Package: release.debian.org Severity: normal Tags: bookworm User: release.debian.org@packages.debian.org Usertags: pu X-Debbugs-Cc: xen@packages.debian.org, hans@knorrie.org, maxi@daemonizer.de Control: affects -1 + src:xen [ Reason ] Linux 6.12 changed the way it xz compresses the kernel [1]. This broke direct kernel boot in bookworm xen for kernels 6.12 or newer. It only affects direct kernel boot (and thus pygrub), but not other kernel boot methods (like e.g. pvgrub). See also Debian Bug #1092495. [ Impact ] It's not possible to use direct kernel boot (and also pygrub) for xen vms with kernels 6.12 or newer. [ Tests ] I tested the fixed version on my test system and verified direct kernel boot works with again with a kernel 6.12 or newer. [ Risks ] The fix is very trivial, actually it's only one line increasing LZMA_BLOCK_SIZE. It's a cherry-pick from the upstream xen master branch. The same patch is also included in xen in unstable and testing. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Cherry pick upstream commit e6472d4668 (tools/xg: increase LZMA_BLOCK_SIZE for uncompressing the kernel) [2]. [ Other info ] There is an additional change to debian/salsa-ci.yml included, which adjusts the lintian pipeline for bookworm. This is a salsa-ci only change and does not affect the generated Debian packages. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8653c909922743bceb4800e5cc26087208c9e0e6 [2] https://gitlab.com/xen-project/xen/-/commit/e6472d46680ccd2b804ad73c19042a5811d036f0
diff -Nru xen-4.17.5+23-ga4e5191dc0/debian/changelog xen-4.17.5+23-ga4e5191dc0/debian/changelog --- xen-4.17.5+23-ga4e5191dc0/debian/changelog 2024-12-20 18:46:37.000000000 +0100 +++ xen-4.17.5+23-ga4e5191dc0/debian/changelog 2025-01-26 22:42:25.000000000 +0100 @@ -1,3 +1,12 @@ +xen (4.17.5+23-ga4e5191dc0-2) bookworm; urgency=medium + + * Ignore lintian error not relevant for bookworm in salsa-ci. + * Cherry-pick e6472d4668 (tools/xg: increase LZMA_BLOCK_SIZE for + uncompressing the kernel) to allow direct kernel boot with kernels >= + 6.12 (Closes: #1092495). + + -- Maximilian Engelhardt <maxi@daemonizer.de> Sun, 26 Jan 2025 22:42:25 +0100 + xen (4.17.5+23-ga4e5191dc0-1) bookworm-security; urgency=medium * Update to new upstream version 4.17.5+23-ga4e5191dc0, which also contains diff -Nru xen-4.17.5+23-ga4e5191dc0/debian/patches/0024-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch xen-4.17.5+23-ga4e5191dc0/debian/patches/0024-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch --- xen-4.17.5+23-ga4e5191dc0/debian/patches/0024-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch 1970-01-01 01:00:00.000000000 +0100 +++ xen-4.17.5+23-ga4e5191dc0/debian/patches/0024-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch 2025-01-26 22:42:25.000000000 +0100 @@ -0,0 +1,61 @@ +From: =?utf-8?q?Marek_Marczykowski-G=C3=B3recki?= + <marmarek@invisiblethingslab.com> +Date: Tue, 8 Oct 2024 23:32:23 +0200 +Subject: tools/xg: increase LZMA_BLOCK_SIZE for uncompressing the kernel +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Linux 6.12-rc2 fails to decompress with the current 128MiB, contrary to +the code comment. It results in a failure like this: + + domainbuilder: detail: xc_dom_kernel_file: filename="/var/lib/qubes/vm-kernels/6.12-rc2-1.1.fc37/vmlinuz" + domainbuilder: detail: xc_dom_malloc_filemap : 12104 kB + domainbuilder: detail: xc_dom_module_file: filename="/var/lib/qubes/vm-kernels/6.12-rc2-1.1.fc37/initramfs" + domainbuilder: detail: xc_dom_malloc_filemap : 7711 kB + domainbuilder: detail: xc_dom_boot_xen_init: ver 4.19, caps xen-3.0-x86_64 hvm-3.0-x86_32 hvm-3.0-x86_32p hvm-3.0-x86_64 + domainbuilder: detail: xc_dom_parse_image: called + domainbuilder: detail: xc_dom_find_loader: trying multiboot-binary loader ... + domainbuilder: detail: loader probe failed + domainbuilder: detail: xc_dom_find_loader: trying HVM-generic loader ... + domainbuilder: detail: loader probe failed + domainbuilder: detail: xc_dom_find_loader: trying Linux bzImage loader ... + domainbuilder: detail: _xc_try_lzma_decode: XZ decompression error: Memory usage limit reached + xc: error: panic: xg_dom_bzimageloader.c:761: xc_dom_probe_bzimage_kernel unable to XZ decompress kernel: Invalid kernel + domainbuilder: detail: loader probe failed + domainbuilder: detail: xc_dom_find_loader: trying ELF-generic loader ... + domainbuilder: detail: loader probe failed + xc: error: panic: xg_dom_core.c:689: xc_dom_find_loader: no loader found: Invalid kernel + libxl: error: libxl_dom.c:566:libxl__build_dom: xc_dom_parse_image failed + +The important part: XZ decompression error: Memory usage limit reached + +This looks to be related to the following change in Linux: +8653c909922743bceb4800e5cc26087208c9e0e6 ("xz: use 128 MiB dictionary and force single-threaded mode") + +Fix this by increasing the block size to 256MiB. And remove the +misleading comment (from lack of better ideas). + +Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> +Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> +Acked-by: Anthony PERARD <anthony.perard@vates.tech> +Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> +(cherry picked from commit e6472d46680ccd2b804ad73c19042a5811d036f0) +--- + tools/libs/guest/xg_dom_bzimageloader.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/tools/libs/guest/xg_dom_bzimageloader.c b/tools/libs/guest/xg_dom_bzimageloader.c +index 764ddbb..5acad5b 100644 +--- a/tools/libs/guest/xg_dom_bzimageloader.c ++++ b/tools/libs/guest/xg_dom_bzimageloader.c +@@ -272,8 +272,7 @@ static int _xc_try_lzma_decode( + return retval; + } + +-/* 128 Mb is the minimum size (half-way) documented to work for all inputs. */ +-#define LZMA_BLOCK_SIZE (128*1024*1024) ++#define LZMA_BLOCK_SIZE (256*1024*1024) + + static int xc_try_xz_decode( + struct xc_dom_image *dom, void **blob, size_t *size) diff -Nru xen-4.17.5+23-ga4e5191dc0/debian/patches/series xen-4.17.5+23-ga4e5191dc0/debian/patches/series --- xen-4.17.5+23-ga4e5191dc0/debian/patches/series 2024-12-20 18:46:37.000000000 +0100 +++ xen-4.17.5+23-ga4e5191dc0/debian/patches/series 2025-01-26 22:42:25.000000000 +0100 @@ -21,3 +21,4 @@ 0021-docs-set-date-to-SOURCE_DATE_EPOCH-if-available.patch 0022-give-meaningful-error-message-if-qemu-device-model-i.patch 0023-xen-arch-x86-make-objdump-output-user-locale-agnosti.patch +0024-tools-xg-increase-LZMA_BLOCK_SIZE-for-uncompressing-.patch diff -Nru xen-4.17.5+23-ga4e5191dc0/debian/salsa-ci.yml xen-4.17.5+23-ga4e5191dc0/debian/salsa-ci.yml --- xen-4.17.5+23-ga4e5191dc0/debian/salsa-ci.yml 2024-12-20 18:46:37.000000000 +0100 +++ xen-4.17.5+23-ga4e5191dc0/debian/salsa-ci.yml 2025-01-26 22:42:25.000000000 +0100 @@ -22,6 +22,10 @@ RELEASE: 'bookworm' + # This is fixed in sid with xen 4.19, but we will not change it in bookworm. + # As salsa-ci runs lintian from unstable, let's ignore it here. + SALSA_CI_LINTIAN_SUPPRESS_TAGS: 'missing-systemd-service-for-init.d-script' + # xen currently does not enable hardening when building the hypervisor so # disable blhc. SALSA_CI_DISABLE_BLHC: 1
Attachment:
signature.asc
Description: This is a digitally signed message part.