Few backports and fixes

0303-x86-x2APIC-correct-cluster-tracking-upon-CPUs-going-.patch

@@ -0,0 +1,50 @@
+From ad3ff7b4279d16c91c23cda6e8be5bc670b25c9a Mon Sep 17 00:00:00 2001
+From: Jan Beulich <[email protected]>
+Date: Mon, 26 Aug 2024 10:30:40 +0200
+Subject: [PATCH] x86/x2APIC: correct cluster tracking upon CPUs going down for
+ S3
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Downing CPUs for S3 is somewhat special: Since we can expect the system
+to come back up in exactly the same hardware configuration, per-CPU data
+for the secondary CPUs isn't de-allocated (and then cleared upon re-
+allocation when the CPUs are being brought back up). Therefore the
+cluster_cpus per-CPU pointer will retain its value for all CPUs other
+than the final one in a cluster (i.e. in particular for all CPUs in the
+same cluster as CPU0). That, however, is in conflict with the assertion
+early in init_apic_ldr_x2apic_cluster().
+
+Note that the issue is avoided on Intel hardware, where we park CPUs
+instead of bringing them down.
+
+Extend the bypassing of the freeing to the suspend case, thus making
+suspend/resume also a tiny bit faster.
+
+Fixes: 2e6c8f182c9c ("x86: distinguish CPU offlining from CPU removal")
+Reported-by: Marek Marczykowski-Górecki <[email protected]>
+Signed-off-by: Jan Beulich <[email protected]>
+Tested-by: Marek Marczykowski-Górecki <[email protected]>
+Acked-by: Andrew Cooper <[email protected]>
+---
+ xen/arch/x86/genapic/x2apic.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c
+index 371dd100c742..d531035fa42c 100644
+--- a/xen/arch/x86/genapic/x2apic.c
++++ b/xen/arch/x86/genapic/x2apic.c
+@@ -228,7 +228,8 @@ static int cf_check update_clusterinfo(
+     case CPU_UP_CANCELED:
+     case CPU_DEAD:
+     case CPU_REMOVE:
+-        if ( park_offline_cpus == (action != CPU_REMOVE) )
++        if ( park_offline_cpus == (action != CPU_REMOVE) ||
++             system_state == SYS_STATE_suspend )
+             break;
+         if ( per_cpu(cluster_cpus, cpu) )
+         {
+-- 
+2.46.0
+

0304-xen-spinlock-Fix-UBSAN-load-of-address-with-insuffic.patch

@@ -0,0 +1,65 @@
+From 542ac112fc68c66cfafc577e252404c21da4f75b Mon Sep 17 00:00:00 2001
+From: Andrew Cooper <[email protected]>
+Date: Mon, 14 Oct 2024 15:30:28 +0100
+Subject: [PATCH] xen/spinlock: Fix UBSAN "load of address with insufficient
+ space" in lock_prof_init()
+
+UBSAN complains:
+
+  (XEN) ================================================================================
+  (XEN) UBSAN: Undefined behaviour in common/spinlock.c:794:10
+  (XEN) load of address ffff82d040ae24c8 with insufficient space
+  (XEN) for an object of type 'struct lock_profile *'
+  (XEN) ----[ Xen-4.20-unstable  x86_64  debug=y ubsan=y  Tainted:   C    ]----
+
+This shows up with GCC-14, but not with GCC-12.  I have not bisected further.
+
+Either way, the types for __lock_profile_{start,end} are incorrect.
+
+They are an array of struct lock_profile pointers.  Correct the extern's
+types, and adjust the loop to match.
+
+No practical change.
+
+Reported-by: Andreas Glashauser <[email protected]>
+Signed-off-by: Andrew Cooper <[email protected]>
+Reviewed-by: Juergen Gross <[email protected]>
+---
+ xen/common/spinlock.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c
+index 0b877384451d..38caa10a2ea2 100644
+--- a/xen/common/spinlock.c
++++ b/xen/common/spinlock.c
+@@ -608,9 +608,6 @@ struct lock_profile_anc {
+ typedef void lock_profile_subfunc(struct lock_profile *data, int32_t type,
+     int32_t idx, void *par);
+
+-extern struct lock_profile *__lock_profile_start;
+-extern struct lock_profile *__lock_profile_end;
+-
+ static s_time_t lock_profile_start;
+ static struct lock_profile_anc lock_profile_ancs[] = {
+     [LOCKPROF_TYPE_GLOBAL] = { .name = "Global" },
+@@ -780,13 +777,16 @@ void _lock_profile_deregister_struct(
+     spin_unlock(&lock_profile_lock);
+ }
+
++extern struct lock_profile *__lock_profile_start[];
++extern struct lock_profile *__lock_profile_end[];
++
+ static int __init cf_check lock_prof_init(void)
+ {
+     struct lock_profile **q;
+
+     BUILD_BUG_ON(ARRAY_SIZE(lock_profile_ancs) != LOCKPROF_TYPE_N);
+
+-    for ( q = &__lock_profile_start; q < &__lock_profile_end; q++ )
++    for ( q = __lock_profile_start; q < __lock_profile_end; q++ )
+     {
+         (*q)->next = lock_profile_glb_q.elem_q;
+         lock_profile_glb_q.elem_q = *q;
+-- 
+2.46.0
+

0630-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch

@@ -0,0 +1,62 @@
+From b3262b7069a51e460a9f044eec4fc5e2e5758db2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
+ <[email protected]>
+Date: Tue, 8 Oct 2024 23:24:31 +0200
+Subject: [PATCH] tools/xg: increase LZMA_BLOCK_SIZE for uncompressing the
+ kernel
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Linux 6.12-rc2 fails to decompress with the current 128MiB, contrary to
+the code comment. It results in a failure like this:
+
+    domainbuilder: detail: xc_dom_kernel_file: filename="/var/lib/qubes/vm-kernels/6.12-rc2-1.1.fc37/vmlinuz"
+    domainbuilder: detail: xc_dom_malloc_filemap    : 12104 kB
+    domainbuilder: detail: xc_dom_module_file: filename="/var/lib/qubes/vm-kernels/6.12-rc2-1.1.fc37/initramfs"
+    domainbuilder: detail: xc_dom_malloc_filemap    : 7711 kB
+    domainbuilder: detail: xc_dom_boot_xen_init: ver 4.19, caps xen-3.0-x86_64 hvm-3.0-x86_32 hvm-3.0-x86_32p hvm-3.0-x86_64
+    domainbuilder: detail: xc_dom_parse_image: called
+    domainbuilder: detail: xc_dom_find_loader: trying multiboot-binary loader ...
+    domainbuilder: detail: loader probe failed
+    domainbuilder: detail: xc_dom_find_loader: trying HVM-generic loader ...
+    domainbuilder: detail: loader probe failed
+    domainbuilder: detail: xc_dom_find_loader: trying Linux bzImage loader ...
+    domainbuilder: detail: _xc_try_lzma_decode: XZ decompression error: Memory usage limit reached
+    xc: error: panic: xg_dom_bzimageloader.c:761: xc_dom_probe_bzimage_kernel unable to XZ decompress kernel: Invalid kernel
+    domainbuilder: detail: loader probe failed
+    domainbuilder: detail: xc_dom_find_loader: trying ELF-generic loader ...
+    domainbuilder: detail: loader probe failed
+    xc: error: panic: xg_dom_core.c:689: xc_dom_find_loader: no loader found: Invalid kernel
+    libxl: error: libxl_dom.c:566:libxl__build_dom: xc_dom_parse_image failed
+
+The important part: XZ decompression error: Memory usage limit reached
+
+This looks to be related to the following change in Linux:
+8653c909922743bceb4800e5cc26087208c9e0e6 ("xz: use 128 MiB dictionary and force single-threaded mode")
+
+Fix this by increasing the block size to 256MiB. And remove the
+misleading comment (from lack of better ideas).
+
+Signed-off-by: Marek Marczykowski-Górecki <[email protected]>
+---
+ tools/libs/guest/xg_dom_bzimageloader.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/tools/libs/guest/xg_dom_bzimageloader.c b/tools/libs/guest/xg_dom_bzimageloader.c
+index c6ee6d83e7c6..1fb4e5a1f728 100644
+--- a/tools/libs/guest/xg_dom_bzimageloader.c
++++ b/tools/libs/guest/xg_dom_bzimageloader.c
+@@ -272,8 +272,7 @@ static int _xc_try_lzma_decode(
+     return retval;
+ }
+
+-/* 128 Mb is the minimum size (half-way) documented to work for all inputs. */
+-#define LZMA_BLOCK_SIZE (128*1024*1024)
++#define LZMA_BLOCK_SIZE (256*1024*1024)
+
+ static int xc_try_xz_decode(
+     struct xc_dom_image *dom, void **blob, size_t *size)
+-- 
+2.46.0
+

