This bug was fixed in the package linux - 4.15.0-163.171
---------------
linux (4.15.0-163.171) bionic; urgency=medium
* bionic/linux: 4.15.0-163.171 -proposed tracker (LP: #1949874)
* Packaging resync (LP: #1786013)
- [Packaging] update Ubuntu.md
- debian/dkms-versions -- update from kernel-versions (main/2021.11.08)
* Unable to build net/reuseport_bpf and other tests in ubuntu_kernel_selftests
on Bionic with make command (LP: #1949889)
- selftests: Fix loss of test output in run_kselftests.sh
- selftests: Makefile set KSFT_TAP_LEVEL to prevent nested TAP headers
- selftests: fix headers_install circular dependency
- selftests: fix bpf build/test workflow regression when KBUILD_OUTPUT is
set
- selftests: vm: Fix test build failure when built by itself
* KVM emulation failure when booting into VM crash kernel with multiple CPUs
(LP: #1948862)
- KVM: x86: Properly reset MMU context at vCPU RESET/INIT
* aufs: kernel bug with apparmor and fuseblk (LP: #1948470)
- SAUCE: aufs: bugfix, stop omitting path->mnt
* ebpf: bpf_redirect fails with ip6 gre interfaces (LP: #1947164)
- net: handle ARPHRD_IP6GRE in dev_is_mac_header_xmit()
* require CAP_NET_ADMIN to attach N_HCI ldisc (LP: #1949516)
- Bluetooth: hci_ldisc: require CAP_NET_ADMIN to attach N_HCI ldisc
* ACL updates on OCFS2 are not revalidated (LP: #1947161)
- ocfs2: fix remounting needed after setfacl command
* ppc64 BPF JIT mod by 1 will not return 0 (LP: #1948351)
- powerpc/bpf: Fix BPF_MOD when imm == 1
* Drop "UBUNTU: SAUCE: cachefiles: Page leaking in
cachefiles_read_backing_file while vmscan is active" (LP: #1947709)
- Revert "UBUNTU: SAUCE: cachefiles: Page leaking in
cachefiles_read_backing_file while vmscan is active"
- cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is
active
* Some test in ubuntu_bpf test_verifier failed on i386 Bionic kernel
(LP: #1788578)
- bpf: fix context access in tracing progs on 32 bit archs
* test_bpf.sh from ubuntu_kernel_selftests.net from linux ADT test failure
with linux/4.15.0-149.153 i386 (Segmentation fault) (LP: #1934414)
- selftests/bpf: make test_verifier run most programs
- bpf: add couple of test cases for div/mod by zero
- bpf: add further test cases around div/mod and others
* Bionic update: upstream stable patchset 2021-11-02 (LP: #1949512)
- usb: gadget: r8a66597: fix a loop in set_feature()
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
- cifs: fix incorrect check for null pointer in header_assemble
- xen/x86: fix PV trap handling on secondary processors
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
- staging: greybus: uart: fix tty use after free
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
- USB: serial: mos7840: remove duplicated 0xac24 device ID
- USB: serial: option: add Telit LN920 compositions
- USB: serial: option: remove duplicate USB device ID
- USB: serial: option: add device id for Foxconn T99W265
- mcb: fix error handling in mcb_alloc_bus()
- serial: mvebu-uart: fix driver's tx_empty callback
- net: hso: fix muxed tty registration
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
- net/mlx4_en: Don't allow aRFS for encapsulated packets
- scsi: iscsi: Adjust iface sysfs attr detection
- thermal/core: Potential buffer overflow in
thermal_build_list_of_policies()
- irqchip/gic-v3-its: Fix potential VPE leak on error
- md: fix a lock order reversal in md_alloc
- blktrace: Fix uaf in blk_trace access after removing by sysfs
- net: macb: fix use after free on rmmod
- net: stmmac: allow CSR clock of 300MHz
- m68k: Double cast io functions to unsigned long
- xen/balloon: use a kernel thread instead a workqueue
- compiler.h: Introduce absolute_pointer macro
- net: i825xx: Use absolute_pointer for memcpy from fixed memory location
- sparc: avoid stringop-overread errors
- qnx4: avoid stringop-overread errors
- parisc: Use absolute_pointer() to define PAGE0
- arm64: Mark __stack_chk_guard as __ro_after_init
- alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to
volatile
- net: 6pack: Fix tx timeout and slot time
- spi: Fix tegra20 build with CONFIG_PM=n
- arm64: dts: marvell: armada-37xx: Extend PCIe MEM space
- PCI: aardvark: Fix checking for PIO Non-posted Request
- PCI: aardvark: Fix checking for PIO status
- xen/balloon: fix balloon kthread freezing
- qnx4: work around gcc false positive warning bug
- tty: Fix out-of-bound vmalloc access in imageblit
- cpufreq: schedutil: Use kobject release() method to free sugov_tunables
- cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
- mac80211: fix use-after-free in CCMP/GCMP RX
- ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
- sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
- hwmon: (tmp421) fix rounding for negative values
- e100: fix length calculation in e100_get_regs_len
- e100: fix buffer overrun in e100_get_regs
- scsi: csiostor: Add module softdep on cxgb4
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
- ipack: ipoctal: fix stack information leak
- ipack: ipoctal: fix tty registration race
- ipack: ipoctal: fix tty-registration error handling
- ipack: ipoctal: fix missing allocation-failure check
- ipack: ipoctal: fix module reference leak
- ext4: fix potential infinite loop in ext4_dx_readdir()
- net: udp: annotate data race around udp_sk(sk)->corkflag
- EDAC/synopsys: Fix wrong value type assignment for edac_mode
- ARM: 9077/1: PLT: Move struct plt_entries definition to header
- ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link()
- ARM: 9079/1: ftrace: Add MODULE_PLTS support
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE
- arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55
- hso: fix bailout in error case of probe
- usb: hso: fix error handling code of hso_create_net_device
- usb: hso: remove the bailout parameter
- crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
- HID: betop: fix slab-out-of-bounds Write in betop_probe
- netfilter: ipset: Fix oversized kvmalloc() calls
- HID: usbhid: free raw_report buffers in usbhid_stop
- cred: allow get_cred() and put_cred() to be given NULL.
- gpio: uniphier: Fix void functions to remove return value
- tty: synclink_gt, drop unneeded forward declarations
- tty: synclink_gt: rename a conflicting function name
- drm/amd/display: Pass PCI deviceid into DC
- hwmon: (tmp421) Replace S_<PERMS> with octal values
- hwmon: (tmp421) report /PVLD condition as fault
* ACL updates on OCFS2 are not revalidated (LP: #1947161) // Bionic update:
upstream stable patchset 2021-11-02 (LP: #1949512)
- ocfs2: drop acl cache for directories too
-- Kleber Sacilotto de Souza <kleber.so...@canonical.com> Fri, 05 Nov
2021 12:22:08 +0100
** Changed in: linux (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** Changed in: linux (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1948862
Title:
KVM emulation failure when booting into VM crash kernel with multiple
CPUs
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Focal:
Fix Released
Bug description:
[Impact]
When kexec'ing into a crash kernel with ncpus > 1, VMs can raise a KVM
emulation failure. This will cause the VM to go into the "paused" state, and
prevents it from being restored without a full VM restart.
This happens only when there are multiple enabled CPUs in the crash
kernel command-line, regardless of whether `nr_cpus` or `maxcpus` is
being used. Due to the vCPU MMU state not being cleaned up correctly,
the secondary CPUs try to access virtual addresses with a faulty MMU
context that will result in the emulation failure. This shows up with
a similar spew as below:
$ sudo tail -n20 /var/log/libvirt/qemu/focal-vm.log
KVM internal error. Suberror: 1
emulation failure
EAX=0000de8f EBX=00000000 ECX=0000008f EDX=00000600
ESI=00000000 EDI=00000000 EBP=00000000 ESP=0000f90c
EIP=0000cdb1 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00009300
CS =f000 000f0000 0000ffff 00009b00
SS =de00 000de000 0000ffff 00009300
DS =de00 000de000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT= 00000000 0000ffff
IDT= 00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=290b8001 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000
DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000000
Code=66 83 c4 28 66 5b 66 c3 66 56 66 53 66 52 b1 8f 88 c8 e6 70 <e4> 71 66
0f b6 f0 66 89 f2 67 88 54 24 03 88 c8 e6 70 66 31 db 88 d8 e6 71 66 56 66 68 1a
[Test Plan]
1. Boot an Ubuntu guest VM with e.g. multipass:
$ multipass launch daily:focal -c8 -m16g -n focal-vm
2. Configure guest crash kernel command-line with `nr_cpus=8`:
ubuntu@focal-vm:~$ grep CMDLINE_APPEND /etc/default/kdump-tools
# KDUMP_CMDLINE_APPEND - Additional arguments to append to the command line
KDUMP_CMDLINE_APPEND="reset_devices systemd.unit=kdump-tools-dump.service
nr_cpus=8 irqpoll nousb ata_piix.prefer_ms_hyperv=0"
3. Crash guest VM and watch for the KVM emulation failure:
ubuntu@focal-vm:~$ echo c | sudo tee /proc/sysrq-trigger
[Where problems could occur]
As we're resetting MMU context on vCPUs, potential regressions would show up
in workloads relying on KVM guests. We should properly test the scenario
mentioned in the bug to make sure secondary CPUs are being cleaned up properly,
and that no other regressions have been introduced when rebooting or kexec'ing
into different kernels.
Since we're adding an MMU reset at kvm_vcpu_reset(), the overall regression
potential should be fairly low and contained to starting/resetting vCPUs (i.e.
VM start and reboot).
[Other info]
This has been fixed by upstream commit:
0aa1837533e5 KVM: x86: Properly reset MMU context at vCPU RESET/INIT
The commit above has been picked up by stable trees up until 5.11, so it's
only needed in Bionic and Focal (4.15 and 5.4 kernels). There are also two
follow up commits, which revert the vendor-specific resets:
5d2d7e41e3b8 KVM: SVM: Drop explicit MMU reset at RESET/INIT
61152cd907d5 KVM: VMX: Remove explicit MMU reset in enter_rmode()
These follow ups have not been picked up in stable trees due to the risk of
regressions. According to the original fix, they have been introduced
primarily to aid bisection in case there are workflows relying on the vendor
resets. As these are not required for the fix and don't conflict with the
backport, we should leave them out to prevent potential regressions in the
older kernels.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1948862/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
