Bug#1024697: linux-image-5.10.0-19-cloud-amd64: Please backport fix for Bug #989040 : Missing CONFIG_AMD_MEM_ENCRYPT in kernel
Package: src:linux
Version: 5.10.149-2
Severity: important
X-Debbugs-Cc: lbouchard@scaleway.com
Dear Kernel team,
A fix for bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989040
is included in kernel 5.13 but still not available for the stable kernel.
Could you please backport the fix for that bug into the stable 5.10
kernel so it becomes available in a standard Debian Bullseye
installation. Without this fix, Debian Bullseye is unbootable in
a virtual machine which uses Secure Enhanced Virtualization (SEV).
The fix is the enablement of the CONFIG_AMD_MEM_ENCRYPT configuration
option.
Kind regards,
... Louis Bouchard
-- Package-specific info:
** Version:
Linux version 5.10.0-19-cloud-amd64 (debian-kernel@lists.debian.org)
(gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for
Debian) 2.35.2) #1 SMP Debian 5.10.149-2 (2022-10-21)
** Command line:
BOOT_IMAGE=/boot/vmlinuz-5.10.0-19-cloud-amd64
root=UUID=25db7b8b-fbf8-47bd-b3c6-21fcf4de5f22 ro console=tty0
console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0
** Not tainted
** Kernel log:
[ 1.808563] systemd[1]: Created slice system-systemd\x2dgrowfs.slice.
[ 1.810794] systemd[1]: Created slice User and Session Slice.
[ 1.812361] systemd[1]: Started Dispatch Password Requests to Console
Directory Watch.
[ 1.814189] systemd[1]: Started Forward Password Requests to Wall
Directory Watch.
[ 1.816108] systemd[1]: Set up automount Arbitrary Executable File
Formats File System Automount Point.
[ 1.818610] systemd[1]: Reached target Local Encrypted Volumes.
[ 1.820342] systemd[1]: Reached target Paths.
[ 1.821643] systemd[1]: Reached target Remote File Systems.
[ 1.823172] systemd[1]: Reached target Slices.
[ 1.824216] systemd[1]: Reached target Swap.
[ 1.825333] systemd[1]: Reached target System Time Set.
[ 1.826843] systemd[1]: Listening on Syslog Socket.
[ 1.827821] systemd[1]: Listening on fsck to fsckd communication Socket.
[ 1.829095] systemd[1]: Listening on initctl Compatibility Named Pipe.
[ 1.830420] systemd[1]: Listening on Journal Audit Socket.
[ 1.831536] systemd[1]: Listening on Journal Socket (/dev/log).
[ 1.832700] systemd[1]: Listening on Journal Socket.
[ 1.833727] systemd[1]: Listening on udev Control Socket.
[ 1.834743] systemd[1]: Listening on udev Kernel Socket.
[ 1.836088] systemd[1]: Mounting Huge Pages File System...
[ 1.837358] systemd[1]: Mounting POSIX Message Queue File System...
[ 1.838852] systemd[1]: Mounting Kernel Debug File System...
[ 1.840422] systemd[1]: Mounting Kernel Trace File System...
[ 1.841929] systemd[1]: Starting Create list of static device nodes
for the current kernel...
[ 1.843833] systemd[1]: Starting Load Kernel Module configfs...
[ 1.845439] systemd[1]: Starting Load Kernel Module drm...
[ 1.846871] systemd[1]: Starting Load Kernel Module fuse...
[ 1.848423] systemd[1]: Started Nameserver information manager.
[ 1.851234] systemd[1]: Condition check resulted in Set Up Additional
Binary Formats being skipped.
[ 1.852026] systemd[1]: Condition check resulted in File System Check
on Root Device being skipped.
[ 1.853998] systemd[1]: Starting Journal Service...
[ 1.856523] systemd[1]: Starting Load Kernel Modules...
[ 1.858154] systemd[1]: Starting Remount Root and Kernel File Systems...
[ 1.859700] fuse: init (API version 7.32)
[ 1.859981] systemd[1]: Starting Coldplug All udev Devices...
[ 1.862214] systemd[1]: Mounted Huge Pages File System.
[ 1.863194] systemd[1]: Mounted POSIX Message Queue File System.
[ 1.864151] systemd[1]: Mounted Kernel Debug File System.
[ 1.865057] systemd[1]: Mounted Kernel Trace File System.
[ 1.866053] systemd[1]: Finished Create list of static device nodes
for the current kernel.
[ 1.867461] systemd[1]: modprobe@configfs.service: Succeeded.
[ 1.868030] systemd[1]: Finished Load Kernel Module configfs.
[ 1.869046] systemd[1]: modprobe@drm.service: Succeeded.
[ 1.869620] systemd[1]: Finished Load Kernel Module drm.
[ 1.870609] systemd[1]: modprobe@fuse.service: Succeeded.
[ 1.871568] systemd[1]: Finished Load Kernel Module fuse.
[ 1.873149] systemd[1]: Finished Load Kernel Modules.
[ 1.875661] systemd[1]: Mounting FUSE Control File System...
[ 1.877313] systemd[1]: Mounting Kernel Configuration File System...
[ 1.879176] systemd[1]: Starting Apply Kernel Variables...
[ 1.880825] systemd[1]: Mounted FUSE Control File System.
[ 1.882063] systemd[1]: Mounted Kernel Configuration File System.
[ 1.895464] systemd[1]: Finished Apply Kernel Variables.
[ 1.897833] systemd[1]: Started Journal Service.
[ 1.904694] EXT4-fs (sda1): re-mounted. Opts: discard,errors=remount-ro
[ 1.917029] EXT4-fs (sda1): resizing filesystem from 491515 to
2408634 blocks
[ 1.920492] systemd-journald[286]: Received client request to flush
runtime journal.
[ 1.989419] EXT4-fs (sda1): resized filesystem to 2408634
[ 2.534060] input: Power Button as
/devices/LNXSYSTM:00/LNXPWRBN:00/input/input2
[ 2.535942] sd 2:0:0:0: Attached scsi generic sg0 type 0
[ 2.542829] pstore: Using crash dump compression: deflate
[ 2.547169] pstore: Registered efi as persistent store backend
[ 2.559075] ACPI: Power Button [PWRF]
[ 2.599082] cryptd: max_cpu_qlen set to 1000
[ 2.668065] AVX2 version of gcm_enc/dec engaged.
[ 2.668588] AES CTR mode by8 optimization enabled
[ 2.730245] audit: type=1400 audit(1669200189.712:2):
apparmor="STATUS" operation="profile_load" profile="unconfined"
name="lsb_release" pid=383 comm="apparmor_parser"
[ 2.736441] audit: type=1400 audit(1669200189.720:3):
apparmor="STATUS" operation="profile_load" profile="unconfined"
name="nvidia_modprobe" pid=384 comm="apparmor_parser"
[ 2.737794] audit: type=1400 audit(1669200189.720:4):
apparmor="STATUS" operation="profile_load" profile="unconfined"
name="nvidia_modprobe//kmod" pid=384 comm="apparmor_parser"
[ 2.771432] audit: type=1400 audit(1669200189.756:5):
apparmor="STATUS" operation="profile_load" profile="unconfined"
name="/usr/sbin/chronyd" pid=386 comm="apparmor_parser"
[ 2.791567] audit: type=1400 audit(1669200189.776:6):
apparmor="STATUS" operation="profile_load" profile="unconfined"
name="tcpdump" pid=387 comm="apparmor_parser"
[ 2.807938] audit: type=1400 audit(1669200189.792:7):
apparmor="STATUS" operation="profile_load" profile="unconfined"
name="/usr/bin/man" pid=385 comm="apparmor_parser"
[ 2.809442] audit: type=1400 audit(1669200189.792:8):
apparmor="STATUS" operation="profile_load" profile="unconfined"
name="man_filter" pid=385 comm="apparmor_parser"
[ 2.811103] audit: type=1400 audit(1669200189.792:9):
apparmor="STATUS" operation="profile_load" profile="unconfined"
name="man_groff" pid=385 comm="apparmor_parser"
[ 2.880354] unchecked MSR access error: RDMSR from 0xda0 at rIP:
0xffffffff83263774 (native_read_msr+0x4/0x40)
[ 2.881193] Call Trace:
[ 2.881421] kvm_arch_hardware_setup+0x474/0x490 [kvm]
[ 2.881869] ? __kmalloc_node+0x141/0x2b0
[ 2.882200] ? alloc_cpumask_var_node+0x1b/0x30
[ 2.882610] kvm_init+0x9d/0x2b0 [kvm]
[ 2.882929] ? svm_hardware_setup+0x4a7/0x4a7 [kvm_amd]
[ 2.883356] do_one_initcall+0x44/0x1d0
[ 2.883694] ? do_init_module+0x23/0x250
[ 2.884018] ? kmem_cache_alloc_trace+0xf5/0x200
[ 2.884413] do_init_module+0x4c/0x250
[ 2.884768] __do_sys_finit_module+0xb1/0x120
[ 2.885128] do_syscall_64+0x33/0x40
[ 2.885439] entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2.885871] RIP: 0033:0x7f431e06f2e9
[ 2.886186] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00
48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 77 8b 0d 00 f7 d8 64 89 01 48
[ 2.887751] RSP: 002b:00007ffcc6690018 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 2.888403] RAX: ffffffffffffffda RBX: 00005640fd794b50 RCX:
00007f431e06f2e9
[ 2.889017] RDX: 0000000000000000 RSI: 00007f431e20ce2d RDI:
0000000000000014
[ 2.889609] RBP: 0000000000020000 R08: 0000000000000000 R09:
00005640fd7e5b20
[ 2.890226] R10: 0000000000000014 R11: 0000000000000246 R12:
00007f431e20ce2d
[ 2.890848] R13: 0000000000000000 R14: 00005640fd7d1bc0 R15:
00005640fd794b50
[ 2.891461] kvm: Nested Virtualization enabled
[ 2.891847] SVM: kvm: Nested Paging enabled
[ 7.026250] device-mapper: uevent: version 1.0.3
[ 7.027077] device-mapper: ioctl: 4.43.0-ioctl (2020-10-01)
initialised: dm-devel@redhat.com
** Model information
sys_vendor: Scaleway
product_name: SCW-PRO2-S
product_version: pc-i440fx-focal
chassis_vendor: QEMU
chassis_version: pc-i440fx-focal
bios_vendor: EFI Development Kit II / OVMF
bios_version: 0.0.0
** Loaded modules:
dm_mod
kvm_amd
kvm
irqbypass
crct10dif_pclmul
crc32_pclmul
ghash_clmulni_intel
aesni_intel
nls_ascii
nls_cp437
crypto_simd
cryptd
vfat
glue_helper
fat
evdev
serio_raw
efi_pstore
sg
button
qemu_fw_cfg
fuse
configfs
efivarfs
ip_tables
x_tables
autofs4
sd_mod
virtio_net
net_failover
virtio_scsi
failover
ata_generic
ata_piix
libata
scsi_mod
virtio_pci
crc32c_intel
virtio_ring
virtio
** Network interface configuration:
*** /etc/network/interfaces:
source-directory /etc/network/interfaces.d
source-directory /run/network/interfaces.d
*** /etc/network/interfaces.d/50-cloud-init:
auto lo
iface lo inet loopback
auto ens2
iface ens2 inet dhcp
** Network status:
*** IP interfaces and addresses:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether de:3c:48:06:50:18 brd ff:ff:ff:ff:ff:ff
altname enp0s2
inet 10.200.54.47/31 brd 10.200.54.47 scope global dynamic ens2
valid_lft 85894sec preferred_lft 85894sec
inet6 fe80::dc3c:48ff:fe06:5018/64 scope link
valid_lft forever preferred_lft forever
*** Device statistics:
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed
lo: 1020 12 0 0 0 0 0 0
1020 12 0 0 0 0 0 0
ens2: 1346827 1936 0 0 0 0 0 0
276727 1504 0 0 0 0 0 0
*** Protocol statistics:
Ip:
Forwarding: 2
1906 total packets received
0 forwarded
0 incoming packets discarded
1906 incoming packets delivered
1471 requests sent out
Icmp:
3 ICMP messages received
0 input ICMP message failed
ICMP input histogram:
destination unreachable: 3
10 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 10
IcmpMsg:
InType3: 3
OutType3: 10
Tcp:
27 active connection openings
2 passive connection openings
0 failed connection attempts
0 connection resets received
1 connections established
1773 segments received
1375 segments sent out
11 segments retransmitted
0 bad segments received
178 resets sent
Udp:
122 packets received
10 packets to unknown port received
0 packet receive errors
117 packets sent
0 receive buffer errors
0 send buffer errors
UdpLite:
TcpExt:
6 TCP sockets finished time wait in fast timer
7 delayed acks sent
Quick ack mode was activated 1 times
469 packet headers predicted
121 acknowledgments not containing data payload received
708 predicted acknowledgments
TCPSackRecovery: 1
1 fast retransmits
TCPTimeouts: 6
TCPLossProbes: 5
TCPBacklogCoalesce: 1
TCPDSACKOldSent: 1
TCPDSACKRecv: 5
11 connections reset due to unexpected data
TCPSackShiftFallback: 1
TCPRcvCoalesce: 37
TCPOFOQueue: 1
TCPAutoCorking: 104
TCPSynRetrans: 5
TCPOrigDataSent: 897
TCPDelivered: 929
TCPDSACKRecvSegs: 5
IpExt:
InBcastPkts: 6
InOctets: 1318751
OutOctets: 252623
InBcastOctets: 1992
InNoECTPkts: 1920
InECT1Pkts: 2
** PCI devices:
00:00.0 Host bridge [0600]: Intel Corporation 440FX - 82441FX PMC
[Natoma] [8086:1237] (rev 02)
Subsystem: Red Hat, Inc. Qemu virtual machine [1af4:1100]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort-
<MAbort- >SERR- <PERR- INTx-
Latency: 0
00:01.0 ISA bridge [0601]: Intel Corporation 82371SB PIIX3 ISA
[Natoma/Triton II] [8086:7000]
Subsystem: Red Hat, Inc. Qemu virtual machine [1af4:1100]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
00:01.1 IDE interface [0101]: Intel Corporation 82371SB PIIX3 IDE
[Natoma/Triton II] [8086:7010] (prog-if 80 [ISA Compatibility mode-only
controller, supports bus mastering])
Subsystem: Red Hat, Inc. Qemu virtual machine [1af4:1100]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Region 0: Memory at 000001f0 (32-bit, non-prefetchable) [virtual] [size=8]
Region 1: Memory at 000003f0 (type 3, non-prefetchable) [virtual]
Region 2: Memory at 00000170 (32-bit, non-prefetchable) [virtual] [size=8]
Region 3: Memory at 00000370 (type 3, non-prefetchable) [virtual]
Region 4: I/O ports at c060 [virtual] [size=16]
Kernel driver in use: ata_piix
Kernel modules: ata_piix, ata_generic
00:01.3 Bridge [0680]: Intel Corporation 82371AB/EB/MB PIIX4 ACPI
[8086:7113] (rev 03)
Subsystem: Red Hat, Inc. Qemu virtual machine [1af4:1100]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 9
00:02.0 Ethernet controller [0200]: Red Hat, Inc. Virtio network device
[1af4:1000]
Subsystem: Red Hat, Inc. Virtio network device [1af4:0001]
Physical Slot: 2
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort-
<MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 11
Region 0: I/O ports at c040 [size=32]
Region 1: Memory at c0001000 (32-bit, non-prefetchable) [size=4K]
Region 4: Memory at 1000000000 (64-bit, prefetchable) [size=16K]
Expansion ROM at c0080000 [disabled] [size=512K]
Capabilities: <access denied>
Kernel driver in use: virtio-pci
Kernel modules: virtio_pci
00:03.0 SCSI storage controller [0100]: Red Hat, Inc. Virtio SCSI
[1af4:1004]
Subsystem: Red Hat, Inc. Virtio SCSI [1af4:0008]
Physical Slot: 3
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort-
<MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 10
Region 0: I/O ports at c000 [size=64]
Region 1: Memory at c0000000 (32-bit, non-prefetchable) [size=4K]
Region 4: Memory at 1000004000 (64-bit, prefetchable) [size=16K]
Capabilities: <access denied>
Kernel driver in use: virtio-pci
Kernel modules: virtio_pci
** USB devices:
not available
-- System Information:
Debian Release: 11.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-19-cloud-amd64 (SMP w/8 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages linux-image-5.10.0-19-cloud-amd64 depends on:
ii initramfs-tools [linux-initramfs-tool] 0.140
ii kmod 28-1
ii linux-base 4.6
Versions of packages linux-image-5.10.0-19-cloud-amd64 recommends:
ii apparmor 2.13.6-10
pn firmware-linux-free <none>
Versions of packages linux-image-5.10.0-19-cloud-amd64 suggests:
pn debian-kernel-handbook <none>
pn grub-pc | grub-efi-amd64 | extlinux <none>
pn linux-doc-5.10 <none>
Versions of packages linux-image-5.10.0-19-cloud-amd64 is related to:
pn firmware-amd-graphics <none>
pn firmware-atheros <none>
pn firmware-bnx2 <none>
pn firmware-bnx2x <none>
pn firmware-brcm80211 <none>
pn firmware-cavium <none>
pn firmware-intel-sound <none>
pn firmware-intelwimax <none>
pn firmware-ipw2x00 <none>
pn firmware-ivtv <none>
pn firmware-iwlwifi <none>
pn firmware-libertas <none>
pn firmware-linux-nonfree <none>
pn firmware-misc-nonfree <none>
pn firmware-myricom <none>
pn firmware-netxen <none>
pn firmware-qlogic <none>
pn firmware-realtek <none>
pn firmware-samsung <none>
pn firmware-siano <none>
pn firmware-ti-connectivity <none>
pn xen-hypervisor <none>
-- no debconf information
Reply to: