Require improved hypervisor detection patch in Ubuntu 18.04

Bug #1829972 reported by bugproxy on 2019-05-22
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
High
Canonical Kernel Team
linux (Ubuntu)
Undecided
Skipper Bug Screeners
Bionic
Undecided
Po-Hsu Lin

Bug Description

== Justification ==
The s390x early machine detection code check will set all the uknown
hypervisors to z/VM, this will cause crash for any non KVM, z/VM
system.

== Fixes ==
03aa047e (s390/early: improve machine detection)
Patch can be cherry-picked into Bionic kernel.

Instead of setting all the other hypervisors to z/VM, it will only set
MACHINE_FLAG_VM if it matches the case.

== Tests ==
A test kernel could be found here:
https://people.canonical.com/~phlin/kernel/lp-1829972-s390x-early/

Boot tested on a s390x KVM node and verified by IBM as well.

== Regression Potential ==
Low, this just improves the detection logic and the changes are
specific to s390x.

== Original Bug Report ==

This kernel commit is requested to be included into the bionic's 4.15.0 LTS kernel:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=03aa047ef2db4985e444af6ee1c1dd084ad9fb4c

s390/early: improve machine detection

Right now the early machine detection code check stsi 3.2.2 for "KVM"
and set MACHINE_IS_VM if this is different. As the console detection
uses diagnose 8 if MACHINE_IS_VM returns true this will crash Linux
early for any non z/VM system that sets a different value than KVM.
So instead of assuming z/VM, do not set any of MACHINE_IS_LPAR,
MACHINE_IS_VM, or MACHINE_IS_KVM.

This is required for a dedicated SSC exploiter

bugproxy (bugproxy) on 2019-05-22
tags: added: architecture-s39064 bugnameltc-177777 severity-medium targetmilestone-inin18041
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Changed in ubuntu-z-systems:
importance: Undecided → Medium
status: New → Triaged
importance: Medium → High

------- Comment From <email address hidden> 2019-05-22 08:57 EDT-------
Increased severity to high

tags: added: severity-high
removed: severity-medium
Po-Hsu Lin (cypressyew) wrote :

A test kernel for s390x could be found here:
https://people.canonical.com/~phlin/kernel/lp-1829972-s390x-early/

Boot OK on a s390x KVM.

tags: added: bionic
Po-Hsu Lin (cypressyew) wrote :

Hello,
can you help us to verify if this kernel can meet your needs?
Thanks

Changed in ubuntu-z-systems:
status: Triaged → Incomplete
Changed in ubuntu-z-systems:
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-05-24 08:46 EDT-------
The test kernel has been successfully verified by the SSC team and the requesting exploiter. From our perspective it is good to go.

Changed in ubuntu-z-systems:
status: Incomplete → Triaged
Po-Hsu Lin (cypressyew) on 2019-05-27
description: updated
Changed in linux (Ubuntu Bionic):
assignee: nobody → Po-Hsu Lin (cypressyew)
status: New → In Progress
Changed in ubuntu-z-systems:
status: Triaged → In Progress
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Manoj Iyer (manjo) on 2019-06-17
Changed in linux (Ubuntu):
status: New → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-06-20 14:54 EDT-------
IBM z/OS Container Extensions appliance built on SSC 3.x with the proposed kernel successfully identified the zOS hypervisor:

Linux version 4.15.0-53-generic (buildd@bos02-s390x-001) (gcc ver
ntu 7.3.0-16ubuntu3)) #57-Ubuntu SMP Thu Jun 13 09:33:16 UTC 2019
-53.57-generic 4.15.18)
setup.5ae0ad: Linux is running as a guest in 64-bit mode

This fix is verified.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Launchpad Janitor (janitor) wrote :
Download full text (11.2 KiB)

This bug was fixed in the package linux - 4.15.0-55.60

---------------
linux (4.15.0-55.60) bionic; urgency=medium

  * linux: 4.15.0-55.60 -proposed tracker (LP: #1834954)

  * Request backport of ceph commits into bionic (LP: #1834235)
    - ceph: use atomic_t for ceph_inode_info::i_shared_gen
    - ceph: define argument structure for handle_cap_grant
    - ceph: flush pending works before shutdown super
    - ceph: send cap releases more aggressively
    - ceph: single workqueue for inode related works
    - ceph: avoid dereferencing invalid pointer during cached readdir
    - ceph: quota: add initial infrastructure to support cephfs quotas
    - ceph: quota: support for ceph.quota.max_files
    - ceph: quota: don't allow cross-quota renames
    - ceph: fix root quota realm check
    - ceph: quota: support for ceph.quota.max_bytes
    - ceph: quota: update MDS when max_bytes is approaching
    - ceph: quota: add counter for snaprealms with quota
    - ceph: avoid iput_final() while holding mutex or in dispatch thread

  * QCA9377 isn't being recognized sometimes (LP: #1757218)
    - SAUCE: USB: Disable USB2 LPM at shutdown

  * hns: fix ICMP6 neighbor solicitation messages discard problem (LP: #1833140)
    - net: hns: fix ICMP6 neighbor solicitation messages discard problem
    - net: hns: fix unsigned comparison to less than zero

  * Fix occasional boot time crash in hns driver (LP: #1833138)
    - net: hns: Fix probabilistic memory overwrite when HNS driver initialized

  * use-after-free in hns_nic_net_xmit_hw (LP: #1833136)
    - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw()

  * hns: attempt to restart autoneg when disabled should report error
    (LP: #1833147)
    - net: hns: Restart autoneg need return failed when autoneg off

  * systemd 237-3ubuntu10.14 ADT test failure on Bionic ppc64el (test-seccomp)
    (LP: #1821625)
    - powerpc: sys_pkey_alloc() and sys_pkey_free() system calls
    - powerpc: sys_pkey_mprotect() system call

  * [UBUNTU] pkey: Indicate old mkvp only if old and curr. mkvp are different
    (LP: #1832625)
    - pkey: Indicate old mkvp only if old and current mkvp are different

  * [UBUNTU] kernel: Fix gcm-aes-s390 wrong scatter-gather list processing
    (LP: #1832623)
    - s390/crypto: fix gcm-aes-s390 selftest failures

  * System crashes on hot adding a core with drmgr command (4.15.0-48-generic)
    (LP: #1833716)
    - powerpc/numa: improve control of topology updates
    - powerpc/numa: document topology_updates_enabled, disable by default

  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl

  * [UBUNTU] kernel: Fix wrong dispatching for control domain CPRBs
    (LP: #1832624)
    - s390/zcrypt: Fix wrong dispatching for control domain CPRBs

  * CVE-2019-11815
    - net: rds: force to destroy connection if t_sock is NULL in
      rds_tcp_kill_sock().

  * Sound device not detected after resume from hibernate (LP: #1826868)
    - drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled
    - drm/i915: Save the old CDCLK atomic state
...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Frank Heimes (frank-heimes) wrote :

Changing "linux (Ubuntu)" to Fix Released, since the patch got upstream accepted with kernel 5.0 and in between kernel 5.2 landed in Eoan's release pocket.
Hence the entire ticket is Fix Released.

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-07-22 09:07 EDT-------
IBM bugzilla status -> closed, Fix Released with all requested distros.

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers