Ubuntu
linux package

Prevent reuse of IRQ0 vector when using IO-APIC

Bug #276334 reported by Stefan Bader
6
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Stefan Bader
Hardy
Fix Released
Medium
Stefan Bader

Bug Description

Repeatedly loading and unloading a driver that uses a non-shared IRQ (always the case for MSI) will eventually assign the vector used by IRQ0 (timer). This is because IRQ0 is setup early in the IO_APIC (32bit) code without marking the associated bit in the map of used vectors. This is a specific problem in the 32bit code of the IO APIC.

Testcase: 32bit system with IO APIC in use. Unload and load a driver which does not share its IRQ repeatedly. After around 163 cycles cat /proc/interrupts will not show any new interrupts on IRQ0 and the system sometimes starts to freeze until any key is hit (trigger some other interrupt).

Revision history for this message
Stefan Bader (smb) wrote :

This patch has been submitted upstream. Since 2.6.28 (tip) has reworked the whole code, this seems to apply only to 2.6.24-2.6.27.

Changed in linux:
assignee: nobody → stefan-bader-canonical
importance: Undecided → Medium
status: New → In Progress
Revision history for this message
Stefan Bader (smb) wrote :

SRU justification:

Impact: Reassigning the IRQ0 vector causes various highly undesired effects.

Fix: see attached patch

Testcase: see above

Changed in linux:
assignee: nobody → stefan-bader-canonical
importance: Undecided → Medium
status: New → In Progress
Revision history for this message
Stefan Bader (smb) wrote :

commit efa9dc5ac390b85013c50d9ff59a49e4177f7873
    x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap.

Changed in linux:
status: In Progress → Fix Committed
Revision history for this message
Stefan Bader (smb) wrote :

commit 3fa0e092ea988f772ec6ff9c60825373c4c340cb
    UBUNTU: SAUCE: x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap.

Changed in linux:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.27-4.7

---------------
linux (2.6.27-4.7) intrepid; urgency=low

  [ Ben Collins ]

  * build/abi: Add gfs1 to perm blacklist
  * build/abi: Ignored changes in gfs2 symbols

  [ Fabio M. Di Nitto ]

  * Revert "SAUCE: Export gfs2 symbols required for gfs1 kernel module"
  * ubuntu: update GFS Cluster File System

  [ Stefan Bader ]

  * SAUCE: x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap.
    - LP: #276334

  [ Tim Gardner ]

  * Revert "Disable e1000e until the NVRAM corruption problem is found."
  * Add atl1e and atl2 to Debian installer bits
    - LP: #273904
  * SAUCE: e1000e: Map NV RAM dynamically only when needed.
    - LP: #263555

 -- Tim Gardner <email address hidden> Fri, 26 Sep 2008 20:51:22 -0600

Changed in linux:
status: Fix Committed → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

linux 2.6.24-21 copied to hardy-updates.

Changed in linux:
status: Fix Committed → Fix Released
Martin Pitt (pitti)
Changed in linux:
status: Fix Released → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into hardy-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in linux:
status: In Progress → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted linux into hardy-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (12.0 KiB)

This bug was fixed in the package linux - 2.6.24-23.46

---------------
linux (2.6.24-23.46) hardy-proposed; urgency=low

  [Alessio Igor Bogani]

  * rt: Updated PREEMPT_RT support to rt21
    - LP: #302138

  [Amit Kucheria]

  * SAUCE: Update lpia patches from moblin tree
    - LP: #291457

  [Andy Whitcroft]

  * SAUCE: replace gfs2_bitfit with upstream version to prevent oops
    - LP: #276641

  [Colin Ian King]

  * isdn: Do not validate ISDN net device address prior to interface-up
    - LP: #237306
  * hwmon: (coretemp) Add Penryn CPU to coretemp
    - LP: #235119
  * USB: add support for Motorola ROKR Z6 cellphone in mass storage mode
    - LP: #263217
  * md: fix an occasional deadlock in raid5
    - LP: #208551

  [Stefan Bader]

  * SAUCE: buildenv: Show CVE entries in printchanges
  * SAUCE: buildenv: Send git-ubuntu-log informational message to stderr
  * Xen: dma: avoid unnecessarily SWIOTLB bounce buffering
    - LP: #247148
  * Update openvz patchset to apply to latest stable tree.
    - LP: #301634
  * XEN: Fix FTBS with stable updates
    - LP: #301634

  [Steve Conklin]

  * Add HID quirk for dual USB gamepad
    - LP: #140608

  [Tim Gardner]

  * Enable CONFIG_AX25_DAMA_SLAVE=y
    - LP: #257684
  * SAUCE: Correctly blacklist Thinkpad r40e in ACPI
    - LP: #278794
  * SAUCE: ALPS touchpad for Dell Latitude E6500/E6400
    - LP: #270643

  [Upstream Kernel Changes]

  * Revert "[Bluetooth] Eliminate checks for impossible conditions in IRQ
    handler"
    - LP: #217659
  * KVM: VMX: Clear CR4.VMXE in hardware_disable
    - LP: #268981
  * iov_iter_advance() fix
    - LP: #231746
  * Fix off-by-one error in iov_iter_advance()
    - LP: #231746
  * USB: serial: ch341: New VID/PID for CH341 USB-serial
    - LP: #272485
  * x86: Fix 32-bit x86 MSI-X allocation leakage
    - LP: #273103
  * b43legacy: Fix failure in rate-adjustment mechanism
    - LP: #273143
  * x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap.
    - LP: #276334
  * openvz: merge missed fixes from vanilla 2.6.24 openvz branch
    - LP: #298059
  * openvz: some autofs related fixes
    - LP: #298059
  * openvz: fix ve stop deadlock after nfs connect
    - LP: #298059
  * openvz: fix netlink and rtnl inside container
    - LP: #298059
  * openvz: fix wrong size of ub0_percpu
    - LP: #298059
  * openvz: fix OOPS while stopping VE started before binfmt_misc.ko loaded
    - LP: #298059
  * x86-64: Fix "bytes left to copy" return value for copy_from_user()
  * NET: Fix race in dev_close(). (Bug 9750)
    - LP: #301608
  * IPV6: Fix IPsec datagram fragmentation
    - LP: #301608
  * IPV6: dst_entry leak in ip4ip6_err.
    - LP: #301608
  * IPV4: Remove IP_TOS setting privilege checks.
    - LP: #301608
  * IPCONFIG: The kernel gets no IP from some DHCP servers
    - LP: #301608
  * IPCOMP: Disable BH on output when using shared tfm
    - LP: #301608
  * IRQ_NOPROBE helper functions
    - LP: #301608
  * MIPS: Mark all but i8259 interrupts as no-probe.
    - LP: #301608
  * ub: fix up the conversion to sg_init_table()
    - LP: #301608
  * x86: adjust enable_NMI_through_LVT0()
    - LP: #301608
  * SCSI ips: handle scsi_add_host() failure, and other err cl...

Changed in linux:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.