Ubuntu
qemu package

Merge ~paelzer/ubuntu/+source/qemu:nvidia-dgx2-bionic into ubuntu/+source/qemu:ubuntu/devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/qemu
  3. nvidia-dgx2-bionic
  4. Merge into ubuntu/devel
Proposed by Christian Ehrhardt 
Status: Work in progress
Proposed branch: ~paelzer/ubuntu/+source/qemu:nvidia-dgx2-bionic
Merge into: ubuntu/+source/qemu:ubuntu/devel
Diff against target: 114 lines (+92/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/series (+1/-0)
debian/patches/ubuntu/machine-type-hpb.patch (+84/-0)
Reviewer Review Type Date Requested Status
Canonical Server Pending
Canonical Server packageset reviewers Pending
git-ubuntu developers Pending
Review via email: mp+347796@code.launchpad.net
To post a comment you must log in.

Unmerged commits

507129a... by Christian Ehrhardt 

changelog: add -hpb machine type for host-phys-bits=true (LP: #1769053)

Signed-off-by: Christian Ehrhardt <email address hidden>

6ba8b5c... by Christian Ehrhardt 

  - d/p/ubuntu/machine-type-hpb.patch: add +hpb machine type
    for host-phys-bits=true (LP: #1769053)

Signed-off-by: Christian Ehrhardt <email address hidden>

0b6b14a... by Marc Deslauriers

Import patches-unapplied version 1:2.11+dfsg-1ubuntu10 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 829d5bf391807e34e644651716dfd075c3fdaba5

New changelog entries:
  * SECURITY UPDATE: Speculative Store Bypass
    - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
      CPUID feature bit in target/i386/cpu.*.
    - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
      'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
    - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
      MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
      target/i386/machine.c.
    - CVE-2018-3639

829d5bf... by Marc Deslauriers

Import patches-unapplied version 1:2.11+dfsg-1ubuntu9 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: ea3a32a786a6e4f640013759d7c6074dafeba9b1

New changelog entries:
  * SECURITY UPDATE: out-of-bounds access during migration via ps2
    - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
      in post_load routine in hw/input/ps2.c.
    - CVE-2017-16845
  * SECURITY UPDATE: arbitrary code execution via load_multiboot
    - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
      zero in hw/i386/multiboot.c.
    - CVE-2018-7550
  * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
    - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
      hw/display/vga.c.
    - CVE-2018-7858

ea3a32a... by Matthias Klose

Import patches-unapplied version 1:2.11+dfsg-1ubuntu8 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 335b32f0ddef839fa8dae3563c2d71c47d4eb346

New changelog entries:
  * No-change rebuild for ncurses soname changes.

335b32f... by Christian Ehrhardt 

Import patches-unapplied version 1:2.11+dfsg-1ubuntu7 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f3e429320ae650987f0e1a74eea68e78af38e483

New changelog entries:
  * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
    information (LP: #1762854).
  * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
    (LP: #1763468).

f3e4293... by Christian Ehrhardt 

Import patches-unapplied version 1:2.11+dfsg-1ubuntu6 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 97d58b76b71e9e6fc1906636e795df8ab94988cf

New changelog entries:
  * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
    The Kernel fixes are preferred and already committed to the kernel.
    Therefore remove the default disabling of the HTM feature (LP: #1761175)
  * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
    SSE/AVX/AVX512 cpu features (LP: #1739665)
  * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
    space+commpage continuous which avoids long startup times on
    qemu-user-static (LP: #1740219)
  * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
    convenience with all meltdown/spectre workarounds enabled by default.
    This is not the default type following upstream and x86 on that.
    (LP: #1761372).
  * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
    with pmem by backporting align and unarmed options (LP: #1704312).
  * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
    option to slirp's DHCP server (LP: #1762315)

97d58b7... by Christian Ehrhardt 

Import patches-unapplied version 1:2.11+dfsg-1ubuntu5 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: af03a5128d82c030e455287ec6985b6690e93f40

New changelog entries:
  * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
    accepted to be better long term maintainable (LP: #1753938)

af03a51... by Christian Ehrhardt 

Import patches-unapplied version 1:2.11+dfsg-1ubuntu4 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: b852525a6143901cc4131d7748ea14645e4665fc

New changelog entries:
  * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
    ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
  * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
    versions of glibc >=2.27 (LP: #1753826)

b852525... by Benjamin Drung <email address hidden>

Import patches-unapplied version 1:2.11+dfsg-1ubuntu3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9b43cd4339d50d8006d18976ca09342a2945aa0e

New changelog entries:
  * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
    d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch:
    Add domainname option and classless static routes support to the user
    networking's DHCP server

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index c5f3553..a39fbf6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
1qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium
2
3 * d/p/ubuntu/machine-type-hpb.patch: add +hpb machine type
4 for host-phys-bits=true (LP: #1769053)
5
6 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 09:01:00 +0200
7
1qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium8qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium
29
3 * SECURITY UPDATE: Speculative Store Bypass10 * SECURITY UPDATE: Speculative Store Bypass
diff --git a/debian/patches/series b/debian/patches/series
index 02b853f..b43c1d8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -37,3 +37,4 @@ ubuntu/CVE-2018-7858.patch
37ubuntu/CVE-2018-3639/0001-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch37ubuntu/CVE-2018-3639/0001-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch
38ubuntu/CVE-2018-3639/0002-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch38ubuntu/CVE-2018-3639/0002-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch
39ubuntu/CVE-2018-3639/0003-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch39ubuntu/CVE-2018-3639/0003-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch
40ubuntu/machine-type-hpb.patch
diff --git a/debian/patches/ubuntu/machine-type-hpb.patch b/debian/patches/ubuntu/machine-type-hpb.patch
40new file mode 10064441new file mode 100644
index 0000000..2f85a27
--- /dev/null
+++ b/debian/patches/ubuntu/machine-type-hpb.patch
@@ -0,0 +1,84 @@
1Description: Add a +hpb Ubuntu specific machine type suffix
2
3This works already fine on commandline, but Libvirt and other stacks above
4have no exploitation yet. Using a machine type has the benefit of being already
5controllable by most upper layer software like Libvirt (type= in os tag) but
6even up to Openstack (nova.conf or per image metadata on hw_machine_type).
7
8This is based on a discussion:
9 https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1769053
10
11A a similar change is in CentOS/RH (there the default is switched, without
12even a way to go back. But since this can cause issues e.g. when migrating
13across hosts with different characteristics.
14
15Further we wan't to avoid "machine type proliferation", so we certainly won't
16add a type for every feature. But using a huge guest is more common and
17otherwise not yet achievable.
18
19This can be dropped when:
20 - libvirt exposes phys-bits/host-phys-bits natively
21 - at least the important stacks above exploit that config
22As an alternative we might decide at some point to make it the default without
23a way to switch back in following releases, but for now we don't want to do so.
24
25Forwarded: no (downstream decision)
26Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
27Origin: http://mirrors.ibiblio.org/ovirt/pub/ovirt-4.0/src/qemu-kvm-ev/kvm-target-i386-Enable-host-phys-bits-on-RHEL.patch
28Bug-Ubuntu: https://bugs.launchpad.net/bugs/1776189
29Last-Update: 2018-06-06
30
31--- a/hw/i386/pc_piix.c
32+++ b/hw/i386/pc_piix.c
33@@ -1181,6 +1181,15 @@ static void pc_bionic_machine_options(Ma
34 DEFINE_I440FX_MACHINE(bionic, "pc-i440fx-bionic", NULL,
35 pc_bionic_machine_options);
36
37+static void pc_bionic_hpb_machine_options(MachineClass *m)
38+{
39+ pc_i440fx_2_11_machine_options(m);
40+ m->desc = "Ubuntu 18.04 PC (i440FX + PIIX, +host-phys-bits=true, 1996)";
41+ SET_MACHINE_COMPAT(m, PC_HOST_PHYS_BITS_TRUE);
42+}
43+DEFINE_I440FX_MACHINE(bionic_hpb, "pc-i440fx-bionic+hpb", NULL,
44+ pc_bionic_hpb_machine_options);
45+
46 /*
47 * Due to bug 1621042 we have to consider the broken old wily machine
48 * type as valid xenial type to ensure older VMs that got created prio
49--- a/hw/i386/pc_q35.c
50+++ b/hw/i386/pc_q35.c
51@@ -432,3 +432,14 @@ static void pc_q35_bionic_machine_option
52 }
53 DEFINE_Q35_MACHINE(bionic, "pc-q35-bionic", NULL,
54 pc_q35_bionic_machine_options);
55+
56+static void pc_q35_bionic_hpb_machine_options(MachineClass *m)
57+{
58+ pc_q35_2_11_machine_options(m);
59+ m->desc = "Ubuntu 18.04 PC (Q35 + ICH9, +host-phys-bits=true, 2009)";
60+ /* The ubuntu alias and default is on the i440fx type */
61+ m->alias = NULL;
62+ SET_MACHINE_COMPAT(m, PC_HOST_PHYS_BITS_TRUE);
63+}
64+DEFINE_Q35_MACHINE(bionic_hpb, "pc-q35-bionic+hpb", NULL,
65+ pc_q35_bionic_hpb_machine_options);
66--- a/include/hw/i386/pc.h
67+++ b/include/hw/i386/pc.h
68@@ -1002,5 +1002,16 @@ bool e820_get_entry(int, uint32_t, uint6
69 } \
70 type_init(pc_machine_init_##suffix)
71
72+/* This switches the host-phys-bits property default to true which will
73+ * allow to run rather huge guests at the price of reduced migratability
74+ * between rather different hosts.
75+ */
76+#define PC_HOST_PHYS_BITS_TRUE \
77+ { \
78+ .driver = TYPE_X86_CPU,\
79+ .property = "host-phys-bits",\
80+ .value = "on",\
81+ },
82+
83 extern void igd_passthrough_isa_bridge_create(PCIBus *bus, uint16_t gpu_dev_id);
84 #endif

Subscribers

People subscribed via source and target branches