Enable/disable extra features on microvm variant
Bug #2045594 reported by
Sergio Durigan Junior
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qemu (Ubuntu) |
Fix Released
|
High
|
Sergio Durigan Junior |
Bug Description
Christian let me know that he thinks the following features should be enabled/disabled when building the microvm variant of our qemu:
- enable linux-aio (perf and scaling)
- enable numa (scalability)
- enable seccomp (security)
- enable virtfs (container style performance)
- enable coroutine_pool (performance)
- disabling vnc (attack vector that isn't needed, no microvm in virt-manager
This should be done on Noble.
Related branches
~sergiodj/ubuntu/+source/qemu:merge-8.2.1-ds-1-noble
- git-ubuntu bot: Approve
- Andreas Hasenack: Approve
- Canonical Server Reporter: Pending requested
-
Diff: 7377 lines (+6725/-13)14 files modifieddebian/changelog (+5260/-3)
debian/control (+79/-7)
debian/control-in (+28/-0)
debian/patches/series (+6/-0)
debian/patches/ubuntu/define-ubuntu-machine-types.patch (+1005/-0)
debian/patches/ubuntu/enable-svm-by-default.patch (+34/-0)
debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch (+64/-0)
debian/patches/ubuntu/qboot-Disable-LTO-for-ELF-binary-build-step.patch (+44/-0)
debian/qemu-block-extra.postinst (+59/-0)
debian/qemu-kvm-init (+89/-0)
debian/qemu-system-common.install (+1/-0)
debian/qemu-system-common.qemu-kvm.default (+8/-0)
debian/qemu-system-common.qemu-kvm.service (+16/-0)
debian/rules (+32/-3)
~sergiodj/ubuntu/+source/qemu:merge-8.2.0-ds-4-noble
- git-ubuntu bot: Approve
- Andreas Hasenack: Approve
- Canonical Server Reporter: Pending requested
-
Diff: 7203 lines (+6597/-11)14 files modifieddebian/changelog (+5204/-3)
debian/control (+54/-7)
debian/control-in (+3/-0)
debian/patches/series (+6/-0)
debian/patches/ubuntu/define-ubuntu-machine-types.patch (+1005/-0)
debian/patches/ubuntu/enable-svm-by-default.patch (+34/-0)
debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch (+64/-0)
debian/patches/ubuntu/qboot-Disable-LTO-for-ELF-binary-build-step.patch (+44/-0)
debian/qemu-block-extra.postinst (+59/-0)
debian/qemu-kvm-init (+89/-0)
debian/qemu-system-common.install (+1/-0)
debian/qemu-system-common.qemu-kvm.default (+8/-0)
debian/qemu-system-common.qemu-kvm.service (+16/-0)
debian/rules (+10/-1)
CVE References
tags: | added: server-todo |
Changed in qemu (Ubuntu): | |
status: | Triaged → In Progress |
To post a comment you must log in.
This bug was fixed in the package qemu - 1:8.2.1+ds-1ubuntu1
--------------- 1+ds-1ubuntu1) noble; urgency=medium
qemu (1:8.2.
* Merge with Debian unstable (LP: #2051883, #2049703). Remaining changes: system- common. qemu-kvm. service: systemd unit to call
qemu-kvm- init system- common. install: install helper script system- common. qemu-kvm. default: defaults for
/etc/default/ qemu-kvm define- ubuntu- machine- types.patch: define distro machine qemu-system- x86.NEWS enable- svm-by- default. patch: Enable nested svm by default pre-bionic- 256k-ipxe- efi-roms. patch: old machine types 256k-compat- efi-roms to be able to qemu-block- extra.postinst: enable mount unit on install/upgrade Disable- LTO-for- ELF-binary- build-step. patch: supplemental for drivers
qemu-block- supplemental package. Adjust dynamically-created
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-
- d/qemu-
- d/qemu-
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
(LP 1304107 1621042 1776189 1761372 1761372 1776189)
- d/p/ubuntu/
types containing release versioned machine attributes
- Add an info about -hpb machine type in debian/
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
- d/p/ubuntu/
reference 256k path
- d/control-in: depend on ipxe-qemu-
handle incoming migrations from former releases.
- Ease the use of module retention on upgrades (LP 1913421)
- debian/
- Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
+ d/p/u/qboot-
fix qboot FTBFS with LTO
- d/rules: Enable/disable extra features on microvm
variant. (LP #2045594)
- Move glusterfs storage driver to Universe in a new package
(LP #2045063):
+ d/control{,-in}: new package qemu-block-
we want in Universe
+ d/rules: we only want block-gluster.so in the new
maintainer scripts for qemu-block-extra and -supplemental.
qemu (1:8.2.1+ds-1) unstable; urgency=medium
* new upstream stable/bugfix release note-missing- module- pkg-name. diff: fixup
* remove all upstream-applied patches
* d/patches/
* replace fix for CVE-2023-6683 (A different fix from upstream)
* remove the mistakenly-added temp file in d/qemu-block-extra/
* d/.gitignore: refresh
qemu (1:8.2.0+ds-5) unstable; urgency=medium
* d/rules, d/run-qemu.mount: use dh_installsystemd to install run-qemu.mount avoid-crash- upon-request- when-clipboard- CVE-2023- 6683.patch s390x-Fix- LAE-setting- a-wrong- access- register. patch Fix-encoding- of-VRIc- VRSa-VRSc- insns.patch fix-iteration- over-global- VFIODevice- list.patch. ..
(Closes: #1060087)
* update hppa and seabios-hppa patch series
* ui-clipboard-
(Closes: #1060749, CVE-2023-6683)
* +target-
* +tcg-s390x-
fix chacha20 issue on s390x
* update hw-vfio-