← Back to team overview

kernel-packages team mailing list archive

[Bug 1379340] Re: qemu-kvm guest panic for AMD smp trusty guests

 

This bug was fixed in the package linux - 3.13.0-44.73

---------------
linux (3.13.0-44.73) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1402872

  [ AceLan Kao ]

  * SAUCE: Add use_native_backlight quirk for HP ProBook 6570b
    - LP: #1359010

  [ Andy Whitcroft ]

  * Revert "SAUCE: (no-up) arm64: optimized copy_to_user and copy_from_user
    assembly code"
    - LP: #1398596
  * [Config] updateconfigs to balance CONFIG_SCOM_DEBUGFS

  [ Upstream Kernel Changes ]

  * iwlwifi: mvm: fix merge damage
    - LP: #1393317
  * iwlwifi: remove IWL_UCODE_TLV_FLAGS_SCHED_SCAN flag
    - LP: #1393317
  * iwlwifi: mvm: disable scheduled scan to prevent firmware crash
    - LP: #1393317
  * iwlwifi: mvm: enable scheduled scan on newest firmware
    - LP: #1393317
  * x86: kvm: use alternatives for VMCALL vs. VMMCALL if kernel text is
    read-only
    - LP: #1379340
  * phylib: introduce PHY_INTERFACE_MODE_XGMII for 10G PHY
    - LP: #1381084
  * of: make of_get_phy_mode parse 'phy-connection-type'
    - LP: #1381084
  * xen-netfront: Remove BUGs on paged skb data which crosses a page
    boundary
    - LP: #1275879
  * ACPI / blacklist: blacklist Win8 OSI for Dell Vostro 3546
    - LP: #1383589
  * powerpc/pseries: Fix endiannes issue in RTAS call from xmon
    - LP: #1396235
  * mmc: sdhci-pci-o2micro: Fix Dell E5440 issue
    - LP: #1346067
  * mfd: rtsx: Fix PM suspend for 5227 & 5249
    - LP: #1359052
  * drivers:scsi:storvsc: Fix a bug in handling ring buffer failures that
    may result in I/O freeze
    - LP: #1400289
  * arm64: optimized copy_to_user and copy_from_user assembly code
    - LP: #1400349
  * net:socket: set msg_namelen to 0 if msg_name is passed as NULL in
    msghdr struct from userland.
    - LP: #1335478
  * drm/radeon: initialize sadb to NULL in the audio code
    - LP: #1402714
  * powerpc/vphn: NUMA node code expects big-endian
    - LP: #1401150
  * ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect
    - LP: #1402853
  * ALSA: hda - Add mute LED pin quirk for HP 15 touchsmart
    - LP: #1334950, #1402853
  * rcu: Make callers awaken grace-period kthread
    - LP: #1402853
  * rcu: Use rcu_gp_kthread_wake() to wake up grace period kthreads
    - LP: #1402853
  * net: sctp: fix NULL pointer dereference in af->from_addr_param on
    malformed packet
    - LP: #1402853
  * KVM: x86: Don't report guest userspace emulation error to userspace
    - LP: #1402853
  * [media] ttusb-dec: buffer overflow in ioctl
    - LP: #1402853
  * arm64: __clear_user: handle exceptions on strb
    - LP: #1402853
  * ARM: pxa: fix hang on startup with DEBUG_LL
    - LP: #1402853
  * samsung-laptop: Add broken-acpi-video quirk for NC210/NC110
    - LP: #1402853
  * acer-wmi: Add Aspire 5741 to video_vendor_dmi_table
    - LP: #1402853
  * acer-wmi: Add acpi_backlight=video quirk for the Acer KAV80
    - LP: #1402853
  * rbd: Fix error recovery in rbd_obj_read_sync()
    - LP: #1402853
  * [media] ds3000: fix LNB supply voltage on Tevii S480 on initialization
    - LP: #1402853
  * powerpc: do_notify_resume can be called with bad thread_info flags
    argument
    - LP: #1402853
  * USB: kobil_sct: fix non-atomic allocation in write path
    - LP: #1402853
  * USB: opticon: fix non-atomic allocation in write path
    - LP: #1402853
  * regulator: max77693: Fix use of uninitialized regulator config
    - LP: #1402853
  * USB: cdc-acm: add device id for GW Instek AFG-2225
    - LP: #1402853
  * usb: Do not allow usb_alloc_streams on unconfigured devices
    - LP: #1402853
  * usb-storage: handle a skipped data phase
    - LP: #1402853
  * xhci: Switch only Intel Lynx Point-LP ports to EHCI on shutdown.
    - LP: #1402853
  * xhci: no switching back on non-ULT Haswell
    - LP: #1402853
  * of: Fix overflow bug in string property parsing functions
    - LP: #1402853
  * spi: fsl-dspi: Fix CTAR selection
    - LP: #1402853
  * Btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup
    - LP: #1402853
  * staging:iio:ade7758: Fix NULL pointer deref when enabling buffer
    - LP: #1402853
  * staging:iio:ade7758: Fix check if channels are enabled in prenable
    - LP: #1402853
  * staging:iio:ade7758: Remove "raw" from channel name
    - LP: #1402853
  * USB: cdc-acm: only raise DTR on transitions from B0
    - LP: #1402853
  * serial: Fix divide-by-zero fault in uart_get_divisor()
    - LP: #1402853
  * tty: Fix high cpu load if tty is unreleaseable
    - LP: #1402853
  * tty: Prevent "read/write wait queue active!" log flooding
    - LP: #1402853
  * tty/vt: don't set font mappings on vc not supporting this
    - LP: #1402853
  * spi: pxa2xx: toggle clocks on suspend if not disabled by runtime PM
    - LP: #1402853
  * sysfs: driver core: Fix glue dir race condition by gdp_mutex
    - LP: #1402853
  * i2c: at91: don't account as iowait
    - LP: #1402853
  * nfsd: don't try to reuse an expired DRC entry off the list
    - LP: #1402853
  * nfsd: don't halt scanning the DRC LRU list when there's an RC_INPROG
    entry
    - LP: #1402853
  * dm bufio: change __GFP_IO to __GFP_FS in shrinker callbacks
    - LP: #1402853
  * xtensa: re-wire umount syscall to sys_oldumount
    - LP: #1402853
  * dm raid: ensure superblock's size matches device's logical block size
    - LP: #1402853
  * ahci: disable MSI instead of NCQ on Samsung pci-e SSDs on macbooks
    - LP: #1402853
  * ahci: Add Device IDs for Intel Sunrise Point PCH
    - LP: #1402853
  * power: charger-manager: Fix accessing invalidated power supply after
    charger unbind
    - LP: #1402853
  * mac80211: use secondary channel offset IE also beacons during CSA
    - LP: #1402853
  * mac80211: schedule the actual switch of the station before CSA count 0
    - LP: #1402853
  * mac80211: properly flush delayed scan work on interface removal
    - LP: #1402853
  * mac80211: fix use-after-free in defragmentation
    - LP: #1402853
  * tun: Fix csum_start with VLAN acceleration
    - LP: #1402853
  * macvtap: Fix csum_start when VLAN tags are present
    - LP: #1402853
  * dm thin: grab a virtual cell before looking up the mapping
    - LP: #1402853
  * KVM: x86: Fix uninitialized op->type for some immediate values
    - LP: #1402853
  * crypto: caam - fix missing dma unmap on error path
    - LP: #1402853
  * hwrng: pseries - port to new read API and fix stack corruption
    - LP: #1402853
  * drm/radeon: set correct CE ram size for CIK
    - LP: #1402853
  * drm/radeon: make sure mode init is complete in bandwidth_update
    - LP: #1402853
  * drm/radeon: use gart for DMA IB tests
    - LP: #1402853
  * drm/radeon: add missing crtc unlock when setting up the MC
    - LP: #1402853
  * ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH
    - LP: #1402853
  * ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP
    - LP: #1402853
  * Input: alps - ignore potential bare packets when device is out of sync
    - LP: #1402853
  * Input: alps - allow up to 2 invalid packets without resetting device
    - LP: #1402853
  * scsi: only re-lock door after EH on devices that were reset
    - LP: #1402853
  * dm btree: fix a recursion depth bug in btree walking code
    - LP: #1402853
  * parisc: Use compat layer for msgctl, shmat, shmctl and semtimedop
    syscalls
    - LP: #1402853
  * ALSA: usb-audio: Fix memory leak in FTU quirk
    - LP: #1402853
  * audit: keep inode pinned
    - LP: #1402853
  * nfs: fix pnfs direct write memory leak
    - LP: #1402853
  * nfs: Fix use of uninitialized variable in nfs_getattr()
    - LP: #1402853
  * NFSv4: Ensure that we remove NFSv4.0 delegations when state has expired
    - LP: #1402853
  * NFSv4.1: nfs41_clear_delegation_stateid shouldn't trust
    NFS_DELEGATED_STATE
    - LP: #1402853
  * NFSv4: Fix races between nfs_remove_bad_delegation() and delegation
    return
    - LP: #1402853
  * NFSv4: Ensure that we call FREE_STATEID when NFSv4.x stateids are
    revoked
    - LP: #1402853
  * NFS: Don't try to reclaim delegation open state if recovery failed
    - LP: #1402853
  * libceph: do not crash on large auth tickets
    - LP: #1402853
  * ARM: 8191/1: decompressor: ensure I-side picks up relocated code
    - LP: #1402853
  * ARM: 8198/1: make kuser helpers depend on MMU
    - LP: #1402853
  * zram: avoid kunmap_atomic() of a NULL pointer
    - LP: #1402853
  * Input: alps - ignore bad data on Dell Latitudes E6440 and E7440
    - LP: #1402853
  * firewire: cdev: prevent kernel stack leaking into ioctl arguments
    - LP: #1402853
  * md: Always set RECOVERY_NEEDED when clearing RECOVERY_FROZEN
    - LP: #1402853
  * nfs: Don't busy-wait on SIGKILL in __nfs_iocounter_wait
    - LP: #1402853
  * target: Don't call TFO->write_pending if data_length == 0
    - LP: #1402853
  * vhost-scsi: Take configfs group dependency during
    VHOST_SCSI_SET_ENDPOINT
    - LP: #1402853
  * srp-target: Retry when QP creation fails with ENOMEM
    - LP: #1402853
  * ASoC: fsi: remove unsupported PAUSE flag
    - LP: #1402853
  * ASoC: rsnd: remove unsupported PAUSE flag
    - LP: #1402853
  * ib_isert: Add max_send_sge=2 minimum for control PDU responses
    - LP: #1402853
  * iser-target: Handle DEVICE_REMOVAL event on network portal listener
    correctly
    - LP: #1402853
  * ASoC: dpcm: Fix race between FE/BE updates and trigger
    - LP: #1402853
  * mac80211: Fix regression that triggers a kernel BUG with CCMP
    - LP: #1402853
  * rt2x00: do not align payload on modern H/W
    - LP: #1402853
  * ath9k: Add version/revision macros for QCA9531
    - LP: #1402853
  * ath9k: Fix RTC_DERIVED_CLK usage
    - LP: #1402853
  * ASoC: sgtl5000: Fix SMALL_POP bit definition
    - LP: #1402853
  * ALSA: usb-audio: Add ctrl message delay quirk for Marantz/Denon devices
    - LP: #1402853
  * bitops: Fix shift overflow in GENMASK macros
    - LP: #1402853
  * x86: Require exact match for 'noxsave' command line option
    - LP: #1402853
  * drm/i915: drop WaSetupGtModeTdRowDispatch:snb
    - LP: #1402853
  * ASoC: wm_adsp: Avoid attempt to free buffers that might still be in use
    - LP: #1402853
  * can: dev: avoid calling kfree_skb() from interrupt context
    - LP: #1402853
  * can: esd_usb2: fix memory leak on disconnect
    - LP: #1402853
  * x86, mm: Set NX across entire PMD at boot
    - LP: #1402853
  * of/irq: Drop obsolete 'interrupts' vs 'interrupts-extended' text
    - LP: #1402853
  * of/base: Fix PowerPC address parsing hack
    - LP: #1402853
  * clockevent: sun4i: Fix race condition in the probe code
    - LP: #1402853
  * MIPS: oprofile: Fix backtrace on 64-bit kernel
    - LP: #1402853
  * ACPI / PM: Ignore wakeup setting if the ACPI companion can't wake up
    - LP: #1402853
  * IB/isert: Adjust CQ size to HW limits
    - LP: #1402853
  * drm/radeon: fix endian swapping in vbios fetch for tdp table
    - LP: #1402853
  * Linux 3.13.11-ckt12
    - LP: #1402853
  * mm: Remove false WARN_ON from pagecache_isize_extended()
    - LP: #1402764
 -- Kamal Mostafa <kamal@xxxxxxxxxxxxx>   Mon, 15 Dec 2014 16:00:52 -0800

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1379340

Title:
  qemu-kvm guest panic for AMD smp trusty guests

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux source package in Utopic:
  Fix Released

Bug description:
  [Impact]
  When using KVM on an AMD host with a kernel that has CONFIG_DEBUG_RODATA enabled, a guest with: multiple vCPUs, and exposing features to the guest such as tsc_adjust can cause a divide error on kvm_unlock_kick when booting the VM.

  This impacts kernels 3.12+.

  [Test Case]
  1) Create a VM on an AMD host with appropriate features (Opteron 6xxx for example)
  2) Edit virsh xml to have <cpu mode='host-passthrough'></cpu> and multiple vCPUs.
  3) Boot VM with VGA console using virt-manager (I couldn't reproduce strictly monitoring via virsh console).

  [Fix]
  commit c1118b3602c2329671ad5ec8bdf8e374323d6343 upstream

  --

  Just upgraded OpenStack compute hosts in our public cloud (using qemu-
  kvm via libvirt) from Precise to Trusty (14.04.1), now on kernel
  3.13.0-36-generic with qemu-kvm 2.0.0+dfsg-2ubuntu1.5.

  Following the upgrade, whenever we try to start an smp/multicore
  Trusty guest (existing or new), we run into this panic [1] inside the
  guest just towards the end of boot. This happens consistently for smp
  guests using the Trusty kernel (i.e., it also affects earlier Ubuntus
  using the HWE kernel from Trusty but not their native versions). I
  didn't have any other distro images to hand with 3.13.x kernels, but
  none of the others I tested were affected (in the 3.2 - 3.16 kernel
  range).

  There are scarce similar reports out there, but the one we did find
  pointed to a CPU feature as the trigger. We were running these hosts
  with libvirt cpu mode set to "host-passthrough" (so qemu starts with
  "-cpu host"), on AMD 6200 & 6300 Opteron hardware. Switching the guest
  domains to use cpu mode "host-model" instead works around the issue
  and is perfectly acceptable for most of our users.

  We have various other Intel compute hosts and they don't seem to be
  affected.

