Merge ~paelzer/ubuntu/+source/qemu:nvidia-dgx2-bionic into ubuntu/+source/qemu:ubuntu/devel

Proposed by Christian Ehrhardt  on 2018-06-12
Status: Work in progress
Proposed branch: ~paelzer/ubuntu/+source/qemu:nvidia-dgx2-bionic
Merge into: ubuntu/+source/qemu:ubuntu/devel
Diff against target: 114 lines (+92/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/series (+1/-0)
debian/patches/ubuntu/machine-type-hpb.patch (+84/-0)
Reviewer Review Type Date Requested Status
Canonical Server Team 2018-06-12 Pending
Canonical Server packageset reviewers 2018-06-12 Pending
Ubuntu Server Dev import team 2018-06-12 Pending
Review via email:
To post a comment you must log in.

Unmerged commits

507129a... by Christian Ehrhardt  on 2018-06-06

changelog: add -hpb machine type for host-phys-bits=true (LP: #1769053)

Signed-off-by: Christian Ehrhardt <email address hidden>

6ba8b5c... by Christian Ehrhardt  on 2018-06-06

  - d/p/ubuntu/machine-type-hpb.patch: add +hpb machine type
    for host-phys-bits=true (LP: #1769053)

Signed-off-by: Christian Ehrhardt <email address hidden>

0b6b14a... by Marc Deslauriers on 2018-05-22

Import patches-unapplied version 1:2.11+dfsg-1ubuntu10 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 829d5bf391807e34e644651716dfd075c3fdaba5

New changelog entries:
  * SECURITY UPDATE: Speculative Store Bypass
    - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
      CPUID feature bit in target/i386/cpu.*.
    - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
      'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
    - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
      MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
    - CVE-2018-3639

829d5bf... by Marc Deslauriers on 2018-05-16

Import patches-unapplied version 1:2.11+dfsg-1ubuntu9 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: ea3a32a786a6e4f640013759d7c6074dafeba9b1

New changelog entries:
  * SECURITY UPDATE: out-of-bounds access during migration via ps2
    - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
      in post_load routine in hw/input/ps2.c.
    - CVE-2017-16845
  * SECURITY UPDATE: arbitrary code execution via load_multiboot
    - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
      zero in hw/i386/multiboot.c.
    - CVE-2018-7550
  * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
    - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
    - CVE-2018-7858

ea3a32a... by Matthias Klose on 2018-05-03

Import patches-unapplied version 1:2.11+dfsg-1ubuntu8 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 335b32f0ddef839fa8dae3563c2d71c47d4eb346

New changelog entries:
  * No-change rebuild for ncurses soname changes.

335b32f... by Christian Ehrhardt  on 2018-04-11

Import patches-unapplied version 1:2.11+dfsg-1ubuntu7 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f3e429320ae650987f0e1a74eea68e78af38e483

New changelog entries:
  * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
    information (LP: #1762854).
  * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
    (LP: #1763468).

f3e4293... by Christian Ehrhardt  on 2018-04-04

Import patches-unapplied version 1:2.11+dfsg-1ubuntu6 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 97d58b76b71e9e6fc1906636e795df8ab94988cf

New changelog entries:
  * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
    The Kernel fixes are preferred and already committed to the kernel.
    Therefore remove the default disabling of the HTM feature (LP: #1761175)
  * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
    SSE/AVX/AVX512 cpu features (LP: #1739665)
  * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
    space+commpage continuous which avoids long startup times on
    qemu-user-static (LP: #1740219)
  * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
    convenience with all meltdown/spectre workarounds enabled by default.
    This is not the default type following upstream and x86 on that.
    (LP: #1761372).
  * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
    with pmem by backporting align and unarmed options (LP: #1704312).
  * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
    option to slirp's DHCP server (LP: #1762315)

97d58b7... by Christian Ehrhardt  on 2018-03-22

Import patches-unapplied version 1:2.11+dfsg-1ubuntu5 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: af03a5128d82c030e455287ec6985b6690e93f40

New changelog entries:
  * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
    accepted to be better long term maintainable (LP: #1753938)

af03a51... by Christian Ehrhardt  on 2018-03-05

Import patches-unapplied version 1:2.11+dfsg-1ubuntu4 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: b852525a6143901cc4131d7748ea14645e4665fc

New changelog entries:
  * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
    ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
  * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
    versions of glibc >=2.27 (LP: #1753826)

b852525... by Benjamin Drung <email address hidden> on 2018-03-02

Import patches-unapplied version 1:2.11+dfsg-1ubuntu3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9b43cd4339d50d8006d18976ca09342a2945aa0e

New changelog entries:
  * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
    Add domainname option and classless static routes support to the user
    networking's DHCP server

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index c5f3553..a39fbf6 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium
8+ * d/p/ubuntu/machine-type-hpb.patch: add +hpb machine type
9+ for host-phys-bits=true (LP: #1769053)
11+ -- Christian Ehrhardt <> Tue, 12 Jun 2018 09:01:00 +0200
13 qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium
15 * SECURITY UPDATE: Speculative Store Bypass
16diff --git a/debian/patches/series b/debian/patches/series
17index 02b853f..b43c1d8 100644
18--- a/debian/patches/series
19+++ b/debian/patches/series
20@@ -37,3 +37,4 @@ ubuntu/CVE-2018-7858.patch
21 ubuntu/CVE-2018-3639/0001-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch
22 ubuntu/CVE-2018-3639/0002-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch
23 ubuntu/CVE-2018-3639/0003-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch
25diff --git a/debian/patches/ubuntu/machine-type-hpb.patch b/debian/patches/ubuntu/machine-type-hpb.patch
26new file mode 100644
27index 0000000..2f85a27
28--- /dev/null
29+++ b/debian/patches/ubuntu/machine-type-hpb.patch
30@@ -0,0 +1,84 @@
31+Description: Add a +hpb Ubuntu specific machine type suffix
33+This works already fine on commandline, but Libvirt and other stacks above
34+have no exploitation yet. Using a machine type has the benefit of being already
35+controllable by most upper layer software like Libvirt (type= in os tag) but
36+even up to Openstack (nova.conf or per image metadata on hw_machine_type).
38+This is based on a discussion:
41+A a similar change is in CentOS/RH (there the default is switched, without
42+even a way to go back. But since this can cause issues e.g. when migrating
43+across hosts with different characteristics.
45+Further we wan't to avoid "machine type proliferation", so we certainly won't
46+add a type for every feature. But using a huge guest is more common and
47+otherwise not yet achievable.
49+This can be dropped when:
50+ - libvirt exposes phys-bits/host-phys-bits natively
51+ - at least the important stacks above exploit that config
52+As an alternative we might decide at some point to make it the default without
53+a way to switch back in following releases, but for now we don't want to do so.
55+Forwarded: no (downstream decision)
56+Author: Christian Ehrhardt <>
59+Last-Update: 2018-06-06
61+--- a/hw/i386/pc_piix.c
62++++ b/hw/i386/pc_piix.c
63+@@ -1181,6 +1181,15 @@ static void pc_bionic_machine_options(Ma
64+ DEFINE_I440FX_MACHINE(bionic, "pc-i440fx-bionic", NULL,
65+ pc_bionic_machine_options);
67++static void pc_bionic_hpb_machine_options(MachineClass *m)
69++ pc_i440fx_2_11_machine_options(m);
70++ m->desc = "Ubuntu 18.04 PC (i440FX + PIIX, +host-phys-bits=true, 1996)";
73++DEFINE_I440FX_MACHINE(bionic_hpb, "pc-i440fx-bionic+hpb", NULL,
74++ pc_bionic_hpb_machine_options);
76+ /*
77+ * Due to bug 1621042 we have to consider the broken old wily machine
78+ * type as valid xenial type to ensure older VMs that got created prio
79+--- a/hw/i386/pc_q35.c
80++++ b/hw/i386/pc_q35.c
81+@@ -432,3 +432,14 @@ static void pc_q35_bionic_machine_option
82+ }
83+ DEFINE_Q35_MACHINE(bionic, "pc-q35-bionic", NULL,
84+ pc_q35_bionic_machine_options);
86++static void pc_q35_bionic_hpb_machine_options(MachineClass *m)
88++ pc_q35_2_11_machine_options(m);
89++ m->desc = "Ubuntu 18.04 PC (Q35 + ICH9, +host-phys-bits=true, 2009)";
90++ /* The ubuntu alias and default is on the i440fx type */
91++ m->alias = NULL;
94++DEFINE_Q35_MACHINE(bionic_hpb, "pc-q35-bionic+hpb", NULL,
95++ pc_q35_bionic_hpb_machine_options);
96+--- a/include/hw/i386/pc.h
97++++ b/include/hw/i386/pc.h
98+@@ -1002,5 +1002,16 @@ bool e820_get_entry(int, uint32_t, uint6
99+ } \
100+ type_init(pc_machine_init_##suffix)
102++/* This switches the host-phys-bits property default to true which will
103++ * allow to run rather huge guests at the price of reduced migratability
104++ * between rather different hosts.
105++ */
106++#define PC_HOST_PHYS_BITS_TRUE \
107++ { \
108++ .driver = TYPE_X86_CPU,\
109++ .property = "host-phys-bits",\
110++ .value = "on",\
111++ },
113+ extern void igd_passthrough_isa_bridge_create(PCIBus *bus, uint16_t gpu_dev_id);
114+ #endif


People subscribed via source and target branches