** Description changed: - Description: qdio: clear intparm during shutdown + SRU Justification: + + [Impact] + + * Crash in qeth_irq() with "Unable to handle kernel pointer dereference + in virtual kernel address space" + + [Fix] + + * 89286320a236d245834075fa13adb0bdd827ecaa 8928632 "s390/qdio: clear + intparm during shutdown" + + [Test Case] + + * Offline an OSA CHPID with multiple active qeth interfaces. + + [Regression Potential] + + * The regression potential can be considered as very low since it only + affects the s390x platform + + * and there it only affects the (ccW) qeth (OSA) network devices + + * and again this happens if the CHPID is offlined, which usually doesn't + happen during regular operation. + + [Other Info] + + * It is already included in kernel 4.17, hence it's already part of + cosmic, disco and eoan and proven there to work. + + * It needs to be applied to kernel 4.15 to land in 18.04 GA and 16.04.5 HWE. + _________________________ + + Description: qdio: clear intparm during shutdown Symptom: Crash in qeth_irq() with "Unable to handle kernel pointer - dereference in virtual kernel address space". + dereference in virtual kernel address space". Problem: During shutdown, qdio returns its ccw device back to control - by qeth - but doesn't reset the interrupt parameter on the - device. If qdio_shutdown() failed to terminate its - long-running IO on the ccw_device, qeth will subsequently - do so. In this case the IRQ for the IO completion is - presented to qeth_irq() with the _old_ interrupt parameter, - which gets mis-interpreted as a valid qeth_cmd_buffer - pointer. Dereferencing this bogus pointer in - qeth_release_buffer() triggers the crash. + by qeth - but doesn't reset the interrupt parameter on the + device. If qdio_shutdown() failed to terminate its + long-running IO on the ccw_device, qeth will subsequently + do so. In this case the IRQ for the IO completion is + presented to qeth_irq() with the _old_ interrupt parameter, + which gets mis-interpreted as a valid qeth_cmd_buffer + pointer. Dereferencing this bogus pointer in + qeth_release_buffer() triggers the crash. Solution: When returning the ccw device in qdio_shutdown(), also reset - its interrupt parameter. + its interrupt parameter. Reproduction: Offline an OSA CHPID with multiple active qeth interfaces. Component: Kernel Upstream-ID: 89286320a236d245834075fa13adb0bdd827ecaa Reported: Ubuntu 18.04
** Description changed: SRU Justification: [Impact] * Crash in qeth_irq() with "Unable to handle kernel pointer dereference in virtual kernel address space" [Fix] * 89286320a236d245834075fa13adb0bdd827ecaa 8928632 "s390/qdio: clear intparm during shutdown" [Test Case] * Offline an OSA CHPID with multiple active qeth interfaces. [Regression Potential] * The regression potential can be considered as very low since it only affects the s390x platform * and there it only affects the (ccW) qeth (OSA) network devices * and again this happens if the CHPID is offlined, which usually doesn't happen during regular operation. [Other Info] - * It is already included in kernel 4.17, hence it's already part of - cosmic, disco and eoan and proven there to work. + * The patch was upstream accepted with kernel 4.17, hence it's already + part of cosmic, disco and eoan and proven there to work. * It needs to be applied to kernel 4.15 to land in 18.04 GA and 16.04.5 HWE. _________________________ Description: qdio: clear intparm during shutdown Symptom: Crash in qeth_irq() with "Unable to handle kernel pointer dereference in virtual kernel address space". Problem: During shutdown, qdio returns its ccw device back to control by qeth - but doesn't reset the interrupt parameter on the device. If qdio_shutdown() failed to terminate its long-running IO on the ccw_device, qeth will subsequently do so. In this case the IRQ for the IO completion is presented to qeth_irq() with the _old_ interrupt parameter, which gets mis-interpreted as a valid qeth_cmd_buffer pointer. Dereferencing this bogus pointer in qeth_release_buffer() triggers the crash. Solution: When returning the ccw device in qdio_shutdown(), also reset its interrupt parameter. Reproduction: Offline an OSA CHPID with multiple active qeth interfaces. Component: Kernel Upstream-ID: 89286320a236d245834075fa13adb0bdd827ecaa Reported: Ubuntu 18.04 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1828394 Title: [UBUNTU] qdio: clear intparm during shutdown Status in Ubuntu on IBM z Systems: Triaged Status in linux package in Ubuntu: New Bug description: SRU Justification: [Impact] * Crash in qeth_irq() with "Unable to handle kernel pointer dereference in virtual kernel address space" [Fix] * 89286320a236d245834075fa13adb0bdd827ecaa 8928632 "s390/qdio: clear intparm during shutdown" [Test Case] * Offline an OSA CHPID with multiple active qeth interfaces. [Regression Potential] * The regression potential can be considered as very low since it only affects the s390x platform * and there it only affects the (ccW) qeth (OSA) network devices * and again this happens if the CHPID is offlined, which usually doesn't happen during regular operation. [Other Info] * The patch was upstream accepted with kernel 4.17, hence it's already part of cosmic, disco and eoan and proven there to work. * It needs to be applied to kernel 4.15 to land in 18.04 GA and 16.04.5 HWE. _________________________ Description: qdio: clear intparm during shutdown Symptom: Crash in qeth_irq() with "Unable to handle kernel pointer dereference in virtual kernel address space". Problem: During shutdown, qdio returns its ccw device back to control by qeth - but doesn't reset the interrupt parameter on the device. If qdio_shutdown() failed to terminate its long-running IO on the ccw_device, qeth will subsequently do so. In this case the IRQ for the IO completion is presented to qeth_irq() with the _old_ interrupt parameter, which gets mis-interpreted as a valid qeth_cmd_buffer pointer. Dereferencing this bogus pointer in qeth_release_buffer() triggers the crash. Solution: When returning the ccw device in qdio_shutdown(), also reset its interrupt parameter. Reproduction: Offline an OSA CHPID with multiple active qeth interfaces. Component: Kernel Upstream-ID: 89286320a236d245834075fa13adb0bdd827ecaa Reported: Ubuntu 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1828394/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp