Ubuntu
linux package

[UBUNTU 20.04] KVM: Enable storage key checking for intercepted instruction

Bug #1962831 reported by bugproxy on 2022-03-03

This bug affects 1 person

	Status	Importance	Assigned to
Ubuntu on IBM z Systems	Fix Released	High	Skipper Bug Screeners
linux (Ubuntu)	Fix Released	High	Canonical Kernel Team
Focal	Fix Released	Medium	Unassigned

Bug Description

SRU Justification:
==================

[Impact]

* KVM uses lazy storage key enablement as Linux does no longer make use of
  the storage keys. When the guest enters keyed mode, then KVM will
  save/restore the key during paging, provide change/reference tracking for
  guest and host and for all interpreted instructions will do key protection.

* If an instruction is intercepted and passed along to userspace (like QEMU)
no storage key protection is checked, though.

* But this is in violation of the architecture and it can result in misbehaving
guests that rely on key protection for all instructions.

* This item will improve the MEMOP ioctl to also add key checking.
In case of a key protection the right fault is injected in the guest.

[Fix]

* The following changes since commit dbdbd581976f9dfcc9e21a777273b55bdb9bf138:
  UBUNTU: Ubuntu-5.4.0-102.115 (2022-02-23 15:32:05 +0100)
  are available in the Git repository at:
  https://git.launchpad.net/~fheimes/+git/lp1962831/ 16c0809cf1012e68279a8936a482c1d63cc4d14c
  for you to fetch changes up to 16c0809cf1012e68279a8936a482c1d63cc4d14c:
  KVM: s390: Add missing vm MEM_OP size check (2022-03-03 22:45:50 +0100)

* Patches are upstream accepted (but some are as of today still in linux-next).

* Notes on why the backports are needed are included in the provenance of the corresponding commit.

[Test Case]

* An IBM z13 or LinuxONE system is needed running Ubuntu Server 20.04
with QEMU/KVM setup.

* These modification here are covered by the following three tests:

* [kvm-unit-tests,v2] s390x: Test effect of storage keys on some instructions
https://patchwork<email address hidden>/

* [PATCH v2 0/5] memop selftest for storage key checking
https://<email address hidden>/

* c7ef9ebbed20 "KVM: s390: selftests: Test TEST PROTECTION emulation"

* The tests and the verification will be done by the IBM Z team.

* On top a test build is available (see below).

[Where problems could occur]

* Issues with vm ioctl may occur due to the introduction of _vm_ioctl.

* Tests may fail or may report wrong states due to the new TEST_FAIL macro in
tests/utilities or due to new variants of GUEST_ASSERT in selftests.

* Problems on gaccess might be caused due to the refactoring of gpa, length
calculation, access address range check and the new access_guest_page helper
function.

* In uaccess issues may occur due to the introduction of the bit field for OAC
specifier, that causes lot's but relatively straight forward changes or due
to the new storage key checking functions copy_from/to_user_key functions.

* Compile issues may happen if the changes in uaccess.h bout z10 features
are erroneous.

* Instructions that are emulated by KVM might be impacted due to the expanded
  storage key checking, that now covers intercepted instructions, too.
  This is the most significant modification in terms of size and complexity
  and therefore carries the highest risk.

* MEM_OP IOCTL could be harmed due to the additional, but optional, storage
key extension and checking, or the new size check and I/O emulation can be
impacted due to the new vm IOCTL for key checked guest memory access.

* Some tests were added to mitigate this, like the selftests TEST PROTECTION.

* The renaming of the existing vcpu memop functions shouldn't be very harmful,
since issues will already occur test build.

* The rest are API documentation updates and clarifications.

* Except two include/header changes and changes in tools/testing
all other modifications are s390x specific

[Other]

* It was ensured that these changes are in jammy based on LP#1933179.

__________

Description:
KVM uses lazy storage key enablement as Linux does no longer make use of the storage keys. When the guest enters keyed mode, then KVM will save/restore the key during paging, provide change/reference tracking for guest and host and for all interpreted instructions will do key protection.
If an instruction is intercepted and passed along to userspace (like QEMU) no storage key protection is checked, though. This is in violation of the architecture and it can result in misbehaving guests that rely on key protection for all instructions.
This item will add the missing key checking to MEMOP ioctl.

See original description

Tags:

bugproxy (bugproxy) on 2022-03-03

tags:	added: architecture-s39064 bugnameltc-196455 severity-high targetmilestone-inin---
Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Revision history for this message

bugproxy (bugproxy) wrote on 2022-03-03: Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2022-03-03 05:34 EDT-------
Here is the action performed to arrive at the specific patch, respectively:

01. backport e2c12909ae5f (selftests: kvm: add _vm_ioctl)
02. backport a46f8a63cde8 (selftests: kvm: Introduce the TEST_FAIL macro)
03. cherry-pick 3e6b94126784 (KVM: selftests: Add GUEST_ASSERT variants to pass values to host)
04. cherry-pick 416e7f0c9d61 (KVM: s390: gaccess: Refactor gpa and length calculation)
05. cherry-pick 7faa543df19b (KVM: s390: gaccess: Refactor access address range check)
06. cherry-pick bad13799e030 (KVM: s390: gaccess: Cleanup access to guest pages)
07. backport 012a224e1fa3 (s390/uaccess: introduce bit field for OAC specifier)
08. backport 3d787b392d16 (s390/uaccess: fix compile error)
09. backport 1a82f6ab2365 (s390/uaccess: Add copy_from/to_user_key functions)
10. backport e613d83454d7 (KVM: s390: Honor storage keys when accessing guest memory)
11. cherry-pick 61380a7adfce (KVM: s390: handle_tprot: Honor storage keys)
12. backport c7ef9ebbed20 (KVM: s390: selftests: Test TEST PROTECTION emulation)
13. cherry-pick e9e9feebcbc1 (KVM: s390: Add optional storage key checking to MEMOP IOCTL)
14. backport ef11c9463ae0 (KVM: s390: Add vm IOCTL for key checked guest absolute memory access)
15. cherry-pick 0e1234c02b77 (KVM: s390: Rename existing vcpu memop functions)
16. backport d004079edc16 (KVM: s390: Add capability for storage key extension of MEM_OP IOCTL)
17. backport 5e35d0eb472b (KVM: s390: Update api documentation for memop ioctl)
18. backport cbf9b8109d32 (KVM: s390: Clarify key argument for MEM_OP in api docs)
19. cherry-pick 3d9042f8b923 (KVM: s390: Add missing vm MEM_OP size check)

Notes on backport
01. resolve minor conflict due to additional includes
02. resolve minor conflict due to additional functionality
07. backport needs to use primary address space
08. resolve minor conflict, only move #define
09. resolve minor conflict caused by older base, e.g. use of primary address space
implement __copy_to/from_user_key by copying include/linux/uaccess.h (i.e. old code) implementation and adding key support
10. replace locking of current->mm
mark_page_dirty instead of mark_page_dirty_in_slot
12. replace aligned attribute
GUEST_ASSERT instead of GUEST_ASSERT_EQ,
fprintf instead of print_skip
14. replace locking of current->mm
16. resolve minor conflict caused by additional capabilities
ADJUST CAPABILITY NUMBER TO 211 TO ACCOUNT FOR MERGE COMMIT IN kvm-next THAT CHANGED IT
17. move documentation to api.txt
18. move documentation to api.txt

As 16. mentions, capability number was adjusted to 211

------- Comment From Boris.mail@de.ibm.com 2022-03-03 05:34 EDT-------
Here is the action performed to arrive at the specific patch, respectively:

