Update ubuntu version to 20.04, due to the following linkage errors
is not possible to build QEMU 5 on ubuntu 18.04.
```
libmount.a(libmount_la-fs.o): In function `__mnt_fs_set_source_ptr':
(.text+0x9b1): undefined reference to `blkid_parse_tag_string'
libmount.a(libmount_la-tab.o): In function `mnt_table_find_source':
(.text+0x1dbf): undefined reference to `blkid_parse_tag_string'
libmount.a(libmount_la-utils.o): In function `mnt_tag_is_valid':
(.text+0x618): undefined reference to `blkid_parse_tag_string'
libmount.a(libmount_la-cache.o): In function `mnt_free_cache':
(.text+0x834): undefined reference to `blkid_put_cache'
libmount.a(libmount_la-cache.o): In function `mnt_cache_read_tags':
(.text+0xa24): undefined reference to `blkid_new_probe_from_filename'
(.text+0xa3d): undefined reference to `blkid_probe_enable_superblocks'
(.text+0xa4a): undefined reference to `blkid_probe_set_superblocks_flags'
(.text+0xa57): undefined reference to `blkid_probe_enable_partitions'
(.text+0xa64): undefined reference to `blkid_probe_set_partitions_flags'
(.text+0xa6c): undefined reference to `blkid_do_safeprobe'
(.text+0xb32): undefined reference to `blkid_free_probe'
(.text+0xb7c): undefined reference to `blkid_free_probe'
(.text+0xba0): undefined reference to `blkid_probe_lookup_value'
libmount.a(libmount_la-cache.o): In function `mnt_get_fstype':
(.text+0xef0): undefined reference to `blkid_new_probe_from_filename'
(.text+0xf09): undefined reference to `blkid_probe_enable_superblocks'
(.text+0xf16): undefined reference to `blkid_probe_set_superblocks_flags'
(.text+0xf1e): undefined reference to `blkid_do_safeprobe'
(.text+0xf4a): undefined reference to `blkid_free_probe'
(.text+0xf68): undefined reference to `blkid_probe_lookup_value'
libmount.a(libmount_la-cache.o): In function `mnt_resolve_tag':
(.text+0x130b): undefined reference to `blkid_evaluate_tag'
```
fixes#1060
Signed-off-by: Julio Montes <julio.montes@intel.com>
Cloud hypervisor uses vsock, without this patch CI
for cloud hypervisor is not stable.
Patch information:
```
There was a race condition between bind() and listen() that was hit very
rarely when using Kata Containers and Cloud-Hypervisor. It's been
identified the problem is really coming from the virtio-vsock driver,
which is fixed by those new kernel patches uploaded for each version of
the kernels used by Kata Containers.
```
Update:
Fixed to make it build with kernel 5.6
Fixes#932
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Debian 10 has been broken for a while but CI started
to detected recently.
Remove package until find a way to build it.
Fixes: #1052
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This remains the original aarch64-softmmu *explicit* default config. And
borrows the tuned configuration from i386-softmmu except the board specific
ones.
Fixes: #1044
Signed-off-by: Jia He <justin.he@arm.com>
Capstone is a disassembly framework which is not required for Kata.
Disabling it in configure can reduce ~6M bytes on arm64.
-rwxr-xr-x 71977368 May 8 09:32 qemu-system-aarch64.with.capstone*
-rwxr-xr-x 65676640 May 8 09:39 qemu-system-aarch64.without.capstone*
Fixes: #1044
Signed-off-by: Jia He <justin.he@arm.com>
This PR adds the documentation repository for the update-repository-version
verification.
Fixes#1027
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Rename directory name from release_pieline to release_pipeline
Fixes: #1034
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
QEMU >= 4.0 is able to boot into the uncompressed kernel using the PVH
entry point, but to get this `CONFIG_PVH` must be enabled in the guest
kernel and `pvh.bin` installed in the host.
Booting uncompressed kernels in QEMU 5.0 can reduce the memory footprint,
~17% for KSM and ~15% nonKSM.
fixes#1029
Signed-off-by: Julio Montes <julio.montes@intel.com>
The config file created by kernel fragments scheme is quite different
with the old arm64_kata_kvm_5.4.x.
So I will update arm64_kata_kvm_5.4.x for consistency.
Fixes: #1004
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
kvm-ptp is critical for mitigating time drift between host and guest.
This implementation in kernel side is still one experimental feature on
aarch64, and see https://github.com/kata-containers/packaging/pull/998
for detailed instructions.
Fixes: #1004
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Since we disable pci shpc hotplug for arm64, see
https://github.com/kata-containers/packaging/pull/498 for detailed
reason.
We need to move CONFIG_HOTPLUG_PCI_SHPC from common conf to
x86_64-specific.
Fixes: #1004
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Backport Anshuman Khandual's patch series of Enabling memory hot
remove on aarch64(https://patchwork.kernel.org/cover/11419305/)
to v5.4.x.
XONE_DEVICE is dependent on the implementation of memory hot remove.
This patch series has already been merged, and queued for 5.7.
After backporting this series, we could finally enable nvdimm/dax
on arm64.
Fixes: #1004
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Add a few arm64-specific configs and classify them into seven new categories
, that is,
1. base architecture-dependent options(base.conf)
It also includes varient-specific features, like CONFIG_ARM64_PMEM is
one ARMv8.2 arichitectural features.
2. crypto-related options(crypto.conf)
ARMv8 adds cryptographic instructions that could significantly improve
performance on tasks such as AES encryption and SHA1 and SHA256 hashing.
3. device tree related options(dt.conf)
The "Open Firmware Device Tree", or simply Device Tree (DT), is a data
structure and language for describing hardware, which is commonly
used in arm architecture.
4. ARM errata workarounds options(errata.conf)
There are many Kconfig entires under "Kernel Features" ->
"ARM errata workarounds via the alternatives framework", which provides
software workarounds to mitigate systems affected by those erratum.
Vendor-specific option will be left to users to decide.
5. pci related options(pci.conf)
a simplified pci host controller for mach-virt.
6. serial devices options(serial.conf)
CONFIG_SERIAL_OF_PLATFORM is used for all 8250 compatible serial ports
that are probed through device tree.
7. rtc related options(rtc.conf)
we don't have KVM’s paravirtualized clock and ptp implementation is
still under experimental mode, so we need rtc on aarch64.
QEMU provides an emulated ARM AMBA PrimeCell PL031 RTC.
Fixes: #1004
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Compaction is the only memory management component to form high order
(larger physically contiguous) memory blocks reliably.
The page allocator relies on compaction heavily and the lack of the feature
can lead to unexpected OOM killer invocations for high order memory requests.
We shouldn't disable this option unless there really is a strong reason.
Fixes: #1004
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
mmio devices are required in firecracker, and for now, x86_64 and
aarch64 are all supporting kata containers with firecracker.
So, we need to move mmio-related configs to common dir.
Fixes: #1004
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
There exists a few security-related configs, which are x86-64 specific.
CONFIG_LEGACY_VSYSCALL_NONE=y
CONFIG_RETPOLINE=y
CONFIG_RELOCATABLE and CONFIG_RANDOMIZE_BASE are kinds of tangled on
aarch64, if CONFIG_RANDOMIZE_BASE=y, then CONFIG_RELOCATABLE will be
selected automatically.
CONFIG_RANDOMIZE_BASE will randomize the virtual address at which the
kernel image is loaded, which as a security feature could deter exploit
attempts relying on knowledge of the location of kernel internals.
Fixes: #1004
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
There exists a few configs about linux guest support or optimization
that are not supported on aarch64.
CONFIG_HYPERVISOR_GUEST is only defined under arch/x86/Kconfig and
unfortunately, CONFIG_KVM_GUEST is not supported on aarch64 for now.
Fixes: #1004
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
For now, a few configs as follows in common acpi dir are truly x86-spcecific
or disable by default on arm64.
CONFIG_ACPI_CPU_FREQ_PSS=y
CONFIG_ACPI_HOTPLUG_IOAPIC=y
CONFIG_ACPI_LEGACY_TABLES_LOOKUP
CONFIG_ACPI_LPIT=y
CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
CONFIG_ACPI_PROCESSOR_CSTATE=y
CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y
CONFIG_HAVE_ACPI_APEI_NMI=y
And I also add a few configs which are aarch64-specific.
