[fedora-virt] Fedora virt status

Mark McLoughlin markmc at redhat.com
Fri Jan 30 18:29:27 UTC 2009


  2009-03-03 Feature freeze (32 days)
  2009-03-10 Beta Freeze (39 days)
  2009-04-14 Final freeze (74 days)

Alpha Freeze, Take 2
====================

Cole released new versions of virt-manager and virtinst releases:

  http://www.redhat.com/archives/fedora-virt/2009-January/msg00041.html
  http://www.redhat.com/archives/fedora-virt/2009-January/msg00042.html

Unfortunately, no libvirt release, but more on that below.

The biggest virt issue that we would have liked to get resolved the alpha is
the infamous "unsynchronized TSC" issue which causes guests on certain hosts
to hang or crash:

    https://bugzilla.redhat.com/475598

Juan Quintela is close to a fix suitable for sending upstream, but in the
meantime we've applied a temporary fix to disable KVM's paravirt clock on those
hosts. The current rawhide kernel has this fix and the upcoming 2.6.29 kernel
for F-10 will have it too.

On Monday, rel-eng met and decided to try for an alpha refresh using Tuesday's
rawhide. A number of issues were found including:

  https://bugzilla.redhat.com/481716
    rawhide anaconda traceback when installing KVM guest (yum-HEAD.patch)

    This turned out to be a problem with yum and was quickly fixed. There also
    were issues with latest yum that affected the tools for building the
    release tree and these were fixed.

  https://bugzilla.redhat.com/482907
    f11alpha anaconda hanging when moving to timezone screen

    Initially KVM was accussed, but evidence was produced and we were granted
    a reprieve.

    Right now, the fingers are pointing at a bizarre GtkCheckButton related
    issue but no doubt the problem will turn out to be completely random.
    Plenty of fun to be had here if anyone is interested in helping.

So, the alpha has definitely frozen now, but blockers are still being worked
on.

Fedora Weekly News
==================

A new issue of FWN was posted with some nice virt coverage:

  http://fedoraproject.org/wiki/FWN/Issue160#Virtualization

Thanks to Dale Bewley.

Fedora 10 Kernel
================

Plans have changed, F10 is going to get 2.6.29:

  https://www.redhat.com/archives/fedora-kernel-list/2009-January/msg00098.html

Initial builds are available in Koji for testing.

libvirt
=======

Work in preparation for a new release has been ongoing all week. The release is
likely to happen this weekend.

Some highlights from the week:

  - Lots and lots of fixes

  - libvirt_proxy vulvnerability:

      http://thread.gmane.org/gmane.comp.emulators.libvirt/11459

  - qemu disk format support, including support for COW backing stores

  - virtio GSO is now enabled for KVM guests where appropriate

PCI Device Assignment
=====================

https://fedoraproject.org/wiki/Features/KVM_PCI_Device_Assignment

This came up for review by FESCo this week and received a very positive
reception - seven +1s. Lots of time was spent discussing, but most questions
seemed to be just FESCo member's personal interest in the feature rather than
any real concerns over whether it should be approved.

Kevin Fenzi (nirik) and Dennis Gilmore (dgilmore) both mentioned that they're
using TDM cards with Asterisk and would like to be able to move this service
into a KVM guest. Supporting these cards are on of the most common requests.

Some time was spent discussing exactly what PCI devices can be assigned. The
first requirement is VT-d and AMD IOMMU. PCIe devices should work well.
Multiple conventional PCI devices on the same bridge can't be assigned to
different guests. Graphics cards won't work for now.

Will Woods asked about VT-d support causing issues with some BIOSes. Fedora
disabled CONFIG_DMAR in May because of this issue but it has been re-enabled
recently again. The goal is to resolve any of these issues, perhaps through
blacklisting. Any users experiencing issues should try disabling DMAR with
intel_iommu=off and report to iommu at lists.linux-foundation.org if that fixes
their problem.

On the testing front, basic device assignment seems to be working. Assigning
an e1000e device to a guest using qemu-kvm directly from the command line works
fine. One issue is that rawhide was missing the pci-stub module:

  https://bugzilla.redhat.com/482792

but that's now resolved. A more serious issue is "TX Unit Hang" problems when
trying to do an install using an assigned NIC. These warnings seems to be a
suggest that the NIC isn't being fully reset before being used.

CONFIG_DMAR
===========

Related to PCI device assignment are Intel VT-d issues that have been reported
recently.

Basically, on some machines - e.g. Lenovo x200, Dell Precision T5400 and Dell
Latitude E6400 - VT-d support is causing serious and, in one case, data loss.

Kyle Martin sensibly made intel_iommu=off the default in rawhide:

   * Fri Jan 23 2009 Kyle McMartin <kyle at redhat.com>
   - disable intel_iommu by default (enable with "intel_iommu=on")

and has sent his patch to do so upstream.

More details on the issue:

  https://bugzilla.redhat.com/479996
  http://bugzilla.kernel.org/show_bug.cgi?id=12578
  https://lists.linux-foundation.org/pipermail/iommu/2009-January/001028.html

David Woodhouse has promised to dig into it next week. Bhavesh Davda and
Adar Dembo from VMware are both working on the issue too. Adar tried
DMA_API_DEBUG, but no driver issues were uncovered.

Disk Access Errors
==================

Dan Walsh and Cole have been looking into how to solve the issue of qemu
blowing up when it doesn't have access to disk images because e.g. it was
downloaded to a user's homedir and doesn't have the appropriate SELinux label.

One suggestion is to add a <code>qemuaccess</code> program which would be run
early on by virt-managerto check that qemu will have access. That way the
problem could be reported earlier to the user in a manner that is easier to
diagnose.

sVirt
=====

A new F11 feature page has been posted:

  https://fedoraproject.org/wiki/SVirt_Mandatory_Access_Control

  "sVirt integrates SELinux with the Fedora virtualization stack to allow
   Mandatory Access Control (MAC) security be applied to guest virtual
   machines. Amongst other things, this prevents a security bug in the
   hypervisor from allowing guests to attack the host or one another."

James Morris is hacking away on adding this to libvirt. Dan Walsh is going to
handle making sure it works well for Fedora.

Fedora Package Updates
======================

A discussion around what a Fedora package update description should contain
generated a wide discussion around how package maintainers should handles
updates in general. Some guidelines have been proposed here:

  https://fedoraproject.org/wiki/User:Markmc/Draft_package_update_guidelines

These guidelines are virt specific, but might interest virt package
maintainers.

pv_ops
======

Jeremy Fitzhardinge has posted some patches to reduce the overhead of enabling
paravirt_ops on bare-metal:

  http://lkml.org/lkml/2009/1/28/438

  "In testing, the net result was that the overhead dropped by about 75%"

Fedora's kernel has pv_ops enabled, of course, so this should prove a nice win.

bugs
====

DOOM-O-METER: 186 open bugs last week, 191 this week. Booo!

(Hmm, how do you drop needinfo bugs from bugzilla queries?)

Some interesting ones:

https://bugzilla.redhat.com/454415
  dnsmasq --user=nobody broken on F9
    -> fixed now

https://bugzilla.redhat.com/479622
  libvirt should avoid creating virtual networks with the same bridge name
    -> Edouard found that if he created multiple virtual networks in
       virt-manager, they all had the same bridge name.

https://bugzilla.redhat.com/460649
  libvirtd requires restart in order to detect KVM support
    -> If you install KVM after libvirtd has started, KVM support won't be
       available in virt-manager. Fixing this may involve libvirtd having
       to be restarted, or libvirtd might re-poll periodically for KVM.

https://bugzilla.redhat.com/480779
https://bugzilla.redhat.com/483204
  F10 kvm mmu bugs:
    -> Some users reported KVM MMU issues. The wiley Glauber Costa noticed that
       the kernels in question had an nVidia driver loaded at the time. Since
       Linux developers can't do anything to fix closed source drivers, these
       bugs will be closed unless they can be reproduced without the nVidia
       driver.

https://bugzilla.redhat.com/480822
https://bugzilla.redhat.com/480850
  virtio_net oops during rawhide guest install on rawhide host
    -> These oopses in slab_alloc() are still a major issue.




More information about the Fedora-virt mailing list