2020-09-18 10:29:22 |
bugproxy |
bug |
|
|
added bug |
2020-09-18 10:29:24 |
bugproxy |
tags |
|
architecture-s39064 bugnameltc-188134 severity-high targetmilestone-inin2010 |
|
2020-09-18 10:29:25 |
bugproxy |
ubuntu: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
2020-09-18 10:29:29 |
bugproxy |
affects |
ubuntu |
linux (Ubuntu) |
|
2020-09-18 13:19:05 |
Frank Heimes |
bug task added |
|
ubuntu-z-systems |
|
2020-09-18 13:19:47 |
Frank Heimes |
nominated for series |
|
Ubuntu Groovy |
|
2020-09-18 13:19:47 |
Frank Heimes |
bug task added |
|
linux (Ubuntu Groovy) |
|
2020-09-18 13:19:47 |
Frank Heimes |
nominated for series |
|
Ubuntu Focal |
|
2020-09-18 13:19:47 |
Frank Heimes |
bug task added |
|
linux (Ubuntu Focal) |
|
2020-09-18 13:20:19 |
Frank Heimes |
ubuntu-z-systems: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
2020-09-18 13:20:31 |
Frank Heimes |
ubuntu-z-systems: importance |
Undecided |
High |
|
2020-09-18 18:58:20 |
Frank Heimes |
linux (Ubuntu Groovy): status |
New |
In Progress |
|
2020-09-18 18:58:23 |
Frank Heimes |
ubuntu-z-systems: status |
New |
In Progress |
|
2020-09-21 10:13:09 |
Frank Heimes |
description |
Commit "s390/pci: adapt events for zbus" removed the zpci_disable_device() call for a zPCI event with PEC 0x0304 (hot unplug) becausethe device is already deconfigured by the platform.
This however skips the Linux side of the disable in particular it leads
to leaking the DMA tables and bitmaps because zpci_dma_exit_device() is
never called on the device.
This has been fixed in the following commit (currently in linux-next)
afdf9550e54627fcf4dd609bdc1153059378cdf5 s390/pci: fix leak of DMA tables on hard unplug
The commit re-introduces the zpci_disable_device() call as it was before the zbus introduction, for good measure I also added a comment to zpci_disable_device()
to call out the fact that it may be called with the device disabled
already.
As the commit was introduced with the multi-function support
this of course should go into both 20.10 and 20.04. |
SRU Justification:
==================
[Impact]
* Since zpci_dma_exit_device() is never called on a zPCI device there is a potential leaking in DMA tables and bitmaps.
* This is because commit "s390/pci: adapt events for zbus" removed the zpci_disable_device() call for a zPCI event with PEC 0x0304 (means on hot unplug).
* It is only not called on hot unplug with event type PEC 0x0304 - this is the one where Linux is informed the device is
gone instead of being asked to deconfigure it.
* It should also always leak them with that event type on an enabled device.
[Fix]
* afdf9550e54627fcf4dd609bdc1153059378cdf5 afdf9550e546 "s390/pci: fix leak of DMA tables on hard unplug"
[Test Case]
* Have an IBM Z LPAR, that has PCIe devices (like RoCE adapters) assigned and Ubuntu Server 20.04 installed.
* Disable and re-enable one (or more) of the assigned PCIe cards (using hotplug) - on LPAR this can be triggered using the 'Reassign I/O Path' function at the HMC/SE.
* Monitor DMA tables and bitmaps for any kind of leaking.
* Since these tables are vmalloc-ed memory, it's sufficient to monitor via /proc/meminfo and see that reassigning back and forth of a device will have the memory usage grow continuously.
* The test and verification needs to be conducted by IBM.
[Regression Potential]
* There regression risk can be considered as moderate, because:
* only a call of zpci_disable_device(zdev) got reintroduced (and some comment lines).
* Since __zpci_event_availability gets modified, the zPCI event handling could be scrud up,
* which could cause issues regarding the availability of zPCI devices
* and in worst case make zPCI devices unusable.
* But only one switch case of the function is modified and all cases break, so only PEC 0x0304 should be affected.
* And the code changes themselves are minimal, and the zPCI code is limited to the s390x architecture.
* On top test kernels were built and shared for further testing.
[Other]
* Since this commit needs to land in groovy too, but groovy is still in development (hence the SRU process does not apply for groovy yet), I've sent a separate Patch request for groovy.
__________
Commit "s390/pci: adapt events for zbus" removed the zpci_disable_device() call for a zPCI event with PEC 0x0304 (hot unplug) because the device is already deconfigured by the platform.
This however skips the Linux side of the disable in particular it leads
to leaking the DMA tables and bitmaps because zpci_dma_exit_device() is
never called on the device.
This has been fixed in the following commit (currently in linux-next)
afdf9550e54627fcf4dd609bdc1153059378cdf5 s390/pci: fix leak of DMA tables on hard unplug
The commit re-introduces the zpci_disable_device() call as it was before the zbus introduction, for good measure I also added a comment to zpci_disable_device()
to call out the fact that it may be called with the device disabled
already.
As the commit was introduced with the multi-function support
this of course should go into both 20.10 and 20.04. |
|
2020-09-21 14:47:09 |
Frank Heimes |
linux (Ubuntu Focal): status |
New |
In Progress |
|
2020-09-23 13:20:42 |
Stefan Bader |
linux (Ubuntu Focal): importance |
Undecided |
Medium |
|
2020-09-30 01:17:37 |
Launchpad Janitor |
linux (Ubuntu Groovy): status |
In Progress |
Fix Released |
|
2020-09-30 01:17:37 |
Launchpad Janitor |
cve linked |
|
2020-14386 |
|
2020-10-06 18:57:45 |
Ian May |
linux (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
2020-10-06 19:14:10 |
Frank Heimes |
ubuntu-z-systems: status |
In Progress |
Fix Committed |
|
2020-11-17 10:05:25 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-188134 severity-high targetmilestone-inin2010 |
architecture-s39064 bugnameltc-188134 severity-high targetmilestone-inin2010 verification-needed-focal |
|
2020-11-17 15:27:00 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-188134 severity-high targetmilestone-inin2010 verification-needed-focal |
architecture-s39064 bugnameltc-188134 severity-high targetmilestone-inin2010 verification-done-focal |
|
2020-11-30 15:46:09 |
Launchpad Janitor |
linux (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2020-11-30 15:46:09 |
Launchpad Janitor |
cve linked |
|
2020-14351 |
|
2020-11-30 15:46:09 |
Launchpad Janitor |
cve linked |
|
2020-4788 |
|
2020-11-30 16:21:30 |
Frank Heimes |
ubuntu-z-systems: status |
Fix Committed |
Fix Released |
|