[Kernel-packages] [Bug 1915146] Re: Backport commits required for confidential VMs
This bug was fixed in the package linux-azure-cvm - 5.4.0-1063.66+cvm2 --- linux-azure-cvm (5.4.0-1063.66+cvm2) focal; urgency=medium * focal/linux-azure-cvm: 5.4.0-1063.66+cvm2 -proposed tracker (LP: #1947232) * linux-azure-cvm: Create a 5.4 based kernel (LP: #1948057) - Revert "UBUNTU: [Packaging] linux-azure-cvm: Disable UEFI signed kernel image" * Backport commits required for confidential VMs (LP: #1915146) - SAUCE: x86/hyperv: Load/save the Isolation Configuration leaf - SAUCE: x86/Hyper-V: Add visibility parameter for vmbus_establish_gpadl() - SAUCE: x86/Hyper-V: Add new hvcall guest address host visibility support - SAUCE: HV: Get Hyper-V Isolated VM capability - SAUCE: HV: Add Write/Read MSR registers via ghcb - SAUCE: HV: Add ghcb hvcall support for SNP VM - SAUCE: HV/Vmbus: Add SNP support for VMbus channel initiate message - SAUCE: hv/vmbus: Initialize VMbus ring buffer for Isolated VM - SAUCE: x86/Hyper-V: Initialize bounce buffer page cache and list - SAUCE: x86/Hyper-V: Add new parameter for vmbus_sendpacket_pagebuffer()/mpb_desc() - SAUCE: x86/Hyper-V: Copy data from/to bounce buffer during IO operation. - SAUCE: HV/Netvsc: Add SNP support for netvsc driver - SAUCE: HV/Storvsc: Add bounce buffer support for Storvsc - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt - hv_netvsc: Add validation for untrusted Hyper-V values - drivers: hv: vmbus: Introduce latency testing - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening - SAUCE: Drivers: hv: vmbus: Copy packets sent by Hyper-V out of the ring buffer - SAUCE: hv_utils: Add validation for untrusted Hyper-V values - SAUCE: Drivers: hv: vmbus: Initialize memory to be sent to the host - Drivers: hv: copy from message page only what's needed - Drivers: hv: check VMBus messages lengths - Drivers: hv: allocate the exact needed memory for messages - SAUCE: Drivers: hv: vmbus: Reduce number of references to message in vmbus_on_msg_dpc() - Drivers: hv: make sure that 'struct vmbus_channel_message_header' compiles correctly - SAUCE: Drivers: hv: vmbus: Resolve race condition in vmbus_onoffer_rescind() - SAUCE: scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer - SAUCE: scsi: storvsc: Resolve data race in storvsc_probe() - SAUCE: scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() - SAUCE: hv_netvsc: Add (more) validation for untrusted Hyper-V values - Drivers: hv: vmbus: Introduce table of VMBus protocol versions - Drivers: hv: vmbus: Enable VMBus protocol versions 4.1, 5.1 and 5.2 - SAUCE: Drivers: hv: vmbus: Restrict vmbus_devices on isolated guests - SAUCE: Drivers: hv: vmbus: Enforce 'VMBus version >= 5.2' on isolated guests - SAUCE: hv_netvsc: Restrict configurations on isolated guests - SAUCE: hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer - SAUCE: HV/Bounce buffer: Add SMP support in the bounce buffer code - SAUCE: HV/IVM: Disable interrupt when read ghcb - SAUCE: HV/Netvsc: Unmap recv_buf and send buf in extra address space - SAUCE: HV: Set gpadl buffer not visible to host when return buffer back to system - SAUCE: Stovsc: Reserve bounce buffer for storvsc subchannel - hv_netvsc: Validate number of allocated sub-channels - SAUCE: Drivers: hv: vmbus: Copy the hv_message in vmbus_on_msg_dpc() - SAUCE: hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF - SAUCE: hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info - SAUCE: HV/Netvsc: Fix dropping package during high network throughput - SAUCE: Netvsc: Fix race condition with skb - SAUCE: HV/IVM: Add support for new AMD GHCB spec - [Config] azure: CONFIG_HYPERV_TESTING=y - Drivers: hv: vmbus: Use after free in __vmbus_open() - hv_netvsc: Cache the current data path to avoid duplicate call and message - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH - Drivers: hv: vmbus: Drop error message when 'No request id available' - SAUCE: Revert "UBUNTU: SAUCE: Drivers: hv: vmbus: Copy packets sent by Hyper-V out of the ring buffer" - SAUCE: Drivers: hv: vmbus: Copy packets sent by Hyper-V out of the ring buffer - SAUCE: scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs - SAUCE: HV/Storvsc: Adjust bounce buffer in on_channel_callback - SAUCE: move hv_init_channel_ivm before vmbus_device_register - SAUCE: vmbus: Fix reserve bounce buffer isn't released during unloading driver - SAUCE: scsi: storvsc: Fix validation for unsolicited
[Kernel-packages] [Bug 1915146] Re: Backport commits required for confidential VMs
** Package changed: linux-azure (Ubuntu) => linux-azure-cvm (Ubuntu) ** Also affects: linux-azure-cvm (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: linux-azure-cvm (Ubuntu) Status: In Progress => Invalid ** Changed in: linux-azure-cvm (Ubuntu Focal) Status: New => Fix Committed ** Changed in: linux-azure-cvm (Ubuntu Focal) Assignee: (unassigned) => Marcelo Cerri (mhcerri) ** Changed in: linux-azure-cvm (Ubuntu) Assignee: Marcelo Cerri (mhcerri) => (unassigned) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure-cvm in Ubuntu. https://bugs.launchpad.net/bugs/1915146 Title: Backport commits required for confidential VMs Status in linux-azure-cvm package in Ubuntu: Invalid Status in linux-azure-cvm source package in Focal: Fix Committed Bug description: Below are two sets of commits required for CVM: 1. Core enablement of Linux to run as a Hyper-V guest with the SNP-enabled HCL. 2. VMbus hardening. Patches related to core enablement of Linux to run as a Hyper-V guest with the SNP-enabled HCL are below: HV/Storvsc: Add bounce buffer support for Storvsc - https://github.com/lantianyu/linux/commit/c46341863ba7cfaa11ed6c95d454769dcde57b84 HV/Netvsc: Add SNP support for netvsc driver - https://github.com/lantianyu/linux/commit/0026626dbc42bfcbe26d993bec104383f9d60e35 x86/Hyper-V: Copy data from/to bounce buffer during IO operation - https://github.com/lantianyu/linux/commit/5f948e69f2be44891af03d60b918a3bc0845f954 x86/Hyper-V: Add new parameter for vmbus_sendpacket_pagebuffer()/mpb_desc() - https://github.com/lantianyu/linux/commit/b484eebaf79340e29012a2dadb4518fa7d5d1284 x86/Hyper-V: Initialize bounce buffer page cache and list - https://github.com/lantianyu/linux/commit/8a437af5e4af945b28ba0071302dfa28a48df408 hv/vmbus: Initialize VMbus ring buffer for Isolated VM - https://github.com/lantianyu/linux/commit/45de7cff82cd6e99aedbd4cf2c44fa30298c0dea HV/Vmbus: Add SNP support for VMbus channel initiate message - https://github.com/lantianyu/linux/commit/4bca8b9748dd17fb860a4528781932ade1825dd5 HV: Add ghcb hvcall support for SNP VM - https://github.com/lantianyu/linux/commit/bfb44533b884b08b639258f7150aa71dc148e221 HV: Add Write/Read MSR registers via ghcb - https://github.com/lantianyu/linux/commit/8cf6a0dea3189a654c41e16ad859c9ceb5bb940c HV: Get Hyper-V Isolated VM capability - https://github.com/lantianyu/linux/commit/9290189014a1b231f70b5620338d61508da673df x86/Hyper-V: Add new hvcall guest address host visibility support - https://github.com/lantianyu/linux/commit/deb6dc9bdbff7a6b16910ebe9aff266de9690cb2 x86/Hyper-V: Add visibility parameter for vmbus_establish_gpadl() - https://github.com/lantianyu/linux/commit/e697bc57e853f058eef9b2268b865aa8e574e233 The following commit is also required by CVM support. It has been upstreamed. If ubuntu kernel doesn't contain the patch, it's necessary to backport the patch. x86/hyperv: Initialize clockevents earlier in CPU onlining - https://github.com/lantianyu/linux/commit/8815c2eec402080a4c5f2536668f6d5b7946ef8b VMbus hardening patches: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a76566595bfb242a7f4bedc77233e9194831ba3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=44144185951a0ff9b50bf21c0cd1f79ff688e5ca https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8b7db38449ac5b950a3f00519171c4be3e226ff https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=453de21c2b8281228173a7b689120b92929743d6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d18fcc95f50950a99bd940d4e61a983f91d267a https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?id=ab548fd21e1cbe601ce5f775254a6d042c6495f2 https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?id=244808e0302953de11dba1f8a580cdd1df35843d https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?id=91b1b640b834b2d6f330baf04c0cc049eca9d689 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=206ad34d52a2f1205c84d08c12fc116aad0eb407 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=4424a8d1acc0a30542d4399e83c2a6cfcdd1eb71 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=6809ea1c570b40c9b2f139684784d6318d958011 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=46011a70c1c21a5dba02b38edeac16e667544361 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=5c0c26e7dca8f892cc342213e737494d8fd3384f https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=cbf0eda5de05545754540e0ad3173dca5737742e https://git.kernel.org/pub/scm/linux/kernel/git/hyper
[Kernel-packages] [Bug 1915146] Re: Backport commits required for confidential VMs
** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1915146 Title: Backport commits required for confidential VMs Status in linux-azure package in Ubuntu: In Progress Bug description: Below are two sets of commits required for CVM: 1. Core enablement of Linux to run as a Hyper-V guest with the SNP-enabled HCL. 2. VMbus hardening. Patches related to core enablement of Linux to run as a Hyper-V guest with the SNP-enabled HCL are below: HV/Storvsc: Add bounce buffer support for Storvsc - https://github.com/lantianyu/linux/commit/c46341863ba7cfaa11ed6c95d454769dcde57b84 HV/Netvsc: Add SNP support for netvsc driver - https://github.com/lantianyu/linux/commit/0026626dbc42bfcbe26d993bec104383f9d60e35 x86/Hyper-V: Copy data from/to bounce buffer during IO operation - https://github.com/lantianyu/linux/commit/5f948e69f2be44891af03d60b918a3bc0845f954 x86/Hyper-V: Add new parameter for vmbus_sendpacket_pagebuffer()/mpb_desc() - https://github.com/lantianyu/linux/commit/b484eebaf79340e29012a2dadb4518fa7d5d1284 x86/Hyper-V: Initialize bounce buffer page cache and list - https://github.com/lantianyu/linux/commit/8a437af5e4af945b28ba0071302dfa28a48df408 hv/vmbus: Initialize VMbus ring buffer for Isolated VM - https://github.com/lantianyu/linux/commit/45de7cff82cd6e99aedbd4cf2c44fa30298c0dea HV/Vmbus: Add SNP support for VMbus channel initiate message - https://github.com/lantianyu/linux/commit/4bca8b9748dd17fb860a4528781932ade1825dd5 HV: Add ghcb hvcall support for SNP VM - https://github.com/lantianyu/linux/commit/bfb44533b884b08b639258f7150aa71dc148e221 HV: Add Write/Read MSR registers via ghcb - https://github.com/lantianyu/linux/commit/8cf6a0dea3189a654c41e16ad859c9ceb5bb940c HV: Get Hyper-V Isolated VM capability - https://github.com/lantianyu/linux/commit/9290189014a1b231f70b5620338d61508da673df x86/Hyper-V: Add new hvcall guest address host visibility support - https://github.com/lantianyu/linux/commit/deb6dc9bdbff7a6b16910ebe9aff266de9690cb2 x86/Hyper-V: Add visibility parameter for vmbus_establish_gpadl() - https://github.com/lantianyu/linux/commit/e697bc57e853f058eef9b2268b865aa8e574e233 The following commit is also required by CVM support. It has been upstreamed. If ubuntu kernel doesn't contain the patch, it's necessary to backport the patch. x86/hyperv: Initialize clockevents earlier in CPU onlining - https://github.com/lantianyu/linux/commit/8815c2eec402080a4c5f2536668f6d5b7946ef8b VMbus hardening patches: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a76566595bfb242a7f4bedc77233e9194831ba3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=44144185951a0ff9b50bf21c0cd1f79ff688e5ca https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8b7db38449ac5b950a3f00519171c4be3e226ff https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=453de21c2b8281228173a7b689120b92929743d6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d18fcc95f50950a99bd940d4e61a983f91d267a https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?id=ab548fd21e1cbe601ce5f775254a6d042c6495f2 https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?id=244808e0302953de11dba1f8a580cdd1df35843d https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?id=91b1b640b834b2d6f330baf04c0cc049eca9d689 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=206ad34d52a2f1205c84d08c12fc116aad0eb407 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=4424a8d1acc0a30542d4399e83c2a6cfcdd1eb71 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=6809ea1c570b40c9b2f139684784d6318d958011 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=46011a70c1c21a5dba02b38edeac16e667544361 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=5c0c26e7dca8f892cc342213e737494d8fd3384f https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=cbf0eda5de05545754540e0ad3173dca5737742e https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=f844988bde35e491507a1b9b7f84b810464cbf78 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=3f71d6b91e7e6fd594c0c8f18b8a1253fea0e093 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=0ba35fe91ce34f2d0feff626efd0062dac41781c https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=8190826e75cee9d9c008d24d557ef1ce06f5e3e2 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=e5b1
[Kernel-packages] [Bug 1915146] Re: Backport commits required for confidential VMs
This bug is awaiting verification that the linux-azure- cvm/5.4.0-1063.66+cvm2 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification- done-focal'. If the problem still exists, change the tag 'verification- needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1915146 Title: Backport commits required for confidential VMs Status in linux-azure package in Ubuntu: In Progress Bug description: Below are two sets of commits required for CVM: 1. Core enablement of Linux to run as a Hyper-V guest with the SNP-enabled HCL. 2. VMbus hardening. Patches related to core enablement of Linux to run as a Hyper-V guest with the SNP-enabled HCL are below: HV/Storvsc: Add bounce buffer support for Storvsc - https://github.com/lantianyu/linux/commit/c46341863ba7cfaa11ed6c95d454769dcde57b84 HV/Netvsc: Add SNP support for netvsc driver - https://github.com/lantianyu/linux/commit/0026626dbc42bfcbe26d993bec104383f9d60e35 x86/Hyper-V: Copy data from/to bounce buffer during IO operation - https://github.com/lantianyu/linux/commit/5f948e69f2be44891af03d60b918a3bc0845f954 x86/Hyper-V: Add new parameter for vmbus_sendpacket_pagebuffer()/mpb_desc() - https://github.com/lantianyu/linux/commit/b484eebaf79340e29012a2dadb4518fa7d5d1284 x86/Hyper-V: Initialize bounce buffer page cache and list - https://github.com/lantianyu/linux/commit/8a437af5e4af945b28ba0071302dfa28a48df408 hv/vmbus: Initialize VMbus ring buffer for Isolated VM - https://github.com/lantianyu/linux/commit/45de7cff82cd6e99aedbd4cf2c44fa30298c0dea HV/Vmbus: Add SNP support for VMbus channel initiate message - https://github.com/lantianyu/linux/commit/4bca8b9748dd17fb860a4528781932ade1825dd5 HV: Add ghcb hvcall support for SNP VM - https://github.com/lantianyu/linux/commit/bfb44533b884b08b639258f7150aa71dc148e221 HV: Add Write/Read MSR registers via ghcb - https://github.com/lantianyu/linux/commit/8cf6a0dea3189a654c41e16ad859c9ceb5bb940c HV: Get Hyper-V Isolated VM capability - https://github.com/lantianyu/linux/commit/9290189014a1b231f70b5620338d61508da673df x86/Hyper-V: Add new hvcall guest address host visibility support - https://github.com/lantianyu/linux/commit/deb6dc9bdbff7a6b16910ebe9aff266de9690cb2 x86/Hyper-V: Add visibility parameter for vmbus_establish_gpadl() - https://github.com/lantianyu/linux/commit/e697bc57e853f058eef9b2268b865aa8e574e233 The following commit is also required by CVM support. It has been upstreamed. If ubuntu kernel doesn't contain the patch, it's necessary to backport the patch. x86/hyperv: Initialize clockevents earlier in CPU onlining - https://github.com/lantianyu/linux/commit/8815c2eec402080a4c5f2536668f6d5b7946ef8b VMbus hardening patches: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a76566595bfb242a7f4bedc77233e9194831ba3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=44144185951a0ff9b50bf21c0cd1f79ff688e5ca https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8b7db38449ac5b950a3f00519171c4be3e226ff https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=453de21c2b8281228173a7b689120b92929743d6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d18fcc95f50950a99bd940d4e61a983f91d267a https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?id=ab548fd21e1cbe601ce5f775254a6d042c6495f2 https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?id=244808e0302953de11dba1f8a580cdd1df35843d https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?id=91b1b640b834b2d6f330baf04c0cc049eca9d689 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=206ad34d52a2f1205c84d08c12fc116aad0eb407 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=4424a8d1acc0a30542d4399e83c2a6cfcdd1eb71 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=6809ea1c570b40c9b2f139684784d6318d958011 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=46011a70c1c21a5dba02b38edeac16e667544361 https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=5c0c26e7dca8f892cc342213e737494d8fd3384f https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?id=cbf0eda5de055