[Ubuntu 16.04] kernel: fix rwlock implementation

Bug #1761674 reported by bugproxy on 2018-04-06
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
High
Canonical Kernel Team
linux (Ubuntu)
High
Canonical Kernel Team
Xenial
High
Joseph Salisbury
Artful
High
Joseph Salisbury
Bionic
High
Canonical Kernel Team

Bug Description

== SRU Justification ==
IBM reported this bug due to a regression introduced by mainline commit
94232a4332de. IBM has requested this SAUCE backport to resolve this
regression in Artful and Xenial.

With Bionic and v4.15, the rwlock code has been rewritten. See upstream gitcommit:
eb3b7b848fb3 ("s390/rwlock: introduce rwlock wait queueing").

Since the upstream code has been rewritten there also won't be an upstream
git commit id available which contains the attached fix.

== Fix ==
UBUNTU: SAUCE: (no-up) s390: fix rwlock implementation

== Regression Potential ==
Low. The backport was written and tested by IBM. It is specific to s390.

== Test Case ==
A test kernel was built with this patch and tested by the original bug reporter.
The bug reporter states the test kernel resolved the bug.

Description: kernel: fix rwlock implementation
Symptom: Kernel hangs, due to deadlock on an rwlock.
Problem: With upstream commit 94232a4332de ("s390/rwlock: improve writer
              fairness") rwlock writer fairness was supposed to be
              implemented. If a writer tries to take an rwlock it sets
              unconditionally the writer bit within the lock word and waits
              until all readers have released the lock. This however can lead
              to a deadlock since rwlocks can be taken recursively by readers.
              If e.g. CPU 0 holds the lock as a reader, and CPU 1 wants to
              write-lock the lock, then CPU 1 sets the writer bit and
              afterwards busy waits for CPU 0 to release the lock. If now CPU 0
              tries to read-lock the lock again (recursively) it will also busy
              wait until CPU 1 removes the writer bit, which will never happen,
              since it waits for the first reader on CPU 0 to release the lock.
Solution: Revert the rwlock writer fairness semantics again.

Default Comment by Bridge

tags: added: architecture-s39064 bugnameltc-166421 severity-high targetmilestone-inin16041
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Changed in ubuntu-z-systems:
status: New → Triaged
importance: Undecided → High
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
Changed in linux (Ubuntu):
importance: Undecided → High
assignee: Skipper Bug Screeners (skipper-screen-team) → Canonical Kernel Team (canonical-kernel-team)
status: New → Triaged
Joseph Salisbury (jsalisbury) wrote :

Is the patch posted in comment #1 only needed in 16.04? Also, can you post a comment here when the patch gets accepted upstream?

tags: added: kernel-da-key

------- Comment From <email address hidden> 2018-04-07 04:22 EDT-------
The attached patch applies to all kernel versions including v4.14.

With v4.15 the rwlock code has been rewritten. See upstream git commit eb3b7b848fb3 ("s390/rwlock: introduce rwlock wait queueing").

Since the upstream code has been rewritten there also won't be an upstream git commit id available which contains the attached fix.

Changed in linux (Ubuntu Xenial):
status: New → Triaged
Changed in linux (Ubuntu Artful):
status: New → Triaged
importance: Undecided → High
Changed in linux (Ubuntu Xenial):
importance: Undecided → High
Changed in linux (Ubuntu Bionic):
status: Triaged → Fix Released
Changed in linux (Ubuntu Artful):
status: Triaged → In Progress
Changed in linux (Ubuntu Xenial):
status: Triaged → In Progress
Changed in linux (Ubuntu Artful):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Xenial):
assignee: nobody → Joseph Salisbury (jsalisbury)
Joseph Salisbury (jsalisbury) wrote :

I built a 16.04(4.4 based kenrel) with the requested patch.

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1761674/xenial

Can you test this kernel and see if it resolves this bug?

Note, to test this kernel, you need to install both the linux-image and linux-image-extra .deb packages.

I also tried to apply this patch to the 4.13 based 17.10 Artful kernel. However, I'll have to perform allot of back porting for Artful. For example, the patch relies on _raw_compare_and_swap(). However, this function was removed in v4.12-rc1 by commit 02c503f. Can you confirm this patch is needed in Artful, and if you recommend any prereq patches?

Changed in linux (Ubuntu Artful):
status: In Progress → Incomplete
Changed in ubuntu-z-systems:
status: Triaged → In Progress
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-04-14 06:40 EDT-------
(In reply to comment #14)
> I built a 16.04(4.4 based kenrel) with the requested patch.
>
> The test kernel can be downloaded from:
> http://kernel.ubuntu.com/~jsalisbury/lp1761674/xenial
>
> Can you test this kernel and see if it resolves this bug?
>
> Note, to test this kernel, you need to install both the linux-image and
> linux-image-extra .deb packages.

The bug is close to impossible to reproduce, since it's a hard to hit race. So I could only verify that the kernel/system still boots and did some basic tests - which all passed.

------- Comment From <email address hidden> 2018-04-14 06:43 EDT-------
(In reply to comment #14)
> I also tried to apply this patch to the 4.13 based 17.10 Artful kernel.
> However, I'll have to perform allot of back porting for Artful. For
> example, the patch relies on _raw_compare_and_swap(). However, this
> function was removed in v4.12-rc1 by commit 02c503f. Can you confirm this
> patch is needed in Artful, and if you recommend any prereq patches?

Yes, the bug is also present in v4.13. I attached a kernel patch agains vanilla v4.13 that is supposed to fix the bug for this kernel version as well.

tags: removed: bugnameltc-166421 kernel-da-key severity-high

------- Comment on attachment From <email address hidden> 2018-04-14 06:41 EDT-------

The attached v4.13 patch is a version of the patch applies to the vanilla v4.13 kernel.

Changed in linux (Ubuntu Artful):
status: Incomplete → In Progress
Joseph Salisbury (jsalisbury) wrote :

Thanks for the 4.13 back ports. I built an Artful test kernel with your patches.

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1761674/artful

Can you test this kernel and see if it resolves this bug?

Note, to test this kernel, you need to install both the linux-image and linux-image-extra .deb packages.

------- Comment From <email address hidden> 2018-05-04 04:51 EDT-------
patch was already tested upfront by IBM.

------- Comment From <email address hidden> 2018-05-04 04:52 EDT-------
IBM bugzilla status -> closed, Fix Released by Canonical. upfront tested by IBM

tags: added: bugnameltc-166421 severity-high
Stefan Bader (smb) on 2018-05-23
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Stefan Bader (smb) on 2018-05-23
Changed in linux (Ubuntu Artful):
status: In Progress → Fix Committed
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-artful' to 'verification-done-artful'. If the problem still exists, change the tag 'verification-needed-artful' to 'verification-failed-artful'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-artful
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-05-25 05:10 EDT-------
@Canonical , please provide the test acceptance by Canonical. Many thx in advance

Frank Heimes (frank-heimes) wrote :

@IBM: Since this is a Stable Release Update Update (SRU) situation the SRU process as described here applies - especially the section about verification:
https://wiki.ubuntu.com/StableReleaseUpdates#Verification

For more details on the verification itself there is a separate Performing SRU Verificaton page:
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification

key points in a case like this are (in my opinion):
- Verification must be done in a software environment as close as is feasible to that which will exist after the package is copied to *-updates. Generally this will be with a system that is up to date from *-release, *-security, and *-updates, but not with other packages from *-proposed (except other packages built from the affected source package - they must be updated if generally installed) or *-backports.
* Verification feedback from bug reporters and subscribers is greatly appreciated, too, especially if the update is hardware specific. In this case we consider an update as verified if it has at least two positive, no negative testimonials in the bug report, and the verification team just checks whether the new version still works for the main use cases (to check for major regressions).
- Ensure all critical and high importance bugs are verified in a timely manner.
(See comment #10 usually 5 working days.)

Hence it's not only about the verification of a certain patch itself, but also about making sure to not introduce any regressions.

But I recommend a full reading of the above links.

Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Stefan Bader (smb) wrote :

Any progress on the verification for this?

Frank Heimes (frank-heimes) wrote :

This is already verified - see also #8.
Changing the tags accordingly ...

tags: added: verification-done-artful verification-done-xenial
removed: verification-needed-artful verification-needed-xenial
Launchpad Janitor (janitor) wrote :
Download full text (15.1 KiB)

This bug was fixed in the package linux - 4.4.0-128.154

---------------
linux (4.4.0-128.154) xenial; urgency=medium

  * linux: 4.4.0-128.154 -proposed tracker (LP: #1772960)

  * CVE-2018-3639 (x86)
    - x86/cpu: Make alternative_msr_write work for 32-bit code
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - KVM: VMX: Expose SSBD properly to guests.

  * [i915_bpo] Fix flickering issue after panel change (LP: #1770565)
    - drm/i915: Fix iboost setting for DDI with 4 lanes on SKL
    - drm/i915: Name the "iboost bit"
    - drm/i915: Program iboost settings for HDMI/DVI on SKL
    - drm/i915: Move bxt_ddi_vswing_sequence() call into intel_ddi_pre_enable()
      for HDMI
    - drm/i915: Explicitly use ddi buf trans entry 9 for hdmi
    - drm/i915: Split DP/eDP/FDI and HDMI/DVI DDI buffer programming apart
    - drm/i915: Get the iboost setting based on the port type
    - drm/i915: Simplify intel_ddi_get_encoder_port()
    - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2
    - drm/i915: KBL - Recommended buffer translation programming for DisplayPort
    - drm/i915: Ignore OpRegion panel type except on select machines

  * [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696)
    - init: fix false positives in W+X checking

  * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
    - SAUCE: (no-up) s390: fix rwlock implementation

  * linux < 4.11: unable to use netfilter logging from non-init namespaces
    (LP: #1766573)
    - netfilter: allow logging from non-init namespaces

  * [LTC Test] Ubuntu 18.04: tm_sigreturn failed on P8 compat mode 16.04.04
    guest (LP: #1771439)
    - powerpc: signals: Discard transaction state from signal frames

  * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
    - ath10k: update the IRAM bank number for QCA9377

  * i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel
    4.4.0-116-generic (LP: #1752536)
    - ubuntu: i915_bpo - Add MODULE_FIRMWARE for Geminilake's DMC

  * Xenial update to 4.4.131 stable release (LP: #1768825)
    - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
    - ext4: set h_journal if there is a failure...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (4.3 KiB)

This bug was fixed in the package linux - 4.13.0-45.50

---------------
linux (4.13.0-45.50) artful; urgency=medium

  * linux: 4.13.0-45.50 -proposed tracker (LP: #1774124)

  * CVE-2018-3639 (x86)
    - SAUCE: Set generic SSBD feature for Intel cpus

linux (4.13.0-44.49) artful; urgency=medium

  * linux: 4.13.0-44.49 -proposed tracker (LP: #1772951)

  * CVE-2018-3639 (x86)
    - x86/cpu: Make alternative_msr_write work for 32-bit code
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - KVM: VMX: Expose SSBD properly to guests.

  * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
    - SAUCE: (no-up) s390: fix rwlock implementation

  * CVE-2018-7492
    - rds: Fix NULL pointer dereference in __rds_rdma_map

  * CVE-2018-8781
    - drm: udl: Properly check framebuffer mmap offsets

  * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564)
    - fsnotify: Fix fsnotify_mark_connector race

  * Kernel panic on boot (m1.small in cn-north-1) (LP: #1771679)
    - x86/xen: Reset VCPU0 info pointer after shared_info remap

  * Suspend to idle: Open lid didn't resume (LP: #1771542)
    - ACPI / PM: Do not reconfigure GPEs for suspend-to-idle

  * CVE-2018-1092
    - ext4: fail ext4_iget for root directory if unallocated

  * [SRU][Artful] using vfio-pci on a combination of cn8xxx and some PCI devices
    results in a kernel panic. (LP: #1770254)
    - PCI: Avoid bus reset if bridge itself is broken
    - PCI: Mark Cavium CN8xxx to avoid bus reset
    - PCI: Avoid slot reset if bridge itself is broken

  * Battery drains when laptop is off (shutdown) (LP: #1745646)
    - PCI / PM: Check device_may_wakeup() in pci_enable_wake()

  * perf record crash: refcount_inc assertion failed (LP: #1769027)
    - perf cgroup: Fix refcount usage
    - perf xyarray: Fix wrong processing when closing evsel fd

  * Dell Latitude 5490/5590 BIOS update 1.1.9 causes black screen at boot
    (LP: #1764194)
    - drm/i915/bios: filter out invalid DDC pins from VBT child devices

  * Fix an issue that some PCI devices get incorrectly suspended (LP: #1764684)
    - PCI / PM: Always check PME wakeup capability for runtime wakeup support

  * [SRU][Bionic/Artful] fix false positives in W...

Read more...

Changed in linux (Ubuntu Artful):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers