[drm:qxl_enc_commit [qxl]] *ERROR* head number too large or missing monitors config:

Bug #1908219 reported by Dariusz Gadomski on 2020-12-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Medium
Dariusz Gadomski

Bug Description

[Impact]

* Ubuntu 18.04 used as a guest in KVM with Spice/QXL in use may lead to a DRM error displayed during xorg launch:
[drm:qxl_enc_commit [qxl]] *ERROR* head number too large or missing monitors config: (ptrval), 0

[Fix]

* 00e5d217fa19bcbec13135898e1b9ca2c1c3e89b qxl: hook monitors_config updates into crtc, not encoder.

[Test Case]

* Ubuntu 18.04 desktop guest with 4.15-series kernel with Spice/QXL.
* I used Ubuntu 20.04 as the host, but I was reported that the issue is similar also on Centos 7.8 used as a host.

[Regression Potential]

* Fix is limited to the QXL driver, so any regressions will be related to graphics (either potential drm errors or graphical artifacts).

[Other]

* This has been fixed in HWE kernels and in later Ubuntu releases. Only Bionic is affected.
* According to the description in drivers/gpu/drm/qxl/qxl_dev.h:
struct qxl_monitors_config {
 (...)
 uint16_t max_allowed; /* If it is 0 no fixed limit is given by the
     driver */
 (...)
};

In the message this value is 0 which should be a completely correct situation in that context. However, it is incorrectly compared against current qxl_output.
This has been fixed soon after Bionic release and in Bionic is marked with:
/* TODO: ugly, do better */

CVE References

Changed in linux (Ubuntu):
status: New → Fix Released
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
Changed in linux (Ubuntu Bionic):
assignee: nobody → Dariusz Gadomski (dgadomski)
Stefan Bader (smb) on 2020-12-17
Changed in linux (Ubuntu Bionic):
status: New → In Progress
Ian (ian-may) on 2020-12-18
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Dariusz Gadomski (dgadomski) wrote :

I have tested this in a VM with kernel 4.15.0-131.135 installed and I can confirm the issue is gone.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Launchpad Janitor (janitor) wrote :
Download full text (6.1 KiB)

This bug was fixed in the package linux - 4.15.0-135.139

---------------
linux (4.15.0-135.139) bionic; urgency=medium

  * bionic/linux: 4.15.0-135.139 -proposed tracker (LP: #1912223)

  * [drm:qxl_enc_commit [qxl]] *ERROR* head number too large or missing monitors
    config: (LP: #1908219)
    - qxl: remove qxl_io_log()
    - qxl: move qxl_send_monitors_config()
    - qxl: hook monitors_config updates into crtc, not encoder.

  * Touchpad not detected on ByteSpeed C15B laptop (LP: #1906128)
    - Input: i8042 - add ByteSpeed touchpad to noloop table

  * vmx_nm_test in ubuntu_kvm_unit_tests interrupted on X-oracle-4.15 /
    B-oracle-4.15 / X-KVM / B-KVM (LP: #1872401)
    - KVM: nVMX: Always reflect #NM VM-exits to L1

  * stack trace in kernel (LP: #1903596)
    - net: napi: remove useless stack trace

  * CVE-2020-27777
    - [Config]: Set CONFIG_PPC_RTAS_FILTER

  * Bionic update: upstream stable patchset 2020-12-04 (LP: #1906875)
    - regulator: defer probe when trying to get voltage from unresolved supply
    - ring-buffer: Fix recursion protection transitions between interrupt context
    - time: Prevent undefined behaviour in timespec64_to_ns()
    - nbd: don't update block size after device is started
    - btrfs: sysfs: init devices outside of the chunk_mutex
    - btrfs: reschedule when cloning lots of extents
    - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
    - hv_balloon: disable warning when floor reached
    - net: xfrm: fix a race condition during allocing spi
    - perf tools: Add missing swap for ino_generation
    - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
    - can: rx-offload: don't call kfree_skb() from IRQ context
    - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ
      context
    - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR
      frames
    - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
    - can: peak_usb: add range checking in decode operations
    - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
    - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is
      on
    - xfs: flush new eof page on truncate to avoid post-eof corruption
    - Btrfs: fix missing error return if writeback for extent buffer never started
    - ath9k_htc: Use appropriate rs_datalen type
    - usb: gadget: goku_udc: fix potential crashes in probe
    - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
    - gfs2: Add missing truncate_inode_pages_final for sd_aspace
    - gfs2: check for live vs. read-only file system in gfs2_fitrim
    - scsi: hpsa: Fix memory leak in hpsa_init_one()
    - drm/amdgpu: perform srbm soft reset always on SDMA resume
    - mac80211: fix use of skb payload instead of header
    - cfg80211: regulatory: Fix inconsistent format argument
    - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
    - iommu/amd: Increase interrupt remapping table limit to 512 entries
    - pinctrl: intel: Set default bias in case no particular value given
    - ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template
    - ...

Read more...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers