| 2018-08-16 13:19:30 |
bugproxy |
bug |
|
|
added bug |
| 2018-08-16 13:19:31 |
bugproxy |
tags |
|
architecture-s39064 bugnameltc-170621 severity-high targetmilestone-inin1810 |
|
| 2018-08-16 13:19:32 |
bugproxy |
ubuntu: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
| 2018-08-16 13:19:34 |
bugproxy |
affects |
ubuntu |
linux (Ubuntu) |
|
| 2018-08-16 13:19:36 |
bugproxy |
bug |
|
|
added subscriber CDE Administration |
| 2018-08-16 13:19:36 |
bugproxy |
bug |
|
|
added subscriber Heinz-Werner Seeck |
| 2018-08-16 13:19:37 |
bugproxy |
bug |
|
|
added subscriber Frank Heimes |
| 2018-08-16 13:19:38 |
bugproxy |
bug |
|
|
added subscriber Lou Peers |
| 2018-08-16 13:46:40 |
Christian Ehrhardt |
bug |
|
|
added subscriber Christian Ehrhardt |
| 2018-08-16 16:33:36 |
Andrew Cloke |
bug task added |
|
ubuntu-z-systems |
|
| 2018-08-16 16:33:42 |
Andrew Cloke |
ubuntu-z-systems: importance |
Undecided |
High |
|
| 2018-08-16 17:18:29 |
Andrew Cloke |
ubuntu-z-systems: assignee |
|
Canonical Kernel Team (canonical-kernel-team) |
|
| 2018-08-16 17:18:44 |
Andrew Cloke |
ubuntu-z-systems: status |
New |
Incomplete |
|
| 2018-08-21 01:07:56 |
Dimitri John Ledkov |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2018-08-21 01:08:04 |
Dimitri John Ledkov |
bug task added |
|
libvirt (Ubuntu) |
|
| 2018-08-21 01:08:10 |
Dimitri John Ledkov |
bug task added |
|
qemu (Ubuntu) |
|
| 2018-08-21 01:08:13 |
Dimitri John Ledkov |
libvirt (Ubuntu): status |
New |
Incomplete |
|
| 2018-08-21 01:08:15 |
Dimitri John Ledkov |
qemu (Ubuntu): status |
New |
Incomplete |
|
| 2018-09-03 14:39:28 |
bugproxy |
tags |
architecture-s39064 bugnameltc-170621 severity-high targetmilestone-inin1810 |
architecture-s39064 bugnameltc-170621 severity-high targetmilestone-inin1904 |
|
| 2018-09-03 14:55:33 |
Frank Heimes |
summary |
[18.10 FEAT] Guest-dedicated Crypto Adapters |
[19.04 FEAT] Guest-dedicated Crypto Adapters |
|
| 2018-09-25 18:28:40 |
Dimitri John Ledkov |
bug |
|
|
added subscriber Canonical Server Team |
| 2018-09-25 18:28:46 |
Dimitri John Ledkov |
bug |
|
|
added subscriber Canonical Kernel |
| 2018-09-25 18:28:54 |
Dimitri John Ledkov |
bug |
|
|
added subscriber Canonical Foundations Team |
| 2018-10-22 12:39:26 |
Frank Heimes |
libvirt (Ubuntu): status |
Incomplete |
Invalid |
|
| 2018-10-30 15:42:10 |
Frank Heimes |
ubuntu-z-systems: status |
Incomplete |
Triaged |
|
| 2018-10-30 15:42:24 |
Frank Heimes |
linux (Ubuntu): status |
Incomplete |
Confirmed |
|
| 2018-10-30 15:54:15 |
Frank Heimes |
bug |
|
|
added subscriber Joseph Salisbury |
| 2018-10-30 15:54:35 |
Frank Heimes |
information type |
Private |
Public |
|
| 2018-10-30 16:06:39 |
Joseph Salisbury |
linux (Ubuntu): importance |
Undecided |
High |
|
| 2018-10-30 16:06:43 |
Joseph Salisbury |
linux (Ubuntu): status |
Confirmed |
Triaged |
|
| 2018-10-30 16:13:28 |
Christian Ehrhardt |
tags |
architecture-s39064 bugnameltc-170621 severity-high targetmilestone-inin1904 |
architecture-s39064 bugnameltc-170621 libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 |
|
| 2018-10-30 16:14:16 |
Joseph Salisbury |
linux (Ubuntu): assignee |
Skipper Bug Screeners (skipper-screen-team) |
Joseph Salisbury (jsalisbury) |
|
| 2018-11-02 07:35:52 |
Frank Heimes |
description |
Description:
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
This functionality will be contribute to following packages.
--kernel, qemu and libvirt.
Currently these functions are not finalized and therefore no git-commit are avalable,
- kernel > 4.19
- libvirt > 4.6.0
- qemu > 3.0
We will provide these as soon as possible.
This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical.
But the main intention is, to get this integrated into 18.04 LTS !!!!!!
Thererfore, the backports will be required for both distros.! |
== SRU Justification ==
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) -->
<-- In addition to that some prereqs for the 'ap/crypto' driver are necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 -->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick <all from 'kvm/next' list>
(112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch)
$ git cherry-pick <all from 'kvms390/next' list>
$ git cherry-pick <all from 'ap/zcrypt' list>
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed and dedicate crypto adapters (and domains) as passthrough devices to a KVM guest.
But for that an updated qemu and libvirt are also needed - they are addressed in LP1787405, too.
(So this is only the kernel part of that ticket.)
__________
Description:
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
This functionality will be contribute to following packages.
--kernel, qemu and libvirt.
Currently these functions are not finalized and therefore no git-commit are avalable,
- kernel > 4.19
- libvirt > 4.6.0
- qemu > 3.0
We will provide these as soon as possible.
This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical.
But the main intention is, to get this integrated into 18.04 LTS !!!!!!
Thererfore, the backports will be required for both distros.! |
|
| 2018-11-02 07:36:20 |
Frank Heimes |
description |
== SRU Justification ==
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) -->
<-- In addition to that some prereqs for the 'ap/crypto' driver are necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 -->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick <all from 'kvm/next' list>
(112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch)
$ git cherry-pick <all from 'kvms390/next' list>
$ git cherry-pick <all from 'ap/zcrypt' list>
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed and dedicate crypto adapters (and domains) as passthrough devices to a KVM guest.
But for that an updated qemu and libvirt are also needed - they are addressed in LP1787405, too.
(So this is only the kernel part of that ticket.)
__________
Description:
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
This functionality will be contribute to following packages.
--kernel, qemu and libvirt.
Currently these functions are not finalized and therefore no git-commit are avalable,
- kernel > 4.19
- libvirt > 4.6.0
- qemu > 3.0
We will provide these as soon as possible.
This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical.
But the main intention is, to get this integrated into 18.04 LTS !!!!!!
Thererfore, the backports will be required for both distros.! |
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) -->
<-- In addition to that some prereqs for the 'ap/crypto' driver are necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 -->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick <all from 'kvm/next' list>
(112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch)
$ git cherry-pick <all from 'kvms390/next' list>
$ git cherry-pick <all from 'ap/zcrypt' list>
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed and dedicate crypto adapters (and domains) as passthrough devices to a KVM guest.
But for that an updated qemu and libvirt are also needed - they are addressed in LP1787405, too.
(So this is only the kernel part of that ticket.)
__________
Description:
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
This functionality will be contribute to following packages.
--kernel, qemu and libvirt.
Currently these functions are not finalized and therefore no git-commit are avalable,
- kernel > 4.19
- libvirt > 4.6.0
- qemu > 3.0
We will provide these as soon as possible.
This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical.
But the main intention is, to get this integrated into 18.04 LTS !!!!!!
Thererfore, the backports will be required for both distros.! |
|
| 2018-11-02 10:55:01 |
Frank Heimes |
description |
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) -->
<-- In addition to that some prereqs for the 'ap/crypto' driver are necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 -->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick <all from 'kvm/next' list>
(112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch)
$ git cherry-pick <all from 'kvms390/next' list>
$ git cherry-pick <all from 'ap/zcrypt' list>
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed and dedicate crypto adapters (and domains) as passthrough devices to a KVM guest.
But for that an updated qemu and libvirt are also needed - they are addressed in LP1787405, too.
(So this is only the kernel part of that ticket.)
__________
Description:
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
This functionality will be contribute to following packages.
--kernel, qemu and libvirt.
Currently these functions are not finalized and therefore no git-commit are avalable,
- kernel > 4.19
- libvirt > 4.6.0
- qemu > 3.0
We will provide these as soon as possible.
This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical.
But the main intention is, to get this integrated into 18.04 LTS !!!!!!
Thererfore, the backports will be required for both distros.! |
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) -->
<-- In addition to that some prereqs for the 'ap/crypto' driver are necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 -->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick <all from 'kvm/next' list>
(112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch)
$ git cherry-pick <all from 'kvms390/next' list>
$ git cherry-pick <all from 'ap/zcrypt' list>
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization")
But for that an updated qemu and libvirt should be in place - that's addressed in LP1787405, too.
(So this is only the kernel part of that ticket.)
__________
Description:
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
This functionality will be contribute to following packages.
--kernel, qemu and libvirt.
Currently these functions are not finalized and therefore no git-commit are avalable,
- kernel > 4.19
- libvirt > 4.6.0
- qemu > 3.0
We will provide these as soon as possible.
This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical.
But the main intention is, to get this integrated into 18.04 LTS !!!!!!
Thererfore, the backports will be required for both distros.! |
|
| 2018-11-02 15:00:28 |
Dimitri John Ledkov |
libvirt (Ubuntu): status |
Invalid |
Confirmed |
|
| 2018-11-02 16:44:12 |
Joseph Salisbury |
tags |
architecture-s39064 bugnameltc-170621 libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 |
architecture-s39064 bugnameltc-170621 kernel-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 |
|
| 2018-11-02 19:42:26 |
Terry Rudd |
attachment added |
|
pEpkey.asc https://bugs.launchpad.net/bugs/1787405/+attachment/5208447/+files/pEpkey.asc |
|
| 2018-11-09 08:38:56 |
Frank Heimes |
linux (Ubuntu): status |
Triaged |
In Progress |
|
| 2018-11-09 08:39:03 |
Frank Heimes |
ubuntu-z-systems: status |
Triaged |
In Progress |
|
| 2018-11-09 15:59:16 |
Joseph Salisbury |
nominated for series |
|
Ubuntu Cosmic |
|
| 2018-11-09 15:59:16 |
Joseph Salisbury |
bug task added |
|
qemu (Ubuntu Cosmic) |
|
| 2018-11-09 15:59:16 |
Joseph Salisbury |
bug task added |
|
libvirt (Ubuntu Cosmic) |
|
| 2018-11-09 15:59:16 |
Joseph Salisbury |
bug task added |
|
linux (Ubuntu Cosmic) |
|
| 2018-11-09 15:59:16 |
Joseph Salisbury |
nominated for series |
|
Ubuntu Disco |
|
| 2018-11-09 15:59:16 |
Joseph Salisbury |
bug task added |
|
qemu (Ubuntu Disco) |
|
| 2018-11-09 15:59:16 |
Joseph Salisbury |
bug task added |
|
libvirt (Ubuntu Disco) |
|
| 2018-11-09 15:59:16 |
Joseph Salisbury |
bug task added |
|
linux (Ubuntu Disco) |
|
| 2018-11-09 15:59:16 |
Joseph Salisbury |
nominated for series |
|
Ubuntu Bionic |
|
| 2018-11-09 15:59:16 |
Joseph Salisbury |
bug task added |
|
qemu (Ubuntu Bionic) |
|
| 2018-11-09 15:59:16 |
Joseph Salisbury |
bug task added |
|
libvirt (Ubuntu Bionic) |
|
| 2018-11-09 15:59:16 |
Joseph Salisbury |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2018-11-09 15:59:27 |
Joseph Salisbury |
bug task deleted |
qemu (Ubuntu Bionic) |
|
|
| 2018-11-09 15:59:33 |
Joseph Salisbury |
bug task deleted |
qemu (Ubuntu Cosmic) |
|
|
| 2018-11-09 15:59:41 |
Joseph Salisbury |
bug task deleted |
qemu (Ubuntu Disco) |
|
|
| 2018-11-09 15:59:49 |
Joseph Salisbury |
bug task deleted |
libvirt (Ubuntu Disco) |
|
|
| 2018-11-09 16:00:01 |
Joseph Salisbury |
bug task deleted |
libvirt (Ubuntu Cosmic) |
|
|
| 2018-11-09 16:00:10 |
Joseph Salisbury |
bug task deleted |
libvirt (Ubuntu Bionic) |
|
|
| 2018-11-09 16:00:22 |
Joseph Salisbury |
linux (Ubuntu Cosmic): status |
New |
Triaged |
|
| 2018-11-09 16:00:25 |
Joseph Salisbury |
linux (Ubuntu Bionic): status |
New |
Triaged |
|
| 2018-11-09 16:00:29 |
Joseph Salisbury |
linux (Ubuntu Cosmic): importance |
Undecided |
High |
|
| 2018-11-09 16:00:31 |
Joseph Salisbury |
linux (Ubuntu Bionic): importance |
Undecided |
High |
|
| 2018-11-09 16:00:34 |
Joseph Salisbury |
linux (Ubuntu Cosmic): assignee |
|
Joseph Salisbury (jsalisbury) |
|
| 2018-11-09 16:00:37 |
Joseph Salisbury |
linux (Ubuntu Bionic): assignee |
|
Joseph Salisbury (jsalisbury) |
|
| 2018-11-09 16:20:58 |
Joseph Salisbury |
linux (Ubuntu Cosmic): status |
Triaged |
In Progress |
|
| 2018-11-09 16:21:01 |
Joseph Salisbury |
linux (Ubuntu Cosmic): status |
In Progress |
Triaged |
|
| 2018-11-09 16:21:05 |
Joseph Salisbury |
linux (Ubuntu Bionic): status |
Triaged |
In Progress |
|
| 2018-11-12 09:12:43 |
Christian Ehrhardt |
libvirt (Ubuntu): status |
Confirmed |
Triaged |
|
| 2018-11-12 09:12:46 |
Christian Ehrhardt |
qemu (Ubuntu): status |
Incomplete |
Triaged |
|
| 2018-11-12 11:12:21 |
Andrew Cloke |
summary |
[19.04 FEAT] Guest-dedicated Crypto Adapters |
[FEAT] Guest-dedicated Crypto Adapters |
|
| 2018-11-14 11:13:42 |
Thadeu Lima de Souza Cascardo |
linux (Ubuntu Disco): status |
In Progress |
Fix Committed |
|
| 2018-11-14 11:13:47 |
Thadeu Lima de Souza Cascardo |
linux (Ubuntu Cosmic): status |
Triaged |
Fix Committed |
|
| 2018-11-15 11:04:34 |
Brad Figg |
tags |
architecture-s39064 bugnameltc-170621 kernel-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 |
architecture-s39064 bugnameltc-170621 kernel-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-needed-cosmic |
|
| 2018-11-15 11:20:51 |
bugproxy |
tags |
architecture-s39064 bugnameltc-170621 kernel-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-needed-cosmic |
architecture-s39064 bugnameltc-170621 kernel-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 |
|
| 2018-11-15 11:39:10 |
Christian Ehrhardt |
qemu (Ubuntu): status |
Triaged |
In Progress |
|
| 2018-11-15 11:39:13 |
Christian Ehrhardt |
libvirt (Ubuntu): status |
Triaged |
In Progress |
|
| 2018-11-15 11:39:16 |
Christian Ehrhardt |
libvirt (Ubuntu): assignee |
|
Christian Ehrhardt (paelzer) |
|
| 2018-11-15 11:39:17 |
Christian Ehrhardt |
qemu (Ubuntu): assignee |
