This bug was fixed in the package linux - 4.18.0-11.12
---------------
linux (4.18.0-11.12) cosmic; urgency=medium
* linux: 4.18.0-11.12 -proposed tracker (LP: #1799445)
* arm64: snapdragon: WARNING: CPU: 0 PID: 1 arch/arm64/kernel/setup.c:271
reserve_memblock_reserved_regions (LP: #1797139)
- SAUCE: arm64: Fix /proc/iomem for reserved but not memory regions
* arm64: snapdragon: WARNING: CPU: 0 PID: 1 at drivers/irqchip/irq-gic.c:1016
gic_irq_domain_translate (LP: #1797143)
- SAUCE: arm64: dts: msm8916: camms: fix gic_irq_domain_translate warnings
* The front MIC can't work on the Lenovo M715 (LP: #1797292)
- ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
* Provide mode where all vCPUs on a core must be the same VM (LP: #1792957)
- KVM: PPC: Book3S HV: Provide mode where all vCPUs on a core must be the
same
VM
* fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
- SAUCE: fscache: Fix race in decrementing refcount of op->npages
* hns3: autoneg settings get lost on down/up (LP: #1797654)
- net: hns3: Fix for information of phydev lost problem when down/up
* not able to unwind the stack from within __kernel_clock_gettime in the Linux
vDSO (LP: #1797963)
- powerpc/vdso: Correct call frame information
* Signal 7 error when running GPFS tracing in cluster (LP: #1792195)
- powerpc/mm/books3s: Add new pte bit to mark pte temporarily invalid.
- powerpc/mm/radix: Only need the Nest MMU workaround for R -> RW transition
* Support Edge Gateway's WIFI LED (LP: #1798330)
- SAUCE: mwifiex: Switch WiFi LED state according to the device status
* Support Edge Gateway's Bluetooth LED (LP: #1798332)
- SAUCE: Bluetooth: Support for LED on Edge Gateways
* kvm doesn't work on 36 physical bits systems (LP: #1798427)
- KVM: x86: fix L1TF's MMIO GFN calculation
* CVE-2018-15471
- xen-netback: fix input validation in xenvif_set_hash_mapping()
* regression in 'ip --family bridge neigh' since linux v4.12 (LP: #1796748)
- rtnetlink: fix rtnl_fdb_dump() for ndmsg header
-- Stefan Bader <stefan.ba...@canonical.com> Tue, 23 Oct 2018 18:59:15
+0200
** Changed in: linux (Ubuntu Cosmic)
Status: Fix Committed => Fix Released
** Changed in: linux (Ubuntu Cosmic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1792195
Title:
Signal 7 error when running GPFS tracing in cluster
Status in The Ubuntu-power-systems project:
In Progress
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Cosmic:
Fix Released
Bug description:
== SRU Justification ==
IBM is requesting these commits in bionic and cosmic. These commits
also rely on commit 7acf50e4efa6, which was SRU'd in bug 1792102.
Description of bug:
GPFS mmfsd daemon is mapping shared tracing buffer(allocated from kernel
driver using vmalloc) and then writing trace records from user space threads
in parallel. While the SIGBUS happened, the access virtual memory address
is in the mapped range, no overflow on access.
The root cause is that for PTEs created by a driver at mmap time (ie, that
aren't created dynamically at fault time), it's not legit for
ptep_set_access_flags()
to make them invalid even temporarily. A concurrent access while they are
invalid will be unable to service the page fault and will cause as SIGBUS.
== Fixes ==
bd0dbb73e013 ("powerpc/mm/books3s: Add new pte bit to mark pte temporarily
invalid.")
f08d08f3db55 ("powerpc/mm/radix: Only need the Nest MMU workaround for R ->
RW transition")
== Regression Potential ==
Low. Limited to powerpc.
== Test Case ==
A test kernel was built with these patches and tested by IBM.
IBM states the test kernel resolved the bug.
-- Problem Description --
GPFS mmfsd daemon is mapping shared tracing buffer(allocated from kernel
driver using vmalloc) and then writing trace records from user space threads in
parallel. While the SIGBUS happened, the access virtual memory address is in
the mapped range, no overflow on access.
Worked with Benjamin Herrenschmidt on GPFS tracing kernel driver code
and he made a suggestion as workaround on the driver code to bypass
the problem, and it works....
the workaround code change as below:
- rc = remap_pfn_range(vma, start, pfn, PAGE_SIZE, PAGE_SHARED);
+ rc = remap_pfn_range(vma, start, pfn, PAGE_SIZE,
__pgprot(pgprot_val(PAGE_SHARED)|_PAGE_DIRTY);
As Benjamin mentioned, this is a Linux kernel bug and this is just a
workaround. He will give the details about the kernel bug and why this
workaround works....
The root cause is that for PTEs created by a driver at mmap time (ie,
that aren't created dynamically at fault time), it's not legit for
ptep_set_access_flags() to make them invalid even temporarily. A
concurrent access while they are invalid will be unable to service the
page fault and will cause as SIGBUS.
Thankfully such PTEs shouldn't normally be the subject of a RO->RW
privilege escalation.
What happens is that the GPFS driver creates the PTEs using
remap_pfn_range(...,PAGE_SHARED).
PAGE_SHARED has _PAGE_ACCESSED (R) but not _PAGE_DIRTY (C) set.
Thus on the first write, we try set C and while doing so, hit the
above workaround, which causes the problem described earlier.
The proposed patch will ensure we only do the Nest MMU hack when
changing _PAGE_RW and not for normal R/C updates.
The workaround tested by the GPFS team consists of adding _PAGE_DIRTY
to the mapping created by remap_pfn_range() to avoid the RC update
fault completely.
This is fixed by these:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd0dbb73e01306a1060e56f81e5fe287be936477
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f08d08f3db55452d31ba4a37c702da6245876b96
Since DD1 support is still in (ie,
2bf1071a8d50928a4ae366bb3108833166c2b70c is not applied) the second
doesn't apply cleanly. Did you want that attached?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1792195/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
