This bug was fixed in the package linux - 5.15.0-43.46
---------------
linux (5.15.0-43.46) jammy; urgency=medium
* jammy/linux: 5.15.0-43.46 -proposed tracker (LP: #1981243)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2022.07.11)
* nbd: requests can become stuck when disconnecting from server with qemu-nbd
(LP: #1896350)
- nbd: don't handle response without a corresponding request message
- nbd: make sure request completion won't concurrent
- nbd: don't clear 'NBD_CMD_INFLIGHT' flag if request is not completed
- nbd: fix io hung while disconnecting device
* Ubuntu 22.04 and 20.04 DPC Fixes for Failure Cases of DownPort Containment
events (LP: #1965241)
- PCI/portdrv: Rename pm_iter() to pcie_port_device_iter()
- PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset
- [Config] Enable config option CONFIG_PCIE_EDR
* [SRU] Ubuntu 22.04 Feature Request-Add support for a NVMe-oF-TCP CDC Client
- TP 8010 (LP: #1948626)
- nvme: add CNTRLTYPE definitions for 'identify controller'
- nvme: send uevent on connection up
- nvme: expose cntrltype and dctype through sysfs
* [UBUNTU 22.04] Kernel oops while removing device from cio_ignore list
(LP: #1980951)
- s390/cio: derive cdev information only for IO-subchannels
* Jammy Charmed OpenStack deployment fails over connectivity issues when using
converged OVS bridge for control and data planes (LP: #1978820)
- net/mlx5e: TC NIC mode, fix tc chains miss table
* Hairpin traffic does not work with centralized NAT gw (LP: #1967856)
- net: openvswitch: fix misuse of the cached connection on tuple changes
* alsa: asoc: amd: the internal mic can't be dedected on yellow carp machines
(LP: #1980700)
- ASoC: amd: Add driver data to acp6x machine driver
- ASoC: amd: Add support for enabling DMIC on acp6x via _DSD
* AMD ACP 6.x DMIC Supports (LP: #1949245)
- ASoC: amd: add Yellow Carp ACP6x IP register header
- ASoC: amd: add Yellow Carp ACP PCI driver
- ASoC: amd: add acp6x init/de-init functions
- ASoC: amd: add platform devices for acp6x pdm driver and dmic driver
- ASoC: amd: add acp6x pdm platform driver
- ASoC: amd: add acp6x irq handler
- ASoC: amd: add acp6x pdm driver dma ops
- ASoC: amd: add acp6x pci driver pm ops
- ASoC: amd: add acp6x pdm driver pm ops
- ASoC: amd: enable Yellow carp acp6x drivers build
- ASoC: amd: create platform device for acp6x machine driver
- ASoC: amd: add YC machine driver using dmic
- ASoC: amd: enable Yellow Carp platform machine driver build
- ASoC: amd: fix uninitialized variable in snd_acp6x_probe()
- [Config] Enable AMD ACP 6 DMIC Support
* [UBUNTU 20.04] Include patches to avoid self-detected stall with Secure
Execution (LP: #1979296)
- KVM: s390: pv: add macros for UVC CC values
- KVM: s390: pv: avoid stalls when making pages secure
* [22.04 FEAT] KVM: Attestation support for Secure Execution (crypto)
(LP: #1959973)
- drivers/s390/char: Add Ultravisor io device
- s390/uv_uapi: depend on CONFIG_S390
- [Config] CONFIG_S390_UV_UAPI=y for s390x
* CVE-2022-1679
- SAUCE: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
* CVE-2022-28893
- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
- SUNRPC: Don't leak sockets in xs_local_connect()
* CVE-2022-34918
- netfilter: nf_tables: stricter validation of element data
* CVE-2022-1652
- floppy: use a statically allocated error counter
-- Stefan Bader <stefan.ba...@canonical.com> Tue, 12 Jul 2022 10:51:03
+0200
** Changed in: linux (Ubuntu Jammy)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1652
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1679
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28893
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-34918
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1959973
Title:
[22.04 FEAT] KVM: Attestation support for Secure Execution (crypto)
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Jammy:
Fix Released
Bug description:
SRU Justification:
==================
[Impact]
* This is a hardware enablement SRU in support of
IBM z15 and LinuxONE III (FC 115) secure execution feature.
* It adds a misc character device to expose some Ultravisor
functions to userspace.
* The device is only available if the (optional) Ultravisor
Facility (158) is present in the system.
* Two Ultravisor calls are supported:
- Query Ultravisor Information (QUI) and
- Receive Attestation Measurement (Attest[ation])
* This is in support of for example. external frameworks,
specific deployment models or especially
potentially regulatory requirements.
[Fix]
* 4689752c79fa 4689752c79fa30e91b49b39a9fba93c4d1f3e20c
"drivers/s390/char: Add Ultravisor io device"
* eb3de2d8f78d eb3de2d8f78d893303891d879f941c47f2f2d13d
"s390/uv_uapi: depend on CONFIG_S390"
* patch to set kernel config option 'CONFIG_S390_UV_UAPI=y'
[Test Plan]
* An IBM z15 or LinuxONE III LPAR with FC 115 enabled is required.
* Installation of Ubuntu Server 22.04 LTS on top.
* Install a kernel that incl. the above patches/commits
(that has the kernel config option 'CONFIG_S390_UV_UAPI' enabled).
* Activate the kernel (reboot) and look for the existence of
the uvdevice '/dev/uv'.
* Use a userspace test program that makes use of the new
misc device by exploiting 'ATTEST'.
* Due to hardware requirements this test needs to be conducted by
IBM.
[Where problems could occur]
* The definitions in uv_cmds_inst and uv_feat_ind could be wrong
and the codes wrong or mixed up, which would lead to a broken
functionality/interface.
* The uvdevice header definitions could be erroneous,
defining an wrong interface.
* The newly added kernel options could be implemented in a wrong way,
so that it doesn't enable the 'uvdevice', but unlikely.
* The implementation of the device itself in 'uvdevice.c' could be broken
by wrong or broken pointer arithmetics, wrong method arguments,
wrong sizeof/length calculations, which - in worst case - could entirely
crash a system.
* The ioctl control block implementation could be wrong in a way,
that it doesn't properly handle the case where the facility is not
available in the system.
* Entry point, copy and check routines could be wrong,
allowing non-desired calls.
* This is an s390x-only functionality,
that is only available on IBM z15 / LinuxONE III systems and newer,
and only is the optional feature 'FC 115' in place,
which is limited to 'secure-execution' workloads.
[Other Info]
* The above commit is marked to be merged into 5.19-rc2,
and since the planned target kernel for kinetic is
5.19, the SRU is not needed for kinetic.
__________
KVM: Attestation support for Secure Execution (crypto)
Description:
Provide attestations support, e.g. for external frameworks, specific
deployment models or potentially regulatory requirements.
Request Type: Kernel - Enhancement from IBM
Upstream Acceptance: In Progress
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1959973/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
