diff --git a/tools/packaging/qemu/patches/4.0.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch b/tools/packaging/qemu/patches/4.0.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch deleted file mode 100644 index a88866335..000000000 --- a/tools/packaging/qemu/patches/4.0.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 894a8ae5524fff4ad9d3551c515788c5650e1fc7 Mon Sep 17 00:00:00 2001 -From: Yang Zhong -Date: Wed, 28 Mar 2018 20:14:53 +0800 -Subject: [PATCH 1/2] 9p: removing coroutines of 9p to increase the I/O - performance - -This is a quick workaround, need to be fixed. - -Signed-off-by: Chao Peng ---- - hw/9pfs/9p.c | 12 +++++------- - hw/9pfs/9p.h | 6 +++--- - hw/9pfs/coth.h | 3 +++ - 3 files changed, 11 insertions(+), 10 deletions(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index 55821343e5..c5f089860d 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -690,10 +690,7 @@ static void coroutine_fn pdu_complete(V9fsPDU *pdu, ssize_t len) - out_notify: - pdu->s->transport->push_and_notify(pdu); - -- /* Now wakeup anybody waiting in flush for this request */ -- if (!qemu_co_queue_next(&pdu->complete)) { -- pdu_free(pdu); -- } -+ pdu_free(pdu); - } - - static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension) -@@ -3525,7 +3522,7 @@ static inline bool is_read_only_op(V9fsPDU *pdu) - - void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr) - { -- Coroutine *co; -+// Coroutine *co; - CoroutineEntry *handler; - V9fsState *s = pdu->s; - -@@ -3543,8 +3540,9 @@ void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr) - } - - qemu_co_queue_init(&pdu->complete); -- co = qemu_coroutine_create(handler, pdu); -- qemu_coroutine_enter(co); -+ handler(pdu); -+ //co = qemu_coroutine_create(handler, pdu); -+ //qemu_coroutine_enter(co); - } - - /* Returns 0 on success, 1 on failure. */ -diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h -index 8883761b2c..24aeba03f7 100644 ---- a/hw/9pfs/9p.h -+++ b/hw/9pfs/9p.h -@@ -320,21 +320,21 @@ extern int total_open_fd; - static inline void v9fs_path_write_lock(V9fsState *s) - { - if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) { -- qemu_co_rwlock_wrlock(&s->rename_lock); -+ // qemu_co_rwlock_wrlock(&s->rename_lock); - } - } - - static inline void v9fs_path_read_lock(V9fsState *s) - { - if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) { -- qemu_co_rwlock_rdlock(&s->rename_lock); -+ // qemu_co_rwlock_rdlock(&s->rename_lock); - } - } - - static inline void v9fs_path_unlock(V9fsState *s) - { - if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) { -- qemu_co_rwlock_unlock(&s->rename_lock); -+ // qemu_co_rwlock_unlock(&s->rename_lock); - } - } - -diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h -index 19e4d9287e..728a25865d 100644 ---- a/hw/9pfs/coth.h -+++ b/hw/9pfs/coth.h -@@ -47,6 +47,9 @@ - qemu_coroutine_yield(); \ - } while (0) - -+#undef v9fs_co_run_in_worker -+#define v9fs_co_run_in_worker(code_block) do {code_block} while(0); -+ - void co_run_in_worker_bh(void *); - int coroutine_fn v9fs_co_readlink(V9fsPDU *, V9fsPath *, V9fsString *); - int coroutine_fn v9fs_co_readdir(V9fsPDU *, V9fsFidState *, struct dirent **); --- -2.17.2 - diff --git a/tools/packaging/qemu/patches/4.0.x/0002-migration-allow-private-destination-ram-with-x-ignor.patch b/tools/packaging/qemu/patches/4.0.x/0002-migration-allow-private-destination-ram-with-x-ignor.patch deleted file mode 100644 index b664db246..000000000 --- a/tools/packaging/qemu/patches/4.0.x/0002-migration-allow-private-destination-ram-with-x-ignor.patch +++ /dev/null @@ -1,73 +0,0 @@ -From b17fbbe55cba95ad323b27c2f9f3e22eb6364d4b Mon Sep 17 00:00:00 2001 -From: Peng Tao -Date: Fri, 14 Jun 2019 14:35:13 +0800 -Subject: [PATCH] migration: allow private destination ram with x-ignore-shared - -By removing the share ram check, qemu is able to migrate -to private destination ram when x-ignore-shared capability -is on. Then we can create multiple destination VMs based -on the same source VM. - -This changes the x-ignore-shared migration capability to -work similar to Lai's original bypass-shared-memory -work(https://lists.gnu.org/archive/html/qemu-devel/2018-04/msg00003.html) -which enables kata containers (https://katacontainers.io) -to implement the VM templating feature. - -An example usage in kata containers(https://katacontainers.io): -1. Start the source VM: - qemu-system-x86 -m 2G \ - -object memory-backend-file,id=mem0,size=2G,share=on,mem-path=/tmpfs/template-memory \ - -numa node,memdev=mem0 -2. Stop the template VM, set migration x-ignore-shared capability, - migrate "exec:cat>/tmpfs/state", quit it -3. Start target VM: - qemu-system-x86 -m 2G \ - -object memory-backend-file,id=mem0,size=2G,share=off,mem-path=/tmpfs/template-memory \ - -numa node,memdev=mem0 \ - -incoming defer -4. connect to target VM qmp, set migration x-ignore-shared capability, -migrate_incoming "exec:cat /tmpfs/state" -5. create more target VMs repeating 3 and 4 - -Cc: Dr. David Alan Gilbert -Cc: Yury Kotov -Cc: Jiangshan Lai -Cc: Xu Wang -Signed-off-by: Peng Tao -Reviewed-by: Juan Quintela -Reviewed-by: Dr. David Alan Gilbert -Message-Id: <1560494113-1141-1-git-send-email-tao.peng@linux.alibaba.com> -Signed-off-by: Juan Quintela ---- - migration/ram.c | 7 ------- - 1 file changed, 7 deletions(-) - -diff --git a/migration/ram.c b/migration/ram.c -index 8a6ad61d3d..8622b4dc49 100644 ---- a/migration/ram.c -+++ b/migration/ram.c -@@ -3426,7 +3426,6 @@ static int ram_save_setup(QEMUFile *f, void *opaque) - } - if (migrate_ignore_shared()) { - qemu_put_be64(f, block->mr->addr); -- qemu_put_byte(f, ramblock_is_ignored(block) ? 1 : 0); - } - } - -@@ -4393,12 +4392,6 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id) - } - if (migrate_ignore_shared()) { - hwaddr addr = qemu_get_be64(f); -- bool ignored = qemu_get_byte(f); -- if (ignored != ramblock_is_ignored(block)) { -- error_report("RAM block %s should %s be migrated", -- id, ignored ? "" : "not"); -- ret = -EINVAL; -- } - if (ramblock_is_ignored(block) && - block->mr->addr != addr) { - error_report("Mismatched GPAs for block %s " --- -2.17.1 - diff --git a/tools/packaging/qemu/patches/4.0.x/0003-memory-backend-file-nvdimm-support-read-only-files-a.patch b/tools/packaging/qemu/patches/4.0.x/0003-memory-backend-file-nvdimm-support-read-only-files-a.patch deleted file mode 100644 index f44a525ca..000000000 --- a/tools/packaging/qemu/patches/4.0.x/0003-memory-backend-file-nvdimm-support-read-only-files-a.patch +++ /dev/null @@ -1,43 +0,0 @@ -From bf71d7d8e04e85517578c021804c77739f9fed72 Mon Sep 17 00:00:00 2001 -From: Julio Montes -Date: Mon, 8 Jul 2019 21:19:36 +0000 -Subject: [PATCH] memory-backend-file/nvdimm: support read-only files as - memory-backends - -Currently is not possible to use a file that is part of a read-only -filesystem as memory backend for nvdimm devices, even if this is not modified -in the guest. In order to improve the security of Virtual Machines that share -and do not modify the memory-backend-file, QEMU should support -read-only memory-backeds. - -Use case: -* Kata Containers use a memory-backed-file as read-only rootfs, and this - file is used to start all the virtual machines in the node. - It would be really bad if somehow a malicious container modified it. - -Signed-off-by: Julio Montes -Message-Id: <20190708211936.8037-1-julio.montes@intel.com> ---- - exec.