On 27/03/2024 12:23 pm, Jan Beulich wrote: > All, > > the release is due in two to three weeks. Please point out backports you find > missing from the respective staging branch, but which you consider relevant. > > Note that this is going to be the last Xen Project coordinated ordinary stable > release from this branch; the branch will move into security-only support mode > afterwards.
1) livepatching of .rodata: 989556c6f8ca - xen/virtual-region: Rename the start/end fields ef969144a425 - xen/virtual-region: Include rodata pointers b083b1c393dc - x86/livepatch: Relax permissions on rodata too And technically "x86/mm: fix detection of last L1 entry in modify_xen_mappings_lite()" too but you've already backported this one. Patching .rodata worked before Xen 4.17, and was broken (left as a TODO) when I adjusted Xen to stop using CR0.WP=0 for patching. 2) Policy fixes: e2d8a6522516 - x86/cpu-policy: Fix visibility of HTT/CMP_LEGACY in max policies This is a real bugfix for a real regression we found updating from Xen 4.13 -> 4.17. It has a dependency on 5420aa165dfa - x86/cpu-policy: Hide x2APIC from PV guests which I know you had more concern with. FWIW, I'm certain its a good fix, and should be backported. 3) Test fixes: 0263dc9069dd - tests/resource: Fix HVM guest in !SHADOW builds It's minor, but does make a difference for those of us who run these tests regularly. 4) Watchdog fixes: 9e18f339830c - x86/boot: Improve the boot watchdog determination of stuck cpus 131892e0dcc1 - x86/boot: Support the watchdog on newer AMD systems You took "x86/boot: Fix setup_apic_nmi_watchdog() to fail more cleanly" and the first of the two patches is in the same category IMO. The second I also feel ok to take for the in-support releases, particularly as all it is doing is dropping a family list. 5) Ucode scan stability (For 4.18 only) Xen 4.18 had "x86/ucode: Refresh raw CPU policy after microcode load" in it's .0 release, so should also gain: cf7fe8b72dea - x86/ucode: Fix stability of the raw CPU Policy rescan I've only noticed because I've got them both backported to 4.17 in XenServer, but I don't think upstream wants to take that route. ~Andrew
