This bug was fixed in the package linux - 4.15.0-39.42
---------------
linux (4.15.0-39.42) bionic; urgency=medium
* linux: 4.15.0-39.42 -proposed tracker (LP: #1799411)
* Linux: insufficient shootdown for paging-structure caches (LP: #1798897)
- mm: move tlb_table_flush to tlb_flush_mmu_free
- mm/tlb: Remove tlb_remove_table() non-concurrent condition
- mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE
- [Config] CONFIG_HAVE_RCU_TABLE_INVALIDATE=y
* Ubuntu18.04: GPU total memory is reduced (LP: #1792102)
- Revert "powerpc/powernv: Increase memory block size to 1GB on radix"
* arm64: snapdragon: reduce boot noise (LP: #1797154)
- [Config] arm64: snapdragon: DRM_MSM=m
- [Config] arm64: snapdragon: SND*=m
- [Config] arm64: snapdragon: disable ARM_SDE_INTERFACE
- [Config] arm64: snapdragon: disable DRM_I2C_ADV7511_CEC
- [Config] arm64: snapdragon: disable VIDEO_ADV7511, VIDEO_COBALT
* [Bionic] CPPC bug fixes (LP: #1796949)
- ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id
- cpufreq: CPPC: Don't set transition_latency
- ACPI / CPPC: Fix invalid PCC channel status errors
* regression in 'ip --family bridge neigh' since linux v4.12 (LP: #1796748)
- rtnetlink: fix rtnl_fdb_dump() for ndmsg header
* screen displays abnormally on the lenovo M715 with the AMD GPU (Radeon Vega
8 Mobile, rev ca, 1002:15dd) (LP: #1796786)
- drm/amd/display: Fix takover from VGA mode
- drm/amd/display: early return if not in vga mode in disable_vga
- drm/amd/display: Refine disable VGA
* arm64: snapdragon: WARNING: CPU: 0 PID: 1 arch/arm64/kernel/setup.c:271
reserve_memblock_reserved_regions (LP: #1797139)
- SAUCE: arm64: Fix /proc/iomem for reserved but not memory regions
* The front MIC can't work on the Lenovo M715 (LP: #1797292)
- ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
* Keyboard backlight sysfs sometimes is missing on Dell laptops (LP: #1797304)
- platform/x86: dell-smbios: Correct some style warnings
- platform/x86: dell-smbios: Rename dell-smbios source to dell-smbios-base
- platform/x86: dell-smbios: Link all dell-smbios-* modules together
- [Config] CONFIG_DELL_SMBIOS_SMM=y, CONFIG_DELL_SMBIOS_WMI=y
* rpi3b+: ethernet not working (LP: #1797406)
- lan78xx: Don't reset the interface on open
* 87cdf3148b11 was never backported to 4.15 (LP: #1795653)
- xfrm: Verify MAC header exists before overwriting eth_hdr(skb)->h_proto
* [Ubuntu18.04][Power9][DD2.2]package installation segfaults inside debian
chroot env in P9 KVM guest with HTM enabled (kvm) (LP: #1792501)
- KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
* Provide mode where all vCPUs on a core must be the same VM (LP: #1792957)
- KVM: PPC: Book3S HV: Provide mode where all vCPUs on a core must be the
same
VM
* fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
- SAUCE: fscache: Fix race in decrementing refcount of op->npages
* CVE-2018-9363
- Bluetooth: hidp: buffer overflow in hidp_process_report
* CVE-2017-13168
- scsi: sg: mitigate read/write abuse
* [Bionic] ACPI / PPTT: use ACPI ID whenever ACPI_PPTT_ACPI_PROCESSOR_ID_VALID
is set (LP: #1797200)
- ACPI / PPTT: use ACPI ID whenever ACPI_PPTT_ACPI_PROCESSOR_ID_VALID is set
* [Bionic] arm64: topology: Avoid checking numa mask for scheduler MC
selection (LP: #1797202)
- arm64: topology: Avoid checking numa mask for scheduler MC selection
* crypto/vmx - Backport of Fix sleep-in-atomic bugs patch for 18.04
(LP: #1790832)
- crypto: vmx - Fix sleep-in-atomic bugs
* hns3: autoneg settings get lost on down/up (LP: #1797654)
- net: hns3: Fix for information of phydev lost problem when down/up
* not able to unwind the stack from within __kernel_clock_gettime in the Linux
vDSO (LP: #1797963)
- powerpc/vdso: Correct call frame information
* Signal 7 error when running GPFS tracing in cluster (LP: #1792195)
- powerpc/mm/books3s: Add new pte bit to mark pte temporarily invalid.
- powerpc/mm/radix: Only need the Nest MMU workaround for R -> RW transition
* Support Edge Gateway's WIFI LED (LP: #1798330)
- SAUCE: mwifiex: Switch WiFi LED state according to the device status
* Support Edge Gateway's Bluetooth LED (LP: #1798332)
- SAUCE: Bluetooth: Support for LED on Edge Gateways
* USB cardreader (0bda:0328) make the system can't enter s3 or hang
(LP: #1798328)
- usb: Don't disable Latency tolerance Messaging (LTM) before port reset
* CVE-2018-15471
- xen-netback: fix input validation in xenvif_set_hash_mapping()
* CVE-2018-16658
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
* [Bionic] Update ThunderX2 implementation defined pmu core events
(LP: #1796904)
- perf vendor events arm64: Update ThunderX2 implementation defined pmu core
events
* the machine of lenovo M715 with the AMD GPU (Radeon Vega 8 Mobile, rev ca,
1002:15dd) often hangs randomly (LP: #1796789)
- drm/amd: Add missing fields in atom_integrated_system_info_v1_11
* [18.04] GLK hang after a while (LP: #1760545)
- drm/i915/glk: Add MODULE_FIRMWARE for Geminilake
* Fix usbcore.quirks when used at boot (LP: #1795784)
- usb: core: safely deal with the dynamic quirk lists
-- Kleber Sacilotto de Souza <kleber.so...@canonical.com> Tue, 23 Oct
2018 14:44:55 +0000
** Changed in: linux (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13168
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-15471
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16658
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-9363
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1792501
Title:
[Ubuntu18.04][Power9][DD2.2]package installation segfaults inside
debian chroot env in P9 KVM guest with HTM enabled (kvm)
Status in The Ubuntu-power-systems project:
Fix Committed
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Cosmic:
Fix Committed
Bug description:
== SRU Justification ==
IBM is requesting this commit in Bionic. It fixes a regression
introduced by upstream commit 4bb3c7a020.
Without this patch, package installation segfaults inside debian chroot
env in P9 KVM guest with HTM enabled.
The fix has already landed in Cosmic master-next.
== Fix ==
f14040bca892 ("KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM
workarounds")
== Regression Potential ==
Low. This commit fixes an existing regrssion and is specific to powerpc. It
has been cc'd to
upstream stable, so has had additional upstream review.
== Test Case ==
A test kernel was built with this patch and tested by the original bug
reporter.
The bug reporter states the test kernel resolved the bug.
== Comment: #0 - Satheesh Rajendran <sathe...@in.ibm.com> - 2018-09-11
04:10:09 ==
---Problem Description---
package installation segfaults inside debian chroot env in P9 KVM guest with
HTM enabled
---Additional Hardware Info---
FW with tm-suspend-mode enabled
#cd /sys/firmware/devicetree/base/ibm,opal/fw-features/
#ls -1 tm-suspend-mode
enabled
name
phandle
qemu-kvm 1:2.11+dfsg-1ubuntu7.4
Machine Type = Power9 DD2.2
---Steps to Reproduce---
1. Boot a P9 KVM guest Ubuntu 18.04 (with cap-htm=on, bydefault it is on)
tried with upstream kernel aswell(same results)
create tap device in host
# tunctl -t tap1 -u `whoami`;brctl addif virbr0 tap1;ifconfig tap1 up
#qemu-system-ppc64 -enable-kvm -M pseries -m 8192 -smp 4 -drive
file=/home/sath/ubuntu-18.04-ppc64le.qcow2,format=qcow2,if=none,id=drive-scsi0
-device virtio-scsi-pci,id=drive-scsi0 -device scsi-hd,drive=drive-scsi0
-serial mon:stdio -enable-kvm -vga none -nographic -kernel
/home/sath/vmlinux_4.19 -append root=/dev/sda2 rw console=tty0
console=ttyS0,115200 init=/sbin/init initcall_debug -netdev
tap,id=mynet1,ifname=tap1,script=no,downscript=no -device
virtio-net,netdev=mynet1,mac=52:55:00:d1:55:42
run dhclient inside guest.
2. # mkdir -p stretch
# debootstrap stretch /stretch http://httpredir.debian.org/debian
# chroot /stretch
/# apt-get update && apt-get install -y make gcc ruby python
...
[ 32.029474] random: crng init done
[ 32.029477] random: 7 urandom warning(s) missed due to ratelimiting
[ 500.300835] dpkg-deb[8704]: segfault (11) at c0000000000037fa nip
7fffac2d098c lr 7fffac2d08c4 code 1 in libc-2.24.so[7fffac170000+190000]
[ 500.300863] dpkg-deb[8704]: code: 48000028 eb090010 2eb80000 4096006c
419e0074 85270004 394a0001 794a0020
[ 500.300881] dpkg-deb[8704]: code: 71280001 408200a0 1d2a0018 7d2b4a14
<a1090006> 2ea80000 40960010 e9090008
---uname output---
4.15.0-34,4.19.0-rc3
---Debugger---
A debugger is not configured
Contact Information = sathe...@in.ibm.com
Userspace tool common name:
KVM Guest: Ubuntu GLIBC 2.27-3ubuntu1) stable release version 2.27,
Chroot inside KVM Guest: Debian GLIBC 2.24-11+deb9u3) stable release version
2.24
Userspace rpm:
KVM Guest: Ubuntu GLIBC 2.27-3ubuntu1) stable release version 2.27,
Chroot inside KVM Guest: Debian GLIBC 2.24-11+deb9u3) stable release version
2.24
The userspace tool has the following bit modes: both
Userspace tool obtained from project website: na
*Additional Instructions for sathe...@in.ibm.com:
-Post a private note with access information to the machine that the bug is
occuring on.
-Attach ltrace and strace of userspace application.
So latest update taken from https://github.ibm.com/powercloud/icp-
ppc64le/issues/470
was able to recreate segfault using TM test cases
/linux/tools/testing/selftests/powerpc/tm
# ./tm-vmxcopy
test: tm_vmxcopy
tags: git_version:v4.19-rc3-0-g11da3a7f84f1-dirty
!! child died by signal 11
failure: tm_vmxcopy
this particular test on being run gets a signal 11
[267132.434651] tm-vmxcopy[641]: unhandled signal 11 at 0000000000000001 nip
0000000104ba122c lr 0000000104ba11e4 code 30001
[267253.708795] tm-vmxcopy[7861]: unhandled signal 11 at 0000000000000001 nip
000000012a31122c lr 000000012a3111e4 code 30001
[267385.064533] tm-vmxcopy[13314]: unhandled signal 11 at 0000000000000001
nip 00000001235f122c lr 00000001235f11e4 code 30001
== Comment: #12 - Michael Neuling <michael.neul...@au1.ibm.com> - 2018-09-13
00:34:16 ==
Fixes r11 corruption.
== Comment: #14 - Satheesh Rajendran <sathe...@in.ibm.com> - 2018-09-13
03:15:46 ==
Tested with above patch on KVM host and reported issue is fixed.
# git log -1
commit 72664e47565f5de0a1fead1d9111c97b9b537713 (HEAD -> fix)
Author: Michael Neuling <mi...@neuling.org>
Date: Thu Sep 13 15:33:47 2018 +1000
KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM
workarounds
When we come into the softpatch handler (0x1500), we use r11 to store
the HSRR0 for later use by the denorm handler.
We also use the softpatch handler for the TM workarounds for
POWER9. Unfortunately, in kvmppc_interrupt_hv we later store r11 out
to the vcpu assuming it's still what we got from userspace.
This causes r11 to be corrupted in the VCPU and hence when we restore
the guest, we get a corrupted r11. We've seen this when running TM
tests inside guests on P9.
This fixes the problem by only touching r11 in the denorm case.
Fixes: 4bb3c7a020 ("KVM: PPC: Book3S HV: Work around transactional memory
bugs in POWER9")
Cc: <sta...@vger.kernel.org> # 4.17+
Test-by: Suraj Jitindar Singh <sjitindarsi...@gmail.com>
Reviewed-by: Paul Mackerras <pau...@ozlabs.org>
Signed-off-by: Michael Neuling <mi...@neuling.org>
Regards,
-Satheesh
http://patchwork.ozlabs.org/patch/969256/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1792501/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
