Backport patches needed to allow live migration under SEV

Bug #1984034 reported by Khaled El Mously
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-gcp (Ubuntu)
New
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned

Bug Description

https://canonical.my.salesforce.com/5004K000009oeuI

Upstream (v5.16) patches needed to allow live migration of confidential VMs.

[Impact]
No support for live-migration of confidential VMs currently

[Fix]
Backport 5 patches from v5.16

[Test]
GCP confirmed that live-migration works with these patches.

[Regression Potential]
This was never working so there should be low risk of regression.
Most of the changes are KVM-related so could have an impact on KVM.
However most of the changes are new code so risk is low.

More details in the SF case.

CVE References

no longer affects: linux-oracle (Ubuntu)
description: updated
description: updated
Revision history for this message
Khaled El Mously (kmously) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-gcp - 5.4.0-1087.95

---------------
linux-gcp (5.4.0-1087.95) focal; urgency=medium

  * focal/linux-gcp: 5.4.0-1087.95 -proposed tracker (LP: #1983926)

  * Backport patches needed to allow live migration under SEV (LP: #1984034)
    - KVM: X86: Introduce KVM_HC_MAP_GPA_RANGE hypercall
    - x86/kvm: Add AMD SEV specific Hypercall3
    - mm: x86: Invoke hypercall when page encryption status is changed
    - EFI: Introduce the new AMD Memory Encryption GUID.
    - x86/kvm: Add guest support for detecting and enabling SEV Live Migration
      feature.
    - x86/kvm: Add kexec support for SEV Live Migration.

  [ Ubuntu: 5.4.0-125.141 ]

  * focal/linux: 5.4.0-125.141 -proposed tracker (LP: #1983947)
  * nbd: requests can become stuck when disconnecting from server with qemu-nbd
    (LP: #1896350)
    - blk-mq: blk-mq: provide forced completion method
    - blk-mq: move failure injection out of blk_mq_complete_request
    - nbd: don't handle response without a corresponding request message
    - nbd: make sure request completion won't concurrent
    - nbd: don't clear 'NBD_CMD_INFLIGHT' flag if request is not completed
    - nbd: fix io hung while disconnecting device
  * CVE-2021-33656
    - vt: drop old FONT ioctls
  * CVE-2021-33061
    - ixgbe: add the ability for the PF to disable VF link state
    - ixgbe: add improvement for MDD response functionality
    - ixgbevf: add disable link state

 -- Khalid Elmously <email address hidden> Wed, 17 Aug 2022 23:55:02 -0400

Changed in linux-gcp (Ubuntu Focal):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (75.8 KiB)

This bug was fixed in the package linux-gcp - 5.15.0-1017.23

---------------
linux-gcp (5.15.0-1017.23) jammy; urgency=medium

  * jammy/linux-gcp: 5.15.0-1017.23 -proposed tracker (LP: #1983875)

  * Jammy update: v5.15.44 upstream stable release (LP: #1981649)
    - [Config] gcp: updateconfigs after rebase

  * Jammy update: v5.15.46 upstream stable release (LP: #1981864)
    - [Packaging] gcp: Add python3-dev to build-depends

  * Backport patches needed to allow live migration under SEV (LP: #1984034)
    - x86/kvm: Add AMD SEV specific Hypercall3
    - mm: x86: Invoke hypercall when page encryption status is changed
    - EFI: Introduce the new AMD Memory Encryption GUID.
    - x86/kvm: Add guest support for detecting and enabling SEV Live Migration
      feature.
    - x86/kvm: Add kexec support for SEV Live Migration.

  [ Ubuntu: 5.15.0-47.51 ]

  * jammy/linux: 5.15.0-47.51 -proposed tracker (LP: #1983903)
  * Jammy update: v5.15.46 upstream stable release (LP: #1981864)
    - UBUNTU: [Packaging] Move python3-dev to build-depends
  * touchpad and touchscreen doesn't work at all on ACER Spin 5 (SP513-54N)
    (LP: #1884232)
    - x86/PCI: Eliminate remove_e820_regions() common subexpressions
    - x86: Log resource clipping for E820 regions
    - x86/PCI: Clip only host bridge windows for E820 regions
    - x86/PCI: Add kernel cmdline options to use/ignore E820 reserved regions
    - x86/PCI: Disable E820 reserved region clipping via quirks
    - x86/PCI: Revert "x86/PCI: Clip only host bridge windows for E820 regions"
  * [SRU][H/OEM-5.13/OEM-5.14/U][J/OEM-5.17/U] Fix invalid MAC address after
    hotplug tbt dock (LP: #1942999)
    - SAUCE: igc: wait for the MAC copy when enabled MAC passthrough
  * Mass Storage Gadget driver truncates device >2TB (LP: #1981390)
    - usb: gadget: storage: add support for media larger than 2T
  * AMD Rembrandt: DP tunneling fails with Thunderbolt monitors (LP: #1983143)
    - SAUCE: drm/amd: Fix DP Tunneling with Thunderbolt monitors
    - drm/amd/display: Fix for dmub outbox notification enable
    - Revert "drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset"
    - drm/amd/display: Reset link encoder assignments for GPU reset
    - drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset
    - drm/amd/display: Fix new dmub notification enabling in DM
    - SAUCE: thunderbolt: Add DP out resource when DP tunnel is discovered.
  * Fix sub-optimal I210 network speed (LP: #1976438)
    - igb: Make DMA faster when CPU is active on the PCIe link
  * e1000e report hardware hang (LP: #1973104)
    - e1000e: Enable GPT clock before sending message to CSME
    - Revert "e1000e: Fix possible HW unit hang after an s0ix exit"
  * ioam6.sh in net from ubuntu_kernel_selftests fails with 5.15 kernels in
    Focal (LP: #1982930)
    - selftests: net: fix IOAM test skip return code
  * Additional fix for TGL + AUO panel flickering (LP: #1983297)
    - Revert "UBUNTU: SAUCE: drm/i915/display/psr: Fix flicker on TGL + AUO panel"
    - drm/i915/display: Fix sel fetch plane offset calculation
    - drm/i915: Nuke ORIGIN_GTT
    - drm/i915/display: Drop PSR support from HSW and BDW
    - drm/i915/display/psr: ...

Changed in linux-gcp (Ubuntu Jammy):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.