  (1)
  [ 11.256924] divide error: 0000 [#1] SMP
  [ 11.258133] Modules linked in: kvm_amd kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd serio_raw lp parport psmouse floppy
  [ 11.260228] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.13.0-36-generic #63-Ubuntu
  [ 11.260228] Hardware name: OpenStack Foundation OpenStack Nova, BIOS Bochs 01/01/2011
  [ 11.260228] task: ffffffff81c15480 ti: ffffffff81c00000 task.ti: ffffffff81c00000
  [ 11.260228] RIP: 0010:[<ffffffff8104ed58>] [<ffffffff8104ed58>] kvm_unlock_kick+0xa8/0x100
  [ 11.260228] RSP: 0018:ffff88023fc03c98 EFLAGS: 00010046
  [ 11.260228] RAX: 0000000000000005 RBX: 0000000000000000 RCX: 0000000000000001
  [ 11.260228] RDX: ffffffff81eaf408 RSI: 0000000000000000 RDI: 0000000000000000
  [ 11.260228] RBP: ffff88023fc03cb8 R08: ffffffff81eaf400 R09: 00000000ffffffff
  [ 11.260228] R10: ffff880037612cc0 R11: ffffea0002eb0a00 R12: ffff8800374a33c0
  [ 11.260228] R13: 0000000000000020 R14: 0000000000000001 R15: 0000000000000286
  [ 11.260228] FS: 00007f1e8b538740(0000) GS:ffff88023fc00000(0000) knlGS:0000000000000000
  [ 11.260228] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  [ 11.260228] CR2: 00007f1e8ae09d50 CR3: 0000000001c0e000 CR4: 00000000000406f0
  [ 11.260228] Stack:
  [ 11.260228] 0000000000000286 0000000000000001 0000000000000001 00000000000000c3
  [ 11.260228] ffff88023fc03cc8 ffffffff81717ed6 ffff88023fc03ce0 ffffffff8172641a
  [ 11.260228] ffff8800374a33c0 ffff88023fc03d18 ffffffff810aaeb0 ffff88023295e000
  [ 11.260228] Call Trace:
  [ 11.260228] <IRQ>
  [ 11.260228] [<ffffffff81717ed6>] __ticket_unlock_slowpath+0x24/0x34
  [ 11.260228] [<ffffffff8172641a>] _raw_spin_unlock_irqrestore+0x3a/0x40
  [ 11.260228] [<ffffffff810aaeb0>] __wake_up_sync_key+0x50/0x60
  [ 11.260228] [<ffffffff8160ca5a>] sock_def_readable+0x3a/0x70
  [ 11.260228] [<ffffffff816fda0a>] packet_rcv+0x2fa/0x430
  [ 11.260228] [<ffffffff816228b0>] __netif_receive_skb_core+0x360/0x840
  [ 11.260228] [<ffffffff81622da8>] __netif_receive_skb+0x18/0x60
  [ 11.260228] [<ffffffff81622e13>] netif_receive_skb+0x23/0x90
  [ 11.260228] [<ffffffff815288d4>] virtnet_poll+0x4d4/0x850
  [ 11.260228] [<ffffffff81623192>] net_rx_action+0x152/0x250
  [ 11.260228] [<ffffffff8106cbac>] __do_softirq+0xec/0x2c0
  [ 11.260228] [<ffffffff8106d0f5>] irq_exit+0x105/0x110
  [ 11.260228] [<ffffffff817312d6>] do_IRQ+0x56/0xc0
  [ 11.260228] [<ffffffff81726a6d>] common_interrupt+0x6d/0x6d
  [ 11.260228] <EOI>
  [ 11.260228] [<ffffffff8104f596>] ? native_safe_halt+0x6/0x10
  [ 11.260228] [<ffffffff8101c62f>] default_idle+0x1f/0xc0
  [ 11.260228] [<ffffffff8101cef6>] arch_cpu_idle+0x26/0x30
  [ 11.260228] [<ffffffff810bed95>] cpu_startup_entry+0xc5/0x290
  [ 11.260228] [<ffffffff8170ca77>] rest_init+0x77/0x80
  [ 11.260228] [<ffffffff81d35f6b>] start_kernel+0x433/0x43e
  [ 11.260228] [<ffffffff81d35941>] ? repair_env_string+0x5c/0x5c
  [ 11.260228] [<ffffffff81d35120>] ? early_idt_handlers+0x120/0x120
  [ 11.260228] [<ffffffff81d355ee>] x86_64_start_reservations+0x2a/0x2c
  [ 11.260228] [<ffffffff81d35733>] x86_64_start_kernel+0x143/0x152
  [ 11.260228] Code: 66 44 39 e8 75 bd 0f b6 35 f6 06 e6 00 40 84 f6 75 2a 83 05 06 07 e6 00 01 48 c7 c0 6a b0 00 00 31 db 0f b7 0c 01 b8 05 00 00 00 <0f> 01 c1 0f 1f 44 00 00 5b 41 5c 41 5d 41 5e 5d c3 89 f0 31 c9
  [ 11.260228] RIP [<ffffffff8104ed58>] kvm_unlock_kick+0xa8/0x100
  [ 11.260228] RSP <ffff88023fc03c98>
  [ 11.260228] ---[ end trace f1c26ff24745b331 ]---
  [ 11.260228] Kernel panic - not syncing: Fatal exception in interrupt
  [ 11.260228] Shutting down cpus with NMI

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1379340/+subscriptions