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/exec.c b/exec.c -index 3e78de3b8f..a1b6f939fb 100644 ---- a/exec.c -+++ b/exec.c -@@ -1865,6 +1865,12 @@ static int file_ram_open(const char *path, - break; - } - g_free(filename); -+ } else if (errno == EROFS) { -+ fd = open(path, O_RDONLY); -+ if (fd >= 0) { -+ /* @path names an existing read-only file, use it */ -+ break; -+ } - } - if (errno != EEXIST && errno != EINTR) { - error_setg_errno(errp, errno, --- -2.17.2 - diff --git a/tools/packaging/qemu/patches/4.1.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch b/tools/packaging/qemu/patches/4.1.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch deleted file mode 100644 index 43464e17c..000000000 --- a/tools/packaging/qemu/patches/4.1.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 493163ca322c87860492328c7898064051321c67 Mon Sep 17 00:00:00 2001 -From: Yang Zhong -Date: Wed, 28 Mar 2018 20:14:53 +0800 -Subject: [PATCH 1/3] 9p: removing coroutines of 9p to increase the I/O - performance - -This is a quick workaround, need to be fixed. - -Signed-off-by: Chao Peng ---- - hw/9pfs/9p.c | 12 +++++------- - hw/9pfs/9p.h | 6 +++--- - hw/9pfs/coth.h | 3 +++ - 3 files changed, 11 insertions(+), 10 deletions(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index 55821343e5..c5f089860d 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -690,10 +690,7 @@ static void coroutine_fn pdu_complete(V9fsPDU *pdu, ssize_t len) - out_notify: - pdu->s->transport->push_and_notify(pdu); - -- /* Now wakeup anybody waiting in flush for this request */ -- if (!qemu_co_queue_next(&pdu->complete)) { -- pdu_free(pdu); -- } -+ pdu_free(pdu); - } - - static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension) -@@ -3525,7 +3522,7 @@ static inline bool is_read_only_op(V9fsPDU *pdu) - - void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr) - { -- Coroutine *co; -+// Coroutine *co; - CoroutineEntry *handler; - V9fsState *s = pdu->s; - -@@ -3543,8 +3540,9 @@ void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr) - } - - qemu_co_queue_init(&pdu->complete); -- co = qemu_coroutine_create(handler, pdu); -- qemu_coroutine_enter(co); -+ handler(pdu); -+ //co = qemu_coroutine_create(handler, pdu); -+ //qemu_coroutine_enter(co); - } - - /* Returns 0 on success, 1 on failure. */ -diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h -index 8883761b2c..24aeba03f7 100644 ---- a/hw/9pfs/9p.h -+++ b/hw/9pfs/9p.h -@@ -320,21 +320,21 @@ extern int total_open_fd; - static inline void v9fs_path_write_lock(V9fsState *s) - { - if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) { -- qemu_co_rwlock_wrlock(&s->rename_lock); -+ // qemu_co_rwlock_wrlock(&s->rename_lock); - } - } - - static inline void v9fs_path_read_lock(V9fsState *s) - { - if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) { -- qemu_co_rwlock_rdlock(&s->rename_lock); -+ // qemu_co_rwlock_rdlock(&s->rename_lock); - } - } - - static inline void v9fs_path_unlock(V9fsState *s) - { - if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) { -- qemu_co_rwlock_unlock(&s->rename_lock); -+ // qemu_co_rwlock_unlock(&s->rename_lock); - } - } - -diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h -index 19e4d9287e..728a25865d 100644 ---- a/hw/9pfs/coth.h -+++ b/hw/9pfs/coth.h -@@ -47,6 +47,9 @@ - qemu_coroutine_yield(); \ - } while (0) - -+#undef v9fs_co_run_in_worker -+#define v9fs_co_run_in_worker(code_block) do {code_block} while(0); -+ - void co_run_in_worker_bh(void *); - int coroutine_fn v9fs_co_readlink(V9fsPDU *, V9fsPath *, V9fsString *); - int coroutine_fn v9fs_co_readdir(V9fsPDU *, V9fsFidState *, struct dirent **); --- -2.17.2 - diff --git a/tools/packaging/qemu/patches/4.1.x/0002-memory-backend-file-nvdimm-support-read-only-files-a.patch b/tools/packaging/qemu/patches/4.1.x/0002-memory-backend-file-nvdimm-support-read-only-files-a.patch deleted file mode 100644 index 7f6830cbb..000000000 --- a/tools/packaging/qemu/patches/4.1.x/0002-memory-backend-file-nvdimm-support-read-only-files-a.patch +++ /dev/null @@ -1,45 +0,0 @@ -From f116c58ab18762b1fdf5b5908af8612bf933d159 Mon Sep 17 00:00:00 2001 -From: Julio Montes -Date: Mon, 8 Jul 2019 21:19:36 +0000 -Subject: [PATCH 2/3] memory-backend-file/nvdimm: support read-only files as - memory-backends - -Currently it is not possible to use a file that is part of a read-only -filesystem as memory backend for nvdimm devices, even if the file itself -is not modified in the guest. Same goes for files that do not have write access. -In order to improve the security of Virtual Machines that share -and do not modify the memory-backend-file, QEMU should support -read-only memory-backends. - -Use case: -* Kata Containers use a memory-backed-file as read-only rootfs, and this - file is used to start all the virtual machines in the node. - It would be really bad if somehow a malicious container modified it. - -Signed-off-by: Julio Montes -Signed-off-by: Archana Shinde -Message-Id: <20190708211936.8037-1-julio.montes@intel.com> ---- - exec.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/exec.c b/exec.c -index 3e78de3b8f..a1b6f939fb 100644 ---- a/exec.c -+++ b/exec.c -@@ -1865,6 +1865,12 @@ static int file_ram_open(const char *path, - break; - } - g_free(filename); -+ } else if (errno == EROFS || errno == EACCES) { -+ fd = open(path, O_RDONLY); -+ if (fd >= 0) { -+ /* @path names an existing read-only file, use it */ -+ break; -+ } - } - if (errno != EEXIST && errno != EINTR) { - error_setg_errno(errp, errno, --- -2.17.2 - diff --git a/tools/packaging/qemu/patches/4.1.x/0003-configure-more-resilient-Python-version-capture.patch b/tools/packaging/qemu/patches/4.1.x/0003-configure-more-resilient-Python-version-capture.patch deleted file mode 100644 index bf4736315..000000000 --- a/tools/packaging/qemu/patches/4.1.x/0003-configure-more-resilient-Python-version-capture.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 19ec1516315083bb609a6683271dc19adb464522 Mon Sep 17 00:00:00 2001 -From: Cleber Rosa -Date: Mon, 26 Aug 2019 11:58:32 -0400 -Subject: [PATCH 3/3] configure: more resilient Python version capture - -The current approach to capture the Python version is fragile, as it -was demonstrated by a very specific build of Python 3 on Fedora 29 -that, under non-interactive shells would print multiline version -information. - -The (badly) stripped version output would be sent to config-host.mak, -producing bad syntax and rendering the makefiles unusable. Now, the -Python versions