/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SMAP cause Linux HVM boot failure #2881

Closed
marmarek opened this Issue Jul 2, 2017 · 7 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.0
2 participants
@marmarek @qubesos-bot
@marmarek
Member

marmarek commented Jul 2, 2017

Qubes OS version (e.g., R3.2): R4.0

The effect is that QubesDB fails to start, qubesdb-daemon in dom0 try to connect, immediately fails and try to reconnect. When this happens, QubesDB socket in dom0 for given domain is not available and access to it from qubesd fails with:

qubesdb.DisconnectedError: QubesDB disconnected

or

qubesdb.Error: (2, 'No such file or directory')

At the same time, VM try to start, QubesDB startup time out (1m30s), then every service depending on information retrieved from QubesDB (including qubes-sysinit.service) fails too. Pretty much unusable VM.

More details in upstream report. The fix is already submitted upstream, but it will take time until the patch will be available in distribution kernel packages (especially Debian).

@marmarek marmarek added bug C: xen P: major labels Jul 2, 2017

@marmarek marmarek added this to the Release 4.0 milestone Jul 2, 2017

marmarek added a commit to marmarek/old-qubes-vmm-xen that referenced this issue Jul 2, 2017

@marmarek
libxl: add more cpuid flags handling 
The most important for us here is SMAP - unfortunately we need to not
expose it to guests, because of Linux kernel bug.

Fixes QubesOS/qubes-issues#2881
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
f11b8dc
@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 2, 2017

Automated announcement from builder-github

The package xen_4.8.1-3+deb8u1 has been pushed to the r4.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

qubesos-bot commented Jul 2, 2017

Automated announcement from builder-github

The package xen_4.8.1-3+deb8u1 has been pushed to the r4.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-jessie-cur-test label Jul 2, 2017

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jul 2, 2017

Closed

vmm-xen v4.8.1-3 (r4.0) #94

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 2, 2017

Automated announcement from builder-github

The package xen_4.8.1-3+deb9u1 has been pushed to the r4.0 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

qubesos-bot commented Jul 2, 2017

Automated announcement from builder-github

The package xen_4.8.1-3+deb9u1 has been pushed to the r4.0 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-stretch-cur-test label Jul 2, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 2, 2017

Automated announcement from builder-github

The package python2-xen-4.8.1-3.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

qubesos-bot commented Jul 2, 2017

Automated announcement from builder-github

The package python2-xen-4.8.1-3.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-dom0-cur-test label Jul 2, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 2, 2017

Automated announcement from builder-github

The package python2-xen-4.8.1-3.fc25 has been pushed to the r4.0 testing repository for the Fedora fc25 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

qubesos-bot commented Jul 2, 2017

Automated announcement from builder-github

The package python2-xen-4.8.1-3.fc25 has been pushed to the r4.0 testing repository for the Fedora fc25 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-fc25-cur-test label Jul 2, 2017

@marmarek marmarek closed this in marmarek/qubes-core-libvirt@47f1391 Jul 2, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 2, 2017

Automated announcement from builder-github

The package python2-xen-4.8.1-3.fc24 has been pushed to the r4.0 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

qubesos-bot commented Jul 2, 2017

Automated announcement from builder-github

The package python2-xen-4.8.1-3.fc24 has been pushed to the r4.0 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-fc24-cur-test label Jul 2, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 2, 2017

Automated announcement from builder-github

The package libvirt-3.3.0-2.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

qubesos-bot commented Jul 2, 2017

Automated announcement from builder-github

The package libvirt-3.3.0-2.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-dom0-cur-test label Jul 2, 2017

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jul 2, 2017

Closed

core-libvirt v3.3.0-2 (r4.0) #95

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Jul 4, 2017

@marmarek
Disable SMAP in VMs 
Linux kernel bug cause hypercall fails from HVM userspace (see
referenced issue). As a simple workaround, do not advertise SMAP to VMs
- but still use it as hypervisor level.

Fixes QubesOS/qubes-issues#2881
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
ca9e460

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Jul 4, 2017

@marmarek
Disable SMAP in VMs 
Linux kernel bug cause hypercall fails from HVM userspace (see
referenced issue). As a simple workaround, do not advertise SMAP to VMs
- but still use it as hypervisor level.

Fixes QubesOS/qubes-issues#2881
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
7560879
@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 4, 2017

Automated announcement from builder-github

The package qubes-core-dom0-4.0.1-1.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

qubesos-bot commented Jul 4, 2017

Automated announcement from builder-github

The package qubes-core-dom0-4.0.1-1.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-dom0-cur-test label Jul 4, 2017

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jul 4, 2017

Closed

core-admin v4.0.1 (r4.0) #100

@jpouellet jpouellet referenced this issue Jul 31, 2017

Open

Stop telling VMs the exact physical CPU model in the computer #1142

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment