| 2017-08-29 21:06:29 |
dann frazier |
bug |
|
|
added bug |
| 2017-08-29 21:06:36 |
dann frazier |
nominated for series |
|
Ubuntu Zesty |
|
| 2017-08-29 21:06:36 |
dann frazier |
bug task added |
|
linux (Ubuntu Zesty) |
|
| 2017-08-29 21:06:44 |
dann frazier |
linux (Ubuntu Zesty): status |
New |
Confirmed |
|
| 2017-08-29 21:30:07 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2017-08-29 23:24:37 |
dann frazier |
description |
[Impact]
cntvct_el0 could be left untrapped if reset with the user access bit set
[Test Case]
[Regression Risk] |
[Impact]
This bug captures a few issues with the ARM arch_timer driver:
1) Some arm64 systems have hardware defects in their architected timer implementations that require errata, which we workaround in the kernel. However, it's possible that this workaround will not be applied if the timer was reset w/ the user access bit set.
2) The Juno board fails to initialize a timer at boot:
arch_timer: Unable to map frame @ 0x0000000000000000
arch_timer: Frame missing phys irq.
Failed to initialize '/timer@2a810000': -22
3) Possible boot warning from arch_timer_mem_of_init():
'Trying to vfree() nonexistent vm area'
4) There's a theoretical problem where the first frame of a timer could be used even though a better suited timer frame is available.
5) An infinite recursion loop will occur when enabling the function tracer in builds with CONFIG_PREEMPT_TRACER=y. Ubuntu does not enable CONFIG_PREEMPT_TRACER, so this will only be a problem if that changes.
[Test Case]
[Regression Risk] |
|
| 2017-08-29 23:24:43 |
dann frazier |
linux (Ubuntu): status |
Incomplete |
Confirmed |
|
| 2017-08-30 17:46:07 |
dann frazier |
description |
[Impact]
This bug captures a few issues with the ARM arch_timer driver:
1) Some arm64 systems have hardware defects in their architected timer implementations that require errata, which we workaround in the kernel. However, it's possible that this workaround will not be applied if the timer was reset w/ the user access bit set.
2) The Juno board fails to initialize a timer at boot:
arch_timer: Unable to map frame @ 0x0000000000000000
arch_timer: Frame missing phys irq.
Failed to initialize '/timer@2a810000': -22
3) Possible boot warning from arch_timer_mem_of_init():
'Trying to vfree() nonexistent vm area'
4) There's a theoretical problem where the first frame of a timer could be used even though a better suited timer frame is available.
5) An infinite recursion loop will occur when enabling the function tracer in builds with CONFIG_PREEMPT_TRACER=y. Ubuntu does not enable CONFIG_PREEMPT_TRACER, so this will only be a problem if that changes.
[Test Case]
[Regression Risk] |
[Impact]
This bug captures a few issues with the ARM arch_timer driver:
1) Some arm64 systems have hardware defects in their architected timer implementations that require errata, which we workaround in the kernel. However, it's possible that this workaround will not be applied if the timer was reset w/ the user access bit set.
2) The Juno board fails to initialize a timer at boot:
arch_timer: Unable to map frame @ 0x0000000000000000
arch_timer: Frame missing phys irq.
Failed to initialize '/timer@2a810000': -22
3) Possible boot warning from arch_timer_mem_of_init():
'Trying to vfree() nonexistent vm area'
4) There's a theoretical problem where the first frame of a timer could be used even though a better suited timer frame is available.
5) An infinite recursion loop will occur when enabling the function tracer in builds with CONFIG_PREEMPT_TRACER=y. Ubuntu does not enable CONFIG_PREEMPT_TRACER, so this will only be a problem if that changes.
[Test Case]
I've regression tested this on both a system w/ an errata workaround (HiSilicon D05) and one that is not (Cavium ThunderX CRB1S). In both cases the timer was initialized correctly.
[Regression Risk]
The regression risk is restricted to ARM systems, as this driver only applies there. Regressions could lead to a timer failing to initialize, or a system that requires errata not having the appropriate workaround applied. (Which are also the conditions that the suggested backports are attempting to fix). |
|
| 2017-08-30 17:47:46 |
dann frazier |
description |
[Impact]
This bug captures a few issues with the ARM arch_timer driver:
1) Some arm64 systems have hardware defects in their architected timer implementations that require errata, which we workaround in the kernel. However, it's possible that this workaround will not be applied if the timer was reset w/ the user access bit set.
2) The Juno board fails to initialize a timer at boot:
arch_timer: Unable to map frame @ 0x0000000000000000
arch_timer: Frame missing phys irq.
Failed to initialize '/timer@2a810000': -22
3) Possible boot warning from arch_timer_mem_of_init():
'Trying to vfree() nonexistent vm area'
4) There's a theoretical problem where the first frame of a timer could be used even though a better suited timer frame is available.
5) An infinite recursion loop will occur when enabling the function tracer in builds with CONFIG_PREEMPT_TRACER=y. Ubuntu does not enable CONFIG_PREEMPT_TRACER, so this will only be a problem if that changes.
[Test Case]
I've regression tested this on both a system w/ an errata workaround (HiSilicon D05) and one that is not (Cavium ThunderX CRB1S). In both cases the timer was initialized correctly.
[Regression Risk]
The regression risk is restricted to ARM systems, as this driver only applies there. Regressions could lead to a timer failing to initialize, or a system that requires errata not having the appropriate workaround applied. (Which are also the conditions that the suggested backports are attempting to fix). |
[Impact]
This bug captures a few issues with the ARM arch_timer driver:
1) Some arm64 systems have hardware defects in their architected timer implementations that require errata, which we workaround in the kernel. However, it's possible that this workaround will not be applied if the timer was reset w/ the user access bit set.
2) The Juno board fails to initialize a timer at boot:
arch_timer: Unable to map frame @ 0x0000000000000000
arch_timer: Frame missing phys irq.
Failed to initialize '/timer@2a810000': -22
3) Possible boot warning from arch_timer_mem_of_init():
'Trying to vfree() nonexistent vm area'
4) There's a theoretical problem where the first frame of a timer could be used even though a better suited timer frame is available.
5) An infinite recursion loop will occur when enabling the function tracer in builds with CONFIG_PREEMPT_TRACER=y. Ubuntu does not enable CONFIG_PREEMPT_TRACER, so this will only be a problem if that changes.
[Test Case]
I've regression tested this on both a system w/ an errata workaround (HiSilicon D05) and one that is not (Cavium ThunderX CRB1S). In both cases the timer was initialized correctly. Verified by looking at the boot messages:
dannf@d05-3:~$ dmesg | grep arch_timer
[ 0.000000] arch_timer: Enabling global workaround for HiSilicon erratum 161010101
[ 0.000000] arch_timer: CPU0: Trapping CNTVCT access
[ 0.000000] arch_timer: cp15 timer(s) running at 50.00MHz (phys).
[ 0.194241] arch_timer: CPU1: Trapping CNTVCT access
[ 0.197305] arch_timer: CPU2: Trapping CNTVCT access
<.....>
[ 0.396228] arch_timer: CPU62: Trapping CNTVCT access
[ 0.399752] arch_timer: CPU63: Trapping CNTVCT access
ubuntu@grotrian:~$ dmesg | grep arch_timer
[ 0.000000] arch_timer: cp15 timer(s) running at 100.00MHz (phys).
[Regression Risk]
The regression risk is restricted to ARM systems, as this driver only applies there. Regressions could lead to a timer failing to initialize, or a system that requires errata not having the appropriate workaround applied. (Which are also the conditions that the suggested backports are attempting to fix). |
|
| 2017-08-30 17:47:54 |
dann frazier |
linux (Ubuntu): assignee |
|
dann frazier (dannf) |
|
| 2017-08-30 17:47:56 |
dann frazier |
linux (Ubuntu Zesty): assignee |
|
dann frazier (dannf) |
|
| 2017-08-30 17:48:00 |
dann frazier |
linux (Ubuntu): status |
Confirmed |
In Progress |
|
| 2017-08-30 17:48:02 |
dann frazier |
linux (Ubuntu Zesty): status |
Confirmed |
In Progress |
|
| 2017-08-31 17:11:11 |
Seth Forshee |
linux (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2017-09-11 15:21:59 |
Launchpad Janitor |
linux (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2017-09-15 12:34:20 |
Stefan Bader |
linux (Ubuntu Zesty): status |
In Progress |
Fix Committed |
|
| 2017-09-25 18:16:18 |
Kleber Sacilotto de Souza |
tags |
|
verification-needed-zesty |
|
| 2017-09-26 20:58:18 |
dann frazier |
tags |
verification-needed-zesty |
verification-done-zesty |
|
| 2017-10-10 08:22:22 |
Launchpad Janitor |
linux (Ubuntu Zesty): status |
Fix Committed |
Fix Released |
|
| 2017-10-10 08:22:22 |
Launchpad Janitor |
cve linked |
|
2017-1000255 |
|
| 2017-10-10 08:22:22 |
Launchpad Janitor |
cve linked |
|
2017-14106 |
|
