Ubuntu
linux package

[UBUNTU 21.10] s390/perf: obtain sie_block from the right address

Bug #1977962 reported by bugproxy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Skipper Bug Screeners
linux (Ubuntu)
Invalid
High
Unassigned
Jammy
Fix Released
Undecided
Skipper Bug Screeners

Bug Description

Description: s390/perf: obtain sie_block from the right address

Symptom: Read from unitialized stack memory, incorrect guest
               perf data reported, possibly system crash.

Problem: When perf is instructed to record a software-based event and
               to trace the guest, i.e. using the following command:

               perf kvm --guest --guestvmlinux=endless.elf top -e cpu-clock

               The reported guest instruction pointer is inaccurate or
               the system may crash.

               This is caused by the sie_block being taken from empty1[0]
               in sie_block() in arch/s390/kernel/perf_event.c, but since
               1179f170b6f0 ("s390: fix fpu restore in entry.S")
               it resides at empty1[1].

Solution: Obtain sie_block from the right address in sie_block().

Reproduction: 1. Start a KVM guest executing an endless loop.
               2. Determine the instruction address of the loop.
               3. Start perf recording for any software event and trace
                  the guest, for example using this command:

                  perf kvm --guest --guestvmlinux=endless.elf top -e cpu-clock

               4. The reported guest instruction addresses don't match
                  the loop's instruction address or the system crashes.

Upstream-ID: c9bfb460c3e4da2462e16b0f0b200990b36b1dd2

BBPF Probl.ID: 198450
Preventive: yes
Reported: -
SupportTicket: -
Reference: -
Date: 2022-06-02
Author: <email address hidden>
Component: kernel
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9bfb460c3e4da2462e16b0f0b200990b36b1dd2

Problem occurs / affects impish and jammy

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-198476 severity-high targetmilestone-inin2110
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
importance: Undecided → High
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2022-06-09 03:12 EDT-------
*** Bug 198475 has been marked as a duplicate of this bug. ***

Revision history for this message
Frank Heimes (fheimes) wrote :

I'm glad to see that commit:
c9bfb460c3e4 c9bfb460c3e4da2462e16b0f0b200990b36b1dd2 "s390/perf: obtain sie_block from the right address"
is tagged (upstream) for stable updates with:
Cc: <email address hidden>

With that, this commit will automatically be picked up by the Ubuntu kernel teams
"Focal update: v5.4.xxx upstream stable release" process.

This hasn't happened yet with the latest ticket:
"Focal update: v5.4.191 upstream stable release" - LP#1976116
but will be soon.

This LP bug will be used for tracking the status.

tags: added: tracking-upstream-stable
Changed in linux (Ubuntu):
importance: Undecided → High
tags: added: upstream-stable
removed: tracking-upstream-stable
Revision history for this message
Frank Heimes (fheimes) wrote :

This commit appeared now in v5.15.46, which will be handled in the next weeks by the kernel team.

But I change the title to 22.04, since 21.10 is EOL as of today, and this patch is not in jammy.
It got upstream accepted with v5.19-rc1 hence no need to patch kinetic, since kinetic's target kernel is 5.19.

Changed in ubuntu-z-systems:
status: New → Triaged
Changed in linux (Ubuntu):
status: New → Triaged
Changed in linux (Ubuntu Jammy):
status: New → Triaged
Changed in linux (Ubuntu):
status: Triaged → Invalid
Changed in linux (Ubuntu Jammy):
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in linux (Ubuntu):
assignee: Skipper Bug Screeners (skipper-screen-team) → nobody
Revision history for this message
Frank Heimes (fheimes) wrote :

Aligning to upstream stable ticket LP#1981864 for jammy, which is 'In Progress' now.

Changed in ubuntu-z-systems:
status: Triaged → In Progress
Changed in linux (Ubuntu Jammy):
status: Triaged → In Progress
Frank Heimes (fheimes)
Changed in linux (Ubuntu Jammy):
status: In Progress → Fix Committed
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Revision history for this message
Frank Heimes (fheimes) wrote :

Updating to Fix Released, because LP#1981864 was updated to Fix Released.

Changed in linux (Ubuntu Jammy):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.