Ubuntu
linux package

[23.10 FEAT] KVM: Enable Secure Execution Crypto Passthrough - kernel part

Bug #2003674 reported by bugproxy
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Skipper Bug Screeners
linux (Ubuntu)
Fix Released
High
Canonical Kernel Team

Bug Description

Feature Description:

Enable KVM and QEMU for AP passthrough to Secure Execution guests. This includes setup, configuration and teardown of AP related resources.

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-201347 severity-high targetmilestone-inin2304
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
importance: Undecided → High
Changed in linux (Ubuntu):
importance: Undecided → High
Changed in ubuntu-z-systems:
status: New → Incomplete
Changed in linux (Ubuntu):
status: New → Incomplete
bugproxy (bugproxy)
tags: added: targetmilestone-inin2310
removed: targetmilestone-inin2304
Frank Heimes (fheimes)
summary: - [23.04 FEAT] KVM: Enable Secure Execution Crypto Passthrough - kernel
+ [23.10 FEAT] KVM: Enable Secure Execution Crypto Passthrough - kernel
part
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2023-08-23 12:28 EDT-------
Thanks everyone for your work on this item.

All required patches are now available in linux-next.

Please include the following set of patches in Mantic:

b1d8b21681db KVM: s390: pv: Allow AP-instructions for pv-guests
baf737b3381e KVM: s390: Add UV feature negotiation
d1c787f139e5 s390/uv: UV feature check utility
ed1bb17c0051 KVM: s390: pv: relax WARN_ONCE condition for destroy fast
9341fed081a9 Merge remote-tracking branch 'vfio-ap' into kvm-next
f88fb1335733 s390/vfio-ap: make sure nib is shared
fb5040ef7f70 KVM: s390: export kvm_s390_pv*_is_protected functions
cf3fa16a6fd4 s390/uv: export uv_pin_shared for direct usage
7847a19b5b62 s390/vfio-ap: check for TAPQ response codes 0x35 and 0x36
e1f17f8ea93d s390/vfio-ap: handle queue state change in progress on reset
9261f0438835 s390/vfio-ap: use work struct to verify queue reset
62aab082e999 s390/vfio-ap: store entire AP queue status word with the queue object
dd174833e44e s390/vfio-ap: remove upper limit on wait for queue reset to complete
c51f8c6bb5c8 s390/vfio-ap: allow deconfigured queue to be passed through to a guest
411b0109daa5 s390/vfio-ap: wait for response code 05 to clear on queue reset
7aa7b2a80cb7 s390/vfio-ap: clean up irq resources if possible
680b7ddd7e2a s390/vfio-ap: no need to check the 'E' and 'I' bits in APQSW after TAPQ
b275d8313217 KVM: s390: selftests: Add selftest for single-stepping
93f92e0fe942 KVM: s390: interrupt: Fix single-stepping keyless mode exits
000e395cb8c1 KVM: s390: interrupt: Fix single-stepping userspace-emulated instructions
2e05ab06b68b KVM: s390: interrupt: Fix single-stepping kernel-emulated instructions
e544f4055741 KVM: s390: interrupt: Fix single-stepping into program interrupt handlers
bbc6eb0de96e KVM: s390: interrupt: Fix single-stepping into interrupt handlers

Thanks.

Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Incomplete → New
Changed in linux (Ubuntu):
status: Incomplete → New
Frank Heimes (fheimes)
information type: Private → Public
Revision history for this message
Frank Heimes (fheimes) wrote :

Kernel test build(s) available in this PPA:
https://launchpad.net/~fheimes/+archive/ubuntu/lp2003674

Pull request submitted to kernel team's mailing list:
https://lists.ubuntu.com/archives/kernel-team/2023-September/thread.html#142529

Changing status to 'In Progress'.

Assigning to kernel team.

Changed in ubuntu-z-systems:
status: New → In Progress
Changed in linux (Ubuntu):
status: New → In Progress
assignee: Skipper Bug Screeners (skipper-screen-team) → Canonical Kernel Team (canonical-kernel-team)
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2023-09-12 10:27 EDT-------
FYI: the commits are available through 6.6-rc1 now.

Revision history for this message
Frank Heimes (fheimes) wrote :

Updated to 'Fix Committed' since code is in mantic-proposed.

Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 6.5.0-7.7

---------------
linux (6.5.0-7.7) mantic; urgency=medium

  * mantic/linux: 6.5.0-7.7 -proposed tracker (LP: #2037611)

  * kexec enable to load/kdump zstd compressed zimg (LP: #2037398)
    - [Packaging] Revert arm64 image format to Image.gz

  * Mantic minimized/minimal cloud images do not receive IP address during
    provisioning (LP: #2036968)
    - [Config] Enable virtio-net as built-in to avoid race

  * Miscellaneous Ubuntu changes
    - SAUCE: Add mdev_set_iommu_device() kABI
    - [Config] update gcc version in annotations

 -- Andrea Righi <email address hidden> Thu, 28 Sep 2023 10:19:24 +0200

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-azure-6.5/6.5.0-1007.7~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-azure-6.5' to 'verification-done-jammy-linux-azure-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-azure-6.5' to 'verification-failed-jammy-linux-azure-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-azure-6.5-v2 verification-needed-jammy-linux-azure-6.5
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-aws-6.5/6.5.0-1008.8~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-aws-6.5' to 'verification-done-jammy-linux-aws-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-aws-6.5' to 'verification-failed-jammy-linux-aws-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-aws-6.5-v2 verification-needed-jammy-linux-aws-6.5
Revision history for this message
Frank Heimes (fheimes) wrote :

not relevant for aws, updating tag to unblock

tags: added: verification-done-jammy-linux-aws-6.5 verification-done-jammy-linux-azure-6.5
removed: verification-needed-jammy-linux-aws-6.5 verification-needed-jammy-linux-azure-6.5
Revision history for this message
Frank Heimes (fheimes) wrote :

does not affect aws, updating tags just to unblock

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.