[Kernel-packages] [Bug 2001605] Re: Add support for SEV-SNP
This bug was fixed in the package linux-gcp - 6.5.0-1018.18 --- linux-gcp (6.5.0-1018.18) mantic; urgency=medium * mantic/linux-gcp: 6.5.0-1018.18 -proposed tracker (LP: #2059690) * Add support for SEV-SNP (LP: #2001605) - [config] Keep sev-guest as built-in by defaults - [Config]: gcp: CONFIG_TSM_REPORTS=y due to recent CONFIG_SEV_GUEST=y change * Include cifs.ko in linux-modules package (LP: #2042546) - [Packaging] Replace fs/cifs with fs/smb/client in inclusion list [ Ubuntu: 6.5.0-28.29 ] * mantic/linux: 6.5.0-28.29 -proposed tracker (LP: #2059706) * Packaging resync (LP: #1786013) - [Packaging] drop getabis data * Remove getabis scripts (LP: #2059143) - [Packaging] Remove getabis * CVE-2023-52600 - jfs: fix uaf in jfs_evict_inode * Mantic update: upstream stable patchset 2024-03-27 (LP: #2059284) // CVE-2023-52603 - UBSAN: array-index-out-of-bounds in dtSplitRoot * CVE-2024-26581 - netfilter: nft_set_rbtree: skip end interval element from gc * Mantic update: upstream stable patchset 2024-03-07 (LP: #2056403) // CVE-2024-26589 - bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS * Mantic update: upstream stable patchset 2024-03-07 (LP: #2056403) // CVE-2024-26591 - bpf: Fix re-attachment branch in bpf_tracing_prog_attach * iwlwifi disconnect and crash - intel wifi7 (LP: #2058808) - wifi: iwlwifi: pcie: fix RB status reading -- John Cabaj Thu, 04 Apr 2024 20:40:52 -0500 ** Changed in: linux-gcp (Ubuntu) Status: New => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52600 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52603 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26581 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26589 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26591 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-gcp in Ubuntu. https://bugs.launchpad.net/bugs/2001605 Title: Add support for SEV-SNP Status in linux-gcp package in Ubuntu: Fix Released Status in linux-gcp source package in Jammy: Fix Released Bug description: Version 3 of AMD's Secure Encrypted Virtualization is called SNP (Secure Nested Pages). Support for this has been added to the kernel, mostly in v5.19 with some prerequisites from v5.16. This feature is requested to be backported to Jammy (5.15). More information at https://canonical.lightning.force.com/lightning/r/Case/5004K0EA2meQAD/view [Impact] No support for SEV-SNP on AMD EPYC2 CPUs currently [Fix] Add SEV-SNP support patches. [Test] Extensive testing by the cloud team over several months, testing general functionality under SEV-SNP. [Regression Potential] This was never working so there should be no risk of regression for SEV-SNP.As it does change those files it can have an effect on existing SEV functionality in case of a bug. The code is limited so no regression outside of SEV is expected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-gcp/+bug/2001605/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2001605] Re: Add support for SEV-SNP
This bug is awaiting verification that the linux-gcp/6.5.0-1018.18 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-mantic-linux-gcp' to 'verification-done-mantic- linux-gcp'. If the problem still exists, change the tag 'verification- needed-mantic-linux-gcp' to 'verification-failed-mantic-linux-gcp'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-mantic-linux-gcp-v2 verification-needed-mantic-linux-gcp -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-gcp in Ubuntu. https://bugs.launchpad.net/bugs/2001605 Title: Add support for SEV-SNP Status in linux-gcp package in Ubuntu: New Status in linux-gcp source package in Jammy: Fix Released Bug description: Version 3 of AMD's Secure Encrypted Virtualization is called SNP (Secure Nested Pages). Support for this has been added to the kernel, mostly in v5.19 with some prerequisites from v5.16. This feature is requested to be backported to Jammy (5.15). More information at https://canonical.lightning.force.com/lightning/r/Case/5004K0EA2meQAD/view [Impact] No support for SEV-SNP on AMD EPYC2 CPUs currently [Fix] Add SEV-SNP support patches. [Test] Extensive testing by the cloud team over several months, testing general functionality under SEV-SNP. [Regression Potential] This was never working so there should be no risk of regression for SEV-SNP.As it does change those files it can have an effect on existing SEV functionality in case of a bug. The code is limited so no regression outside of SEV is expected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-gcp/+bug/2001605/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2001605] Re: Add support for SEV-SNP
This bug was fixed in the package linux-gcp - 5.15.0-1029.36 --- linux-gcp (5.15.0-1029.36) jammy; urgency=medium * jammy/linux-gcp: 5.15.0-1029.36 -proposed tracker (LP: #2003429) [ Ubuntu: 5.15.0-60.66 ] * jammy/linux: 5.15.0-60.66 -proposed tracker (LP: #2003450) * Revoke & rotate to new signing key (LP: #2002812) - [Packaging] Revoke and rotate to new signing key linux-gcp (5.15.0-1028.35) jammy; urgency=medium * jammy/linux-gcp: 5.15.0-1028.35 -proposed tracker (LP: #2001767) * Add support for SEV-SNP (LP: #2001605) - KVM: SVM: Define sev_features and vmpl field in the VMSA - KVM: SEV: Refactor out sev_es_state struct - KVM: SVM: Create a separate mapping for the SEV-ES save area - KVM: SVM: Create a separate mapping for the GHCB save area - KVM: SVM: Update the SEV-ES save area mapping - x86/boot: Introduce helpers for MSR reads/writes - x86/boot: Use MSR read/write helpers instead of inline assembly - SAUCE: x86/compressed/64: Detect/setup SEV/SME features earlier in boot - x86/sev: Detect/setup SEV/SME features earlier in boot - x86/sev: Use CC_ATTR attribute to generalize string I/O unroll - x86/mm: Extend cc_attr to include AMD SEV-SNP - x86/sev: Shorten GHCB terminate macro names - SAUCE: x86/sev: Define the Linux specific guest termination reasons - x86/sev: Save the negotiated GHCB version - x86/sev: Carve out HV call's return value verification - x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV - x86/sev: Check SEV-SNP features support - x86/sev: Add a helper for the PVALIDATE instruction - x86/sev: Check the vmpl level - x86/compressed: Add helper for validating pages in the decompression stage - x86/compressed: Register GHCB memory when SEV-SNP is active - x86/sev: Register GHCB memory when SEV-SNP is active - x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c - x86/sev: Add helper for validating pages in early enc attribute changes - treewide: Replace the use of mem_encrypt_active() with cc_platform_has() - x86/head64: Carve out the guest encryption postprocessing into a helper - SAUCE: x86/kernel: Make the .bss..decrypted section shared in RMP table - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active - SAUCE: x86/mm: Add support to validate memory when changing C-bit - x86/sev: Remove do_early_exception() forward declarations - x86/sev: Use SEV-SNP AP creation to start secondary CPUs - x86/head/64: Re-enable stack protection - x86/compressed/acpi: Move EFI detection to helper - x86/compressed/acpi: Move EFI system table lookup to helper - x86/compressed/acpi: Move EFI config table lookup to helper - x86/compressed/acpi: Move EFI vendor table lookup to helper - x86/compressed/acpi: Move EFI kexec handling into common code - x86/boot: Add Confidential Computing type to setup_data - KVM: x86: Move lookup of indexed CPUID leafs to helper - x86/sev: Move MSR-based VMGEXITs for CPUID to helper - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers - x86/boot: Add a pointer to Confidential Computing blob in bootparams - x86/compressed: Add SEV-SNP feature detection/setup - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests - x86/compressed: Export and rename add_identity_map() - x86/compressed/64: Add identity mapping for Confidential Computing blob - x86/sev: Add SEV-SNP feature detection/setup - x86/sev: Use firmware-validated CPUID for SEV-SNP guests - x86/sev: Provide support for SNP guest request NAEs - x86/sev: Register SEV-SNP guest request platform device - virt: Add SEV-SNP guest driver - virt: sevguest: Add support to derive key - virt: sevguest: Add support to get extended report - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement - [config] Enable SEV_GUEST [ Ubuntu: 5.15.0-59.65 ] * jammy/linux: 5.15.0-59.65 -proposed tracker (LP: #2001801) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * CVE-2022-47940 - ksmbd: validate length in smb2_write() * Fix iosm: WWAN cannot build the connection (DW5823e) (LP: #1998115) - net: wwan: iosm: fix driver not working with INTEL_IOMMU disabled - [Config] CONFIG_IOSM update annotations on arm64 armhf ppc64el s390x * support for same series backports versioning numbers (LP: #1993563) - [Packaging] sameport -- add support for sameport versioning * [DEP-8] Run ADT regression suite for lowlatency kernels Jammy and later (LP: #1999528) - [DEP-8] Fix regression suite to run on lowlatency * Micron NVME storage failure [1344,5407] (LP: #1998883) - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH * Jammy update: v5.15.78 upstream stable release (LP: #1998843) - scsi: lpfc: Rework MIB Rx Monitor debug info logic - serial: ar933x: Dea
[Kernel-packages] [Bug 2001605] Re: Add support for SEV-SNP
This bug is awaiting verification that the linux-gcp/5.15.0-1028.35 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-gcp verification-needed-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-gcp in Ubuntu. https://bugs.launchpad.net/bugs/2001605 Title: Add support for SEV-SNP Status in linux-gcp package in Ubuntu: New Status in linux-gcp source package in Jammy: Fix Committed Bug description: Version 3 of AMD's Secure Encrypted Virtualization is called SNP (Secure Nested Pages). Support for this has been added to the kernel, mostly in v5.19 with some prerequisites from v5.16. This feature is requested to be backported to Jammy (5.15). More information at https://canonical.lightning.force.com/lightning/r/Case/5004K0EA2meQAD/view [Impact] No support for SEV-SNP on AMD EPYC2 CPUs currently [Fix] Add SEV-SNP support patches. [Test] Extensive testing by the cloud team over several months, testing general functionality under SEV-SNP. [Regression Potential] This was never working so there should be no risk of regression for SEV-SNP.As it does change those files it can have an effect on existing SEV functionality in case of a bug. The code is limited so no regression outside of SEV is expected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-gcp/+bug/2001605/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2001605] Re: Add support for SEV-SNP
** Changed in: linux-gcp (Ubuntu Jammy) Assignee: (unassigned) => Khaled El Mously (kmously) ** Changed in: linux-gcp (Ubuntu Jammy) Importance: Undecided => Critical ** Changed in: linux-gcp (Ubuntu Jammy) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-gcp in Ubuntu. https://bugs.launchpad.net/bugs/2001605 Title: Add support for SEV-SNP Status in linux-gcp package in Ubuntu: New Status in linux-gcp source package in Jammy: Fix Committed Bug description: Version 3 of AMD's Secure Encrypted Virtualization is called SNP (Secure Nested Pages). Support for this has been added to the kernel, mostly in v5.19 with some prerequisites from v5.16. This feature is requested to be backported to Jammy (5.15). More information at https://canonical.lightning.force.com/lightning/r/Case/5004K0EA2meQAD/view [Impact] No support for SEV-SNP on AMD EPYC2 CPUs currently [Fix] Add SEV-SNP support patches. [Test] Extensive testing by the cloud team over several months, testing general functionality under SEV-SNP. [Regression Potential] This was never working so there should be no risk of regression for SEV-SNP.As it does change those files it can have an effect on existing SEV functionality in case of a bug. The code is limited so no regression outside of SEV is expected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-gcp/+bug/2001605/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2001605] Re: Add support for SEV-SNP
** Description changed: Version 3 of AMD's Secure Encrypted Virtualization is called SNP (Secure Nested Pages). Support for this has been added to the kernel, mostly in v5.19 with some prerequisites from v5.16. This feature is requested to be backported to Jammy (5.15). + + + More information at https://canonical.lightning.force.com/lightning/r/Case/5004K0EA2meQAD/view ** Description changed: Version 3 of AMD's Secure Encrypted Virtualization is called SNP (Secure Nested Pages). Support for this has been added to the kernel, mostly in v5.19 with some prerequisites from v5.16. This feature is requested to be backported to Jammy (5.15). + More information at + https://canonical.lightning.force.com/lightning/r/Case/5004K0EA2meQAD/view - More information at https://canonical.lightning.force.com/lightning/r/Case/5004K0EA2meQAD/view + + [Impact] + No support for SEV-SNP on AMD EPYC2 CPUs currently + + [Fix] + Add SEV-SNP support patches. + + [Test] + Extensive testing by the cloud team over several months, testing general functionality under SEV-SNP. + + [Regression Potential] + This was never working so there should be no risk of regression for SEV-SNP.As it does change those files it can have an effect on existing SEV functionality in case of a bug. The code is limited so no regression outside of SEV is expected. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-gcp in Ubuntu. https://bugs.launchpad.net/bugs/2001605 Title: Add support for SEV-SNP Status in linux-gcp package in Ubuntu: New Status in linux-gcp source package in Jammy: New Bug description: Version 3 of AMD's Secure Encrypted Virtualization is called SNP (Secure Nested Pages). Support for this has been added to the kernel, mostly in v5.19 with some prerequisites from v5.16. This feature is requested to be backported to Jammy (5.15). More information at https://canonical.lightning.force.com/lightning/r/Case/5004K0EA2meQAD/view [Impact] No support for SEV-SNP on AMD EPYC2 CPUs currently [Fix] Add SEV-SNP support patches. [Test] Extensive testing by the cloud team over several months, testing general functionality under SEV-SNP. [Regression Potential] This was never working so there should be no risk of regression for SEV-SNP.As it does change those files it can have an effect on existing SEV functionality in case of a bug. The code is limited so no regression outside of SEV is expected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-gcp/+bug/2001605/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
