Ubuntu
linux package

[22.10 FEAT] KVM: Secure Execution guest dump encryption with customer keys - kernel part

Bug #1959940 reported by bugproxy
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Skipper Bug Screeners
linux (Ubuntu)
Fix Released
High
Canonical Kernel Team

Bug Description

KVM: Secure Execution guest dump encryption with customer keys - kernel part

Description:
Hypervisor-initiated dumps for Secure Execution guests are not helpful because memory and CPU state is encrypted by a transient key only available to the Ultravisor. Workload owners can still configure kdump in order to obtain kernel crash infomation, but there are situation where kdump doesn't work. In such situations problem determination is severely impeded. This feature will implement dumps created in a way that can only be decrypted by the owner of the guest image and be used for problem determination.

Request Type: Kernel - Enhancement from IBM
Upstream Acceptance: In Progress
Code Contribution: IBM code

CVE References

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-196316 severity-high targetmilestone-inin2204
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2022-02-03 17:27 EDT-------
This also has an qemu and s390-tools part:

IBM BZ 196317 - LP#1959966 : [22.04 FEAT] KVM: Secure Execution guest dump encryption with customer keys - qemu part
IBM BZ 196318 - LP1#959965 : [22.04 FEAT] KVM: Secure Execution guest dump encryption with customer keys - s390-tools part

Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in linux (Ubuntu):
importance: Undecided → High
Changed in ubuntu-z-systems:
importance: Undecided → High
Changed in linux (Ubuntu):
status: New → Incomplete
Changed in ubuntu-z-systems:
status: New → Incomplete
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2022-02-23 04:28 EDT-------
Patches are on the lists:
https://<email address hidden>/T/#t

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2022-03-20 19:29 EDT-------
Item didn't make it in time for jammy / 22.04, therefore we need to move this to Ubuntu 22.10.
Changing Target Milestone: 22.04 ==> 22.10

tags: added: targetmilestone-inin2210
removed: targetmilestone-inin2204
Frank Heimes (fheimes)
summary: - [22.04 FEAT] KVM: Secure Execution guest dump encryption with customer
+ [22.10 FEAT] KVM: Secure Execution guest dump encryption with customer
keys - kernel part
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2022-08-02 07:43 EDT-------
The kernel patches for this feature are expected to be added to Linus' tree within this week.
Thanks Janosch for all your work.

Here are the commit IDs:

b0f46280d3fc Documentation/virt/kvm/api.rst: Explain rc/rrc delivery
437cfd714db9 Documentation/virt/kvm/api.rst: Add protvirt dump/info api descriptions
660a28653d83 Documentation: virt: Protected virtual machine dumps
e9bf3acb23f0 KVM: s390: Add KVM_CAP_S390_PROTECTED_DUMP
8aba09588d2a KVM: s390: Add CPU dump functionality
0460eb35b443 KVM: s390: Add configuration dump functionality
fe9a93e07ba4 KVM: s390: pv: Add query dump information
06eb3388e703 KVM: s390: pv: Add dump support definitions
35d02493dba1 KVM: s390: pv: Add query interface
38c218259d4c s390/uv: Add dump fields to query

Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Incomplete → New
Changed in linux (Ubuntu):
status: Incomplete → New
Revision history for this message
Frank Heimes (fheimes) wrote :

Okay, I see them now all in v6.0-rc1.

Revision history for this message
Frank Heimes (fheimes) wrote :

While trying to cherry-pick the patches I faced a merge conflict (already with 38c218259d4c):
https://pastebin.ubuntu.com/p/5JcVxd4ssd/
Are there add. commits as pre-req- needed to get the patch set in to jammy master-next (v5.19.7+)?

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2022-09-12 02:53 EDT-------
Hey Frank,

seems like I missed adding ac640db3a0260541058e95e4acd249cc166cb0eb to this list.
It's not a prereq per-se but it was brought into mainline at the same time as the dump support.

Revision history for this message
Frank Heimes (fheimes) wrote :

Ok, just figured out the same commit with ''log -S' - thx

Revision history for this message
Frank Heimes (fheimes) wrote :

Pull request submitted to kernel team's mailing list:
https://lists.ubuntu.com/archives/kernel-team/2022-September/thread.html#133113
changing status to 'In Progress'.

A test kernel was build in PPA and is available here:
https://launchpad.net/~fheimes/+archive/ubuntu/lp1959940

Changed in linux (Ubuntu):
status: New → In Progress
Changed in ubuntu-z-systems:
status: New → In Progress
Changed in linux (Ubuntu):
assignee: Skipper Bug Screeners (skipper-screen-team) → Canonical Kernel Team (canonical-kernel-team)
information type: Private → Public
Revision history for this message
Frank Heimes (fheimes) wrote :

This is incl. in linux-generic 5.19.0-17.17 (which got overruled by 5.19.0.18.18) and is with that in kinetic-proposed, hence updating the status to Fix Committed.

Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (18.6 KiB)

This bug was fixed in the package linux - 5.19.0-18.18

---------------
linux (5.19.0-18.18) kinetic; urgency=medium

  * kinetic/linux: 5.19.0-18.18 -proposed tracker (LP: #1990366)

  * 5.19.0-17.17: kernel NULL pointer dereference, address: 0000000000000084
    (LP: #1990236)
    - Revert "UBUNTU: SAUCE: apparmor: Fix regression in stacking due to label
      flags"
    - Revert "UBUNTU: [Config] disable SECURITY_APPARMOR_RESTRICT_USERNS"
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - add an internal buffer""
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - don't wait on cleanup""
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - don't waste entropy""
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - always add a pending
      request""
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - unregister device before
      reset""
    - Revert "UBUNTU: SAUCE: Revert "virtio-rng: make device ready before making
      request""
    - Revert "UBUNTU: [Config] update configs after apply new apparmor patch set"
    - Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation"
    - Revert "UBUNTU: SAUCE: selinux: Implement userns_create hook"
    - Revert "UBUNTU: SAUCE: bpf-lsm: Make bpf_lsm_userns_create() sleepable"
    - Revert "UBUNTU: SAUCE: security, lsm: Introduce security_create_user_ns()"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: AppArmor: Remove the exclusive
      flag"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add /proc attr entry for full
      LSM context"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Removed scaffolding function
      lsmcontext_init"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: netlabel: Use a struct lsmblob in
      audit data"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Add record for multiple
      object contexts"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: audit: multiple subject lsm values
      for netlabel"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Add record for multiple task
      security contexts"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Allow multiple records in an
      audit_buffer"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add a function to report
      multiple LSMs"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Create audit_stamp
      structure"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Keep multiple LSM data in
      audit_names"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: security_secid_to_secctx
      module selection"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: binder: Pass LSM identifier for
      confirmation"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: NET: Store LSM netlabel data in a
      lsmblob"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: security_secid_to_secctx in
      netlink netfilter"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
      security_dentry_init_security"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
      security_inode_getsecctx"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
      security_secid_to_secctx"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM:...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.