RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2046029 - [WRB] New machine type property - dtb-kaslr-seed
Summary: [WRB] New machine type property - dtb-kaslr-seed
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: qemu-kvm
Version: 9.1
Hardware: aarch64
OS: Unspecified
low
low
Target Milestone: rc
: 9.1
Assignee: Eric Auger
QA Contact: Yihuang Yu
URL:
Whiteboard:
Depends On:
Blocks: 1924294
TreeView+ depends on / blocked
 
Reported: 2022-01-26 08:26 UTC by Miroslav Rezanina
Modified: 2022-11-15 10:15 UTC (History)
7 users (show)

Fixed In Version: qemu-kvm-7.0.0-3.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-11-15 09:53:40 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gitlab redhat/centos-stream/src qemu-kvm merge_requests 82 0 None None None 2022-05-03 09:01:57 UTC
Red Hat Issue Tracker RHELPLAN-109739 0 None None None 2022-01-26 08:29:25 UTC
Red Hat Product Errata RHSA-2022:7967 0 None None None 2022-11-15 09:54:26 UTC

Description Miroslav Rezanina 2022-01-26 08:26:58 UTC 
Found on WRB:
2022-01-26

Affected commit:
Add aarch64 machine types

Upstream change introducing issue:
33973e1e1f hw/arm: add control knob to disable kaslr_seed via DTB

Issue:
Upstream introduced new option used by machine type on aarch64 - dtb-kaslr-seed. We need to evaluate this option and decide whether it should be used in RHEL.

In case we are going to add this option, it will be introduced in 9.1 and so we need to properly handle compat bits (if needed) against older machine types.

Temporary solution:
Added option to machine type

Expected solution:
Confirmed this new option is needed and any required compat handling available.

Additional information:
Comment 1 Andrew Jones 2022-01-26 08:53:04 UTC 
We don't need it yet. As we're done rebasing mach-virt for 9.0, then I don't think there's anything we need to do now. For 9.1, when we rebase again, we should ensure the property is commented out.
Comment 6 Yihuang Yu 2022-05-13 09:35:36 UTC 
QE bot(pre verify): Set 'Verified:Tested,SanityOnly' as gating/tier1 test pass.
Comment 10 Yihuang Yu 2022-05-25 02:09:08 UTC 
Verify with qemu-kvm-7.0.0-4.el9.aarch64, "dtb-kaslr-seed" option is not in the output of the machine type help.

# /usr/libexec/qemu-kvm -version
QEMU emulator version 7.0.0 (qemu-kvm-7.0.0-4.el9)
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers

# /usr/libexec/qemu-kvm -M virt,?
virt-rhel9.0.0-machine options:
  acpi=<OnOffAuto>       - Enable ACPI
  append=<string>        - Linux kernel command line
  confidential-guest-support=<link<confidential-guest-support>> - Set confidential guest scheme to support
  default-bus-bypass-iommu=<bool> - Set on/off to enable/disable bypass_iommu for default root bus
  dt-compatible=<string> - Overrides the "compatible" property of the dt root node
  dtb=<string>           - Linux kernel device tree file
  dump-guest-core=<bool> - Include guest memory in a core dump
  dumpdtb=<string>       - Dump current dtb to a file and quit
  firmware=<string>      - Firmware image
  gic-version=<string>   - Set GIC version. Valid values are 2, 3, host and max
  graphics=<bool>        - Set on/off to enable/disable graphics emulation
  highmem=<bool>         - Set on/off to enable/disable using physical address space above 32 bits
  initrd=<string>        - Linux initial ramdisk file
  iommu=<string>         - Set the IOMMU type. Valid values are none and smmuv3
  its=<bool>             - Set on/off to enable/disable ITS instantiation
  kernel=<string>        - Linux kernel image file
  mem-merge=<bool>       - Enable/disable memory merge support
  memory-backend=<string> - Set RAM backendValid value is ID of hostmem based backend
  memory-encryption=<string> - Set memory encryption object to use
  phandle-start=<int>    - The first phandle ID we may generate dynamically
  ras=<bool>             - Set on/off to enable/disable reporting host memory errors to a KVM guest using ACPI and guest external abort exceptions
  smp=<SMPConfiguration> - CPU topology
  suppress-vmdesc=<bool> - Set on to disable self-describing migration
  usb=<bool>             - Set on/off to enable/disable usb
  x-oem-id=<string>      - Override the default value of field OEMID in ACPI table header.The string may be up to 6 bytes in size
  x-oem-table-id=<string> - Override the default value of field OEM Table ID in ACPI table header.The string may be up to 8 bytes in size

# /usr/libexec/qemu-kvm -M none,?
none-machine options:
  append=<string>        - Linux kernel command line
  confidential-guest-support=<link<confidential-guest-support>> - Set confidential guest scheme to support
  dt-compatible=<string> - Overrides the "compatible" property of the dt root node
  dtb=<string>           - Linux kernel device tree file
  dump-guest-core=<bool> - Include guest memory in a core dump
  dumpdtb=<string>       - Dump current dtb to a file and quit
  firmware=<string>      - Firmware image
  graphics=<bool>        - Set on/off to enable/disable graphics emulation
  initrd=<string>        - Linux initial ramdisk file
  kernel=<string>        - Linux kernel image file
  mem-merge=<bool>       - Enable/disable memory merge support
  memory-backend=<string> - Set RAM backendValid value is ID of hostmem based backend
  memory-encryption=<string> - Set memory encryption object to use
  phandle-start=<int>    - The first phandle ID we may generate dynamically
  smp=<SMPConfiguration> - CPU topology
  suppress-vmdesc=<bool> - Set on to disable self-describing migration
  usb=<bool>             - Set on/off to enable/disable usb

Also, the sanity test passed.
Comment 17 errata-xmlrpc 2022-11-15 09:53:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: qemu-kvm security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7967
Note You need to log in before you can comment on or make changes to this bug.