This bug was fixed in the package linux - 4.4.0-135.161
---------------
linux (4.4.0-135.161) xenial; urgency=medium
* linux: 4.4.0-135.161 -proposed tracker (LP: #1788766)
* [Regression] APM Merlin boards fail to recover link after interface down/up
(LP: #1785739)
- net: phylib: fix interrupts re-enablement in phy_start
- net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT
* qeth: don't clobber buffer on async TX completion (LP: #1786057)
- s390/qeth: don't clobber buffer on async TX completion
* nvme: avoid cqe corruption (LP: #1788035)
- nvme: avoid cqe corruption when update at the same time as read
* CacheFiles: Error: Overlong wait for old active object to go away.
(LP: #1776254)
- cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
- cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
* fscache cookie refcount updated incorrectly during fscache object allocation
(LP: #1776277) // fscache cookie refcount updated incorrectly during fscache
object allocation (LP: #1776277)
- fscache: Fix reference overput in fscache_attach_object() error handling
* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
- Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
- fscache: Allow cancelled operations to be enqueued
- cachefiles: Fix refcounting bug in backing-file read monitoring
* linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before
walinuxagent.service (LP: #1739107)
- [Debian] hyper-v -- Ensure that hv-kvp-daemon.service starts before
walinuxagent.service
-- Khalid Elmously <[email protected]> Sun, 26 Aug 2018
23:56:50 -0400
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1786057
Title:
qeth: don't clobber buffer on async TX completion
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Bionic:
Fix Released
Bug description:
== SRU Justification ==
IBM is requesting this commit for s390. This fixes a bug introduced by
mainline commit 0da9581ddb0f. The symptom of the bug is Failing transmissions
on af_iucv HiperTransport socket.
Xenial also needs this patch, but it required a backport, so it will be
SRU'd separately.
== Fix ==
ce28867fd20c ("s390/qeth: don't clobber buffer on async TX completion")
== Regression Potential ==
Low. Limited to s390.
== Test Case ==
A test kernel was built with this patch and tested by the original bug
reporter.
The bug reporter states the test kernel resolved the bug.
Description: qeth: don't clobber buffer on async TX completion
Symptom: Failing transmissions on af_iucv HiperTransport socket.
Problem: If qeth_qdio_output_handler() detects that a transmit
requires async completion, it replaces the pending buffer's
metadata object (qeth_qdio_out_buffer) so that this queue
buffer can be re-used while the data is pending completion.
Later when the CQ indicates async completion of such a
metadata object, qeth_qdio_cq_handler() tries to free any
data associated with this object (since HW has now completed
the transfer). By calling qeth_clear_output_buffer(), it
erronously operates on the queue buffer that _previously_
belonged to this transfer ... but which has been potentially
re-used several times by now. This results in double-free's
of the buffer's data, and failing transmits as the buffer
descriptor is scrubbed in mid-air.
Solution: First only scrub the queue buffer when it is prepared
for re-use, and later obtain the data addresses from
the async-completion notifier (ie. the AOB), instead
of the queue buffer.
Reproduction: Heavy multi-connection workload on an af_iucv
HiperTransport socket.
Upstream-ID: ce28867fd20c23cd769e78b4d619c4755bf71a1c
Kernel 4.18
Will be introduced with kernel 4.18 in Cosmic.
But should also be applied to Bionic and Xenial
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1786057/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
