2020-11-30 12:39:41 |
bugproxy |
bug |
|
|
added bug |
2020-11-30 12:39:43 |
bugproxy |
tags |
|
architecture-s39064 bugnameltc-189961 severity-critical targetmilestone-inin--- |
|
2020-11-30 12:39:44 |
bugproxy |
ubuntu: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
2020-11-30 12:39:48 |
bugproxy |
affects |
ubuntu |
linux (Ubuntu) |
|
2020-11-30 12:47:02 |
Frank Heimes |
bug task added |
|
ubuntu-z-systems |
|
2020-11-30 13:01:55 |
Frank Heimes |
ubuntu-z-systems: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
2020-11-30 13:01:58 |
Frank Heimes |
linux (Ubuntu): assignee |
Skipper Bug Screeners (skipper-screen-team) |
Frank Heimes (fheimes) |
|
2020-11-30 13:02:05 |
Frank Heimes |
ubuntu-z-systems: importance |
Undecided |
Critical |
|
2020-11-30 13:02:09 |
Frank Heimes |
ubuntu-z-systems: status |
New |
Triaged |
|
2020-11-30 13:04:17 |
Frank Heimes |
nominated for series |
|
Ubuntu Groovy |
|
2020-11-30 13:04:17 |
Frank Heimes |
bug task added |
|
linux (Ubuntu Groovy) |
|
2020-11-30 13:04:34 |
Frank Heimes |
linux (Ubuntu Groovy): assignee |
|
Frank Heimes (fheimes) |
|
2020-11-30 13:04:38 |
Frank Heimes |
linux (Ubuntu): assignee |
Frank Heimes (fheimes) |
|
|
2020-11-30 18:24:01 |
Terry Rudd |
bug |
|
|
added subscriber Terry Rudd |
2020-12-02 20:37:22 |
Frank Heimes |
description |
commit 0b0ed657fe ("s390: remove critical section cleanup from entry.S") introduced a problem where FPU registers were not properly restored when entering SIE. This leads to crashes of applications runnning inside kvm, as most of the programs in use nowdays are using FPU registers for backing of general register content.
Fix is upstream:
author Sven Schnelle <svens@linux.ibm.com> 2020-11-20 14:17:52 +0100
committer Heiko Carstens <hca@linux.ibm.com> 2020-11-23 11:52:13 +0100
commit 1179f170b6f0af7bb0b3b7628136eaac450ddf31 (patch)
tree 19e8acb64e0968b41de4899cc1315c41b002839e /arch/s390/kernel/entry.S
parent 78d732e1f326f74f240d416af9484928303d9951 (diff)
download linux-1179f170b6f0af7bb0b3b7628136eaac450ddf31.tar.gz
s390: fix fpu restore in entry.S
We need to disable interrupts in load_fpu_regs(). Otherwise an
interrupt might come in after the registers are loaded, but before
CIF_FPU is cleared in load_fpu_regs(). When the interrupt returns,
CIF_FPU will be cleared and the registers will never be restored.
The entry.S code usually saves the interrupt state in __SF_EMPTY on the
stack when disabling/restoring interrupts. sie64a however saves the pointer
to the sie control block in __SF_SIE_CONTROL, which references the same
location. This is non-obvious to the reader. To avoid thrashing the sie
control block pointer in load_fpu_regs(), move the __SIE_* offsets eight
bytes after __SF_EMPTY on the stack.
Cc: <stable@vger.kernel.org> # 5.8
Fixes: 0b0ed657fe00 ("s390: remove critical section cleanup from entry.S")
Reported-by: Pierre Morel <pmorel@linux.ibm.com>
Signed-off-by: Sven Schnelle <svens@linux.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com> |
SRU Justification:
==================
[Impact]
* The commit 0b0ed657fe "s390: remove critical section cleanup from entry.S" was introduced in kernel 5.8, but instigated a problem where FPU registers were not properly restored when entering the SIE (start interpretive execution) instruction.
* This leads to crashes of applications runnning inside KVM, as most of the programs in use nowdays are using FPU registers for backing of general register content.
* To fix this interrupts in load_fpu_regs() need to be disabled - otherwise an interrupt might come in after the registers are loaded, but before CIF_FPU is cleared in load_fpu_regs().
* When the interrupt returns, CIF_FPU will be cleared and the registers will never be restored.
[Fix]
* 1179f170b6f0af7bb0b3b7628136eaac450ddf31 1179f170b6f0 "s390: fix fpu restore in entry.S"
[Test Case]
* IBM Z or LinuxONE hardware with Ubuntu Server 20.10 installed.
* A KVM host needs to be setup as well as an KVM guest (use again 20.10).
* Run (ideally context switching) workload that makes use of FP instructions inside of the KVM guest.
* Monitor the health of the guest for crashes (logs).
[Regression Potential]
* Even if the code changes are quite overseeable, there is still a certain risk for regression, because:
* the modifications affect a critical part of the kernel (arch/s390/kernel/entry.S)
* affect the handling of the FPU registers
* and are always in use if KVM guests run
* So in worst case the changes may have an even bigger impact on FPU workloads in KVM guests
* and may not only crash in case of FPU usage, but also KVM in general.
* But the code is peurly s390x specific, hence affects IBM Z only,
* and it got already upstream accepted with v5.10-rc6
* and a test kernel (based on groovy master-next) was build for further testing.
[Other]
* The patch got upstream accepted with kernel v5.10-rc6, hence it will land sooner or later in Hirsute.
* It was initially planned to address groovy via 5.8 upstream stable update, and in fact the patch was already marked for this, but it didn't made it because 5.8 already reached it's EOL.
* Hence this SRU is submitted for groovy only.
__________
commit 0b0ed657fe ("s390: remove critical section cleanup from entry.S") introduced a problem where FPU registers were not properly restored when entering SIE. This leads to crashes of applications runnning inside kvm, as most of the programs in use nowdays are using FPU registers for backing of general register content.
Fix is upstream:
author Sven Schnelle <svens@linux.ibm.com> 2020-11-20 14:17:52 +0100
committer Heiko Carstens <hca@linux.ibm.com> 2020-11-23 11:52:13 +0100
commit 1179f170b6f0af7bb0b3b7628136eaac450ddf31 (patch)
tree 19e8acb64e0968b41de4899cc1315c41b002839e /arch/s390/kernel/entry.S
parent 78d732e1f326f74f240d416af9484928303d9951 (diff)
download linux-1179f170b6f0af7bb0b3b7628136eaac450ddf31.tar.gz
s390: fix fpu restore in entry.S
We need to disable interrupts in load_fpu_regs(). Otherwise an
interrupt might come in after the registers are loaded, but before
CIF_FPU is cleared in load_fpu_regs(). When the interrupt returns,
CIF_FPU will be cleared and the registers will never be restored.
The entry.S code usually saves the interrupt state in __SF_EMPTY on the
stack when disabling/restoring interrupts. sie64a however saves the pointer
to the sie control block in __SF_SIE_CONTROL, which references the same
location. This is non-obvious to the reader. To avoid thrashing the sie
control block pointer in load_fpu_regs(), move the __SIE_* offsets eight
bytes after __SF_EMPTY on the stack.
Cc: <stable@vger.kernel.org> # 5.8
Fixes: 0b0ed657fe00 ("s390: remove critical section cleanup from entry.S")
Reported-by: Pierre Morel <pmorel@linux.ibm.com>
Signed-off-by: Sven Schnelle <svens@linux.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com> |
|
2020-12-03 08:45:45 |
Stefan Bader |
linux (Ubuntu Groovy): importance |
Undecided |
Medium |
|
2020-12-03 08:45:45 |
Stefan Bader |
linux (Ubuntu Groovy): status |
New |
In Progress |
|
2020-12-03 09:01:52 |
Frank Heimes |
ubuntu-z-systems: status |
Triaged |
In Progress |
|
2020-12-03 09:02:07 |
Frank Heimes |
linux (Ubuntu Groovy): assignee |
Frank Heimes (fheimes) |
|
|
2020-12-08 15:57:28 |
Ian May |
linux (Ubuntu Groovy): status |
In Progress |
Fix Committed |
|
2020-12-08 16:06:29 |
Frank Heimes |
ubuntu-z-systems: status |
In Progress |
Fix Committed |
|
2020-12-09 16:28:25 |
Frank Heimes |
nominated for series |
|
Ubuntu Hirsute |
|
2020-12-09 16:28:25 |
Frank Heimes |
bug task added |
|
linux (Ubuntu Hirsute) |
|
2020-12-09 16:28:36 |
Frank Heimes |
linux (Ubuntu Hirsute): status |
New |
In Progress |
|
2021-01-29 07:39:10 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-189961 severity-critical targetmilestone-inin--- |
architecture-s39064 bugnameltc-189961 severity-critical targetmilestone-inin--- verification-needed-groovy |
|
2021-02-09 08:02:02 |
Frank Heimes |
linux (Ubuntu Hirsute): status |
In Progress |
Fix Committed |
|
2021-02-10 07:11:15 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-189961 severity-critical targetmilestone-inin--- verification-needed-groovy |
architecture-s39064 bugnameltc-189961 severity-critical targetmilestone-inin--- verification-done-groovy |
|
2021-02-15 10:29:50 |
bugproxy |
tags |
architecture-s39064 bugnameltc-189961 severity-critical targetmilestone-inin--- verification-done-groovy |
architecture-s39064 bugnameltc-189961 severity-critical targetmilestone-inin2010 verification-done-groovy |
|
2021-02-22 07:28:05 |
Frank Heimes |
linux (Ubuntu Hirsute): status |
Fix Committed |
Fix Released |
|
2021-02-23 16:22:36 |
Launchpad Janitor |
linux (Ubuntu Groovy): status |
Fix Committed |
Fix Released |
|
2021-02-23 16:22:36 |
Launchpad Janitor |
cve linked |
|
2020-27777 |
|
2021-02-23 16:22:36 |
Launchpad Janitor |
cve linked |
|
2020-28974 |
|
2021-02-23 17:09:37 |
Frank Heimes |
ubuntu-z-systems: status |
Fix Committed |
Fix Released |
|