Fix is from v6.6. Noble is not affected. Question is whether this should
not also be added to Mantic?
** Changed in: linux (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2032164
Title:
A general-proteciton exception during guest migration to unsupported
PKRU machine
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Jammy:
In Progress
Bug description:
[Impact]
When a host that supports PKRU initiates a guest that lacks PKRU support, the
flag is enabled on the guest's fpstate.
This information is then passed to userspace through the vcpu ioctl
KVM_GET_XSAVE.
However, a problem arises when the user opts to migrate the mentioned guest
to another machine that does not support PKRU.
In this scenario, the new host attempts to restore the guest's fpu registers.
Nevertheless, due to the absence of PKRU support on the new host, a
general-protection exception takes place, leading to a guest crash.
[Fix]
The problem is resolved by the following upstream commit:
18164f66e6c5 x86/fpu: Allow caller to constrain xfeatures when copying to
uabi buffer
8647c52e9504 KVM: x86: Constrain guest-supported xfeatures only at
KVM_GET_XSAVE{2}
[Test Plan]
Several scenarios need to be conducted to confirm the migration outcome.
Patched kernel with PKRU -> kernel with PKRU
Patched kernel with PKRU -> kernel without PKRU
Patched kernel without PKRU -> kernel with PKRU
Patched kernel without PKRU -> kernel without PKRU
Kernel with PKRU -> patched kernel with PKRU
Kernel with PKRU -> patched kernel without PKRU
Kernel without PKRU -> patched kernel with PKRU
Kernel without PKRU -> patched kernel without PKRU
Patched kernel with PKRU -> patched kernel without PKRU
Each scenarios shall succeed except "Kernel with PKRU -> patched kernel
without PKRU" one.
Addressing this case poses challenges because the most plausible solution is
to clamp the FPU features at the destination during migration.
However, upstream does not support this approach due to concerns about
silently dropping features requested by userspace.
This could potentially lead to other issues and violate KVM's ABI.
[Where problems could occur]
The introduced commits will impact the guest migration process,
potentially leading to failures and preventing the guest from operating
successfully on the migration destination.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2032164/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
