Mailing List Archive

On 27/03/2024 12:23 pm, Jan Beulich wrote:
> All,
>
> the release is due in two to three weeks. Please point out backports you find
> missing from the respective staging branch, but which you consider relevant.
>
> Note that this is going to be the last Xen Project coordinated ordinary stable
> release from this branch; the branch will move into security-only support mode
> afterwards.

1) livepatching of .rodata:

989556c6f8ca - xen/virtual-region: Rename the start/end fields
ef969144a425 - xen/virtual-region: Include rodata pointers
b083b1c393dc - x86/livepatch: Relax permissions on rodata too

And technically "x86/mm: fix detection of last L1 entry in
modify_xen_mappings_lite()" too but you've already backported this one.

Patching .rodata worked before Xen 4.17, and was broken (left as a TODO)
when I adjusted Xen to stop using CR0.WP=0 for patching.


2) Policy fixes:

e2d8a6522516 - x86/cpu-policy: Fix visibility of HTT/CMP_LEGACY in max
policies

This is a real bugfix for a real regression we found updating from Xen
4.13 -> 4.17.  It has a dependency on

5420aa165dfa - x86/cpu-policy: Hide x2APIC from PV guests

which I know you had more concern with.  FWIW, I'm certain its a good
fix, and should be backported.


3) Test fixes:

0263dc9069dd - tests/resource: Fix HVM guest in !SHADOW builds

It's minor, but does make a difference for those of us who run these
tests regularly.


4) Watchdog fixes:

9e18f339830c - x86/boot: Improve the boot watchdog determination of
stuck cpus
131892e0dcc1 - x86/boot: Support the watchdog on newer AMD systems

You took "x86/boot: Fix setup_apic_nmi_watchdog() to fail more cleanly"
and the first of the two patches is in the same category IMO.  The
second I also feel ok to take for the in-support releases, particularly
as all it is doing is dropping a family list.


5) Ucode scan stability  (For 4.18 only)

Xen 4.18 had "x86/ucode: Refresh raw CPU policy after microcode load" in
it's .0 release, so should also gain:

cf7fe8b72dea - x86/ucode: Fix stability of the raw CPU Policy rescan

I've only noticed because I've got them both backported to 4.17 in
XenServer, but I don't think upstream wants to take that route.

~Andrew

On 27/03/2024 12:33 pm, Andrew Cooper wrote:
> On 27/03/2024 12:23 pm, Jan Beulich wrote:
>> All,
>>
>> the release is due in two to three weeks. Please point out backports you find
>> missing from the respective staging branch, but which you consider relevant.
>>
>> Note that this is going to be the last Xen Project coordinated ordinary stable
>> release from this branch; the branch will move into security-only support mode
>> afterwards.
> 1) livepatching of .rodata:
>
> 989556c6f8ca - xen/virtual-region: Rename the start/end fields
> ef969144a425 - xen/virtual-region: Include rodata pointers
> b083b1c393dc - x86/livepatch: Relax permissions on rodata too
>
> And technically "x86/mm: fix detection of last L1 entry in
> modify_xen_mappings_lite()" too but you've already backported this one.
>
> Patching .rodata worked before Xen 4.17, and was broken (left as a TODO)
> when I adjusted Xen to stop using CR0.WP=0 for patching.
>
>
> 2) Policy fixes:
>
> e2d8a6522516 - x86/cpu-policy: Fix visibility of HTT/CMP_LEGACY in max
> policies
>
> This is a real bugfix for a real regression we found updating from Xen
> 4.13 -> 4.17.  It has a dependency on
>
> 5420aa165dfa - x86/cpu-policy: Hide x2APIC from PV guests
>
> which I know you had more concern with.  FWIW, I'm certain its a good
> fix, and should be backported.
>
>
> 3) Test fixes:
>
> 0263dc9069dd - tests/resource: Fix HVM guest in !SHADOW builds
>
> It's minor, but does make a difference for those of us who run these
> tests regularly.
>
>
> 4) Watchdog fixes:
>
> 9e18f339830c - x86/boot: Improve the boot watchdog determination of
> stuck cpus
> 131892e0dcc1 - x86/boot: Support the watchdog on newer AMD systems
>
> You took "x86/boot: Fix setup_apic_nmi_watchdog() to fail more cleanly"
> and the first of the two patches is in the same category IMO.  The
> second I also feel ok to take for the in-support releases, particularly
> as all it is doing is dropping a family list.
>
>
> 5) Ucode scan stability  (For 4.18 only)
>
> Xen 4.18 had "x86/ucode: Refresh raw CPU policy after microcode load" in
> it's .0 release, so should also gain:
>
> cf7fe8b72dea - x86/ucode: Fix stability of the raw CPU Policy rescan
>
> I've only noticed because I've got them both backported to 4.17 in
> XenServer, but I don't think upstream wants to take that route.

It occurs to me that these want considering:

b6cf604207fd - tools/oxenstored: Use Map instead of Hashtbl for quotas
098d868e52ac - tools/oxenstored: Make Quota.t pure

while 4.17 is still in general support.  These came from a performance
regression we investigated.

I've done the backport to 4.17 and they're not entirely trivial (owing
to the major source reformat in 4.18) so can commit them if you'd prefer.

~Andrew

On 27.03.2024 15:01, Andrew Cooper wrote:
> It occurs to me that these want considering:
>
> b6cf604207fd - tools/oxenstored: Use Map instead of Hashtbl for quotas
> 098d868e52ac - tools/oxenstored: Make Quota.t pure
>
> while 4.17 is still in general support.  These came from a performance
> regression we investigated.
>
> I've done the backport to 4.17 and they're not entirely trivial (owing
> to the major source reformat in 4.18) so can commit them if you'd prefer.

Didn't you bring these up for 4.18.1 already, and I said that I'd leave
this for the maintainers to decide? Same here, in any event. Cc-ing them
both, just in case.

Jan

On 27/03/2024 2:06 pm, Jan Beulich wrote:
> On 27.03.2024 15:01, Andrew Cooper wrote:
>> It occurs to me that these want considering:
>>
>> b6cf604207fd - tools/oxenstored: Use Map instead of Hashtbl for quotas
>> 098d868e52ac - tools/oxenstored: Make Quota.t pure
>>
>> while 4.17 is still in general support.  These came from a performance
>> regression we investigated.
>>
>> I've done the backport to 4.17 and they're not entirely trivial (owing
>> to the major source reformat in 4.18) so can commit them if you'd prefer.
> Didn't you bring these up for 4.18.1 already, and I said that I'd leave
> this for the maintainers to decide? Same here, in any event. Cc-ing them
> both, just in case.

I could have sworn that I remembered requested this before, but couldn't
remember where.

I'll see about poking people for an answer.

~Andrew

> On 27 Mar 2024, at 14:42, Andrew Cooper <andrew.cooper3@citrix.com> wrote:
>
> On 27/03/2024 2:06 pm, Jan Beulich wrote:
>> On 27.03.2024 15:01, Andrew Cooper wrote:
>>> It occurs to me that these want considering:
>>>
>>> b6cf604207fd - tools/oxenstored: Use Map instead of Hashtbl for quotas
>>> 098d868e52ac - tools/oxenstored: Make Quota.t pure
>>>
>>> while 4.17 is still in general support. These came from a performance
>>> regression we investigated.
>>>
>>> I've done the backport to 4.17 and they're not entirely trivial (owing
>>> to the major source reformat in 4.18) so can commit them if you'd prefer.
>> Didn't you bring these up for 4.18.1 already, and I said that I'd leave
>> this for the maintainers to decide? Same here, in any event. Cc-ing them
>> both, just in case.
>
> I could have sworn that I remembered requested this before, but couldn't
> remember where.
>
> I'll see about poking people for an answer.
>
> ~Andrew

I understand we have backport; so I support upstreaming it.

— C

On 27.03.2024 13:33, Andrew Cooper wrote:
> 1) livepatching of .rodata:
>
> 989556c6f8ca - xen/virtual-region: Rename the start/end fields
> ef969144a425 - xen/virtual-region: Include rodata pointers
> b083b1c393dc - x86/livepatch: Relax permissions on rodata too
>
> And technically "x86/mm: fix detection of last L1 entry in
> modify_xen_mappings_lite()" too but you've already backported this one.
>
> Patching .rodata worked before Xen 4.17, and was broken (left as a TODO)
> when I adjusted Xen to stop using CR0.WP=0 for patching.
>
>
> 2) Policy fixes:
>
> e2d8a6522516 - x86/cpu-policy: Fix visibility of HTT/CMP_LEGACY in max
> policies
>
> This is a real bugfix for a real regression we found updating from Xen
> 4.13 -> 4.17.  It has a dependency on
>
> 5420aa165dfa - x86/cpu-policy: Hide x2APIC from PV guests
>
> which I know you had more concern with.  FWIW, I'm certain its a good
> fix, and should be backported.
>
>
> 3) Test fixes:
>
> 0263dc9069dd - tests/resource: Fix HVM guest in !SHADOW builds
>
> It's minor, but does make a difference for those of us who run these
> tests regularly.
>
>
> 4) Watchdog fixes:
>
> 9e18f339830c - x86/boot: Improve the boot watchdog determination of
> stuck cpus
> 131892e0dcc1 - x86/boot: Support the watchdog on newer AMD systems
>
> You took "x86/boot: Fix setup_apic_nmi_watchdog() to fail more cleanly"
> and the first of the two patches is in the same category IMO.  The
> second I also feel ok to take for the in-support releases, particularly
> as all it is doing is dropping a family list.

I've pushed all of the above.

> 5) Ucode scan stability  (For 4.18 only)
>
> Xen 4.18 had "x86/ucode: Refresh raw CPU policy after microcode load" in
> it's .0 release, so should also gain:
>
> cf7fe8b72dea - x86/ucode: Fix stability of the raw CPU Policy rescan

This already is in 4.18.1, ...

> I've only noticed because I've got them both backported to 4.17 in
> XenServer, but I don't think upstream wants to take that route.

... while, as you suggest, not (and not intended to be) in 4.17.

Jan

On 02/04/2024 3:26 pm, Jan Beulich wrote:
> On 27.03.2024 13:33, Andrew Cooper wrote:
>> 1) livepatching of .rodata:
>>
>> 989556c6f8ca - xen/virtual-region: Rename the start/end fields
>> ef969144a425 - xen/virtual-region: Include rodata pointers
>> b083b1c393dc - x86/livepatch: Relax permissions on rodata too
>>
>> And technically "x86/mm: fix detection of last L1 entry in
>> modify_xen_mappings_lite()" too but you've already backported this one.
>>
>> Patching .rodata worked before Xen 4.17, and was broken (left as a TODO)
>> when I adjusted Xen to stop using CR0.WP=0 for patching.
>>
>>
>> 2) Policy fixes:
>>
>> e2d8a6522516 - x86/cpu-policy: Fix visibility of HTT/CMP_LEGACY in max
>> policies
>>
>> This is a real bugfix for a real regression we found updating from Xen
>> 4.13 -> 4.17.  It has a dependency on
>>
>> 5420aa165dfa - x86/cpu-policy: Hide x2APIC from PV guests
>>
>> which I know you had more concern with.  FWIW, I'm certain its a good
>> fix, and should be backported.
>>
>>
>> 3) Test fixes:
>>
>> 0263dc9069dd - tests/resource: Fix HVM guest in !SHADOW builds
>>
>> It's minor, but does make a difference for those of us who run these
>> tests regularly.
>>
>>
>> 4) Watchdog fixes:
>>
>> 9e18f339830c - x86/boot: Improve the boot watchdog determination of
>> stuck cpus
>> 131892e0dcc1 - x86/boot: Support the watchdog on newer AMD systems
>>
>> You took "x86/boot: Fix setup_apic_nmi_watchdog() to fail more cleanly"
>> and the first of the two patches is in the same category IMO.  The
>> second I also feel ok to take for the in-support releases, particularly
>> as all it is doing is dropping a family list.
> I've pushed all of the above.

Thanks.

>
>> 5) Ucode scan stability  (For 4.18 only)
>>
>> Xen 4.18 had "x86/ucode: Refresh raw CPU policy after microcode load" in
>> it's .0 release, so should also gain:
>>
>> cf7fe8b72dea - x86/ucode: Fix stability of the raw CPU Policy rescan
> This already is in 4.18.1, ...
>
>> I've only noticed because I've got them both backported to 4.17 in
>> XenServer, but I don't think upstream wants to take that route.
> ... while, as you suggest, not (and not intended to be) in 4.17.

Oh, so it is.  Although comparing my backport to what you put into 4.18,
you also want

930605f155cc - x86/ucode: Remove accidentally introduced tabs

which I apparently folded into my 4.17 backport.  I have a feeling I
noticed at the point of doing the backport.

~Andrew

On 03.04.2024 16:08, Andrew Cooper wrote:
> On 02/04/2024 3:26 pm, Jan Beulich wrote:
>> On 27.03.2024 13:33, Andrew Cooper wrote:
>>> 5) Ucode scan stability  (For 4.18 only)
>>>
>>> Xen 4.18 had "x86/ucode: Refresh raw CPU policy after microcode load" in
>>> it's .0 release, so should also gain:
>>>
>>> cf7fe8b72dea - x86/ucode: Fix stability of the raw CPU Policy rescan
>> This already is in 4.18.1, ...
>>
>>> I've only noticed because I've got them both backported to 4.17 in
>>> XenServer, but I don't think upstream wants to take that route.
>> ... while, as you suggest, not (and not intended to be) in 4.17.
>
> Oh, so it is.  Although comparing my backport to what you put into 4.18,
> you also want
>
> 930605f155cc - x86/ucode: Remove accidentally introduced tabs
>
> which I apparently folded into my 4.17 backport.  I have a feeling I
> noticed at the point of doing the backport.

Well, no, if need be that can be folded into a future backport touching
that area again.

Jan