[Hyper-V] vsock: always call vsock_init_tables()

Bug #1747970 reported by Joshua R. Poulson on 2018-02-07
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-azure (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Marcelo Cerri
linux-azure-edge (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned

Bug Description

Guest kernel panic for VMs in enhanced session mode when the XRDP channel connection happens too early in the boot.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=c1eef220c1760762753b602c382127bfccee226d

vsock: always call vsock_init_tables()
Although CONFIG_VSOCKETS_DIAG depends on CONFIG_VSOCKETS,
vsock_init_tables() is not always called, it is called only
if other modules call its caller. Therefore if we only
enable CONFIG_VSOCKETS_DIAG, it would crash kernel on uninitialized
vsock_bind_table.

This patch fixes it by moving vsock_init_tables() to its own
module_init().

Joshua R. Poulson (jrp) on 2018-02-07
Changed in linux-azure (Ubuntu):
status: New → Confirmed
Dexuan Cui (decui) wrote :

Yes, I confirm this is the patch we need for the Enhanced Session mode.

The patch was originally made to fix a different issue, but it can also fix the VM panic we see with Enhanced Session mode, because the cause is the same: there is a race

static int __init hvs_init(void)
{
        int ret;

        if (vmbus_proto_version < VERSION_WIN10)
                return -ENODEV;

        ret = vmbus_driver_register(&hvs_drv);
        if (ret != 0)
                return ret;
Dexuan: ---------------------------: if the host-initiated connection comes here (e.g. before we call vsock_core_init(), hvs_open_connection() -> vsock_find_bound_socket() -> __vsock_find_bound_socket() can access the uninitialized vsock_bound_sockets(addr) -> vsock_bind_table, which will be initialized in vsock_core_init() -> vsock_init_tables(), and we'll hit a panic.

        ret = vsock_core_init(&hvs_transport);
        if (ret) {
                vmbus_driver_unregister(&hvs_drv);
                return ret;
        }

        return 0;
}

The latest upstream 4.15.1 kernel has the fix already, but 4.14.17 doesn't have the fix.

Marcelo Cerri (mhcerri) on 2018-02-08
Changed in linux-azure (Ubuntu Xenial):
assignee: nobody → Marcelo Cerri (mhcerri)
status: New → In Progress
Marcelo Cerri (mhcerri) wrote :
Changed in linux-azure-edge (Ubuntu Xenial):
status: New → In Progress
Marcelo Cerri (mhcerri) wrote :

Josh, should this change also be applied to the generic kernels?

Marcelo Cerri (mhcerri) on 2018-02-15
Changed in linux-azure (Ubuntu Xenial):
status: In Progress → Fix Committed

Any other backports needed, Marcelo and Josh?

Launchpad Janitor (janitor) wrote :
Download full text (21.5 KiB)

This bug was fixed in the package linux-azure - 4.13.0-1011.14

---------------
linux-azure (4.13.0-1011.14) xenial; urgency=medium

  * linux-azure: 4.13.0-1011.14 -proposed tracker (LP: #1748476)

  * [Hyper-V] Fixes for Network Direct InfiniBand/RDMA driver (LP: #1749332)
    - SAUCE: vmbus-rdma: ND142: don't wait forever for disconnection from remote
      connector
    - SAUCE: vmbus-rdma: ND142: remove idr handle before calling ND on freeing CQ
      and QP
    - SAUCE: vmbus-rdma: ND142: do not crash on idr allocation failure - warn
      instead
    - SAUCE: vmbus-rdma: ND144: don't wait forever for disconnection from remote
      connector
    - SAUCE: vmbus-rdma: ND144: remove idr handle before calling ND on freeing CQ
      and QP
    - SAUCE: vmbus-rdma: ND144: do not crash on idr allocation failure - warn
      instead

  * [Hyper-V] vsock: always call vsock_init_tables() (LP: #1747970)
    - vsock: always call vsock_init_tables()

  * Update the source code location in the debian package for cloud kernels
    (LP: #1747890)
    - [Debian] Update git repository URI

  [ Ubuntu: 4.13.0-35.39 ]

  * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743)
  * CVE-2017-5715 (Spectre v2 Intel)
    - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
    - SAUCE: turn off IBRS when full retpoline is present
    - [Packaging] retpoline files must be sorted
    - [Packaging] pull in retpoline files

  [ Ubuntu: 4.13.0-34.37 ]

  * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475)
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
    - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
    (LP: #1747090)
    - KVM: s390: wire up bpb feature
  * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069)
    - Revert "mm, memory_hotplug: do not associate hotadded memory to zones until
      online"
  * CVE-2017-5715 (Spectre v2 Intel)
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - x86/cpu/AMD: Add speculative control support for AMD
    - x86/microcode: Extend post microcode reload to support IBPB feature
    - KVM: SVM: Do not intercept new speculative control MSRs
    - x86/svm: Set IBRS value on VM entry and exit
    - x86/svm: Set IBPB when running a different VCPU
    - KVM: x86: Ad...

Changed in linux-azure (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers