Bug#1043585: Update on this issue
Hi Salvatore, Ah, I see what you mean for the links, its an unfortunate copy paste error, I apologize about the duplicated links. For clarification, it really should have been this one: https://bugzilla.kernel.org/show_bug.cgi?id=217796 and this: https://bugzilla.kernel.org/show_bug.cgi?id=217799 Both are issues related to the patch which also is breaking the emulated TPM. Glad that all this info is helping to get this issue resolved :-) Kind Regards, Martin. On 17/08/2023 19:32, Salvatore Bonaccorso wrote: Hi Martin, On Thu, Aug 17, 2023 at 05:10:44PM +0100, Martin Johnson wrote: Hi Salvadore, Thanks for getting in contact regarding this issue, Yes I did mean to reference the two bugzilla entries, since it seems to be the same patch that's causing issues with the emulated TPM, at least turning off the mitigation the same way they do fixes the problem for me also with the swtpm function. Still confused as the two links were the same, twice https://bugzilla.kernel.org/show_bug.cgi?id=217796 I did try to apply "x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()" patch as suggested, unfortunately it is incompatible with the 6.1.38 Debian kernel source: --- I omitted some lines as there is a ton of text --- Applying patch 0052-Linux-6.1.33-rt11-REBASE.patch Now at patch 0052-Linux-6.1.33-rt11-REBASE.patch make[2]: Leaving directory '/home/martin/opt/kernel/debian_test/linux-6.1.38' make[1]: Leaving directory '/home/martin/opt/kernel/debian_test/linux-6.1.38' Importing patch /home/martin/opt/kernel/debian_test/patch.patch (stored as debian/patches/test/patch.patch) Applying patch debian/patches/test/patch.patch patching file arch/x86/lib/retpoline.S Hunk #1 FAILED at 164. Hunk #2 FAILED at 239. Hunk #3 FAILED at 252. 3 out of 3 hunks FAILED -- rejects in file arch/x86/lib/retpoline.S Patch debian/patches/test/patch.patch does not apply (enforce with -f) Okay this needs adjustment for 6.1.y. Thanks for confirming the issue beeing present as well in 6.4.11 upstream and fixed with cherry-picking the commit, this is helpful. Regards, Salvatore
Bug#1043585: Update on this issue
Hi Martin, On Thu, Aug 17, 2023 at 05:10:44PM +0100, Martin Johnson wrote: > Hi Salvadore, > > Thanks for getting in contact regarding this issue, > > Yes I did mean to reference the two bugzilla entries, since it seems to be > the same patch that's causing issues with the emulated TPM, at least turning > off the mitigation the same way they do fixes the problem for me also with > the swtpm function. Still confused as the two links were the same, twice https://bugzilla.kernel.org/show_bug.cgi?id=217796 > I did try to apply "x86/retpoline: Don't clobber RFLAGS during > srso_safe_ret()" patch as suggested, unfortunately it is incompatible with > the 6.1.38 Debian kernel source: > > --- I omitted some lines as there is a ton of text --- > > Applying patch 0052-Linux-6.1.33-rt11-REBASE.patch > Now at patch 0052-Linux-6.1.33-rt11-REBASE.patch > make[2]: Leaving directory > '/home/martin/opt/kernel/debian_test/linux-6.1.38' > make[1]: Leaving directory > '/home/martin/opt/kernel/debian_test/linux-6.1.38' > Importing patch /home/martin/opt/kernel/debian_test/patch.patch (stored as > debian/patches/test/patch.patch) > Applying patch debian/patches/test/patch.patch > patching file arch/x86/lib/retpoline.S > Hunk #1 FAILED at 164. > Hunk #2 FAILED at 239. > Hunk #3 FAILED at 252. > 3 out of 3 hunks FAILED -- rejects in file arch/x86/lib/retpoline.S > Patch debian/patches/test/patch.patch does not apply (enforce with -f) Okay this needs adjustment for 6.1.y. Thanks for confirming the issue beeing present as well in 6.4.11 upstream and fixed with cherry-picking the commit, this is helpful. Regards, Salvatore
Bug#1043585: Update on this issue
Hi Salvatore, As I was unfortunately not successful to apply the suggested patch to the Debian sources, however I since have tried to apply it to 6.4.11 vanilla stable kernel. That patch has applied fine, and the emulated TPM in KVM is also back into a working state :-) So if you back-ported to the Debian kernel, it should hopefully fix things there too. If you need me to test a patch for the back-port against the Debian kernel, and you can provide one, please let me know :-) Kind Regards, Martin. On 17/08/2023 08:38, Salvatore Bonaccorso wrote: Control: tags -1 + moreinfo upstream Hi Martin, On Wed, Aug 16, 2023 at 07:16:58PM +0100, Martin Johnson wrote: Package: linux-image-amd64 Version: 6.1.0-11-amd64 Update of this recent issue - I might not have specified the package correctly, sorry for that - its the first bug I tried to report on Debian - hey Debian really is that good :-) I found some sort of workaround too, but its far from ideal at present. To avoid this issue you can set the kernel boot parameter: spec_rstack_overflow=off Then the problem no longer exists, obviously with an additional and quite serious AMD Zen processor security issue. So the cause is also related to the recent AMD Zen security patch. The problem seems related to these posts on bugzilla.kernel.org, but is manifesting in a different way for me: https://bugzilla.kernel.org/show_bug.cgi?id=217796 and this: https://bugzilla.kernel.org/show_bug.cgi?id=217796 Did you meant to reference here two different bugzilla enties? Hope this information is of assistance for anyone who is lucky enough to find this information :-) Thanks for providing that. Would it be possible for you to test a custom kernel built with the following commit applied on top and see if this resolved the issue you are seeing? https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=ba5ca5e5e6a1d55923e88b4a83da452166f5560e See https://kernel-team.pages.debian.net/kernel-handbook/ch-common-tasks.html#id-1.6.6.4 for instructions. Regards, Salvatore
Bug#1043585: Update on this issue
Hi Salvadore, Thanks for getting in contact regarding this issue, Yes I did mean to reference the two bugzilla entries, since it seems to be the same patch that's causing issues with the emulated TPM, at least turning off the mitigation the same way they do fixes the problem for me also with the swtpm function. I did try to apply "x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()" patch as suggested, unfortunately it is incompatible with the 6.1.38 Debian kernel source: --- I omitted some lines as there is a ton of text --- Applying patch 0052-Linux-6.1.33-rt11-REBASE.patch Now at patch 0052-Linux-6.1.33-rt11-REBASE.patch make[2]: Leaving directory '/home/martin/opt/kernel/debian_test/linux-6.1.38' make[1]: Leaving directory '/home/martin/opt/kernel/debian_test/linux-6.1.38' Importing patch /home/martin/opt/kernel/debian_test/patch.patch (stored as debian/patches/test/patch.patch) Applying patch debian/patches/test/patch.patch patching file arch/x86/lib/retpoline.S Hunk #1 FAILED at 164. Hunk #2 FAILED at 239. Hunk #3 FAILED at 252. 3 out of 3 hunks FAILED -- rejects in file arch/x86/lib/retpoline.S Patch debian/patches/test/patch.patch does not apply (enforce with -f) Kind Regards, Martin. On 17/08/2023 08:38, Salvatore Bonaccorso wrote: Control: tags -1 + moreinfo upstream Hi Martin, On Wed, Aug 16, 2023 at 07:16:58PM +0100, Martin Johnson wrote: Package: linux-image-amd64 Version: 6.1.0-11-amd64 Update of this recent issue - I might not have specified the package correctly, sorry for that - its the first bug I tried to report on Debian - hey Debian really is that good :-) I found some sort of workaround too, but its far from ideal at present. To avoid this issue you can set the kernel boot parameter: spec_rstack_overflow=off Then the problem no longer exists, obviously with an additional and quite serious AMD Zen processor security issue. So the cause is also related to the recent AMD Zen security patch. The problem seems related to these posts on bugzilla.kernel.org, but is manifesting in a different way for me: https://bugzilla.kernel.org/show_bug.cgi?id=217796 and this: https://bugzilla.kernel.org/show_bug.cgi?id=217796 Did you meant to reference here two different bugzilla enties? Hope this information is of assistance for anyone who is lucky enough to find this information :-) Thanks for providing that. Would it be possible for you to test a custom kernel built with the following commit applied on top and see if this resolved the issue you are seeing? https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=ba5ca5e5e6a1d55923e88b4a83da452166f5560e See https://kernel-team.pages.debian.net/kernel-handbook/ch-common-tasks.html#id-1.6.6.4 for instructions. Regards, Salvatore
Processed: Re: Bug#1043585: Update on this issue
Processing control commands: > tags -1 + moreinfo upstream Bug #1043585 [src:linux] AMD64 Kernel update prevents an emulated TPM working correctly inside Windows 11 KVM guest OS Added tag(s) moreinfo and upstream. -- 1043585: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043585 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1043585: Update on this issue
Control: tags -1 + moreinfo upstream Hi Martin, On Wed, Aug 16, 2023 at 07:16:58PM +0100, Martin Johnson wrote: > Package: linux-image-amd64 > > Version: 6.1.0-11-amd64 > > Update of this recent issue - I might not have specified the package > correctly, sorry for that - its the first bug I tried to report on Debian - > hey Debian really is that good :-) > > I found some sort of workaround too, but its far from ideal at present. > > To avoid this issue you can set the kernel boot parameter: > spec_rstack_overflow=off > > Then the problem no longer exists, obviously with an additional and quite > serious AMD Zen processor security issue. > > So the cause is also related to the recent AMD Zen security patch. > > The problem seems related to these posts on bugzilla.kernel.org, but is > manifesting in a different way for me: > > https://bugzilla.kernel.org/show_bug.cgi?id=217796 > > and this: > > https://bugzilla.kernel.org/show_bug.cgi?id=217796 Did you meant to reference here two different bugzilla enties? > Hope this information is of assistance for anyone who is lucky enough to > find this information :-) Thanks for providing that. Would it be possible for you to test a custom kernel built with the following commit applied on top and see if this resolved the issue you are seeing? https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=ba5ca5e5e6a1d55923e88b4a83da452166f5560e See https://kernel-team.pages.debian.net/kernel-handbook/ch-common-tasks.html#id-1.6.6.4 for instructions. Regards, Salvatore
Bug#1043585: Update on this issue
Package: linux-image-amd64 Version: 6.1.0-11-amd64 Update of this recent issue - I might not have specified the package correctly, sorry for that - its the first bug I tried to report on Debian - hey Debian really is that good :-) I found some sort of workaround too, but its far from ideal at present. To avoid this issue you can set the kernel boot parameter: spec_rstack_overflow=off Then the problem no longer exists, obviously with an additional and quite serious AMD Zen processor security issue. So the cause is also related to the recent AMD Zen security patch. The problem seems related to these posts on bugzilla.kernel.org, but is manifesting in a different way for me: https://bugzilla.kernel.org/show_bug.cgi?id=217796 and this: https://bugzilla.kernel.org/show_bug.cgi?id=217796 Hope this information is of assistance for anyone who is lucky enough to find this information :-) Kind Regards, Martin Johnson