[Hyper-V] Enable CONFIG_HOTPLUG_CPU in linux-azure

Bug #1821934 reported by Joseph Salisbury on 2019-03-27
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-azure (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Marcelo Cerri
Cosmic
Undecided
Marcelo Cerri
Disco
Undecided
Marcelo Cerri

Bug Description

We requested that CONFIG_HOTPLUG_CPU be disabled in bug 1776293. However, due to a recently discovered security issue, CONFIG_HOTPLUG_CPU needs to be re-enabled.

There are some patches on LKML to address this security issue, but they are not in the Azure kernel yet, and may not be accepted upstream in their current form. If your interested, those two patches are available here:

https://lkml.org/lkml/2019/3/26/893
https://lkml.org/lkml/2019/3/26/894
https://lkml.org/lkml/2019/3/26/895

To mitigate this security issue, the nosmt option needs to be passed on the boot line. However, the nosmt option will not work if CONFIG_HOTPLUG_CPU is disabled, which is the primary reason it needs to be turned back on at this time.

Tyler Hicks (tyhicks) wrote :

Hey there, Joe! I'd like to make sure that I understand the problem a little better:

* You say that there's a security issue mitigated by "nosmt"
  - This is true, for example, with L1TF's impact on KVM (CVE-2018-3646) when SMT is in use
* You also linked to patches that fix a boot crash when "nosmt" is used when CONFIG_HOTPLUG_CPU=n
  - You said that those patches address "this security issue" but I think that may be incorrect and
    the source of my confusion

The above is a little confusing because I don't think those patches address a security issue. IIUC, they fix a boot crash. "nosmt" is what mitigates the security issue.

Please confirm that you'd like us to enable CONFIG_HOTPLUG_CPU until we can pull in the above patches that fix the boot crash when "nosmt" is used with CONFIG_HOTPLUG_CPU=n. Once we pull in those patches, you'd like us to disable CONFIG_HOTPLUG_CPU once again.

Joseph Salisbury (jsalisbury) wrote :

Sorry for the confusion. You are correct. The referenced patches fix a crash that is caused when nosmt is enabled, not the security issue itself.

Yes, the request is to enable CONFIG_HOTPLUG_CPU until you can pull in the above patches that fix the boot crash when "nosmt" is used with CONFIG_HOTPLUG_CPU=n. Once those patches are pulled in, disable CONFIG_HOTPLUG_CPU once again, but we can open a new bug for that if you want.

Tyler Hicks (tyhicks) wrote :

Thanks for the clarification. Is there any reason for this bug to remain private? It is well known that "nosmt" is needed to mitigate CPU side channel issues, such as CVE-2018-3646, and sufficiently paranoid folks have been using it quite a bit lately.

information type: Private Security → Public
Marcelo Cerri (mhcerri) wrote :
Changed in linux-azure (Ubuntu Xenial):
status: New → Fix Committed
Changed in linux-azure (Ubuntu Cosmic):
status: New → Fix Committed
Changed in linux-azure (Ubuntu Disco):
status: New → In Progress
Marcelo Cerri (mhcerri) wrote :

Hi, Joe.

Let's open a new bug when the patches are ready and we can disable CONFIG_HOTPLUG_CPU again.

Joseph Salisbury (jsalisbury) wrote :

Will do. Thanks, Marcelo!

Launchpad Janitor (janitor) wrote :
Download full text (15.0 KiB)

This bug was fixed in the package linux-azure - 4.15.0-1042.46~14.04.1

---------------
linux-azure (4.15.0-1042.46~14.04.1) trusty; urgency=medium

  * linux-azure: 4.15.0-1042.46~14.04.1 -proposed tracker (LP: #1822816)

  [ Ubuntu: 4.15.0-1042.46 ]

  * linux-azure: 4.15.0-1042.46 -proposed tracker (LP: #1822817)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
  * [Hyper-V] Enable CONFIG_HOTPLUG_CPU in linux-azure (LP: #1821934)
    - Revert "UBUNTU: [Config] azure: CONFIG_HOTPLUG_CPU=n"
  * linux: 4.15.0-48.51 -proposed tracker (LP: #1822820)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction
  * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
    triggers system hang on i386 (LP: #1812845)
    - btrfs: raid56: properly unmap parity page in finish_parity_scrub()
  * [P9][LTCTest][Opal][FW910] cpupower monitor shows multiple stop Idle_Stats
    (LP: #1719545)
    - cpupower : Fix header name to read idle state name
  * [amdgpu] screen corruption when using touchpad (LP: #1818617)
    - drm/amdgpu/gmc: steal the appropriate amount of vram for fw hand-over (v3)
    - drm/amdgpu: Free VGA stolen memory as soon as possible.
  * [SRU][B/C/OEM]IOMMU: add kernel dma protection (LP: #1820153)
    - ACPICA: AML parser: attempt to continue loading table after error
    - ACPI / property: Allow multiple property compatible _DSD entries
    - PCI / ACPI: Identify untrusted PCI devices
    - iommu/vt-d: Force IOMMU on for platform opt in hint
    - iommu/vt-d: Do not enable ATS for untrusted devices
    - thunderbolt: Export IOMMU based DMA protection support to userspace
    - iommu/vt-d: Disable ATS support on untrusted devices
  * Add basic support to NVLink2 passthrough (LP: #1819989)
    - powerpc/powernv/npu: Do not try invalidating 32bit table when 64bit table is
      enabled
    - powerpc/powernv: call OPAL_QUIESCE before OPAL_SIGNAL_SYSTEM_RESET
    - powerpc/powernv: Export opal_check_token symbol
    - powerpc/powernv: Make possible for user to force a full ipl cec reboot
    - powerpc/powernv/idoa: Remove unnecessary pcidev from pci_dn
    - powerpc/powernv: Move npu struct from pnv_phb to pci_controller
    - powerpc/powernv/npu: Move OPAL calls away from context manipulation
    - powerpc/pseries/iommu: Use memory@ nodes in max RAM address calculation
    - powerpc/pseries/npu: Enable platform support
    - powerpc/pseries: Remove IOMMU API support for non-LPAR systems
    - powerpc/powernv/npu: Check mmio_atsd array bounds when populating
    - powerpc/powernv/npu: Fault user page into the hypervisor's pagetable
  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next: hinic: fix a problem in free_tx_poll()
    - hinic: remove ndo_poll_controller
    - net-next/hinic: add checksum offload and TSO support
    - hinic: Fix l4_type parameter in hinic_task_set_tunnel_l4
    - net-next/hinic:replace multiply and division operators
    - net-next/hinic:add rx checksum offload for HiNIC
    - net-next/hinic:fix a bug in set mac address
    - net-next/hinic: fix a bug in...

Changed in linux-azure (Ubuntu):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (14.9 KiB)

This bug was fixed in the package linux-azure - 4.15.0-1042.46

---------------
linux-azure (4.15.0-1042.46) xenial; urgency=medium

  * linux-azure: 4.15.0-1042.46 -proposed tracker (LP: #1822817)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts

  * [Hyper-V] Enable CONFIG_HOTPLUG_CPU in linux-azure (LP: #1821934)
    - Revert "UBUNTU: [Config] azure: CONFIG_HOTPLUG_CPU=n"

  [ Ubuntu: 4.15.0-48.51 ]

  * linux: 4.15.0-48.51 -proposed tracker (LP: #1822820)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction
  * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
    triggers system hang on i386 (LP: #1812845)
    - btrfs: raid56: properly unmap parity page in finish_parity_scrub()
  * [P9][LTCTest][Opal][FW910] cpupower monitor shows multiple stop Idle_Stats
    (LP: #1719545)
    - cpupower : Fix header name to read idle state name
  * [amdgpu] screen corruption when using touchpad (LP: #1818617)
    - drm/amdgpu/gmc: steal the appropriate amount of vram for fw hand-over (v3)
    - drm/amdgpu: Free VGA stolen memory as soon as possible.
  * [SRU][B/C/OEM]IOMMU: add kernel dma protection (LP: #1820153)
    - ACPICA: AML parser: attempt to continue loading table after error
    - ACPI / property: Allow multiple property compatible _DSD entries
    - PCI / ACPI: Identify untrusted PCI devices
    - iommu/vt-d: Force IOMMU on for platform opt in hint
    - iommu/vt-d: Do not enable ATS for untrusted devices
    - thunderbolt: Export IOMMU based DMA protection support to userspace
    - iommu/vt-d: Disable ATS support on untrusted devices
  * Add basic support to NVLink2 passthrough (LP: #1819989)
    - powerpc/powernv/npu: Do not try invalidating 32bit table when 64bit table is
      enabled
    - powerpc/powernv: call OPAL_QUIESCE before OPAL_SIGNAL_SYSTEM_RESET
    - powerpc/powernv: Export opal_check_token symbol
    - powerpc/powernv: Make possible for user to force a full ipl cec reboot
    - powerpc/powernv/idoa: Remove unnecessary pcidev from pci_dn
    - powerpc/powernv: Move npu struct from pnv_phb to pci_controller
    - powerpc/powernv/npu: Move OPAL calls away from context manipulation
    - powerpc/pseries/iommu: Use memory@ nodes in max RAM address calculation
    - powerpc/pseries/npu: Enable platform support
    - powerpc/pseries: Remove IOMMU API support for non-LPAR systems
    - powerpc/powernv/npu: Check mmio_atsd array bounds when populating
    - powerpc/powernv/npu: Fault user page into the hypervisor's pagetable
  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next: hinic: fix a problem in free_tx_poll()
    - hinic: remove ndo_poll_controller
    - net-next/hinic: add checksum offload and TSO support
    - hinic: Fix l4_type parameter in hinic_task_set_tunnel_l4
    - net-next/hinic:replace multiply and division operators
    - net-next/hinic:add rx checksum offload for HiNIC
    - net-next/hinic:fix a bug in set mac address
    - net-next/hinic: fix a bug in rx data flow
    - net: hinic: fix null pointer dereference on pointer hwdev
    - hinic...

Changed in linux-azure (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (15.2 KiB)

This bug was fixed in the package linux-azure - 4.18.0-1018.18

---------------
linux-azure (4.18.0-1018.18) cosmic; urgency=medium

  [ Ubuntu: 4.18.0-20.21 ]

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-azure (4.18.0-1017.17) cosmic; urgency=medium

  * linux-azure: 4.18.0-1017.17 -proposed tracker (LP: #1826166)

  * [linux-azure] Include mainline commits fc96df16a1ce and ba50bf1ce9a5 in
    Azure kernel (LP: #1821378)
    - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
    - Drivers: hv: vmbus: Check for ring when getting debug info

  * [linux-azure] Commit To Improve NVMe Performance (LP: #1819689)
    - blk-mq: remove the request_list usage

  [ Ubuntu: 4.18.0-19.20 ]

  * linux: 4.18.0-19.20 -proposed tracker (LP: #1826171)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - [Debian] Set +x on rebuild testcase.
    - [Debian] Skip rebuild test, for regression-suite deps.
    - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
    - [Debian] make rebuild use skippable error codes when skipping.
    - [Debian] Only run regression-suite...

Changed in linux-azure (Ubuntu Cosmic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for linux-azure has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Marcelo Cerri (mhcerri) wrote :

I made a mistake on the disco patch and the buglink tag wasn't included. However the change is already released in disco/linux-azure so I'm marking it manually as "Fix Released".

Changed in linux-azure (Ubuntu Disco):
status: In Progress → Fix Released
Changed in linux-azure (Ubuntu Xenial):
assignee: nobody → Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Cosmic):
assignee: nobody → Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Disco):
assignee: nobody → Marcelo Cerri (mhcerri)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers