diff --git a/0303-x86-x2APIC-correct-cluster-tracking-upon-CPUs-going-.patch b/0303-x86-x2APIC-correct-cluster-tracking-upon-CPUs-going-.patch new file mode 100644 index 0000000..612745d --- /dev/null +++ b/0303-x86-x2APIC-correct-cluster-tracking-upon-CPUs-going-.patch @@ -0,0 +1,50 @@ +From ad3ff7b4279d16c91c23cda6e8be5bc670b25c9a Mon Sep 17 00:00:00 2001 +From: Jan Beulich +Date: Mon, 26 Aug 2024 10:30:40 +0200 +Subject: [PATCH] x86/x2APIC: correct cluster tracking upon CPUs going down for + S3 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Downing CPUs for S3 is somewhat special: Since we can expect the system +to come back up in exactly the same hardware configuration, per-CPU data +for the secondary CPUs isn't de-allocated (and then cleared upon re- +allocation when the CPUs are being brought back up). Therefore the +cluster_cpus per-CPU pointer will retain its value for all CPUs other +than the final one in a cluster (i.e. in particular for all CPUs in the +same cluster as CPU0). That, however, is in conflict with the assertion +early in init_apic_ldr_x2apic_cluster(). + +Note that the issue is avoided on Intel hardware, where we park CPUs +instead of bringing them down. + +Extend the bypassing of the freeing to the suspend case, thus making +suspend/resume also a tiny bit faster. + +Fixes: 2e6c8f182c9c ("x86: distinguish CPU offlining from CPU removal") +Reported-by: Marek Marczykowski-Górecki +Signed-off-by: Jan Beulich +Tested-by: Marek Marczykowski-Górecki +Acked-by: Andrew Cooper +--- + xen/arch/x86/genapic/x2apic.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c +index 371dd100c742..d531035fa42c 100644 +--- a/xen/arch/x86/genapic/x2apic.c ++++ b/xen/arch/x86/genapic/x2apic.c +@@ -228,7 +228,8 @@ static int cf_check update_clusterinfo( + case CPU_UP_CANCELED: + case CPU_DEAD: + case CPU_REMOVE: +- if ( park_offline_cpus == (action != CPU_REMOVE) ) ++ if ( park_offline_cpus == (action != CPU_REMOVE) || ++ system_state == SYS_STATE_suspend ) + break; + if ( per_cpu(cluster_cpus, cpu) ) + { +-- +2.46.0 + diff --git a/0304-xen-spinlock-Fix-UBSAN-load-of-address-with-insuffic.patch b/0304-xen-spinlock-Fix-UBSAN-load-of-address-with-insuffic.patch new file mode 100644 index 0000000..cf0acfb --- /dev/null +++ b/0304-xen-spinlock-Fix-UBSAN-load-of-address-with-insuffic.patch @@ -0,0 +1,65 @@ +From 542ac112fc68c66cfafc577e252404c21da4f75b Mon Sep 17 00:00:00 2001 +From: Andrew Cooper +Date: Mon, 14 Oct 2024 15:30:28 +0100 +Subject: [PATCH] xen/spinlock: Fix UBSAN "load of address with insufficient + space" in lock_prof_init() + +UBSAN complains: + + (XEN) ================================================================================ + (XEN) UBSAN: Undefined behaviour in common/spinlock.c:794:10 + (XEN) load of address ffff82d040ae24c8 with insufficient space + (XEN) for an object of type 'struct lock_profile *' + (XEN) ----[ Xen-4.20-unstable x86_64 debug=y ubsan=y Tainted: C ]---- + +This shows up with GCC-14, but not with GCC-12. I have not bisected further. + +Either way, the types for __lock_profile_{start,end} are incorrect. + +They are an array of struct lock_profile pointers. Correct the extern's +types, and adjust the loop to match. + +No practical change. + +Reported-by: Andreas Glashauser +Signed-off-by: Andrew Cooper +Reviewed-by: Juergen Gross +--- + xen/common/spinlock.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c +index 0b877384451d..38caa10a2ea2 100644 +--- a/xen/common/spinlock.c ++++ b/xen/common/spinlock.c +@@ -608,9 +608,6 @@ struct lock_profile_anc { + typedef void lock_profile_subfunc(struct lock_profile *data, int32_t type, + int32_t idx, void *par); + +-extern struct lock_profile *__lock_profile_start; +-extern struct lock_profile *__lock_profile_end; +- + static s_time_t lock_profile_start; + static struct lock_profile_anc lock_profile_ancs[] = { + [LOCKPROF_TYPE_GLOBAL] = { .name = "Global" }, +@@ -780,13 +777,16 @@ void _lock_profile_deregister_struct( + spin_unlock(&lock_profile_lock); + } + ++extern struct lock_profile *__lock_profile_start[]; ++extern struct lock_profile *__lock_profile_end[]; ++ + static int __init cf_check lock_prof_init(void) + { + struct lock_profile **q; + + BUILD_BUG_ON(ARRAY_SIZE(lock_profile_ancs) != LOCKPROF_TYPE_N); + +- for ( q = &__lock_profile_start; q < &__lock_profile_end; q++ ) ++ for ( q = __lock_profile_start; q < __lock_profile_end; q++ ) + { + (*q)->next = lock_profile_glb_q.elem_q; + lock_profile_glb_q.elem_q = *q; +-- +2.46.0 + diff --git a/0630-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch b/0630-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch new file mode 100644 index 0000000..18aa820 --- /dev/null +++ b/0630-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch @@ -0,0 +1,62 @@ +From b3262b7069a51e460a9f044eec4fc5e2e5758db2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Tue, 8 Oct 2024 23:24:31 +0200 +Subject: [PATCH] tools/xg: increase LZMA_BLOCK_SIZE for uncompressing the + kernel +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Linux 6.12-rc2 fails to decompress with the current 128MiB, contrary to +the code comment. It results in a failure like this: + + domainbuilder: detail: xc_dom_kernel_file: filename="/var/lib/qubes/vm-kernels/6.12-rc2-1.1.fc37/vmlinuz" + domainbuilder: detail: xc_dom_malloc_filemap : 12104 kB + domainbuilder: detail: xc_dom_module_file: filename="/var/lib/qubes/vm-kernels/6.12-rc2-1.1.fc37/initramfs" + domainbuilder: detail: xc_dom_malloc_filemap : 7711 kB + domainbuilder: detail: xc_dom_boot_xen_init: ver 4.19, caps xen-3.0-x86_64 hvm-3.0-x86_32 hvm-3.0-x86_32p hvm-3.0-x86_64 + domainbuilder: detail: xc_dom_parse_image: called + domainbuilder: detail: xc_dom_find_loader: trying multiboot-binary loader ... + domainbuilder: detail: loader probe failed + domainbuilder: detail: xc_dom_find_loader: trying HVM-generic loader ... + domainbuilder: detail: loader probe failed + domainbuilder: detail: xc_dom_find_loader: trying Linux bzImage loader ... + domainbuilder: detail: _xc_try_lzma_decode: XZ decompression error: Memory usage limit reached + xc: error: panic: xg_dom_bzimageloader.c:761: xc_dom_probe_bzimage_kernel unable to XZ decompress kernel: Invalid kernel + domainbuilder: detail: loader probe failed + domainbuilder: detail: xc_dom_find_loader: trying ELF-generic loader ... + domainbuilder: detail: loader probe failed + xc: error: panic: xg_dom_core.c:689: xc_dom_find_loader: no loader found: Invalid kernel + libxl: error: libxl_dom.c:566:libxl__build_dom: xc_dom_parse_image failed + +The important part: XZ decompression error: Memory usage limit reached + +This looks to be related to the following change in Linux: +8653c909922743bceb4800e5cc26087208c9e0e6 ("xz: use 128 MiB dictionary and force single-threaded mode") + +Fix this by increasing the block size to 256MiB. And remove the +misleading comment (from lack of better ideas). + +Signed-off-by: Marek Marczykowski-Górecki +--- + tools/libs/guest/xg_dom_bzimageloader.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/tools/libs/guest/xg_dom_bzimageloader.c b/tools/libs/guest/xg_dom_bzimageloader.c +index c6ee6d83e7c6..1fb4e5a1f728 100644 +--- a/tools/libs/guest/xg_dom_bzimageloader.c ++++ b/tools/libs/guest/xg_dom_bzimageloader.c +@@ -272,8 +272,7 @@ static int _xc_try_lzma_decode( + return retval; + } + +-/* 128 Mb is the minimum size (half-way) documented to work for all inputs. */ +-#define LZMA_BLOCK_SIZE (128*1024*1024) ++#define LZMA_BLOCK_SIZE (256*1024*1024) + + static int xc_try_xz_decode( + struct xc_dom_image *dom, void **blob, size_t *size) +-- +2.46.0 + diff --git a/1018-x86-Use-Linux-s-PAT.patch b/1018-x86-Use-Linux-s-PAT.patch new file mode 100644 index 0000000..2bfbc9f --- /dev/null +++ b/1018-x86-Use-Linux-s-PAT.patch @@ -0,0 +1,80 @@ +From 7f3f94f443f652e4a59c111d4cf8b5fb3b771612 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Sun, 4 Dec 2022 07:57:44 -0500 +Subject: [PATCH] x86: Use Linux's PAT + +Use the same PAT setting as Linux to workaround buggy drivers that have +hardcoded assumptions about