[SRF] Virt-QEMU: Add Sierra Forest CPU model for KVM guests

Target Kernel:
  8.2.0

Target Kernel:
    qemu-9.0.0

Target Kernel:
  9.0.0
Commit IDs:
  f3245d7fa3 target/i386: Add new CPU model SierraForest

Noble is still in development right now, which means we won't be able to do anything on it right now. I talked to Ricardo about making this a 0-day SRU. Given the archive instability right now, it's too early to tell whether the ability to SRU this change will be affected or not.

I'm also waiting for the upstream change to show up in the official git repository.

Hi Ricardo,

I've prepared a PPA with a candidate for this upload:

https://launchpad.net/~sergiodj/+archive/ubuntu/qemu

The package version is:

qemu_8.2.2+ds-0ubuntu2.1~ppa1

@sergiodj - did this make it into 0-day SRU?

Hello Bun,

No, not yet. I am still waiting on Ricard/the client (Intel, I believe) to confirm whether the package I've prepared works. I don't have the hardware to test it.

Thanks.

@sergiodj Here is the test report

On 24.04; with the qemu version:

$ qemu-system-x86_64 --version
QEMU emulator version 8.2.2 (Debian 1:8.2.2+ds-0ubuntu1)
Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project developers

When i create a VM with this cpu option: -cpu SierraForest
I got a failure:

qemu-system-x86_64: unable to find CPU model 'SierraForest'

I installed the test package from the PPA: https://launchpad.net/~sergiodj/+archive/ubuntu/qemu

$ sudo apt policy qemu-system-x86
qemu-system-x86:
  Installed: 1:8.2.2+ds-0ubuntu2.1~ppa1
  Candidate: 1:8.2.2+ds-0ubuntu2.1~ppa1
  Version table:
 *** 1:8.2.2+ds-0ubuntu2.1~ppa1 500
        500 https://ppa.launchpadcontent.net/sergiodj/qemu/ubuntu noble/main amd64 Packages
        100 /var/lib/dpkg/status
     1:8.2.2+ds-0ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages

And try to create the VM again, the VM boots successfully

Thank you for providing feedback, Hector.

I will work on SRUing this change to Noble. Meanwhile, I'd like to know if it's possible to make this bug public. It would make it easier to interact with the SRU team and perform the necessary verification.

Thanks.

@sergiodj - I've made it public.

On Monday, August 19 2024, Bun K. Tan wrote:

> @sergiodj - I've made it public.

Thank you!

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Hello,

As a preparation for the SRU, QEMU in Oracular needs to contain this same patch. You can find an Oracular QEMU package at the same PPA:

https://launchpad.net/~sergiodj/+archive/ubuntu/qemu

Could you please also give it a try?

Thanks.

I tested here and verified that the package works on Oracular.

This bug was fixed in the package qemu - 1:9.0.2+ds-4ubuntu3

---------------
qemu (1:9.0.2+ds-4ubuntu3) oracular; urgency=medium

  * d/p/u/lp2028964-add-support-sierra-forest.patch: Add support for
    Sierra Forest CPU model. (LP: #2028964, #2077361)

 -- Sergio Durigan Junior <email address hidden> Thu, 05 Sep 2024 18:50:57 -0400

sru information is missing, no test plan etc

Apologies, Timo. I meant to get to it on Monday, but I should have left a note here anyway. Either way, I've updated the bug and added the SRU description.

Hello Bun, or anyone else affected,

Accepted qemu into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/qemu/1:8.2.2+ds-0ubuntu1.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted qemu (1:8.2.2+ds-0ubuntu1.3) for noble have finished running.
The following regressions have been reported in tests triggered by the package:

cryptsetup/2:2.7.0-1ubuntu4.1 (ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/noble/update_excuses.html#qemu

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

This bug was fixed in the package qemu - 1:8.2.2+ds-0ubuntu1.4

---------------
qemu (1:8.2.2+ds-0ubuntu1.4) noble-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2024-4693-1.patch: virtio-pci: fix use of a
      released vector
    - debian/patches/CVE-2024-4693-2.patch: virtio-pci: Fix the use of
      an uninitialized irqfd
    - CVE-2024-4693
  * SECURITY UPDATE: heap buffer overflow
    - debian/patches/CVE-2024-7730.patch: add max size bounds check in
      input cb
    - CVE-2024-7730

 -- Bruce Cable <email address hidden> Tue, 22 Oct 2024 15:57:13 +1100