From patchwork Thu Jan 11 10:28:51 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stefan Bader <stefan.bader@canonical.com>
X-Patchwork-Id: 1885458
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=185.125.189.65; helo=lists.ubuntu.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com;
 receiver=patchwork.ozlabs.org)
Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4T9grP6V4lz1yPw
	for <incoming@patchwork.ozlabs.org>; Thu, 11 Jan 2024 21:29:09 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com)
	by lists.ubuntu.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1rNsJ3-0001Wy-1q; Thu, 11 Jan 2024 10:29:01 +0000
Received: from smtp-relay-canonical-0.internal ([10.131.114.83]
 helo=smtp-relay-canonical-0.canonical.com)
 by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.86_2) (envelope-from <stefan.bader@canonical.com>)
 id 1rNsIw-0001Va-5E
 for kernel-team@lists.ubuntu.com; Thu, 11 Jan 2024 10:28:54 +0000
Received: from canonical.com (2.general.smb.uk.vpn [10.172.193.29])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest
 SHA256) (No client certificate requested)
 by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id 4E372413BC
 for <kernel-team@lists.ubuntu.com>; Thu, 11 Jan 2024 10:28:53 +0000 (UTC)
From: Stefan Bader <stefan.bader@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 0/1][SRU M/N/U] Fix secure execution regression on s390x
Date: Thu, 11 Jan 2024 11:28:51 +0100
Message-Id: <20240111102852.61596-1-stefan.bader@canonical.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

== SRU Justification ==

Impact: To allow secure execution the S390X_UV_UAPI driver is a critical
requirement. For 22.04/Jammy LTS we backported the driver and enabled it
as built-in. It seems 22.10/Kinetic also had this enabled. But then in
later releases this option flipped back to 'n'.

Fix: Turn this back on (built-in) in the annotation file. Note, this
patch is made against Mantic. Noble and Unstable might need adjustments.

Test case (on a s390x instance):
#> cat /boot/config-$(uname -r) | grep UV_UAPI
CONFIG_S390X_UV_UAPI=y

Regression potential: If anything goes wrong, then likeliy within secure
execution bounds.

Stefan Bader (1):
  UBUNTU: [Config] Enable S390_UV_UAPI (built-in)

 debian.master/config/annotations | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
Acked-by: Andrea Righi <andrea.righi@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>