This bug was fixed in the package linux - 3.13.0-39.66

---------------
linux (3.13.0-39.66) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1386629

  [ Upstream Kernel Changes ]

  * KVM: x86: Check non-canonical addresses upon WRMSR
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Prevent host from panicking on shared MSR writes.
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Improve thread safety in pit
    - LP: #1384540
    - CVE-2014-3611
  * KVM: x86: Fix wrong masking on relative jump/call
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: Warn if guest virtual address space is not 48-bits
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: Emulator fixes for eip canonical checks on near branches
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: emulating descriptor load misses long-mode case
    - LP: #1384545
    - CVE-2014-3647
  * KVM: x86: Handle errors when RIP is set during far jumps
    - LP: #1384545
    - CVE-2014-3647
  * kvm: vmx: handle invvpid vm exit gracefully
    - LP: #1384544
    - CVE-2014-3646
  * Input: synaptics - gate forcepad support by DMI check
    - LP: #1381815

linux (3.13.0-38.65) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1379244

  [ Andy Whitcroft ]

  * Revert "SAUCE: scsi: hyper-v storsvc switch up to SPC-3"
    - LP: #1354397
  * [Config] linux-image-extra is additive to linux-image
    - LP: #1375310
  * [Config] linux-image-extra postrm is not needed on purge
    - LP: #1375310

  [ Upstream Kernel Changes ]

  * Revert "KVM: x86: Increase the number of fixed MTRR regs to 10"
    - LP: #1377564
  * Revert "USB: option,zte_ev: move most ZTE CDMA devices to zte_ev"
    - LP: #1377564
  * aufs: bugfix, stop calling security_mmap_file() again
    - LP: #1371316
  * ipvs: fix ipv6 hook registration for local replies
    - LP: #1349768
  * Drivers: add blist flags
    - LP: #1354397
  * sd: fix a bug in deriving the FLUSH_TIMEOUT from the basic I/O timeout
    - LP: #1354397
  * drm/i915/bdw: Add 42ms delay for IPS disable
    - LP: #1374389
  * drm/i915: add null render states for gen6, gen7 and gen8
    - LP: #1374389
  * drm/i915/bdw: 3D_CHICKEN3 has write mask bits
    - LP: #1374389
  * drm/i915/bdw: Disable idle DOP clock gating
    - LP: #1374389
  * drm/i915: call lpt_init_clock_gating on BDW too
    - LP: #1374389
  * drm/i915: shuffle panel code
    - LP: #1374389
  * drm/i915: extract backlight minimum brightness from VBT
    - LP: #1374389
  * drm/i915: respect the VBT minimum backlight brightness
    - LP: #1374389
  * drm/i915/bdw: Apply workarounds in render ring init function
    - LP: #1374389
  * drm/i915/bdw: Cleanup pre prod workarounds
    - LP: #1374389
  * drm/i915: Replace hardcoded cacheline size with macro
    - LP: #1374389
  * drm/i915: Refactor Broadwell PIPE_CONTROL emission into a helper.
    - LP: #1374389
  * drm/i915: Add the WaCsStallBeforeStateCacheInvalidate:bdw workaround.
    - LP: #1374389
  * drm/i915/bdw: Remove BDW preproduction W/As until C stepping.
    - LP: #1374389
  * mptfusion: enable no_write_same for vmware scsi disks
    - LP: #1371591
  * iommu/amd: Fix cleanup_domain for mass device removal
    - LP: #1375266
  * cifs: mask off top byte in get_rfc1002_length()
    - LP: #1372482
  * Input: synaptics - add support for ForcePads
    - LP: #1377564
  * ASoC: pxa-ssp: drop SNDRV_PCM_FMTBIT_S24_LE
    - LP: #1377564
  * drm/radeon: add bapm module parameter
    - LP: #1377564
  * drm/radeon: Add missing lines to ci_set_thermal_temperature_range
    - LP: #1377564
  * drm/radeon: Add ability to get and change dpm state when radeon PX card
    is turned off
    - LP: #1377564
  * ALSA: hda/realtek - Avoid setting wrong COEF on ALC269 & co
    - LP: #1377564
  * of/irq: Fix lookup to use 'interrupts-extended' property first
    - LP: #1377564
  * Possible null ptr deref in SMB2_tcon
    - LP: #1377564
  * CIFS: Fix SMB2 readdir error handling
    - LP: #1377564
  * CIFS: Fix wrong directory attributes after rename
    - LP: #1377564
  * md/raid6: avoid data corruption during recovery of double-degraded
    RAID6
    - LP: #1377564
  * ARM: dts: i.MX53: fix apparent bug in VPU clks
    - LP: #1377564
  * pata_scc: propagate return value of scc_wait_after_reset
    - LP: #1377564
  * libata: widen Crucial M550 blacklist matching
    - LP: #1377564
  * ALSA: hda - restore the gpio led after resume
    - LP: #1358116, #1377564
  * md/raid10: fix memory leak when reshaping a RAID10.
    - LP: #1377564
  * md/raid10: Fix memory leak when raid10 reshape completes.
    - LP: #1377564
  * MIPS: OCTEON: make get_system_type() thread-safe
    - LP: #1377564
  * can: c_can: checking IS_ERR() instead of NULL
    - LP: #1377564
  * HID: logitech: perform bounds checking on device_id early enough
    - LP: #1377564
  * firmware: Do not use WARN_ON(!spin_is_locked())
    - LP: #1377564
  * drm/radeon: add new KV pci id
    - LP: #1377564
  * drm/radeon: add new bonaire pci ids
    - LP: #1377564
  * drm/radeon: add additional SI pci ids
    - LP: #1377564
  * ibmveth: Fix endian issues with rx_no_buffer statistic
    - LP: #1377564
  * spi/omap-mcspi: Fix the spi task hangs waiting dma_rx
    - LP: #1377564
  * xtensa: replace IOCTL code definitions with constants
    - LP: #1377564
  * xtensa: fix address checks in dma_{alloc,free}_coherent
    - LP: #1377564
  * xtensa: fix access to THREAD_RA/THREAD_SP/THREAD_DS
    - LP: #1377564
  * xtensa: fix TLBTEMP_BASE_2 region handling in fast_second_level_miss
    - LP: #1377564
  * xtensa: fix a6 and a7 handling in fast_syscall_xtensa
    - LP: #1377564
  * staging: lustre: Remove circular dependency on header
    - LP: #1377564
  * USB: option: reduce interrupt-urb logging verbosity
    - LP: #1377564
  * USB: option: add VIA Telecom CDS7 chipset device id
    - LP: #1377564
  * USB: zte_ev: remove duplicate Gobi PID
    - LP: #1377564
  * USB: zte_ev: remove duplicate Qualcom PID
    - LP: #1377564
  * USB: ftdi_sio: add Basic Micro ATOM Nano USB2Serial PID
    - LP: #1377564
  * USB: serial: pl2303: add device id for ztek device
    - LP: #1377564
  * USB: ftdi_sio: Added PID for new ekey device
    - LP: #1377564
  * xhci: Treat not finding the event_seg on COMP_STOP the same as
    COMP_STOP_INVAL
    - LP: #1377564
  * usb: xhci: amd chipset also needs short TX quirk
    - LP: #1377564
  * xhci: rework cycle bit checking for new dequeue pointers
    - LP: #1377564
  * spi/pxa2xx: Add ACPI ID for Intel Braswell
    - LP: #1377564
  * ALSA: core: fix buffer overflow in snd_info_get_line()
    - LP: #1377564
  * HID: logitech-dj: prevent false errors to be shown
    - LP: #1377564
  * usb: ehci: using wIndex + 1 for hub port
    - LP: #1377564
  * staging/rtl8188eu: add 0df6:0076 Sitecom Europe B.V.
    - LP: #1377564
  * staging: r8188eu: Add new USB ID
    - LP: #1377564
  * mtd: nand: omap: Fix 1-bit Hamming code scheme, omap_calculate_ecc()
    - LP: #1377564
  * trace: Fix epoll hang when we race with new entries
    - LP: #1377564
  * cfq-iosched: Fix wrong children_weight calculation
    - LP: #1377564
  * USB: sisusb: add device id for Magic Control USB video
    - LP: #1377564
  * NFSv4: Fix problems with close in the presence of a delegation
    - LP: #1377564
  * usb: hub: Prevent hub autosuspend if usbcore.autosuspend is -1
    - LP: #1377564
  * ARM: 8128/1: abort: don't clear the exclusive monitors
    - LP: #1377564
  * ARM: 8129/1: errata: work around Cortex-A15 erratum 830321 using dummy
    strex
    - LP: #1377564
  * USB: serial: fix potential stack buffer overflow
    - LP: #1377564
  * USB: serial: fix potential heap buffer overflow
    - LP: #1377564
  * ext4: update i_disksize coherently with block allocation on error path
    - LP: #1377564
  * jbd2: fix infinite loop when recovering corrupt journal blocks
    - LP: #1377564
  * jbd2: fix descriptor block size handling errors with journal_csum
    - LP: #1377564
  * memblock, memhotplug: fix wrong type in memblock_find_in_range_node().
    - LP: #1377564
  * xattr: fix check for simultaneous glibc header inclusion
    - LP: #1377564
  * KVM: s390: Fix user triggerable bug in dead code
    - LP: #1377564
  * KVM: s390/mm: try a cow on read only pages for key ops
    - LP: #1377564
  * regmap: Fix regcache debugfs initialization
    - LP: #1377564
  * regmap: Fix handling of volatile registers for format_write() chips
    - LP: #1377564
  * ASoC: rt5640: Do not allow regmap to use bulk read-write operations
    - LP: #1377564
  * drm/i915: Remove bogus __init annotation from DMI callbacks
    - LP: #1377564
  * hwmon: (ds1621) Update zbits after conversion rate change
    - LP: #1377564
  * arm64: ptrace: fix compat hardware watchpoint reporting
    - LP: #1377564
  * ARM/ARM64: KVM: Nuke Hyp-mode tlbs before enabling MMU
    - LP: #1377564
  * arm/arm64: KVM: Complete WFI/WFE instructions
    - LP: #1377564
  * get rid of propagate_umount() mistakenly treating slaves as busy.
    - LP: #1377564
  * fix EBUSY on umount() from MNT_SHRINKABLE
    - LP: #1377564
  * regmap: Don't attempt block writes when syncing cache on single_rw
    devices
    - LP: #1377564
  * drm/vmwgfx: Fix a potential infinite spin waiting for fifo idle
    - LP: #1377564
  * ALSA: hda - Fix digital mic on Acer Aspire 3830TG
    - LP: #1377564
  * xfs: don't dirty buffers beyond EOF
    - LP: #1377564
  * xfs: don't zero partial page cache pages during O_DIRECT writes
    - LP: #1377564
  * xfs: don't zero partial page cache pages during O_DIRECT writes
    - LP: #1377564
  * ALSA: hda - Fix COEF setups for ALC1150 codec
    - LP: #1377564
  * i2c: rcar: fix MNR interrupt handling
    - LP: #1377564
  * i2c: mv64xxx: continue probe when clock-frequency is missing
    - LP: #1377564
  * i2c: at91: Fix a race condition during signal handling in
    at91_do_twi_xfer.
    - LP: #1377564
  * i2c: at91: add bound checking on SMBus block length bytes
    - LP: #1377564
  * aio: add missing smp_rmb() in read_events_ring
    - LP: #1377564
  * KEYS: Fix use-after-free in assoc_array_gc()
    - LP: #1377564
  * ACPI / cpuidle: fix deadlock between cpuidle_lock and cpu_hotplug.lock
    - LP: #1377564
  * USB: fix build error with CONFIG_PM_RUNTIME disabled
    - LP: #1377564
  * Linux 3.13.11.8
    - LP: #1377564
  * powerpc: Fix kdump hang issue on p8 with relocation on exception
    enabled.
    - LP: #1352056
  * net-gre-gro: Fix a bug that breaks the forwarding path
    - LP: #1377851
 -- Luis Henriques <luis.henriq...@canonical.com>   Tue, 28 Oct 2014 10:29:51 
+0000

** Changed in: linux (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3610

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3611

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3646

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3647

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1352056

Title:
  linux: kdump on Ubuntu 14.04 is not generating a dump.

Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux” source package in Trusty:
  Fix Released
Status in “linux” source package in Utopic:
  Fix Released

Bug description:
  SRU Justification:

  [Impact]
  Users of ppc64el hardware need the ability to use crashdumps to do kernel 
debugging.

  [Fix]
  Commit upstream and already in utopic:
  
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=429d2e8342954d337abe370d957e78291032d867

  [Test Case]
  Taken from:
  https://wiki.ubuntu.com/Kernel/CrashdumpRecipe
  https://help.ubuntu.com/14.04/serverguide/kernel-crash-dump.html

  1) apt-get install linux-crashdump
  2) increase crashdump size:
  sudo vim /etc/default/grub.d/kexec-tools.cfg
  set crashkernel=1024M
  sudo update-grub
  3) reboot the machine
  4) sudo sed -i 's/USE_KDUMP=0/USE_KDUMP=1/g' /etc/default/kdump-tools
  5) kdump-config show # should return no errors
  6) echo 'c' | sudo tee /proc/sysrq-trigger
  7) This should crash the machine and we should kexec into another kernel to 
dump the core, then on the next reboot we should see a crash in /var/crash/*

  --

  ---Problem Description---
  kdump is not producing a dump on powerKVM LE P8 Ubuntu 14.04

  ---uname output---
  3.13.0-30-generic

  ---Additional Hardware Info---
  Power8 LE configuration.

  ---Patches Installed---
  1324544 - kdump-config load fails with vmlinux kernel (vs. vmlinuz)

  Machine Type = 8247-22L

  ---Steps to Reproduce---
  Installed kdump-tools 1.5.5-2ubuntu1 and crash 7.0.3-3ubuntu3.
  Updated /etc/default/kdump-tools, first I updated just USE_KDUMP=1. Rebooted 
the node and see:
  root=UUID=87986483-5fec-4b4d-b22e-bf2a72096df8 ro quiet splash 
crashkernel=384M-:128M
  root@c656f2n02:~# cat /proc/sys/kernel/sysrq
  1
  root@c656f2n02:~# cat /proc/sys/kernel/sysrq
  1
  root@c656f2n02:~# ^Cnd /proc | grep sysrq
  root@c656f2n02:~# kdump-config status
  current state   : ready to kdump
  root@c656f2n02:~# kdump-config show
  USE_KDUMP:        1
  KDUMP_SYSCTL:     kernel.panic_on_oops=1
  KDUMP_COREDIR:    /var/crash
  crashkernel addr:
  current state:    ready to kdump

  kexec command:
    /sbin/kexec -p --args-linux 
--command-line="root=UUID=87986483-5fec-4b4d-b22e-bf2a72096df8 ro quiet splash  
irqpoll maxcpus=1 nousb" --initrd=/boot/initrd.img-3.13.0-30-generic 
/boot/vmlinux-3.13.0-30-generic

  root@c656f2n02:/boot/grub# cat /sys/kernel/kexec_crash_loaded
  1
  root@c656f2n02:/boot/grub# cat /sys/kernel/kexec_loaded
  0

  echo c > /proc/sysrq-trigger

  root@c656f2n02:/var/log# echo c > /proc/sysrq-trigger
  [ 1956.014243] SysRq : Trigger a crash
  [ 1956.014328] Unable to handle kernel paging request for data at address 
0x00000000
  [ 1956.014404] Faulting instruction address: 0xc000000000586c2c
  [ 1956.014468] Oops: Kernel access of bad area, sig: 11 [#1]
  [ 1956.014518] SMP NR_CPUS=2048 NUMA PowerNV
  [ 1956.014570] Modules linked in: ipt_MASQUERADE iptable_nat nf_nat_ipv4 
nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT 
xt_CHECKSUM iptable_mangle xt_tcpudp bridge stp llc ip6table_filter ip6_tables 
iptable_filter ip_tables ebtable_nat ebtables x_tables autofs4 rdma_ucm(OF) 
ib_ucm(OF) rdma_cm(OF) iw_cm(OF) ib_ipoib(OF) ib_cm(OF) ib_uverbs(OF) 
ib_umad(OF) mlx5_ib(OF) mlx5_core(OF) mlx4_ib(OF) ib_sa(OF) ib_mad(OF) 
ib_core(OF) ib_addr(OF) mlx4_en(OF) mlx4_core(OF) compat(OF) nfsd auth_rpcgss 
nfs_acl nfs lockd sunrpc fscache rtc_generic powernv_rng ses enclosure ipr
  [ 1956.015306] CPU: 146 PID: 2522 Comm: bash Tainted: GF          O 
3.13.0-30-generic #54-Ubuntu
  [ 1956.015394] task: c000003fcabda120 ti: c000003fcac58000 task.ti: 
c000003fcac58000
  [ 1956.015469] NIP: c000000000586c2c LR: c000000000587b8c CTR: 
c000000000586c00
  [ 1956.015543] REGS: c000003fcac5b820 TRAP: 0300   Tainted: GF          O  
(3.13.0-30-generic)
  [ 1956.015617] MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 42422822  
XER: 20000000
  [ 1956.015804] CFAR: c000000000009318 DAR: 0000000000000000 DSISR: 42000000 
SOFTE: 0
  GPR00: c000000000587b8c c000003fcac5baa0 c00000000162e840 0000000000000063
  GPR04: c000000002f45bd0 c000000002f564c8 0000000000015ad0 c000000001827480
  GPR08: c000000000dfe840 0000000000000000 0000000000000001 0000000000015ad0
  GPR12: 0000000042422822 c000000007e5ff00 000001002fe90648 000000001016e008
  GPR16: 000000001013ad70 000001002fe94648 000000001016fed0 000000001016e008
  GPR20: 00000000100c31e0 0000000000000000 0000000010171fc8 000000001016f840
  GPR24: 0000000000000004 0000000000000000 0000000000000001 c0000000014b7dc8
  GPR28: c000000001974c90 0000000000000063 c00000000148d9c0 c0000000014b8188
  [ 1956.016794] NIP [c000000000586c2c] .sysrq_handle_crash+0x2c/0x40
  [ 1956.016858] LR [c000000000587b8c] .__handle_sysrq+0xfc/0x260
  [ 1956.016920] Call Trace:
  [ 1956.016948] [c000003fcac5baa0] [0000000010172a34] 0x10172a34 (unreliable)
  [ 1956.017025] [c000003fcac5bb10] [c000000000587b8c] 
.__handle_sysrq+0xfc/0x260
  [ 1956.017101] [c000003fcac5bbd0] [c000000000588324] 
.write_sysrq_trigger+0x74/0x90
  [ 1956.017190] [c000003fcac5bc50] [c0000000002dff1c] 
.proc_reg_write+0xac/0x110
  [ 1956.017266] [c000003fcac5bcf0] [c000000000254c00] .vfs_write+0xe0/0x260
  [ 1956.017342] [c000003fcac5bd90] [c0000000002558f4] .SyS_write+0x64/0xe0
  [ 1956.017418] [c000003fcac5be30] [c00000000000a158] syscall_exit+0x0/0x98
  [ 1956.017492] Instruction dump:
  [ 1956.017530] 4bffffac 7c0802a6 f8010010 f821ff91 60000000 60000000 3d42001f 
392a8ca8
  [ 1956.017658] 39400001 91490000 7c0004ac 39200000 <99490000> 38210070 
e8010010 7c0803a6
  [ 1956.017894] ---[ end trace d163ff42366bde72 ]---
  [ 1956.017986]
  [ 1956.018042] Sending IPI to other CPUs
  [ 1956.019188] IPI complete
   -> smp_release_cpus()
  spinning_secondaries = 159
   <- smp_release_cpus()
   <- setup_system()
  The console stays remains at this message until I power cycle the cec. There 
is no /proc/vmcore on reboot.

  I recreated the hang on my victim node.
  Some CPUs are hitting the 4400's interrupt vector. I think this is due to the 
commit 429d2e834295 "powerpc: Fix kdump hang issue on p8 with relocation on 
exception enabled." from Mahesh but I need to double check that since it may 
not be only patch missing.

  Definitively, the patch I mentioned is fixing the hang.
  Here are the commit details :

  
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=429d2e8342954d337abe370d957e78291032d867

  powerpc: Fix kdump hang issue on p8 with relocation on exception
  enabled.

  On p8 systems, with relocation on exception feature enabled we are seeing
  kdump kernel hang at interrupt vector 0xc*4400. The reason is, with this
  feature enabled, exception are raised with MMU (IR=DR=1) ON with the
  default offset of 0xc*4000. Since exception is raised in virtual mode it
  requires the vector region to be executable without which it fails to
  fetch and execute instruction at 0xc*4xxx. For default kernel since kernel
  is loaded at real 0, the htab mappings sets the entire kernel text region
  executable. But for relocatable kernel (e.g. kdump case) we only copy
  interrupt vectors down to real 0 and never marked that region as
  executable because in p7 and below we always get exception in real mode.

  This patch fixes this issue by marking htab mapping range as executable
  that overlaps with the interrupt vector region for relocatable kernel.

  Thanks to Ben who helped me to debug this issue and find the root
  cause.

  Signed-off-by: Mahesh Salgaonkar <mah...@linux.vnet.ibm.com>
  Signed-off-by: Benjamin Herrenschmidt <b...@kernel.crashing.org>

  I think this bug should be mirrored to Ubuntu so they can include this
  patch in the 14.04 kernel, and may be also in the 14.10 kernel too.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1352056/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to