[UBUNTU 20.04] zPCI device hot-plug during boot may result in unusable device
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Skipper Bug Screeners | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Skipper Bug Screeners | ||
Focal |
Fix Released
|
Undecided
|
Frank Heimes | ||
Groovy |
Fix Released
|
Undecided
|
Skipper Bug Screeners |
Bug Description
SRU Justification:
==================
[Impact]
* If a PCI device (incl. virtio-pci) is hot-plugged during boot-up on s390x, it can be detected as an entry in CLP List PCI functions and via the hot-plug event.
* (This is basically equivalent to boot time probing on other architectures.)
* In such a case the hot-plug event will be stale, but Linux still tries to add and enable the device which leads to:
* a) a duplicate entry in zPCI internal device list
* b) an attempt to enable the device with a stale function handle
* In case b) the device will be placed in error state which makes it unusable.
[Fix]
* b76fee1bc56c31a
[Test Case]
* Setup an Ubuntu Server 20.04 (focal) Linux operating system on an IBM Z or LinuxONE III LPAR.
* It's now easiest to test on KVM using virtio-pci (on s390x).
* Start a test virtual machine: sudo virsh start <test-guest>
* Attach and hotplug a virtio-pci device: sudo virsh attach-device <test-guest> hotplug_
* Where hotplug_
<disk device="disk" type="file">
<driver name="qemu" type="raw" />
<address type="pci">
<zpci fid="4660" uid="4660" />
</address>
<source file="testdisk.img" />
<target bus="virtio" dev="vdt" />
</disk>
[Regression Potential]
* The regression risk is moderate, since the modification is very limited and therefore manageable (additional if statement - two lines of code) and easily testable on KVM using virtio-pci.
* The changes are in the zPCI event code, so in worst-case it can happen that the event handling get harmed which may break zPCI entirely, affecting all PCI devices incl. virtio-pci (on s390x).
* A bug in PCI 'availability' handling also just lead to wrong states of PCI devices which make them unavailable, hence unusable.
* Notice that zPCI is the s390x-specific PCI implementation, modifications here do not affect any other architecture.
* And zPCI devices are less wide-spread compared to ccw devices on s390x.
* On top a test kernel was build and made available for further testing atesting can be easily done with virtio-pci on KVM.
[Other]
* The fix/patch got upstream accepted with kernel v5.9-rc2.
* But it landed already in groovy's proposed kernel 5.8 (Ubuntu-
* Hence this fix/patch need to be applied to focal only.
__________
When a PCI device (including virtio-pci for which this is easiest to test)
is hot-plugged while Linux is still booting, it can be detected as
an entry in CLP List PCI Functions (basically equivalent to boot time probing
on other architectures) and with the hot-plug event.
In this case the hot-plug event will be stale but Linux still
tried to add and enable the device leading
a) to a duplicate entry in zPCI internal device list
b) an attempt to enable the device witha stale function handle
Part b) would lead to the device being place in the error state
and make it unusable.
This can most easily be reproduced using KVM and doing
# sudo virsh start myguest && sudo virsh attach-device myguest hotplug_
Where hotplug_
<disk device="disk" type="file">
<driver name="qemu" type="raw" />
<address type="pci">
</address>
<source file="testdisk.img" />
<target bus="virtio" dev="vdt" />
</disk>
The problem is fixed with the 3-line upstream commit
b76fee1bc56c31a
I also confirmed that as of the focal tag Ubuntu-5.4.0-46.50 this
cherry-picks cleanly.
CVE References
tags: | added: architecture-s39064 bugnameltc-187974 severity-high targetmilestone-inin2004 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
Changed in linux (Ubuntu Focal): | |
assignee: | nobody → Frank Heimes (fheimes) |
Changed in ubuntu-z-systems: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
importance: | Undecided → High |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
The commit mentioned got upstream accepted with v5.9-rc2, but already landed in groovy via Groovy update: v5.8.4 upstream stable release of LP 1893048.
Hence only SRU to Focal is needed.