New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump to QEMU 5.2.0 #1349
Bump to QEMU 5.2.0 #1349
Conversation
This is just a initial work, I still have to decide some questions as you can see on the issue linked. Let me run the CI to see what happens. :) |
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @wainersm - I've left some comments and questions
The script split the QEMU and GCC version in major and minor versions then use those values on conditionals. This is error prone, so instead this change the script to use the bc program. Fixes: kata-containers#1349 Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
@devimc @jodh-intel guys, I just sent an updated version where I solely addressed your review. Thanks! |
The script split the QEMU and GCC version in major and minor versions then use those values on conditionals. This is error prone, so instead this change the script to use the bc program. Fixes: kata-containers#1349 Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
The script split the QEMU and GCC version in major and minor versions then use those values on conditionals. This is error prone, so instead this change the script to use the bc program. Fixes: kata-containers#1349 Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
The new version of this PR fixes the problem with use of "x.y.z" with |
The script split the QEMU and GCC version in major and minor versions then use those values on conditionals. This is error prone, so instead this change the script to use the bc program. Fixes: kata-containers#1349 Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @wainersm - one more nit 😅
We already have adopted QEMU 5.2.x in our own 1.x tree and this PR would be really helpful to us in terms of letting us move to 2.x. What is still left to do here? We're happy to test with it if this PR is mostly ready. |
Hi @skaegi , today I will send an updated version and I hope it will be the last for this PR. Then I will run the CI jobs. It would be nice if you could test on your use cases and report it here. Another thing that should be worked out is the metrics CI since we don't want that this update introduce regressions on the metrics. For that I will have to catch up with @jcvenegas @devimc . |
The scripts/configure-hypervisor.sh split the QEMU and GCC version in major and minor versions then use those values on shell conditionals to compare versions. This is error prone, so instead this change the script to use the `sort -V -C ` command for version comparisons. Fixes: kata-containers#1349 Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
/test-debian |
/test |
/test-ubuntu |
Hi @wainersm, can we add this patch please? It (re-)enables virtio-9p-ccw, required for 9p on s390x. |
Hi @Jakob-Naucke ,
The patch applies clearly on 5.2 but the build fails because the
|
The scripts/configure-hypervisor.sh split the QEMU and GCC version in major and minor versions then use those values on shell conditionals to compare versions. This is error prone, so instead this change the script to use the `sort -V -C ` command for version comparisons. Fixes: kata-containers#1349 Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
/test |
This change the version of QEMU used in the tests and CI. The scripts/configure-hypervisor.sh was changed so that: - Passing the `--enable-virtiofsd` flag - Do not compiling with -O3 to avoid the warning: Program python3 found: YES (/usr/bin/python3) ../meson.build:104: WARNING: Consider using the built-in optimization level instead of using "-O3". ../meson.build:108: WARNING: Consider using the built-in optimization level instead of using "-O3". The qemu.blacklist files was changed so that new and uneeded firmware files are removed from the final tarball. Except for qboot.rom which is new but kept, since it can be used with microvm machine type (in case we want to enable microvm in the future). The patches which are applied on QEMU sources: - 0001-virtiofsd-Allow-to-build-it-without-the-tools.patch (Build fix for Meson - allows passing `--disable-tools --enable-virtiofsd`) - 0002-virtiofsd-extract-lo_do_open-from-lo_open.patch 0003-virtiofsd-optionally-return-inode-pointer-from-lo_do.patch 0004-virtiofsd-prevent-opening-of-special-files-CVE-2020-.patch 0005-virtiofsd-Add-_llseek-to-the-seccomp-whitelist.patch 0006-virtiofsd-Add-restart_syscall-to-the-seccomp-whiteli.patch (Security fixes for virtiofsd) - 0007-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch (Performance improvement for 9p driver) - 0008-hw-s390x-fix-build-for-virtio-9p-ccw.patch (Build fix for virtio-9p-ccw machine type) Fixes: kata-containers#1238 Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
QEMU 5.2.0 needs ninja-build package installed on the build environment. The default-configs were copied to $QEMU_SRC/default-configs but that does take any effect, so instead it is now copied to $QEMU_SRC/default-configs/devices and the configs for i386 were updated. Also it had to change some arguments being passed to configure as Meson was failing due inconsistent paths: ./meson.build:1:0: ERROR: The value of the 'libdir' option is '/usr/lib/qemu' which must be a subdir of the prefix '/snap/kata-containers/current/usr'. Note that if you pass a relative path, it is assumed to be a subdir of prefix. Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
/test |
The jenkins-ci-ARM-ubuntu-18-04 build failed because it could not download muscl for arm. So nothing to so with this change. |
I addressed the concerns on latest version of this PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, thanks @wainersm!
I'd like to ask for @jcvenegas review here before having it merged.
One important note: This update will take effect for all architectures except for aarch64. According to versions.yaml, aarch64 has used QEMU 5.1 and I didn't change it. The reasons for not changing are:
I propose we merge this PR as is. If someone ask for aarch64 update then I can work on that but I will rely on the CI job for tests (so it should be working properly). |
/test-arm |
Actively reviewing -- will try to leave some feedback by end of day. I don't love having so many patches to carry. If at all feasible, we can push the upstream folks to create a stable release? |
@egernst ,
Same here. And today I was inquiring the community on QEMU' irc channel about the process of stable releases. As you can see on the sniped below (note: only removed messages of people join/quit the channel) the process is somewhat ad-hoc. We can for sure ask for a new release with the CVE we care about. Note that frequently people ask me "why not use the distro's QEMU?". I just sent an email to kata-dev because I don't know the rationale.
|
Thanks @wainersm -- let's wait for more feedback on ML, then post summary here for reference (I agree with Julio's feedback). |
This contain to fixes for the virtiofsd on snap: * removed the "-/usr/libexec" so that virtiofsd is copied to prime * The configuration.toml expects virtiofsd in /usr/libexec/kata-qemu so it should be passed "kata-qemu" to configure_hypervisor.sh script and it wil configure to install the executable onto the right directory. Fixes kata-containers#1238 Depends-on: github.com/kata-containers#1349 Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
This contain to fixes for the virtiofsd on snap: * removed the "-/usr/libexec" so that virtiofsd is copied to prime * The configuration.toml expects virtiofsd in /usr/libexec/kata-qemu so it should be passed "kata-qemu" to configure_hypervisor.sh script and it wil configure to install the executable onto the right directory. Fixes kata-containers#1238 Depends-on: github.com/kata-containers#1349 Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
This contain to fixes for the virtiofsd on snap: * removed the "-/usr/libexec" so that virtiofsd is copied to prime * The configuration.toml expects virtiofsd in /usr/libexec/kata-qemu so it should be passed "kata-qemu" to configure_hypervisor.sh script and it wil configure to install the executable onto the right directory. Fixes kata-containers#1238 Depends-on: github.com/kata-containers#1349 Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
This change the version of QEMU used in the tests and CI.
Not compiling with -O3 to avoid the warning:
Program python3 found: YES (/usr/bin/python3)
../meson.build:104: WARNING: Consider using the built-in optimization level instead of using "-O3".
../meson.build:108: WARNING: Consider using the built-in optimization level instead of using "-O3".
New and uneeded firmware files are removed, except for qboot.rom since it can be used with microvm
machine type.
Needs a patch which allows passing
--disable-tools --enable-virtiofsd
Fixes: #1238
Signed-off-by: Wainer dos Santos Moschetta wainersm@redhat.com