[Kernel-packages] [Bug 1999882] Re: [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under PV - kernel part

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 5.4.0-146.163

---------------
linux (5.4.0-146.163) focal; urgency=medium

  * focal/linux: 5.4.0-146.163 -proposed tracker (LP: #2012094)

  * NFS deathlock with last Kernel 5.4.0-144.161 and 5.15.0-67.74 (LP: #2009325)
    - NFS: Correct timing for assigning access cache timestamp

linux (5.4.0-145.162) focal; urgency=medium

  * focal/linux: 5.4.0-145.162 -proposed tracker (LP: #2008389)

  * [SRU]Update ice driver to support E823 devices (LP: #1986717)
    - ice: Add device ids for E822 devices
    - ice: add support for E823 devices

  * btrfs/154: rename fails with EOVERFLOW when calculating item size during
    item key collision (LP: #2004132)
    - btrfs: correctly calculate item size used when item key collision happens

  * rtcpie in timers from ubuntu_kernel_selftests randomly failing
    (LP: #1814234)
    - SAUCE: selftest: rtcpie: Force passing unreliable subtest

  * [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under
    PV - kernel part (LP: #1999882)
    - KVM: s390x: fix SCK locking
    - KVM: s390: pv: don't allow userspace to set the clock under PV

  * CVE-2021-3669
    - ipc: replace costly bailout check in sysvipc_find_ipc()

  * net:fcnal-test.sh 'nettest' command not found on F/K (LP: #2006391)
    - selftests/net: Find nettest in current directory

  * xfs: Preallocated ioend transactions cause deadlock due to log buffer
    exhaustion (LP: #2007219)
    - xfs: drop submit side trans alloc for append ioends

  * CVE-2022-4382
    - USB: gadgetfs: Fix race between mounting and unmounting

  * CVE-2022-2196
    - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS

  * ubuntu_kernel_selftests: net:udpgso_bench.sh failed (LP: #1951447)
    - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs

  * net:fcnal-test.sh didn't return a non-zero value even with some sub-tests
    failed (LP: #2006692)
    - selftests: net/fcnal-test.sh: add exit code

  * Fix selftests/ftracetests/Meta-selftests in Focal (LP: #2006453)
    - SAUCE: Fix ftrace/Meta-selftests bashism check

  * CVE-2023-23559
    - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

 -- Luke Nowakowski-Krijger <luke.nowakowskikrij...@canonical.com>  Fri,
17 Mar 2023 11:08:20 -0700

** Changed in: linux (Ubuntu Focal)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3669

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2196

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-4382

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-23559

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1999882

Title:
  [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock
  under PV - kernel part

Status in Ubuntu on IBM z Systems:
  Fix Committed
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Fix Released

Bug description:
  Description:   KVM: s390: pv: don't allow userspace to set the clock
  under PV

  Symptom:       Timer issues and RCU stalls after suspending and
  resuming an IBM Secure Execution guest

  Problem:       KVM and QEMU try to set the guest's TOD clock after resume 
under PV, even though that is not permitted under SE. 
                 Hence,their view of the guest clock may deviate from the 
ultravisor's, possibly causing KVM to re-dispatch the 
                 guest too late on clock comparator interrupts.

  Solution:      Don't set the clock after resume under PV. Note that kernel 
and QEMU patches are required in lockstep, 
                 to avoid a warning message in QEMU.

  Reproduction:  1. Start SE guest using libvirt.
                 2. Pause the guest using "virsh suspend", wait for a few 
                    seconds, resume using "virsh resume".
                 3. Run "time sleep 1" in the guest.
                 4. The sleep will sleep much longer than one second.

  Upstream-ID:   6973091d1b50ab4042f6a2d495f59e9db3662ab8

  Preventive fix: yes

  Author:        Nico Boehr <n...@linux.ibm.com>

  
  Please note that fixing the described problem requires patches for the kernel 
as well as for QEMU.
  This bug covers the kernel part, whereas the required QEMU part is described 
and handled in the following related bug:

     Bug?200901 - [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to
  set the clock under PV - qemu part

  Both parts, the kernel and the qemu patches should be applied / released at 
the same time to avoid problems resulting in the following warning message for 
customers:
     'warning: Unable to set KVM guest TOD clock: Operation not supported'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1999882/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp