NVME errors in confidential vms

Bug #1943902 reported by Khaled El Mously
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-gcp (Ubuntu)
Invalid
Undecided
Khaled El Mously
Focal
Fix Released
Medium
Khaled El Mously
linux-gcp-5.4 (Ubuntu)
Invalid
Undecided
Khaled El Mously
Bionic
Fix Released
Undecided
Khaled El Mously

Bug Description

See https://canonical.lightning.force.com/lightning/r/Case/5004K000009WBzrQAG/view for more info

[Impact]
Using nvme with swiotlb in confidential VMs can encounter hardware read/write errors.

[Fix]

The following upstream patches from v5.12 address this:

3d2d861eb03e nvme-pci: set min_align_mask
1f221a0d0dbf swiotlb: respect min_align_mask
16fc3cef33a0 swiotlb: don't modify orig_addr in swiotlb_tbl_sync_single
26a7e094783d swiotlb: refactor swiotlb_tbl_map_single
ca10d0f8e530 swiotlb: clean up swiotlb_tbl_unmap_single
c32a77fd1878 swiotlb: factor out a nr_slots helper
c7fbeca757fe swiotlb: factor out an io_tlb_offset helper
b5d7ccb7aac3 swiotlb: add a IO_TLB_SIZE define

[Test]

Using a confidential VM, with 'swiotlb=force' set on the kernel command line, and an additional nvme device attached:

$ sudo mkfs.xfs -f /dev/nvme2n1
meta-data=/dev/nvme2n1 isize=512 agcount=4, agsize=131072 blks
         = sectsz=512 attr=2, projid32bit=1
         = crc=1 finobt=1, sparse=0, rmapbt=0, refl
ink=0
data = bsize=4096 blocks=524288, imaxpct=25
         = sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=2560, version=2
         = sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
mkfs.xfs: pwrite failed: Input/output error

Note the input/output error

The error no longer happens with the fixes applied.

[Regression Potential]

Low risk as the patches are mostly clean-up and refactor.
Regression in swiotlb could cause hardware read/write errors

description: updated
no longer affects: linux-oracle (Ubuntu)
no longer affects: linux-gcp-5.4 (Ubuntu Focal)
no longer affects: linux-gcp (Ubuntu Bionic)
Changed in linux-gcp (Ubuntu):
assignee: nobody → Khaled El Mously (kmously)
Changed in linux-gcp-5.4 (Ubuntu):
assignee: nobody → Khaled El Mously (kmously)
Changed in linux-gcp (Ubuntu Focal):
assignee: nobody → Khaled El Mously (kmously)
Changed in linux-gcp-5.4 (Ubuntu Bionic):
assignee: nobody → Khaled El Mously (kmously)
description: updated
description: updated
Stefan Bader (smb)
Changed in linux-gcp (Ubuntu Focal):
importance: Undecided → Medium
status: New → In Progress
Changed in linux-gcp-5.4 (Ubuntu):
status: New → Invalid
Changed in linux-gcp (Ubuntu):
status: New → Invalid
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-gcp - 5.4.0-1055.59

---------------
linux-gcp (5.4.0-1055.59) focal; urgency=medium

  * focal/linux-gcp: 5.4.0-1055.59 -proposed tracker (LP: #1947072)

  * NVME errors in confidential vms (LP: #1943902)
    - swiotlb: remove the tbl_dma_addr argument to swiotlb_tbl_map_single
    - driver core: add a min_align_mask field to struct device_dma_parameters
    - swiotlb: add a IO_TLB_SIZE define
    - swiotlb: factor out an io_tlb_offset helper
    - swiotlb: factor out a nr_slots helper
    - swiotlb: clean up swiotlb_tbl_unmap_single
    - swiotlb: refactor swiotlb_tbl_map_single
    - swiotlb: don't modify orig_addr in swiotlb_tbl_sync_single
    - swiotlb: respect min_align_mask
    - nvme-pci: set min_align_mask
    - swiotlb: move orig addr and size validation into swiotlb_bounce
    - swiotlb: Fix the type of index
    - swiotlb: manipulate orig_addr when tlb_addr has offset

 -- Khalid Elmously <email address hidden> Wed, 13 Oct 2021 23:25:16 -0400

Changed in linux-gcp (Ubuntu Focal):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-gcp-5.4 - 5.4.0-1055.59~18.04.1

---------------
linux-gcp-5.4 (5.4.0-1055.59~18.04.1) bionic; urgency=medium

  * bionic/linux-gcp-5.4: 5.4.0-1055.59~18.04.1 -proposed tracker (LP: #1947075)

  [ Ubuntu: 5.4.0-1055.59 ]

  * focal/linux-gcp: 5.4.0-1055.59 -proposed tracker (LP: #1947072)
  * NVME errors in confidential vms (LP: #1943902)
    - swiotlb: remove the tbl_dma_addr argument to swiotlb_tbl_map_single
    - driver core: add a min_align_mask field to struct device_dma_parameters
    - swiotlb: add a IO_TLB_SIZE define
    - swiotlb: factor out an io_tlb_offset helper
    - swiotlb: factor out a nr_slots helper
    - swiotlb: clean up swiotlb_tbl_unmap_single
    - swiotlb: refactor swiotlb_tbl_map_single
    - swiotlb: don't modify orig_addr in swiotlb_tbl_sync_single
    - swiotlb: respect min_align_mask
    - nvme-pci: set min_align_mask
    - swiotlb: move orig addr and size validation into swiotlb_bounce
    - swiotlb: Fix the type of index
    - swiotlb: manipulate orig_addr when tlb_addr has offset

 -- Khalid Elmously <email address hidden> Thu, 14 Oct 2021 03:47:52 -0400

Changed in linux-gcp-5.4 (Ubuntu Bionic):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.