[Kernel-packages] [Bug 1962831] [NEW] [UBUNTU 20.04] KVM: Enable storage key checking for intercepted instruction (Backport to focal)

Thu, 03 Mar 2022 02:26:00 -0800 

Public bug reported:

Description:
KVM uses lazy storage key enablement as Linux does no longer make use of the 
storage keys. When the guest enters keyed mode, then KVM will save/restore the 
key during paging, provide change/reference tracking for guest and host and for 
all interpreted instructions will do key protection.
If an instruction is intercepted and passed along to userspace (like QEMU) no 
storage key protection is checked, though. This is in violation of the 
architecture and it can result in misbehaving guests that rely on key 
protection for all instructions.
This item will add the missing key checking to MEMOP ioctl.

** Affects: linux (Ubuntu)
     Importance: Undecided
     Assignee: Skipper Bug Screeners (skipper-screen-team)
         Status: New


** Tags: architecture-s39064 bugnameltc-196455 severity-high 
targetmilestone-inin---

** Tags added: architecture-s39064 bugnameltc-196455 severity-high
targetmilestone-inin---

** Changed in: ubuntu
     Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)

** Package changed: ubuntu => linux (Ubuntu)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1962831

Title:
  [UBUNTU 20.04] KVM: Enable storage key checking for intercepted
  instruction (Backport to focal)

Status in linux package in Ubuntu:
  New

Bug description:
  Description:
  KVM uses lazy storage key enablement as Linux does no longer make use of the 
storage keys. When the guest enters keyed mode, then KVM will save/restore the 
key during paging, provide change/reference tracking for guest and host and for 
all interpreted instructions will do key protection.
  If an instruction is intercepted and passed along to userspace (like QEMU) no 
storage key protection is checked, though. This is in violation of the 
architecture and it can result in misbehaving guests that rely on key 
protection for all instructions.
  This item will add the missing key checking to MEMOP ioctl.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1962831/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to