Bug #1656381 “Xen MSI setup code incorrectly re-uses cached pirq...” : Zesty (17.04) : Bugs : linux package : Ubuntu

Dan Streetman (ddstreet) on 2017-01-13

Changed in linux (Ubuntu):
assignee:	nobody → Dan Streetman (ddstreet)
status:	New → In Progress
importance:	Undecided → High

Thadeu Lima de Souza Cascardo (cascardo) on 2017-01-16

Changed in linux (Ubuntu Xenial):
status:	New → Fix Committed

Luis Henriques (henrix) on 2017-01-17

Changed in linux (Ubuntu Yakkety):
status:	New → Fix Committed

Dan Streetman (ddstreet) on 2017-01-18

description:

updated

Revision history for this message

John Donnelly (jpdonnelly) wrote on 2017-01-19:

#1

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-yakkety' to 'verification-done-yakkety'. If the problem still exists, change the tag 'verification-needed-yakkety' to 'verification-failed-yakkety'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-yakkety

Revision history for this message

John Donnelly (jpdonnelly) wrote on 2017-01-19:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial

Revision history for this message

Dan Streetman (ddstreet) wrote on 2017-01-20:

#3

Verified with the 4.4.0-62-generic kernel on an AWS i3 instance, all the NVMe drives initialized successfully.

tags:

added: verification-done-xenial
removed: verification-needed-xenial

Revision history for this message

Dan Streetman (ddstreet) wrote on 2017-01-20:

#4

Verified with the 4.8.0-36-generic kernel on an AWS i3 instance, all the NVMe drives initialized successfully.

tags:

added: verification-done-yakkety
removed: verification-needed-yakkety

Luis Henriques (henrix) on 2017-01-20

Changed in linux (Ubuntu Trusty):
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-02-02:

#5

Download full text (10.8 KiB)

This bug was fixed in the package linux - 4.4.0-62.83

---------------
linux (4.4.0-62.83) xenial; urgency=low

[ Thadeu Lima de Souza Cascardo ]

* Release Tracking Bug
- LP: #1657430

  * Backport DP MST fixes to i915 (LP: #1657353)
    - SAUCE: i915_bpo: Fix DP link rate math
    - SAUCE: i915_bpo: Validate mode against max. link data rate for DP MST

* Ubuntu xenial - 4.4.0-59-generic i3 I/O performance issue (LP: #1657281)
- blk-mq: really fix plug list flushing for nomerge queues

linux (4.4.0-61.82) xenial; urgency=low

[ Thadeu Lima de Souza Cascardo ]

* Release Tracking Bug
- LP: #1656810

* Xen MSI setup code incorrectly re-uses cached pirq (LP: #1656381)
- SAUCE: xen: do not re-use pirq number cached in pci device msi msg data

* nvme drive probe failure (LP: #1626894)
- nvme: revert NVMe: only setup MSIX once

linux (4.4.0-60.81) xenial; urgency=low

[ John Donnelly ]

* Release Tracking Bug
- LP: #1656084

* Couldn't emulate instruction 0x7813427c (LP: #1634129)
- KVM: PPC: Book3S PR: Fix illegal opcode emulation

  * perf: 24x7: Eliminate domain name suffix in event names (LP: #1560482)
    - powerpc/perf/hv-24x7: Fix usage with chip events.
    - powerpc/perf/hv-24x7: Display change in counter values
    - powerpc/perf/hv-24x7: Display domain indices in sysfs
    - powerpc/perf/24x7: Eliminate domain suffix in event names

  * i386 ftrace tests hang on ADT testing (LP: #1655040)
    - ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps
      to it

  * VMX module autoloading if available (LP: #1651322)
    - powerpc: Add module autoloading based on CPU features
    - crypto: vmx - Convert to CPU feature based module autoloading

  * ACPI probe support for AD5592/3 configurable multi-channel converter
    (LP: #1654497)
    - SAUCE: iio: dac: ad5592r: Add ACPI support
    - SAUCE: iio: dac: ad5593r: Add ACPI support

  * Xenial update to v4.4.40 stable release (LP: #1654602)
    - btrfs: limit async_work allocation and worker func duration
    - Btrfs: fix tree search logic when replaying directory entry deletes
    - btrfs: store and load values of stripes_min/stripes_max in balance status
      item
    - Btrfs: fix qgroup rescan worker initialization
    - USB: serial: option: add support for Telit LE922A PIDs 0x1040, 0x1041
    - USB: serial: option: add dlink dwm-158
    - USB: serial: kl5kusb105: fix open error path
    - USB: cdc-acm: add device id for GW Instek AFG-125
    - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices
    - usb: gadget: f_uac2: fix error handling at afunc_bind
    - usb: gadget: composite: correctly initialize ep->maxpacket
    - USB: UHCI: report non-PME wakeup signalling for Intel hardware
    - ALSA: usb-audio: Add QuickCam Communicate Deluxe/S7500 to
      volume_control_quirks
    - ALSA: hiface: Fix M2Tech hiFace driver sampling rate change
    - ALSA: hda/ca0132 - Add quirk for Alienware 15 R2 2016
    - ALSA: hda - ignore the assoc and seq when comparing pin configurations
    - ALSA: hda - fix headset-mic problem on a Dell laptop
    - ALSA: hda - Gate the mic jack on HP Z1 Gen3 AiO
    - ALSA: hd...

This bug was fixed in the package linux - 4.4.0-62.83

---------------
linux (4.4.0-62.83) xenial; urgency=low

[ Thadeu Lima de Souza Cascardo ]

* Release Tracking Bug
    - LP: #1657430

* Backport DP MST fixes to i915 (LP: #1657353)
    - SAUCE: i915_bpo: Fix DP link rate math
    - SAUCE: i915_bpo: Validate mode against max. link data rate for DP MST

* Ubuntu xenial - 4.4.0-59-generic i3 I/O performance issue (LP: #1657281)
    - blk-mq: really fix plug list flushing for nomerge queues

linux (4.4.0-61.82) xenial; urgency=low

[ Thadeu Lima de Souza Cascardo ]

* Release Tracking Bug
    - LP: #1656810

* Xen MSI setup code incorrectly re-uses cached pirq (LP: #1656381)
    - SAUCE: xen: do not re-use pirq number cached in pci device msi msg data

* nvme drive probe failure (LP: #1626894)
    - nvme: revert NVMe: only setup MSIX once

linux (4.4.0-60.81) xenial; urgency=low

[ John Donnelly ]

* Release Tracking Bug
    - LP: #1656084

* Couldn't emulate instruction 0x7813427c (LP: #1634129)
    - KVM: PPC: Book3S PR: Fix illegal opcode emulation

* perf: 24x7: Eliminate domain name suffix in event names (LP: #1560482)
    - powerpc/perf/hv-24x7: Fix usage with chip events.
    - powerpc/perf/hv-24x7: Display change in counter values
    - powerpc/perf/hv-24x7: Display domain indices in sysfs
    - powerpc/perf/24x7: Eliminate domain suffix in event names

* i386 ftrace tests hang on ADT testing (LP: #1655040)
    - ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps
      to it

* VMX module autoloading if available (LP: #1651322)
    - powerpc: Add module autoloading based on CPU features
    - crypto: vmx - Convert to CPU feature based module autoloading

* ACPI probe support for AD5592/3 configurable multi-channel converter
    (LP: #1654497)
    - SAUCE: iio: dac: ad5592r: Add ACPI support
    - SAUCE: iio: dac: ad5593r: Add ACPI support

* Xenial update to v4.4.40 stable release (LP: #1654602)
    - btrfs: limit async_work allocation and worker func duration
    - Btrfs: fix tree search logic when replaying directory entry deletes
    - btrfs: store and load values of stripes_min/stripes_max in balance status
      item
    - Btrfs: fix qgroup rescan worker initialization
    - USB: serial: option: add support for Telit LE922A PIDs 0x1040, 0x1041
    - USB: serial: option: add dlink dwm-158
    - USB: serial: kl5kusb105: fix open error path
    - USB: cdc-acm: add device id for GW Instek AFG-125
    - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices
    - usb: gadget: f_uac2: fix error handling at afunc_bind
    - usb: gadget: composite: correctly initialize ep->maxpacket
    - USB: UHCI: report non-PME wakeup signalling for Intel hardware
    - ALSA: usb-audio: Add QuickCam Communicate Deluxe/S7500 to
      volume_control_quirks
    - ALSA: hiface: Fix M2Tech hiFace driver sampling rate change
    - ALSA: hda/ca0132 - Add quirk for Alienware 15 R2 2016
    - ALSA: hda - ignore the assoc and seq when comparing pin configurations
    - ALSA: hda - fix headset-mic problem on a Dell laptop
    - ALSA: hda - Gate the mic jack on HP Z1 Gen3 AiO
    - ALSA: hda: when comparing pin configurations, ignore assoc in addition to
      seq
    - clk: ti: omap36xx: Work around sprz319 advisory 2.1
    - Btrfs: fix memory leak in reading btree blocks
    - Btrfs: bail out if block group has different mixed flag
    - Btrfs: return gracefully from balance if fs tree is corrupted
    - Btrfs: don't leak reloc root nodes on error
    - Btrfs: fix memory leak in do_walk_down
    - Btrfs: don't BUG() during drop snapshot
    - btrfs: make file clone aware of fatal signals
    - block_dev: don't test bdev->bd_contains when it is not stable
    - ptrace: Capture the ptracer's creds not PT_PTRACE_CAP
    - crypto: caam - fix AEAD givenc descriptors
    - ext4: fix mballoc breakage with 64k block size
    - ext4: fix stack memory corruption with 64k block size
    - ext4: use more strict checks for inodes_per_block on mount
    - ext4: fix in-superblock mount options processing
    - ext4: add sanity checking to count_overhead()
    - ext4: reject inodes with negative size
    - ext4: return -ENOMEM instead of success
    - ext4: do not perform data journaling when data is encrypted
    - f2fs: set ->owner for debugfs status file's file_operations
    - loop: return proper error from loop_queue_rq()
    - mm/vmscan.c: set correct defer count for shrinker
    - fs: exec: apply CLOEXEC before changing dumpable task flags
    - exec: Ensure mm->user_ns contains the execed files
    - usb: gadget: composite: always set ep->mult to a sensible value
    - blk-mq: Do not invoke .queue_rq() for a stopped queue
    - dm flakey: return -EINVAL on interval bounds error in flakey_ctr()
    - dm crypt: mark key as invalid until properly loaded
    - dm space map metadata: fix 'struct sm_metadata' leak on failed create
    - ASoC: intel: Fix crash at suspend/resume without card registration
    - CIFS: Fix a possible memory corruption during reconnect
    - CIFS: Fix missing nls unload in smb2_reconnect()
    - CIFS: Fix a possible memory corruption in push locks
    - kernel/watchdog: use nmi registers snapshot in hardlockup handler
    - kernel/debug/debug_core.c: more properly delay for secondary CPUs
    - tpm xen: Remove bogus tpm_chip_unregister
    - xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing
    - arm/xen: Use alloc_percpu rather than __alloc_percpu
    - xfs: set AGI buffer type in xlog_recover_clear_agi_bucket
    - driver core: fix race between creating/querying glue dir and its cleanup
    - ppp: defer netns reference release for ppp channel
    - Linux 4.4.40

* igb i210 probe of pci device failed with error -2 (LP: #1639810)
    - SAUCE: igb: Workaround for igb i210 firmware issue.
    - SAUCE: igb: add i211 to i210 PHY workaround

* PowerNV: PCI Slot is invalid after fencedPHB Error injection (LP: #1652018)
    - powerpc/powernv: Call opal_pci_poll() if needed

* mfd: intel-lpss: Add default I2C device properties for Apollo Lake
    (LP: #1635177)
    - mfd: intel-lpss: Add default I2C device properties for Apollo Lake

* Xenial update to v4.4.39 stable release (LP: #1650609)
    - powerpc/eeh: Fix deadlock when PE frozen state can't be cleared
    - parisc: Purge TLB before setting PTE
    - parisc: Remove unnecessary TLB purges from flush_dcache_page_asm and
      flush_icache_page_asm
    - parisc: Fix TLB related boot crash on SMP machines
    - zram: restrict add/remove attributes to root only
    - locking/rtmutex: Prevent dequeue vs. unlock race
    - locking/rtmutex: Use READ_ONCE() in rt_mutex_owner()
    - perf/x86: Fix full width counter, counter overflow
    - crypto: mcryptd - Check mcryptd algorithm compatibility
    - can: raw: raw_setsockopt: limit number of can_filter that can be set
    - can: peak: fix bad memory access and free sequence
    - arm64: futex.h: Add missing PAN toggling
    - m68k: Fix ndelay() macro
    - batman-adv: Check for alloc errors when preparing TT local data
    - hotplug: Make register and unregister notifier API symmetric
    - crypto: rsa - Add Makefile dependencies to fix parallel builds
    - Linux 4.4.39

* Xenial update to v4.4.38 stable release (LP: #1650607)
    - virtio-net: add a missing synchronize_net()
    - net: check dead netns for peernet2id_alloc()
    - ip6_tunnel: disable caching when the traffic class is inherited
    - net: sky2: Fix shutdown crash
    - af_unix: conditionally use freezable blocking calls in read
    - rtnetlink: fix FDB size computation
    - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()
    - net: dsa: bcm_sf2: Ensure we re-negotiate EEE during after link change
    - net, sched: respect rcu grace period on cls destruction
    - net/sched: pedit: make sure that offset is valid
    - netlink: Call cb->done from a worker thread
    - netlink: Do not schedule work from sk_destruct
    - net/dccp: fix use-after-free in dccp_invalid_packet
    - net: bcmgenet: Utilize correct struct device for all DMA operations
    - sh_eth: remove unchecked interrupts for RZ/A1
    - geneve: avoid use-after-free of skb->data
    - net: ping: check minimum size on ICMP header length
    - sparc32: Fix inverted invalid_frame_pointer checks on sigreturns
    - sparc64: Fix find_node warning if numa node cannot be found
    - sparc64: fix compile warning section mismatch in find_node()
    - constify iov_iter_count() and iter_is_iovec()
    - Don't feed anything but regular iovec's to blk_rq_map_user_iov
    - ipv6: Set skb->protocol properly for local output
    - ipv4: Set skb->protocol properly for local output
    - esp4: Fix integrity verification when ESN are used
    - esp6: Fix integrity verification when ESN are used
    - Linux 4.4.38

* Xenial update to v4.4.37 stable release (LP: #1650604)
    - ARC: Don't use "+l" inline asm constraint
    - zram: fix unbalanced idr management at hot removal
    - kasan: update kasan_global for gcc 7
    - x86/traps: Ignore high word of regs->cs in early_fixup_exception()
    - rcu: Fix soft lockup for rcu_nocb_kthread
    - PCI: Export pcie_find_root_port
    - PCI: Set Read Completion Boundary to 128 iff Root Port supports it (_HPX)
    - mwifiex: printk() overflow with 32-byte SSIDs
    - pwm: Fix device reference leak
    - arm64: cpufeature: Schedule enable() calls instead of calling them via IPI
    - arm64: mm: Set PSTATE.PAN from the cpu_enable_pan() call
    - arm64: suspend: Reconfigure PSTATE after resume from idle
    - Linux 4.4.37

* Xenial update to v4.4.36 stable release (LP: #1650601)
    - iommu/vt-d: Fix PASID table allocation
    - iommu/vt-d: Fix IOMMU lookup for SR-IOV Virtual Functions
    - KVM: x86: check for pic and ioapic presence before use
    - usb: chipidea: move the lock initialization to core file
    - USB: serial: cp210x: add ID for the Zone DPMX
    - USB: serial: ftdi_sio: add support for TI CC3200 LaunchPad
    - Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y
    - scsi: mpt3sas: Fix secure erase premature termination
    - tile: avoid using clocksource_cyc2ns with absolute cycle count
    - cfg80211: limit scan results cache size
    - NFSv4.x: hide array-bounds warning
    - parisc: Fix races in parisc_setup_cache_timing()
    - parisc: Fix race in pci-dma.c
    - parisc: Also flush data TLB in flush_icache_page_asm
    - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]
    - drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on
    - mei: me: disable driver on SPT SPS firmware
    - mei: me: fix place for kaby point device ids.
    - mei: fix return value on disconnection
    - scsi: mpt3sas: Unblock device after controller reset
    - Linux 4.4.36

* Miscellaneous Ubuntu changes
    - [Debian] consider renames in gen-auto-reconstruct

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Wed, 18 Jan 2017 09:34:07 -0200

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-02-02:

#6

This bug was fixed in the package linux - 4.8.0-37.39

---------------
linux (4.8.0-37.39) yakkety; urgency=low

[ Thadeu Lima de Souza Cascardo ]

* Release Tracking Bug
- LP: #1659381

  * Mouse cursor invisible or does not move (LP: #1646574)
    - drm/nouveau/disp/nv50-: split chid into chid.ctrl and chid.user
    - drm/nouveau/disp/nv50-: specify ctrl/user separately when constructing
      classes
    - drm/nouveau/disp/gp102: fix cursor/overlay immediate channel indices

-- Benjamin M Romer <email address hidden> Wed, 25 Jan 2017 16:12:02 -0200

Changed in linux (Ubuntu Yakkety):
status:	Fix Committed → Fix Released

Revision history for this message

Thadeu Lima de Souza Cascardo (cascardo) wrote on 2017-02-09:

#7

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'. If the problem still exists, change the tag 'verification-needed-trusty' to 'verification-failed-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-trusty

Revision history for this message

Dan Streetman (ddstreet) wrote on 2017-02-10:

#8

Verified with kernel 3.13.0-109-generic on AWS instance NVMe drives are all initialized.

tags:

added: verification-done-trusty
removed: verification-needed-trusty

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-02-20:

#9

This bug was fixed in the package linux - 3.13.0-109.156

---------------
linux (3.13.0-109.156) trusty; urgency=low

[ Thadeu Lima de Souza Cascardo ]

* Release Tracking Bug
- LP: #1662186

  [ Luis Henriques ]
  * Backport Dirty COW patch to prevent wineserver freeze (LP: #1658270)
    - ARM: 7985/1: mm: implement pte_accessible for faulting mappings
    - ARM: 8108/1: mm: Introduce {pte,pmd}_isset and {pte,pmd}_isclear
    - ARM: 8037/1: mm: support big-endian page tables
    - ARM: 8109/1: mm: Modify pte_write and pmd_write logic for LPAE
    - arm64: mm: Route pmd thp functions through pte equivalents
    - mm: fix huge zero page accounting in smaps report
    - SAUCE: mm: Respect FOLL_FORCE/FOLL_COW for thp

  * kernel BUG at skbuff.h:1486 Insufficient linear data in skb
    __skb_pull.part.7+0x4/0x6 [openvswitch] (LP: #1655683)
    - SAUCE: openvswitch: gre: filter gre packets

* CVE-2016-7911
- block: fix use-after-free in sys_ioprio_get()

* CVE-2016-7910
- block: fix use-after-free in seq file

* Xen MSI setup code incorrectly re-uses cached pirq (LP: #1656381)
- SAUCE: xen: do not re-use pirq number cached in pci device msi msg data

-- Thadeu Lima de Souza Cascardo <email address hidden> Tue, 07 Feb 2017 09:26:42 -0200

Changed in linux (Ubuntu Trusty):
status:	Fix Committed → Fix Released

Revision history for this message

Dan Streetman (ddstreet) wrote on 2017-10-13:

#10

this is fixed in zesty by bug 1677589, and is already upstream in artful and later.

Changed in linux (Ubuntu Zesty):
status:	In Progress → Fix Released

Dan Streetman (ddstreet) on 2018-05-25

Changed in linux (Ubuntu):
status:	In Progress → Fix Released

Ubuntu
linux package

Xen MSI setup code incorrectly re-uses cached pirq

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	High	Dan Streetman
Trusty	Fix Released	Undecided	Unassigned
Xenial	Fix Released	Undecided	Unassigned
Yakkety	Fix Released	Undecided	Unassigned
Zesty	Fix Released	High	Dan Streetman

Ubuntulinux package

Xen MSI setup code incorrectly re-uses cached pirq

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package