[Bug 1866866] Re: [FFe] Please accept patches for secure guest feature
Frank Heimes
1866866 at bugs.launchpad.net
Fri Mar 20 09:30:29 UTC 2020
For completeness reasons (and this current FFe) please see the attached debdiff.
But for better readability the following link is probably preferable: https://github.com/borntraeger/qemu/commits/pv42
The debdiff shows the difference between Ubuntu latest qemu 4.2 and pv42, EXCEPT (see LP 1835546/, comment #15):
- 9da000ea0a "rebuild bios" -- not picked
- ae150759a9 "s390/sclp: improve special wait psw logic" -- not needed
- 3c664ea0a6 "vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM" -- already in
With that, all patches/commits are s390x specific, except some header changes:
- 6807f46 "Sync pv"
** Patch added: "focal_qemu_content.diff"
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1866866/+attachment/5339279/+files/focal_qemu_content.diff
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1866866
Title:
[FFe] Please accept patches for secure guest feature
Status in Ubuntu on IBM z Systems:
New
Status in linux package in Ubuntu:
Confirmed
Status in qemu package in Ubuntu:
New
Status in s390-tools package in Ubuntu:
New
Bug description:
The secure guest feature (aka protvirt) affects multiple components (kernel, qemu and s390-tools - see below).
While dedicated tickets for the different components exist since quite a while, the code arrived late and/or discussion to get it upstream accepted took longer than expected.
(Even if we as of today didn't reached the kernel freeze, I'm already adding kernel to this FFe.)
Since this is a very important feature the current IBM Z and LinuxONE
family, it's requested to be included into focal, the next LTS
release, to become exploitable by long running systems.
The code is largely architecture specific.
No brand new packages or new upstream version are requested, only the cherry-pick of commits (or PR) - so far everything is 'cherry-pick'-able.
kernel:
The patch set for the kernel is huge (30+ commits), but has only one common code patch (two files).
The arch specific patches landed in between in linux-next, the arch specific one is expected to land there very soon (hours/days from now). The common-code patch ran through several hands and landed in between in Andrew Morton's mmots tree.
A pre-screening of the code was done by the kernel team and it looked acceptable.
(dedicated kernel ticket: https://bugs.launchpad.net/bugs/1835531)
qemu:
The entire code seems to be arch specific.
Again a pre-screening of the maintainer lead to the fact that it should be acceptable, too.
(dedicated qemu ticket: https://bugs.launchpad.net/bugs/1835546)
s390-tools:
The entire tool only exists for the s390x architecture.
Hence obviously everything is arch specific on that.
(dedicated s390-tools ticket: https://bugs.launchpad.net/bugs/1834534)
Currently work is going on to test this function end to end based on Ubuntu components (means based on our s390-tools, qemu and kernel [focal master-next] trees).
On top I applied the patches to the packages as well and did manual test buids.
With that a potential regression can be considered as low - and even
in case of a regression, it will affect s390x only.
The patches are being staged for this feature in:
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3970
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1866866/+subscriptions
More information about the foundations-bugs
mailing list