CONFIG_KVM is disabled for linux-raspi2 (aarch64)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| linux-raspi2 (Ubuntu) |
Undecided
|
Unassigned | ||
| Eoan |
Undecided
|
Unassigned |
Bug Description
In contrast to the Linux kernel for x86_64, the CONFIG_KVM option is disabled for the "linux-raspi2" kernel (version 4.15.0-1016-raspi2 aarch64) on Ubuntu 18.04.
This prevents running QEMU with the -enable-kvm option to use hardware virtualization capabilities of the CPU.
I have recompiled the kernel with CONFIG_KVM set and could successfully run QEMU with -enable-kvm on my Raspberry Pi 3 B+ afterwards.
In my opinion, there is no reason for not activating CONFIG_KVM in the official raspi2 kernel.
CVE References
Changed in linux-raspi2 (Ubuntu): | |
assignee: | nobody → Dimitri John Ledkov (xnox) |
Oliver Grawert (ogra) wrote : | #2 |
enabling CONFIG_KVM instead of enabling KVM via the dtb overlay will hard-disable all video acceleration of the upstream proprietary driver of the pi and make it completely unusable for any kind of setup that uses any upstram acceleration features from the raspberry pi foundation (i.e. via /opt/vc4 libs).
the proper way to enable KVM support on any pi is to set:
dtoverlay=
in the config.txt file of the bootloader, the kernel is specifically set up for this via the included raspberry pi foundation patches.
this might be pointless on arm64 which is not supported at all upstream by the raspberry pi foundation (beyond offering completely unsupported 64bit binaries for for developer tinkering) and thus does not offer any video acceleration via the proprietary driver anyway on this architecture.
but enabling CONFIG_KVM hardcoded in the kernel config for armhf will be fatal, please make sure this does not happen so users can still use vc4 accelerated video playback by manipulating the upstream-documented dtoverlay values on armhf builds.
justmaybe (justmaybe) wrote : | #3 |
ogra: Hi, this doesn't work for ARM64... only enabling CONFIG_KVM does.
```ubuntu@ubuntu:/$ cat /boot/firmware/
#enable_uart=1
dtoverlay=
kernel=kernel8.bin
device_
dtparam=i2c_arm=on
dtparam=spi=on
dtparam=audio=on
arm_64bit=1
arm_freq=1100
arm_freq_min=400
gpu_mem=32
#gpu_freq=250
avoid_warnings=2
ubuntu@ubuntu:/$ ls /dev/k*
/dev/kmsg
ubuntu@ubuntu:/$```
Thanks,
Oliver Grawert (ogra) wrote : | #4 |
just as a followup ... better ignore my comment above ... KVM is indeed not KMS ... sorry for causing confusion here
Rohit Yadav (rohityadav) wrote : | #5 |
Just found this bug, I had added a similar bug ticket: https:/
Copy paste from above:
Using the official Ubuntu 19.10 arm64 image, http://
I'm able to compile the kernel manually with the options enabled in the kernel config (http://
Can the Ubuntu kernel team advise why KVM is not enabled in the kernel by default, and if this will change in future? Thanks.
Hui Wang (hui.wang) wrote : | #6 |
I built a testing kernel which enabled the KVM, please test it on rpi4/3 (arm64) and rpi4/3/2 (armhf) boards.
https:/
thx.
Rohit Yadav (rohityadav) wrote : | #7 |
Great, thanks @hui.wang. I'll test it in the evening and keep you posted.
Rohit Yadav (rohityadav) wrote : | #8 |
@hui.wang - I tested the compiled kernel on my RaspberryPi4 (4GB RAM model). Both KVM and external SSD/USB (in my case Samsung T5, 500GB external SSD) on the USB 3.0 port are working fine.
root@cloudstack
/dev/kvm
root@cloudstack
INFO: /dev/kvm exists
KVM acceleration can be used
Further description of how KVM was tested is here along with Apache CloudStack (an IaaS platform):
https:/
Tested using guest templates Debian 9 and Debian 10, both arm64 - http://
Tested/issues:
- Only scsi seems to be the working disk controller (ide is not supported, virtio may/may not work) - when testing with linux guests. Workaround: use scsi by default.
- Plugging in usb devices without an explicit controller added first, fails (on x86_64 systems, controller seems to be already added when usb devices like keyboard/mouse etc are added). Workaround: add a usb controller and then add the usb devices - keyboard, mouse, tablet.
I've attached some screenshots of a guest VM running on the RPi4 device using CloudStack.
Rohit Yadav (rohityadav) wrote : | #9 |
@hui.wang and the Ubuntu kernel team - kindly consider enabling KVM for arm64 Linux kernel in the raspberrypi preinstalled image in future. Thanks!
Hui Wang (hui.wang) wrote : | #10 |
Will enable the KVM in the kernel of the next release.
Changed in linux-raspi2 (Ubuntu): | |
assignee: | Dimitri John Ledkov (xnox) → nobody |
summary: |
- CONFIG_KVM is disabled for linux-raspi2 (aarch64) + CONFIG_KVM is disabled for linux-raspi2 (aarch64 and armhf) |
Changed in linux-raspi2 (Ubuntu Eoan): | |
status: | New → Fix Committed |
Hui Wang (hui.wang) wrote : | #11 |
For armhf (arm32) kernel, only CORTEX-A7 and CORTEXT-A15 support KVM, for Pi's cpu, they don't support KVM for armhf kernel.
summary: |
- CONFIG_KVM is disabled for linux-raspi2 (aarch64 and armhf) + CONFIG_KVM is disabled for linux-raspi2 (aarch64) |
Launchpad Janitor (janitor) wrote : | #12 |
This bug was fixed in the package linux-raspi2 - 5.3.0-1012.14
---------------
linux-raspi2 (5.3.0-1012.14) eoan; urgency=medium
[ Ubuntu: 5.3.0-22.24 ]
* [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
setting (LP: #1849682)
- Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."
* refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
- SAUCE: shiftfs: Correct id translation for lower fs operations
- SAUCE: shiftfs: prevent type confusion
- SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling
* CVE-2018-12207
- kvm: x86, powerpc: do not allow clearing largepages debugfs entry
- SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
active
- SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
- SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
- SAUCE: kvm: Add helper function for creating VM worker threads
- SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
- SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
- SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
* CVE-2019-11135
- x86/msr: Add the IA32_TSX_CTRL MSR
- x86/cpu: Add a helper function x86_read_
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
- x86/speculation
- x86/speculation
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
- x86/tsx: Add "auto" option to the tsx= cmdline parameter
- x86/speculation
- x86/tsx: Add config options to set tsx=on|off|auto
- [Config] Disable TSX by default when possible
* CVE-2019-0154
- SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
- SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
* CVE-2019-0155
- SAUCE: drm/i915: Rename gen7 cmdparser tables
- SAUCE: drm/i915: Disable Secure Batches for gen6+
- SAUCE: drm/i915: Remove Master tables from cmdparser
- SAUCE: drm/i915: Add support for mandatory cmdparsing
- SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
- SAUCE: drm/i915: Allow parsing of unsized batches
- SAUCE: drm/i915: Add gen9 BCS cmdparsing
- SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
- SAUCE: drm/i915/cmdparser: Add support for backward jumps
- SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching
-- Juerg Haefliger <email address hidden> Mon, 11 Nov 2019 08:19:54 +0100
Changed in linux-raspi2 (Ubuntu Eoan): | |
status: | Fix Committed → Fix Released |
Launchpad Janitor (janitor) wrote : | #13 |
This bug was fixed in the package linux-raspi2 - 5.3.0-1014.16
---------------
linux-raspi2 (5.3.0-1014.16) eoan; urgency=medium
* eoan/linux-raspi2: 5.3.0-1014.16 -proposed tracker (LP: #1854006)
* Need to disable CONFIG_DRM_V3D in the raspi2 eoan kernel (LP: #1853789)
- [config] raspi2: Revert "UBUNTU: [config] raspi2: CONFIG_DRM_V3D=m"
linux-raspi2 (5.3.0-1013.15) eoan; urgency=medium
* eoan/linux-raspi2: 5.3.0-1013.15 -proposed tracker (LP: #1852220)
* Eoan update: 5.3.9 upstream stable release (LP: #1851550)
- raspi2: [Config] Remove CONFIG_
CONFIG_
* Eoan update: v5.3.8 upstream stable release (LP: #1850456)
- raspi2: [Config] CAVIUM_
* IO errors when writing large amounts of data to USB storage in eoan on
RPI2/3 (armhf kernel) (LP: #1852510)
- SAUCE: dwc_otg: checking the urb->transfer_
* Incorrect raspi2 snapcraft.yaml file (LP: #1851469)
- [Packaging] raspi2: Fix snapcraft.yaml
* CONFIG_DRM_V3D is disabled for linux-raspi2 of eoan (LP: #1850876)
- [config] raspi2: CONFIG_DRM_V3D=m
[ Ubuntu: 5.3.0-24.26 ]
* eoan/linux: 5.3.0-24.26 -proposed tracker (LP: #1852232)
* Eoan update: 5.3.9 upstream stable release (LP: #1851550)
- io_uring: fix up O_NONBLOCK handling for sockets
- dm snapshot: introduce account_
- dm snapshot: rework COW throttling to fix deadlock
- Btrfs: fix inode cache block reserve leak on failure to allocate data space
- btrfs: qgroup: Always free PREALLOC META reserve in
btrfs_
- iio: adc: meson_saradc: Fix memory allocation order
- iio: fix center temperature of bmc150-accel-core
- libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
- perf tests: Avoid raising SEGV using an obvious NULL dereference
- perf map: Fix overlapped map handling
- perf script brstackinsn: Fix recovery from LBR/binary mismatch
- perf jevents: Fix period for Intel fixed counters
- perf tools: Propagate get_cpuid() error
- perf annotate: Propagate perf_env__arch() error
- perf annotate: Fix the signedness of failure returns
- perf annotate: Propagate the symbol__annotate() error return
- perf annotate: Fix arch specific ->init() failure errors
- perf annotate: Return appropriate error code for allocation failures
- perf annotate: Don't return -1 for error when doing BPF disassembly
- staging: rtl8188eu: fix null dereference when kzalloc fails
- RDMA/siw: Fix serialization issue in write_space()
- RDMA/hfi1: Prevent memory leak in sdma_init
- RDMA/iw_cxgb4: fix SRQ access from dump_qp()
- RDMA/iwcm: Fix a lock inversion issue
- HID: hyperv: Use in-place iterator API in the channel callback
- kselftest: exclude failed TARGETS from runlist
- selftests/
- nfs: Fix nfsi->nrequests count error on nfs_inode_
- arm64: cpufeature: Effectively expose FRINT capability to userspace
- arm64: Fix incorrect irqflag restore for priority masking fo...
Changed in linux-raspi2 (Ubuntu): | |
status: | Confirmed → Fix Released |
Status changed to 'Confirmed' because the bug affects multiple users.