it. +--- + xen/arch/x86/include/asm/page.h | 4 ++-- + xen/arch/x86/include/asm/processor.h | 10 +++++----- + xen/arch/x86/mm.c | 8 -------- + 3 files changed, 7 insertions(+), 15 deletions(-) + +diff --git a/xen/arch/x86/include/asm/page.h b/xen/arch/x86/include/asm/page.h +index 350d1fb1100f..2624cc6bdae5 100644 +--- a/xen/arch/x86/include/asm/page.h ++++ b/xen/arch/x86/include/asm/page.h +@@ -333,11 +333,11 @@ void efi_update_l4_pgtable(unsigned int l4idx, l4_pgentry_t l4e); + + /* Memory types, encoded under Xen's choice of MSR_PAT. */ + #define _PAGE_WB ( 0) +-#define _PAGE_WT ( _PAGE_PWT) ++#define _PAGE_WC ( _PAGE_PWT) + #define _PAGE_UCM ( _PAGE_PCD ) + #define _PAGE_UC ( _PAGE_PCD | _PAGE_PWT) +-#define _PAGE_WC (_PAGE_PAT ) + #define _PAGE_WP (_PAGE_PAT | _PAGE_PWT) ++#define _PAGE_WT (_PAGE_PAT | _PAGE_PCD | _PAGE_PWT) + + /* + * Debug option: Ensure that granted mappings are not implicitly unmapped. +diff --git a/xen/arch/x86/include/asm/processor.h b/xen/arch/x86/include/asm/processor.h +index c26ef9090c3a..ec881b880d4d 100644 +--- a/xen/arch/x86/include/asm/processor.h ++++ b/xen/arch/x86/include/asm/processor.h +@@ -65,16 +65,17 @@ + + /* + * Host IA32_CR_PAT value to cover all memory types. This is not the default +- * MSR_PAT value, and is an ABI with PV guests. ++ * MSR_PAT value, and is and is the same one used by Linux. The proprietary ++ * Nvidia driver (and possibly other kernel code) requires this value. + */ + #define XEN_MSR_PAT ((_AC(X86_MT_WB, ULL) << 0x00) | \ +- (_AC(X86_MT_WT, ULL) << 0x08) | \ ++ (_AC(X86_MT_WC, ULL) << 0x08) | \ + (_AC(X86_MT_UCM, ULL) << 0x10) | \ + (_AC(X86_MT_UC, ULL) << 0x18) | \ +- (_AC(X86_MT_WC, ULL) << 0x20) | \ ++ (_AC(X86_MT_WB, ULL) << 0x20) | \ + (_AC(X86_MT_WP, ULL) << 0x28) | \ +- (_AC(X86_MT_UC, ULL) << 0x30) | \ +- (_AC(X86_MT_UC, ULL) << 0x38)) ++ (_AC(X86_MT_UCM, ULL) << 0x30) | \ ++ (_AC(X86_MT_WT, ULL) << 0x38)) + + #ifndef __ASSEMBLY__ + +diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c +index 702c76a879e5..b30453b9de11 100644 +--- a/xen/arch/x86/mm.c ++++ b/xen/arch/x86/mm.c +@@ -6365,14 +6365,6 @@ unsigned long get_upper_mfn_bound(void) + */ + static void __init __maybe_unused build_assertions(void) + { +- /* +- * If this trips, any guests that blindly rely on the public API in xen.h +- * (instead of reading the PAT from Xen, as Linux 3.19+ does) will be +- * broken. Furthermore, live migration of PV guests between Xen versions +- * using different PATs will not work. +- */ +- BUILD_BUG_ON(XEN_MSR_PAT != 0x050100070406ULL); +- + /* + * _PAGE_WB must be zero for several reasons, not least because Linux + * assumes it. +-- +2.44.0 + diff --git a/xen.spec.in b/xen.spec.in index 7e575a5..593da60 100644 --- a/xen.spec.in +++ b/xen.spec.in @@ -100,6 +100,8 @@ Patch0203: 0203-xen.efi.build.patch Patch0300: 0300-xen-list-add-LIST_HEAD_RO_AFTER_INIT.patch Patch0301: 0301-x86-mm-add-API-for-marking-only-part-of-a-MMIO-page-.patch Patch0302: 0302-drivers-char-Use-sub-page-ro-API-to-make-just-xhci-d.patch +Patch0303: 0303-x86-x2APIC-correct-cluster-tracking-upon-CPUs-going-.patch +Patch0304: 0304-xen-spinlock-Fix-UBSAN-load-of-address-with-insuffic.patch # Security fixes (500+) @@ -139,6 +141,8 @@ Patch0627: 0627-x86-msr-Allow-hardware-domain-to-read-package-C-stat.patch Patch0628: 0628-x86-mwait-idle-Use-ACPI-for-CPUs-without-hardcoded-C.patch Patch0629: 0629-libxl_pci-Pass-power_mgmt-via-QMP.patch +Patch0630: 0630-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch + # Qubes specific patches Patch1000: 1000-Do-not-access-network-during-the-build.patch Patch1001: 1001-hotplug-store-block-params-for-cleanup.patch @@ -158,6 +162,7 @@ Patch1014: 1014-libxl-conditionally-allow-PCI-passthrough-on-PV-with.patch Patch1015: 1015-gnttab-disable-grant-tables-v2-by-default.patch Patch1016: 1016-cpufreq-enable-HWP-by-default.patch Patch1017: 1017-Fix-IGD-passthrough-with-linux-stubdomain.patch +Patch1018: 1018-x86-Use-Linux-s-PAT.patch # Reproducible builds Patch1100: 1100-Define-build-dates-time-based-on-SOURCE_DATE_EPOCH.patch