Comments (14)
Hey @MotorCityCobra , if you're just looking to use the patch on Fedora 36 or 37, you can download the latest RPMs from the Actions workflow. It uploads them as a build artifact in a zip file.
If you're looking to rebuild it following the same steps for FC36/37, you can follow along by running the commands in the Dockerfile, followed by the entrypoint script.
Since I shoved this into a GitHub Action, sed
is used to modify the specfile without being interactive (manpage). You can do the same thing interactively with nano or vim.
If you're looking to move this patch to another platform, good luck! The add-acs-override.patch
file is complete, but where that goes in your chosen platform's version of the kernel and the build tools available to you are well beyond the scope of anything I could provide insight to.
Best of luck!
from fedora-acs-override.
Please have a look into https://github.com/some-natalie/fedora-acs-override/blob/main/fc36-action/entrypoint.sh#L20.
There you can find the sed commands which insert the patch definitions into the kernel.spec.
from fedora-acs-override.
There you can find the sed commands which insert the patch definitions into the kernel.spec
Edit the spec file with some sed magics
sed -i 's/# define buildid .local/%define buildid .acs/g' ~/rpmbuild/SPECS/kernel.spec
sed -i '/^Patch1:/a Patch1000: add-acs-override.patch' ~/rpmbuild/SPECS/kernel.spec
sed -i '/^ApplyOptionalPatch patch-/a ApplyOptionalPatch add-acs-override.patch' ~/rpmbuild/SPECS/kernel.spec
"sed magics"?
I hate to ask for a hand holding, but this ... sed... thing... I use it to derive something that I paste into ~/rpmbuild/SPECS/kernel.spec?
from fedora-acs-override.
To add the patch, add the two lines below to the spec file in the section for patches (usually right below the sources).
I probably sound like I'm nitpicking at this point, but the word 'patches' is in this file dozens of times. Is there a better landmark?
# ACS override patch
Patch1000: add-acs-override.patch
Then tell it to apply the patch in the prep section. It will be below the ApplyOptionalPatch() function definition, normally right above the # END OF PATCH APPLICATIONS comment.
ApplyOptionalPatch add-acs-override.patch
I'm adding 'ApplyOptionalPatch add-acs-override.patch'?
from fedora-acs-override.
ERROR: Patch add-acs-override.patch not listed as a source patch in specfile
The add-acs-override.patch
is in the right place
[star@fedora SPECS]$ cd ~/rpmbuild/SOURCES/
[star@fedora SOURCES]$ ls
add-acs-override.patch kernel-kabi-dw-5.17.12-300.tar.bz2 Module.kabi_dup_ppc64le
check-kabi kernel-local Module.kabi_dup_s390x
cpupower.config kernel-ppc64le-debug-fedora.config Module.kabi_dup_x86_64
cpupower.service kernel-ppc64le-debug-rhel.config Module.kabi_ppc64le
filter-aarch64.sh.fedora kernel-ppc64le-fedora.config Module.kabi_s390x
filter-aarch64.sh.rhel
From the spec file. And %define buildid .acs
is at the top.
cd linux-%{KVERREL}
cp -a %{SOURCE1} .
%if !%{nopatches}
ApplyOptionalPatch patch-%{patchversion}-redhat.patch
%endif
ApplyOptionalPatch linux-kernel-test.patch
ApplyOptionalPatch add-acs-override.patch
# END OF PATCH APPLICATIONS
# Any further pre-build tree manipulations happen here.
chmod +x scripts/checkpatch.pl
mv COPYING COPYING-%{version}-%{release}
# This Prevents scripts/setlocalversion from mucking with our version numbers.
touch .scmversion
## Patches needed for building this package
%if !%{nopatches}
#ACS override patch
Patch1000: add-acs-override.patch
Patch1: patch-%{patchversion}-redhat.patch
%endif
# empty final patch to facilitate testing of kernel patches
Patch999999: linux-kernel-test.patch
# END OF PATCH DEFINITIONS
from fedora-acs-override.
Lastly, thanks @stefanleh for answering questions and generally being awesome! I appreciate it! ❤️
from fedora-acs-override.
Lastly ❤️
I'm having trouble with libvirt and kvm with this kernel. Is AMD not supported for virtualization with Fedora 36?
[star@fedora ~]$ sudo systemctl status libvirtd
● libvirtd.service - Virtualization daemon
Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2023-04-10 21:08:11 EDT; 8s ago
TriggeredBy: ● libvirtd-ro.socket
● libvirtd.socket
○ libvirtd-tls.socket
● libvirtd-admin.socket
○ libvirtd-tcp.socket
Docs: man:libvirtd(8)
https://libvirt.org
Main PID: 1334 (libvirtd)
Tasks: 19 (limit: 32768)
Memory: 15.2M
CPU: 148ms
CGroup: /system.slice/libvirtd.service
└─ 1334 /usr/sbin/libvirtd --timeout 120
Apr 10 21:08:11 fedora systemd[1]: Starting libvirtd.service - Virtualization daemon...
Apr 10 21:08:11 fedora systemd[1]: Started libvirtd.service - Virtualization daemon.
Apr 10 21:08:11 fedora libvirtd[1334]: libvirt version: 8.1.0, package: 2.fc36 (Fedora Project, 2022-03-13-01:12:58, )
Apr 10 21:08:11 fedora libvirtd[1334]: hostname: fedora
Apr 10 21:08:11 fedora libvirtd[1334]: Unable to open /dev/kvm: No such file or directory
[star@fedora ~]$
[star@fedora ~]$
[star@fedora ~]$ sudo modprobe kvm
[star@fedora ~]$ sudo modprobe kvm_amd # for AMD CPUs
modprobe: ERROR: could not insert 'kvm_amd': Operation not supported
from fedora-acs-override.
I'm having trouble with libvirt and kvm with this kernel. Is AMD not supported for virtualization with Fedora 36?
Sorry to say I have no idea - I'd assume it'd work. Fedora help is probably a much better place to ask. ❤️
from fedora-acs-override.
In my NAS Server im using a AMD Ryzen 7 PRO 5750G CPU which should have the same virtualisation features as every Ryzen CPU since Ryzen 7 1700 times. Maybe you need to activate SMV or the like in your Bios first?
[root@server ~]# lsmod | grep kvm
kvm_amd 204800 8
kvm 1318912 1 kvm_amd
irqbypass 16384 35 vfio_pci_core,kvm
ccp 143360 1 kvm_amd
[root@server ~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 48 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 16
On-line CPU(s) list: 0-15
Vendor ID: AuthenticAMD
BIOS Vendor ID: Advanced Micro Devices, Inc.
Model name: AMD Ryzen 7 PRO 5750G with Radeon Graphics
BIOS Model name: AMD Ryzen 7 PRO 5750G with Radeon Graphics Unknown CPU @ 3.8GHz
BIOS CPU family: 107
CPU family: 25
Model: 80
Thread(s) per core: 2
Core(s) per socket: 8
Socket(s): 1
Stepping: 0
Frequency boost: enabled
CPU(s) scaling MHz: 75%
CPU max MHz: 4672.0698
CPU min MHz: 1400.0000
BogoMIPS: 7585.79
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf rapl pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a mis
alignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate ssbd mba ibrs ibpb stibp vmmcall fsgsbase bmi1 avx2 smep bmi2 erms invpcid cqm rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsaveerptr rd
pru wbnoinvd cppc arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif v_spec_ctrl umip pku ospke vaes vpclmulqdq rdpid overflow_recov succor smca fsrm
Virtualization features:
Virtualization: AMD-V
from fedora-acs-override.
Also pls read here: https://www.alibabacloud.com/tech-news/virtualization/2dv-how-to-check-hardware-virtualization-support-in-linux
There are some hints on how to check if virtualisation support is given and active.
from fedora-acs-override.
Maybe you need to activate SMV or the like in your Bios first?
It was this. *SVM actually, but I knew what you meant. I needed to enable it. Duh. I thought all my virtualization setting were on because I was creating VMs with all the same settings on a Ubuntu Server install. So, KVM for AMD works now, and I also made this change...
sudo systemctl disable --now libvirtd.service
sudo systemctl disable --now libvirtd.socket
sudo systemctl enable --now virtqemud.socket
sudo systemctl enable --now virtqemud.service
sudo systemctl status virtqemud.service
VMs working with most devices in their own IOMMU groups now. Thank you.
from fedora-acs-override.
I'd like to glomb some more information if either would care to indulge, since you two know so much. I see that it does not separate every single device into its own IOMMU like other patches I've used in the past. Is this patch more secure as a result?
from fedora-acs-override.
There are some "modes" you can pick from which define how the ACS patch acts regarding seperation.
Please see "6.5 Bypassing the IOMMU groups (ACS override patch)" here https://wiki.archlinux.org/title/PCI_passthrough_via_OVMF on how to set the mode fitting your needs.
For example my kernel options for ACS are: pcie_acs_override=downstream,multifunction
from fedora-acs-override.
And about security: the ACS patch lowers security by overriding the seperation provided by IOMMU - the more patch needs to tweak hardware/firmware seperation the more your security will suffer - but of course it depends what you do with the system - do you let strangers access some of your VMs? the worst scenario is that an attacker gets high rights on a VM a device is passed through and he can use the weakened seperation to get access to another device via DMA
from fedora-acs-override.
Related Issues (7)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fedora-acs-override.