This bug was fixed in the package s390-tools - 2.12.0-0ubuntu3
---------------
s390-tools (2.12.0-0ubuntu3) focal; urgency=medium
* Update patch series to master tip:
- PVM / genprotimg LP: #1834534, FFe LP: #1866866
- zipl/libc: Fix potential buffer overflow LP: #1865032
- zipl: Fix secureboot documentation LP: #1864654
- Many other smaller bugfixes
-- Dimitri John Ledkov <x...@ubuntu.com> Fri, 20 Mar 2020 12:08:13
+0000
** Changed in: s390-tools (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1866866
Title:
[FFe] Please accept patches for secure guest feature
Status in Ubuntu on IBM z Systems:
New
Status in linux package in Ubuntu:
Confirmed
Status in qemu package in Ubuntu:
New
Status in s390-tools package in Ubuntu:
Fix Released
Bug description:
The secure guest feature (aka protvirt) affects multiple components (kernel,
qemu and s390-tools - see below).
While dedicated tickets for the different components exist since quite a
while, the code arrived late and/or discussion to get it upstream accepted took
longer than expected.
(Even if we as of today didn't reached the kernel freeze, I'm already adding
kernel to this FFe.)
Since this is a very important feature the current IBM Z and LinuxONE
family, it's requested to be included into focal, the next LTS
release, to become exploitable by long running systems.
The code is largely architecture specific.
No brand new packages or new upstream version are requested, only the
cherry-pick of commits (or PR) - so far everything is 'cherry-pick'-able.
kernel:
The patch set for the kernel is huge (30+ commits), but has only one common
code patch (two files).
The arch specific patches landed in between in linux-next, the arch specific
one is expected to land there very soon (hours/days from now). The common-code
patch ran through several hands and landed in between in Andrew Morton's mmots
tree.
A pre-screening of the code was done by the kernel team and it looked
acceptable.
(dedicated kernel ticket: https://bugs.launchpad.net/bugs/1835531)
qemu:
The entire code seems to be arch specific.
Again a pre-screening of the maintainer lead to the fact that it should be
acceptable, too.
(dedicated qemu ticket: https://bugs.launchpad.net/bugs/1835546)
s390-tools:
The entire tool only exists for the s390x architecture.
Hence obviously everything is arch specific on that.
(dedicated s390-tools ticket: https://bugs.launchpad.net/bugs/1834534)
Currently work is going on to test this function end to end based on Ubuntu
components (means based on our s390-tools, qemu and kernel [focal master-next]
trees).
On top I applied the patches to the packages as well and did manual test
buids.
With that a potential regression can be considered as low - and even
in case of a regression, it will affect s390x only.
The patches are being staged for this feature in:
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3970
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1866866/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
