This bug was fixed in the package linux - 4.4.0-128.154
---------------
linux (4.4.0-128.154) xenial; urgency=medium
* linux: 4.4.0-128.154 -proposed tracker (LP: #1772960)
* CVE-2018-3639 (x86)
- x86/cpu: Make alternative_msr_write work for 32-bit code
- x86/bugs: Fix the parameters alignment and missing void
- KVM: SVM: Move spec control call after restore of GS
- x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
- x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
- x86/cpufeatures: Disentangle SSBD enumeration
- x86/cpu/AMD: Fix erratum 1076 (CPB bit)
- x86/cpufeatures: Add FEATURE_ZEN
- x86/speculation: Handle HT correctly on AMD
- x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
- x86/speculation: Add virtualized speculative store bypass disable support
- x86/speculation: Rework speculative_store_bypass_update()
- x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
- x86/bugs: Expose x86_spec_ctrl_base directly
- x86/bugs: Remove x86_spec_ctrl_set()
- x86/bugs: Rework spec_ctrl base and mask logic
- x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
- KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
- x86/bugs: Rename SSBD_NO to SSB_NO
- KVM: VMX: Expose SSBD properly to guests.
* [i915_bpo] Fix flickering issue after panel change (LP: #1770565)
- drm/i915: Fix iboost setting for DDI with 4 lanes on SKL
- drm/i915: Name the "iboost bit"
- drm/i915: Program iboost settings for HDMI/DVI on SKL
- drm/i915: Move bxt_ddi_vswing_sequence() call into intel_ddi_pre_enable()
for HDMI
- drm/i915: Explicitly use ddi buf trans entry 9 for hdmi
- drm/i915: Split DP/eDP/FDI and HDMI/DVI DDI buffer programming apart
- drm/i915: Get the iboost setting based on the port type
- drm/i915: Simplify intel_ddi_get_encoder_port()
- drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2
- drm/i915: KBL - Recommended buffer translation programming for DisplayPort
- drm/i915: Ignore OpRegion panel type except on select machines
* [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696)
- init: fix false positives in W+X checking
* [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
- SAUCE: (no-up) s390: fix rwlock implementation
* linux < 4.11: unable to use netfilter logging from non-init namespaces
(LP: #1766573)
- netfilter: allow logging from non-init namespaces
* [LTC Test] Ubuntu 18.04: tm_sigreturn failed on P8 compat mode 16.04.04
guest (LP: #1771439)
- powerpc: signals: Discard transaction state from signal frames
* QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
- ath10k: update the IRAM bank number for QCA9377
* i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel
4.4.0-116-generic (LP: #1752536)
- ubuntu: i915_bpo - Add MODULE_FIRMWARE for Geminilake's DMC
* Xenial update to 4.4.131 stable release (LP: #1768825)
- ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
- ext4: set h_journal if there is a failure starting a reserved handle
- ext4: add validity checks for bitmap block numbers
- ext4: fix bitmap position validation
- usbip: usbip_host: fix to hold parent lock for device_attach() calls
- usbip: vhci_hcd: Fix usb device and sockfd leaks
- USB: serial: simple: add libtransistor console
- USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
- USB: serial: cp210x: add ID for NI USB serial console
- usb: core: Add quirk for HP v222w 16GB Mini
- USB: Increment wakeup count on remote wakeup.
- ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
- virtio: add ability to iterate over vqs
- virtio_console: free buffers after reset
- drm/virtio: fix vq wait_event condition
- tty: Don't call panic() at tty_ldisc_init()
- tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
- tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
- tty: Use __GFP_NOFAIL for tty_ldisc_get()
- ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
- ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
- ALSA: hda/realtek - Add some fixes for ALC233
- mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
- mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
- mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
- kobject: don't use WARN for registration failures
- scsi: sd: Defer spinning up drive while SANITIZE is in progress
- ARM: amba: Make driver_override output consistent with other buses
- ARM: amba: Fix race condition with driver_override
- ARM: amba: Don't read past the end of sysfs "driver_override" buffer
- ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
- libceph: validate con->state at the top of try_write()
- x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
- x86/smpboot: Don't use mwait_play_dead() on AMD systems
- serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init
- serial: mctrl_gpio: Add missing module license
- Linux 4.4.131
* Xenial update to 4.4.130 stable release (LP: #1768474) // CVE-2017-5715 //
CVE-2017-5753
- SAUCE: s390: print messages for gmb and nobp
* Xenial update to 4.4.130 stable release (LP: #1768474)
- cifs: do not allow creating sockets except with SMB1 posix exensions
- x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
- perf: Return proper values for user stack errors
- staging: ion : Donnot wakeup kswapd in ion system alloc
- r8152: add Linksys USB3GIGV1 id
- Input: drv260x - fix initializing overdrive voltage
- ath9k_hw: check if the chip failed to wake up
- jbd2: fix use after free in kjournald2()
- Revert "ath10k: send (re)assoc peer command when NSS changed"
- Revert "UBUNTU: SAUCE: s390: print messages for gmb and nobp"
- Revert "UBUNTU: SAUCE: s390: improve cpu alternative handling for gmb and
nobp"
- Revert "s390: add ppa to kernel entry / exit"
- Revert "s390: introduce CPU alternatives"
- s390: introduce CPU alternatives
- s390: enable CPU alternatives unconditionally
- s390/alternative: use a copy of the facility bit mask
- s390: add options to change branch prediction behaviour for the kernel
- s390: scrub registers on kernel entry and KVM exit
- s390: add optimized array_index_mask_nospec
- s390: run user space and KVM guests with modified branch prediction
- s390: introduce execute-trampolines for branches
- s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)
- s390: do not bypass BPENTER for interrupt system calls
- s390/entry.S: fix spurious zeroing of r0
- s390: move nobp parameter functions to nospec-branch.c
- s390: add automatic detection of the spectre defense
- [Config] Add CONFIG_EXPOLINE=y and CONFIG_EXPOLINE_AUTO=y
- s390: report spectre mitigation via syslog
- s390: add sysfs attributes for spectre
- s390: correct nospec auto detection init order
- s390: correct module section names for expoline code revert
- bonding: do not set slave_dev npinfo before slave_enable_netpoll in
bond_enslave
- KEYS: DNS: limit the length of option strings
- l2tp: check sockaddr length in pppol2tp_connect()
- net: validate attribute sizes in neigh_dump_table()
- llc: delete timers synchronously in llc_sk_free()
- tcp: don't read out-of-bounds opsize
- team: avoid adding twice the same option to the event list
- team: fix netconsole setup over team
- packet: fix bitfield update race
- pppoe: check sockaddr length in pppoe_connect()
- vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
- sctp: do not check port in sctp_inet6_cmp_addr
- llc: hold llc_sap before release_sock()
- llc: fix NULL pointer deref for SOCK_ZAPPED
- tipc: add policy for TIPC_NLA_NET_ADDR
- net: fix deadlock while clearing neighbor proxy table
- tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
- net: af_packet: fix race in PACKET_{R|T}X_RING
- ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
- scsi: mptsas: Disable WRITE SAME
- cdrom: information leak in cdrom_ioctl_media_changed()
- s390/cio: update chpid descriptor after resource accessibility event
- s390/uprobes: implement arch_uretprobe_is_alive()
- Linux 4.4.130
- SAUCE: s390: Add 'nogmb' kernel parameter
* Xenial update to 4.4.129 stable release (LP: #1768429)
- media: v4l2-compat-ioctl32: don't oops on overlay
- parisc: Fix out of array access in match_pci_device()
- perf intel-pt: Fix overlap detection to identify consecutive buffers
correctly
- perf intel-pt: Fix sync_switch
- perf intel-pt: Fix error recovery from missing TIP packet
- perf intel-pt: Fix timestamp following overflow
- radeon: hide pointless #warning when compile testing
- block/loop: fix deadlock after loop_set_status
- s390/qdio: don't retry EQBS after CCQ 96
- s390/qdio: don't merge ERROR output buffers
- s390/ipl: ensure loadparm valid flag is set
- getname_kernel() needs to make sure that ->name != ->iname in long case
- rtl8187: Fix NULL pointer dereference in priv->conf_mutex
- hwmon: (ina2xx) Fix access to uninitialized mutex
- cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN
- slip: Check if rstate is initialized before uncompressing
- lan78xx: Correctly indicate invalid OTP
- x86/hweight: Get rid of the special calling convention
- [Config] Remove ARCH_HWEIGHT_CFLAGS
- x86/hweight: Don't clobber %rdi
- tty: make n_tty_read() always abort if hangup is in progress
- ubifs: Check ubifs_wbuf_sync() return code
- ubi: fastmap: Don't flush fastmap work on detach
- ubi: Fix error for write access
- ubi: Reject MLC NAND
- fs/reiserfs/journal.c: add missing resierfs_warning() arg
- resource: fix integer overflow at reallocation
- ipc/shm: fix use-after-free of shm file via remap_file_pages()
- mm, slab: reschedule cache_reap() on the same CPU
- usb: musb: gadget: misplaced out of bounds check
- ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
- ARM: dts: at91: sama5d4: fix pinctrl compatible string
- xen-netfront: Fix hang on device removal
- regmap: Fix reversed bounds check in regmap_raw_write()
- ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
- ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
- USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
- usb: dwc3: pci: Properly cleanup resource
- HID: i2c-hid: fix size check and type usage
- powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write()
- powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
- powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
- powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
- HID: Fix hid_report_len usage
- HID: core: Fix size as type u32
- ASoC: ssm2602: Replace reg_default_raw with reg_default
- thunderbolt: Resume control channel after hibernation image is created
- random: use a tighter cap in credit_entropy_bits_safe()
- jbd2: if the journal is aborted then don't allow update of the log tail
- ext4: don't update checksum of new initialized bitmaps
- ext4: fail ext4_iget for root directory if unallocated
- RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
- ALSA: pcm: Fix UAF at PCM release via PCM timer access
- IB/srp: Fix srp_abort()
- IB/srp: Fix completion vector assignment algorithm
- dmaengine: at_xdmac: fix rare residue corruption
- um: Use POSIX ucontext_t instead of struct ucontext
- iommu/vt-d: Fix a potential memory leak
- mmc: jz4740: Fix race condition in IRQ mask update
- clk: mvebu: armada-38x: add support for 1866MHz variants
- clk: mvebu: armada-38x: add support for missing clocks
- clk: bcm2835: De-assert/assert PLL reset signal when appropriate
- thermal: imx: Fix race condition in imx_thermal_probe()
- watchdog: f71808e_wdt: Fix WD_EN register read
- ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc
- ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
- ALSA: pcm: Avoid potential races between OSS ioctls and read/write
- ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
- ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
- ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
- vfio-pci: Virtualize PCIe & AF FLR
- vfio/pci: Virtualize Maximum Payload Size
- vfio/pci: Virtualize Maximum Read Request Size
- ext4: don't allow r/w mounts if metadata blocks overlap the superblock
- drm/radeon: Fix PCIe lane width calculation
- ext4: fix crashes in dioread_nolock mode
- ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea()
- ALSA: line6: Use correct endpoint type for midi output
- ALSA: rawmidi: Fix missing input substream checks in compat ioctls
- ALSA: hda - New VIA controller suppor no-snoop path
- HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
- MIPS: uaccess: Add micromips clobbers to bzero invocation
- MIPS: memset.S: EVA & fault support for small_memset
- MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
- MIPS: memset.S: Fix clobber of v1 in last_fixup
- powerpc/eeh: Fix enabling bridge MMIO windows
- powerpc/lib: Fix off-by-one in alternate feature patching
- jffs2_kill_sb(): deal with failed allocations
- hypfs_kill_super(): deal with failed allocations
- rpc_pipefs: fix double-dput()
- Don't leak MNT_INTERNAL away from internal mounts
- autofs: mount point create should honour passed in mode
- mm: allow GFP_{FS,IO} for page_cache_read page cache allocation
- mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
- ext4: bugfix for mmaped pages in mpage_release_unused_pages()
- fanotify: fix logic of events on child
- writeback: safer lock nesting
- Linux 4.4.129
* CVE-2018-8087
- mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
* Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in
DELL XPS 13 9370 with firmware 1.50 (LP: #1763748)
- SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device
* [Xenial] Kernels OOPS when mwifiex is in AP mode (LP: #1769671)
- Revert "UBUNTU: SAUCE: mwifiex: do not dereference invalid pointer"
- Revert "UBUNTU: SAUCE: net/wireless: do not dereference invalid pointer"
- mwifiex: cfg80211: do not change virtual interface during scan processing
* user space process hung in 'D' state waiting for disk io to complete
(LP: #1750038)
- NFS: Use GFP_NOIO for two allocations in writeback
* Acer Swift sf314-52 power button not managed (LP: #1766054)
- SAUCE: platform/x86: acer-wmi: add another KEY_POWER keycode
-- Stefan Bader <stefan.ba...@canonical.com> Fri, 25 May 2018 15:58:45
+0200
** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8087
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1771439
Title:
[LTC Test] Ubuntu 18.04: tm_sigreturn failed on P8 compat mode
16.04.04 guest
Status in The Ubuntu-power-systems project:
Fix Committed
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
IBM is seeing tm_sigreturn test failures on P8 and P9 hosts. The bad thing
exception is being raised when executing the following line:
c00000000004fcfc: b0 04 03 e8 ld r0,1200(r3)
-> c00000000004fd00: a6 23 02 7c mtspr 130,r0
Which is basically restoring TEXASR in the thread.
ISA says "These registers can be written only when in Non-transactional
state" and the MSR is set to be transactional (suspended):
MSR: 8000000300201033 [ME][RI][IR][DR][LE][SF][HTM][TSU]
That explains why they are getting the "bad thing exception". A mtspr is
being called with a transaction suspended.
This test failure is fixed by upstream commit 78a3e8889b4b.
Upstream commit 78a3e8889b4b is in mainline as of 4.8-rc5.
== Fix ==
78a3e8889b4b ("powerpc: signals: Discard transaction state from signal
frames")
== Regression Potential ==
Low. Specific to powerpc.
== Test Case ==
A test kernel was built with this patch and tested by the original bug
reporter.
The bug reporter states the test kernel resolved the bug.
This test fails in the same way on a P8 host, so it is nothing to do with P9.
There have been many TM bugs fixed upstream since 4.4. I would suggest
starting with commit 044215d145a7 ("powerpc/tm: Fix illegal TM state
in signal handler", 2017-08-22) and see if that helps.
The bad thing exception is being raised when executing the following
line:
c00000000004fcfc: b0 04 03 e8 ld r0,1200(r3)
-> c00000000004fd00: a6 23 02 7c mtspr 130,r0
Which is basically restoring TEXASR in the thread.
ISA says "These registers can be written only when in Non-
transactional state" and the MSR is set to be transactional
(suspended):
MSR: 8000000300201033 [ME][RI][IR][DR][LE][SF][HTM][TSU]
That explains why we are getting the "bad thing exception". A mtspr is
being called with a transaction suspended.
I think we need the following commit to have this fixed:
commit 78a3e8889b4b6b99775ed954696ff3e017f5d19b
Author: Cyril Bur <cyril...@gmail.com>
Date: Tue Aug 23 10:46:17 2016 +1000
powerpc: signals: Discard transaction state from signal frames
Userspace can begin and suspend a transaction within the signal
handler which means they might enter sys_rt_sigreturn() with the
processor in suspended state.
sys_rt_sigreturn() wants to restore process context (which may have
been in a transaction before signal delivery). To do this it must
restore TM SPRS. To achieve this, any transaction initiated within the
signal frame must be discarded in order to be able to restore TM SPRs
as TM SPRs can only be manipulated non-transactionally..
>From the PowerPC ISA:
TM Bad Thing Exception [Category: Transactional Memory]
An attempt is made to execute a mtspr targeting a TM register in
other than Non-transactional state.
Not doing so results in a TM Bad Thing:
[12045.221359] Kernel BUG at c000000000050a40 [verbose debug info
unavailable]
[12045.221470] Unexpected TM Bad Thing exception at c000000000050a40 (msr
0x201033)
[12045.221540] Oops: Unrecoverable exception, sig: 6 [#1]
[12045.221586] SMP NR_CPUS=2048 NUMA PowerNV
[12045.221634] Modules linked in: xt_CHECKSUM iptable_mangle
ipt_MASQUERADE
nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4
nf_defrag_ipv4
xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp bridge stp
llc ebtable_filter
ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables
kvm_hv kvm
uio_pdrv_genirq ipmi_powernv uio powernv_rng ipmi_msghandler autofs4 ses
enclosure
scsi_transport_sas bnx2x ipr mdio libcrc32c
[12045.222167] CPU: 68 PID: 6178 Comm: sigreturnpanic Not tainted 4.7.0
#34
[12045.222224] task: c0000000fce38600 ti: c0000000fceb4000 task.ti:
c0000000fceb4000
[12045.222293] NIP: c000000000050a40 LR: c0000000000163bc CTR:
0000000000000000
[12045.222361] REGS: c0000000fceb7ac0 TRAP: 0700 Not tainted (4.7.0)
[12045.222418] MSR: 9000000300201033 <SF,HV,ME,IR,DR,RI,LE,TM[SE]> CR:
28444280 XER: 20000000
[12045.222625] CFAR: c0000000000163b8 SOFTE: 0 PACATMSCRATCH:
900000014280f033
GPR00: 01100000b8000001 c0000000fceb7d40 c00000000139c100 c0000000fce390d0
GPR04: 900000034280f033 0000000000000000 0000000000000000 0000000000000000
GPR08: 0000000000000000 b000000000001033 0000000000000001 0000000000000000
GPR12: 0000000000000000 c000000002926400 0000000000000000 0000000000000000
GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR24: 0000000000000000 00003ffff98cadd0 00003ffff98cb470 0000000000000000
GPR28: 900000034280f033 c0000000fceb7ea0 0000000000000001 c0000000fce390d0
[12045.223535] NIP [c000000000050a40] tm_restore_sprs+0xc/0x1c
[12045.223584] LR [c0000000000163bc] tm_recheckpoint+0x5c/0xa0
[12045.223630] Call Trace:
[12045.223655] [c0000000fceb7d80] [c000000000026e74]
sys_rt_sigreturn+0x494/0x6c0
[12045.223738] [c0000000fceb7e30] [c0000000000092e0]
system_call+0x38/0x108
[12045.223806] Instruction dump:
[12045.223841] 7c800164 4e800020 7c0022a6 f80304a8 7c0222a6 f80304b0
7c0122a6 f80304b8
[12045.223955] 4e800020 e80304a8 7c0023a6 e80304b0 <7c0223a6> e80304b8
7c0123a6 4e800020
[12045.224074] ---[ end trace cb8002ee240bae76 ]---
It isn't clear exactly if there is really a use case for userspace
returning with a suspended transaction, however, doing so doesn't (on
its own) constitute a bad frame. As such, this patch simply discards
the transactional state of the context calling the sigreturn and
continues.
Reported-by: Laurent Dufour <lduf...@linux.vnet.ibm.com>
Signed-off-by: Cyril Bur <cyril...@gmail.com>
Tested-by: Laurent Dufour <lduf...@linux.vnet.ibm.com>
Reviewed-by: Laurent Dufour <lduf...@linux.vnet.ibm.com>
Acked-by: Simon Guo <wei.guo.si...@gmail.com>
Signed-off-by: Benjamin Herrenschmidt <b...@kernel.crashing.org>
diff --git a/Documentation/powerpc/transactional_memory.txt
b/Documentation/powerpc/transactional_memory.txt
index ba0a2a4..e32fdbb 100644
--- a/Documentation/powerpc/transactional_memory.txt
+++ b/Documentation/powerpc/transactional_memory.txt
@@ -167,6 +167,8 @@ signal will be rolled back anyway.
For signals taken in non-TM or suspended mode, we use the
normal/non-checkpointed stack pointer.
+Any transaction initiated inside a sighandler and suspended on return
+from the sighandler to the kernel will get reclaimed and discarded.
Failure cause codes used by kernel
==================================
diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
index b6aa378..a7daf74 100644
--- a/arch/powerpc/kernel/signal_32.c
+++ b/arch/powerpc/kernel/signal_32.c
@@ -1226,7 +1226,21 @@ long sys_rt_sigreturn(int r3, int r4, int r5, int r6,
int r7, int r8,
(regs->gpr[1] + __SIGNAL_FRAMESIZE + 16);
if (!access_ok(VERIFY_READ, rt_sf, sizeof(*rt_sf)))
goto bad;
+
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
+ /*
+ * If there is a transactional state then throw it away.
+ * The purpose of a sigreturn is to destroy all traces of the
+ * signal frame, this includes any transactional state created
+ * within in. We only check for suspended as we can never be
+ * active in the kernel, we are active, there is nothing better to
+ * do than go ahead and Bad Thing later.
+ * The cause is not important as there will never be a
+ * recheckpoint so it's not user visible.
+ */
+ if (MSR_TM_SUSPENDED(mfmsr()))
+ tm_reclaim_current(0);
+
if (__get_user(tmp, &rt_sf->uc.uc_link))
goto bad;
uc_transact = (struct ucontext __user *)(uintptr_t)tmp;
diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
index 7e49984..70409bb 100644
--- a/arch/powerpc/kernel/signal_64.c
+++ b/arch/powerpc/kernel/signal_64.c
@@ -676,7 +676,21 @@ int sys_rt_sigreturn(unsigned long r3, unsigned long r4,
unsigned long r5,
if (__copy_from_user(&set, &uc->uc_sigmask, sizeof(set)))
goto badframe;
set_current_blocked(&set);
+
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
+ /*
+ * If there is a transactional state then throw it away.
+ * The purpose of a sigreturn is to destroy all traces of the
+ * signal frame, this includes any transactional state created
+ * within in. We only check for suspended as we can never be
+ * active in the kernel, we are active, there is nothing better to
+ * do than go ahead and Bad Thing later.
+ * The cause is not important as there will never be a
+ * recheckpoint so it's not user visible.
+ */
+ if (MSR_TM_SUSPENDED(mfmsr()))
+ tm_reclaim_current(0);
+
if (__get_user(msr, &uc->uc_mcontext.gp_regs[PT_MSR]))
goto badframe;
if (MSR_TM_ACTIVE(msr)) {
== Breno Leitao <bren...@br.ibm.com> ==
That is exactly the commit id that solves the problem.
I was able to cherry pick 78a3e8889b4b6b99775ed954696ff3e017f5d19b on
top of Ubuntu-4.4.0-124.148 and now the code works fine.
1604 ? sudo dmesg -c > /dev/null
1604 ? ./tm-sigreturn
test: tm_sigreturn
tags: git_version:v4.17-rc5-0-g67b8d5c
success: tm_sigreturn
1604 ? dmesg
1604 ?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1771439/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
