Version in base suite: 4.17.3+10-g091466ba55-1~deb12u1 Version in overlay suite: 4.17.5+23-ga4e5191dc0-1 Base version: xen_4.17.5+23-ga4e5191dc0-1 Target version: xen_4.17.5+23-ga4e5191dc0-2 Base file: /srv/ftp-master.debian.org/ftp/pool/main/x/xen/xen_4.17.5+23-ga4e5191dc0-1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/x/xen/xen_4.17.5+23-ga4e5191dc0-2.dsc changelog | 9 + patches/0024-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch | 61 ++++++++++ patches/series | 1 salsa-ci.yml | 4 4 files changed, 75 insertions(+) diff -Nru xen-4.17.5+23-ga4e5191dc0/debian/changelog xen-4.17.5+23-ga4e5191dc0/debian/changelog --- xen-4.17.5+23-ga4e5191dc0/debian/changelog 2024-12-20 17:46:37.000000000 +0000 +++ xen-4.17.5+23-ga4e5191dc0/debian/changelog 2025-01-26 21:42:25.000000000 +0000 @@ -1,3 +1,12 @@ +xen (4.17.5+23-ga4e5191dc0-2) bookworm; urgency=medium + + * Ignore lintian error not relevant for bookworm in salsa-ci. + * Cherry-pick e6472d4668 (tools/xg: increase LZMA_BLOCK_SIZE for + uncompressing the kernel) to allow direct kernel boot with kernels >= + 6.12 (Closes: #1092495). + + -- Maximilian Engelhardt Sun, 26 Jan 2025 22:42:25 +0100 + xen (4.17.5+23-ga4e5191dc0-1) bookworm-security; urgency=medium * Update to new upstream version 4.17.5+23-ga4e5191dc0, which also contains diff -Nru xen-4.17.5+23-ga4e5191dc0/debian/patches/0024-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch xen-4.17.5+23-ga4e5191dc0/debian/patches/0024-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch --- xen-4.17.5+23-ga4e5191dc0/debian/patches/0024-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch 1970-01-01 00:00:00.000000000 +0000 +++ xen-4.17.5+23-ga4e5191dc0/debian/patches/0024-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch 2025-01-26 21:42:25.000000000 +0000 @@ -0,0 +1,61 @@ +From: =?utf-8?q?Marek_Marczykowski-G=C3=B3recki?= + +Date: Tue, 8 Oct 2024 23:32:23 +0200 +Subject: tools/xg: increase LZMA_BLOCK_SIZE for uncompressing the kernel +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Linux 6.12-rc2 fails to decompress with the current 128MiB, contrary to +the code comment. It results in a failure like this: + + domainbuilder: detail: xc_dom_kernel_file: filename="/var/lib/qubes/vm-kernels/6.12-rc2-1.1.fc37/vmlinuz" + domainbuilder: detail: xc_dom_malloc_filemap : 12104 kB + domainbuilder: detail: xc_dom_module_file: filename="/var/lib/qubes/vm-kernels/6.12-rc2-1.1.fc37/initramfs" + domainbuilder: detail: xc_dom_malloc_filemap : 7711 kB + domainbuilder: detail: xc_dom_boot_xen_init: ver 4.19, caps xen-3.0-x86_64 hvm-3.0-x86_32 hvm-3.0-x86_32p hvm-3.0-x86_64 + domainbuilder: detail: xc_dom_parse_image: called + domainbuilder: detail: xc_dom_find_loader: trying multiboot-binary loader ... + domainbuilder: detail: loader probe failed + domainbuilder: detail: xc_dom_find_loader: trying HVM-generic loader ... + domainbuilder: detail: loader probe failed + domainbuilder: detail: xc_dom_find_loader: trying Linux bzImage loader ... + domainbuilder: detail: _xc_try_lzma_decode: XZ decompression error: Memory usage limit reached + xc: error: panic: xg_dom_bzimageloader.c:761: xc_dom_probe_bzimage_kernel unable to XZ decompress kernel: Invalid kernel + domainbuilder: detail: loader probe failed + domainbuilder: detail: xc_dom_find_loader: trying ELF-generic loader ... + domainbuilder: detail: loader probe failed + xc: error: panic: xg_dom_core.c:689: xc_dom_find_loader: no loader found: Invalid kernel + libxl: error: libxl_dom.c:566:libxl__build_dom: xc_dom_parse_image failed + +The important part: XZ decompression error: Memory usage limit reached + +This looks to be related to the following change in Linux: +8653c909922743bceb4800e5cc26087208c9e0e6 ("xz: use 128 MiB dictionary and force single-threaded mode") + +Fix this by increasing the block size to 256MiB. And remove the +misleading comment (from lack of better ideas). + +Signed-off-by: Marek Marczykowski-Górecki +Reviewed-by: Roger Pau Monné +Acked-by: Anthony PERARD +Acked-by: Andrew Cooper +(cherry picked from commit e6472d46680ccd2b804ad73c19042a5811d036f0) +--- + tools/libs/guest/xg_dom_bzimageloader.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/tools/libs/guest/xg_dom_bzimageloader.c b/tools/libs/guest/xg_dom_bzimageloader.c +index 764ddbb..5acad5b 100644 +--- a/tools/libs/guest/xg_dom_bzimageloader.c ++++ b/tools/libs/guest/xg_dom_bzimageloader.c +@@ -272,8 +272,7 @@ static int _xc_try_lzma_decode( + return retval; + } + +-/* 128 Mb is the minimum size (half-way) documented to work for all inputs. */ +-#define LZMA_BLOCK_SIZE (128*1024*1024) ++#define LZMA_BLOCK_SIZE (256*1024*1024) + + static int xc_try_xz_decode( + struct xc_dom_image *dom, void **blob, size_t *size) diff -Nru xen-4.17.5+23-ga4e5191dc0/debian/patches/series xen-4.17.5+23-ga4e5191dc0/debian/patches/series --- xen-4.17.5+23-ga4e5191dc0/debian/patches/series 2024-12-20 17:46:37.000000000 +0000 +++ xen-4.17.5+23-ga4e5191dc0/debian/patches/series 2025-01-26 21:42:25.000000000 +0000 @@ -21,3 +21,4 @@ 0021-docs-set-date-to-SOURCE_DATE_EPOCH-if-available.patch 0022-give-meaningful-error-message-if-qemu-device-model-i.patch 0023-xen-arch-x86-make-objdump-output-user-locale-agnosti.patch +0024-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch diff -Nru xen-4.17.5+23-ga4e5191dc0/debian/salsa-ci.yml xen-4.17.5+23-ga4e5191dc0/debian/salsa-ci.yml --- xen-4.17.5+23-ga4e5191dc0/debian/salsa-ci.yml 2024-12-20 17:46:37.000000000 +0000 +++ xen-4.17.5+23-ga4e5191dc0/debian/salsa-ci.yml 2025-01-26 21:42:25.000000000 +0000 @@ -22,6 +22,10 @@ RELEASE: 'bookworm' + # This is fixed in sid with xen 4.19, but we will not change it in bookworm. + # As salsa-ci runs lintian from unstable, let's ignore it here. + SALSA_CI_LINTIAN_SUPPRESS_TAGS: 'missing-systemd-service-for-init.d-script' + # xen currently does not enable hardening when building the hypervisor so # disable blhc. SALSA_CI_DISABLE_BLHC: 1