Ubuntu 18.04: kvm on 4.14.37-135 needs qemu being recompiled

Moderators: mdrjr, odroid

Ubuntu 18.04: kvm on 4.14.37-135 needs qemu being recompiled

Unread postby back2future » Fri May 11, 2018 3:06 am

[ KVM for kernel 4.14.37-135 does not support qemu-system-arm (image suggested version 2.11.1 stops here with 'Segmentation fault') with kernel from boot partition from image (at the moment of 3 times reboot and try). ]

Recompiling git sources for qemu (QEMU emulator version 2.12.50) enables qemu-system-arm¹ without 'Segmentation fault' error. But still no kvm enabled

Could not access KVM kernel module: No such file or directory
qemu-system-arm: failed to initialize KVM: No such file or directory

uname -r
4.14.37-135

cat /etc/os*+[TAB]
NAME="Ubuntu"
VERSION="18.04 LTS (Bionic Beaver)"

1) edit: previous functional qemu src:
Code: Select all
git clone https://github.com/qemu/qemu
qemu_bionic1804@GLIBC2.27/bin/debug/native# arm-softmmu/qemu-system-arm --version
QEMU emulator version 2.12.50 (v2.12.0-366-gc74e62ee3e-dirty)
Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers
Last edited by back2future on Fri Jun 01, 2018 5:59 am, edited 1 time in total.
naturally beYOnd spectrum
back2future
 
Posts: 96
Joined: Sun Jul 23, 2017 3:19 pm
languages_spoken: english

Re: Ubuntu 18.04: kvm on 4.14.37-135 needs qemu being recomp

Unread postby back2future » Thu May 31, 2018 11:44 am

Is it necessary to de-energize Xu4 SoC's caches for several seconds, between booting different .dtb configurations?
Thx
naturally beYOnd spectrum
back2future
 
Posts: 96
Joined: Sun Jul 23, 2017 3:19 pm
languages_spoken: english

Re: Ubuntu 18.04: kvm on 4.14.37-135 needs qemu being recomp

Unread postby moon.linux » Thu May 31, 2018 7:06 pm

I followed the kvm guide from the wiki page it seem to work with qemu-system-arm supported but ubuntu.

https://wiki.odroid.com/odroid-xu4/appl ... ftware/kvm

Code: Select all
root@odroid:~# dmesg | grep HYP
[    0.188938] CPU: All CPU(s) started in HYP mode.
root@odroid:~#
root@odroid:~# dmesg | grep kvm
[    0.000000] Linux version 4.14.43-xu4kvm (root@odroid) (gcc version 7.3.0 (Ubuntu/Linaro 7.3.0-16ubuntu3)) #2 SMP PREEMPT Thu May 31 08:17:03 UTC 2018
[    0.990718] kvm [1]: 8-bit VMID
[    0.992017] kvm [1]: vgic interrupt IRQ16
[    0.992427] kvm [1]: Hyp mode initialized successfully
root@odroid:~# cat /proc/interrupts | grep arch_timer
 58:          0          0          0          0          0          0          0          0     GICv2  29 Level     arch_timer
 59:          0      97780      99045     158085    1566791     298946     173628     127652     GICv2  30 Level     arch_timer
Attachments
Screenshot at 2018-05-31 09-55-43.png
qemu on xu4
Screenshot at 2018-05-31 09-55-43.png (208.55 KiB) Viewed 502 times
moon.linux
 
Posts: 1162
Joined: Thu Oct 02, 2014 11:42 pm
languages_spoken: english

Re: Ubuntu 18.04: kvm on 4.14.35

Unread postby back2future » Thu May 31, 2018 10:31 pm

With
apt-get update, apt-get upgrade, apt-get dist-upgrade
qemu from repo and kvm now work partly nice. Thx for the link.

Code: Select all
# qemu-system-arm -version
QEMU emulator version 2.11.1(Debian 1:2.11+dfsg-1ubuntu7.2)
Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers

is running on
mate window manager with
Code: Select all
# uname -a
Linux odroid 4.14.35-kvm1 #1 SMP PREEMPT Mon Apr 30 17:07:23 CEST 2018 armv7l armv7l armv7l GNU/Linux
# dmesg | grep kvm
[    0.000000] Linux version 4.14.35-kvm1 (root@odroid) (gcc version 6.3.0 20170516 (Debian 6.3.0-18)) #1 SMP PREEMPT Sun Apr 29 13:07:23 CEST 2018
[    0.782695] kvm [1]: 8-bit VMID
[    0.784033] kvm [1]: vgic interrupt IRQ16
[    0.784377] kvm [1]: Hyp mode initialized successfully

and kvm guest Ubuntu 16.04.2 LTS
Code: Select all
# uname -a
   Linux odroid 4.13.0 #5 SMP Fri Apr 27 17:00:47 CEST 2018 armv7l armv7l armv7l GNU/Linux
 # hdparm -tT
   Timing cached reads:   7860 MB in  2.00 seconds = 3933.34 MB/sec
   Timing buffered disk reads: 480 MB in  3.00 seconds = 159.95 MB/sec
 # cat /proc/interrupts | grep arch_timer
   58:          0          0          0          0          0          0          0          0     GICv2  29 Level     arch_timer
   59:          0      11388       8065       5539      59303      49037      32970      23653     GICv2  30 Level     arch_timer


[ With apt_upgrading kernel src are on a 4.15 level:
"The Guest OS booted with linux-4.15-rc6 for vexpress-a15 config file."

Code: Select all
qemu-system-arm -M vexpress-a15 -smp 1 -m 512 -sd ./boot8MB.img -netdev user,id=user,net=10.2.0.0/24,host=10.2.0.4,dhcpstart=10.2.0.7 -device virtio-net-device,netdev=user -net nic,model=lan9118,netdev=net0,addr=10.2.0.4,macaddr=00:c9:29:b8:7c:ee  -netdev user,id=net1,hostfwd=tcp::1020024-:22 -serial mon:stdio -nographic -kernel u-boot -append "root=/dev/ram0" -d guest_errors -enable-kvm -cpu host
(-device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0¹ <- https://dn.odroid.com/5422/ODROID-XU3/U ... img.md5sum)

U-boot error:
Code: Select all
U-Boot 2018.01 (April 29 2018 - 04:04:58 +0600)

DRAM:  512 MiB
WARNING: Caches not enabled
Flash: error: kvm run failed Function not implemented


or Segmentation fault without
-enable-kvm -cpu host
Code: Select all
qemu-system-arm: /build/qemu-fP6YxS/qemu-2.11+dfsg/exec.c:724: cpu_address_space_init: Assertion `asidx == 0 || !kvm_enabled()' failed.
Aborted
with -enable-kvm -cpu cortex-a15


,but above qemu-system-arm cmd (slghtly mdfd.) agrees with src compiled qemu 2.12
Code: Select all
U-Boot 2018.01 (April 29 2018 - 04:04:58 +0600)

DRAM:  515 MiB
WARNING: Caches not enabled
Flash: 128 MiB
MMC:   MMC: 0
*** Warning - bad CRC, using default environment

In:    serial
Out:   serial
Err:   serial
Net:   smc911x-0
Press quickly 'Enter' twice to stop autoboot:  0
MMC Device 1 not found
no mmc device at slot 1
switch to partitions #0, OK
mmc0 is current device
env - environment handling commands

Usage:
env default [-f] -a - [forcibly] reset default environment
env default [-f] var [...] - [forcibly] reset variable(s) to their default values
env delete [-f] var [...] - [forcibly] delete variable(s)
env export [-t | -b | -c] [-s size] addr [var ...] - export environment
env import [-d] [-t [-r] | -b | -c] addr [size] - import environment
env print [-a | name ...] - print environment
env run var [...] - run commands in an environment variable
env save - save environment
env set [-f] name [arg ...]

Scanning mmc 0:1...
Found U-Boot script /boot.scr.uimg
reading /boot.scr.uimg
992 bytes read in 21 ms (45.9 KiB/s)
## Executing script at 80001000
libfdt fdt_check_header(): FDT_ERR_BADMAGIC
reading vmlinuz-4.13
4150784 bytes read in 6210 ms (652.3 KiB/s)
reading uInitrd-4.13
QEMU: Terminated


from qemu x86 people changelog since we are in HYP mode for kvm; maybe suits here for some emulating on x86:
Suse.com: https://www.suse.com/de-de/support/upda ... 20181479-1
CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests
burgers@@suse.com
Code: Select all
- Spectre v4 vulnerability mitigation support for KVM guests.
  High level description of vulnerability: Systems with microprocessors
  utilizing speculative execution and speculative execution of memory
  reads before the addresses of all prior memory writes are known may
  allow unauthorized disclosure of information to an attacker with
  local user access via a side-channel analysis.
  This change permits the new x86 cpu feature flag named "ssbd" to be
  presented to the guest, given that the host has this feature, and
  KVM exposes it to the guest as well.
  For this feature to be enabled, via adding it to the qemu commandline
  (eg: -cpu <model>,+spec-ctrl,+ssbd), so the guest OS can take advantage
  of the feature, spec-ctrl and ssbd support is also required in the host.
  Another new x86 cpu feature flag named "virt-ssbd" is also added to
  handle this vulnerability for AMD processors.
  (CVE-2018-3639 bsc#1092885)
  0062-i386-define-the-ssbd-CPUID-feature-.patch
  0063-i386-Define-the-Virt-SSBD-MSR-and-h.patch
  0064-i386-define-the-AMD-virt-ssbd-CPUID.patch
Redhat: https://access.redhat.com/errata/RHSA-2018:1660
NIST.gov: https://nvd.nist.gov/vuln/detail/CVE-2018-3639 ]

1) http://cryptodev-linux.org/
Last edited by back2future on Fri Aug 03, 2018 1:04 am, edited 1 time in total.
naturally beYOnd spectrum
back2future
 
Posts: 96
Joined: Sun Jul 23, 2017 3:19 pm
languages_spoken: english

Re: Ubuntu 18.04: kvm on 4.14.37-135 needs qemu being recomp

Unread postby moon.linux » Tue Jun 05, 2018 5:50 pm

@back2future
I not sure on Spectre patches for arm have been merged into to mainline kernel, recently
I have seen some progress on hardening of branch prediction https://lwn.net/Articles/745704/ ,
but still some more work need to done on this Exynos 5422 platform.
moon.linux
 
Posts: 1162
Joined: Thu Oct 02, 2014 11:42 pm
languages_spoken: english

Re: Ubuntu 18.04: kvm on 4.14.37-135 needs qemu being recomp

Unread postby back2future » Fri Jun 08, 2018 3:31 pm

Kernel 4.15 introduced KPTI (kernel page table isolation) that slows down todays (affected) cpus on averaged ~5% ( tested, for e.g., on kernel compile duration ).
The impact of Meltdown is less a difficulty with fully emulated os systems, because only guest system users would exchange side channel data, but only if they have access to this guest systems being already isolated through emulation from a host (main) system. ( With cloud side virtualized guest systems being a bigger exception considering security. )
https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)#Impact

On real systems even newer Cortex-A75 arm cores are vulnerable for Meltdown attacks without KPTI.
Cortex-A53 or Cortex-A55 are not affected by Meltdown or Spectre, following todays public knowledge base. Refering Raspberry Pi or Odroid C2, for example.

Maybe some interesting information to add would be, that predictive analysis noticeably and from nowadays trackable, seen like a philosophical scheme, was introduced ~ 500 B. C. in Asia.
Modern authorities ( TPEP ) worked on these kind of system vulnerability versions ( Spectre V1/V2, Meltdown, 05/2018 Google Project Zero ) for computing architectures already ~1995.

So probably, if a system is attackable through (world) wide networks, HYP mode is somekind of security issue on systems that are on area of attention, but not the only real low obstacle around critical analysis being confronted with top level insiders.

[ no server side discussion considering {performance/energy usage}, but prosumer development: kvm on N1 (Dual-Cortex-A72)_Quad-Cortex-A53 cluster viewtopic.php?f=150&t=30388
security improvement for rk3399: taskset -c 0-3 ? ]
Last edited by back2future on Fri Aug 03, 2018 1:47 am, edited 1 time in total.
naturally beYOnd spectrum
back2future
 
Posts: 96
Joined: Sun Jul 23, 2017 3:19 pm
languages_spoken: english

Re: Ubuntu 18.04: kvm on 4.14.37-135 needs qemu being recomp

Unread postby back2future » Fri Aug 03, 2018 1:45 am

moon.linux wrote:@back2future
I not sure on Spectre patches for arm have been merged into to mainline kernel, recently
I have seen some progress on hardening of branch prediction https://lwn.net/Articles/745704/ ,
but still some more work need to done on this Exynos 5422 platform.


Thanks. There's an updating overview @ armDeveloper on security updates also.
https://developer.arm.com/support/arm-s ... nerability

[ qemu is available being https://github.com/qemu/qemu/releases/tag/v3.0.0-rc3, did compile and basically run on bionic18.04 ]
naturally beYOnd spectrum
back2future
 
Posts: 96
Joined: Sun Jul 23, 2017 3:19 pm
languages_spoken: english


Return to Ubuntu

Who is online

Users browsing this forum: Bing [Bot] and 3 guests