|
Christian Ehrhardt (paelzer) |
|
| 2018-11-15 18:00:29 |
Joseph Salisbury |
linux (Ubuntu Cosmic): status |
Fix Committed |
In Progress |
|
| 2018-11-15 18:53:36 |
Thadeu Lima de Souza Cascardo |
linux (Ubuntu Cosmic): status |
In Progress |
Fix Committed |
|
| 2018-11-15 18:53:40 |
Thadeu Lima de Souza Cascardo |
linux (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2018-11-16 18:15:13 |
Brad Figg |
tags |
architecture-s39064 bugnameltc-170621 kernel-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 |
architecture-s39064 bugnameltc-170621 kernel-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-needed-bionic |
|
| 2018-11-19 12:56:54 |
Christian Ehrhardt |
tags |
architecture-s39064 bugnameltc-170621 kernel-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-needed-bionic |
architecture-s39064 bugnameltc-170621 kernel-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done-bionic |
|
| 2018-11-19 15:52:05 |
Joseph Salisbury |
tags |
architecture-s39064 bugnameltc-170621 kernel-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done-bionic |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done-bionic |
|
| 2018-11-19 16:26:22 |
Dimitri John Ledkov |
tags |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done-bionic |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done-bionic verification-done-cosmic |
|
| 2018-11-20 07:30:28 |
bugproxy |
attachment added |
|
libvirt patches for vfio-ap support https://bugs.launchpad.net/bugs/1787405/+attachment/5214397/+files/libvirt-4.0.0-bionic_vfio-ap.tar.gz |
|
| 2018-11-23 09:54:11 |
Christian Ehrhardt |
libvirt (Ubuntu Bionic): status |
New |
Triaged |
|
| 2018-11-23 09:54:20 |
Christian Ehrhardt |
libvirt (Ubuntu Cosmic): status |
New |
Triaged |
|
| 2018-11-23 09:54:28 |
Christian Ehrhardt |
qemu (Ubuntu Bionic): status |
New |
Triaged |
|
| 2018-11-23 09:54:37 |
Christian Ehrhardt |
qemu (Ubuntu Cosmic): status |
New |
Triaged |
|
| 2018-11-26 10:29:09 |
Christian Ehrhardt |
description |
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) -->
<-- In addition to that some prereqs for the 'ap/crypto' driver are necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 -->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick <all from 'kvm/next' list>
(112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch)
$ git cherry-pick <all from 'kvms390/next' list>
$ git cherry-pick <all from 'ap/zcrypt' list>
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization")
But for that an updated qemu and libvirt should be in place - that's addressed in LP1787405, too.
(So this is only the kernel part of that ticket.)
__________
Description:
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
This functionality will be contribute to following packages.
--kernel, qemu and libvirt.
Currently these functions are not finalized and therefore no git-commit are avalable,
- kernel > 4.19
- libvirt > 4.6.0
- qemu > 3.0
We will provide these as soon as possible.
This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical.
But the main intention is, to get this integrated into 18.04 LTS !!!!!!
Thererfore, the backports will be required for both distros.! |
[Impact]
* The ability to pass through more cryptographic capabilities is a very
important feature for users of s390x as virtualization platform.
Its availability upstream now and its backport in this bug allows to
exploit the crypto cards as new HW for these virtualization use
cases.
* This falls under both "other safe cases" SRU exceptions:
- For Long Term Support releases we regularly want to enable new
hardware ...
- For Long Term Support releases we sometimes want to introduce new
features. They must not change the behaviour on existing
installations ...
* This bug has three main components:
- kernel (ability to do all of this)
- qemu (add feature to exploit the new code)
- libvirt (make the feature user consumable)
[Test Case]
* TBD: prepping commands atm ...
[Regression Potential]
* The changes are mostly s390x only and adding a new feature so
regressions to existing components should be low. But to backport it
slight changes to the MDEV handling had to be applied as well.
The potential regressions I can see are in that MDEV handling if one
of the backports would be bad.
Fortunately we know that without the related libvirt fixes we added
here using MDEVs didn't work at all yet, and people very rarely use
qemu without libvirt for anything else than experiments.
Therefore I'm confident that even if there would be a flaw in the
MDEV changes no one is hugely relying on it.
[Other Info]
* n/a
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) -->
<-- In addition to that some prereqs for the 'ap/crypto' driver are necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 -->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick <all from 'kvm/next' list>
(112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch)
$ git cherry-pick <all from 'kvms390/next' list>
$ git cherry-pick <all from 'ap/zcrypt' list>
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization")
But for that an updated qemu and libvirt should be in place - that's addressed in LP1787405, too.
(So this is only the kernel part of that ticket.)
__________
Description:
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
This functionality will be contribute to following packages.
--kernel, qemu and libvirt.
Currently these functions are not finalized and therefore no git-commit are avalable,
- kernel > 4.19
- libvirt > 4.6.0
- qemu > 3.0
We will provide these as soon as possible.
This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical.
But the main intention is, to get this integrated into 18.04 LTS !!!!!!
Thererfore, the backports will be required for both distros.! |
|
| 2018-11-26 13:53:31 |
Christian Ehrhardt |
description |
[Impact]
* The ability to pass through more cryptographic capabilities is a very
important feature for users of s390x as virtualization platform.
Its availability upstream now and its backport in this bug allows to
exploit the crypto cards as new HW for these virtualization use
cases.
* This falls under both "other safe cases" SRU exceptions:
- For Long Term Support releases we regularly want to enable new
hardware ...
- For Long Term Support releases we sometimes want to introduce new
features. They must not change the behaviour on existing
installations ...
* This bug has three main components:
- kernel (ability to do all of this)
- qemu (add feature to exploit the new code)
- libvirt (make the feature user consumable)
[Test Case]
* TBD: prepping commands atm ...
[Regression Potential]
* The changes are mostly s390x only and adding a new feature so
regressions to existing components should be low. But to backport it
slight changes to the MDEV handling had to be applied as well.
The potential regressions I can see are in that MDEV handling if one
of the backports would be bad.
Fortunately we know that without the related libvirt fixes we added
here using MDEVs didn't work at all yet, and people very rarely use
qemu without libvirt for anything else than experiments.
Therefore I'm confident that even if there would be a flaw in the
MDEV changes no one is hugely relying on it.
[Other Info]
* n/a
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) -->
<-- In addition to that some prereqs for the 'ap/crypto' driver are necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 -->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick <all from 'kvm/next' list>
(112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch)
$ git cherry-pick <all from 'kvms390/next' list>
$ git cherry-pick <all from 'ap/zcrypt' list>
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization")
But for that an updated qemu and libvirt should be in place - that's addressed in LP1787405, too.
(So this is only the kernel part of that ticket.)
__________
Description:
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
This functionality will be contribute to following packages.
--kernel, qemu and libvirt.
Currently these functions are not finalized and therefore no git-commit are avalable,
- kernel > 4.19
- libvirt > 4.6.0
- qemu > 3.0
We will provide these as soon as possible.
This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical.
But the main intention is, to get this integrated into 18.04 LTS !!!!!!
Thererfore, the backports will be required for both distros.! |
[Impact]
* The ability to pass through more cryptographic capabilities is a very
important feature for users of s390x as virtualization platform.
Its availability upstream now and its backport in this bug allows to
exploit the crypto cards as new HW for these virtualization use
cases.
* This falls under both "other safe cases" SRU exceptions:
- For Long Term Support releases we regularly want to enable new
hardware ...
- For Long Term Support releases we sometimes want to introduce new
features. They must not change the behaviour on existing
installations ...
* This bug has three main components:
- kernel (ability to do all of this)
- qemu (add feature to exploit the new code)
- libvirt (make the feature user consumable)
[Test Case]
* In general this consists of a few steps
- get the updated kernel/qemu/libvirt
- mask the card & domains from the usual driver
- load vfio-ap
- assign card&domain to vfio-ap
- prepare a guest
- configure a guest to use the card
* See comment #66 how to do all of that in detail
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/66
[Regression Potential]
* The changes are mostly s390x only and adding a new feature so
regressions to existing components should be low. But to backport it
slight changes to the MDEV handling had to be applied as well.
The potential regressions I can see are in that MDEV handling if one
of the backports would be bad.
Fortunately we know that without the related libvirt fixes we added
here using MDEVs didn't work at all yet, and people very rarely use
qemu without libvirt for anything else than experiments.
Therefore I'm confident that even if there would be a flaw in the
MDEV changes no one is hugely relying on it.
[Other Info]
* n/a
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) -->
<-- In addition to that some prereqs for the 'ap/crypto' driver are necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 -->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick <all from 'kvm/next' list>
(112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch)
$ git cherry-pick <all from 'kvms390/next' list>
$ git cherry-pick <all from 'ap/zcrypt' list>
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization")
But for that an updated qemu and libvirt should be in place - that's addressed in LP1787405, too.
(So this is only the kernel part of that ticket.)
__________
Description:
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device.
This functionality will be contribute to following packages.
--kernel, qemu and libvirt.
Currently these functions are not finalized and therefore no git-commit are avalable,
- kernel > 4.19
- libvirt > 4.6.0
- qemu > 3.0
We will provide these as soon as possible.
This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical.
But the main intention is, to get this integrated into 18.04 LTS !!!!!!
Thererfore, the backports will be required for both distros.! |
|
| 2018-11-26 18:59:36 |
Launchpad Janitor |
libvirt (Ubuntu): status |
In Progress |
Fix Released |
|
| 2018-11-27 23:20:33 |
Launchpad Janitor |
qemu (Ubuntu): status |
In Progress |
Fix Released |
|
| 2018-11-27 23:20:33 |
Launchpad Janitor |
cve linked |
|
2018-10839 |
|
| 2018-11-27 23:20:33 |
Launchpad Janitor |
cve linked |
|
2018-12617 |
|
| 2018-11-27 23:20:33 |
Launchpad Janitor |
cve linked |
|
2018-16847 |
|
| 2018-11-27 23:20:33 |
Launchpad Janitor |
cve linked |
|
2018-17958 |
|
| 2018-11-27 23:20:33 |
Launchpad Janitor |
cve linked |
|
2018-17962 |
|
| 2018-11-27 23:20:33 |
Launchpad Janitor |
cve linked |
|
2018-17963 |
|
| 2018-11-27 23:20:33 |
Launchpad Janitor |
cve linked |
|
2018-18849 |
|
| 2018-11-27 23:20:33 |
Launchpad Janitor |
cve linked |
|
2018-18954 |
|
| 2018-11-27 23:20:33 |
Launchpad Janitor |
cve linked |
|
2018-19364 |
|
| 2018-11-29 12:16:38 |
Robie Basak |
qemu (Ubuntu Cosmic): status |
Triaged |
Fix Committed |
|
| 2018-11-29 12:16:41 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2018-11-29 12:16:44 |
Robie Basak |
bug |
|
|
added subscriber SRU Verification |
| 2018-11-29 12:16:52 |
Robie Basak |
tags |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done-bionic verification-done-cosmic |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done-bionic verification-needed verification-needed-cosmic |
|
| 2018-11-29 12:17:12 |
Robie Basak |
qemu (Ubuntu Bionic): status |
Triaged |
Fix Committed |
|
| 2018-11-29 12:17:21 |
Robie Basak |
tags |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done-bionic verification-needed verification-needed-cosmic |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-needed verification-needed-bionic verification-needed-cosmic |
|
| 2018-11-29 12:17:45 |
Robie Basak |
libvirt (Ubuntu Cosmic): status |
Triaged |
Fix Committed |
|
| 2018-11-29 12:18:13 |
Robie Basak |
libvirt (Ubuntu Bionic): status |
Triaged |
Fix Committed |
|
| 2018-11-29 13:42:43 |
Frank Heimes |
ubuntu-z-systems: status |
In Progress |
Fix Committed |
|
| 2018-12-03 08:49:32 |
Launchpad Janitor |
linux (Ubuntu Cosmic): status |
Fix Committed |
Fix Released |
|
| 2018-12-03 08:49:32 |
Launchpad Janitor |
cve linked |
|
2018-18653 |
|
| 2018-12-03 08:49:32 |
Launchpad Janitor |
cve linked |
|
2018-18955 |
|
| 2018-12-03 08:49:32 |
Launchpad Janitor |
cve linked |
|
2018-6559 |
|
| 2018-12-03 14:01:15 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2018-12-05 16:06:24 |
Christian Ehrhardt |
tags |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-needed verification-needed-bionic verification-needed-cosmic |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done-bionic verification-needed verification-needed-cosmic |
|
| 2018-12-06 07:50:02 |
Christian Ehrhardt |
libvirt (Ubuntu Cosmic): status |
Fix Committed |
In Progress |
|
| 2018-12-06 07:50:43 |
Christian Ehrhardt |
tags |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done-bionic verification-needed verification-needed-cosmic |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done verification-done-bionic verification-done-cosmic |
|
| 2018-12-06 07:54:53 |
Christian Ehrhardt |
libvirt (Ubuntu): status |
Fix Released |
In Progress |
|
| 2018-12-08 21:05:14 |
Launchpad Janitor |
libvirt (Ubuntu): status |
In Progress |
Fix Released |
|
| 2018-12-10 10:42:46 |
Andy Whitcroft |
libvirt (Ubuntu Cosmic): status |
In Progress |
Fix Committed |
|
| 2018-12-10 10:42:56 |
Andy Whitcroft |
tags |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done verification-done-bionic verification-done-cosmic |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done-bionic verification-needed verification-needed-cosmic |
|
| 2018-12-10 12:40:06 |
Christian Ehrhardt |
tags |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done-bionic verification-needed verification-needed-cosmic |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done verification-done-bionic verification-done-cosmic |
|
| 2018-12-11 16:09:09 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2018-12-11 16:19:12 |
Launchpad Janitor |
libvirt (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2018-12-13 08:17:58 |
Launchpad Janitor |
qemu (Ubuntu Cosmic): status |
Fix Committed |
Fix Released |
|
| 2018-12-13 08:25:32 |
Launchpad Janitor |
qemu (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2018-12-17 08:57:49 |
Launchpad Janitor |
libvirt (Ubuntu Cosmic): status |
Fix Committed |
Fix Released |
|
| 2019-02-04 14:46:37 |
Launchpad Janitor |
linux (Ubuntu Disco): status |
Fix Committed |
Fix Released |
|
| 2019-02-04 15:33:43 |
Andrew Cloke |
ubuntu-z-systems: status |
Fix Committed |
Fix Released |
|
| 2019-07-24 20:22:57 |
Brad Figg |
tags |
architecture-s39064 bugnameltc-170621 kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done verification-done-bionic verification-done-cosmic |
architecture-s39064 bugnameltc-170621 cscc kernel-da-key libvirt-19.04 qemu-19.04 severity-high targetmilestone-inin1904 verification-done verification-done-bionic verification-done-cosmic |
|
