[Ubuntu] qdio: reset old sbal_state flags
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Canonical Kernel Team | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Canonical Kernel | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
Disco |
Fix Released
|
Undecided
|
Canonical Kernel |
Bug Description
== SRU Justification ==
Description: qdio: reset old sbal_state flags
Symptom:
af_iucv socket using HiperSockets may stall.
Problem:
When allocating a new AOB fails, handle_outbound() is
still capable of transmitting the selected buffer
(just without async completion).
But if a previous transfer on this queue slot used
async completion, its sbal_state flags field is still set
to QDIO_OUTBUF_
So when the upper layer driver sees this stale flag, it
expects an async completion that never happens.
Solution:
Unconditionally clear the buffer's flags field.
== Fix ==
64e03ff72623b8c
== Regression Potential ==
Low, because:
- s390x only
- further limited to qeth driver (OSA Express networking)
- changes are limited to two files and 6 lines
- arch/s390/
- drivers/
- error was identified at IBM/customer, fix was created there and tested upfront
- (changes are upstream in 4.20 (according to bug description,
but in 4.19 according to 'git tag'),
hence will make it automatically into 'disco')
== Test Case ==
Test case / reproduction:
Error inject and then simulate out-of-memory situation.
__________
Description: qdio: reset old sbal_state flags
Symptom: af_iucv socket using HiperSockets may stall.
Problem: When allocating a new AOB fails, handle_outbound() is
still capable of transmitting the selected buffer
(just without async completion).
But if a previous transfer on this queue slot used
async completion, its sbal_state flags field is still set
to QDIO_OUTBUF_
So when the upper layer driver sees this stale flag, it
Solution: Unconditionally clear the buffer's flags field.
Reproduction: Error inject, simulating out-of-memory.
kernel 4.20
Upstream-ID: 64e03ff72623b8c
Canonical , please provide this fix for all Releases in Service....
Ubuntu 18.10, 18.04 and 16.04
CVE References
tags: | added: architecture-s39064 bugnameltc-172877 severity-high targetmilestone-inin--- |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
Changed in linux (Ubuntu Disco): | |
assignee: | Skipper Bug Screeners (skipper-screen-team) → Canonical Kernel (canonical-kernel) |
Changed in ubuntu-z-systems: | |
assignee: | nobody → Canonical Kernel Team (canonical-kernel-team) |
description: | updated |
description: | updated |
Changed in ubuntu-z-systems: | |
importance: | Undecided → High |
status: | New → Triaged |
Changed in ubuntu-z-systems: | |
status: | Triaged → Fix Committed |
tags: |
added: targetmilestone-inin1810 removed: targetmilestone-inin--- |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
tags: | added: cscc |
SRU submitted:
[SRU][Cosmic] [Bionic] [Xenial] [PATCH 0/1] Fixes for LP1801686 [v2] /lists. ubuntu. com/archives/ kernel- team/2018- November/ 096507. html
https:/