Kernel: Fix Transactional memory config typo

Bug #1669023 reported by bugproxy on 2017-03-01
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Unassigned
Yakkety
Undecided
Tim Gardner
Zesty
High
Unassigned

Bug Description

Canonical,

Please include the following fix on 16.10. This typo is causing some issue on TM.
The patches that causes this problem is ec2a04841b785373a6379af66032201a2b90922b on yakkety-ubuntu repo.

commit 39715bf972ed4fee18fe5409609a971fb16b1771
Author: Valentin Rothberg <email address hidden>
Date: Wed Oct 5 07:57:26 2016 +0200

    powerpc/process: Fix CONFIG_ALIVEC typo in restore_tm_state()

    It should be ALTIVEC, not ALIVEC.

    Cyril explains: If a thread performs a transaction with altivec and then
    gets preempted for whatever reason, this bug may cause the kernel to not
    re-enable altivec when that thread runs again. This will result in an
    altivec unavailable fault, when that fault happens inside a user
    transaction the kernel has no choice but to enable altivec and doom the
    transaction.

    The result is that transactions using altivec may get aborted more often
    than they should.

    The difficulty in catching this with a selftest is my deliberate use of
    the word may above. Optimisations to avoid FPU/altivec/VSX faults mean
    that the kernel will always leave them on for 255 switches. This code
    prevents the kernel turning it off if it got to the 256th switch (and
    userspace was transactional).

    Fixes: dc16b553c949 ("powerpc: Always restore FPU/VEC/VSX if hardware transactional memory in use")
    Reviewed-by: Cyril Bur <email address hidden>
    Signed-off-by: Valentin Rothberg <email address hidden>
    Signed-off-by: Michael Ellerman <email address hidden>

CVE References

bugproxy (bugproxy) on 2017-03-01
tags: added: architecture-ppc64le bugnameltc-152112 severity-high targetmilestone-inin1610
Changed in ubuntu:
assignee: nobody → Taco Screen team (taco-screen-team)
affects: ubuntu → linux (Ubuntu)

Leann,

Patch to fix an error caused by a typo, please have the Kernel Team
evaluate.

Thanks.

                   Michael

On 03/01/2017 07:29 AM, Launchpad Bug Tracker wrote:
> bugproxy (bugproxy) has assigned this bug to you for Ubuntu:
>
> Canonical,
>
> Please include the following fix on 16.10. This typo is causing some issue on TM.
> The patches that causes this problem is ec2a04841b785373a6379af66032201a2b90922b on yakkety-ubuntu repo.
>
> commit 39715bf972ed4fee18fe5409609a971fb16b1771
> Author: Valentin Rothberg <email address hidden>
> Date: Wed Oct 5 07:57:26 2016 +0200
>
> powerpc/process: Fix CONFIG_ALIVEC typo in restore_tm_state()
>
> It should be ALTIVEC, not ALIVEC.
>
> Cyril explains: If a thread performs a transaction with altivec and then
> gets preempted for whatever reason, this bug may cause the kernel to not
> re-enable altivec when that thread runs again. This will result in an
> altivec unavailable fault, when that fault happens inside a user
> transaction the kernel has no choice but to enable altivec and doom the
> transaction.
>
> The result is that transactions using altivec may get aborted more often
> than they should.
>
> The difficulty in catching this with a selftest is my deliberate use of
> the word may above. Optimisations to avoid FPU/altivec/VSX faults mean
> that the kernel will always leave them on for 255 switches. This code
> prevents the kernel turning it off if it got to the 256th switch (and
> userspace was transactional).
>
> Fixes: dc16b553c949 ("powerpc: Always restore FPU/VEC/VSX if hardware transactional memory in use")
> Reviewed-by: Cyril Bur <email address hidden>
> Signed-off-by: Valentin Rothberg <email address hidden>
> Signed-off-by: Michael Ellerman <email address hidden>
>
> ** Affects: ubuntu
> Importance: Undecided
> Assignee: Taco Screen team (taco-screen-team)
> Status: New
>
>
> ** Tags: architecture-ppc64le bugnameltc-152112 severity-high targetmilestone-inin1610

--
Michael Hohnbaum
OIL Program Manager
Power (ppc64el) Development Project Manager
Canonical, Ltd.

Changed in linux (Ubuntu):
assignee: Taco Screen team (taco-screen-team) → Canonical Kernel Team (canonical-kernel-team)
importance: Undecided → High
status: New → Triaged
Tim Gardner (timg-tpi) wrote :
Changed in linux (Ubuntu Zesty):
assignee: Canonical Kernel Team (canonical-kernel-team) → nobody
status: Triaged → Fix Released
Changed in linux (Ubuntu Yakkety):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Brad Figg (brad-figg) on 2017-03-23
Changed in linux (Ubuntu Yakkety):
status: In Progress → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-yakkety' to 'verification-done-yakkety'. If the problem still exists, change the tag 'verification-needed-yakkety' to 'verification-failed-yakkety'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-yakkety
bugproxy (bugproxy) on 2017-04-17
tags: added: verification-done-yakkety
removed: verification-needed-yakkety
Launchpad Janitor (janitor) wrote :
Download full text (14.5 KiB)

This bug was fixed in the package linux - 4.8.0-49.52

---------------
linux (4.8.0-49.52) yakkety; urgency=low

  * linux: 4.8.0-49.52 -proposed tracker (LP: #1684427)

  * [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself
    (LP: #1682561)
    - Drivers: hv: util: move waiting for release to hv_utils_transport itself

linux (4.8.0-48.51) yakkety; urgency=low

  * linux: 4.8.0-48.51 -proposed tracker (LP: #1682034)

  * [Hyper-V] hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
    (LP: #1681893)
    - Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()

linux (4.8.0-47.50) yakkety; urgency=low

  * linux: 4.8.0-47.50 -proposed tracker (LP: #1679678)

  * CVE-2017-6353
    - sctp: deny peeloff operation on asocs with threads sleeping on it

  * CVE-2017-5986
    - sctp: avoid BUG_ON on sctp_wait_for_sndbuf

  * vfat: missing iso8859-1 charset (LP: #1677230)
    - [Config] NLS_ISO8859_1=y

  * [Hyper-V] pci-hyperv: Use device serial number as PCI domain (LP: #1667527)
    - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs

  * Regression: KVM modules should be on main kernel package (LP: #1678099)
    - [Config] powerpc: Add kvm-hv and kvm-pr to the generic inclusion list

  * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
    4.4.0-63.84~14.04.2 (LP: #1664912)
    - SAUCE: apparmor: fix link auditing failure due to, uninitialized var

  * regession tests failing after stackprofile test is run (LP: #1661030)
    - SAUCE: fix regression with domain change in complain mode

  * Permission denied and inconsistent behavior in complain mode with 'ip netns
    list' command (LP: #1648903)
    - SAUCE: fix regression with domain change in complain mode

  * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
    from a unshared mount namespace (LP: #1656121)
    - SAUCE: apparmor: null profiles should inherit parent control flags

  * apparmor refcount leak of profile namespace when removing profiles
    (LP: #1660849)
    - SAUCE: apparmor: fix ns ref count link when removing profiles from policy

  * tor in lxd: apparmor="DENIED" operation="change_onexec"
    namespace="root//CONTAINERNAME_<var-lib-lxd>" profile="unconfined"
    name="system_tor" (LP: #1648143)
    - SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked
      namespaces

  * apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
    - SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails

  * apparmor auditing denied access of special apparmor .null fi\ le
    (LP: #1660836)
    - SAUCE: apparmor: Don't audit denied access of special apparmor .null file

  * apparmor label leak when new label is unused (LP: #1660834)
    - SAUCE: apparmor: fix label leak when new label is unused

  * apparmor reference count bug in label_merge_insert() (LP: #1660833)
    - SAUCE: apparmor: fix reference count bug in label_merge_insert()

  * apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996)
    - SAUCE: apparmor: fix replacement race in reading rawdata

  * unix domain socket cross permission check failing with n...

Changed in linux (Ubuntu Yakkety):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers