[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
** Changed in: ubuntu-z-systems Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
This bug was fixed in the package qemu - 1:4.2-3ubuntu4 --- qemu (1:4.2-3ubuntu4) focal; urgency=medium * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546) * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64 to avoid broken nesting (LP: #1868692) -- Christian Ehrhardt Fri, 20 Mar 2020 08:02:16 +0100 ** Changed in: qemu (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
FYI - Added [1] to 4.2-3ubuntu4~ppa7 in PPA 3985 [1]: https://lists.nongnu.org/archive/html/qemu- devel/2020-03/msg07969.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
Add https://lists.nongnu.org/archive/html/qemu- devel/2020-03/msg07969.html I guess? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
** Changed in: qemu (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
To be clear, if you want to continue testing without the coming libvirt it is fine to just stay on 3985 and go on as-is. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
FYI For testing I have put this *also* into a different PPA => https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3986/ This shall help (me) to test it together with some intended libvirt changes. For now the qemu content in regard to s390x-protvirt is the same in the old 3985 and the new 3986 PPAs. That will help you to test "just" protvirt and not be influenced by the other incoming changes out of the 3985 PPA. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
Thanks for the extended testing! Ack that is the only change: $ git range-diff v4.2.0..cborntra/pv42_v11 v4.2.0..cborntra/pv42_v12 ... 13: 3c664ea0a6 = 13: 3c664ea0a6 vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM 14: 5081c651c9 = 14: 5081c651c9 Sync pv 15: db0a53ee22 ! 15: 295b91aa9d s390x: protvirt: Support unpack facility @@ hw/s390x/ipl.c: static void s390_ipl_prepare_qipl(S390CPU *cpu) + +cpu_physical_memory_read(ipib_pv->pv_header_addr, hdr, + ipib_pv->pv_header_len); -+rc = s390_pv_set_sec_parms((uint64_t)hdr, ++rc = s390_pv_set_sec_parms((uintptr_t)hdr, + ipib_pv->pv_header_len); +g_free(hdr); +return rc; 16: 617d3f7be6 = 16: cdfe6c35aa s390x: protvirt: Add migration blocker ... I integrated that into the PPA build (which does not include i386 btw as we mostly dropped that arch). => 4.2-3ubuntu4~ppa2 once PPA build is complete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
** Merge proposal linked: https://code.launchpad.net/~paelzer/ubuntu/+source/qemu/+git/qemu/+merge/381033 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
The attachment "focal_qemu_content.diff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
For completeness reasons (and the FFe at LP 1866866) please see the attached debdiff. But for better readability the following link is probably preferable: https://github.com/borntraeger/qemu/commits/pv42 ** Patch added: "focal_qemu_content.diff" https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+attachment/5339278/+files/focal_qemu_content.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
Hi, we will not take the following commit: commit 9da000ea0ae75fbdf14f6e7dc49ad324ba3fe190 Author: Christian Borntraeger Date: Thu Mar 19 07:02:20 2020 -0400 rebuild bios As a general Ubuntu (and Debian) policy implies that we build everything from source for serviceability (and to no get any dark secrets without knowing about them). I assume you did the code updates as well (I see e.g. pc-bios: s390x: Save iplb location in lowcore), so that the s390-ccw.img that is generated on build will fulfill your needs? Otherwise please also add the source-changes you need there to the backport. While adding that to the packaging I found that the following isn't needed since I did a bunch of backports for patches submitted at qemu-stable, therefore I don't need to add "ae150759a9 s390/sclp: improve special wait psw logic" again. In a similar fashion "3c664ea0a6 vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM" already was added before via bug 1847361. The rest looks reasonable, thanks for the link to a git branch! I have started a PPA build for your pre-verfication at: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3985/ Please let me know if anything further changes while waiting for this to be fully accepted upstream and also let me know if the testing uncovers anything unexpected. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
** Changed in: qemu (Ubuntu) Status: Incomplete => New ** Changed in: ubuntu-z-systems Status: Incomplete => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
For the time being I pushed a best effort inclusion of the patch in comment #6 as "qemu_4.2-3ubuntu2~ugly1" into the PPA that xnox already linked. => https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3970 I further hit and needed changes for: - ERROR: unknown option --disable-bluez ... ongoing ... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
This even brings in 5.0 types, moves around vl.c and all that - it isn't even good for a quick build on the PPA IMHO (Ack to comment #7). Really, don't think about the "package" too much just provide a stack of commits for 4.2, I'm fine if that is just a git branch on top of tag: v4.2.0 and will convert it to packaging changes then. The part for you is the arch-specific backporting onto 4.2 Let making it proper packaging changes then be my task. As is this isn't really usable - any chance to refresh it in a more consumable format? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
This is a very akward submission. Where is the git repository with backport? Ideally against the ubuntu's focal git source tree with all patches already applied (aka treat it just like a normal git repo) https://code.launchpad.net/~usd-import- team/ubuntu/+source/qemu/+git/qemu/+ref/applied/ubuntu/focal-devel -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
The QEMU review is still ongoing. As a stop-gap measure it would be great to have PPA with a preliminary build of QEMU (master level + patches). Attached is a full diff on top of 4.2. Since the attached patch obsoletes some of the debian/patches content, the following series file should suffice: pv-full.diff qboot-stop-using-inttypes.patch qboot-no-jump-tables.diff # ubuntu patches ubuntu/expose-vmx_qemu64cpu.patch ubuntu/enable-svm-by-default.patch ubuntu/define-ubuntu-machine-types.patch ubuntu/pre-bionic-256k-ipxe-efi-roms.patch ubuntu/lp-1857033-i386-Add-new-CPU-model-Cooperlake.patch It will be necessary to tweak the machine type and the CPU model patch. Further, I had to apply this change to debian/rules: --- orig/debian/rules 2020-02-12 09:21:56.0 -0500 +++ pv/debian/rules 2020-03-09 06:54:19.0 -0400 @@ -103,6 +101,9 @@ b/configure-stamp: configure dh_testdir + # Fix up permission + chmod +x scripts/kernel-doc + # system build rm -rf b/qemu; mkdir -p b/qemu cd b/qemu && \ ** Attachment added: "Full diff, needs to go to debian/patches" https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1835546/+attachment/5335786/+files/pv-full.diff.xz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1835546] Re: [20.04 FEAT] Base KVM setup for secure guests - qemu part
** Information type changed from Private to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835546 Title: [20.04 FEAT] Base KVM setup for secure guests - qemu part To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1835546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs