I added the SRU description to the bug, MP review is complete and also the sniff tests on the PPA are. Thanks everyone for the participation - uploaded to F/G -unapproved for review by the SRU Team.
** Description changed: + [Impact] + + * Support for secure execution environments was in Focal since release, + but a few more use-cases were found that don't work well in those + conditions. This is one of them and fixing it shall further complete + the capabilities in SE as part of the "SRU for HW exploitation". + + * Qemu already has the code needed, but libvirt needs to be able to pass + the right options which hereby is implemented. + + [Test Case] + + * Get a KVM/Qemu guest on s390x + * Edit the guest defninition and add a vsock device like + <vsock model='virtio'> + <cid auto='no' address='3'/> + <driver iommu='on'/> + </vsock> + * Starting the guest should + a) in any environment now render iommu_platform=on into the qemu + commandline + b) in a Secure Execution environment allow the guest to start (due to + that extra argument that now is configurable) + + [Where problems could occur] + + * The code it changes is mostly specific around vsock and to some extend + on a more generic level around qemu command validation. Therefore the + places to look out for (of the many very different qemu/kvm/libvirt use + cases are a) vsock usage and b) commandline generation + + [Other Info] + + * n/a + + + --- + Problem: vsock can't be used with Secure Execution - + ---uname output--- Linux se1 5.4.0-62-generic #70-Ubuntu SMP Tue Jan 12 16:27:38 UTC 2021 s390x s390x s390x GNU/Linux - - Machine Type = z15 8562 - + + Machine Type = z15 8562 + ---Debugger--- A debugger is not configured - + ---Steps to Reproduce--- - In a Secure Execution environment the Qemu driver vhost-vsock-ccw driver requires the argument "iommu_platform=on". + In a Secure Execution environment the Qemu driver vhost-vsock-ccw driver requires the argument "iommu_platform=on". E.g. "qemu-system-s390x -device vhost-vsock-ccw,guest- cid=42,iommu_platform=on ..." - Currently Libvirt does not support this argument. Therfore Vsock can't be defined in XML correctly. Libvirt Version is 6.0.0-0ubuntu8.5. - - Userspace tool common name: virsh + Currently Libvirt does not support this argument. Therfore Vsock can't + be defined in XML correctly. Libvirt Version is 6.0.0-0ubuntu8.5. + + Userspace tool common name: virsh The userspace tool has the following bit modes: 64 - Userspace rpm: libvirt-clients - Userspace tool obtained from project website: na + Userspace rpm: libvirt-clients + Userspace tool obtained from project website: na Please apply this update to 21.04, 20.10 and 20.04 ! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1913266 Title: [UBUNTU 20.04] Vsock can't be used with Secure Execution, required argument not supported To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1913266/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