is printed by configure, but only a simple (and better -controlled variable) indicating whether the build system is using -Python 2 is kept on config-host.mak. - -Signed-off-by: Cleber Rosa - -Message-Id: <20190826155832.17427-1-crosa@redhat.com> -Reviewed-by: Tony Nguyen ---- - configure | 5 +++-- - tests/Makefile.include | 2 +- - 2 files changed, 4 insertions(+), 3 deletions(-) - -diff --git a/configure b/configure -index 714e7fb6a1..0a6a617fa3 100755 ---- a/configure -+++ b/configure -@@ -1864,7 +1864,7 @@ if ! $python -c 'import sys; sys.exit(sys.version_info < (2,7))'; then - fi - - # Preserve python version since some functionality is dependent on it --python_version=$($python -V 2>&1 | sed -e 's/Python\ //') -+python_version=$($python -c 'import sys; print("%d.%d.%d" % (sys.version_info[0], sys.version_info[1], sys.version_info[2]))' 2>/dev/null) - - # Suppress writing compiled files - python="$python -B" -@@ -6514,6 +6514,7 @@ if ! $python -c 'import sys; sys.exit(sys.version_info < (3,0))'; then - echo - echo "warning: Python 2 support is deprecated" >&2 - echo "warning: Python 3 will be required for building future versions of QEMU" >&2 -+ python2="y" - fi - - config_host_mak="config-host.mak" -@@ -7333,7 +7334,7 @@ echo "INSTALL_DATA=$install -c -m 0644" >> $config_host_mak - echo "INSTALL_PROG=$install -c -m 0755" >> $config_host_mak - echo "INSTALL_LIB=$install -c -m 0644" >> $config_host_mak - echo "PYTHON=$python" >> $config_host_mak --echo "PYTHON_VERSION=$python_version" >> $config_host_mak -+echo "PYTHON2=$python2" >> $config_host_mak - echo "CC=$cc" >> $config_host_mak - if $iasl -h > /dev/null 2>&1; then - echo "IASL=$iasl" >> $config_host_mak -diff --git a/tests/Makefile.include b/tests/Makefile.include -index fd7fdb8658..fc67846431 100644 ---- a/tests/Makefile.include -+++ b/tests/Makefile.include -@@ -1132,7 +1132,7 @@ TESTS_RESULTS_DIR=$(BUILD_DIR)/tests/results - AVOCADO_SHOW=app - AVOCADO_TAGS=$(patsubst %-softmmu,-t arch:%, $(filter %-softmmu,$(TARGET_DIRS))) - --ifneq ($(findstring v2,"v$(PYTHON_VERSION)"),v2) -+ifneq ($(PYTHON2),y) - $(TESTS_VENV_DIR): $(TESTS_VENV_REQ) - $(call quiet-command, \ - $(PYTHON) -m venv --system-site-packages $@, \ --- -2.17.2 - diff --git a/tools/packaging/qemu/patches/4.2.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch b/tools/packaging/qemu/patches/4.2.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch deleted file mode 100644 index accb19c00..000000000 --- a/tools/packaging/qemu/patches/4.2.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 4400ea745b2a073186061a04dc07d90a8fb8a51f Mon Sep 17 00:00:00 2001 -From: Yang Zhong -Date: Wed, 28 Mar 2018 20:14:53 +0800 -Subject: [PATCH 1/2] 9p: removing coroutines of 9p to increase the I/O - performance - -This is a quick workaround, need to be fixed. - -Signed-off-by: Chao Peng ---- - hw/9pfs/9p.c | 12 +++++------- - hw/9pfs/9p.h | 6 +++--- - hw/9pfs/coth.h | 3 +++ - 3 files changed, 11 insertions(+), 10 deletions(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index 520177f40c..191c43e42d 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -1082,10 +1082,7 @@ static void coroutine_fn pdu_complete(V9fsPDU *pdu, ssize_t len) - out_notify: - pdu->s->transport->push_and_notify(pdu); - -- /* Now wakeup anybody waiting in flush for this request */ -- if (!qemu_co_queue_next(&pdu->complete)) { -- pdu_free(pdu); -- } -+ pdu_free(pdu); - } - - static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension) -@@ -3968,7 +3965,7 @@ static inline bool is_read_only_op(V9fsPDU *pdu) - - void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr) - { -- Coroutine *co; -+// Coroutine *co; - CoroutineEntry *handler; - V9fsState *s = pdu->s; - -@@ -3986,8 +3983,9 @@ void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr) - } - - qemu_co_queue_init(&pdu->complete); -- co = qemu_coroutine_create(handler, pdu); -- qemu_coroutine_enter(co); -+ handler(pdu); -+ //co = qemu_coroutine_create(handler, pdu); -+ //qemu_coroutine_enter(co); - } - - /* Returns 0 on success, 1 on failure. */ -diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h -index 3904f82901..30ecab2b2e 100644 ---- a/hw/9pfs/9p.h -+++ b/hw/9pfs/9p.h -@@ -380,21 +380,21 @@ extern int total_open_fd; - static inline void v9fs_path_write_lock(V9fsState *s) - { - if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) { -- qemu_co_rwlock_wrlock(&s->rename_lock); -+ // qemu_co_rwlock_wrlock(&s->rename_lock); - } - } - - static inline void v9fs_path_read_lock(V9fsState *s) - { - if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) { -- qemu_co_rwlock_rdlock(&s->rename_lock); -+ // qemu_co_rwlock_rdlock(&s->rename_lock); - } - } - - static inline void v9fs_path_unlock(V9fsState *s) - { - if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) { -- qemu_co_rwlock_unlock(&s->rename_lock); -+ // qemu_co_rwlock_unlock(&s->rename_lock); - } - } - -diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h -index c2cdc7a9ea..0fe971d1f5 100644 ---- a/hw/9pfs/coth.h -+++ b/hw/9pfs/coth.h -@@ -46,6 +46,9 @@ - qemu_coroutine_yield(); \ - } while (0) - -+#undef v9fs_co_run_in_worker -+#define v9fs_co_run_in_worker(code_block) do {code_block} while(0); -+ - void co_run_in_worker_bh(void *); - int coroutine_fn v9fs_co_readlink(V9fsPDU *, V9fsPath *, V9fsString *); - int coroutine_fn v9fs_co_readdir(V9fsPDU *, V9fsFidState *, struct dirent **); --- -2.21.0 - diff --git a/tools/packaging/qemu/patches/4.2.x/0002-memory-backend-file-nvdimm-support-read-only-files-a.patch b/tools/packaging/qemu/patches/4.2.x/0002-memory-backend-file-nvdimm-support-read-only-files-a.patch deleted file mode 100644 index 98139bdb7..000000000 --- a/tools/packaging/qemu/patches/4.2.x/0002-memory-backend-file-nvdimm-support-read-only-files-a.patch +++ /dev/null @@ -1,45 +0,0 @@ -From f06edce09ed88568a743c6aa36343081e35cca54 Mon Sep 17 00:00:00 2001 -From: Julio Montes -Date: Mon, 8 Jul 2019 21:19:36 +0000 -Subject: [PATCH 2/2] memory-backend-file/nvdimm: support read-only files as - memory-backends - -Currently it is not possible to use a file that is part of a read-only -filesystem as memory backend for nvdimm devices, even if the file itself -is not modified in the guest. Same goes for files that do not have write access. -In order to improve the security of Virtual Machines that share -and do not modify the memory-backend-file, QEMU should support -read-only memory-backends. - -Use case: -* Kata Containers use a memory-backed-file as read-only rootfs, and this - file is used to start all the virtual machines in the node. - It would be really bad if somehow a malicious container modified it. - -Signed-off-by: Julio Montes -Signed-off-by: Archana Shinde -Message-Id: <20190708211936.8037-1-julio.montes@intel.com> ---- - exec.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/exec.c b/exec.c -index ffdb518535..506a5af8c1 100644 ---- a/exec.c -+++ b/exec.c -@@ -1819,6 +1819,12 @@ static int file_ram_open(const char *path, - break; - } - g_free(filename); -+ } else if (errno == EROFS || errno == EACCES) { -+ fd = open(path, O_RDONLY); -+ if (fd >= 0) { -+ /* @path names an existing read-only file, use it */ -+ break; -+ } - } - if (errno != EEXIST && errno != EINTR) { - error_setg_errno(errp, errno, --- -2.21.0 - diff --git a/tools/packaging/scripts/configure-hypervisor.sh b/tools/packaging/scripts/configure-hypervisor.sh index c1df82e37..d2467c3f4 100755 --- a/tools/packaging/scripts/configure-hypervisor.sh +++ b/tools/packaging/scripts/configure-hypervisor.sh @@ -222,17 +222,11 @@ generate_qemu_options() { # Disabled options - if gt_eq "${qemu_version}" "5.0.0" ; then - # Disable sheepdog block driver support - qemu_options+=(size:--disable-sheepdog) + # Disable sheepdog block driver support + qemu_options+=(size:--disable-sheepdog) - # Disable block migration in the main migration stream - qemu_options+=(size:--disable-live-block-migration) - else - # Starting from QEMU 5.0, the bluetooth code has been removed without replacement. - # bluetooth support not required - qemu_options+=(size:--disable-bluez) - fi + # Disable block migration in the main migration stream + qemu_options+=(size:--disable-live-block-migration) # braille support not required qemu_options+=(size:--disable-brlapi) @@ -256,7 +250,7 @@ generate_qemu_options() { # Disable PAM authentication: it's a feature used together with VNC access # that's not used. See QEMU commit 8953caf for more details - gt_eq "${qemu_version}" "4.0.0" && qemu_options+=(size:--disable-auth-pam) + qemu_options+=(size:--disable-auth-pam) # Disable unused filesystem support [ "$arch" == x86_64 ] && qemu_options+=(size:--disable-fdt) @@ -265,11 +259,7 @@ generate_qemu_options() { qemu_options+=(size:--disable-libnfs) # Starting from QEMU 4.1, libssh replaces to libssh2 - if gt_eq "${qemu_version}" "4.1.0" ; then - qemu_options+=(size:--disable-libssh) - else - qemu_options+=(size:--disable-libssh2) - fi + qemu_options+=(size:--disable-libssh) # Disable unused compression support qemu_options+=(size:--disable-bzip2) @@ -294,12 +284,6 @@ generate_qemu_options() { s390x) qemu_options+=(size:--disable-tcg) ;; esac - # SECURITY: Don't build a static binary (lowers security) - # needed if qemu version is less than 2.7 - if ! gt_eq "${qemu_version}" "2.7.0" ; then - qemu_options+=(security:--disable-static) - fi - if [ "${static}" == "true" ]; then qemu_options+=(misc:--static) fi @@ -370,38 +354,33 @@ generate_qemu_options() { # Disable Capstone qemu_options+=(size:--disable-capstone) - if gt_eq "${qemu_version}" "3.0.0" ; then - # Disable graphics - qemu_options+=(size:--disable-virglrenderer) + # Disable graphics + qemu_options+=(size:--disable-virglrenderer) - # Due to qemu commit 3ebb9c4f52, we can't disable replication in v3.0 - if gt_eq "${qemu_version}" "3.1.0" ; then - # Disable block replication - qemu_options+=(size:--disable-replication) - fi + # Disable block replication + qemu_options+=(size:--disable-replication) - # Disable USB smart card reader - qemu_options+=(size:--disable-smartcard) + # Disable USB smart card reader + qemu_options+=(size:--disable-smartcard) - # Disable guest agent - qemu_options+=(size:--disable-guest-agent) - qemu_options+=(size:--disable-guest-agent-msi) + # Disable guest agent + qemu_options+=(size:--disable-guest-agent) + qemu_options+=(size:--disable-guest-agent-msi) - # unused image formats - qemu_options+=(size:--disable-vvfat) - qemu_options+=(size:--disable-vdi) - qemu_options+=(size:--disable-qed) - qemu_options+=(size:--disable-qcow1) - qemu_options+=(size:--disable-bochs) - qemu_options+=(size:--disable-cloop) - qemu_options+=(size:--disable-dmg) - qemu_options+=(size:--disable-parallels) + # unused image formats + qemu_options+=(size:--disable-vvfat) + qemu_options+=(size:--disable-vdi) + qemu_options+=(size:--disable-qed) + qemu_options+=(size:--disable-qcow1) + qemu_options+=(size:--disable-bochs) + qemu_options+=(size:--disable-cloop) + qemu_options+=(size:--disable-dmg) + qemu_options+=(size:--disable-parallels) - # vxhs was deprecated on QEMU 5.1 so it doesn't need to be - # explicitly disabled. - if ! gt_eq "${qemu_version}" "5.1.0" ; then - qemu_options+=(size:--disable-vxhs) - fi + # vxhs was deprecated on QEMU 5.1 so it doesn't need to be + # explicitly disabled. + if ! gt_eq "${qemu_version}" "5.1.0" ; then + qemu_options+=(size:--disable-vxhs) fi #--------------------------------------------------------------------- @@ -414,12 +393,6 @@ generate_qemu_options() { # Required for fast network access qemu_options+=(speed:--enable-vhost-net) - # Always strip binaries - # needed if qemu version is less than 2.7 - if ! gt_eq "${qemu_version}" "2.7.0" ; then - qemu_options+=(size:--enable-strip) - fi - # Support Ceph RADOS Block Device (RBD) [ -z "${static}" ] && qemu_options+=(functionality:--enable-rbd) @@ -433,25 +406,21 @@ generate_qemu_options() { qemu_options+=(functionality:--enable-cap-ng) qemu_options+=(functionality:--enable-seccomp) - if gt_eq "${qemu_version}" "3.1.0" ; then - # AVX2 is enabled by default by x86_64, make sure it's enabled only - # for that architecture - if [ "$arch" == x86_64 ]; then - qemu_options+=(speed:--enable-avx2) - if gt_eq "${qemu_version}" "5.0.0" ; then - qemu_options+=(speed:--enable-avx512f) - fi - # According to QEMU's nvdimm documentation: When 'pmem' is 'on' and QEMU is - # built with libpmem support, QEMU will take necessary operations to guarantee - # the persistence of its own writes to the vNVDIMM backend. - qemu_options+=(functionality:--enable-libpmem) - else - qemu_options+=(speed:--disable-avx2) - qemu_options+=(functionality:--disable-libpmem) - fi - # Enable libc malloc_trim() for memory optimization. - qemu_options+=(speed:--enable-malloc-trim) + # AVX2 is enabled by default by x86_64, make sure it's enabled only + # for that architecture + if [ "$arch" == x86_64 ]; then + qemu_options+=(speed:--enable-avx2) + qemu_options+=(speed:--enable-avx512f) + # According to QEMU's nvdimm documentation: When 'pmem' is 'on' and QEMU is + # built with libpmem support, QEMU will take necessary operations to guarantee + # the persistence of its own writes to the vNVDIMM backend. + qemu_options+=(functionality:--enable-libpmem) + else + qemu_options+=(speed:--disable-avx2) + qemu_options+=(functionality:--disable-libpmem) fi + # Enable libc malloc_trim() for memory optimization. + qemu_options+=(speed:--enable-malloc-trim) #--------------------------------------------------------------------- # Other options @@ -587,6 +556,10 @@ main() { [ -n "${qemu_version}" ] || die "cannot determine qemu version from file $qemu_version_file" + if ! gt_eq "${qemu_version}" "5.0.0" ; then + die "Kata requires QEMU >= 5.0.0" + fi + local gcc_version_major=$(gcc -dumpversion | cut -f1 -d.) [ -n "${gcc_version_major}" ] || die "cannot determine gcc major version, please ensure it is installed"