[UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under PV - kernel part
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Skipper Bug Screeners | ||
linux (Ubuntu) |
Fix Released
|
High
|
Skipper Bug Screeners | ||
Focal |
Fix Released
|
Medium
|
Unassigned | ||
Jammy |
Fix Released
|
Medium
|
Unassigned | ||
Kinetic |
Fix Released
|
Medium
|
Unassigned | ||
Lunar |
Fix Released
|
High
|
Skipper Bug Screeners |
Bug Description
Description: KVM: s390: pv: don't allow userspace to set the clock under PV
Symptom: Timer issues and RCU stalls after suspending and resuming an IBM Secure Execution guest
Problem: KVM and QEMU try to set the guest's TOD clock after resume under PV, even though that is not permitted under SE.
Solution: Don't set the clock after resume under PV. Note that kernel and QEMU patches are required in lockstep,
to avoid a warning message in QEMU.
Reproduction: 1. Start SE guest using libvirt.
2. Pause the guest using "virsh suspend", wait for a few
3. Run "time sleep 1" in the guest.
4. The sleep will sleep much longer than one second.
Upstream-ID: 6973091d1b50ab4
Preventive fix: yes
Author: Nico Boehr <email address hidden>
Please note that fixing the described problem requires patches for the kernel as well as for QEMU.
This bug covers the kernel part, whereas the required QEMU part is described and handled in the following related bug:
Bug?200901 - [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under PV - qemu part
Both parts, the kernel and the qemu patches should be applied / released at the same time to avoid problems resulting in the following warning message for customers:
'warning: Unable to set KVM guest TOD clock: Operation not supported'
CVE References
tags: | added: architecture-s39064 bugnameltc-200889 severity-high targetmilestone-inin--- |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
tags: |
added: targetmilestone-inin2004 removed: targetmilestone-inin--- |
Changed in linux (Ubuntu Kinetic): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Jammy): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Focal): | |
status: | New → In Progress |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Lunar): | |
status: | In Progress → Fix Released |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
tags: |
added: verification-done-focal removed: verification-needed-focal |
Commit 6973091d1b50 got upstream accepted with v6.1-rc5,
so lunar will have the fix incl., once it's on its target kernel 6.2.
Marking kinetic, jammy and focal as affected releases.