** Changed in: ubuntu-power-systems
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2 mitigation (CVE)
This bug was fixed in the package qemu - 1:3.1+dfsg-2ubuntu3.4
---
qemu (1:3.1+dfsg-2ubuntu3.4) disco; urgency=medium
* d/p/ubuntu/lp-1832622-*: count cache flush Spectre v2 mitigation for ppc64
(LP: #1832622)
* d/p/ubuntu/lp-1836154-*: add HW CPU model for newer s390x
This bug was fixed in the package qemu - 1:2.11+dfsg-1ubuntu7.18
---
qemu (1:2.11+dfsg-1ubuntu7.18) bionic; urgency=medium
* d/p/ubuntu/lp-1832622-*: count cache flush Spectre v2 mitigation for ppc64
(LP: #1832622)
* d/p/ubuntu/lp-1840745-*: add amd ssbd / no-ssbd features
After discussing this with the Team I really think it is ok to release this.
As stated before we confirmed:
- that on a good kernel the fix works
- the fix doesn't break features if not running on the new kernel
- the fix is confirmed to get in the kernel soon (this kernel cycle)
In addition
Thanks a lot Fabiano!
So I summarize:
- #7 is in no way a degradation to #4:
- all cap-ibs= modes are failing on that before and after
- that means the new qemu didn't break anything in that regard
- #9 confirms that as soon as we have a fixed kernel under that new disco-qemu
it will work
Here is test #9 (#8 is the same as #4 from my previous tests. And not of
much help since Disco-updates QEMU (v=1:3.1+dfsg-2ubuntu3.3) does not
have cap-ibs=workaround):
*** 9- Bionic-proposed kernel + Disco-proposed QEMU
$ uname -r; qemu-system-ppc64 --version | head -n 1
4.15.0-60-generic
That is the effect of the lack of "2b57ecd0208f KVM: PPC: Book3S: Add
count cache flush parameters to kvmppc_get_cpu_char()" in Disco.
QEMU checks for KVM_PPC_CPU_BEHAV_FLUSH_COUNT_CACHE which is introduced
in the above commit:
(From lp-1832622-0002-target-ppc-spapr-Add-workaround-option-to-
Thanks a lot faro...@br.ibm.com.
Especially for noting the known firmware featues influencing this in your case
and then combining cap-ibs=workaround,cap-ccf-assist=on to prove the new
features work.
I see that cap-ccf-assist=on can be used and successfully grants the guest
[0.00]
** Changed in: ubuntu-power-systems
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2 mitigation (CVE)
** Changed in: linux (Ubuntu Disco)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2 mitigation (CVE)
Per my Tests we already know that on DD2.0 HW things are fine, you can't enable
CCF which is expected, but it doesn't break formerly working cases there.
And I'm not sure if there is DD2.3 HW in the wild already.
Furthermore I was in contact with Leonardo yesterday, he is working with
the
** Changed in: linux (Ubuntu Disco)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2 mitigation (CVE)
Confirmed that the Disco kernel is only missing 2b57ecd0208f ("KVM: PPC:
Book3S: Add count cache flush parameters to kvmppc_get_cpu_char()") from
the patchset referenced in bug 1822870.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Bumping priority up to high after discussions with IBM.
** Changed in: ubuntu-power-systems
Importance: Medium => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count
Back in bug 1822870 it was reported that the Disco kernel is only
missing 92edf8df which is still applied to Disco these days. Maybe due
to that 2b57ecd0208f was lost.
@Kernel Team - could you go through all changes that made up bug 1822870
and ensure whatever is missing will be added to Disco?
I think I found the missing kernel bit.
As reported it needs:
2b57ecd0208f KVM: PPC: Book3S: Add count cache flush parameters to
kvmppc_get_cpu_char()
Which was brought into Bionic/Cosmic already as part of bug LP1822870.
This is only needed when I'd be on new HW/FW
Bionic: $ grep -Hrn
Lacking better options I gave this some extra testing on a pre DD2.3 P9 box.
revision: 2.2 (pvr 004e 1202)
I though at least CCF=off I should be able to test with these chips and that
worked fine.
Summary:
- the new versions make cap-ibs=fixed-ibs work on DD2.2
- CCF=off works with
FYI - the related autopkgtest issues would now be resolved.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2 mitigation (CVE) (required for
POWER9
May I ask which kernel was used while testing on disco - was is the
kernel from main/updates or proposed (5.0.0.27)?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache
** Changed in: ubuntu-power-systems
Status: Fix Committed => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2 mitigation (CVE)
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Disco)
Status: New => Confirmed
** Changed in: linux (Ubuntu Disco)
Importance: Undecided => High
** No longer affects: linux (Ubuntu Cosmic)
** No longer affects: linux (Ubuntu
It is the same set of patches as we have on Bionic.
Bionic has
1. 8fea70440eb0d095442de7e80d586a285cf96be5
2. 399b2896d4948a1ec0278d896ea3a561df768d64
3. 8c5909c41916f25b47bfdc465059a926603c1319
4. 8ff43ee404d3e295839d1fd4e9e6571ca7a62a66
Disco for this bug has #2+#4 while #1+#3 are already part
Thanks for testing Michael. I've marked disco as verification-failed.
** Tags removed: verification-needed-disco
** Tags added: verification-failed-disco
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Many thanks Michael for the bionic testing. Updating the bionic tags
accordingly.
Are you also able to test the disco -proposed package 1:3.1+dfsg-
2ubuntu3.4?
