Prevent reuse of IRQ0 vector when using IO-APIC

Bug #276334 reported by Stefan Bader on 2008-09-30
6
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Stefan Bader
Hardy
Medium
Stefan Bader

Bug Description

Repeatedly loading and unloading a driver that uses a non-shared IRQ (always the case for MSI) will eventually assign the vector used by IRQ0 (timer). This is because IRQ0 is setup early in the IO_APIC (32bit) code without marking the associated bit in the map of used vectors. This is a specific problem in the 32bit code of the IO APIC.

Testcase: 32bit system with IO APIC in use. Unload and load a driver which does not share its IRQ repeatedly. After around 163 cycles cat /proc/interrupts will not show any new interrupts on IRQ0 and the system sometimes starts to freeze until any key is hit (trigger some other interrupt).

Stefan Bader (smb) wrote :

This patch has been submitted upstream. Since 2.6.28 (tip) has reworked the whole code, this seems to apply only to 2.6.24-2.6.27.

Changed in linux:
assignee: nobody → stefan-bader-canonical
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) wrote :

SRU justification:

Impact: Reassigning the IRQ0 vector causes various highly undesired effects.

Fix: see attached patch

Testcase: see above

Changed in linux:
assignee: nobody → stefan-bader-canonical
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) wrote :

commit efa9dc5ac390b85013c50d9ff59a49e4177f7873
    x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap.

Changed in linux:
status: In Progress → Fix Committed
Stefan Bader (smb) wrote :

commit 3fa0e092ea988f772ec6ff9c60825373c4c340cb
    UBUNTU: SAUCE: x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap.

Changed in linux:
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.27-4.7

---------------
linux (2.6.27-4.7) intrepid; urgency=low

  [ Ben Collins ]

  * build/abi: Add gfs1 to perm blacklist
  * build/abi: Ignored changes in gfs2 symbols

  [ Fabio M. Di Nitto ]

  * Revert "SAUCE: Export gfs2 symbols required for gfs1 kernel module"
  * ubuntu: update GFS Cluster File System

  [ Stefan Bader ]

  * SAUCE: x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap.
    - LP: #276334

  [ Tim Gardner ]

  * Revert "Disable e1000e until the NVRAM corruption problem is found."
  * Add atl1e and atl2 to Debian installer bits
    - LP: #273904
  * SAUCE: e1000e: Map NV RAM dynamically only when needed.
    - LP: #263555

 -- Tim Gardner <email address hidden> Fri, 26 Sep 2008 20:51:22 -0600

Changed in linux:
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

linux 2.6.24-21 copied to hardy-updates.

Changed in linux:
status: Fix Committed → Fix Released
Martin Pitt (pitti) on 2008-11-14
Changed in linux:
status: Fix Released → In Progress
Martin Pitt (pitti) wrote :

Accepted into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Martin Pitt (pitti) wrote :

Accepted into hardy-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in linux:
status: In Progress → Fix Committed
Martin Pitt (pitti) wrote :

Accepted linux into hardy-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Launchpad Janitor (janitor) wrote :
Download full text (12.0 KiB)

This bug was fixed in the package linux - 2.6.24-23.46

---------------
linux (2.6.24-23.46) hardy-proposed; urgency=low

  [Alessio Igor Bogani]

  * rt: Updated PREEMPT_RT support to rt21
    - LP: #302138

  [Amit Kucheria]

  * SAUCE: Update lpia patches from moblin tree
    - LP: #291457

  [Andy Whitcroft]

  * SAUCE: replace gfs2_bitfit with upstream version to prevent oops
    - LP: #276641

  [Colin Ian King]

  * isdn: Do not validate ISDN net device address prior to interface-up
    - LP: #237306
  * hwmon: (coretemp) Add Penryn CPU to coretemp
    - LP: #235119
  * USB: add support for Motorola ROKR Z6 cellphone in mass storage mode
    - LP: #263217
  * md: fix an occasional deadlock in raid5
    - LP: #208551

  [Stefan Bader]

  * SAUCE: buildenv: Show CVE entries in printchanges
  * SAUCE: buildenv: Send git-ubuntu-log informational message to stderr
  * Xen: dma: avoid unnecessarily SWIOTLB bounce buffering
    - LP: #247148
  * Update openvz patchset to apply to latest stable tree.
    - LP: #301634
  * XEN: Fix FTBS with stable updates
    - LP: #301634

  [Steve Conklin]

  * Add HID quirk for dual USB gamepad
    - LP: #140608

  [Tim Gardner]

  * Enable CONFIG_AX25_DAMA_SLAVE=y
    - LP: #257684
  * SAUCE: Correctly blacklist Thinkpad r40e in ACPI
    - LP: #278794
  * SAUCE: ALPS touchpad for Dell Latitude E6500/E6400
    - LP: #270643

  [Upstream Kernel Changes]

  * Revert "[Bluetooth] Eliminate checks for impossible conditions in IRQ
    handler"
    - LP: #217659
  * KVM: VMX: Clear CR4.VMXE in hardware_disable
    - LP: #268981
  * iov_iter_advance() fix
    - LP: #231746
  * Fix off-by-one error in iov_iter_advance()
    - LP: #231746
  * USB: serial: ch341: New VID/PID for CH341 USB-serial
    - LP: #272485
  * x86: Fix 32-bit x86 MSI-X allocation leakage
    - LP: #273103
  * b43legacy: Fix failure in rate-adjustment mechanism
    - LP: #273143
  * x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap.
    - LP: #276334
  * openvz: merge missed fixes from vanilla 2.6.24 openvz branch
    - LP: #298059
  * openvz: some autofs related fixes
    - LP: #298059
  * openvz: fix ve stop deadlock after nfs connect
    - LP: #298059
  * openvz: fix netlink and rtnl inside container
    - LP: #298059
  * openvz: fix wrong size of ub0_percpu
    - LP: #298059
  * openvz: fix OOPS while stopping VE started before binfmt_misc.ko loaded
    - LP: #298059
  * x86-64: Fix "bytes left to copy" return value for copy_from_user()
  * NET: Fix race in dev_close(). (Bug 9750)
    - LP: #301608
  * IPV6: Fix IPsec datagram fragmentation
    - LP: #301608
  * IPV6: dst_entry leak in ip4ip6_err.
    - LP: #301608
  * IPV4: Remove IP_TOS setting privilege checks.
    - LP: #301608
  * IPCONFIG: The kernel gets no IP from some DHCP servers
    - LP: #301608
  * IPCOMP: Disable BH on output when using shared tfm
    - LP: #301608
  * IRQ_NOPROBE helper functions
    - LP: #301608
  * MIPS: Mark all but i8259 interrupts as no-probe.
    - LP: #301608
  * ub: fix up the conversion to sg_init_table()
    - LP: #301608
  * x86: adjust enable_NMI_through_LVT0()
    - LP: #301608
  * SCSI ips: handle scsi_add_host() failure, and other err cl...

Changed in linux:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers