Sys oopsed with sysfs test in ubuntu_stress_smoke_test on X-hwe ARM64
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Stress-ng |
Invalid
|
Undecided
|
Unassigned | ||
ubuntu-kernel-tests |
Fix Released
|
Medium
|
Colin Ian King | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
== SRU Request [ BIONIC, DISCO, EOAN, FOCAL ] ==
Reading /sys/firmware/
== Fix ==
The fix is upstream (linux-next) commit that will land in 5.7, the backport to bionic, eoan and focal is just a minor context wiggle.
commit 08c07cefb3042a5
Author: Colin Ian King <email address hidden>
Date: Thu Mar 12 11:13:45 2020 +0000
ACPI: sysfs: copy ACPI data using io memory copying
== Test ==
Running on hotdog with the reproducer below (run as root):
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
int main(void)
{
int fd;
char buffer[3];
ssize_t n;
fd = open("/
if (fd < 0) {
}
do {
n = read(fd, buffer, sizeof(buffer));
} while (n > 0);
return 0;
}
Without the fix it will oops. With the fix it works OK.
== Regession Potential ==
This only affects the reading of the ACPI BERT table from /sys as root so it is limited in scope to just a very narrow use case. Normally the BERT table is just handled by the kernel, so access to this table is just for debugging purposes.
-------
Issue found on new ARM64 node "hotdog" 4.15.0-
Failed 2 of 2 attempts.
Test suite HEAD SHA1: 3f43e81
sysfs STARTING
sysfs RETURNED 0
sysfs FAILED (kernel oopsed)
[ 1075.760640] Unable to handle kernel paging request at virtual address ffff00004a70072a
[ 1075.763319] Unable to handle kernel paging request at virtual address ffff00004a70e4ba
[ 1075.768563] Mem abort info:
[ 1075.768566] ESR = 0x96000021
[ 1075.768568] Exception class = DABT (current EL), IL = 32 bits
[ 1075.768569] SET = 0, FnV = 0
[ 1075.768570] EA = 0, S1PTW = 0
[ 1075.768571] Data abort info:
[ 1075.768577] ISV = 0, ISS = 0x00000021
[ 1075.776489] Mem abort info:
[ 1075.776491] ESR = 0x96000021
[ 1075.776493] Exception class = DABT (current EL), IL = 32 bits
[ 1075.776494] SET = 0, FnV = 0
[ 1075.776495] EA = 0, S1PTW = 0
[ 1075.776496] Data abort info:
[ 1075.776500] ISV = 0, ISS = 0x00000021
[ 1075.779284] CM = 0, WnR = 0
[ 1075.779288] swapper pgtable: 4k pages, 48-bit VAs, pgd = 00000000facfed4f
[ 1075.779290] [ffff00004a70072a] *pgd=000000bffc
[ 1075.782342] CM = 0, WnR = 0
[ 1075.782346] swapper pgtable: 4k pages, 48-bit VAs, pgd = 00000000facfed4f
[ 1075.782352] [ffff00004a70e4ba] *pgd=000000bffc
[ 1075.788262] Internal error: Oops: 96000021 [#2] SMP
[ 1075.788269] Modules linked in: unix_diag binfmt_misc snd_seq snd_seq_device snd_timer snd soundcore userio vfio_iommu_type1 vfio hci_vhci bluetooth ecdh_generic uhid cuse vhost_vsock vmw_vsock_
[ 1075.942470] iscsi_tcp libiscsi_tcp libiscsi scsi_transport_
[ 1075.991997] Process stress-ng-sysfs (pid: 108395, stack limit = 0x000000009cb607b8)
[ 1075.999643] CPU: 100 PID: 108395 Comm: stress-ng-sysfs Tainted: G D 4.15.0-91-generic #92~16.04.1-Ubuntu
[ 1076.010324] Hardware name: To be filled by O.E.M. Saber/Saber, BIOS 0ACKL027 07/01/2019
[ 1076.018314] pstate: 80400009 (Nzcv daif +PAN -UAO)
[ 1076.023096] pc : __memcpy+0x84/0x180
[ 1076.026663] lr : memory_
[ 1076.031441] sp : ffff00003ea2bd10
[ 1076.034743] x29: ffff00003ea2bd10 x28: ffff80be4d85cb00
[ 1076.040042] x27: ffff000008b42000 x26: 000000000000003f
[ 1076.045342] x25: 0000000000000124 x24: ffff00004a700000
[ 1076.050643] x23: ffff809e3a7e8500 x22: 000000000000000a
[ 1076.055942] x21: ffff00003ea2bd88 x20: 000000000000000a
[ 1076.061240] x19: 0000000000000734 x18: 0000000000000014
[ 1076.066540] x17: 0000ffffaf4e1a58 x16: ffff0000082e8e28
[ 1076.071839] x15: 00002d88734750e0 x14: 00181a0596c27059
[ 1076.077138] x13: 00000003e8000000 x12: 0000000000000018
[ 1076.082436] x11: 000000000006372e x10: 000000005e66c174
[ 1076.087735] x9 : 003b9aca00000000 x8 : 000000000000003f
[ 1076.093034] x7 : ffff000008645490 x6 : ffff809e3a7e8500
[ 1076.098333] x5 : 000000000000000a x4 : 0000000000010000
[ 1076.103633] x3 : ffff00004a700000 x2 : 000000000000000a
[ 1076.108932] x1 : ffff00004a70072a x0 : ffff809e3a7e8500
[ 1076.114231] Call trace:
[ 1076.116668] __memcpy+0x84/0x180
[ 1076.119887] acpi_data_
[ 1076.123541] sysfs_kf_
[ 1076.127451] kernfs_
[ 1076.131274] __vfs_read+
[ 1076.134577] vfs_read+0x94/0x150
[ 1076.137792] SyS_read+0x74/0xf0
[ 1076.140923] el0_svc_
[ 1076.144487] Code: a88120c7 a8c12027 a88120c7 36180062 (f8408423)
[ 1076.150570] ---[ end trace 496ae41e9716bef2 ]---
[ 1076.155180] Internal error: Oops: 96000021 [#3] SMP
[ 1076.160054] Modules linked in: unix_diag binfmt_misc snd_seq snd_seq_device snd_timer snd soundcore userio vfio_iommu_type1 vfio hci_vhci bluetooth ecdh_generic uhid cuse vhost_vsock vmw_vsock_
[ 1076.230688] iscsi_tcp libiscsi_tcp libiscsi scsi_transport_
[ 1076.280211] Process stress-ng-sysfs (pid: 108405, stack limit = 0x00000000081889d7)
[ 1076.287856] CPU: 155 PID: 108405 Comm: stress-ng-sysfs Tainted: G D 4.15.0-91-generic #92~16.04.1-Ubuntu
[ 1076.298538] Hardware name: To be filled by O.E.M. Saber/Saber, BIOS 0ACKL027 07/01/2019
[ 1076.306530] pstate: 80400009 (Nzcv daif +PAN -UAO)
[ 1076.311319] pc : __memcpy+0x84/0x180
[ 1076.314890] lr : memory_
[ 1076.319667] sp : ffff00003eea3d10
[ 1076.322969] x29: ffff00003eea3d10 x28: ffff80be4d858000
[ 1076.328269] x27: ffff000008b42000 x26: 000000000000003f
[ 1076.333568] x25: 0000000000000124 x24: ffff00004a700000
[ 1076.338868] x23: ffff80bec6fa7400 x22: 000000000000000d
[ 1076.344167] x21: ffff00003eea3d88 x20: 000000000000000d
[ 1076.349467] x19: 000000000000e4c7 x18: 0000000000000014
[ 1076.354767] x17: 0000ffffaf4e1a58 x16: ffff0000082e8e28
[ 1076.360068] x15: 0000566c10765956 x14: 00181a0596c27059
[ 1076.365368] x13: 00000003e8000000 x12: 0000000000000018
[ 1076.370667] x11: 00000000000641a6 x10: 000000005e66c174
[ 1076.375966] x9 : 003b9aca00000000 x8 : 000000000000003f
[ 1076.381265] x7 : ffff000008645490 x6 : ffff80bec6fa7400
[ 1076.386564] x5 : 000000000000000d x4 : 0000000000010000
[ 1076.391864] x3 : ffff00004a700000 x2 : 000000000000000d
[ 1076.397163] x1 : ffff00004a70e4ba x0 : ffff80bec6fa7400
[ 1076.402463] Call trace:
[ 1076.404901] __memcpy+0x84/0x180
[ 1076.408125] acpi_data_
[ 1076.411785] sysfs_kf_
[ 1076.415696] kernfs_
[ 1076.419520] __vfs_read+
[ 1076.422823] vfs_read+0x94/0x150
[ 1076.426038] SyS_read+0x74/0xf0
[ 1076.429171] el0_svc_
[ 1076.432736] Code: a88120c7 a8c12027 a88120c7 36180062 (f8408423)
[ 1076.438818] ---[ end trace 496ae41e9716bef3 ]---
CVE References
tags: | added: 4.15 arm64 kqa-blocker sru-20200217 xenial |
tags: | added: ubuntu-stress-smoke-test |
Changed in ubuntu-kernel-tests: | |
importance: | Undecided → Medium |
assignee: | nobody → Colin Ian King (colin-king) |
status: | New → Incomplete |
description: | updated |
description: | updated |
Changed in linux (Ubuntu Bionic): | |
status: | Incomplete → Fix Committed |
Changed in linux (Ubuntu Eoan): | |
status: | Incomplete → Fix Committed |
description: | updated |
Changed in ubuntu-kernel-tests: | |
status: | In Progress → Fix Released |
Changed in stress-ng: | |
status: | New → Invalid |
This test passed on other 3 ARM64 nodes (appleton-kernel, ms10-34- mcdivittB0- kernel, wright-kernel)