Update the EC2 work-around for the OSXSAVE issue in pv-ops

Bug #1044550 reported by Stefan Bader on 2012-08-31
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Lucid
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Stefan Bader

Bug Description

SRU Justification:
There has been an issue with older Xen hypervisors (Xen 3.x) which caused guest crashes with pv-ops kernels. For that we are carrying a patch borrowed from Fedora which masks off the OSXSAVE bit on CR4 writes. However there have been issues with that recently which were caused by user-space checking other flags and then trying to use the feature which then broke because it was not activated correctly.

For Quantal we have now made the work-around patch better by not masking CR4 writes but actually removing the cpuid capability bits (and only for pre-4.x versions of Xen). This now needs to go back into previous releases.

Update
======
It turned out that the hack (or the updated patch) are in fact only needed because Xen code in kernels between 2.6.30 and 2.6.39 would deliberately set OSXSAVE in CR4 in order to find out about xsave support. So any kernel newer that 2.6.39 can safely drop the work-around. And it should be done because having only OSXSAVE filtered on CR4 writes can cause problems and without any need we should not deviate from upstream.

For Lucid we should either pick the patch which completely masks the xsave bits from cpuid and optionally also the second patch that would allow to use xsave when running as a guest of a Xen server supporting it.

Stefan Bader (smb) on 2012-08-31
Changed in linux (Ubuntu Precise):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Fix Released
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
status: New → Triaged
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Medium
status: New → Triaged
Tim Gardner (timg-tpi) on 2012-09-04
Changed in linux (Ubuntu Precise):
status: In Progress → Fix Committed
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel for Precise in -proposed solves the problem (3.2.0-31.50). Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-precise' to 'verification-done-precise'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-precise
Stefan Bader (smb) wrote :

I am on vacation this week, so I will not be able to verify this. I have been testing the change before on EC2 instances and the workaround was enabled without seeing any problem. Can we let this stay/pass based on this? Thanks.

Luis Henriques (henrix) wrote :

As per comment #2 and the discussion on the mailing list:

https://lists.ubuntu.com/archives/kernel-team/2012-September/021978.html

I'm tagging this bug as verified.

tags: added: verification-done-precise
removed: verification-needed-precise
Stefan Bader (smb) wrote :

Annotations/info from the upstream discussion:

The kernel would set OSXSAVE in CR4 when the cpuid bits for XSAVE and OSXSAVE are set. Xen is supposed to mask those off (cannot say since which version but it is claimed to be done for quite a while now). The issues with upstream kernels happened after kernel code for Xen did try to probe for the feature on its own by writing CR4:

  commit 191216b9289ed02256086e6bab4f668112109399
    xen: mask XSAVE from cpuid

This was added in 2.6.30 but then replaced by the following two patches in 2.6.39:

  commit 61f4237d5b005767a76f4f3694e68e6f78f392d9
    xen: just completely disable XSAVE
  commit 947ccf9c3c30307b774af3666ee74fcd9f47f646
    xen: Allow PV-OPS kernel to detect whether XSAVE is supported

So kernels newer than 2.6.39 (Oneiric, Precise, Quantal) should be ok even without the work-around. For Lucid we either should update the work-around, or (probably the preferred way) backport at least "xen: just completely disable XSAVE".

Stefan Bader (smb) wrote :

Ok, so I searched for the patch to Xen mentioned in the upstream discussion which was:

  x86: Mask X86_FEATURE_XSAVE in cpuid leaf 1, ecx, as we don't
  allow guests to use it (by setting cr4.OSXSAVE).

Together with the other comments I think I understand now that Xen always has masked off OSXSAVE in the cpuid bits but not XSAVE. And the newer kernel patch checks for OSXSAVE which is safe. Xen will set OSXSAVE (together with XSAVE) in cpuid bits if it supports it and allows the guest to use it, too.

Stefan Bader (smb) on 2012-09-21
description: updated
Launchpad Janitor (janitor) wrote :
Download full text (5.5 KiB)

This bug was fixed in the package linux - 3.2.0-31.50

---------------
linux (3.2.0-31.50) precise-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1047242

  [ Dave Airlie ]

  * SAUCE: drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot
    - LP: #1039157

  [ Kamal Mostafa ]

  * SAUCE: input: Cypress PS/2 Trackpad move PSMOUSE_CYPRESS enum
    - LP: #1041594

linux (3.2.0-31.49) precise-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1046216

  [ Cypress Semiconductor Corporation ]

  * SAUCE: input: Cypress PS/2 Trackpad mouse driver
    - LP: #978807
  * SAUCE: input: Cypress PS/2 Trackpad link driver into psmouse-base
    - LP: #978807

  [ Ike Panhc ]

  * [Config] Enable CONFIG_DEVPTS_MULTIPLE_INSTANCES for highbank
    - LP: #1038259

  [ Kamal Mostafa ]

  * SAUCE: input: Cypress PS/2 Trackpad code style cleanup
    - LP: #978807
  * SAUCE: input: Cypress PS/2 Trackpad eliminate dead code
    - LP: #978807
  * SAUCE: input: Cypress PS/2 Trackpad fix no-config stubs
    - LP: #978807
  * SAUCE: input: Cypress PS/2 Trackpad set default debug_level=0
    - LP: #978807

  [ Stefan Bader ]

  * Revert "SAUCE: fix pv-ops for legacy Xen"
    - LP: #1044550
  * SAUCE: Force xsave off on older Xen hypervisors
    - LP: #1044550

  [ Tim Gardner ]

  * [Config] Add smsc{79}5xx to nic-usb-modules
    - LP: #1041397

  [ Upstream Kernel Changes ]

  * Revert "samsung-laptop: make the dmi check less strict"
    - LP: #1028151
  * rds: set correct msg_namelen
    - LP: #1031112
    - CVE-2012-3430
  * bnx2: Fix bug in bnx2_free_tx_skbs().
    - LP: #1039087
  * sch_sfb: Fix missing NULL check
    - LP: #1039087
  * sctp: Fix list corruption resulting from freeing an association on a
    list
    - LP: #1039087
  * caif: Fix access to freed pernet memory
    - LP: #1039087
  * cipso: don't follow a NULL pointer when setsockopt() is called
    - LP: #1039087
  * caif: fix NULL pointer check
    - LP: #1039087
  * wanmain: comparing array with NULL
    - LP: #1039087
  * tcp: Add TCP_USER_TIMEOUT negative value check
    - LP: #1039087
  * USB: kaweth.c: use GFP_ATOMIC under spin_lock
    - LP: #1039087
  * net: fix rtnetlink IFF_PROMISC and IFF_ALLMULTI handling
    - LP: #1039087
  * tcp: perform DMA to userspace only if there is a task waiting for it
    - LP: #1039087
  * net/tun: fix ioctl() based info leaks
    - LP: #1039087
  * e1000: add dropped DMA receive enable back in for WoL
    - LP: #1039087
  * rtlwifi: rtl8192cu: Change buffer allocation for synchronous reads
    - LP: #1039087
  * hfsplus: fix overflow in sector calculations in hfsplus_submit_bio
    - LP: #1039087
  * drm/i915: fixup seqno allocation logic for lazy_request
    - LP: #1039087
  * mac80211: cancel mesh path timer
    - LP: #1039087
  * ath9k: Add PID/VID support for AR1111
    - LP: #1039087
  * ARM: mxs: Remove MMAP_MIN_ADDR setting from mxs_defconfig
    - LP: #1039087
  * ALSA: hda - add dock support for Thinkpad T430s
    - LP: #1039087
  * cfg80211: process pending events when unregistering net device
    - LP: #1039087
  * rt61pci: fix NULL pointer dereference in config_lna_gain
    - LP: #...

Read more...

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel for Lucid and Oneiric in -proposed solves the problem (2.6.32-44.98 and 3.0.0-26.43). Please test these kernels and update this bug with the results. If the problem is solved, change the tag 'verification-needed-lucid' (or 'verification-needed-oneiric') to 'verification-done-lucid' (or 'verification-done-oneiric').

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-lucid verification-needed-oneiric
Stefan Bader (smb) wrote :

I ran both the server and the ec2 Lucid kernels in an Amazon instance. Of course to find a host that really has xsave support is like searching a needle in the cloud stack. But at least this add some confidence that nothing broke beyond the state it was broken before. Which I would believe to be sufficient.

tags: added: verification-done-lucid
removed: verification-needed-lucid
Stefan Bader (smb) wrote :

So Oneiric "works" with the same restrictions. Only time will tell for sure.

tags: added: verification-done-oneiric
removed: verification-needed-oneiric
Launchpad Janitor (janitor) wrote :
Download full text (4.4 KiB)

This bug was fixed in the package linux - 3.0.0-26.43

---------------
linux (3.0.0-26.43) oneiric-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1055532

  [ Dave Airlie ]

  * SAUCE: drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot
    - LP: #1039157

  [ Stefan Bader ]

  * Revert "SAUCE: fix pv-ops for legacy Xen"
    - LP: #1044550

  [ Upstream Kernel Changes ]

  * KVM: Fix buffer overflow in kvm_set_irq()
    - LP: #1016298
    - CVE-2012-2137
  * VFS : mount lock scalability for internal mounts
    - LP: #990365
    - CVE-2012-2127
  * procfs: fix a vfsmount longterm reference leak
    - LP: #990365
    - CVE-2012-2127
  * eCryptfs: Copy up attributes of the lower target inode after rename
    - LP: #561129
  * eCryptfs: Write out all dirty pages just before releasing the lower
    file
    - LP: #1047261
  * eCryptfs: Call lower ->flush() from ecryptfs_flush()
    - LP: #1047261
  * USB: vt6656: remove __devinit* from the struct usb_device_id table
    - LP: #1052005
  * USB: emi62: remove __devinit* from the struct usb_device_id table
    - LP: #1052005
  * ALSA: hda - fix Copyright debug message
    - LP: #1052005
  * ARM: 7487/1: mm: avoid setting nG bit for user mappings that aren't
    present
    - LP: #1052005
  * ARM: 7488/1: mm: use 5 bits for swapfile type encoding
    - LP: #1052005
  * ARM: 7489/1: errata: fix workaround for erratum #720789 on UP systems
    - LP: #1052005
  * ARM: S3C24XX: Fix s3c2410_dma_enqueue parameters
    - LP: #1052005
  * ARM: imx: select CPU_FREQ_TABLE when needed
    - LP: #1052005
  * ASoC: wm9712: Fix microphone source selection
    - LP: #1052005
  * vfs: missed source of ->f_pos races
    - LP: #1052005
  * vfs: canonicalize create mode in build_open_flags()
    - LP: #1052005
  * alpha: Don't export SOCK_NONBLOCK to user space.
    - LP: #1052005
  * USB: winbond: remove __devinit* from the struct usb_device_id table
    - LP: #1052005
  * mm: hugetlbfs: correctly populate shared pmd
    - LP: #1052005
  * NFSv3: Ensure that do_proc_get_root() reports errors correctly
    - LP: #1052005
  * NFSv4.1: Remove a bogus BUG_ON() in nfs4_layoutreturn_done
    - LP: #1052005
  * NFS: Alias the nfs module to nfs4
    - LP: #1052005
  * audit: don't free_chunk() after fsnotify_add_mark()
    - LP: #1052005
  * audit: fix refcounting in audit-tree
    - LP: #1052005
  * svcrpc: fix BUG() in svc_tcp_clear_pages
    - LP: #1052005
  * svcrpc: fix svc_xprt_enqueue/svc_recv busy-looping
    - LP: #1052005
  * svcrpc: sends on closed socket should stop immediately
    - LP: #1052005
  * cciss: fix incorrect scsi status reporting
    - LP: #1052005
  * ACPI: export symbol acpi_get_table_with_size
    - LP: #1052005
  * ath9k: fix decrypt_error initialization in ath_rx_tasklet()
    - LP: #1052005
  * PCI: EHCI: Fix crash during hibernation on ASUS computers
    - LP: #1052005
  * block: replace __getblk_slow misfix by grow_dev_page fix
    - LP: #1052005
  * USB: spca506: remove __devinit* from the struct usb_device_id table
    - LP: #1052005
  * USB: p54usb: remove __devinit* from the struct usb_device_id table
    - LP: #1052005
  * USB: rtl8187: remove __devi...

Read more...

Changed in linux (Ubuntu Oneiric):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-44.98

---------------
linux (2.6.32-44.98) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1055438

  [ Dave Airlie ]

  * SAUCE: drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot
    - LP: #1039157

  [ Upstream Kernel Changes ]

  * Revert "sfc: Fix maximum number of TSO segments and minimum TX queue
    size"
    - LP: #1037456
    - CVE-2012-3412
  * Revert "sfc: Replace some literal constants with
    EFX_PAGE_SIZE/EFX_BUF_SIZE"
    - LP: #1037456
    - CVE-2012-3412
  * Revert "tcp: Apply device TSO segment limit earlier"
    - LP: #1037456
    - CVE-2012-3412
  * Revert "tcp: do not scale TSO segment size with reordering degree"
    - LP: #1037456
    - CVE-2012-3412
  * Revert "net: Allow driver to limit number of GSO segments per skb"
    - LP: #1037456
    - CVE-2012-3412
  * cred: copy_process() should clear child->replacement_session_keyring
    - LP: #1023535
    - CVE-2012-2745
  * KVM: Change irq routing table to use gsi indexed array
    - LP: #1016298
    - CVE-2012-2137
  * KVM: Fix buffer overflow in kvm_set_irq()
    - LP: #1016298
    - CVE-2012-2137
  * xen: just completely disable XSAVE
    - LP: #1044550
  * xen: Allow PV-OPS kernel to detect whether XSAVE is supported
    - LP: #1044550
  * sfc: Fix maximum number of TSO segments and minimum TX queue size
    - LP: #1037456
    - CVE-2012-3412
 -- Tim Gardner <email address hidden> Thu, 06 Sep 2012 11:20:13 -0400

Changed in linux (Ubuntu Lucid):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers