(regs->error_code, exit_qualification);
+             break;
++        case TRAP_alignment_check:
++            HVMTRACE_1D(TRAP, vector);
++            __vmread(VM_EXIT_INTR_ERROR_CODE, &ecode);
++            hvm_inject_hw_exception(vector, ecode);
++            break;
+         case TRAP_nmi:
+             if ( (intr_info & INTR_INFO_INTR_TYPE_MASK) !=
+                  (X86_EVENTTYPE_NMI << 8) )
+--- a/xen/include/asm-x86/hvm/hvm.h
++++ b/xen/include/asm-x86/hvm/hvm.h
+@@ -378,7 +378,10 @@ static inline int hvm_event_pending(stru
+     (X86_CR4_VMXE | X86_CR4_PAE | X86_CR4_MCE))
+ 
+ /* These exceptions must always be intercepted. */
+-#define HVM_TRAP_MASK ((1U << TRAP_machine_check) | (1U << TRAP_invalid_op))
++#define HVM_TRAP_MASK ((1U << TRAP_debug)           | \
++                       (1U << TRAP_invalid_op)      | \
++                       (1U << TRAP_alignment_check) | \
++                       (1U << TRAP_machine_check))
+ 
+ /*
+  * x86 event types. This enumeration is valid for:
diff --git a/emulators/xen/Makefile b/emulators/xen/Makefile
index 8c23493432a2..f0c8f433a685 100644
--- a/emulators/xen/Makefile
+++ b/emulators/xen/Makefile
@@ -1,11 +1,10 @@
 # $FreeBSD$
 
 PORTNAME=	xen
-PORTVERSION=	4.5.1
-PORTREVISION=	1
+PORTVERSION=	4.5.2
 CATEGORIES=	emulators
 
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	royger@FreeBSD.org
 COMMENT=	Xen Hyvervisor meta port
 
 LICENSE=	GPLv2