Add Linux 4.19 support and change the default preference to 4.19#1094
Add Linux 4.19 support and change the default preference to 4.19#1094jean-edouard merged 3 commits intoOpenXT:masterfrom
Conversation
rneilturner
force-pushed
the
uprev-4.19
branch
2 times, most recently
from
0fc3f9b to
671922f
Compare
|
Tested build on Dell 9010, Legacy boot. Installed HVM windows guest w/stubdom, rebooted guest 15-20 times, no problems. Networking is up and connected, UIVM is up. No segfaults in the logs. +1 |
|
There was one change with 4.19 that may need to be addressed. During boot, the splash screen gets overwritten by the Dom0 display logging. This seems to be new behavior between 4.14 and 4.19. There are linux command line arguments that could be supplied to reduce this output considerably, notably reducing the loglevel down to say 2 (critical logs only) and supplying the quiet option. Another option is introducing a graphical boot process such as Plymouth or psplash. |
|
Hi, @rneilturner, thanks for working on this. This patchset is quite large - 31000+ lines changed. Were there any particular patches requiring significant or notable changes? Finally, there was some discussion about dropping patches. Would you please list the dropped patches in the commit message. I see you bumped the stubdom memory. Did you observe a specific issue requiring that? That change may be better split out into its own commit with an explanation. |
|
@jandryuk I uploaded the patch diff from 4.14 to 4.19 to the OXT ticket. Some of the bigger changes are:
Other changes were very minor and were attributed to slight changes in API. I decided not to drop any patches with this PR. I figured we can have a separate discussion on this. Candidates for removal include acpi-video-delay-init.patch and intel-amt-support.patch. This kernel increased the size requirement for our stubdom's, slightly bigger kernel overall even after trimming as much as I could. Without this change I was getting OOM when booting guests. |
jandryuk
left a comment
jandryuk
left a comment
There was a problem hiding this comment.
My comments mainly come from the diff posted in Jira.
|
|
||
| FILESEXTRAPATHS_prepend := "${THISDIR}/patches:${THISDIR}/defconfigs:" | ||
| SRC_URI += "${KERNELORG_MIRROR}/linux/kernel/v${PV_MAJOR}.x/linux-${PV}.tar.xz;name=kernel \ | ||
| file://bridge-carrier-follow-prio0.patch;patch=1 \ |
There was a problem hiding this comment.
All these patch=1 flags can be dropped since bitbake treats .patch files as patches by default.
There was a problem hiding this comment.
Agreed, fix coming.
| case XenbusStateUnknown: | ||
| + /* if the backend vanishes from xenstore, close frontend */ | ||
| + if (!xenbus_exists(XBT_NIL, dev->otherend, "") && | ||
| + (dev->state != XenbusStateUnknown)) { |
There was a problem hiding this comment.
Indenting here is messed up.
There was a problem hiding this comment.
Agreed, fix coming.
| - if (dev->state != XenbusStateInitialising) | ||
| + /* allow reconnect if our state is either initialising, or closed */ | ||
| + if (dev->state != XenbusStateInitialising && | ||
| + dev->state != XenbusStateClosed) |
There was a problem hiding this comment.
Indenting here is messed up.
There was a problem hiding this comment.
Agreed, fix coming.
| int br_dev_queue_push_xmit(struct net *net, struct sock *sk, struct sk_buff *skb) | ||
| { | ||
| skb_push(skb, ETH_HLEN); | ||
| + struct sk_buff *new_skb; |
There was a problem hiding this comment.
This declaration should be added before skb_push
There was a problem hiding this comment.
Agreed, fix coming.
| + | ||
| +out: | ||
| + | ||
| + BTDBG("returning %d\n", ( |
There was a problem hiding this comment.
Re-exporting elevator_init is easiest for now, but is probably wrong long term. The linux block subsystem will be multiqueue-only, and blk_init_queue will be going away in addition to elevator_init. I don't know what it would take to convert multiqueue, but I imagine that will need to be done.
There was a problem hiding this comment.
Agreed it will have to be done. I took a few hours last week and determined its probably going to take a week of dev/test work on the blktap driver to get it working with multi queue. This would be a good follow-on task once we rebase and accept the upstream blktap implementation.
rneilturner
force-pushed
the
uprev-4.19
branch
from
671922f to
52ccbf9
Compare
|
PR has been updated with corrections on linux-openxt_4.19.20.bb, netfront-support-backend-relocated.patch, and skb-forward-copy-bridge-param.patch. |
| case XenbusStateUnknown: | ||
| + /* if the backend vanishes from xenstore, close frontend */ | ||
| + if (!xenbus_exists(XBT_NIL, dev->otherend, "") && | ||
| + (dev->state != XenbusStateUnknown)) { |
There was a problem hiding this comment.
This line should still be indented 1 more space - "(" aligned under "!".
Thanks, @rneilturner
There was a problem hiding this comment.
Lindent didn't pick up on this but I will update regardless.
There was a problem hiding this comment.
Patch has been updated
jean-edouard
left a comment
jean-edouard
left a comment
There was a problem hiding this comment.
All LGTM, except for that slot reset thing.
| + return pci_reset_function(dev); | ||
| + } | ||
| + | ||
| + //Next, we'll try the next gentlest: a hotplugging reset |
There was a problem hiding this comment.
This "gentlest" solution is the exact same as the "most drastic" one below.
pci_reset_bus() seems to now try a slot reset first, so I get where you coming from, but those 2 ifs should probably be merged and the comments and debug messages fixed up...
