[UBUNTU 20.04] KVM nesting support leaks too much memory, might result in stalls during cleanup
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
Medium
|
Skipper Bug Screeners | ||
linux (Ubuntu) |
Invalid
|
Undecided
|
Skipper Bug Screeners | ||
Focal |
Fix Released
|
Medium
|
Canonical Kernel Team | ||
Impish |
Fix Released
|
Medium
|
Canonical Kernel Team | ||
Jammy |
Fix Released
|
Medium
|
Canonical Kernel Team |
Bug Description
SRU Justification:
==================
[Impact]
* If running KVM with nesting support (e.g. 'kvm.nested=1' on the kernel
command line), the shadow page table code will produce too many entries
in the shadow code.
* The below mentioned upstream fix will prevent the entries from being
piled up, by checking for existing entries at insert time.
* This measurably reduces the list length and is faster than traversing
the list at shutdown time only.
[Fix]
* a06afe8383080c6
"KVM: s390: vsie/gmap: reduce gmap_rmap overhead"
[Test Plan]
* A IBM zSystems or LinuxONE LPAR on a z13 or newer is needed.
* Ubuntu focal, impish or jammy needs to be installed
and the Ubuntu LPAR setup as (1st level) KVM host,
allowing nested virtualization.
* Now setup one (or more) KVM virtual machines,
with similar Ubuntu releases,
and define one or more of them again as (2nd level) KVM host.
* Define several KVM virtual machines on this (2nd level) KVM host
in a memory constraint fashion,
so that a lot of memory mapping is caused.
* Let such a system run for a while under load.
* Now shutdown one (or more) 2nd level VMs and notice the
time it takes.
* With the patch in place this time should be considerably
quicker than without.
* The result is reduced mapping (gmap_rmap) overhead,
less danger of leaking memory
and a better responding system.
[Where problems could occur]
* In case wrong entries are freed up this will harm the virtual
memory management and may even lead to crashes.
* In case the pointer handling is not done properly,
again crashes may occur.
* But with net just five new lines the patch is pretty short, readable
and the modifications traceable in arch/s390/mm/gmap.c only.
* The changes are limited to s390/mm only,
hence don't affect other architectures.
[Other Info]
* The commit was upstream accepted in v5.18-rc6.
* Since the planned target kernel for kinetic is 5.19,
the kinetic kernel does not need to be patched.
* Hence the SRUs are for jammy, impish and focal.
__________
KVM nesting support consumes too much memory
When running KVM with nesting support (kvm.nested=1 on the kernel command line) the shadow page table code will produce too many entries in the shadow code.
There is an upstream fix that will prevent the majority of the problem:
The fix is needed for 20.04 and 22.04.
CVE References
tags: | added: architecture-s39064 bugnameltc-198271 severity-high targetmilestone-inin2004 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
Changed in ubuntu-z-systems: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Jammy): | |
assignee: | nobody → Frank Heimes (fheimes) |
Changed in ubuntu-z-systems: | |
status: | New → In Progress |
Changed in linux (Ubuntu Jammy): | |
status: | New → In Progress |
description: | updated |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Impish): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Jammy): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu): | |
status: | New → Invalid |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Impish): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Jammy): | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-impish removed: verification-needed-impish |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
Since this seems to be upstream with 5.18-rc6, and the target kernel for kinetic/22.10 is 5.19,
this LP bug is an SRU for jammy, impish and focal.
I've marked the affected series accordingly.