Sync from SUSE:SLFO:Main xen revision bafde79b448f1d38f9192167f72cc0ee

This commit is contained in:
Adrian Schröter 2024-05-31 15:03:48 +02:00
parent e0da5782bf
commit e9f0e797ec
8 changed files with 108 additions and 216 deletions

View File

@ -1,31 +0,0 @@
# Commit 26a449ce32cef33f2cb50602be19fcc0c4223ba9
# Date 2023-11-02 10:50:26 +0100
# Author Roger Pau Monné <roger.pau@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/x2apic: remove usage of ACPI_FADT_APIC_CLUSTER
The ACPI FADT APIC_CLUSTER flag mandates that when the interrupt delivery is
Logical mode APIC must be configured for Cluster destination model. However in
apic_x2apic_probe() such flag is incorrectly used to gate whether Physical mode
can be used.
Since Xen when in x2APIC mode only uses Logical mode together with Cluster
model completely remove checking for ACPI_FADT_APIC_CLUSTER, as Xen always
fulfills the requirement signaled by the flag.
Fixes: eb40ae41b658 ('x86/Kconfig: add option for default x2APIC destination mode')
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/genapic/x2apic.c
+++ b/xen/arch/x86/genapic/x2apic.c
@@ -231,8 +231,7 @@ const struct genapic *__init apic_x2apic
*/
x2apic_phys = iommu_intremap != iommu_intremap_full ||
(acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL) ||
- (IS_ENABLED(CONFIG_X2APIC_PHYSICAL) &&
- !(acpi_gbl_FADT.flags & ACPI_FADT_APIC_CLUSTER));
+ IS_ENABLED(CONFIG_X2APIC_PHYSICAL);
}
else if ( !x2apic_phys )
switch ( iommu_intremap )

View File

@ -1,103 +0,0 @@
# Commit 87f37449d586b4d407b75235bb0a171e018e25ec
# Date 2023-11-02 10:50:59 +0100
# Author Roger Pau Monné <roger.pau@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/i8259: do not assume interrupts always target CPU0
Sporadically we have seen the following during AP bringup on AMD platforms
only:
microcode: CPU59 updated from revision 0x830107a to 0x830107a, date = 2023-05-17
microcode: CPU60 updated from revision 0x830104d to 0x830107a, date = 2023-05-17
CPU60: No irq handler for vector 27 (IRQ -2147483648)
microcode: CPU61 updated from revision 0x830107a to 0x830107a, date = 2023-05-17
This is similar to the issue raised on Linux commit 36e9e1eab777e, where they
observed i8259 (active) vectors getting delivered to CPUs different than 0.
On AMD or Hygon platforms adjust the target CPU mask of i8259 interrupt
descriptors to contain all possible CPUs, so that APs will reserve the vector
at startup if any legacy IRQ is still delivered through the i8259. Note that
if the IO-APIC takes over those interrupt descriptors the CPU mask will be
reset.
Spurious i8259 interrupt vectors however (IRQ7 and IRQ15) can be injected even
when all i8259 pins are masked, and hence would need to be handled on all CPUs.
Continue to reserve PIC vectors on CPU0 only, but do check for such spurious
interrupts on all CPUs if the vendor is AMD or Hygon. Note that once the
vectors get used by devices detecting PIC spurious interrupts will no longer be
possible, however the device driver should be able to cope with spurious
interrupts. Such PIC spurious interrupts occurring when the vector is in use
by a local APIC routed source will lead to an extra EOI, which might
unintentionally clear a different vector from ISR. Note this is already the
current behavior, so assume it's infrequent enough to not cause real issues.
Finally, adjust the printed message to display the CPU where the spurious
interrupt has been received, so it looks like:
microcode: CPU1 updated from revision 0x830107a to 0x830107a, date = 2023-05-17
cpu1: spurious 8259A interrupt: IRQ7
microcode: CPU2 updated from revision 0x830104d to 0x830107a, date = 2023-05-17
Amends: 3fba06ba9f8b ('x86/IRQ: re-use legacy vector ranges on APs')
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/i8259.c
+++ b/xen/arch/x86/i8259.c
@@ -222,7 +222,8 @@ static bool _mask_and_ack_8259A_irq(unsi
is_real_irq = false;
/* Report spurious IRQ, once per IRQ line. */
if (!(spurious_irq_mask & irqmask)) {
- printk("spurious 8259A interrupt: IRQ%d.\n", irq);
+ printk("cpu%u: spurious 8259A interrupt: IRQ%u\n",
+ smp_processor_id(), irq);
spurious_irq_mask |= irqmask;
}
/*
@@ -349,7 +350,23 @@ void __init init_IRQ(void)
continue;
desc->handler = &i8259A_irq_type;
per_cpu(vector_irq, cpu)[LEGACY_VECTOR(irq)] = irq;
- cpumask_copy(desc->arch.cpu_mask, cpumask_of(cpu));
+
+ /*
+ * The interrupt affinity logic never targets interrupts to offline
+ * CPUs, hence it's safe to use cpumask_all here.
+ *
+ * Legacy PIC interrupts are only targeted to CPU0, but depending on
+ * the platform they can be distributed to any online CPU in hardware.
+ * Note this behavior has only been observed on AMD hardware. In order
+ * to cope install all active legacy vectors on all CPUs.
+ *
+ * IO-APIC will change the destination mask if/when taking ownership of
+ * the interrupt.
+ */
+ cpumask_copy(desc->arch.cpu_mask,
+ (boot_cpu_data.x86_vendor &
+ (X86_VENDOR_AMD | X86_VENDOR_HYGON) ? &cpumask_all
+ : cpumask_of(cpu)));
desc->arch.vector = LEGACY_VECTOR(irq);
}
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -1920,7 +1920,16 @@ void do_IRQ(struct cpu_user_regs *regs)
kind = "";
if ( !(vector >= FIRST_LEGACY_VECTOR &&
vector <= LAST_LEGACY_VECTOR &&
- !smp_processor_id() &&
+ (!smp_processor_id() ||
+ /*
+ * For AMD/Hygon do spurious PIC interrupt
+ * detection on all CPUs, as it has been observed
+ * that during unknown circumstances spurious PIC
+ * interrupts have been delivered to CPUs
+ * different than the BSP.
+ */
+ (boot_cpu_data.x86_vendor & (X86_VENDOR_AMD |
+ X86_VENDOR_HYGON))) &&
bogus_8259A_irq(vector - FIRST_LEGACY_VECTOR)) )
{
printk("CPU%u: No irq handler for vector %02x (IRQ %d%s)\n",

View File

@ -1,70 +0,0 @@
# Commit 4709ec82917668c2df958ef91b4f21c049c76bee
# Date 2023-11-20 10:49:29 +0100
# Author Juergen Gross <jgross@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
xen/sched: fix sched_move_domain()
When moving a domain out of a cpupool running with the credit2
scheduler and having multiple run-queues, the following ASSERT() can
be observed:
(XEN) Xen call trace:
(XEN) [<ffff82d04023a700>] R credit2.c#csched2_unit_remove+0xe3/0xe7
(XEN) [<ffff82d040246adb>] S sched_move_domain+0x2f3/0x5b1
(XEN) [<ffff82d040234cf7>] S cpupool.c#cpupool_move_domain_locked+0x1d/0x3b
(XEN) [<ffff82d040236025>] S cpupool_move_domain+0x24/0x35
(XEN) [<ffff82d040206513>] S domain_kill+0xa5/0x116
(XEN) [<ffff82d040232b12>] S do_domctl+0xe5f/0x1951
(XEN) [<ffff82d0402276ba>] S timer.c#timer_lock+0x69/0x143
(XEN) [<ffff82d0402dc71b>] S pv_hypercall+0x44e/0x4a9
(XEN) [<ffff82d0402012b7>] S lstar_enter+0x137/0x140
(XEN)
(XEN)
(XEN) ****************************************
(XEN) Panic on CPU 1:
(XEN) Assertion 'svc->rqd == c2rqd(sched_unit_master(unit))' failed at common/sched/credit2.c:1159
(XEN) ****************************************
This is happening as sched_move_domain() is setting a different cpu
for a scheduling unit without telling the scheduler. When this unit is
removed from the scheduler, the ASSERT() will trigger.
In non-debug builds the result is usually a clobbered pointer, leading
to another crash a short time later.
Fix that by swapping the two involved actions (setting another cpu and
removing the unit from the scheduler).
Link: https://github.com/Dasharo/dasharo-issues/issues/488
Fixes: 70fadc41635b ("xen/cpupool: support moving domain between cpupools with different granularity")
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: George Dunlap <george.dunlap@cloud.com>
--- a/xen/common/sched/core.c
+++ b/xen/common/sched/core.c
@@ -732,18 +732,20 @@ int sched_move_domain(struct domain *d,
old_domdata = d->sched_priv;
/*
- * Temporarily move all units to same processor to make locking
- * easier when moving the new units to the new processors.
+ * Remove all units from the old scheduler, and temporarily move them to
+ * the same processor to make locking easier when moving the new units to
+ * new processors.
*/
new_p = cpumask_first(d->cpupool->cpu_valid);
for_each_sched_unit ( d, unit )
{
- spinlock_t *lock = unit_schedule_lock_irq(unit);
+ spinlock_t *lock;
+ sched_remove_unit(old_ops, unit);
+
+ lock = unit_schedule_lock_irq(unit);
sched_set_res(unit, get_sched_res(new_p));
spin_unlock_irq(lock);
-
- sched_remove_unit(old_ops, unit);
}
old_units = d->sched_unit_list;

BIN
xen-4.18.0-testing-src.tar.bz2 (Stored with Git LFS)

Binary file not shown.

BIN
xen-4.18.2-testing-src.tar.bz2 (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,3 +1,102 @@
-------------------------------------------------------------------
Tue Apr 9 14:11:15 MDT 2024 - carnold@suse.com
- Update to Xen 4.18.2 security bug fix release (bsc#1027519)
xen-4.18.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
trigger Xen bug check (XSA-454)
- bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic
for BTC/SRSO mitigations (XSA-455)
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
History Injection (XSA-456)
- Dropped patch contained in new tarball
65f83951-x86-mm-use-block_lock_speculation-in.patch
-------------------------------------------------------------------
Mon Mar 25 15:30:00 CET 2024 - jbeulich@suse.com
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
Race Conditions (XSA-453)
65f83951-x86-mm-use-block_lock_speculation-in.patch
-------------------------------------------------------------------
Fri Mar 15 10:11:56 MDT 2024 - carnold@suse.com
- Update to Xen 4.18.1 bug fix release (bsc#1027519)
xen-4.18.1-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data
Sampling (XSA-452)
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
Race Conditions (XSA-453)
- Dropped patches included in new tarball
654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
655b2ba9-fix-sched_move_domain.patch
6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
656ee5e1-x86emul-avoid-triggering-event-assertions.patch
656ee602-cpupool-adding-offline-CPU.patch
656ee6c3-domain_create-error-path.patch
6571ca95-fix-sched_move_domain.patch
6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
xsa451.patch
-------------------------------------------------------------------
Tue Feb 13 09:35:57 MST 2024 - carnold@suse.com
- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
exceptions from emulation stubs (XSA-451)
xsa451.patch
-------------------------------------------------------------------
Wed Jan 31 13:40:00 CET 2024 - jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
656ee5e1-x86emul-avoid-triggering-event-assertions.patch
656ee602-cpupool-adding-offline-CPU.patch
656ee6c3-domain_create-error-path.patch
6571ca95-fix-sched_move_domain.patch
6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
assigned to incorrect contexts (XSA-449)
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
quarantine devices in !HVM builds (XSA-450)
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
- Patches dropped / replaced by newer upstream versions
xsa449.patch
xsa450.patch
-------------------------------------------------------------------
Tue Jan 23 08:52:25 MST 2024 - carnold@suse.com
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
quarantine devices in !HVM builds (XSA-450)
xsa450.patch
-------------------------------------------------------------------
Tue Jan 16 09:32:55 MST 2024 - carnold@suse.com
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
assigned to incorrect contexts (XSA-449)
xsa449.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Nov 21 13:22:23 MST 2023 - carnold@suse.com Tue Nov 21 13:22:23 MST 2023 - carnold@suse.com

View File

@ -1,7 +1,7 @@
# #
# spec file for package xen # spec file for package xen
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -28,7 +28,7 @@
Name: xen Name: xen
ExclusiveArch: %ix86 x86_64 aarch64 ExclusiveArch: %ix86 x86_64 aarch64
%define xen_build_dir xen-4.18.0-testing %define xen_build_dir xen-4.18.2-testing
# #
%define with_gdbsx 0 %define with_gdbsx 0
%define with_dom0_support 0 %define with_dom0_support 0
@ -119,12 +119,12 @@ BuildRequires: pesign-obs-integration
%endif %endif
Provides: installhint(reboot-needed) Provides: installhint(reboot-needed)
Version: 4.18.0_04 Version: 4.18.2_02
Release: 0 Release: 0
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License: GPL-2.0-only License: GPL-2.0-only
Group: System/Kernel Group: System/Kernel
Source0: xen-4.18.0-testing-src.tar.bz2 Source0: xen-4.18.2-testing-src.tar.bz2
Source1: stubdom.tar.bz2 Source1: stubdom.tar.bz2
Source2: mini-os.tar.bz2 Source2: mini-os.tar.bz2
Source9: xen.changes Source9: xen.changes
@ -154,9 +154,6 @@ Source10183: xen_maskcalc.py
# For xen-libs # For xen-libs
Source99: baselibs.conf Source99: baselibs.conf
# Upstream patches # Upstream patches
Patch1: 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
Patch2: 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
Patch3: 655b2ba9-fix-sched_move_domain.patch
# EMBARGOED security fixes # EMBARGOED security fixes
# libxc # libxc
Patch301: libxc-bitmap-long.patch Patch301: libxc-bitmap-long.patch

View File

@ -21,7 +21,7 @@ Keep going if the event type and shutdown reason remains the same.
--- a/tools/xl/Makefile --- a/tools/xl/Makefile
+++ b/tools/xl/Makefile +++ b/tools/xl/Makefile
@@ -26,6 +26,7 @@ XL_OBJS += xl_vmcontrol.o xl_saverestore @@ -25,6 +25,7 @@ XL_OBJS += xl_vmcontrol.o xl_saverestore
XL_OBJS += xl_vdispl.o xl_vsnd.o xl_vkb.o XL_OBJS += xl_vdispl.o xl_vsnd.o xl_vkb.o
$(XL_OBJS): CFLAGS += $(CFLAGS_libxentoollog) $(XL_OBJS): CFLAGS += $(CFLAGS_libxentoollog)
@ -29,7 +29,7 @@ Keep going if the event type and shutdown reason remains the same.
$(XL_OBJS): CFLAGS += $(CFLAGS_XL) $(XL_OBJS): CFLAGS += $(CFLAGS_XL)
$(XL_OBJS): CFLAGS += -include $(XEN_ROOT)/tools/config.h # libxl_json.h needs it. $(XL_OBJS): CFLAGS += -include $(XEN_ROOT)/tools/config.h # libxl_json.h needs it.
@@ -33,7 +34,7 @@ $(XL_OBJS): CFLAGS += -include $(XEN_ROO @@ -32,7 +33,7 @@ $(XL_OBJS): CFLAGS += -include $(XEN_ROO
all: xl all: xl
xl: $(XL_OBJS) xl: $(XL_OBJS)