Bug #1896726 “[UBUNTU 20.04.1] qemu (secure guest) crash due to ...” : Bugs : linux package : Ubuntu

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23: example log file of a crashed secure guest

#1

example log file of a crashed secure guest Edit (14.0 KiB, text/x-log)

Default Comment by Bridge

tags:

added: architecture-s39064 bugnameltc-185431 severity-medium targetmilestone-inin2004

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23: removed scsi definition

#2

removed scsi definition Edit (2.0 KiB, text/xml)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23: resulting log

#3

resulting log Edit (20.8 KiB, text/x-log)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23: qemu core dump

#4

qemu core dump Edit (2.7 MiB, application/x-lz4)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23: info output with tracebacks

#5

info output with tracebacks Edit (6.7 KiB, text/plain)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23: qemu coredump

#6

qemu coredump Edit (2.6 MiB, application/x-lz4)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23: info file

#7

info file Edit (6.7 KiB, text/plain)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23: qemu coredump while running workload on Secure guest

#8

qemu coredump while running workload on Secure guest Edit (2.2 MiB, application/x-lz4)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23: core dump at g_main_context_check: different case ?

#9

core dump at g_main_context_check: different case ? Edit (2.9 MiB, application/x-lz4)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23:

#10

core dump at g_main_context_check: different case ? Edit (6.0 KiB, text/plain)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23: Coredump

#11

Coredump Edit (3.5 MiB, application/x-lz4)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23: Look for suspicious buffers

#12

Look for suspicious buffers Edit (3.9 KiB, text/plain)

Default Comment by Bridge

Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Heinz-Werner Seeck (heinz-werner-seeck) on 2020-09-23

summary:

- Secure guest (qemu) crash during boot (mostly) but also while running
- workload (rare) (secure execution)
+ [UBUNTU 20.04.1]Secure guest (qemu) crash during boot (mostly) but also
+ while running workload (rare) (secure execution)

Frank Heimes (fheimes) on 2020-09-23

Changed in ubuntu-z-systems:
importance:	Undecided → Medium
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in linux (Ubuntu):
assignee:	Skipper Bug Screeners (skipper-screen-team) → Frank Heimes (fheimes)

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-09-23: Re: [UBUNTU 20.04.1]Secure guest (qemu) crash during boot (mostly) but also while running workload (rare) (secure execution)

#13

The patch/commit mentioned landed in linux-next (just tagged with next-20200921).

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23: Comment bridged from LTC Bugzilla

#14

------- Comment From <email address hidden> 2020-09-23 04:54 EDT-------
This problem exist also with the current 5.4.0.48 kernel!

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23:

#15

------- Comment From <email address hidden> 2020-09-23 05:27 EDT-------
Severity adapted to critical. Please be aware of that. Many thx

tags:

added: severity-critical
removed: severity-medium

Frank Heimes (fheimes) on 2020-09-23

Changed in linux (Ubuntu Focal):
assignee:	nobody → Frank Heimes (fheimes)

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-09-23: Re: [UBUNTU 20.04.1]Secure guest (qemu) crash during boot (mostly) but also while running workload (rare) (secure execution)

#16

While working on this bug a patched kernel was created and made available here:
https://people.canonical.com/~fheimes/lp1896726/
But it's a patched groovy kernel only, since the commit/patch doesn't cleanly apply to focal master-next:

git apply --stat ~/0001-mm-gup-fix-gup_fast-with-dynamic-page-table-folding.patch
arch/s390/include/asm/pgtable.h | 42 ++++++++++++++++++++++++++++-----------
include/linux/pgtable.h | 10 +++++++++
mm/gup.c | 18 ++++++++---------
3 files changed, 49 insertions(+), 21 deletions(-)

git apply --check ~/0001-mm-gup-fix-gup_fast-with-dynamic-page-table-folding.patch
error: patch failed: arch/s390/include/asm/pgtable.h:1260
error: arch/s390/include/asm/pgtable.h: patch does not apply
error: include/linux/pgtable.h: No such file or directory

Please always check if a patch/commit applies cleanly to the master-next tree of the target Ubuntu kernel releases. If not double check if any further commits are needed or if a even a backport is required.

There is btw. a significant regression risk associated to this patch, since it touches general memory management (page table handling and address translation) and gup code - and this includes common code, where special care taking is needed, since it may potentially affect millions of installations across all supported platforms.

Hence my recommendation is to bring this in with the help of an upstream stable release update (https://www.kernel.org/doc/html/v5.4/process/stable-kernel-rules.html) to upstream kernel 5.4 - which will then be (more or less) automatically be picked up by the Canonical kernel team for focal.

Changed in linux (Ubuntu Groovy):
status:	New → Triaged
Changed in linux (Ubuntu Focal):
status:	New → Incomplete
Changed in ubuntu-z-systems:
status:	New → Incomplete

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-23: Comment bridged from LTC Bugzilla

#17

------- Comment From <email address hidden> 2020-09-23 15:37 EDT-------
(In reply to comment #161)
> While working on this bug a patched kernel was created and made available
> here:
> https://people.canonical.com/~fheimes/lp1896726/
> But it's a patched groovy kernel only, since the commit/patch doesn't
> cleanly apply to focal master-next:
>
> git apply --stat
> ~/0001-mm-gup-fix-gup_fast-with-dynamic-page-table-folding.patch
> arch/s390/include/asm/pgtable.h | 42
> ++++++++++++++++++++++++++++-----------
> include/linux/pgtable.h | 10 +++++++++
> mm/gup.c | 18 ++++++++---------
> 3 files changed, 49 insertions(+), 21 deletions(-)
>
> git apply --check
> ~/0001-mm-gup-fix-gup_fast-with-dynamic-page-table-folding.patch
> error: patch failed: arch/s390/include/asm/pgtable.h:1260
> error: arch/s390/include/asm/pgtable.h: patch does not apply
> error: include/linux/pgtable.h: No such file or directory
>
> Please always check if a patch/commit applies cleanly to the master-next
> tree of the target Ubuntu kernel releases. If not double check if any
> further commits are needed or if a even a backport is required.
>
> There is btw. a significant regression risk associated to this patch, since
> it touches general memory management (page table handling and address
> translation) and gup code - and this includes common code, where special
> care taking is needed, since it may potentially affect millions of
> installations across all supported platforms.
>
> Hence my recommendation is to bring this in with the help of an upstream
> stable release update
> (https://www.kernel.org/doc/html/v5.4/process/stable-kernel-rules.html) to
> upstream kernel 5.4 - which will then be (more or less) automatically be
> picked up by the Canonical kernel team for focal.

This conflict was already noticed by stable maintainer, see https://<email address hidden>/

An adjusted version of the patch was sent for v5.4 stable, see https://lore.kernel.org/stable/patch-1.thread<email address hidden>/

Therefore, our expectation is that this will now go in to v5.4 stable via the normal process. Of course, you could also take the adjusted version from the link above.

Regarding the regression risk, while the patch does touch scary common memory management code, it will have absolutely no effect on other architectures than s390. This is ensured by the fact that only s390 provides / implements the new helper functions. And for s390, this actually is a critical (and carefully tested) fix for a (previous) regression, so it can hardly get any more regressive...

------- Comment From geraldsc@de.ibm.com 2020-09-23 15:37 EDT-------
(In reply to comment #161)
> While working on this bug a patched kernel was created and made available
> here:
> https://people.canonical.com/~fheimes/lp1896726/
> But it's a patched groovy kernel only, since the commit/patch doesn't
> cleanly apply to focal master-next:
>
> git apply --stat
> ~/0001-mm-gup-fix-gup_fast-with-dynamic-page-table-folding.patch
> arch/s390/include/asm/pgtable.h |   42
> ++++++++++++++++++++++++++++-----------
> include/linux/pgtable.h         |   10 +++++++++
> mm/gup.c                        |   18 ++++++++---------
> 3 files changed, 49 insertions(+), 21 deletions(-)
>
> git apply --check
> ~/0001-mm-gup-fix-gup_fast-with-dynamic-page-table-folding.patch
> error: patch failed: arch/s390/include/asm/pgtable.h:1260
> error: arch/s390/include/asm/pgtable.h: patch does not apply
> error: include/linux/pgtable.h: No such file or directory
>
> Please always check if a patch/commit applies cleanly to the master-next
> tree of the target Ubuntu kernel releases. If not double check if any
> further commits are needed or if a even a backport is required.
>
> There is btw. a significant regression risk associated to this patch, since
> it touches general memory management (page table handling and address
> translation) and gup code - and this includes common code, where special
> care taking is needed, since it may potentially affect millions of
> installations across all supported platforms.
>
> Hence my recommendation is to bring this in with the help of an upstream
> stable release update
> (https://www.kernel.org/doc/html/v5.4/process/stable-kernel-rules.html) to
> upstream kernel 5.4 - which will then be (more or less) automatically be
> picked up by the Canonical kernel team for focal.

This conflict was already noticed by stable maintainer, see https://lore.kernel.org/stable/20200917155334.09651208E4@mail.kernel.org/

An adjusted version of the patch was sent for v5.4 stable, see https://lore.kernel.org/stable/patch-1.thread-41918b.git-41918be365c0.your-ad-here.call-01600439945-ext-8991@work.hours/

Therefore, our expectation is that this will now go in to v5.4 stable via the normal process. Of course, you could also take the adjusted version from the link above.

Regarding the regression risk, while the patch does touch scary common memory management code, it will have absolutely no effect on other architectures than s390. This is ensured by the fact that only s390 provides / implements the new helper functions. And for s390, this actually is a critical (and carefully tested) fix for a (previous) regression, so it can hardly get any more regressive...

Frank Heimes (fheimes) on 2020-09-24

summary:

- [UBUNTU 20.04.1]Secure guest (qemu) crash during boot (mostly) but also
- while running workload (rare) (secure execution)
+ [UBUNTU 20.04.1] qemu (secure guest) crash due to gup_fast / dynamic
+ page table folding issue

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-09-24:

#18

Hi Gerald, I wasn't aware that you already started to work on/with upstream stable - that's great!

I had a look at the backport at https://lore.kernel.org/stable/patch-1.thread<email address hidden>/ and it applied cleanly on current focal master-next.
So I've built a patched focal kernel - in addition to the above groovy kernel - and share it here as well for any further testing: https://people.canonical.com/~fheimes/lp1896726/

I just sent a patch request for groovy based on a cherry-pick from upstream:
https://lists.ubuntu.com/archives/kernel-team/2020-September/thread.html#113731
hence changing status for groovy to 'In Progress'.

The patch must land in groovy too, to avoid any potential regression once it landed in focal, but not is not in groovy and someone upgrades from focal to groovy...

I'll keep an eye on the upstream stable release process and try to keep this bug in sync and updated, based on the upstream stable bug that will eventually be opened by the kernel team...

I'll add the summary that I've added to the patch request for further reference to the bug description here.

description:	updated
Changed in linux (Ubuntu Groovy):
status:	Triaged → In Progress
Changed in ubuntu-z-systems:
status:	Incomplete → In Progress
importance:	Medium → Critical

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-28:

#19

------- Comment From <email address hidden> 2020-09-28 01:44 EDT-------
Fix is upstream as

commit d3f7b1bb204099f2f7306318896223e8599bb6a2
Author: Vasily Gorbik <email address hidden>
AuthorDate: Fri Sep 25 21:19:10 2020 -0700
Commit: Linus Torvalds <email address hidden>
CommitDate: Sat Sep 26 10:33:57 2020 -0700

mm/gup: fix gup_fast with dynamic page table folding

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d3f7b1bb204099f2f7306318896223e8599bb6a2

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-09-28:

#20

I took this from "linux-next" (where it was tagged with 'next-20200923') as:
~/linux-next$ git show a02b55ea66b9
commit a02b55ea66b9257744528da609a26279152a3bc3
Author: Vasily Gorbik <email address hidden>
Date: Wed Sep 23 09:49:28 2020 +1000

mm/gup: fix gup_fast with dynamic page table folding

    Currently to make sure that every page table entry is read just once
    gup_fast walks perform READ_ONCE and pass pXd value down to the next
    gup_pXd_range function by value e.g.:

    static int gup_pud_range(p4d_t p4d, unsigned long addr, unsigned long end,
                             unsigned int flags, struct page **pages, int *nr)
    ...

and built a patched groovy and a patched focal kernel, available here:
https://people.canonical.com/~fheimes/lp1896726/

Do you have a chance giving these a try?

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-29:

#21

------- Comment From <email address hidden> 2020-09-29 00:26 EDT-------
(In reply to comment #163)
> Hi Gerald, I wasn't aware that you already started to work on/with upstream
> stable - that's great!
>
> I had a look at the backport at
> https://lore.kernel.org/stable/patch-1.thread-41918b.git-41918be365c0.your-
> <email address hidden>/ and it applied cleanly on
> current focal master-next.
> So I've built a patched focal kernel - in addition to the above groovy
> kernel - and share it here as well for any further testing:
> https://people.canonical.com/~fheimes/lp1896726/
>

I've tested the provided focal kernel. It passes my tests.

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-09-29:

#22

Thx for testing, that definitely gives even more confidence ...

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-29:

#23

------- Comment From <email address hidden> 2020-09-29 03:27 EDT-------
(In reply to comment #166)
> I took this from "linux-next" (where it was tagged with 'next-20200923') as:
> ~/linux-next$ git show a02b55ea66b9
> commit a02b55ea66b9257744528da609a26279152a3bc3
> Author: Vasily Gorbik <email address hidden>
> Date: Wed Sep 23 09:49:28 2020 +1000
>
> mm/gup: fix gup_fast with dynamic page table folding
>
> Currently to make sure that every page table entry is read just once
> gup_fast walks perform READ_ONCE and pass pXd value down to the next
> gup_pXd_range function by value e.g.:
>
> static int gup_pud_range(p4d_t p4d, unsigned long addr, unsigned long end,
> unsigned int flags, struct page **pages, int *nr)
> ...
>
> and built a patched groovy and a patched focal kernel, available here:
> https://people.canonical.com/~fheimes/lp1896726/
>
> Do you have a chance giving these a try?

I'll run a test with my MongoDB setup.
Can you provide the debug symbol package for the kernel as well?

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-09-29:

#24

I just uploaded a ddeb to:
https://people.canonical.com/~fheimes/lp1896726/focal/

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-29:

#25

------- Comment From <email address hidden> 2020-09-29 08:58 EDT-------
With kernel ubu204 5.4.0-49-generic from Frank Heimes/Canonical:
ran a 8 and 16 guest (secure) scenario with MongoDB, same performance, no qemu crash, no wiredtiger crash .... looks good to me.

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-09-29:

#26

Okay - very good - many thx, Klaus!

