← Back to team overview

kernel-packages team mailing list archive

  1. kernel-packages team
  2. Mailing list archive
  3. Message #151836

[Bug 1508593] Re: [Hyper-V] x86/ioapic: Disable interrupts when re-routing legacy IRQs

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package linux - 4.2.0-21.25

---------------
linux (4.2.0-21.25) wily; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1522108

  [ Upstream Kernel Changes ]

  * staging/dgnc: fix info leak in ioctl
    - LP: #1509565
    - CVE-2015-7885
  * [media] media/vivid-osd: fix info leak in ioctl
    - LP: #1509564
    - CVE-2015-7884
  * KEYS: Fix race between key destruction and finding a keyring by name
    - LP: #1508856
    - CVE-2015-7872
  * KEYS: Fix crash when attempt to garbage collect an uninstantiated
    keyring
    - LP: #1508856
    - CVE-2015-7872
  * KEYS: Don't permit request_key() to construct a new keyring
    - LP: #1508856
    - CVE-2015-7872
  * isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
    - LP: #1508329
    - CVE-2015-7799
  * ppp, slip: Validate VJ compression slot parameters completely
    - LP: #1508329
    - CVE-2015-7799

linux (4.2.0-20.24) wily; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1521753

  [ Andy Whitcroft ]

  * [Tests] gcc-multilib does not exist on ppc64el
    - LP: #1515541

  [ Joseph Salisbury ]

  * SAUCE: scsi_sysfs: protect against double execution of
    __scsi_remove_device()
    - LP: #1509029

  [ Manoj Kumar ]

  * SAUCE: (noup) cxlflash: Fix to escalate LINK_RESET also on port 1
    - LP: #1513583

  [ Matthew R. Ochs ]

  * SAUCE: (noup) cxlflash: Fix to avoid virtual LUN failover failure
    - LP: #1513583

  [ Oren Givon ]

  * SAUCE: (noup) iwlwifi: Add new PCI IDs for the 8260 series
    - LP: #1517375

  [ Seth Forshee ]

  * [Config] CONFIG_DRM_AMDGPU_CIK=n
    - LP: #1510405

  [ Upstream Kernel Changes ]

  * net/mlx5e: Disable VLAN filter in promiscuous mode
    - LP: #1514861
  * drivers: net: xgene: fix RGMII 10/100Mb mode
    - LP: #1433290
  * HID: rmi: Disable scanning if the device is not a wake source
    - LP: #1515503
  * HID: rmi: Set F01 interrupt enable register when not set
    - LP: #1515503
  * net/mlx5e: Ethtool link speed setting fixes
    - LP: #1517919
  * scsi_scan: don't dump trace when scsi_prep_async_scan() is called twice
    - LP: #1517942
  * x86/ioapic: Disable interrupts when re-routing legacy IRQs
    - LP: #1508593
  * xhci: Workaround to get Intel xHCI reset working more reliably
  * megaraid_sas: Do not use PAGE_SIZE for max_sectors
    - LP: #1475166
  * net: usb: cdc_ether: add Dell DW5580 as a mobile broadband adapter
    - LP: #1513847
  * KVM: svm: unconditionally intercept #DB
    - LP: #1520184
    - CVE-2015-8104

 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>  Wed, 02 Dec 2015
17:30:58 +0000

** Changed in: linux (Ubuntu Wily)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7799

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7872

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7884

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7885

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8104

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1508593

Title:
  [Hyper-V] x86/ioapic: Disable interrupts when re-routing legacy IRQs

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Trusty:
  In Progress
Status in linux source package in Vivid:
  In Progress
Status in linux source package in Wily:
  Fix Released

Bug description:
  A sporadic hang with consequent crash is observed when booting Hyper-V
  Gen1 guests...

  Sauce request for upstream submission:

  https://lkml.org/lkml/2015/10/15/673

  From Vitaly Kuznetsov <> 
  Subject [PATCH] x86/ioapic: Disable interrupts when re-routing legacy IRQs 
  Date Thu, 15 Oct 2015 19:42:23 +0200 

  A sporadic hang with consequent crash is observed when booting Hyper-V Gen1
  guests:

   Call Trace:
    <IRQ>
    [<ffffffff810ab68d>] ? trace_hardirqs_off+0xd/0x10
    [<ffffffff8107b616>] queue_work_on+0x46/0x90
    [<ffffffff81365696>] ? add_interrupt_randomness+0x176/0x1d0
    ...
    <EOI>
    [<ffffffff81471ddb>] ? _raw_spin_unlock_irqrestore+0x3b/0x60
    [<ffffffff810c295e>] __irq_put_desc_unlock+0x1e/0x40
    [<ffffffff810c5c35>] irq_modify_status+0xb5/0xd0
    [<ffffffff8104adbb>] mp_register_handler+0x4b/0x70
    [<ffffffff8104c55a>] mp_irqdomain_alloc+0x1ea/0x2a0
    [<ffffffff810c7f10>] irq_domain_alloc_irqs_recursive+0x40/0xa0
    [<ffffffff810c860c>] __irq_domain_alloc_irqs+0x13c/0x2b0
    [<ffffffff8104b070>] alloc_isa_irq_from_domain.isra.1+0xc0/0xe0
    [<ffffffff8104bfa5>] mp_map_pin_to_irq+0x165/0x2d0
    [<ffffffff8104c157>] pin_2_irq+0x47/0x80
    [<ffffffff81744253>] setup_IO_APIC+0xfe/0x802
    ...
    [<ffffffff814631c0>] ? rest_init+0x140/0x140
  The issue is easily reproducible with a simple instrumentation: if
  mdelay(10) is put between mp_setup_entry() and mp_register_handler() calls
  in mp_irqdomain_alloc() Hyper-V guest always fails to boot when re-routing
  IRQ0. The issue seems to be caused by the fact that we don't disable
  interrupts while doing IOPIC programming for legacy IRQs and IRQ0 actually
  happens. Decorate manipulations with legacy IRQs with local_irq_save()/
  local_irq_restore().

  Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
  Cc: Ingo Molnar <mingo@xxxxxxxxxx>
  Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
  Cc: Jiang Liu <jiang.liu@xxxxxxxxxxxxxxx>
  Cc: Yinghai Lu <yinghai@xxxxxxxxxx>
  Cc: K. Y. Srinivasan <kys@xxxxxxxxxxxxx>
  Signed-off-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
  ---
  It may make sense to have interrupts disabled for non-legacy IRQs as well
  but I'm unaware of any bugs with them at this moment.
  ---
   arch/x86/kernel/apic/io_apic.c | 8 +++++++-
   1 file changed, 7 insertions(+), 1 deletion(-)
  diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
  index 5c60bb1..9aac777 100644
  --- a/arch/x86/kernel/apic/io_apic.c
  +++ b/arch/x86/kernel/apic/io_apic.c
  @@ -2907,6 +2907,7 @@ int mp_irqdomain_alloc(struct irq_domain *domain, unsigned int virq,
   	struct irq_data *irq_data;
   	struct mp_chip_data *data;
   	struct irq_alloc_info *info = arg;
  +	unsigned long flags = 0;
   
   	if (!info || nr_irqs > 1)
   		return -EINVAL;
  @@ -2939,11 +2940,16 @@ int mp_irqdomain_alloc(struct irq_domain *domain, unsigned int virq,
   
   	cfg = irqd_cfg(irq_data);
   	add_pin_to_irq_node(data, ioapic_alloc_attr_node(info), ioapic, pin);
  +
  +	if (virq < nr_legacy_irqs())
  +		local_irq_save(flags);
   	if (info->ioapic_entry)
   		mp_setup_entry(cfg, data, info->ioapic_entry);
   	mp_register_handler(virq, data->trigger);
  -	if (virq < nr_legacy_irqs())
  +	if (virq < nr_legacy_irqs()) {
   		legacy_pic->mask(virq);
  +		local_irq_restore(flags);
  +	}
   
   	apic_printk(APIC_VERBOSE, KERN_DEBUG
   		    "IOAPIC[%d]: Set routing entry (%d-%d -> 0x%x -> IRQ %d Mode:%i Active:%i Dest:%d)\n",
  -- 
  2.4.3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1508593/+subscriptions
  Thread PreviousDate PreviousThread Next