There was a problem hiding this comment.
With pci_reset_bus() determines if slot reset is possible using pci_probe_reset_slot(), which is what device_supports_slot_reset(), introduced by this patch does. It seems this can just become:
if (allow_bus_reset)
return pci_reset_bus(dev);... With the helpers device_supports_slot_reset() and device_supports_bus_reset() no longer being necessary.
There was a problem hiding this comment.
update coming soon. +1
Signed-off-by: Richard Turner <turnerr@ainfosec.com>
|
I tested the latest build and found some issues:
|
|
I noted the kernel logs taking over the boot screen in my comments above. I also offered some suggestions to resolve the issue but haven't seen any comments back. I have not seen the SELinux issue you are seeing @jean-edouard, although my build tree is two weeks out of date with commits. Are you sure this problem is related to 4.19? Either way, I will update my build tree and take a look. |
|
Sorry, I missed your comment about the on-screen logs. Reducing the verbosity is not an option, since we need the logs on serial and in /var/log/messages. |
|
|
|
I think the console output is coming from @jean-edouard how did you get unlabeled files? |
|
Oh, that's probably from editing that file outside of OpenXT to be able to boot... Please disregard. |
|
My tree is before Xen 4.11 and TBOOT 1.9.9 was merged. I will test my changes before and after these features were merged. |
|
Randomly tried adding |
|
Seems Fedora 29 running kernel 4.18 with Xen 4.11 ran into the same SELinux problems. https://bugzilla.redhat.com/show_bug.cgi?id=1679293 |
|
For the AVCs, we probably just need this added to dev-xen-privcmd.patch: |
|
Thanks @jandryuk I will give that a go. |
|
@jandryuk that resolved the avc denial issue. I have added a commit to this PR with the changes. |
Resolves avc denial audit: type=1400 audit(1551796299.940:4): avc: denied { read write } for pid=875 comm=xenstored name=hypercall dev=devtmpfs ino=10059 scontext=system_u:system_r:xenstored_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=0
Signed-off-by: Richard Turner <turnerr@ainfosec.com>
|
LGTM |
|
One more AVC, XSM this time... Sorry I didn't catch that that earlier. Edit: actually, the build also includes the rebased blktap3, not sure which PR causes the AVC... |
|
@jean-edouard I looked at this last night and also fixed it here: rneilturner/xsm-policy@206ff18 Either implementation works for me. Thanks for looking at this also. |
|
I would go with @rneilturner 's change, but insert the new line after domain: |
|
PR posted for the xsm-policy change: OpenXT/xsm-policy#23 |
|
Built here: http://openxt-builder.ainfosec.com:8010/builders/openxt/builds/1890 Everything works fine now, except the boot time console spam and the audio passthrough (tested on Dells E7470 and E7480). Here are the passthrough logs: |
|
@jean-edouard I will take a look tomorrow at the problem you are seeing with the passthrough on the onboard audio device using the E7470. I will scrounge up an E7470 if I can to test it out. |
|
Maybe related to this fix.....torvalds/linux@7250f42#diff-bbe12856743579912d20395c8ce87558 |
|
I was able to recreate the issue with a Dell 7040. Passthrough of an integrated audio device is not something we test here very often. Passthrough of an add-on GPU and NIC worked fine. |
|
Some GPUs have an audio device which must also be passed through for the GPU to work.
|
|
@stacktrust this is not the case for the above problem. This is a problem with an integrated audio device not attached to any GPU. I was able to passthrough the audio device on a GPU. |
|
Status Update: We have been testing 4.19 with a variety of GPU's today and found with certain GPU's, the audio device is not getting assigned to pciback. It so happens the first two GPU's we tested worked just fine. We can force this assignment with the audio device to occur but it causes more issues with pcifront when we do this. Comments or suggestions in this investigation is highly encouraged! We will continue going forward in our investigation and will post any updates as they come in. |
|
We have narrowed down the issue to the unbinding of the snd-hda-intel driver. This doesn't seem to be an issue with x64 OpenXT running Linux 4.19. There has been a significant amount of churn on the Intel audio driver in 4.17 and 4.19. The investigation continues. |
|
Verified running Ubuntu 16.04 32-bit with Linux 5.0 with vanilla Xen causes the exact kernel crash we are seeing when unbinding the intel audio driver. If you don't run Ubuntu with Xen the problem does NOT occur. |
|
Also verified the problem was introduced in Linux Kernel 4.17. |
Signed-off-by: Richard Turner <turnerr@ainfosec.com>
|
Merging soon. |
| # CONFIG_ATARI_PARTITION is not set | ||
| # CONFIG_MAC_PARTITION is not set | ||
| CONFIG_MSDOS_PARTITION=y | ||
| # CONFIG_MSDOS_PARTITION is not set |
There was a problem hiding this comment.
This looks weird. Looks like 4.14 has CONFIG_MSDOS_PARTITION=y, so do we want to drop # CONFIG_MSDOS_PARTITION is not set
There was a problem hiding this comment.
I'm good with dropping it. @jean-edouard if you approve I can have an update to this PR with the change.
There was a problem hiding this comment.
Sorry, just saw that, please submit a separate PR for this, as I'm about to merge. Thanks
6 participants
See OXT-1497 https://openxt.atlassian.net/browse/OXT-1497
Requires OpenXT/v4v#39
Signed-off-by: Richard Turner turnerr@ainfosec.com