Frank Heimes (fheimes) on 2020-09-29

Changed in linux (Ubuntu Groovy):
status:	In Progress → Fix Committed

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-09-30:

#27

For the reason of completeness this is the link to the patch request for groovy:
https://lists.ubuntu.com/archives/kernel-team/2020-September/thread.html#113731
and it got already applied to groovy master-next.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-10-08:

#28

Download full text (19.5 KiB)

This bug was fixed in the package linux - 5.8.0-21.22

---------------
linux (5.8.0-21.22) groovy; urgency=medium

* groovy/linux: 5.8.0-21.22 -proposed tracker (LP: #1898150)

* Packaging resync (LP: #1786013)
- update dkms package versions

* Fix broken e1000e device after S3 (LP: #1897755)
- SAUCE: e1000e: Increase polling timeout on MDIC ready bit

  * EFA: add support for 0xefa1 devices (LP: #1896791)
    - RDMA/efa: Expose maximum TX doorbell batch
    - RDMA/efa: Expose minimum SQ size
    - RDMA/efa: User/kernel compatibility handshake mechanism
    - RDMA/efa: Add EFA 0xefa1 PCI ID

  * Groovy update: v5.8.13 upstream stable release (LP: #1898076)
    - device_cgroup: Fix RCU list debugging warning
    - ASoC: pcm3168a: ignore 0 Hz settings
    - ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
    - ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions
    - ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1
    - clk: versatile: Add of_node_put() before return statement
    - RISC-V: Take text_mutex in ftrace_init_nop()
    - i2c: aspeed: Mask IRQ status to relevant bits
    - s390/init: add missing __init annotations
    - lockdep: fix order in trace_hardirqs_off_caller()
    - EDAC/ghes: Check whether the driver is on the safe list correctly
    - drm/amdkfd: fix a memory leak issue
    - drm/amd/display: Don't use DRM_ERROR() for DTM add topology
    - drm/amd/display: update nv1x stutter latencies
    - drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is
    - drm/amd/display: Don't log hdcp module warnings in dmesg
    - objtool: Fix noreturn detection for ignored functions
    - i2c: mediatek: Send i2c master code at more than 1MHz
    - riscv: Fix Kendryte K210 device tree
    - ieee802154: fix one possible memleak in ca8210_dev_com_init
    - ieee802154/adf7242: check status of adf7242_read_reg
    - clocksource/drivers/h8300_timer8: Fix wrong return value in
      h8300_8timer_init()
    - batman-adv: bla: fix type misuse for backbone_gw hash indexing
    - libbpf: Fix build failure from uninitialized variable warning
    - atm: eni: fix the missed pci_disable_device() for eni_init_one()
    - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
    - netfilter: ctnetlink: add a range check for l3/l4 protonum
    - netfilter: ctnetlink: fix mark based dump filtering regression
    - netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled
    - netfilter: nft_meta: use socket user_ns to retrieve skuid and skgid
    - mac802154: tx: fix use-after-free
    - bpf: Fix clobbering of r2 in bpf_gen_ld_abs
    - tools/libbpf: Avoid counting local symbols in ABI check
    - drm/vc4/vc4_hdmi: fill ASoC card owner
    - net: qed: Disable aRFS for NPAR and 100G
    - net: qede: Disable aRFS for NPAR and 100G
    - net: qed: RDMA personality shouldn't fail VF load
    - igc: Fix wrong timestamp latency numbers
    - igc: Fix not considering the TX delay for timestamps
    - drm/sun4i: sun8i-csc: Secondary CSC register correction
    - hv_netvsc: Switch the data path at the right time during hibernation
    - spi: spi-fsl-dspi:...

This bug was fixed in the package linux - 5.8.0-21.22

---------------
linux (5.8.0-21.22) groovy; urgency=medium

* groovy/linux: 5.8.0-21.22 -proposed tracker (LP: #1898150)

* Packaging resync (LP: #1786013)
    - update dkms package versions

* Fix broken e1000e device after S3 (LP: #1897755)
    - SAUCE: e1000e: Increase polling timeout on MDIC ready bit

* EFA: add support for 0xefa1 devices (LP: #1896791)
    - RDMA/efa: Expose maximum TX doorbell batch
    - RDMA/efa: Expose minimum SQ size
    - RDMA/efa: User/kernel compatibility handshake mechanism
    - RDMA/efa: Add EFA 0xefa1 PCI ID

* Groovy update: v5.8.13 upstream stable release (LP: #1898076)
    - device_cgroup: Fix RCU list debugging warning
    - ASoC: pcm3168a: ignore 0 Hz settings
    - ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
    - ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions
    - ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1
    - clk: versatile: Add of_node_put() before return statement
    - RISC-V: Take text_mutex in ftrace_init_nop()
    - i2c: aspeed: Mask IRQ status to relevant bits
    - s390/init: add missing __init annotations
    - lockdep: fix order in trace_hardirqs_off_caller()
    - EDAC/ghes: Check whether the driver is on the safe list correctly
    - drm/amdkfd: fix a memory leak issue
    - drm/amd/display: Don't use DRM_ERROR() for DTM add topology
    - drm/amd/display: update nv1x stutter latencies
    - drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is
    - drm/amd/display: Don't log hdcp module warnings in dmesg
    - objtool: Fix noreturn detection for ignored functions
    - i2c: mediatek: Send i2c master code at more than 1MHz
    - riscv: Fix Kendryte K210 device tree
    - ieee802154: fix one possible memleak in ca8210_dev_com_init
    - ieee802154/adf7242: check status of adf7242_read_reg
    - clocksource/drivers/h8300_timer8: Fix wrong return value in
      h8300_8timer_init()
    - batman-adv: bla: fix type misuse for backbone_gw hash indexing
    - libbpf: Fix build failure from uninitialized variable warning
    - atm: eni: fix the missed pci_disable_device() for eni_init_one()
    - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
    - netfilter: ctnetlink: add a range check for l3/l4 protonum
    - netfilter: ctnetlink: fix mark based dump filtering regression
    - netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled
    - netfilter: nft_meta: use socket user_ns to retrieve skuid and skgid
    - mac802154: tx: fix use-after-free
    - bpf: Fix clobbering of r2 in bpf_gen_ld_abs
    - tools/libbpf: Avoid counting local symbols in ABI check
    - drm/vc4/vc4_hdmi: fill ASoC card owner
    - net: qed: Disable aRFS for NPAR and 100G
    - net: qede: Disable aRFS for NPAR and 100G
    - net: qed: RDMA personality shouldn't fail VF load
    - igc: Fix wrong timestamp latency numbers
    - igc: Fix not considering the TX delay for timestamps
    - drm/sun4i: sun8i-csc: Secondary CSC register correction
    - hv_netvsc: Switch the data path at the right time during hibernation
    - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs
    - RDMA/core: Fix ordering of CQ pool destruction
    - batman-adv: Add missing include for in_interrupt()
    - xsk: Fix number of pinned pages/umem size discrepancy
    - nvme-tcp: fix kconfig dependency warning when !CRYPTO
    - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
    - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
    - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
    - bpf: Fix a rcu warning for bpffs map pretty-print
    - lib80211: fix unmet direct dependendices config warning when !CRYPTO
    - mac80211: do not disable HE if HT is missing on 2.4 GHz
    - cfg80211: fix 6 GHz channel conversion
    - mac80211: fix 80 MHz association to 160/80+80 AP on 6 GHz
    - ALSA: asihpi: fix iounmap in error handler
    - io_uring: fix openat/openat2 unified prep handling
    - SUNRPC: Fix svc_flush_dcache()
    - regmap: fix page selection for noinc reads
    - regmap: fix page selection for noinc writes
    - net/mlx5e: mlx5e_fec_in_caps() returns a boolean
    - MIPS: Loongson-3: Fix fp register access if MSA enabled
    - PM / devfreq: tegra30: Disable clock on error in probe
    - MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
    - regulator: axp20x: fix LDO2/4 description
    - spi: bcm-qspi: Fix probe regression on iProc platforms
    - KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE
    - KVM: SVM: Add a dedicated INVD intercept routine
    - mm: validate pmd after splitting
    - arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback
    - x86/irq: Make run_on_irqstack_cond() typesafe
    - x86/ioapic: Unbreak check_timer()
    - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported
    - ALSA: usb-audio: Add delay quirk for H570e USB headsets
    - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
    - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation
      P520
    - lib/string.c: implement stpcpy
    - tracing: fix double free
    - s390/dasd: Fix zero write for FBA devices
    - mt76: mt7615: use v1 MCU API on MT7615 to fix issues with adding/removing
      stations
    - lib/bootconfig: Fix a bug of breaking existing tree nodes
    - lib/bootconfig: Fix to remove tailing spaces after value
    - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
    - kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot
    - btrfs: fix put of uninitialized kobject after seed device delete
    - btrfs: fix overflow when copying corrupt csums for a message
    - media: cec-adap.c: don't use flush_scheduled_work()
    - MIPS: Loongson2ef: Disable Loongson MMI instructions
    - dmabuf: fix NULL pointer dereference in dma_buf_release()
    - mm, THP, swap: fix allocating cluster for swapfile by mistake
    - mm: replace memmap_context by meminit_context
    - mm: don't rely on system state to detect hot-plug operations
    - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl
    - io_uring: ensure open/openat2 name is cleaned on cancelation
    - KVM: arm64: Assume write fault on S1PTW permission fault on instruction
      fetch
    - dm: fix bio splitting and its bio completion order for regular IO
    - clocksource/drivers/timer-ti-dm: Do reset before enable
    - Linux 5.8.13

* HP Zbook Studio G7 boots into corrupted screen with PSR featured panel
    (LP: #1897501)
    - SAUCE: drm/i915/psr: allow overriding PSR disable param by quirk
    - SAUCE: drm/dp: add DP_QUIRK_FORCE_PSR_CHIP_DEFAULT quirk to CMN prod-ID
      19-15

* mwifiex stops working after kernel upgrade (LP: #1897299)
    - mwifiex: Increase AES key storage size to 256 bits

* Oops and hang when starting LVM snapshots on 5.4.0-47 (LP: #1894780)
    - SAUCE: Revert "mm: memcg/slab: fix memory leak at non-root kmem_cache
      destroy"

* mm/slub kernel oops on focal kernel 5.4.0-45 (LP: #1895109)
    - SAUCE: Revert "mm/slub: fix a memory leak in sysfs_slab_add()"

* Remove NVMe suspend-to-idle workaround (LP: #1897227)
    - Revert "UBUTU: SAUCE: pci: prevent Intel NVMe SSDPEKKF from entering D3"
    - Revert "UBUNTU: SAUCE: pci: prevent sk hynix nvme from entering D3"

* [UBUNTU 20.04.1] qemu (secure guest) crash due to gup_fast / dynamic page
    table folding issue (LP: #1896726)
    - mm/gup: fix gup_fast with dynamic page table folding

* backport tls-rx to ubuntu 5.8 (LP: #1895947)
    - net/mlx5: kTLS, Improve TLS params layout structures
    - net/mlx5e: Turn XSK ICOSQ into a general asynchronous one
    - net/mlx5e: Refactor build channel params
    - net/mlx5e: API to manipulate TTC rules destinations
    - net/mlx5e: Receive flow steering framework for accelerated TCP flows
    - net/mlx5e: Accel, Expose flow steering API for rules add/del
    - net/mlx5e: kTLS, Improve TLS feature modularity
    - net/mlx5e: kTLS, Use kernel API to extract private offload context
    - net/mlx5e: kTLS, Add kTLS RX HW offload support
    - Revert "net/tls: Add force_resync for driver resync"
    - net/tls: Add asynchronous resync
    - net/mlx5e: kTLS, Add kTLS RX resync support
    - net/mlx5e: kTLS, Add kTLS RX stats
    - net/mlx5e: Increase Async ICO SQ size
    - net/mlx5e: kTLS, Cleanup redundant capability check
    - net/mlx5e: kTLS, Improve rx handler function call
    - net/mlx5e: kTLS, Fix napi sync and possible use-after-free
    - net/mlx5e: fix memory leak of tls
    - net/mlx5e: Fix build break when CONFIG_XPS is not set
    - net/mlx5e: kTLS, Add missing dma_unmap in RX resync
    - net/mlx5e: kTLS, Fix leak on resync error flow
    - net/mlx5e: kTLS, Avoid kzalloc(GFP_KERNEL) under spinlock

* Groovy update: v5.8.12 upstream stable release (LP: #1897550)
    - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset
    - ibmvnic: add missing parenthesis in do_reset()
    - act_ife: load meta modules before tcf_idr_check_alloc()
    - bnxt_en: Avoid sending firmware messages when AER error is detected.
    - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task()
    - cxgb4: fix memory leak during module unload
    - cxgb4: Fix offset when clearing filter byte counters
    - geneve: add transport ports in route lookup for geneve
    - hdlc_ppp: add range checks in ppp_cp_parse_cr()
    - hinic: bump up the timeout of SET_FUNC_STATE cmd
    - ip: fix tos reflection in ack and reset packets
    - ipv4: Initialize flowi4_multipath_hash in data path
    - ipv4: Update exception handling for multipath routes via same device
    - ipv6: avoid lockdep issue in fib6_del()
    - net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under
      RCU
    - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument
    - net: dsa: rtl8366: Properly clear member config
    - net: Fix bridge enslavement failure
    - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
    - net/mlx5: Fix FTE cleanup
    - net: phy: call phy_disable_interrupts() in phy_attach_direct() instead
    - net: sched: initialize with 0 before setting erspan md->u
    - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc
    - net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant
    - nfp: use correct define to return NONE fec
    - taprio: Fix allowing too small intervals
    - tipc: Fix memory leak in tipc_group_create_member()
    - tipc: fix shutdown() of connection oriented socket
    - tipc: use skb_unshare() instead in tipc_buf_append()
    - net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported
    - net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported
    - bnxt_en: Use memcpy to copy VPD field info.
    - bnxt_en: return proper error codes in bnxt_show_temp
    - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
    - net: lantiq: Wake TX queue again
    - net: lantiq: use netif_tx_napi_add() for TX NAPI
    - net: lantiq: Use napi_complete_done()
    - net: lantiq: Disable IRQs only if NAPI gets scheduled
    - net: phy: Avoid NPD upon phy_detach() when driver is unbound
    - net: phy: Do not warn in phy_stop() on PHY_DOWN
    - net: qrtr: check skb_put_padto() return value
    - net: add __must_check to skb_put_padto()
    - net: ethernet: ti: cpsw_new: fix suspend/resume
    - wireguard: noise: take lock when removing handshake entry from table
    - wireguard: peerlookup: take lock before checking hash in replace operation
    - net: ipa: fix u32_replace_bits by u32p_xxx version
    - net/mlx5e: Fix memory leak of tunnel info when rule under multipath not
      ready
    - hinic: fix rewaking txq after netif_tx_disable
    - hv_netvsc: Fix hibernation for mlx5 VF driver
    - net: dsa: link interfaces with the DSA master to get rid of lockdep warnings
    - net: dsa: microchip: ksz8795: really set the correct number of ports
    - net: macb: fix for pause frame receive enable bit
    - Revert "netns: don't disable BHs when locking "nsid_lock""
    - net/mlx5e: Use RCU to protect rq->xdp_prog
    - net/mlx5e: Use synchronize_rcu to sync with NAPI
    - net/mlx5e: Fix endianness when calculating pedit mask first bit
    - Linux 5.8.12

* Groovy update: v5.8.11 upstream stable release (LP: #1896795)
    - RDMA/bnxt_re: Restrict the max_gids to 256
    - dt-bindings: spi: Fix spi-bcm-qspi compatible ordering
    - mptcp: sendmsg: reset iter on error
    - net: handle the return value of pskb_carve_frag_list() correctly
    - dt-bindings: PCI: intel,lgm-pcie: Fix matching on all snps,dw-pcie instances
    - hv_netvsc: Remove "unlikely" from netvsc_select_queue
    - loop: Set correct device size when using LOOP_CONFIGURE
    - firmware_loader: fix memory leak for paged buffer
    - xprtrdma: Release in-flight MRs on disconnect
    - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall
    - phy: omap-usb2-phy: disable PHY charger detect
    - habanalabs: prevent user buff overflow
    - habanalabs: fix report of RAZWI initiator coordinates
    - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
    - scsi: libfc: Fix for double free()
    - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery
    - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional
      events
    - regulator: pwm: Fix machine constraints application
    - spi: spi-loopback-test: Fix out-of-bounds read
    - interconnect: Show bandwidth for disabled paths as zero in debugfs
    - NFS: Zero-stateid SETATTR should first return delegation
    - SUNRPC: stop printk reading past end of string
    - rapidio: Replace 'select' DMAENGINES 'with depends on'
    - cifs: fix DFS mount with cifsacl/modefromsid
    - openrisc: Fix cache API compile issue when not inlining
    - nvme-fc: cancel async events before freeing event struct
    - nvme-rdma: cancel async events before freeing event struct
    - nvme-tcp: cancel async events before freeing event struct
    - block: only call sched requeue_request() for scheduled requests
    - f2fs: fix indefinite loop scanning for free nid
    - f2fs: Return EOF on unaligned end of file DIO read
    - i2c: algo: pca: Reapply i2c bus settings after reset
    - spi: Fix memory leak on splited transfers
    - KVM: MIPS: Change the definition of kvm type
    - clk: davinci: Use the correct size when allocating memory
    - clk: rockchip: Fix initialization of mux_pll_src_4plls_p
    - ASoC: Intel: skl_hda_dsp_generic: Fix NULLptr dereference in autosuspend
      delay
    - ASoC: qcom: Set card->owner to avoid warnings
    - ASoC: rt1308-sdw: Fix return check for devm_regmap_init_sdw()
    - ASoC: rt711: Fix return check for devm_regmap_init_sdw()
    - ASoC: rt715: Fix return check for devm_regmap_init_sdw()
    - ASoC: rt700: Fix return check for devm_regmap_init_sdw()
    - ASoC: qcom: common: Fix refcount imbalance on error
    - drm/mediatek: dsi: Fix scrolling of panel with small hfp or hbp
    - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory
    - ASoC: soc-core: add snd_soc_find_dai_with_mutex()
    - ASoC: meson: axg-toddr: fix channel order on g12 platforms
    - ASoC: tlv320adcx140: Fix accessing uninitialized adcx140->dev
    - ASoC: Intel: haswell: Fix power transition refactor
    - ASoC: core: Do not cleanup uninitialized dais on soc_pcm_open failure
    - Drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume()
    - scsi: libsas: Fix error path in sas_notify_lldd_dev_found()
    - arm64: Allow CPUs unffected by ARM erratum 1418040 to come in late
    - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload
    - perf test: Fix the "signal" test inline assembly
    - perf record: Don't clear event's period if set by a term
    - MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
    - perf test: Free aliases for PMU event map aliases test
    - perf metric: Fix some memory leaks
    - perf evlist: Fix cpu/thread map leak
    - perf parse-event: Fix memory leak in evsel->unit
    - perf test: Free formats for perf pmu parse test
    - drm/i915/gem: Reduce context termination list iteration guard to RCU
    - fbcon: Fix user font detection test at fbcon_resize().
    - MIPS: SNI: Fix spurious interrupts
    - drm/mediatek: Use CPU when fail to get cmdq event
    - drm/mediatek: Add missing put_device() call in mtk_ddp_comp_init()
    - drm/mediatek: Add exception handing in mtk_drm_probe() if component init
      fail
    - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init()
    - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata()
    - arm64: bpf: Fix branch offset in JIT
    - iommu/amd: Fix potential @entry null deref
    - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode
    - kconfig: qconf: use delete[] instead of delete to free array (again)
    - i2c: mediatek: Fix generic definitions for bus frequency
    - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK
    - riscv: Add sfence.vma after early page table changes
    - locking/lockdep: Fix "USED" <- "IN-NMI" inversions
    - efi: efibc: check for efivars write capability
    - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count
    - x86/unwind/fp: Fix FP unwinding in ret_from_fork
    - drm/kfd: fix a system crash issue during GPU recovery
    - drm/i915/gem: Delay tracking the GEM context until it is registered
    - drm/i915: Filter wake_flags passed to default_wake_function
    - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin
      notebook
    - USB: UAS: fix disconnect by unplugging a hub
    - usblp: fix race between disconnect() and read()
    - usb: typec: ucsi: acpi: Increase command completion timeout value
    - usb: typec: ucsi: Prevent mode overrun
    - i2c: i801: Fix resume bug
    - Revert "ALSA: hda - Fix silent audio output and corrupted input on MSI
      X570-A PRO"
    - ALSA: hda: fixup headset for ASUS GX502 laptop
    - ALSA: hda/realtek - The Mic on a RedmiBook doesn't work
    - percpu: fix first chunk size calculation for populated bitmap
    - Input: trackpoint - add new trackpoint variant IDs
    - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
    - serial: 8250_pci: Add Realtek 816a and 816b
    - serial: core: fix port-lock initialisation
    - serial: core: fix console port-lock regression
    - x86/boot/compressed: Disable relocation relaxation
    - ksm: reinstate memcg charge on copied pages
    - kprobes: fix kill kprobe which has been marked as gone
    - mm/thp: fix __split_huge_pmd_locked() for migration PMD
    - s390: add 3f program exception handler
    - s390/zcrypt: fix kmalloc 256k failure
    - ehci-hcd: Move include to keep CRC stable
    - arm64: paravirt: Initialize steal time when cpu is online
    - powerpc/dma: Fix dma_map_ops::get_required_mask
    - selftests/vm: fix display of page size in map_hugetlb
    - dm/dax: Fix table reference counts
    - mm/memory_hotplug: drain per-cpu pages again during memory offline
    - dm: Call proper helper to determine dax support
    - dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX
    - mm: memcg: fix memcg reclaim soft lockup
    - nvme-loop: set ctrl state connecting after init
    - Linux 5.8.11

* Miscellaneous Ubuntu changes
    - SAUCE: drm/i915/display: Fix null deref in intel_psr_atomic_check()
    - SAUCE: RDMA/core: Introduce peer memory interface
    - SAUCE: fixup! RDMA/core: Introduce peer memory interface
    - SAUCE: IB/mlx5: Use peer client page_shift
    - SAUCE: IB/umem: Fix the Peer flow to handle pinned pages properly
    - [Config] GCC version update

-- Paolo Pisati <paolo.pisati@canonical.com>  Fri, 02 Oct 2020 10:46:22 +0200

Changed in linux (Ubuntu Groovy):
status:	Fix Committed → Fix Released

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-10-09:

#29

Since the patch is now coming via upstream stable to focal (https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.69),
watching out for a LP ticket "Focal update: v5.4.69 upstream stable release"...

Changed in linux (Ubuntu Focal):
status:	Incomplete → Triaged

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-10-20:

#30

The focal part of this ticket is addressed by:
"Focal update: v5.4.69 upstream stable release"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1900624
And LP 1900624 is Fix Committed and the patches are already applied to focal master-next.
Hence aligning the status of this ticket to LP 1900624 and updating it to Fix Committed.

Changed in linux (Ubuntu Focal):
status:	Triaged → Fix Committed
Changed in ubuntu-z-systems:
status:	In Progress → Fix Committed

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-11-30:

#31

The bug "Focal update: v5.4.69 upstream stable release"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1900624
was just updated to Fix released, hence aligning the status of the focal entry here
and with that closing this ticket as Fix Released.

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status:	Fix Committed → Fix Released

Revision history for this message

bugproxy (bugproxy) wrote on 2020-12-01:

#32

------- Comment From <email address hidden> 2020-12-01 04:29 EDT-------
IBM Bugzilla status->closed, Fix Released by all requested Distros

Ubuntu
linux package

[UBUNTU 20.04.1] qemu (secure guest) crash due to gup_fast / dynamic page table folding issue

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

	Status	Importance	Assigned to
Ubuntu on IBM z Systems	Fix Released	Critical	Skipper Bug Screeners
linux (Ubuntu)	Fix Released	Undecided	Frank Heimes
Focal	Fix Released	Undecided	Frank Heimes
Groovy	Fix Released	Undecided	Frank Heimes

Ubuntulinux package

[UBUNTU 20.04.1] qemu (secure guest) crash due to gup_fast / dynamic page table folding issue

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package