| 2022-03-03 10:19:31 |
bugproxy |
bug |
|
|
added bug |
| 2022-03-03 10:19:33 |
bugproxy |
tags |
|
architecture-s39064 bugnameltc-196455 severity-high targetmilestone-inin--- |
|
| 2022-03-03 10:19:34 |
bugproxy |
ubuntu: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
| 2022-03-03 10:19:39 |
bugproxy |
affects |
ubuntu |
linux (Ubuntu) |
|
| 2022-03-03 10:39:30 |
bugproxy |
attachment added |
|
backported patches (combined, cap=211) https://bugs.launchpad.net/bugs/1962831/+attachment/5565243/+files/patches.tar.gz |
|
| 2022-03-03 11:37:12 |
Frank Heimes |
bug task added |
|
ubuntu-z-systems |
|
| 2022-03-03 11:37:19 |
Frank Heimes |
linux (Ubuntu): importance |
Undecided |
High |
|
| 2022-03-03 11:37:21 |
Frank Heimes |
ubuntu-z-systems: importance |
Undecided |
High |
|
| 2022-03-03 11:37:35 |
Frank Heimes |
ubuntu-z-systems: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
| 2022-03-04 11:18:38 |
Frank Heimes |
summary |
[UBUNTU 20.04] KVM: Enable storage key checking for intercepted instruction (Backport to focal) |
[UBUNTU 20.04] KVM: Enable storage key checking for intercepted instruction |
|
| 2022-03-04 11:35:47 |
Frank Heimes |
description |
Description:
KVM uses lazy storage key enablement as Linux does no longer make use of the storage keys. When the guest enters keyed mode, then KVM will save/restore the key during paging, provide change/reference tracking for guest and host and for all interpreted instructions will do key protection.
If an instruction is intercepted and passed along to userspace (like QEMU) no storage key protection is checked, though. This is in violation of the architecture and it can result in misbehaving guests that rely on key protection for all instructions.
This item will add the missing key checking to MEMOP ioctl. |
SRU Justification:
==================
[Impact]
* KVM uses lazy storage key enablement as Linux does no longer make use of
the storage keys. When the guest enters keyed mode, then KVM will
save/restore the key during paging, provide change/reference tracking for
guest and host and for all interpreted instructions will do key protection.
* If an instruction is intercepted and passed along to userspace (like QEMU)
no storage key protection is checked, though.
* But this is in violation of the architecture and it can result in misbehaving
guests that rely on key protection for all instructions.
* This item will improve the MEMOP ioctl to also add key checking.
In case of a key protection the right fault is injected in the guest.
[Fix]
* The following changes since commit dbdbd581976f9dfcc9e21a777273b55bdb9bf138:
UBUNTU: Ubuntu-5.4.0-102.115 (2022-02-23 15:32:05 +0100)
are available in the Git repository at:
https://git.launchpad.net/~fheimes/+git/lp1962831/ 16c0809cf1012e68279a8936a482c1d63cc4d14c
for you to fetch changes up to 16c0809cf1012e68279a8936a482c1d63cc4d14c:
KVM: s390: Add missing vm MEM_OP size check (2022-03-03 22:45:50 +0100)
* All patches are upstream accepted (but some are as of today in linux-next).
* The backports are largely needed due to minor conflicts.
[Test Case]
* An IBM z13 or LinuxONE system is needed running Ubuntu Server 20.04
with QEMU/KVM setup.
* These modification here are covered by the following three tests:
* [kvm-unit-tests,v2] s390x: Test effect of storage keys on some instructions
https://patchwork.kernel.org/project/kvm/patch/20220301095059.3026178-1-scgl@linux.ibm.com/
* [PATCH v2 0/5] memop selftest for storage key checking
https://lore.kernel.org/kvm/20220225155311.3540514-1-scgl@linux.ibm.com/
* c7ef9ebbed20 "KVM: s390: selftests: Test TEST PROTECTION emulation"
* The tests and the verification will be done by the IBM Z team.
* On top a test build is available (see below).
[Where problems could occur]
* Issues with vm ioctl may occur due to the introduction of _vm_ioctl.
* Tests may fail or may report wrong states due to the new TEST_FAIL macro in
tests/utilities or due to new variants of GUEST_ASSERT in selftests.
* Problems on gaccess might be caused due to the refactoring of gpa, length
calculation, access address range check and the new access_guest_page helper
function.
* In uaccess issues may occur due to the introduction of the bit field for OAC
specifier, that causes lot's but relatively straight forward changes or due
to the new storage key checking functions copy_from/to_user_key functions.
* Compile issues may happen if the changes in uaccess.h bout z10 features
are erroneous.
* Instructions that are emulated by KVM might be impacted due to the expanded
storage key checking, that now covers intercepted instructions, too.
This is the most significant modification in terms of size and complexity
and therefore carries the highest risk.
* MEM_OP IOCTL could be harmed due to the additional, but optional, storage
key extension and checking, or the new size check and I/O emulation can be
impacted due to the new vm IOCTL for key checked guest memory access.
* Some tests were added to mitigate this, like the selftests TEST PROTECTION.
* The renaming of the existing vcpu memop functions shouldn't be very harmful,
since issues will already occur test build.
* The rest are API documentation updates and clarifications.
* Except two include/header changes and changes in tools/testing
all other modifications are s390x specific
[Other]
* It was ensured that these changes are in jammy based on LP#1933179.
__________
Description:
KVM uses lazy storage key enablement as Linux does no longer make use of the storage keys. When the guest enters keyed mode, then KVM will save/restore the key during paging, provide change/reference tracking for guest and host and for all interpreted instructions will do key protection.
If an instruction is intercepted and passed along to userspace (like QEMU) no storage key protection is checked, though. This is in violation of the architecture and it can result in misbehaving guests that rely on key protection for all instructions.
This item will add the missing key checking to MEMOP ioctl. |
|
| 2022-03-04 11:36:39 |
Frank Heimes |
linux (Ubuntu): status |
New |
In Progress |
|
| 2022-03-04 11:36:43 |
Frank Heimes |
ubuntu-z-systems: status |
New |
In Progress |
|
| 2022-03-04 11:36:59 |
Frank Heimes |
linux (Ubuntu): assignee |
Skipper Bug Screeners (skipper-screen-team) |
Canonical Kernel Team (canonical-kernel-team) |
|
| 2022-03-07 18:35:01 |
Frank Heimes |
description |
SRU Justification:
==================
[Impact]
* KVM uses lazy storage key enablement as Linux does no longer make use of
the storage keys. When the guest enters keyed mode, then KVM will
save/restore the key during paging, provide change/reference tracking for
guest and host and for all interpreted instructions will do key protection.
* If an instruction is intercepted and passed along to userspace (like QEMU)
no storage key protection is checked, though.
* But this is in violation of the architecture and it can result in misbehaving
guests that rely on key protection for all instructions.
* This item will improve the MEMOP ioctl to also add key checking.
In case of a key protection the right fault is injected in the guest.
[Fix]
* The following changes since commit dbdbd581976f9dfcc9e21a777273b55bdb9bf138:
UBUNTU: Ubuntu-5.4.0-102.115 (2022-02-23 15:32:05 +0100)
are available in the Git repository at:
https://git.launchpad.net/~fheimes/+git/lp1962831/ 16c0809cf1012e68279a8936a482c1d63cc4d14c
for you to fetch changes up to 16c0809cf1012e68279a8936a482c1d63cc4d14c:
KVM: s390: Add missing vm MEM_OP size check (2022-03-03 22:45:50 +0100)
* All patches are upstream accepted (but some are as of today in linux-next).
* The backports are largely needed due to minor conflicts.
[Test Case]
* An IBM z13 or LinuxONE system is needed running Ubuntu Server 20.04
with QEMU/KVM setup.
* These modification here are covered by the following three tests:
* [kvm-unit-tests,v2] s390x: Test effect of storage keys on some instructions
https://patchwork.kernel.org/project/kvm/patch/20220301095059.3026178-1-scgl@linux.ibm.com/
* [PATCH v2 0/5] memop selftest for storage key checking
https://lore.kernel.org/kvm/20220225155311.3540514-1-scgl@linux.ibm.com/
* c7ef9ebbed20 "KVM: s390: selftests: Test TEST PROTECTION emulation"
* The tests and the verification will be done by the IBM Z team.
* On top a test build is available (see below).
[Where problems could occur]
* Issues with vm ioctl may occur due to the introduction of _vm_ioctl.
* Tests may fail or may report wrong states due to the new TEST_FAIL macro in
tests/utilities or due to new variants of GUEST_ASSERT in selftests.
* Problems on gaccess might be caused due to the refactoring of gpa, length
calculation, access address range check and the new access_guest_page helper
function.
* In uaccess issues may occur due to the introduction of the bit field for OAC
specifier, that causes lot's but relatively straight forward changes or due
to the new storage key checking functions copy_from/to_user_key functions.
* Compile issues may happen if the changes in uaccess.h bout z10 features
are erroneous.
* Instructions that are emulated by KVM might be impacted due to the expanded
storage key checking, that now covers intercepted instructions, too.
This is the most significant modification in terms of size and complexity
and therefore carries the highest risk.
* MEM_OP IOCTL could be harmed due to the additional, but optional, storage
key extension and checking, or the new size check and I/O emulation can be
impacted due to the new vm IOCTL for key checked guest memory access.
* Some tests were added to mitigate this, like the selftests TEST PROTECTION.
* The renaming of the existing vcpu memop functions shouldn't be very harmful,
since issues will already occur test build.
* The rest are API documentation updates and clarifications.
* Except two include/header changes and changes in tools/testing
all other modifications are s390x specific
[Other]
* It was ensured that these changes are in jammy based on LP#1933179.
__________
Description:
KVM uses lazy storage key enablement as Linux does no longer make use of the storage keys. When the guest enters keyed mode, then KVM will save/restore the key during paging, provide change/reference tracking for guest and host and for all interpreted instructions will do key protection.
If an instruction is intercepted and passed along to userspace (like QEMU) no storage key protection is checked, though. This is in violation of the architecture and it can result in misbehaving guests that rely on key protection for all instructions.
This item will add the missing key checking to MEMOP ioctl. |
SRU Justification:
==================
[Impact]
* KVM uses lazy storage key enablement as Linux does no longer make use of
the storage keys. When the guest enters keyed mode, then KVM will
save/restore the key during paging, provide change/reference tracking for
guest and host and for all interpreted instructions will do key protection.
* If an instruction is intercepted and passed along to userspace (like QEMU)
no storage key protection is checked, though.
* But this is in violation of the architecture and it can result in misbehaving
guests that rely on key protection for all instructions.
* This item will improve the MEMOP ioctl to also add key checking.
In case of a key protection the right fault is injected in the guest.
[Fix]
* The following changes since commit dbdbd581976f9dfcc9e21a777273b55bdb9bf138:
UBUNTU: Ubuntu-5.4.0-102.115 (2022-02-23 15:32:05 +0100)
are available in the Git repository at:
https://git.launchpad.net/~fheimes/+git/lp1962831/ 16c0809cf1012e68279a8936a482c1d63cc4d14c
for you to fetch changes up to 16c0809cf1012e68279a8936a482c1d63cc4d14c:
KVM: s390: Add missing vm MEM_OP size check (2022-03-03 22:45:50 +0100)
* Patches are upstream accepted (but some are as of today still in linux-next).
* Notes on why the backports are needed are included in the provenance of the corresponding commit.
[Test Case]
* An IBM z13 or LinuxONE system is needed running Ubuntu Server 20.04
with QEMU/KVM setup.
* These modification here are covered by the following three tests:
* [kvm-unit-tests,v2] s390x: Test effect of storage keys on some instructions
https://patchwork.kernel.org/project/kvm/patch/20220301095059.3026178-1-scgl@linux.ibm.com/
* [PATCH v2 0/5] memop selftest for storage key checking
https://lore.kernel.org/kvm/20220225155311.3540514-1-scgl@linux.ibm.com/
* c7ef9ebbed20 "KVM: s390: selftests: Test TEST PROTECTION emulation"
* The tests and the verification will be done by the IBM Z team.
* On top a test build is available (see below).
[Where problems could occur]
* Issues with vm ioctl may occur due to the introduction of _vm_ioctl.
* Tests may fail or may report wrong states due to the new TEST_FAIL macro in
tests/utilities or due to new variants of GUEST_ASSERT in selftests.
* Problems on gaccess might be caused due to the refactoring of gpa, length
calculation, access address range check and the new access_guest_page helper
function.
* In uaccess issues may occur due to the introduction of the bit field for OAC
specifier, that causes lot's but relatively straight forward changes or due
to the new storage key checking functions copy_from/to_user_key functions.
* Compile issues may happen if the changes in uaccess.h bout z10 features
are erroneous.
* Instructions that are emulated by KVM might be impacted due to the expanded
storage key checking, that now covers intercepted instructions, too.
This is the most significant modification in terms of size and complexity
and therefore carries the highest risk.
* MEM_OP IOCTL could be harmed due to the additional, but optional, storage
key extension and checking, or the new size check and I/O emulation can be
impacted due to the new vm IOCTL for key checked guest memory access.
* Some tests were added to mitigate this, like the selftests TEST PROTECTION.
* The renaming of the existing vcpu memop functions shouldn't be very harmful,
since issues will already occur test build.
* The rest are API documentation updates and clarifications.
* Except two include/header changes and changes in tools/testing
all other modifications are s390x specific
[Other]
* It was ensured that these changes are in jammy based on LP#1933179.
__________
Description:
KVM uses lazy storage key enablement as Linux does no longer make use of the storage keys. When the guest enters keyed mode, then KVM will save/restore the key during paging, provide change/reference tracking for guest and host and for all interpreted instructions will do key protection.
If an instruction is intercepted and passed along to userspace (like QEMU) no storage key protection is checked, though. This is in violation of the architecture and it can result in misbehaving guests that rely on key protection for all instructions.
This item will add the missing key checking to MEMOP ioctl. |
|
| 2022-03-16 14:29:59 |
Stefan Bader |
nominated for series |
|
Ubuntu Focal |
|
| 2022-03-16 14:29:59 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Focal) |
|
| 2022-03-16 14:31:00 |
Stefan Bader |
linux (Ubuntu Focal): importance |
Undecided |
Medium |
|
| 2022-03-16 14:31:00 |
Stefan Bader |
linux (Ubuntu Focal): status |
New |
Fix Committed |
|
| 2022-03-16 15:13:56 |
Frank Heimes |
linux (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2022-03-16 15:14:02 |
Frank Heimes |
ubuntu-z-systems: status |
In Progress |
Fix Committed |
|
| 2022-03-21 02:09:35 |
bugproxy |
tags |
architecture-s39064 bugnameltc-196455 severity-high targetmilestone-inin--- |
architecture-s39064 bugnameltc-196455 severity-high targetmilestone-inin2004 |
|
| 2022-03-21 06:49:03 |
Frank Heimes |
linux (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2022-03-21 18:53:19 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-196455 severity-high targetmilestone-inin2004 |
architecture-s39064 bugnameltc-196455 severity-high targetmilestone-inin2004 verification-needed-focal |
|
| 2022-03-22 14:19:33 |
bugproxy |
tags |
architecture-s39064 bugnameltc-196455 severity-high targetmilestone-inin2004 verification-needed-focal |
architecture-s39064 bugnameltc-196455 severity-high targetmilestone-inin2004 verification-done-focal |
|
| 2022-03-25 12:41:28 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-196455 severity-high targetmilestone-inin2004 verification-done-focal |
architecture-s39064 bugnameltc-196455 severity-high targetmilestone-inin2004 verification-done-focal verification-needed-bionic |
|
| 2022-03-25 13:00:35 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-196455 severity-high targetmilestone-inin2004 verification-done-focal verification-needed-bionic |
architecture-s39064 bugnameltc-196455 severity-high targetmilestone-inin2004 verification-done-bionic verification-done-focal |
|
| 2022-04-19 11:38:34 |
Launchpad Janitor |
linux (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2022-04-19 11:49:13 |
Frank Heimes |
ubuntu-z-systems: status |
Fix Committed |
Fix Released |
|
