github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-05-02 13:44:33 +00:00
Code Issues Projects Releases Wiki Activity

packaging: Drop support for qemu < 5.0

Browse Source 
We only test qemu 5.2 in the CI (5.1 for ARM), and I believe we already
have some subtle dependencies that will stop things working on older qemu
versions.

We just updated govmm to a version that explicitly only works with qemu 5.0
and later, so we can drop stale checks for older qemu versions.  More
specifically that means we can drop patches for older qemu versions, and
remove checks for older qemu versions from configure-hypervisor.sh.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
David Gibson 2021-08-03 13:40:06 +10:00
parent d5f85698e1
commit 2e28b71473
9 changed files with 46 additions and 644 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
tools/packaging/qemu/patches/4.0.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch
View File

@ -1,98 +0,0 @@
From 894a8ae5524fff4ad9d3551c515788c5650e1fc7 Mon Sep 17 00:00:00 2001
From: Yang Zhong <yang.zhong@intel.com>
Date: Wed, 28 Mar 2018 20:14:53 +0800
Subject: [PATCH 1/2] 9p: removing coroutines of 9p to increase the I/O
performance
This is a quick workaround, need to be fixed.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
---
hw/9pfs/9p.c | 12 +++++-------
hw/9pfs/9p.h | 6 +++---
hw/9pfs/coth.h | 3 +++
3 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 55821343e5..c5f089860d 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -690,10 +690,7 @@ static void coroutine_fn pdu_complete(V9fsPDU *pdu, ssize_t len)
out_notify:
pdu->s->transport->push_and_notify(pdu);
- /* Now wakeup anybody waiting in flush for this request */
- if (!qemu_co_queue_next(&pdu->complete)) {
- pdu_free(pdu);
- }
+ pdu_free(pdu);
}
static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension)
@@ -3525,7 +3522,7 @@ static inline bool is_read_only_op(V9fsPDU *pdu)
void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
{
- Coroutine *co;
+// Coroutine *co;
CoroutineEntry *handler;
V9fsState *s = pdu->s;
@@ -3543,8 +3540,9 @@ void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
}
qemu_co_queue_init(&pdu->complete);
- co = qemu_coroutine_create(handler, pdu);
- qemu_coroutine_enter(co);
+ handler(pdu);
+ //co = qemu_coroutine_create(handler, pdu);
+ //qemu_coroutine_enter(co);
}
/* Returns 0 on success, 1 on failure. */
diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
index 8883761b2c..24aeba03f7 100644
--- a/hw/9pfs/9p.h
+++ b/hw/9pfs/9p.h
@@ -320,21 +320,21 @@ extern int total_open_fd;
static inline void v9fs_path_write_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_wrlock(&s->rename_lock);
+ // qemu_co_rwlock_wrlock(&s->rename_lock);
}
}
static inline void v9fs_path_read_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_rdlock(&s->rename_lock);
+ // qemu_co_rwlock_rdlock(&s->rename_lock);
}
}
static inline void v9fs_path_unlock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_unlock(&s->rename_lock);
+ // qemu_co_rwlock_unlock(&s->rename_lock);
}
}
diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h
index 19e4d9287e..728a25865d 100644
--- a/hw/9pfs/coth.h
+++ b/hw/9pfs/coth.h
@@ -47,6 +47,9 @@
qemu_coroutine_yield(); \
} while (0)
+#undef v9fs_co_run_in_worker
+#define v9fs_co_run_in_worker(code_block) do {code_block} while(0);
+
void co_run_in_worker_bh(void *);
int coroutine_fn v9fs_co_readlink(V9fsPDU *, V9fsPath *, V9fsString *);
int coroutine_fn v9fs_co_readdir(V9fsPDU *, V9fsFidState *, struct dirent **);
--
2.17.2

73
tools/packaging/qemu/patches/4.0.x/0002-migration-allow-private-destination-ram-with-x-ignor.patch
View File

@ -1,73 +0,0 @@
From b17fbbe55cba95ad323b27c2f9f3e22eb6364d4b Mon Sep 17 00:00:00 2001
From: Peng Tao <tao.peng@linux.alibaba.com>
Date: Fri, 14 Jun 2019 14:35:13 +0800
Subject: [PATCH] migration: allow private destination ram with x-ignore-shared
By removing the share ram check, qemu is able to migrate
to private destination ram when x-ignore-shared capability
is on. Then we can create multiple destination VMs based
on the same source VM.
This changes the x-ignore-shared migration capability to
work similar to Lai's original bypass-shared-memory
work(https://lists.gnu.org/archive/html/qemu-devel/2018-04/msg00003.html)
which enables kata containers (https://katacontainers.io)
to implement the VM templating feature.
An example usage in kata containers(https://katacontainers.io):
1. Start the source VM:
qemu-system-x86 -m 2G \
-object memory-backend-file,id=mem0,size=2G,share=on,mem-path=/tmpfs/template-memory \
-numa node,memdev=mem0
2. Stop the template VM, set migration x-ignore-shared capability,
migrate "exec:cat>/tmpfs/state", quit it
3. Start target VM:
qemu-system-x86 -m 2G \
-object memory-backend-file,id=mem0,size=2G,share=off,mem-path=/tmpfs/template-memory \
-numa node,memdev=mem0 \
-incoming defer
4. connect to target VM qmp, set migration x-ignore-shared capability,
migrate_incoming "exec:cat /tmpfs/state"
5. create more target VMs repeating 3 and 4
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: Yury Kotov <yury-kotov@yandex-team.ru>
Cc: Jiangshan Lai <laijs@hyper.sh>
Cc: Xu Wang <xu@hyper.sh>
Signed-off-by: Peng Tao <tao.peng@linux.alibaba.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <1560494113-1141-1-git-send-email-tao.peng@linux.alibaba.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
---
migration/ram.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/migration/ram.c b/migration/ram.c
index 8a6ad61d3d..8622b4dc49 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -3426,7 +3426,6 @@ static int ram_save_setup(QEMUFile *f, void *opaque)
}
if (migrate_ignore_shared()) {
qemu_put_be64(f, block->mr->addr);
- qemu_put_byte(f, ramblock_is_ignored(block) ? 1 : 0);
}
}
@@ -4393,12 +4392,6 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id)
}
if (migrate_ignore_shared()) {
hwaddr addr = qemu_get_be64(f);
- bool ignored = qemu_get_byte(f);
- if (ignored != ramblock_is_ignored(block)) {
- error_report("RAM block %s should %s be migrated",
- id, ignored ? "" : "not");
- ret = -EINVAL;
- }
if (ramblock_is_ignored(block) &&
block->mr->addr != addr) {
error_report("Mismatched GPAs for block %s "
--
2.17.1

43
tools/packaging/qemu/patches/4.0.x/0003-memory-backend-file-nvdimm-support-read-only-files-a.patch
View File

@ -1,43 +0,0 @@
From bf71d7d8e04e85517578c021804c77739f9fed72 Mon Sep 17 00:00:00 2001
From: Julio Montes <julio.montes@intel.com>
Date: Mon, 8 Jul 2019 21:19:36 +0000
Subject: [PATCH] memory-backend-file/nvdimm: support read-only files as
memory-backends
Currently is not possible to use a file that is part of a read-only
filesystem as memory backend for nvdimm devices, even if this is not modified
in the guest. In order to improve the security of Virtual Machines that share
and do not modify the memory-backend-file, QEMU should support
read-only memory-backeds.
Use case:
* Kata Containers use a memory-backed-file as read-only rootfs, and this
file is used to start all the virtual machines in the node.
It would be really bad if somehow a malicious container modified it.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Message-Id: <20190708211936.8037-1-julio.montes@intel.com>
---
exec.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/exec.c b/exec.c
index 3e78de3b8f..a1b6f939fb 100644
--- a/exec.c
+++ b/exec.c
@@ -1865,6 +1865,12 @@ static int file_ram_open(const char *path,
break;
}
g_free(filename);
+ } else if (errno == EROFS) {
+ fd = open(path, O_RDONLY);
+ if (fd >= 0) {
+ /* @path names an existing read-only file, use it */
+ break;
+ }
}
if (errno != EEXIST && errno != EINTR) {
error_setg_errno(errp, errno,
--
2.17.2

98
tools/packaging/qemu/patches/4.1.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch
View File

@ -1,98 +0,0 @@
From 493163ca322c87860492328c7898064051321c67 Mon Sep 17 00:00:00 2001
From: Yang Zhong <yang.zhong@intel.com>
Date: Wed, 28 Mar 2018 20:14:53 +0800
Subject: [PATCH 1/3] 9p: removing coroutines of 9p to increase the I/O
performance
This is a quick workaround, need to be fixed.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
---
hw/9pfs/9p.c | 12 +++++-------
hw/9pfs/9p.h | 6 +++---
hw/9pfs/coth.h | 3 +++
3 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 55821343e5..c5f089860d 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -690,10 +690,7 @@ static void coroutine_fn pdu_complete(V9fsPDU *pdu, ssize_t len)
out_notify:
pdu->s->transport->push_and_notify(pdu);
- /* Now wakeup anybody waiting in flush for this request */
- if (!qemu_co_queue_next(&pdu->complete)) {
- pdu_free(pdu);
- }
+ pdu_free(pdu);
}
static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension)
@@ -3525,7 +3522,7 @@ static inline bool is_read_only_op(V9fsPDU *pdu)
void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
{
- Coroutine *co;
+// Coroutine *co;
CoroutineEntry *handler;
V9fsState *s = pdu->s;
@@ -3543,8 +3540,9 @@ void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
}
qemu_co_queue_init(&pdu->complete);
- co = qemu_coroutine_create(handler, pdu);
- qemu_coroutine_enter(co);
+ handler(pdu);
+ //co = qemu_coroutine_create(handler, pdu);
+ //qemu_coroutine_enter(co);
}
/* Returns 0 on success, 1 on failure. */
diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
index 8883761b2c..24aeba03f7 100644
--- a/hw/9pfs/9p.h
+++ b/hw/9pfs/9p.h
@@ -320,21 +320,21 @@ extern int total_open_fd;
static inline void v9fs_path_write_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_wrlock(&s->rename_lock);
+ // qemu_co_rwlock_wrlock(&s->rename_lock);
}
}
static inline void v9fs_path_read_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_rdlock(&s->rename_lock);
+ // qemu_co_rwlock_rdlock(&s->rename_lock);
}
}
static inline void v9fs_path_unlock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_unlock(&s->rename_lock);
+ // qemu_co_rwlock_unlock(&s->rename_lock);
}
}
diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h
index 19e4d9287e..728a25865d 100644
--- a/hw/9pfs/coth.h
+++ b/hw/9pfs/coth.h
@@ -47,6 +47,9 @@
qemu_coroutine_yield(); \
} while (0)
+#undef v9fs_co_run_in_worker
+#define v9fs_co_run_in_worker(code_block) do {code_block} while(0);
+
void co_run_in_worker_bh(void *);
int coroutine_fn v9fs_co_readlink(V9fsPDU *, V9fsPath *, V9fsString *);
int coroutine_fn v9fs_co_readdir(V9fsPDU *, V9fsFidState *, struct dirent **);
--
2.17.2

45
tools/packaging/qemu/patches/4.1.x/0002-memory-backend-file-nvdimm-support-read-only-files-a.patch
View File

@ -1,45 +0,0 @@
From f116c58ab18762b1fdf5b5908af8612bf933d159 Mon Sep 17 00:00:00 2001
From: Julio Montes <julio.montes@intel.com>
Date: Mon, 8 Jul 2019 21:19:36 +0000
Subject: [PATCH 2/3] memory-backend-file/nvdimm: support read-only files as
memory-backends
Currently it is not possible to use a file that is part of a read-only
filesystem as memory backend for nvdimm devices, even if the file itself
is not modified in the guest. Same goes for files that do not have write access.
In order to improve the security of Virtual Machines that share
and do not modify the memory-backend-file, QEMU should support
read-only memory-backends.
Use case:
* Kata Containers use a memory-backed-file as read-only rootfs, and this
file is used to start all the virtual machines in the node.
It would be really bad if somehow a malicious container modified it.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Message-Id: <20190708211936.8037-1-julio.montes@intel.com>
---
exec.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/exec.c b/exec.c
index 3e78de3b8f..a1b6f939fb 100644
--- a/exec.c
+++ b/exec.c
@@ -1865,6 +1865,12 @@ static int file_ram_open(const char *path,
break;
}
g_free(filename);
+ } else if (errno == EROFS || errno == EACCES) {
+ fd = open(path, O_RDONLY);
+ if (fd >= 0) {
+ /* @path names an existing read-only file, use it */
+ break;
+ }
}
if (errno != EEXIST && errno != EINTR) {
error_setg_errno(errp, errno,
--
2.17.2

71
tools/packaging/qemu/patches/4.1.x/0003-configure-more-resilient-Python-version-capture.patch
View File

@ -1,71 +0,0 @@
From 19ec1516315083bb609a6683271dc19adb464522 Mon Sep 17 00:00:00 2001
From: Cleber Rosa <crosa@redhat.com>
Date: Mon, 26 Aug 2019 11:58:32 -0400
Subject: [PATCH 3/3] configure: more resilient Python version capture
The current approach to capture the Python version is fragile, as it
was demonstrated by a very specific build of Python 3 on Fedora 29
that, under non-interactive shells would print multiline version
information.
The (badly) stripped version output would be sent to config-host.mak,
producing bad syntax and rendering the makefiles unusable. Now, the
Python versions is printed by configure, but only a simple (and better
controlled variable) indicating whether the build system is using
Python 2 is kept on config-host.mak.
Signed-off-by: Cleber Rosa <crosa@redhat.com>
Message-Id: <20190826155832.17427-1-crosa@redhat.com>
Reviewed-by: Tony Nguyen <tony.nguyen@bt.com>
---
configure | 5 +++--
tests/Makefile.include | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/configure b/configure
index 714e7fb6a1..0a6a617fa3 100755
--- a/configure
+++ b/configure
@@ -1864,7 +1864,7 @@ if ! $python -c 'import sys; sys.exit(sys.version_info < (2,7))'; then
fi
# Preserve python version since some functionality is dependent on it
-python_version=$($python -V 2>&1 | sed -e 's/Python\ //')
+python_version=$($python -c 'import sys; print("%d.%d.%d" % (sys.version_info[0], sys.version_info[1], sys.version_info[2]))' 2>/dev/null)
# Suppress writing compiled files
python="$python -B"
@@ -6514,6 +6514,7 @@ if ! $python -c 'import sys; sys.exit(sys.version_info < (3,0))'; then
echo
echo "warning: Python 2 support is deprecated" >&2
echo "warning: Python 3 will be required for building future versions of QEMU" >&2
+ python2="y"
fi
config_host_mak="config-host.mak"
@@ -7333,7 +7334,7 @@ echo "INSTALL_DATA=$install -c -m 0644" >> $config_host_mak
echo "INSTALL_PROG=$install -c -m 0755" >> $config_host_mak
echo "INSTALL_LIB=$install -c -m 0644" >> $config_host_mak
echo "PYTHON=$python" >> $config_host_mak
-echo "PYTHON_VERSION=$python_version" >> $config_host_mak
+echo "PYTHON2=$python2" >> $config_host_mak
echo "CC=$cc" >> $config_host_mak
if $iasl -h > /dev/null 2>&1; then
echo "IASL=$iasl" >> $config_host_mak
diff --git a/tests/Makefile.include b/tests/Makefile.include
index fd7fdb8658..fc67846431 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -1132,7 +1132,7 @@ TESTS_RESULTS_DIR=$(BUILD_DIR)/tests/results
AVOCADO_SHOW=app
AVOCADO_TAGS=$(patsubst %-softmmu,-t arch:%, $(filter %-softmmu,$(TARGET_DIRS)))
-ifneq ($(findstring v2,"v$(PYTHON_VERSION)"),v2)
+ifneq ($(PYTHON2),y)
$(TESTS_VENV_DIR): $(TESTS_VENV_REQ)
$(call quiet-command, \
$(PYTHON) -m venv --system-site-packages $@, \
--
2.17.2

98
tools/packaging/qemu/patches/4.2.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch
View File

@ -1,98 +0,0 @@
From 4400ea745b2a073186061a04dc07d90a8fb8a51f Mon Sep 17 00:00:00 2001
From: Yang Zhong <yang.zhong@intel.com>
Date: Wed, 28 Mar 2018 20:14:53 +0800
Subject: [PATCH 1/2] 9p: removing coroutines of 9p to increase the I/O
performance
This is a quick workaround, need to be fixed.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
---
hw/9pfs/9p.c | 12 +++++-------
hw/9pfs/9p.h | 6 +++---
hw/9pfs/coth.h | 3 +++
3 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 520177f40c..191c43e42d 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1082,10 +1082,7 @@ static void coroutine_fn pdu_complete(V9fsPDU *pdu, ssize_t len)
out_notify:
pdu->s->transport->push_and_notify(pdu);
- /* Now wakeup anybody waiting in flush for this request */
- if (!qemu_co_queue_next(&pdu->complete)) {
- pdu_free(pdu);
- }
+ pdu_free(pdu);
}
static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension)
@@ -3968,7 +3965,7 @@ static inline bool is_read_only_op(V9fsPDU *pdu)
void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
{
- Coroutine *co;
+// Coroutine *co;
CoroutineEntry *handler;
V9fsState *s = pdu->s;
@@ -3986,8 +3983,9 @@ void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
}
qemu_co_queue_init(&pdu->complete);
- co = qemu_coroutine_create(handler, pdu);
- qemu_coroutine_enter(co);
+ handler(pdu);
+ //co = qemu_coroutine_create(handler, pdu);
+ //qemu_coroutine_enter(co);
}
/* Returns 0 on success, 1 on failure. */
diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
index 3904f82901..30ecab2b2e 100644
--- a/hw/9pfs/9p.h
+++ b/hw/9pfs/9p.h
@@ -380,21 +380,21 @@ extern int total_open_fd;
static inline void v9fs_path_write_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_wrlock(&s->rename_lock);
+ // qemu_co_rwlock_wrlock(&s->rename_lock);
}
}
static inline void v9fs_path_read_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_rdlock(&s->rename_lock);
+ // qemu_co_rwlock_rdlock(&s->rename_lock);
}
}
static inline void v9fs_path_unlock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_unlock(&s->rename_lock);
+ // qemu_co_rwlock_unlock(&s->rename_lock);
}
}
diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h
index c2cdc7a9ea..0fe971d1f5 100644
--- a/hw/9pfs/coth.h
+++ b/hw/9pfs/coth.h
@@ -46,6 +46,9 @@
qemu_coroutine_yield(); \
} while (0)
+#undef v9fs_co_run_in_worker
+#define v9fs_co_run_in_worker(code_block) do {code_block} while(0);
+
void co_run_in_worker_bh(void *);
int coroutine_fn v9fs_co_readlink(V9fsPDU *, V9fsPath *, V9fsString *);
int coroutine_fn v9fs_co_readdir(V9fsPDU *, V9fsFidState *, struct dirent **);
--
2.21.0

45
tools/packaging/qemu/patches/4.2.x/0002-memory-backend-file-nvdimm-support-read-only-files-a.patch
View File

@ -1,45 +0,0 @@
From f06edce09ed88568a743c6aa36343081e35cca54 Mon Sep 17 00:00:00 2001
From: Julio Montes <julio.montes@intel.com>
Date: Mon, 8 Jul 2019 21:19:36 +0000
Subject: [PATCH 2/2] memory-backend-file/nvdimm: support read-only files as
memory-backends
Currently it is not possible to use a file that is part of a read-only
filesystem as memory backend for nvdimm devices, even if the file itself
is not modified in the guest. Same goes for files that do not have write access.
In order to improve the security of Virtual Machines that share
and do not modify the memory-backend-file, QEMU should support
read-only memory-backends.
Use case:
* Kata Containers use a memory-backed-file as read-only rootfs, and this
file is used to start all the virtual machines in the node.
It would be really bad if somehow a malicious container modified it.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Message-Id: <20190708211936.8037-1-julio.montes@intel.com>
---
exec.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/exec.c b/exec.c
index ffdb518535..506a5af8c1 100644
--- a/exec.c
+++ b/exec.c
@@ -1819,6 +1819,12 @@ static int file_ram_open(const char *path,
break;
}
g_free(filename);
+ } else if (errno == EROFS || errno == EACCES) {
+ fd = open(path, O_RDONLY);
+ if (fd >= 0) {
+ /* @path names an existing read-only file, use it */
+ break;
+ }
}
if (errno != EEXIST && errno != EINTR) {
error_setg_errno(errp, errno,
--
2.21.0

119
tools/packaging/scripts/configure-hypervisor.sh
View File

@ -222,17 +222,11 @@ generate_qemu_options() {
# Disabled options # Disabled options
if gt_eq "${qemu_version}" "5.0.0" ; then # Disable sheepdog block driver support
# Disable sheepdog block driver support qemu_options+=(size:--disable-sheepdog)
qemu_options+=(size:--disable-sheepdog)
# Disable block migration in the main migration stream # Disable block migration in the main migration stream
qemu_options+=(size:--disable-live-block-migration) qemu_options+=(size:--disable-live-block-migration)
else
# Starting from QEMU 5.0, the bluetooth code has been removed without replacement.
# bluetooth support not required
qemu_options+=(size:--disable-bluez)
fi
# braille support not required # braille support not required
qemu_options+=(size:--disable-brlapi) qemu_options+=(size:--disable-brlapi)
@ -256,7 +250,7 @@ generate_qemu_options() {
# Disable PAM authentication: it's a feature used together with VNC access # Disable PAM authentication: it's a feature used together with VNC access
# that's not used. See QEMU commit 8953caf for more details # that's not used. See QEMU commit 8953caf for more details
gt_eq "${qemu_version}" "4.0.0" && qemu_options+=(size:--disable-auth-pam) qemu_options+=(size:--disable-auth-pam)
# Disable unused filesystem support # Disable unused filesystem support
[ "$arch" == x86_64 ] && qemu_options+=(size:--disable-fdt) [ "$arch" == x86_64 ] && qemu_options+=(size:--disable-fdt)
@ -265,11 +259,7 @@ generate_qemu_options() {
qemu_options+=(size:--disable-libnfs) qemu_options+=(size:--disable-libnfs)
# Starting from QEMU 4.1, libssh replaces to libssh2 # Starting from QEMU 4.1, libssh replaces to libssh2
if gt_eq "${qemu_version}" "4.1.0" ; then qemu_options+=(size:--disable-libssh)
qemu_options+=(size:--disable-libssh)
else
qemu_options+=(size:--disable-libssh2)
fi
# Disable unused compression support # Disable unused compression support
qemu_options+=(size:--disable-bzip2) qemu_options+=(size:--disable-bzip2)
@ -294,12 +284,6 @@ generate_qemu_options() {
s390x) qemu_options+=(size:--disable-tcg) ;; s390x) qemu_options+=(size:--disable-tcg) ;;
esac esac
# SECURITY: Don't build a static binary (lowers security)
# needed if qemu version is less than 2.7
if ! gt_eq "${qemu_version}" "2.7.0" ; then
qemu_options+=(security:--disable-static)
fi
if [ "${static}" == "true" ]; then if [ "${static}" == "true" ]; then
qemu_options+=(misc:--static) qemu_options+=(misc:--static)
fi fi
@ -370,38 +354,33 @@ generate_qemu_options() {
# Disable Capstone # Disable Capstone
qemu_options+=(size:--disable-capstone) qemu_options+=(size:--disable-capstone)
if gt_eq "${qemu_version}" "3.0.0" ; then # Disable graphics
# Disable graphics qemu_options+=(size:--disable-virglrenderer)
qemu_options+=(size:--disable-virglrenderer)
# Due to qemu commit 3ebb9c4f52, we can't disable replication in v3.0 # Disable block replication
if gt_eq "${qemu_version}" "3.1.0" ; then qemu_options+=(size:--disable-replication)
# Disable block replication
qemu_options+=(size:--disable-replication)
fi
# Disable USB smart card reader # Disable USB smart card reader
qemu_options+=(size:--disable-smartcard) qemu_options+=(size:--disable-smartcard)
# Disable guest agent # Disable guest agent
qemu_options+=(size:--disable-guest-agent) qemu_options+=(size:--disable-guest-agent)
qemu_options+=(size:--disable-guest-agent-msi) qemu_options+=(size:--disable-guest-agent-msi)
# unused image formats # unused image formats
qemu_options+=(size:--disable-vvfat) qemu_options+=(size:--disable-vvfat)
qemu_options+=(size:--disable-vdi) qemu_options+=(size:--disable-vdi)
qemu_options+=(size:--disable-qed) qemu_options+=(size:--disable-qed)
qemu_options+=(size:--disable-qcow1) qemu_options+=(size:--disable-qcow1)
qemu_options+=(size:--disable-bochs) qemu_options+=(size:--disable-bochs)
qemu_options+=(size:--disable-cloop) qemu_options+=(size:--disable-cloop)
qemu_options+=(size:--disable-dmg) qemu_options+=(size:--disable-dmg)
qemu_options+=(size:--disable-parallels) qemu_options+=(size:--disable-parallels)
# vxhs was deprecated on QEMU 5.1 so it doesn't need to be # vxhs was deprecated on QEMU 5.1 so it doesn't need to be
# explicitly disabled. # explicitly disabled.
if ! gt_eq "${qemu_version}" "5.1.0" ; then if ! gt_eq "${qemu_version}" "5.1.0" ; then
qemu_options+=(size:--disable-vxhs) qemu_options+=(size:--disable-vxhs)
fi
fi fi
#--------------------------------------------------------------------- #---------------------------------------------------------------------
@ -414,12 +393,6 @@ generate_qemu_options() {
# Required for fast network access # Required for fast network access
qemu_options+=(speed:--enable-vhost-net) qemu_options+=(speed:--enable-vhost-net)
# Always strip binaries
# needed if qemu version is less than 2.7
if ! gt_eq "${qemu_version}" "2.7.0" ; then
qemu_options+=(size:--enable-strip)
fi
# Support Ceph RADOS Block Device (RBD) # Support Ceph RADOS Block Device (RBD)
[ -z "${static}" ] && qemu_options+=(functionality:--enable-rbd) [ -z "${static}" ] && qemu_options+=(functionality:--enable-rbd)
@ -433,25 +406,21 @@ generate_qemu_options() {
qemu_options+=(functionality:--enable-cap-ng) qemu_options+=(functionality:--enable-cap-ng)
qemu_options+=(functionality:--enable-seccomp) qemu_options+=(functionality:--enable-seccomp)
if gt_eq "${qemu_version}" "3.1.0" ; then # AVX2 is enabled by default by x86_64, make sure it's enabled only
# AVX2 is enabled by default by x86_64, make sure it's enabled only # for that architecture
# for that architecture if [ "$arch" == x86_64 ]; then
if [ "$arch" == x86_64 ]; then qemu_options+=(speed:--enable-avx2)
qemu_options+=(speed:--enable-avx2) qemu_options+=(speed:--enable-avx512f)
if gt_eq "${qemu_version}" "5.0.0" ; then # According to QEMU's nvdimm documentation: When 'pmem' is 'on' and QEMU is
qemu_options+=(speed:--enable-avx512f) # built with libpmem support, QEMU will take necessary operations to guarantee
fi # the persistence of its own writes to the vNVDIMM backend.
# According to QEMU's nvdimm documentation: When 'pmem' is 'on' and QEMU is qemu_options+=(functionality:--enable-libpmem)
# built with libpmem support, QEMU will take necessary operations to guarantee else
# the persistence of its own writes to the vNVDIMM backend. qemu_options+=(speed:--disable-avx2)
qemu_options+=(functionality:--enable-libpmem) qemu_options+=(functionality:--disable-libpmem)
else
qemu_options+=(speed:--disable-avx2)
qemu_options+=(functionality:--disable-libpmem)
fi
# Enable libc malloc_trim() for memory optimization.
qemu_options+=(speed:--enable-malloc-trim)
fi fi
# Enable libc malloc_trim() for memory optimization.
qemu_options+=(speed:--enable-malloc-trim)
#--------------------------------------------------------------------- #---------------------------------------------------------------------
# Other options # Other options
@ -587,6 +556,10 @@ main() {
[ -n "${qemu_version}" ] || [ -n "${qemu_version}" ] ||
die "cannot determine qemu version from file $qemu_version_file" die "cannot determine qemu version from file $qemu_version_file"
if ! gt_eq "${qemu_version}" "5.0.0" ; then
die "Kata requires QEMU >= 5.0.0"
fi
local gcc_version_major=$(gcc -dumpversion | cut -f1 -d.) local gcc_version_major=$(gcc -dumpversion | cut -f1 -d.)
[ -n "${gcc_version_major}" ] || [ -n "${gcc_version_major}" ] ||
die "cannot determine gcc major version, please ensure it is installed" die "cannot determine gcc major version, please ensure it is installed"