Further stabilize qemu in Focal by updating to 4.2.1 stable release

Bug #1891877 reported by Christian Ehrhardt 
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
qemu (Ubuntu)
Undecided
Unassigned
Focal
Undecided
Unassigned

Bug Description

[Impact]

 * There are various issues that are fixed by the stable release of 4.2.1
   Most prominently a bunch of memory leaks that will help long running
   instances to not get into trouble later on

 * There are also a number of CVEs covered, but those got added in a
   bigger security update of 1:4.2-3ubuntu6.4 just before this upload, so
   they are not "new" in 4.2.1 anymore for Ubuntu users.

[Test Case]

 * Being a stabilization minor release there is no individual test to
   apply. Instead we will pass it through the full regression test suite
   and probably keep it some extra days in -proposed.

 * Openstack indirectly depends on this for bug 1891203, so I'll ask them
   if they can test this as well before we release it.

[Regression Potential]

 * Naturally with so many changes it is hard to pinpoint the location of
   potential regression. But the changes were those meant to be non-count-
   impacting-fixes meant for a stable release and got some testing by the
   community already.

[Other Info]

 * We will hold this longer in -proposed and do even more testing to make
   up for the remaining regression potential uncertainty
 * This is a continuation of bug 1867519 which contained such changes that
   were available prior to the focal release, but now upstream tagged
   those and some more as v4.2.1
 * This also fixes an issue in riscv emulation that was introduced in
   recent security release of 1%4.2-3ubuntu6.4 by adding
   https://git.qemu.org/?p=qemu.git;a=commit;h=70b78d4e71

---

Upstream has completed the 4.2.1 stable tag
  https://github.com/qemu/qemu/releases/tag/v4.2.1

Fixes are in groovy already via qemu 5.0

These are only non-feature backports, the majority this time being memleaks and bad accesses of some sort.

Some of the patches are already present in Ubuntu's 4.2 as of today.
But adding the others will serve the stability of our most recent LTS.

Related branches

CVE References

no longer affects: charm-nova-compute
description: updated
description: updated
Changed in qemu (Ubuntu):
status: New → Fix Released
Changed in qemu (Ubuntu Focal):
status: New → Triaged
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI these we have already applied before Focal release as part of bug 1867519:
#85df33073a
#a115daadf6
#da0948d13c
#52a02834e0
#2215837fe2
#a5f815514a
#ba6a94e64e
#0cfa46da8f
#77d9c84d9f
#2f4affb721
#0253531824
#7042922dd7
#98c74fe49a
#742195db17
#3fb2521040
#fa446ae444
#2a7569e751
#0319118bcf
#e49ae74a24
#ab7f6eaa5b
#382b9f09bd
#2dc540e40d
#e0ccde3887
#a0dc4d2495
#c44c4f7229
#8fc4aa4822
#f3ef98874e
#cd8ecfb19c
#b1b362aa8e
#e92b21ffc4
#8952da32c3
#3dd28c8ecc
#f127d16397
#8d151ab5c2

Also for bug 1859527
#def30090ad

Also for bug 1872945
#a6e44eee6c
#c1cad76dcd
#a6e44eee6c
#a918ea2ec3
#690e3004ae
#e727aa1a7b

Also for bug 1882774
#4a910e1f6a

Also for bug 1872107
#1343d33371

Also for bug 1835546
#580c08b326

Also former CVE fixes that are already applied:
#0c1d805360
#4e98c388d6
#01392ae31a
#862240852b
#69a6048e1e
#abf9ffa7b3
#4b34c6d724
#fb6a24fb1d

TL;DR 51 of 156 were already applied.

description: updated
Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello Christian, or anyone else affected,

Accepted qemu into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in qemu (Ubuntu Focal):
status: Triaged → Fix Committed
tags: added: verification-needed verification-needed-focal
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (qemu/1:4.2-3ubuntu6.5)

All autopkgtests for the newly accepted qemu (1:4.2-3ubuntu6.5) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

ubuntu-image/1.9+20.04ubuntu1 (amd64)
systemd/245.4-4ubuntu3.2 (amd64, armhf, s390x, ppc64el)
livecd-rootfs/2.664.4 (amd64, arm64, s390x, ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#qemu

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI: Regression tests started on the package in proposed

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The power machines were unavailable today, but worked fine on the same build off a PPA a week ago.
s390x and x86 I was able to test and the result looks good.

The results look good only missing 19 tests due to a proxy issue in the surrounding test environment - those tests worked fine on a retry then.

prep (x86_64) : Pass 20 F/S/N 0/0/0 - RC 0 (16 min 43576 lin)
migrate (x86_64) : Pass 288 F/S/N 0/0/0 - RC 0 (83 min 219071 lin)
cross (x86_64) : Pass 30 F/S/N 0/1/2 - RC 0 (59 min 53974 lin)
misc (x86_64) : Pass 48 F/S/N 0/0/0 - RC 999 (17 min 37626 lin)
+19 that worked on retry

prep (s390x) : Pass 20 F/S/N 0/0/0 - RC 0 (11 min 30019 lin)
migrate (s390x) : Pass 268 F/S/N 0/5/0 - RC 0 (66 min 160035 lin)
cross (s390x) : Pass 23 F/S/N 0/2/1 - RC 1 (54 min 48034 lin)
misc (s390x) : Pass 67 F/S/N 0/0/0 - RC 0 (32 min 31951 lin)

Setting verified tags.

P.S. We are also waiting on the focal portion of bug 1892358 to get the autopkgtest blocks out of the way as well, but we wanted to have it a bit longer in -proposed anyway so that should be ok.

tags: added: verification-done verification-done-focal
removed: verification-needed verification-needed-focal
Revision history for this message
Chris Halse Rogers (raof) wrote : Update Released

The verification of the Stable Release Update for qemu has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu - 1:4.2-3ubuntu6.5

---------------
qemu (1:4.2-3ubuntu6.5) focal; urgency=medium

  * further stabilize qemu by importing patches of qemu v4.2.1
    Fixes (LP: #1891203) and (LP: #1891877)
    - d/p/stable/lp-1891877-*
    - as part of the stabilization this also fixes an
      riscv emulation issue due to the CVE-2020-13754 fixes via
      d/p/ubuntu/hw-riscv-Allow-64-bit-access-to-SiFive-CLINT.patch
  * fix s390x SQXBR emulation (LP: #1883984)
    - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch
  * fix -no-reboot for s390x protvirt guests (LP: #1890154)
    - d/p/ubuntu/lp-1890154-s390x-protvirt-allow-to-IPL-secure-guests-with-*

 -- Christian Ehrhardt <email address hidden> Wed, 19 Aug 2020 13:40:49 +0200

Changed in qemu (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers