PCI quirk required for correct access to configuration space of NFP 4000/6000

Bug #1624267 reported by Simon Horman on 2016-09-16
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Trusty
Medium
Tim Gardner

Bug Description

The Netronome NFP 4000/6000 intelligent NICs have an erratum erratum where
reading/writing to PCI config space addresses above 0x600 can cause the NFP
to generate PCIe completion timeouts. This can result in a system hanging.

This may be avoided by setting the PCI config size correctly and
updating the PCI subsystem to honour config sizes between
PCI_CFG_SPACE_EXP_SIZE (4096) and PCI_CFG_SPACE_SIZE (256).

This problem is resolves in upstream linux since v4.5.

Backports have also been requested to upstream linux stable back to v3.10
and have so far been included in v4.4.10, v4.1.32, v4.18.41 and queued
up for v3.10 stable.

I would like to request that the same backports be made to the Ubuntu 13.0
kernel for Trusty 14.04 LTS. They are as follows:

commit c2e771b02792d222cbcd9617fe71482a64f52647
Author: Simon Horman <email address hidden>
Date: Fri Dec 11 11:30:12 2015 +0900

    PCI: Limit config space size for Netronome NFP4000

    Like the NFP6000, the NFP4000 as an erratum where reading/writing to PCI
    config space addresses above 0x600 can cause the NFP to generate PCIe
    completion timeouts.

    Limit the NFP4000's PF's config space size to 0x600 bytes as is already
    done for the NFP6000.

    The NFP4000's VF is 0x6004 (PCI_DEVICE_ID_NETRONOME_NFP6000_VF), the same
    device ID as the NFP6000's VF. Thus, its config space is already limited
    by the existing use of quirk_nfp6000().

    Signed-off-by: Simon Horman <email address hidden>
    Signed-off-by: Bjorn Helgaas <email address hidden>

commit 69874ec233871a62e1bc8c89e643993af93a8630
Author: Simon Horman <email address hidden>
Date: Fri Dec 11 11:30:11 2015 +0900

    PCI: Add Netronome NFP4000 PF device ID

    Add the device ID for the PF of the NFP4000. The device ID for the VF,
    0x6003, is already present as PCI_DEVICE_ID_NETRONOME_NFP6000_VF.

    Signed-off-by: Simon Horman <email address hidden>
    Signed-off-by: Bjorn Helgaas <email address hidden>

commit 9f33a2ae59f24452c1076749deb615bccd435ca9
Author: Jason S. McMullan <email address hidden>
Date: Wed Sep 30 15:35:07 2015 +0900

    PCI: Limit config space size for Netronome NFP6000 family

    The NFP6000 has an erratum where reading/writing to PCI config space
    addresses above 0x600 can cause the NFP to generate PCIe completion
    timeouts.

    Limit the NFP6000's config space size to 0x600 bytes.

    Signed-off-by: Jason S. McMullan <email address hidden>
    [simon: edited changelog]
    Signed-off-by: Simon Horman <email address hidden>
    Signed-off-by: Bjorn Helgaas <email address hidden>

commit a755e169031dac9ebaed03302c4921687c271d62
Author: Jason S. McMullan <email address hidden>
Date: Wed Sep 30 15:35:06 2015 +0900

    PCI: Add Netronome vendor and device IDs

    Device IDs for the Netronome NFP3200, NFP3240, NFP6000, and NFP6000 SR-IOV
    devices.

    Signed-off-by: Jason S. McMullan <email address hidden>
    [simon: edited changelog]
    Signed-off-by: Simon Horman <email address hidden>
    Signed-off-by: Bjorn Helgaas <email address hidden>

commit c20aecf6963d1273d8f6d61c042b4845441ca592
Author: Jason S. McMullan <email address hidden>
Date: Wed Sep 30 15:35:05 2015 +0900

    PCI: Support PCIe devices with short cfg_size

    If a device quirk modifies the pci_dev->cfg_size to be less than
    PCI_CFG_SPACE_EXP_SIZE (4096), but greater than PCI_CFG_SPACE_SIZE (256),
    the PCI sysfs interface truncates the readable size to PCI_CFG_SPACE_SIZE.

    Allow sysfs access to config space up to cfg_size, even if the device
    doesn't support the entire 4096-byte PCIe config space.

    Note that pci_read_config() and pci_write_config() limit access to
    dev->cfg_size even though pcie_config_attr contains 4096 (the maximum
    size).

    Signed-off-by: Jason S. McMullan <email address hidden>
    [simon: edited changelog]
    Signed-off-by: Simon Horman <email address hidden>
    [bhelgaas: more changelog edits]
    Signed-off-by: Bjorn Helgaas <email address hidden>

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1624267

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Simon Horman (horms-netronome) wrote :

Unfortunately I am not in a position to run apport-collect 1624267 on a machine affected by this problem.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Changed in linux (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Triaged
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
status: New → Triaged
tags: added: kernel-da-key trusty
Tim Gardner (timg-tpi) wrote :
Changed in linux (Ubuntu Trusty):
assignee: nobody → Tim Gardner (timg-tpi)
status: Triaged → In Progress
Changed in linux (Ubuntu):
status: Triaged → Fix Released
Changed in linux (Ubuntu Trusty):
status: In Progress → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty

Attached logs that show 4.4.0-41 was installed on 2 systems with the proposed patch applied and system booted and the patch verified.

tags: added: verification-done-trusty
removed: verification-needed-trusty
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.13.0-98.145

---------------
linux (3.13.0-98.145) trusty; urgency=low

  * Fix GRO recursion overflow for tunneling protocols (LP: #1631287)
    - tunnels: Don't apply GRO to multiple layers of encapsulation.

  * CVE-2016-7039
    - SAUCE: net: add recursion limit to GRO

linux (3.13.0-97.144) trusty; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1626604

  * Altering use_tempaddr drops all IPv6 addresses (LP: #994931)
    - Revert "UBUNTU: SAUCE: (no-up) ipv6: Fix net.ipv6.conf.all.use_tempaddr
      sysctl"
    - Revert "UBUNTU: SAUCE: (no-up) ipv6: make the net.ipv6.conf.all.use_tempaddr
      sysctl propagate to interface settings"
    - neigh: convert parms to an array
    - neigh: wrap proc dointvec functions
    - neigh: use tbl->family to distinguish ipv4 from ipv6
    - neigh: restore old behaviour of default parms values
    - neigh: ipv6: respect default values set before an address is assigned to
      device

  * PCI quirk required for correct access to configuration space of NFP
    4000/6000 (LP: #1624267)
    - PCI: Support PCIe devices with short cfg_size
    - PCI: Add Netronome vendor and device IDs
    - PCI: Limit config space size for Netronome NFP6000 family
    - PCI: Add Netronome NFP4000 PF device ID
    - PCI: Limit config space size for Netronome NFP4000

  * CVE-2016-6136
    - audit: fix a double fetch in audit_log_single_execve_arg()

  * CVE-2016-6480
    - aacraid: Check size values after double-fetch from user

  * CVE-2016-6828
    - tcp: fix use after free in tcp_xmit_retransmit_queue()

  * IPv6 with LVS Performance issue in latest 3.13LTS kernels (LP: #1618299)
    - ipv6: remove prune parameter for fib6_clean_all
    - ipv6: remove rt6i_genid

  * lsattr 32bit does not work on 64bit kernel (Inappropriate ioctl error)
    (LP: #1619918)
    - btrfs: bugfix: handle FS_IOC32_{GETFLAGS, SETFLAGS, GETVERSION} in
      btrfs_ioctl

  * Miscellaneous upstream changes
    - powerpc/pseries: use pci_host_bridge.release_fn() to kfree(phb)

 -- Seth Forshee <email address hidden> Fri, 07 Oct 2016 20:08:32 -0500

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers