Bug 2046029

Summary: [WRB] New machine type property - dtb-kaslr-seed
Product: Red Hat Enterprise Linux 9 Reporter: Miroslav Rezanina <mrezanin>
Component: qemu-kvmAssignee: Eric Auger <eric.auger>
qemu-kvm sub component: Machine Types QA Contact: Yihuang Yu <yihyu>
Status: CLOSED ERRATA Docs Contact:
Severity: low    
Priority: low CC: coli, jinzhao, juzhang, kraxel, lijin, virt-maint, yihyu
Version: 9.1Keywords: Triaged
Target Milestone: rc   
Target Release: 9.1   
Hardware: aarch64   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-7.0.0-3.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-11-15 09:53:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1924294    

Description Miroslav Rezanina 2022-01-26 08:26:58 UTC 
Found on WRB:
2022-01-26

Affected commit:
Add aarch64 machine types

Upstream change introducing issue:
33973e1e1f hw/arm: add control knob to disable kaslr_seed via DTB

Issue:
Upstream introduced new option used by machine type on aarch64 - dtb-kaslr-seed. We need to evaluate this option and decide whether it should be used in RHEL.

In case we are going to add this option, it will be introduced in 9.1 and so we need to properly handle compat bits (if needed) against older machine types.

Temporary solution:
Added option to machine type

Expected solution:
Confirmed this new option is needed and any required compat handling available.

Additional information:
Comment 1 Andrew Jones 2022-01-26 08:53:04 UTC 
We don't need it yet. As we're done rebasing mach-virt for 9.0, then I don't think there's anything we need to do now. For 9.1, when we rebase again, we should ensure the property is commented out.
Comment 6 Yihuang Yu 2022-05-13 09:35:36 UTC 
QE bot(pre verify): Set 'Verified:Tested,SanityOnly' as gating/tier1 test pass.
Comment 10 Yihuang Yu 2022-05-25 02:09:08 UTC 
Verify with qemu-kvm-7.0.0-4.el9.aarch64, "dtb-kaslr-seed" option is not in the output of the machine type help.

# /usr/libexec/qemu-kvm -version
QEMU emulator version 7.0.0 (qemu-kvm-7.0.0-4.el9)
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers

# /usr/libexec/qemu-kvm -M virt,?
virt-rhel9.0.0-machine options:
  acpi=<OnOffAuto>       - Enable ACPI
  append=<string>        - Linux kernel command line
  confidential-guest-support=<link<confidential-guest-support>> - Set confidential guest scheme to support
  default-bus-bypass-iommu=<bool> - Set on/off to enable/disable bypass_iommu for default root bus
  dt-compatible=<string> - Overrides the "compatible" property of the dt root node
  dtb=<string>           - Linux kernel device tree file
  dump-guest-core=<bool> - Include guest memory in a core dump
  dumpdtb=<string>       - Dump current dtb to a file and quit
  firmware=<string>      - Firmware image
  gic-version=<string>   - Set GIC version. Valid values are 2, 3, host and max
  graphics=<bool>        - Set on/off to enable/disable graphics emulation
  highmem=<bool>         - Set on/off to enable/disable using physical address space above 32 bits
  initrd=<string>        - Linux initial ramdisk file
  iommu=<string>         - Set the IOMMU type. Valid values are none and smmuv3
  its=<bool>             - Set on/off to enable/disable ITS instantiation
  kernel=<string>        - Linux kernel image file
  mem-merge=<bool>       - Enable/disable memory merge support
  memory-backend=<string> - Set RAM backendValid value is ID of hostmem based backend
  memory-encryption=<string> - Set memory encryption object to use
  phandle-start=<int>    - The first phandle ID we may generate dynamically
  ras=<bool>             - Set on/off to enable/disable reporting host memory errors to a KVM guest using ACPI and guest external abort exceptions
  smp=<SMPConfiguration> - CPU topology
  suppress-vmdesc=<bool> - Set on to disable self-describing migration
  usb=<bool>             - Set on/off to enable/disable usb
  x-oem-id=<string>      - Override the default value of field OEMID in ACPI table header.The string may be up to 6 bytes in size
  x-oem-table-id=<string> - Override the default value of field OEM Table ID in ACPI table header.The string may be up to 8 bytes in size

# /usr/libexec/qemu-kvm -M none,?
none-machine options:
  append=<string>        - Linux kernel command line
  confidential-guest-support=<link<confidential-guest-support>> - Set confidential guest scheme to support
  dt-compatible=<string> - Overrides the "compatible" property of the dt root node
  dtb=<string>           - Linux kernel device tree file
  dump-guest-core=<bool> - Include guest memory in a core dump
  dumpdtb=<string>       - Dump current dtb to a file and quit
  firmware=<string>      - Firmware image
  graphics=<bool>        - Set on/off to enable/disable graphics emulation
  initrd=<string>        - Linux initial ramdisk file
  kernel=<string>        - Linux kernel image file
  mem-merge=<bool>       - Enable/disable memory merge support
  memory-backend=<string> - Set RAM backendValid value is ID of hostmem based backend
  memory-encryption=<string> - Set memory encryption object to use
  phandle-start=<int>    - The first phandle ID we may generate dynamically
  smp=<SMPConfiguration> - CPU topology
  suppress-vmdesc=<bool> - Set on to disable self-describing migration
  usb=<bool>             - Set on/off to enable/disable usb

Also, the sanity test passed.
Comment 17 errata-xmlrpc 2022-11-15 09:53:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: qemu-kvm security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7967