diff options
| -rw-r--r-- | ChangeLog.md | 8 | ||||
| -rw-r--r-- | DOCS.md | 28 | ||||
| -rw-r--r-- | TODO.md | 13 | ||||
| -rwxr-xr-x | kvmx | 15 | ||||
| -rwxr-xr-x | share/provision/debian/basic | 5 |
5 files changed, 56 insertions, 13 deletions
diff --git a/ChangeLog.md b/ChangeLog.md index 68b066e..14e33d4 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,6 +1,12 @@ # ChangeLog -## 0.3.0 - unreleased +## 0.3.0 - 2024-09-19 + +* Increase the maximum number of shared folders to avoid error in when KVMX + attempts to setup too many 9p folder shares: + + kvm: -drive file=/var/cache/qemu/$guest/box.img,if=virtio,discard=unmap: + PCI: no slot/function available for virtio-blk-pci, all in use or reserved` * Per-mountpoint mode option (ro, rw). @@ -81,13 +81,7 @@ Image resize can be manually done with a procedure like this thanks to [these do ## Folder sharing -### With virtio and 9p - -* Status: works on kvmx. -* Limitations: performance is low on Linux (as of 2024-08-01), due to a - limitation in the kernel. - -#### About +### Virtio References on virtio: @@ -95,6 +89,16 @@ References on virtio: * [linux kernel - VIRTIO: How it increase performance - Stack Overflow](https://stackoverflow.com/questions/24737882/virtio-how-it-increase-performance) * [Virtual I/O Device (VIRTIO) Version 1.1](https://docs.oasis-open.org/virtio/virtio/v1.1/cs01/virtio-v1.1-cs01.html#x1-240006) +### With virtio and 9p + +* Status: works on kvmx. +* Limitations: performance is low on Linux (as of 2024-08-01), due to a + limitation in the kernel. +* Since fixes for CVE-2023-2861 were released, it's not possible anymore to set + UNIX sockets in shared folders. + +#### Details + Some references on 9p folder sharing: * [v9fs: Plan 9 Resource Sharing for Linux — The Linux Kernel documentation](https://www.kernel.org/doc/html/latest/filesystems/9p.html) @@ -102,6 +106,13 @@ Some references on 9p folder sharing: * [Documentation/9psetup - QEMU](https://wiki.qemu.org/Documentation/9psetup) * [v9fs · GitHub](https://github.com/v9fs) +Support for opening sockets was removed with fixes for CVE-2023-2861: + +* [Os boot issues on 9p filesystem due to unix domain sockets open failure (#2337) · Issues · QEMU / QEMU · GitLab](https://gitlab.com/qemu-project/qemu/-/issues/2337) +* [9pfs: prevent opening special files (CVE-2023-2861) (f6b0de53) · Commits · QEMU / QEMU · GitLab](https://gitlab.com/qemu-project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda) +* [CVE - CVE-2023-2861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2861) +* [SECURITY DLA 3759-1 qemu security update](https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html) + #### Performance Performance limitations: @@ -141,6 +152,9 @@ Patches: ### With virtiofs +* The `virtiofsd` implementation from upstream QUEMY was removed on [version + 8.0](https://wiki.qemu.org/ChangeLog/8.0), in favor of the [virtio-fs / + virtiofsd](https://gitlab.com/virtio-fs/virtiofsd) implementation. * [virtiofs - shared file system for virtual machines](https://virtio-fs.gitlab.io/) * [virtiofs - shared file system for virtual machines / Standalone usage](https://virtio-fs.gitlab.io/howto-qemu.html) * [Debian -- Details of package virtiofsd in trixie](https://packages.debian.org/trixie/virtiofsd) @@ -2,12 +2,18 @@ ## Fixes -* [x] Support for `virt-viewer` is currently broken (as of 2024-08-04). +* [ ] Issue with SSH access on `trixie` VMs: maybe the default ciphers have changed? -* [x] Improve xandr handling. +* [ ] Support for `virt-viewer` is currently broken (as of 2024-08-04). + +* [ ] Improve `xrandr` handling (not working on big monitors with very high + resolutions). ## Usability +* [ ] Hard pause VM (--hard): besides pausing the process, also try to pause it + in the QEMU monitor. + * [ ] Submit patch for spice-client-gtk for menuless windows (spice usecase) to Debian. @@ -45,6 +51,9 @@ ## Folder sharing +* [ ] Dynamically add PCI bridges depending on the number of shared folders, + avoiding PCI slot exhaustion. + * [ ] Mount/umount/remount commands to manage shared folders. * [ ] Try to umount all sshfs volumes in the host when powering off. @@ -19,7 +19,7 @@ # # Basic parameters -VERSION="0.2.0" +VERSION="0.3.0" BASENAME="`basename $0`" DIRNAME="`dirname $0`" ACTION="$1" @@ -411,9 +411,18 @@ function kvmx_up { # See http://wiki.qemu-project.org/Documentation/9psetup local shared="-fsdev local,id=shared,path=$shared_folder,security_model=none -device virtio-9p-pci,fsdev=shared,mount_tag=shared" elif [ ! -z "$shared_folders" ]; then + # Add a PCI bus for shared filesystems + # See https://www.qemu.org/docs/master/system/device-emulation.html + # https://www.suse.com/support/kb/doc/?id=000019383 + # https://unix.stackexchange.com/questions/588912/add-more-pci-slots-to-virtual-machine + # + # Perhaps could also be implemented with the PXB (PCI Expander Bridge): + # https://github.com/qemu/qemu/blob/master/docs/pci_expander_bridge.txt + local shared_bus="-device pci-bridge,bus=pci.0,addr=5,chassis_nr=1,id=shared.0" + local old_ifs="$IFS" local shared_item - local shared + local shared="$shared_bus" IFS="," for shared_item in $shared_folders; do local id="`echo $shared_item | cut -d ':' -f 1`" @@ -431,7 +440,7 @@ function kvmx_up { mkdir -p $shared_folder shared_folder="`cd $KVMX_PROJECT_FOLDER && cd $shared_folder &> /dev/null && pwd`" - shared="$shared -fsdev local,id=$id,path=$shared_folder,security_model=none${shared_folder_mode} -device virtio-9p-pci,fsdev=$id,mount_tag=$id" + shared="$shared -fsdev local,id=$id,path=$shared_folder,security_model=none${shared_folder_mode} -device virtio-9p-pci,fsdev=$id,mount_tag=$id,bus=shared.0" unset shared_folder unset shared_folder_mountpoint diff --git a/share/provision/debian/basic b/share/provision/debian/basic index 5344df3..cfd2122 100755 --- a/share/provision/debian/basic +++ b/share/provision/debian/basic @@ -61,6 +61,11 @@ sudo apps/trashman/trashman install grub-serial-console sudo sysctl kernel.unprivileged_bpf_disabled=1 echo "kernel.unprivileged_bpf_disabled=1" | sudo tee /etc/sysctl.d/kernel.unprivileged_bpf_disabled.conf > /dev/null +# Swappiness +# Decrease system swappiness (default is 60), since this is a virtual machine +sudo sysctl vm.swappiness=10 +echo "vm.swappiness = 10" | sudo tee /etc/sysctl.d/vm.swappiness.conf > /dev/null + # Configuring APT sudo apt-get update $APT_INSTALL apt-transport-https || exit 1 |