unmap_pages() iommu_domain_ops callback support"

Launchpad Bug Tracker Wed, 26 Jul 2023 03:27:55 -0700

This bug was fixed in the package linux-gcp-5.19 -
5.19.0-1030.32~22.04.1

---------------
linux-gcp-5.19 (5.19.0-1030.32~22.04.1) jammy; urgency=medium


  * jammy/linux-gcp-5.19: 5.19.0-1030.32~22.04.1 -proposed tracker
    (LP: #2027609)

  * gcp: backport "iommu/amd: Add map/unmap_pages() iommu_domain_ops  callback
    support" (LP: #2023313)
    - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback
    - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback
    - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support

linux-gcp-5.19 (5.19.0-1029.31~22.04.1) jammy; urgency=medium

  * jammy/linux-gcp-5.19: 5.19.0-1029.31~22.04.1 -proposed tracker
    (LP: #2026451)

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  [ Ubuntu: 5.19.0-50.50 ]

  * jammy/linux-hwe-5.19: 5.19.0-50.50 -proposed tracker (LP: #2026456)
  * CVE-2023-2640 // CVE-2023-32629
    - Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in
      ovl_do_(set|remove)xattr"
    - Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
      trusted.overlayfs.* xattrs"
    - SAUCE: overlayfs: default to userxattr when mounted from non initial user
      namespace
  * CVE-2023-35001
    - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
  * CVE-2023-31248
    - netfilter: nf_tables: do not ignore genmask when looking up chain by id
  * CVE-2023-3389
    - io_uring: hold uring mutex around poll removal
  * CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
  * CVE-2023-3141
    - memstick: r592: Fix UAF bug in r592_remove due to race condition
  * CVE-2023-3090
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb
  * CVE-2022-48502
    - fs/ntfs3: Check fields while reading
  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

 -- Thadeu Lima de Souza Cascardo <[email protected]>  Wed, 12 Jul
2023 16:00:46 -0300

** Changed in: linux-gcp-5.19 (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-48502

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2640

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3090

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-31248

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3141

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-32629

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3389

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3390

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-35001

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-gcp in Ubuntu.
https://bugs.launchpad.net/bugs/2023313

Title:
  gcp: backport "iommu/amd: Add map/unmap_pages() iommu_domain_ops
  callback support"

Status in linux-gcp package in Ubuntu:
  In Progress
Status in linux-gcp-5.19 package in Ubuntu:
  New
Status in linux-gcp source package in Jammy:
  Invalid
Status in linux-gcp-5.19 source package in Jammy:
  Fix Released
Status in linux-gcp source package in Kinetic:
  In Progress
Status in linux-gcp-5.19 source package in Kinetic:
  Invalid

Bug description:
  GCP is requesting the backport of the patch "6b080c4e815ceba3c08f
  iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support"
  from upstream 6.2 to the 5.19 gcp kernel

  The following two patches are required for the backport:
   6b080c4e815ceba3c08ffa980c858595c07e7 iommu/amd/io-pgtable: Implement 
map_pages io_pgtable_ops callback
   251c4db699ca7b966db7e59e8663a231c96ba iommu/amd/io-pgtable: Implement 
unmap_pages io_pgtable_ops callback

  More info at
  https://canonical.lightning.force.com/lightning/r/Case/5008e00000CjJJCAA3/view

  Impact:
   - This allows the AMD iommu driver to map/unmap multiple pages in one call. 
GCP states that these changes also have a security side-effect which they are 
interested in.

  Testing:
   - Boot-tested the changes in SEV, SEV-SNP and non-SEV environments on AMD 
hardware.

  Regression potential:
   - The changes are limited to the AMD iommu driver. Regression potential 
could impact virtualization on AMD hardware. Risk is considered low as the 
changes are limited and apply cleanly from upstream. The requested patch is 
from 6.2 and there have been no follow-up fixes since.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-gcp/+bug/2023313/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2023313] Re: gcp: backport "iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support"

Reply via email to