Like CONFIG_ACPI_REDUCED_HARDWARE_ONLY=y, since ARM64 can run properly
in ACPI hardware reduced mode.
Fixes: #1004
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
- release: Tag and fork documentation repo as part of release
- obs: let patch set in order before apply them
- scripts: Disable pie for qemu when static building
- kernel: Enable CONFIG_VIRTIO_PMEM for booting from pmem
- kernel: Fix patch ordering
- tests: Remove performing updates in Fedora dockerfile
- kata-deploy: fix k3s containerd check
- scripts: update configuration script to support QEMU 5.0
- obs: Update SLES version for packaging
- config: enable printk-time for kernel-5.4 for arm64
- actions: change trigger phrase for kata-deploy action
- kernel: enable virtio-fs for arm64.
- add kernel config for gpu
- Optimize the kata qemu binary size
- obs: Remove OpenSUSE Leap 15.0 from obs generation
- pod : optimization Some debian package manager tweaks
d271ee7 obs: let patch set in order before apply them
fbad186 kernel: Enable CONFIG_VIRTIO_PMEM for booting from pmem
652d1fd release: Tag and fork documentation repo as part of release
7e22144 scripts: Disable pie for qemu when static building
93da145 kernel: Fix patch ordering
59f7678 tests: Remove performing updates in Fedora dockerfiles
96f3b99 kata-deploy: fix k3s containerd check
fb42e38 scripts: update configuration script to support QEMU 5.0
9bdc51c obs: Update SLES version for packaging
32986db config: enable printk-time for kernel-5.4 for arm64
9b8f20c kernel: enable virtio-fs for arm64.
12d351d kernel: add usage in readme
1389500 kernel: support force setup
7a17b50 kernel: support bash debug
d248e41 kernel: support build guest kernel for gpu
cbfc7a1 obs: Remove OpenSUSE Leap 15.0 from obs generation
9a6bd12 debian: Install missing ca-certificates package
d527c4f debian: Don't install recommended software
3670074 scripts: Disable a few options to reduce qemu binary size on generic architectures
711eae6 scripts: Set --enable-pie on aarch64 arch
7cdf113 scripts: Relax the version limitation for qemu
0871391 scripts: Remove obsoleted --disable-uuid
878a223 scripts: Disable xen when builing qemu on generic architectures
e92f3db actions: change trigger phrase for kata-deploy action
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
The enablement of ptp_kvm for arm is under review, see [1].
So we have to apply private patch to enable it in 5.4 kernel.
ptp_kvm can offer the capability of time sync in kata even there
is no network available and higher precision than time sync
service depend on network.
note:
If you want to use this feature on your arm machine, the host kernel
also need apply this patch. we recommend that your host kernel version
is the 5.4, then you can apply this patch smoothly.
[1] https://patchwork.kernel.org/cover/11372743/Fixes: #997
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
obs ci for linuxcontainer will fail when apply patch set which have
dependency within. so patch set should be made in order before feed
to apply.
Fixes: #1015
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
To support booting from pmem with cloud-hypervisor, we need to enable
the virtio-pmem in our kernel.
Fixes: #1013
Signed-off-by: Bo Chen <chen.bo@intel.com>
We should start maintaining stable branches for the documentation
repo similar to other repos.
Fixes#1007
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
--enable-pie is not compatible with --static option for qemu building.
Without this patch, it will report a configure error during static building:
ERROR: static and pie are mutually incompatible
Fixes: #982
Signed-off-by: Jia He <justin.he@arm.com>
Fix the `build-kernel.sh` script to sort patches correctly. Previously,
it relied on `find(1)` for the ordering. However, `find(1)` does not
guarantee any ordering of files within a directory. Since the ordering
could therefore be "random", it was quite possible for patches to be
applied in the wrong order, resulting in conflicts.
Fixes: #1003.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
For obs and running the packages testing in Fedora, we need to remove
the performing of doing an update as it is hit by
https://github.com/kata-containers/runtime/issues/2580. This is needed
to unblock the errors in the testing.
Fixes#1001
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