01. backport    e2c12909ae5f (selftests: kvm: add _vm_ioctl)
02. backport    a46f8a63cde8 (selftests: kvm: Introduce the TEST_FAIL macro)
03. cherry-pick 3e6b94126784 (KVM: selftests: Add GUEST_ASSERT variants to pass values to host)
04. cherry-pick 416e7f0c9d61 (KVM: s390: gaccess: Refactor gpa and length calculation)
05. cherry-pick 7faa543df19b (KVM: s390: gaccess: Refactor access address range check)
06. cherry-pick bad13799e030 (KVM: s390: gaccess: Cleanup access to guest pages)
07. backport    012a224e1fa3 (s390/uaccess: introduce bit field for OAC specifier)
08. backport    3d787b392d16 (s390/uaccess: fix compile error)
09. backport    1a82f6ab2365 (s390/uaccess: Add copy_from/to_user_key functions)
10. backport    e613d83454d7 (KVM: s390: Honor storage keys when accessing guest memory)
11. cherry-pick 61380a7adfce (KVM: s390: handle_tprot: Honor storage keys)
12. backport    c7ef9ebbed20 (KVM: s390: selftests: Test TEST PROTECTION emulation)
13. cherry-pick e9e9feebcbc1 (KVM: s390: Add optional storage key checking to MEMOP IOCTL)
14. backport    ef11c9463ae0 (KVM: s390: Add vm IOCTL for key checked guest absolute memory access)
15. cherry-pick 0e1234c02b77 (KVM: s390: Rename existing vcpu memop functions)
16. backport    d004079edc16 (KVM: s390: Add capability for storage key extension of MEM_OP IOCTL)
17. backport    5e35d0eb472b (KVM: s390: Update api documentation for memop ioctl)
18. backport    cbf9b8109d32 (KVM: s390: Clarify key argument for MEM_OP in api docs)
19. cherry-pick 3d9042f8b923 (KVM: s390: Add missing vm MEM_OP size check)

As 16. mentions, capability number was adjusted to 211

Revision history for this message

bugproxy (bugproxy) wrote on 2022-03-03: backported patches (combined, cap=211)

backported patches (combined, cap=211) Edit (30.1 KiB, application/x-gzip)

------- Comment (attachment only) From <email address hidden> 2022-03-03 05:32 EDT-------

Frank Heimes (fheimes) on 2022-03-03

Changed in linux (Ubuntu):
importance:	Undecided → High
Changed in ubuntu-z-systems:
importance:	Undecided → High
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-03-03: Re: [UBUNTU 20.04] KVM: Enable storage key checking for intercepted instruction (Backport to focal)

Some stats in the changes:

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-03-04:

A test build is now available at the PPA here:
https://launchpad.net/~fheimes/+archive/ubuntu/lp1962831

Frank Heimes (fheimes) on 2022-03-04

summary:

[UBUNTU 20.04] KVM: Enable storage key checking for intercepted
- instruction (Backport to focal)
+ instruction

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-03-04:

Pull request submitted to kernel team's mailing list:
https://lists.ubuntu.com/archives/kernel-team/2022-March/thread.html#128468
changing status to 'In Progress'.

description:	updated
Changed in linux (Ubuntu):
status:	New → In Progress
Changed in ubuntu-z-systems:
status:	New → In Progress
Changed in linux (Ubuntu):
assignee:	Skipper Bug Screeners (skipper-screen-team) → Canonical Kernel Team (canonical-kernel-team)

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-03-04:

Btw. I had to slightly adjust the backport (commit #16) due to changed context, that was caused by a diag 318 patch that has landed meanwhile.

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-03-07 (last edit on 2022-03-07):

Additional comment to #16: adjust capability number to 211 to account for an outstanding merge in kvm-next that changed it:
https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?h=next&id=4dfc4ec2b7f5a3a27d166ac42cf8a583fa2d328

Frank Heimes (fheimes) on 2022-03-07

description:

updated

Stefan Bader (smb) on 2022-03-16

Changed in linux (Ubuntu Focal):
importance:	Undecided → Medium
status:	New → Fix Committed

Frank Heimes (fheimes) on 2022-03-16

Changed in linux (Ubuntu):
status:	In Progress → Fix Committed
Changed in ubuntu-z-systems:
status:	In Progress → Fix Committed

bugproxy (bugproxy) on 2022-03-21

tags:

added: targetmilestone-inin2004
removed: targetmilestone-inin---

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-03-21:

This is Fix Released for jammy, since addressed at LP#1933179.

Changed in linux (Ubuntu):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-03-21:

This bug is awaiting verification that the linux/5.4.0-106.120 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

bugproxy (bugproxy) on 2022-03-22

tags:

added: verification-done-focal
removed: verification-needed-focal

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-03-25:

#10

This bug is awaiting verification that the linux-hwe-5.4/5.4.0-107.121~18.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-03-25:

#11

This bug was opened for focal, bionic was not really requested and is not marked as affected,
so I'm setting the verification-done-bionic tag to unblock further SRU processing.

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-04-19:

#12

Download full text (10.8 KiB)

This bug was fixed in the package linux - 5.4.0-109.123

---------------
linux (5.4.0-109.123) focal; urgency=medium

* focal/linux: 5.4.0-109.123 -proposed tracker (LP: #1968290)

  * USB devices not detected during boot on USB 3.0 hubs (LP: #1968210)
    - SAUCE: Revert "Revert "xhci: Set HCD flag to defer primary roothub
      registration""
    - SAUCE: Revert "Revert "usb: core: hcd: Add support for deferring roothub
      registration""

linux (5.4.0-108.122) focal; urgency=medium

* focal/linux: 5.4.0-108.122 -proposed tracker (LP: #1966740)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync dkms-build{,--nvidia-N} from LRMv5
    - debian/dkms-versions -- update from kernel-versions (main/2022.03.21)

* Low RX performance for 40G Solarflare NICs (LP: #1964512)
- SAUCE: sfc: The size of the RX recycle ring should be more flexible

  * [UBUNTU 20.04] KVM: Enable storage key checking for intercepted instruction
    (LP: #1962831)
    - selftests: kvm: add _vm_ioctl
    - selftests: kvm: Introduce the TEST_FAIL macro
    - KVM: selftests: Add GUEST_ASSERT variants to pass values to host
    - KVM: s390: gaccess: Refactor gpa and length calculation
    - KVM: s390: gaccess: Refactor access address range check
    - KVM: s390: gaccess: Cleanup access to guest pages
    - s390/uaccess: introduce bit field for OAC specifier
    - s390/uaccess: fix compile error
    - s390/uaccess: Add copy_from/to_user_key functions
    - KVM: s390: Honor storage keys when accessing guest memory
    - KVM: s390: handle_tprot: Honor storage keys
    - KVM: s390: selftests: Test TEST PROTECTION emulation
    - KVM: s390: Add optional storage key checking to MEMOP IOCTL
    - KVM: s390: Add vm IOCTL for key checked guest absolute memory access
    - KVM: s390: Rename existing vcpu memop functions
    - KVM: s390: Add capability for storage key extension of MEM_OP IOCTL
    - KVM: s390: Update api documentation for memop ioctl
    - KVM: s390: Clarify key argument for MEM_OP in api docs
    - KVM: s390: Add missing vm MEM_OP size check

  * 【sec-0911】 fail to reset sec module (LP: #1943301)
    - crypto: hisilicon/sec2 - Add workqueue for SEC driver.
    - crypto: hisilicon/sec2 - update SEC initialization and reset

  * Lots of hisi_qm zombie task slow down system after stress test
    (LP: #1932117)
    - crypto: hisilicon - Use one workqueue per qm instead of per qp

  * Lots of hisi_qm zombie task slow down system after stress test
    (LP: #1932117) // 【sec-0911】 fail to reset sec module (LP: #1943301)
    - crypto: hisilicon - Unify hardware error init/uninit into QM

  * [UBUNTU 20.04] Fix SIGP processing on KVM/s390 (LP: #1962578)
    - KVM: s390: Simplify SIGP Set Arch handling
    - KVM: s390: Add a routine for setting userspace CPU state

  * Move virtual graphics drivers from linux-modules-extra to linux-modules
    (LP: #1960633)
    - [Packaging] Move VM DRM drivers into modules

This bug was fixed in the package linux - 5.4.0-109.123

---------------
linux (5.4.0-109.123) focal; urgency=medium

* focal/linux: 5.4.0-109.123 -proposed tracker (LP: #1968290)

linux (5.4.0-108.122) focal; urgency=medium

* focal/linux: 5.4.0-108.122 -proposed tracker (LP: #1966740)

* Packaging resync (LP: #1786013)
    - [Packaging] resync dkms-build{,--nvidia-N} from LRMv5
    - debian/dkms-versions -- update from kernel-versions (main/2022.03.21)

* Low RX performance for 40G Solarflare NICs (LP: #1964512)
    - SAUCE: sfc: The size of the RX recycle ring should be more flexible

* 【sec-0911】 fail to reset sec module (LP: #1943301)
    - crypto: hisilicon/sec2 - Add workqueue for SEC driver.
    - crypto: hisilicon/sec2 - update SEC initialization and reset

* Lots of hisi_qm zombie task slow down system after stress test
    (LP: #1932117)
    - crypto: hisilicon - Use one workqueue per qm instead of per qp

* [UBUNTU 20.04] Fix SIGP processing on KVM/s390 (LP: #1962578)
    - KVM: s390: Simplify SIGP Set Arch handling
    - KVM: s390: Add a routine for setting userspace CPU state

* Move virtual graphics drivers from linux-modules-extra to linux-modules
    (LP: #1960633)
    - [Packaging] Move VM DRM drivers into modules

* Focal update: v5.4.178 upstream stable release (LP: #1964634)
    - audit: improve audit queue handling when "audit=1" on cmdline
    - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
    - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
    - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
    - ALSA: usb-audio: Simplify quirk entries with a macro
    - ALSA: hda/realtek: Add quirk for ASUS GU603
    - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220
      quirks
    - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer
      chipset)
    - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after
      reboot from Windows
    - btrfs: fix deadlock between quota disable and qgroup rescan worker
    - drm/nouveau: fix off by one in BIOS boundary checking
    - mm/kmemleak: avoid scanning potential huge holes
    - block: bio-integrity: Advance seed correctly for larger interval sizes
    - memcg: charge fs_context and legacy_fs_context
    - IB/rdmavt: Validate remote_addr during loopback atomic tests
    - RDMA/siw: Fix broken RDMA Read Fence/Resume logic.
    - RDMA/mlx4: Don't continue event handler after memory allocation failure
    - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
    - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
    - spi: bcm-qspi: check for valid cs before applying chip select
    - spi: mediatek: Avoid NULL pointer crash in interrupt
    - spi: meson-spicc: add IRQ check in meson_spicc_probe
    - net: ieee802154: hwsim: Ensure proper channel selection at probe time
    - net: ieee802154: mcr20a: Fix lifs/sifs periods
    - net: ieee802154: ca8210: Stop leaking skb's
    - net: ieee802154: Return meaningful error codes from the netlink helpers
    - net: macsec: Verify that send_sci is on when setting Tx sci explicitly
    - net: stmmac: dump gmac4 DMA registers correctly
    - net: stmmac: ensure PTP time register reads are consistent
    - drm/i915/overlay: Prevent divide by zero bugs in scaling
    - ASoC: fsl: Add missing error handling in pcm030_fabric_probe
    - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes
    - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
    - ASoC: max9759: fix underflow in speaker_gain_control_put()
    - pinctrl: bcm2835: Fix a few error paths
    - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
    - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
    - selftests: futex: Use variable MAKE instead of make
    - rtc: cmos: Evaluate century appropriate
    - EDAC/altera: Fix deferred probing
    - EDAC/xgene: Fix deferred probing
    - ext4: fix error handling in ext4_restore_inline_data()
    - cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
    - Linux 5.4.178

* Focal update: v5.4.177 upstream stable release (LP: #1964628)
    - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
    - psi: Fix uaf issue when psi trigger is destroyed while being polled
    - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
    - net: amd-xgbe: ensure to reset the tx_timer_active flag
    - net: amd-xgbe: Fix skb data length underflow
    - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
    - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
    - af_packet: fix data-race in packet_setsockopt / packet_setsockopt
    - Linux 5.4.177

* Focal update: v5.4.176 upstream stable release (LP: #1962345)
    - s390/hypfs: include z/VM guests with access control group set
    - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP
      devices
    - udf: Restore i_lenAlloc when inode expansion fails
    - udf: Fix NULL ptr deref when converting from inline format
    - PM: wakeup: simplify the output logic of pm_show_wakelocks()
    - tracing/histogram: Fix a potential memory leak for kstrdup()
    - tracing: Don't inc err_log entry count if entry allocation fails
    - fsnotify: fix fsnotify hooks in pseudo filesystems
    - drm/etnaviv: relax submit size limits
    - arm64: errata: Fix exec handling in erratum 1418040 workaround
    - netfilter: nft_payload: do not update layer 4 checksum when mangling
      fragments
    - serial: 8250: of: Fix mapped region size when using reg-offset property
    - serial: stm32: fix software flow control transfer
    - tty: n_gsm: fix SW flow control encoding/handling
    - tty: Add support for Brainboxes UC cards.
    - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
    - usb: common: ulpi: Fix crash in ulpi_match()
    - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
    - USB: core: Fix hang in usb_kill_urb by adding memory barriers
    - usb: typec: tcpm: Do not disconnect while receiving VBUS off
    - ucsi_ccg: Check DEV_INT bit only when starting CCG4
    - net: sfp: ignore disabled SFP node
    - powerpc/32: Fix boot failure with GCC latent entropy plugin
    - i40e: Increase delay to 1 s after global EMP reset
    - i40e: Fix issue when maximum queues is exceeded
    - i40e: Fix queues reservation for XDP
    - i40e: fix unsigned stat widths
    - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
    - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
    - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
    - ipv6_tunnel: Rate limit warning messages
    - net: fix information leakage in /proc/net/ptype
    - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
    - hwmon: (lm90) Mark alert as broken for MAX6680
    - ping: fix the sk_bound_dev_if match in ping_lookup
    - ipv4: avoid using shared IP generator for connected sockets
    - hwmon: (lm90) Reduce maximum conversion rate for G781
    - NFSv4: Handle case where the lookup of a directory fails
    - NFSv4: nfs_atomic_open() can race when looking up a non-regular file
    - net-procfs: show net devices bound packet types
    - drm/msm: Fix wrong size calculation
    - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
    - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
    - ipv6: annotate accesses to fn->fn_sernum
    - NFS: Ensure the server has an up to date ctime before hardlinking
    - NFS: Ensure the server has an up to date ctime before renaming
    - netfilter: conntrack: don't increment invalid counter on NF_REPEAT
    - net: phy: broadcom: hook up soft_reset for BCM54616S
    - phylib: fix potential use-after-free
    - rxrpc: Adjust retransmission backoff
    - hwmon: (lm90) Mark alert as broken for MAX6654
    - ibmvnic: init ->running_cap_crqs early
    - ibmvnic: don't spin in tasklet
    - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
    - yam: fix a memory leak in yam_siocdevprivate()
    - net: hns3: handle empty unknown interrupt for VF
    - ipv4: raw: lock the socket in raw_bind()
    - ipv4: tcp: send zero IPID in SYNACK messages
    - ipv4: remove sparse error in ip_neigh_gw4()
    - dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config
    - fsnotify: invalidate dcache before IN_DELETE event
    - block: Fix wrong offset in bio_truncate()
    - mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip()
    - Linux 5.4.176

* Focal update: v5.4.175 upstream stable release (LP: #1962330)
    - rcu: Tighten rcu_advance_cbs_nowake() checks
    - pinctrl: bcm2835: Drop unused define
    - pinctrl: bcm2835: Refactor platform data
    - pinctrl: bcm2835: Add support for all GPIOs on BCM2711
    - pinctrl: bcm2835: Match BCM7211 compatible string
    - pinctrl: bcm2835: Add support for wake-up interrupts
    - pinctrl: bcm2835: Change init order for gpio hogs
    - ARM: dts: gpio-ranges property is now required
    - mmc: sdhci-esdhc-imx: disable CMDQ support
    - select: Fix indefinitely sleeping task in poll_schedule_timeout()
    - Linux 5.4.175

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Fri, 08 Apr 2022 10:44:46 +0200

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Frank Heimes (fheimes) on 2022-04-19

Changed in ubuntu-z-systems:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

backported patches (combined, cap=211) Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

[UBUNTU 20.04] KVM: Enable storage key checking for intercepted instruction

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package