1018-x86-Use-Linux-s-PAT.patch

@@ -0,0 +1,80 @@
+From 7f3f94f443f652e4a59c111d4cf8b5fb3b771612 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <[email protected]>
+Date: Sun, 4 Dec 2022 07:57:44 -0500
+Subject: [PATCH] x86: Use Linux's PAT
+
+Use the same PAT setting as Linux to workaround buggy drivers that have
+hardcoded assumptions about it.
+---
+ xen/arch/x86/include/asm/page.h      |  4 ++--
+ xen/arch/x86/include/asm/processor.h | 10 +++++-----
+ xen/arch/x86/mm.c                    |  8 --------
+ 3 files changed, 7 insertions(+), 15 deletions(-)
+
+diff --git a/xen/arch/x86/include/asm/page.h b/xen/arch/x86/include/asm/page.h
+index 350d1fb1100f..2624cc6bdae5 100644
+--- a/xen/arch/x86/include/asm/page.h
++++ b/xen/arch/x86/include/asm/page.h
+@@ -333,11 +333,11 @@ void efi_update_l4_pgtable(unsigned int l4idx, l4_pgentry_t l4e);
+
+ /* Memory types, encoded under Xen's choice of MSR_PAT. */
+ #define _PAGE_WB         (                                0)
+-#define _PAGE_WT         (                        _PAGE_PWT)
++#define _PAGE_WC         (                        _PAGE_PWT)
+ #define _PAGE_UCM        (            _PAGE_PCD            )
+ #define _PAGE_UC         (            _PAGE_PCD | _PAGE_PWT)
+-#define _PAGE_WC         (_PAGE_PAT                        )
+ #define _PAGE_WP         (_PAGE_PAT |             _PAGE_PWT)
++#define _PAGE_WT         (_PAGE_PAT | _PAGE_PCD | _PAGE_PWT)
+
+ /*
+  * Debug option: Ensure that granted mappings are not implicitly unmapped.
+diff --git a/xen/arch/x86/include/asm/processor.h b/xen/arch/x86/include/asm/processor.h
+index c26ef9090c3a..ec881b880d4d 100644
+--- a/xen/arch/x86/include/asm/processor.h
++++ b/xen/arch/x86/include/asm/processor.h
+@@ -65,16 +65,17 @@
+
+ /*
+  * Host IA32_CR_PAT value to cover all memory types.  This is not the default
+- * MSR_PAT value, and is an ABI with PV guests.
++ * MSR_PAT value, and is and is the same one used by Linux.  The proprietary
++ * Nvidia driver (and possibly other kernel code) requires this value.
+  */
+ #define XEN_MSR_PAT ((_AC(X86_MT_WB,  ULL) << 0x00) | \
+-                     (_AC(X86_MT_WT,  ULL) << 0x08) | \
++                     (_AC(X86_MT_WC,  ULL) << 0x08) | \
+                      (_AC(X86_MT_UCM, ULL) << 0x10) | \
+                      (_AC(X86_MT_UC,  ULL) << 0x18) | \
+-                     (_AC(X86_MT_WC,  ULL) << 0x20) | \
++                     (_AC(X86_MT_WB,  ULL) << 0x20) | \
+                      (_AC(X86_MT_WP,  ULL) << 0x28) | \
+-                     (_AC(X86_MT_UC,  ULL) << 0x30) | \
+-                     (_AC(X86_MT_UC,  ULL) << 0x38))
++                     (_AC(X86_MT_UCM, ULL) << 0x30) | \
++                     (_AC(X86_MT_WT,  ULL) << 0x38))
+
+ #ifndef __ASSEMBLY__
+
+diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
+index 702c76a879e5..b30453b9de11 100644
+--- a/xen/arch/x86/mm.c
++++ b/xen/arch/x86/mm.c
+@@ -6365,14 +6365,6 @@ unsigned long get_upper_mfn_bound(void)
+  */
+ static void __init __maybe_unused build_assertions(void)
+ {
+-    /*
+-     * If this trips, any guests that blindly rely on the public API in xen.h
+-     * (instead of reading the PAT from Xen, as Linux 3.19+ does) will be
+-     * broken.  Furthermore, live migration of PV guests between Xen versions
+-     * using different PATs will not work.
+-     */
+-    BUILD_BUG_ON(XEN_MSR_PAT != 0x050100070406ULL);
+-
+     /*
+      * _PAGE_WB must be zero for several reasons, not least because Linux
+      * assumes it.
+-- 
+2.44.0
+

xen.spec.in

@@ -100,6 +100,8 @@ Patch0203: 0203-xen.efi.build.patch
 Patch0300: 0300-xen-list-add-LIST_HEAD_RO_AFTER_INIT.patch
 Patch0301: 0301-x86-mm-add-API-for-marking-only-part-of-a-MMIO-page-.patch
 Patch0302: 0302-drivers-char-Use-sub-page-ro-API-to-make-just-xhci-d.patch
+Patch0303: 0303-x86-x2APIC-correct-cluster-tracking-upon-CPUs-going-.patch
+Patch0304: 0304-xen-spinlock-Fix-UBSAN-load-of-address-with-insuffic.patch
 
 # Security fixes (500+)
 
@@ -139,6 +141,8 @@ Patch0627: 0627-x86-msr-Allow-hardware-domain-to-read-package-C-stat.patch
 Patch0628: 0628-x86-mwait-idle-Use-ACPI-for-CPUs-without-hardcoded-C.patch
 Patch0629: 0629-libxl_pci-Pass-power_mgmt-via-QMP.patch
 
+Patch0630: 0630-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch
+
 # Qubes specific patches
 Patch1000: 1000-Do-not-access-network-during-the-build.patch
 Patch1001: 1001-hotplug-store-block-params-for-cleanup.patch
@@ -158,6 +162,7 @@ Patch1014: 1014-libxl-conditionally-allow-PCI-passthrough-on-PV-with.patch
 Patch1015: 1015-gnttab-disable-grant-tables-v2-by-default.patch
 Patch1016: 1016-cpufreq-enable-HWP-by-default.patch
 Patch1017: 1017-Fix-IGD-passthrough-with-linux-stubdomain.patch
+Patch1018: 1018-x86-Use-Linux-s-PAT.patch
 
 # Reproducible builds
 Patch1100: 1100-Define-build-dates-time-based-on-SOURCE_DATE_EPOCH.patch