gcp: backport "iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support"
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux-gcp (Ubuntu) |
In Progress
|
Medium
|
Khaled El Mously | ||
| Jammy |
Invalid
|
Undecided
|
Unassigned | ||
| Kinetic |
In Progress
|
Medium
|
Khaled El Mously | ||
| linux-gcp-5.19 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
| Jammy |
Fix Released
|
Undecided
|
Unassigned | ||
| Kinetic |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
GCP is requesting the backport of the patch "6b080c4e815ceb
The following two patches are required for the backport:
6b080c4e815ceb
251c4db699ca7b
More info at https:/
Impact:
- This allows the AMD iommu driver to map/unmap multiple pages in one call. GCP states that these changes also have a security side-effect which they are interested in.
Testing:
- Boot-tested the changes in SEV, SEV-SNP and non-SEV environments on AMD hardware.
Regression potential:
- The changes are limited to the AMD iommu driver. Regression potential could impact virtualization on AMD hardware. Risk is considered low as the changes are limited and apply cleanly from upstream. The requested patch is from 6.2 and there have been no follow-up fixes since.
CVE References
| description: | updated |
| description: | updated |
| Changed in linux-gcp (Ubuntu Kinetic): | |
| assignee: | nobody → Khaled El Mously (kmously) |
| Changed in linux-gcp (Ubuntu): | |
| assignee: | nobody → Khaled El Mously (kmously) |
| Changed in linux-gcp (Ubuntu Kinetic): | |
| importance: | Undecided → Medium |
| Changed in linux-gcp (Ubuntu): | |
| importance: | Undecided → Medium |
| Changed in linux-gcp (Ubuntu Kinetic): | |
| status: | New → In Progress |
| Changed in linux-gcp (Ubuntu): | |
| status: | New → In Progress |
| summary: |
- gcp" backport "iommu/amd: Add map/unmap_pages() iommu_domain_ops + gcp: backport "iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support" |
| description: | updated |
| description: | updated |
| description: | updated |
| description: | updated |
| description: | updated |
| description: | updated |
| Changed in linux-gcp-5.19 (Ubuntu Kinetic): | |
| status: | New → Invalid |
| Changed in linux-gcp (Ubuntu Jammy): | |
| status: | New → Invalid |
| Changed in linux-gcp-5.19 (Ubuntu Jammy): | |
| status: | New → Fix Committed |
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in linux-gcp-5.19 (Ubuntu Jammy): | |
| status: | Fix Committed → Fix Released |
This bug was fixed in the package linux-gcp-5.19 - 5.19.0-
---------------
linux-gcp-5.19 (5.19.0-
* jammy/linux-
(LP: #2027609)
* gcp: backport "iommu/amd: Add map/unmap_pages() iommu_domain_ops callback
support" (LP: #2023313)
- iommu/amd/
- iommu/amd/
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support
linux-gcp-5.19 (5.19.0-
* jammy/linux-
(LP: #2026451)
* Packaging resync (LP: #1786013)
- [Packaging] update update.conf
[ Ubuntu: 5.19.0-50.50 ]
* jammy/linux-
* CVE-2023-2640 // CVE-2023-32629
- Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in
ovl_
- Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
trusted.
- SAUCE: overlayfs: default to userxattr when mounted from non initial user
namespace
* CVE-2023-35001
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
* CVE-2023-31248
- netfilter: nf_tables: do not ignore genmask when looking up chain by id
* CVE-2023-3389
- io_uring: hold uring mutex around poll removal
* CVE-2023-3390
- netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
* CVE-2023-3141
- memstick: r592: Fix UAF bug in r592_remove due to race condition
* CVE-2023-3090
- ipvlan:Fix out-of-bounds caused by unclear skb->cb
* CVE-2022-48502
- fs/ntfs3: Check fields while reading
* Packaging resync (LP: #1786013)
- [Packaging] update update.conf
-- Thadeu Lima de Souza Cascardo <email address hidden> Wed, 12 Jul 2023 16:00:46 -0300