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you
IBMm will verify this today.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2 mitigation (CVE) (required for
POWER9 DD2.3)
To manage
** Changed in: ubuntu-power-systems
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2 mitigation (CVE)
Hello bugproxy, or anyone else affected,
Accepted qemu into disco-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/qemu/1:3.1+dfsg-
2ubuntu3.4 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
We have reviewed and tested the branch individually already.
I now had a test set running over night with the ones applied together that I
intend to push in one SRU. All worked fine, uploading to -unapproved for the
SRU Team to take a look.
** Changed in: qemu (Ubuntu Bionic)
Status:
I'm not sure if that is a question about internal bugzilla statuses, or
about external launchpad statuses.
In launchpad, this issue is
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1832622 and has
tasks opened against Bionic and Disco series, meaning those series are
still to be fixed.
It
@IBM - so my working assumption then is that you'll get to us with
whatever is needed/recommended for your new bugs 180734 / 180735 later
on but for now want the patches we discussed and tested here to be
pushed.
TL;DR: provide the security fix as tested now, potentially refine it
later.
A
Thanks for doign that Test Michael.
It is a lot of text so I'll summarize (e.g. for the SRU team later):
Section "No migration"
=> mitigation in the guest is detected correctly
Section with migrations has three elements:
=> source == target config -> migration works
=> source older than target
...correction: moved to 'confirmed'.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2 mitigation (CVE) (required for
POWER9 DD2.3)
To manage
Moving 'bionic' series back to 'triaged' to review Michael's test
results (comment #14).
** Changed in: qemu (Ubuntu Bionic)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi,
since we are waiting quite some time for ther verification of the version in
the PPAit got surpassed by other SRUs. I know your engineers know how to test
explicit versions from the PPA (with apt install =version), but to make
things even easier I created (just for bionic) a respin rebased
Hello, since a test of the qemu test-build package was requested (available
from the PPA mentioned in comment #1, made available mid of June), and the
engineer/maintainer is waiting for some feedback since a while (please notice
that we can not test this by ourselves), a prioritization was
What causes the status for Bionic to be "incomplete" and low priority?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2 mitigation (CVE) (required
** Changed in: ubuntu-power-systems
Importance: Critical => Medium
** Changed in: ubuntu-power-systems
Assignee: Canonical Server Team (canonical-server) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Given there was no reply I can't see how we hold this up as "critical" severity.
I have marked our tasks as low, given that without the feedback they aren't
actionable at all.
I'd ask project tracking task to be lowered as well and unassigned from
the server team (for now at least)
** Changed
The next Qemu SRU is about to start - probably somewhen this week.
Any chance that these checks are completed now to include this fix?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
FYI: Since I can't check this on the HW shared with us and lacking
feedback on the PPA I have backed these changes out of the now started
SRU update.
That gives you some more time to get this testing done ... and me the
confidence to not rush something that will fail and we might have known
if
Cosmic is about to end full support, lets reduce the test matrix a bit
by already dropping the Cosmic task.
@IBM - I'm still waiting on a positive feedback on this sniff test.
Without I can't reliable make it part of the next coming (soon) qemu upload.
Also to be aware once SRUs on this are
** Changed in: qemu (Ubuntu Eoan)
Assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) =>
Canonical Server Team (canonical-server)
** Changed in: qemu (Ubuntu Disco)
Assignee: (unassigned) => Canonical Server Team (canonical-server)
** Changed in: qemu (Ubuntu
Done in Eoan.
Setting the SRU tasks to incomplete to better reflect that we at least
would want to get a positive reply from a sniff test on Bionic from the
PPA [1] before thrwoing that into the SRU queue.
[1]: https://launchpad.net/~paelzer/+archive/ubuntu/bug-1832622-qemu-
spectre-ppc
**
** Changed in: ubuntu-power-systems
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2 mitigation (CVE)
This bug was fixed in the package qemu - 1:4.0+dfsg-0ubuntu1
---
qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
* Merge with Upstream release of qemu 4.0.
Among many other things this fixes LP Bugs:
LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
** Tags added: qemu-19.10
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2 mitigation (CVE) (required for
POWER9 DD2.3)
To manage notifications
In Eoan the merge of qemu 4.0 will fix this, this is ongoing and I added
bug reference to its changelog so this bug will get an update once
complete.
Rafael started to review my MPs for B/C/D and it seems ok so far.
The work on the similar and to-be-grouped upload for bug 1828495 is going well
** Changed in: ubuntu-power-systems
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2 mitigation (CVE) (required for
That's correct on DD 2.3 - still not very available - and is ok. Will
still post test results.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832622
Title:
QEMU - count cache flush Spectre v2
There is a rather similar set of patches for new Intel CPU revisions in
the pipe. And in between will be a set of general security fixes to the
virt stack.
I'd prefer to push both at the same upload, to avoid users having to download
qemu too often.
I'd assume that this bug here is important,
** Description changed:
+ [Impact]
+
+ * This belongs to the overall context of spectre mitigations and even
+more the try to minimize the related performance impacts.
+On ppc64el there is a new chip revision (DD 2.3) which provides
+a facility that helps to better mitigate some of
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/qemu/+git/qemu/+merge/368748
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/qemu/+git/qemu/+merge/368749
** Merge proposal linked:
I'm glad that the kernel patch is already integrated by bug 1822870 in
>=Bionic - no dependency on the kernel here then.
The patches themselve look small and clean.
Thanks for identifying the extra dependencies to:
- 8fea7044 (>=3.0) target/ppc: Factor out the parsing in
** Also affects: ubuntu-power-systems
Importance: Undecided
Status: New
** Changed in: ubuntu-power-systems
Importance: Undecided => Critical
** Changed in: ubuntu-power-systems
Assignee: (unassigned) => Canonical Server Team (canonical-server)
--
You received this bug
54 matches
Mail list logo