This bug was fixed in the package linux - 4.10.0-33.37
---------------
linux (4.10.0-33.37) zesty; urgency=low
* linux: 4.10.0-33.37 -proposed tracker (LP: #1709303)
* CVE-2017-1000112
- Revert "udp: consistently apply ufo or fragmentation"
- udp: consistently apply ufo or fragmentation
* CVE-2017-1000111
- Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE"
- packet: fix tp_reserve race in packet_set_ring
* ThunderX: soft lockup on 4.8+ kernels when running qemu-efi with vhost=on
(LP: #1673564)
- irqchip/gic-v3: Add missing system register definitions
- arm64: KVM: Do not use stack-protector to compile EL2 code
- KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2
registers
- KVM: arm/arm64: vgic-v3: Fix nr_pre_bits bitfield extraction
- arm64: Add a facility to turn an ESR syndrome into a sysreg encoding
- KVM: arm/arm64: vgic-v3: Add accessors for the ICH_APxRn_EL2 registers
- KVM: arm64: Make kvm_condition_valid32() accessible from EL2
- KVM: arm64: vgic-v3: Add hook to handle guest GICv3 sysreg accesses at EL2
- KVM: arm64: vgic-v3: Add ICV_BPR1_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_IGRPEN1_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_IAR1_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_EOIR1_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_AP1Rn_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_HPPIR1_EL1 handler
- KVM: arm64: vgic-v3: Enable trapping of Group-1 system registers
- KVM: arm64: Enable GICv3 Group-1 sysreg trapping via command-line
- KVM: arm64: vgic-v3: Add ICV_BPR0_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_IGNREN0_EL1 handler
- KVM: arm64: vgic-v3: Add misc Group-0 handlers
- KVM: arm64: vgic-v3: Enable trapping of Group-0 system registers
- KVM: arm64: Enable GICv3 Group-0 sysreg trapping via command-line
- arm64: Add MIDR values for Cavium cn83XX SoCs
- [Config] CONFIG_CAVIUM_ERRATUM_30115=y
- arm64: Add workaround for Cavium Thunder erratum 30115
- KVM: arm64: vgic-v3: Add ICV_DIR_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_RPR_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_CTLR_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_PMR_EL1 handler
- KVM: arm64: Enable GICv3 common sysreg trapping via command-line
- KVM: arm64: vgic-v3: Log which GICv3 system registers are trapped
- arm64: KVM: Make unexpected reads from WO registers inject an undef
- KVM: arm64: Log an error if trapping a read-from-write-only GICv3 access
- KVM: arm64: Log an error if trapping a write-to-read-only GICv3 access
* ibmvscsis: Do not send aborted task response (LP: #1689365)
- target: Fix unknown fabric callback queue-full errors
- ibmvscsis: Do not send aborted task response
- ibmvscsis: Clear left-over abort_cmd pointers
- ibmvscsis: Fix the incorrect req_lim_delta
* hisi_sas performance improvements (LP: #1708734)
- scsi: hisi_sas: define hisi_sas_device.device_id as int
- scsi: hisi_sas: optimise the usage of hisi_hba.lock
- scsi: hisi_sas: relocate sata_done_v2_hw()
- scsi: hisi_sas: optimise DMA slot memory
* hisi_sas driver reports mistakes timed out task for internal abort
(LP: #1708730)
- scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort()
* scsi: hisi_sas: add null check before indirect pointer dereference
(LP: #1708714)
- scsi: hisi_sas: add null check before indirect pointer dereference
* [LTCTest][Opal][FW860.20] HMI recoverable errors failed to recover and
system goes to dump state. (LP: #1684054)
- powerpc/64: Fix HMI exception on LE with CONFIG_RELOCATABLE=y
* Set CONFIG_SATA_HIGHBANK=y on armhf (LP: #1703430)
- [Config] CONFIG_SATA_HIGHBANK=y
* Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
- [Packaging] tests -- reduce rebuild test to one flavour
* support Hip07/08 I2C controller (LP: #1708293)
- ACPI / APD: Add clock frequency for Hisilicon Hip07/08 I2C controller
- i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C controller
* Mute key LED does not work on HP ProBook 440 (LP: #1705586)
- ALSA: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds
- ALSA: hda - Add mute led support for HP ProBook 440 G4
* Hisilicon D05 onboard fibre NIC link indicator LEDs don't work
(LP: #1704903)
- net: hns: add acpi function of xge led control
* zesty unable to handle kernel NULL pointer dereference (LP: #1680904)
- drm/i915: Do not drop pagetables when empty
* hns: use after free in hns_nic_net_xmit_hw (LP: #1704885)
- net: hns: Fix a skb used after free bug
* [ARM64] config EDAC_GHES=y depends on EDAC_MM_EDAC=y (LP: #1706141)
- [Config] set EDAC_MM_EDAC=y for ARM64
* [Hyper-V] hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
(LP: #1690174)
- hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
* ath10k doesn't report full RSSI information (LP: #1706531)
- ath10k: add per chain RSSI reporting
* ideapad_laptop don't support v310-14isk (LP: #1705378)
- platform/x86: ideapad-laptop: Add several models to no_hw_rfkill
* hns: ethtool selftest crashes system (LP: #1705712)
- net/hns:bugfix of ethtool -t phy self_test
* ath9k freezes suspend resume Ubuntu 17.04 (LP: #1697027)
- ath9k: fix an invalid pointer dereference in ath9k_rng_stop()
* xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2
comp_code 13 (LP: #1667750)
- xhci: Bad Ethernet performance plugged in ASM1042A host
* Migrating KSM page causes the VM lock up as the KSM page merging list is too
large (LP: #1680513)
- ksm: introduce ksm_max_page_sharing per page deduplication limit
- ksm: fix use after free with merge_across_nodes = 0
- ksm: cleanup stable_node chain collapse case
- ksm: swap the two output parameters of chain/chain_prune
- ksm: optimize refile of stable_node_dup at the head of the chain
* Change CONFIG_IBMVETH to module (LP: #1704479)
- [Config] CONFIG_IBMVETH=m
* CVE-2017-7487
- ipx: call ipxitf_put() in ioctl error path
* Hotkeys on new Thinkpad systems aren't working (LP: #1705169)
- platform/x86: thinkpad_acpi: guard generic hotkey case
- platform/x86: thinkpad_acpi: add mapping for new hotkeys
* misleading kernel warning skb_warn_bad_offload during checksum calculation
(LP: #1705447)
- net: reduce skb_warn_bad_offload() noise
* Ubuntu 16.04.02: ibmveth: Support to enable LSO/CSO for Trunk VEA
(LP: #1692538)
- ibmveth: Support to enable LSO/CSO for Trunk VEA.
* bonding: stack dump when unregistering a netdev (LP: #1704102)
- bonding: avoid NETDEV_CHANGEMTU event when unregistering slave
* Ubuntu 16.04 IOB Error when the Mustang board rebooted (LP: #1693673)
- drivers: net: xgene: Fix redundant prefetch buffer cleanup
* Ubuntu16.04: NVMe 4K+T10 DIF/DIX format returns I/O error on dd with split
op (LP: #1689946)
- blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split
op
* linux >= 4.2: bonding 802.3ad does not work with 5G, 25G and 50G link speeds
(LP: #1697892)
- bonding: add 802.3ad support for 25G speeds
- bonding: fix 802.3ad support for 5G and 50G speeds
* [SRU][Zesty] arm64: Add support for handling memory corruption
(LP: #1696852)
- arm64: mm: Update perf accounting to handle poison faults
- arm64: hugetlb: Fix huge_pte_offset to return poisoned page table entries
- arm64: kconfig: allow support for memory failure handling
- arm64: hwpoison: add VM_FAULT_HWPOISON[_LARGE] handling
* [SRU][Zesty] Add UEFI 2.6 and ACPI 6.1 updates for RAS on ARM64
(LP: #1696570)
- acpi: apei: read ack upon ghes record consumption
- ras: acpi/apei: cper: add support for generic data v3 structure
- cper: add timestamp print to CPER status printing
- efi: parse ARM processor error
- arm64: exception: handle Synchronous External Abort
- acpi: apei: handle SEA notification type for ARMv8
- acpi: apei: panic OS with fatal error status block
- efi: print unrecognized CPER section
- ras: acpi / apei: generate trace event for unrecognized CPER section
- trace, ras: add ARM processor error trace event
- ras: mark stub functions as 'inline'
- arm/arm64: KVM: add guest SEA support
- acpi: apei: check for pending errors when probing GHES entries
- [Config] CONFIG_ACPI_APEI_SEA=y
-- Stefan Bader <stefan.ba...@canonical.com> Fri, 11 Aug 2017 11:40:30
+0200
** Changed in: linux (Ubuntu Zesty)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000111
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000112
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7487
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1684054
Title:
[LTCTest][Opal][FW860.20] HMI recoverable errors failed to recover and
system goes to dump state.
Status in The Ubuntu-power-systems project:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Zesty:
Fix Released
Bug description:
== Comment: #0 - Pridhiviraj Paidipeddi <ppaid...@in.ibm.com> - 2017-04-17
06:08:41 ==
---Problem Description---
HMI Recoverable error injection tests leads to system checkstop followed by
system dump with ubuntu 17.04 os and kernel 4.10.0-19-generic ppc64le
Contact Information = ppaid...@in.ibm.com
---uname output---
#21-Ubuntu SMP Thu Apr 6 17:03:05 UTC 2017 ppc64le ppc64le ppc64le GNU/Linux
Machine Type = PowerNV 8284-22A
---System Hang---
System is in dumping state. after dump finishes system will IPL to OS again.
---Debugger---
A debugger is not configured
== Comment: #3 - Pridhiviraj Paidipeddi <ppaid...@in.ibm.com> - 2017-04-17
06:12:51 ==
# uname -a
#21-Ubuntu SMP Thu Apr 6 17:03:05 UTC 2017 ppc64le ppc64le ppc64le GNU/Linux
# cat /etc/os-release
NAME="Ubuntu"
VERSION="17.04 (Zesty Zapus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 17.04"
VERSION_ID="17.04"
HOME_URL="https://www.ubuntu.com/";
SUPPORT_URL="https://help.ubuntu.com/";
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/";
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy";
VERSION_CODENAME=zesty
UBUNTU_CODENAME=zesty
root@p8wookie:~#
== Comment: #4 - Kevin W. Rudd <ru...@us.ibm.com> - 2017-04-17
11:10:22 ==
== Comment: #5 - MAHESH J. SALGAONKAR <mahesh.salgaon...@in.ibm.com> -
2017-04-17 13:34:03 ==
it looks like below commit is a culprit:
=======================================
commit 2337d207288f163e10bd8d4d7eeb0c1c75046a0c
Author: Nicholas Piggin <npig...@gmail.com>
Date: Fri Jan 27 14:24:33 2017 +1000
powerpc/64: CONFIG_RELOCATABLE support for hmi interrupts
The branch from hmi_exception_early to hmi_exception_realmode must use
a "relocatable-style" branch, because it is branching from unrelocated
exception code to beyond __end_interrupts.
Signed-off-by: Nicholas Piggin <npig...@gmail.com>
Signed-off-by: Michael Ellerman <m...@ellerman.id.au>
=======================================
With the above commit changes now hmi_exception_realmode() is called
using bctrl which ends up messing up TOC (r2) value and further access
using new r2 results into unpredictable behaviour.
----------------------------------------
c000000000025f50 <hmi_exception_realmode>:
c000000000025f50: 3a 01 4c 3c addis r2,r12,314
c000000000025f54: b0 01 42 38 addi r2,r2,432
c000000000025f58: a6 02 08 7c mflr r0
-----------------------------------------
With above commit the hmi_exception_early() code jumps to
c000000000025f50 (hmi_exception_realmode+0x0) which then sets up new
value for r2.
If we revert above commit the code jumps to c000000000025f58
(hmi_exception_realmode+0x8) and hmi handler works fine.
After reverting above patch I don't see this issue anymore. I have
rebuilt the ubuntu kernel after reverting above patch and you can find
the kernel rpm at:
Can you please retry your tests with above kernel and see if issue
still persists.
== Comment: #6 - MAHESH J. SALGAONKAR <mahesh.salgaon...@in.ibm.com> -
2017-04-17 23:02:31 ==
Spoke to Michael Ellerman this morning. He helped me to identify the root
cause and a fix patch beow:
diff --git a/arch/powerpc/kernel/exceptions-64s.S
b/arch/powerpc/kernel/exceptions-64s.S
index 857bf7c5b946..7cfeb8768587 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -982,7 +982,7 @@ TRAMP_REAL_BEGIN(hmi_exception_early)
EXCEPTION_PROLOG_COMMON_2(PACA_EXGEN)
EXCEPTION_PROLOG_COMMON_3(0xe60)
addi r3,r1,STACK_FRAME_OVERHEAD
- BRANCH_LINK_TO_FAR(r4, hmi_exception_realmode)
+ BRANCH_LINK_TO_FAR(r12, hmi_exception_realmode)
/* Windup the stack. */
/* Move original HSRR0 and HSRR1 into the respective regs */
ld r9,_MSR(r1)
== Comment: #7 - Pridhiviraj Paidipeddi <ppaid...@in.ibm.com> -
2017-04-18 01:52:03 ==
== Comment: #8 - Pridhiviraj Paidipeddi <ppaid...@in.ibm.com> - 2017-04-18
01:53:57 ==
Hi Mahesh
Tested all the HMI Recoverable errors on the below patched kernel, attached
the corresponding executing logs. All tests are working fine.
#21 SMP Mon Apr 17 12:58:30 EDT 2017 ppc64le ppc64le ppc64le GNU/Linux
Thanks
== Comment: #9 - MAHESH J. SALGAONKAR <mahesh.salgaon...@in.ibm.com> -
2017-04-18 06:07:56 ==
(In reply to comment #8)
> Hi Mahesh
> Tested all the HMI Recoverable errors on the below patched kernel, attached
> the corresponding executing logs. All tests are working fine.
>
> Linux p8wookie 4.10.0-19.bz153487-generic #21 SMP Mon Apr 17 12:58:30 EDT
> 2017 ppc64le ppc64le ppc64le GNU/Linux
>
>
> Thanks
Thanks. Michael has posted fix for this upstream.
http://patchwork.ozlabs.org/patch/751647/
I will rebuild the new ubuntu kernel with above patch.
== Comment: #12 - Pridhiviraj Paidipeddi <ppaid...@in.ibm.com> - 2017-04-18
09:27:59 ==
(In reply to comment #11)
> >
> > https://git.kernel.org/powerpc/c/be5c5e843c4afa1c8397cb740b6032
>
> I have built new kernel with above patch and you can find it below path
>
>:/home2/mahesh/u2/bz153487v2/linux-image-4.10.0-19.bz153487v2-
> generic_4.10.0-19.bz153487v2.21_ppc64el.deb
Tested with this new patched kernel, all tests are working fine.
Linux p8wookie 4.10.0-19.bz153487v2-generic #21 SMP Tue Apr 18
07:43:13 EDT 2017 ppc64le ppc64le ppc64le GNU/Linux
Will attach is full the execution logs here.
== Comment: #13 - Pridhiviraj Paidipeddi <ppaid...@in.ibm.com> -
2017-04-18 09:29:43 ==
== Comment: #14 - MAHESH J. SALGAONKAR <mahesh.salgaon...@in.ibm.com> -
2017-04-19 03:52:18 ==
(In reply to comment #12)
> (In reply to comment #11)
> > >
> > > https://git.kernel.org/powerpc/c/be5c5e843c4afa1c8397cb740b6032
> >
Thanks for testing. We need to mirror this to ubuntu for fix patch
inclusion
>
> Linux p8wookie 4.10.0-19.bz153487v2-generic #21 SMP Tue Apr 18 07:43:13 EDT
> 2017 ppc64le ppc64le ppc64le GNU/Linux
>
> Will attach is full the execution logs here.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1684054/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
