[Bug 1959965] Re: [22.04 FEAT] KVM: Secure Execution guest dump encryption with customer keys - s390-tools part

Frank Heimes 1959965 at bugs.launchpad.net
Fri Oct 11 09:08:50 UTC 2024 

Moving over comments that were accidentally added to LP#2003680 to this
LP bug (where they belong to):

------- Comment From Boris.mail at de.ibm.com 2024-10-09 09:46 EDT-------
Thanks @Marc for providing the list of patches/ commits that are required for a SRU to Ubuntu 22.04 (with s390-tools 2.20.0-0ubuntu3.3 which is the current version in jammy).

The last patch cannot be applied cleanly (because of a conflict in
zdump/Makefile).

7ee51182bf3a zdump: fix memory leak of `path`
da9b96fb122b lib/zt_common.h: consolidate `ROUNDUP` macro
39b6c4a2734d zdump: introduce `ELF_NOTE_ROUNDUP` macro
e24d8c936c34 zdump: move `NOTE_NAME_*` definitions to `df_elf.h`
8d7e8a87b5b0 zdump: df_elf: move function documentation to function declarations
776e5d41d7a8 zdump: dfi_elf: factor out some ELF functionalities
229cd6d194ec zdump: don't modify passed program header in `pt_load_add()`
ff3fe4bf437f zdump: constify `struct zg_fh *fh` parameter in the zg file APIs
8944c2f60d6f zdump: dfi_elf: refactor `read_elf_(ehdr|phdrs)`
09c413b1be6a zdump: read_elf_phdrs: handle no program header case
25475bdf4280 zdump: read_elf_phdrs: fix `-Wconversion` issue
922d29ee4901 zdump: dfi_elf_init: introduce temporary variable
4e6d43e2acfc zdump: dfi_elf: refactor `nt_*` functions
f93f437f8b4d zdump: df_elf: `read_elf_hdr`: return Elf64_Ehdr struct
eef0dd4fa420 zdump: df_elf: add missing endianness check
922e8cbb2fa3 zdump: since we create ELF version 1 files use this value explicitly
1780efae07f7 zdump: df_elf: ehdr_is_elf_object: add ELF version check
61765090769c zdump: df_elf: refactor `check_elf_hdr`
2734724432d3 zdump: df_elf: add multiple ELF section helper
dc87aef33529 zdump: dfo_elf: replace `HDR_PER_CPU_SIZE` with `get_max_note_size_per_cpu`
d712806b39d0 lib/zt_common.h: add macro for determining field size
029a3f8f523e zdump: add guarded storage support for ELF input and output format
a6f2c3889140 zdump: constify `dfi_vmcoreinfo_get`
bd18166a2186 zdump: opts: declare `print_usage_exit` in header file
7f09f0e4adbb zdump: refactor `pt_load_add`
5a052103ae1e zdump: fix signatures of the wrappers zg_alloc, zg_realloc and zg_ioctl
2025cf751f80 zdump: man: fix long form of abbreviation
6cbd81f9975b zdump: zg.h: consolidate `PAGE_SIZE` macros
a1a4ae3c230d ("libpv/genprotimg/pvattest: use `glib/gi18n.h`")
f957d895cd09 zdump: consolidate error reporting
f0fb4a180a58 zdump: refactor usage print
e537ab902ed4 zdump: Makefile: add basic libpv support
8fa1b5a00b9c zdump: dfi: add support to read Protected Virtualization dumps

------- Comment From MHartmay at de.ibm.com 2024-10-09 10:59 EDT-------
@Boris

Yep, but it's easy to resolve the conflict. In case of the original
patch, ngdump support was already added to zdump (but I guess we don't
want to pick those patches as well).

8ddc31ea7741 ("zdump: Implement NGDump helpers")
0466760ec115 ("zdump: Implement DT interface for NGDump")
6c0f429805a4 ("zdump: Implement DFI interface for NGDump")

So in order to resolve the conflict simply remove:

ngdump.o dt_ngdump.o dfi_ngdump.o

from the zdump/Makefile.

** Changed in: s390-tools (Ubuntu Jammy)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1959965

Title:
  [22.04 FEAT] KVM: Secure Execution guest dump encryption with customer
  keys - s390-tools part

Status in Ubuntu on IBM z Systems:
  Fix Released
Status in s390-tools package in Ubuntu:
  Fix Released
Status in s390-tools source package in Jammy:
  Triaged

Bug description:
  KVM: Secure Execution guest dump encryption with customer keys -
  s390-tools part

  Description:
  Hypervisor-initiated dumps for Secure Execution guests are not helpful because memory and CPU state is encrypted by a transient key only available to the Ultravisor.  Workload owners can still configure kdump in order to obtain kernel crash infomation, but there are situation where kdump doesn't work. In such situations problem determination is severely impeded. This feature will implement dumps created in a way that can only be decrypted by the owner of the guest image and be used for problem determination.

  Request Type: Package - Update Version
  Upstream Acceptance: In Progress
  Code Contribution: IBM code

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1959965/+subscriptions

More information about the foundations-bugs mailing list