Bug 1740797

Summary: Disable memfd in QEMU
Product: Red Hat Enterprise Linux 8 Reporter: Marc-Andre Lureau <marcandre.lureau>
Component: qemu-kvmAssignee: Marc-Andre Lureau <marcandre.lureau>
Status: CLOSED ERRATA QA Contact: Yumei Huang <yuhuang>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.0CC: areis, chayang, ddepaula, jen, jinzhao, juzhang, marcandre.lureau, mrezanin, rbalakri, virt-maint, yuhuang
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-2.12.0-84.module+el8.1.0+3980+a02d9447 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1738626 Environment:
Last Closed: 2019-11-05 20:51:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1738626, 1813852    
Bug Blocks:    

Description Marc-Andre Lureau 2019-08-13 15:55:36 UTC 
+++ This bug was initially created as a clone of Bug #1738626 +++

memfd is not needed by layered products right now, but it's currently enabled in our package. Let's disable it in QEMU so it doesn't get exposed unecessarily and untested.

This commit from libvirt gives us a good summary of what the feature is:
(but this BZ is about disabling it in QEMU, which is enough)

commit 24b74d187cab48a9dc9f409ea78900154c709579
Author: Marc-André Lureau <marcandre.lureau>
Date:   Thu Nov 15 15:55:53 2018 +0400

    qemu: add memfd source type
    
    Add a new memoryBacking source type "memfd", supported by QEMU (when
    the capability is available).
    
    A memfd is a specialized anonymous memory kind. As such, an anonymous
    source type could be automatically using a memfd. However, there are
    some complications when migrating from different memory backends in
    qemu (mainly due to the internal object naming at this point, but
    there could be more). For now, it is simpler and safer to simply
    introduce a new source type "memfd". Eventually, the "anonymous" type
    could learn to use memfd transparently in a separate change.
    
    The main benefits are that it doesn't need to create filesystem files,
    and it also enforces sealing, providing a bit more safety.

--- Additional comment from Danilo Cesar de Paula on 2019-08-13 14:06:09 UTC ---

QA_ACK, please?
Comment 4 Yumei Huang 2019-08-19 06:50:40 UTC 
Verify:
qemu-kvm-2.12.0-84.module+el8.1.0+3980+a02d9447
kernel-4.18.0-131.el8.x86_64

Object memory-backend-memfd is no longer supported by qemu, 

# /usr/libexec/qemu-kvm -object memory-backend-memfd,id=mem0
qemu-kvm: -object memory-backend-memfd,id=mem0: invalid object type: memory-backend-memfd


But there are still related content in qemu-kvm man page, I think we should remove them as well.
"
-object
memory-backend-memfd,id=id,merge=on|off,dump=on|off,prealloc=on|off,size=size,host-nodes=host-
nodes,policy=default|preferred|bind|interleave,seal=on|off,hugetlb=on|off,hugetlbsize=size
      Creates an anonymous memory file backend object, which allows QEMU to share
      the memory with an external process (e.g. when using vhost-user). The memory
      is allocated with memfd and optional sealing. (Linux only)

"
Comment 5 Marc-Andre Lureau 2019-08-19 07:13:53 UTC 
(In reply to Yumei Huang from comment #4)
> But there are still related content in qemu-kvm man page, I think we should
> remove them as well.
> "
> -object
> memory-backend-memfd,id=id,merge=on|off,dump=on|off,prealloc=on|off,
> size=size,host-nodes=host-
> nodes,policy=default|preferred|bind|interleave,seal=on|off,hugetlb=on|off,
> hugetlbsize=size
>       Creates an anonymous memory file backend object, which allows QEMU to
> share
>       the memory with an external process (e.g. when using vhost-user). The
> memory
>       is allocated with memfd and optional sealing. (Linux only)
> 
> "

The man page is the upstream version, I don't think we do downstream changes. The CLI is not supported afaik anyway.
Comment 6 Yumei Huang 2019-08-19 09:03:26 UTC 
Thanks Marc.

Moving to verified per above comments.
Comment 8 errata-xmlrpc 2019-11-05 20:51:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3345