[Ubuntu 20.04] Problem leading IUCV service down (on s390x)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Skipper Bug Screeners | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Canonical Kernel Team | ||
Hirsute |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU Justification:
==================
[Impact]
* Problems occur in IBM z/VM's IUCV (Inter User Communication Vehicle) environments and its communication.
* Errors like "usercopy: Kernel memory overwrite attempt detected to SLUB object 'dma-kmalloc-1 k' (offset 0, size 11)!" pop up and cause failures.
* This is because IUCV uses kmalloc() with __GFP_DMA because of memory address restrictions.
* The solution is to mark dma-kmalloc caches as usercopy caches.
[Fix]
* 49f2d2419d60a10
* Due to changes in the context of the upstream patch,
a cherry-pick was not possible and the following backport was created:
https:/
[Test Case]
* Setup Ubuntu Server 20.04 on s390x system as IBM z/VM guest aka virtual machine.
* Setup IUCV on z/VM: Setting up the (IUCV TCPIP) service machine:
https:/
* Set up a Linux IUCV instance: https:/
* Set up an IUCV direct: https:/
* Make use of IUCV, for example using ssh on a direct connection.
* Verify if the connections is stable and watch out for messages starting with "usercopy".
[Regression Potential]
* Problems could occur in case the create_
for example with wrong index, wrong size or just wrong comma separations.
* Wrong size or index will probably lead to similar instability problems that exist today.
* Problems in the syntax (commas etc.) will be detected at compile time.
* But it's just a single line modification in function create_
* so the change is very limited and quite traceable.
* And it was in depth discussed here:
https:/
* a reviewed by a lot of kernel engineers (see provenance)
* and it was already upstream accepted with kernel 5.8.
[Other]
* Since the commit is upstream accepted with 5.8, so it's already in impish and hirsute (and groovy).
* Hence this kernel SRU submission is for Focal only and covers only the above single but common code commit/patch.
__________
When I deployed a Ubuntu20.04 instance with kernel version of 5.4.0-58-generic under z/VM, I saw below messages from kernel and the iucvserv program malfunctioned. Hence it caused some devices like network device configuration failure and deployment failure.
Dec 14 22:02:26 ub2004img iucvserv: Receive OPNCLD4 0.0.0.1 pwd sent from IUCV client.
Dec 14 22:02:26 ub2004img iucvserv: /etc/iucv_
Dec 14 22:02:26 ub2004img iucvserv: senduserid=OPNCLD4, authuserid=OPNCLD4, len=7
Dec 14 22:02:26 ub2004img iucvserv: Current version is 0.0.0.1, upgraded version is 0.0.0.1
Dec 14 22:02:26 ub2004img iucvserv: Will execute the linux command pwd 2>&1; echo iucvcmdrc=$? sent from IUCV client.
Dec 14 22:02:26 ub2004img iucvserv: result length=14, send message length=14,#012 /#012iucvcmdrc=0
Dec 14 22:02:26 ub2004img kernel: [63084.184649] ------------[ cut here ]------------
Dec 14 22:02:26 ub2004img kernel: [63084.184654] Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'dma-kmalloc-1k' (offset 0, size 20)!
Dec 14 22:02:26 ub2004img kernel: [63084.184680] WARNING: CPU: 1 PID: 697 at mm/usercopy.c:75 usercopy_
Dec 14 22:02:26 ub2004img kernel: [63084.184681] Modules linked in: tcp_diag udp_diag raw_diag inet_diag unix_diag xt_CT iptable_raw ipt_REJECT nf_reject_ipv4 xt_tcpudp xt_conntrack nf_conntrack nf_defr
ag_ipv6 nf_defrag_ipv4 iptable_filter bpfilter af_iucv nls_utf8 isofs dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmur vfio_ccw vfio_mdev mdev s390_trng vfio_iommu_type1 vfio sch_fq_codel drm drm
_panel_
pkey zcrypt crc32_vx_s390 ghash_s390 prng aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dasd_fba_mod dasd_mod qeth_l2 qeth qdio ccwgroup
Dec 14 22:02:26 ub2004img kernel: [63084.184718] CPU: 1 PID: 697 Comm: iucvserv Not tainted 5.4.0-58-generic #64-Ubuntu
Dec 14 22:02:26 ub2004img kernel: [63084.184718] Hardware name: IBM 8561 LT1 400 (z/VM 7.1.0)
Dec 14 22:02:26 ub2004img kernel: [63084.184719] Krnl PSW : 0704c00180000000 00000000b3c37a60 (usercopy_
Dec 14 22:02:26 ub2004img kernel: [63084.184721] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
Dec 14 22:02:26 ub2004img kernel: [63084.184722] Krnl GPRS: 0000000000000004 0000000000000006 0000000000000081 0000000000000007
Dec 14 22:02:26 ub2004img kernel: [63084.184722] 0000000000000007 00000000f2ecb400 00000000b43fdc6a 000003e000000014
Dec 14 22:02:26 ub2004img kernel: [63084.184723] 0000000000000000 0000000000000014 0000000000000000 00000000b43f01f0
Dec 14 22:02:26 ub2004img kernel: [63084.184723] 00000000aae13300 00000000e9332a00 00000000b3c37a5c 000003e000987a10
Dec 14 22:02:26 ub2004img kernel: [63084.184728] Krnl Code: 00000000b3c37a50: c020003e310f larl %r2,00000000b43
Dec 14 22:02:26 ub2004img kernel: [63084.184728] 00000000b3c37a56: c0e5ffedbe85 brasl %r14,00000000b3
Dec 14 22:02:26 ub2004img kernel: [63084.184728] #00000000b3c37a5c: a7f40001 brc 15,00000000b3c37a5e
Dec 14 22:02:26 ub2004img kernel: [63084.184728] >00000000b3c37a60: eb6ff0c00004 lmg %r6,%r15,192(%r15)
Dec 14 22:02:26 ub2004img kernel: [63084.184728] 00000000b3c37a66: 07fe bcr 15,%r14
Dec 14 22:02:26 ub2004img kernel: [63084.184728] 00000000b3c37a68: 47000700 bc 0,1792
Dec 14 22:02:26 ub2004img kernel: [63084.184728] 00000000b3c37a6c: c020003e30fa larl %r2,00000000b43
Dec 14 22:02:26 ub2004img kernel: [63084.184728] 00000000b3c37a72: a7f4ffd4 brc 15,00000000b3c37a1a
Dec 14 22:02:26 ub2004img kernel: [63084.184735] Call Trace:
Dec 14 22:02:26 ub2004img kernel: [63084.184736] ([<00000000b3c3
Dec 14 22:02:26 ub2004img kernel: [63084.184740] [<00000000b3c0f
Dec 14 22:02:26 ub2004img kernel: [63084.184741] [<00000000b3c37
Dec 14 22:02:26 ub2004img kernel: [63084.184744] [<00000000b4080
Dec 14 22:02:26 ub2004img kernel: [63084.184745] [<00000000b407f
Dec 14 22:02:26 ub2004img kernel: [63084.184745] [<00000000b4080
Dec 14 22:02:26 ub2004img kernel: [63084.184747] [<000003ff80501
Dec 14 22:02:26 ub2004img kernel: [63084.184749] [<00000000b406c
Dec 14 22:02:26 ub2004img kernel: [63084.184750] [<00000000b406e
Dec 14 22:02:26 ub2004img kernel: [63084.184753] [<00000000b4250
Dec 14 22:02:26 ub2004img kernel: [63084.184753] Last Breaking-
Dec 14 22:02:26 ub2004img kernel: [63084.184754] [<00000000b3c37
Dec 14 22:02:26 ub2004img kernel: [63084.184754] ---[ end trace b0232fe5536a773d ]---
Dec 14 22:02:26 ub2004img iucvserv: Receive OPNCLD4 0.0.0.1 ls /etc/*-release sent from IUCV client.
Dec 14 22:02:26 ub2004img iucvserv: /etc/iucv_
Dec 14 22:02:26 ub2004img iucvserv: senduserid=OPNCLD4, authuserid=OPNCLD4, len=7
Dec 14 22:02:26 ub2004img iucvserv: Current version is 0.0.0.1, upgraded version is 0.0.0.1
Dec 14 22:02:26 ub2004img iucvserv: Will execute the linux command ls /etc/*-release 2>&1; echo iucvcmdrc=$? sent from IUCV client.
Dec 14 22:02:26 ub2004img iucvserv: result length=45, send message length=45,#012 /etc/lsb-
Dec 14 22:02:26 ub2004img iucvserv: Receive OPNCLD4 0.0.0.1 cat /etc/os-release sent from IUCV client.
Dec 14 22:02:26 ub2004img iucvserv: /etc/iucv_
Dec 14 22:02:26 ub2004img iucvserv: senduserid=OPNCLD4, authuserid=OPNCLD4, len=7
Dec 14 22:02:26 ub2004img iucvserv: Current version is 0.0.0.1, upgraded version is 0.0.0.1
But I didn't see such problem with kernel version 5.4.0-40-generic #44-Ubuntu when I did the same operation.
tags: | added: architecture-s39064 bugnameltc-191054 severity-high targetmilestone-inin--- |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
Changed in ubuntu-z-systems: | |
status: | New → Triaged |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
Changed in linux (Ubuntu): | |
assignee: | Skipper Bug Screeners (skipper-screen-team) → Frank Heimes (fheimes) |
Changed in ubuntu-z-systems: | |
importance: | Undecided → High |
no longer affects: | linux (Ubuntu Groovy) |
no longer affects: | linux (Ubuntu Hirsute) |
Changed in linux (Ubuntu): | |
status: | New → Fix Released |
Changed in linux (Ubuntu Focal): | |
status: | New → Triaged |
Changed in linux (Ubuntu): | |
assignee: | Frank Heimes (fheimes) → nobody |
Changed in linux (Ubuntu Focal): | |
assignee: | nobody → Frank Heimes (fheimes) |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
------- Comment From <email address hidden> 2021-01-27 09:34 EDT------- /github. com/torvalds/ linux/commit/ 49f2d2419d60a10 3752e5fbaf158cf 8d07c0d884
The solution be provided with the following git-commit.
https:/