This bug was fixed in the package linux - 4.15.0-101.102
---------------
linux (4.15.0-101.102) bionic; urgency=medium
* bionic/linux: 4.15.0-101.102 -proposed tracker (LP: #1877262)
* 4.15.0-100.101 breaks userspace builds due to a bug in the headers
/usr/include/linux/swab.h of linux-libc-dev (LP: #1877123)
- include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for
swap
* bionic snapdragon 4.15 snap failed Certification testing (LP: #1877657)
- Revert "drm/msm: Use the correct dma_sync calls in msm_gem"
- Revert "drm/msm: stop abusing dma_map/unmap for cache"
linux (4.15.0-100.101) bionic; urgency=medium
* bionic/linux: 4.15.0-100.101 -proposed tracker (LP: #1875878)
* built-using constraints preventing uploads (LP: #1875601)
- temporarily drop Built-Using data
* Add debian/rules targets to compile/run kernel selftests (LP: #1874286)
- [Packaging] add support to compile/run selftests
* getitimer returns it_value=0 erroneously (LP: #1349028)
- [Config] CONTEXT_TRACKING_FORCE policy should be unset
* QEMU/KVM display is garbled when booting from kernel EFI stub due to missing
bochs-drm module (LP: #1872863)
- [Config] Enable CONFIG_DRM_BOCHS as module for all archs
* Backport MPLS patches from 5.3 to 4.15 (LP: #1851446)
- net/mlx5e: Report netdevice MPLS features
- net: vlan: Inherit MPLS features from parent device
- net: bonding: Inherit MPLS features from slave devices
- net/mlx5e: Move to HW checksumming advertising
* LIO hanging in iscsit_free_session and iscsit_stop_session (LP: #1871688)
- scsi: target: remove boilerplate code
- scsi: target: fix hang when multiple threads try to destroy the same iscsi
session
- scsi: target: iscsi: calling iscsit_stop_session() inside
iscsit_close_session() has no effect
* Add hw timestamps to received skbs in peak_canfd (LP: #1874124)
- can: peak_canfd: provide hw timestamps in rx skbs
* Bionic update: upstream stable patchset 2020-04-23 (LP: #1874502)
- ARM: dts: sun8i-a83t-tbs-a711: HM5065 doesn't like such a high voltage
- bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
- net: vxge: fix wrong __VA_ARGS__ usage
- hinic: fix a bug of waitting for IO stopped
- hinic: fix wrong para of wait_for_completion_timeout
- cxgb4/ptp: pass the sign of offset delta in FW CMD
- qlcnic: Fix bad kzalloc null test
- i2c: st: fix missing struct parameter description
- firmware: arm_sdei: fix double-lock on hibernate with shared events
- null_blk: Fix the null_add_dev() error path
- null_blk: Handle null_add_dev() failures properly
- null_blk: fix spurious IO errors after failed past-wp access
- xhci: bail out early if driver can't accress host in resume
- x86: Don't let pgprot_modify() change the page encryption bit
- block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices
- irqchip/versatile-fpga: Handle chained IRQs properly
- sched: Avoid scale real weight down to zero
- selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
- PCI/switchtec: Fix init_completion race condition with poll_wait()
- libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
- gfs2: Don't demote a glock until its revokes are written
- x86/boot: Use unsigned comparison for addresses
- efi/x86: Ignore the memory attributes table on i386
- genirq/irqdomain: Check pointer in irq_domain_alloc_irqs_hierarchy()
- block: Fix use-after-free issue accessing struct io_cq
- usb: dwc3: core: add support for disabling SS instances in park mode
- irqchip/gic-v4: Provide irq_retrigger to avoid circular locking dependency
- md: check arrays is suspended in mddev_detach before call quiesce
operations
- locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
- block, bfq: fix use-after-free in bfq_idle_slice_timer_body
- btrfs: qgroup: ensure qgroup_rescan_running is only set when the worker is
at least queued
- btrfs: remove a BUG_ON() from merge_reloc_roots()
- btrfs: track reloc roots based on their commit root bytenr
- uapi: rename ext2_swab() to swab() and share globally in swab.h
- slub: improve bit diffusion for freelist ptr obfuscation
- ASoC: fix regwmask
- ASoC: dapm: connect virtual mux with default value
- ASoC: dpcm: allow start or stop during pause for backend
- ASoC: topology: use name_prefix for new kcontrol
- usb: gadget: f_fs: Fix use after free issue as part of queue failure
- usb: gadget: composite: Inform controller driver of self-powered
- ALSA: usb-audio: Add mixer workaround for TRX40 and co
- ALSA: hda: Add driver blacklist
- ALSA: hda: Fix potential access overflow in beep helper
- ALSA: ice1724: Fix invalid access for enumerated ctl items
- ALSA: pcm: oss: Fix regression by buffer overflow fix
- ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256
- ALSA: hda/realtek - Set principled PC Beep configuration for ALC256
- ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups
- ALSA: hda/realtek - Add quirk for MSI GL63
- media: ti-vpe: cal: fix disable_irqs to only the intended target
- acpi/x86: ignore unspecified bit positions in the ACPI global lock field
- thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
- nvme-fc: Revert "add module to ops template to allow module references"
- nvme: Treat discovery subsystems as unique subsystems
- PCI/ASPM: Clear the correct bits when enabling L1 substates
- PCI: Add boot interrupt quirk mechanism for Xeon chipsets
- PCI: endpoint: Fix for concurrent memory allocation in OB address region
- irqchip/versatile-fpga: Apply clear-mask earlier
- pstore: pstore_ftrace_seq_next should increase position index
- MIPS/tlbex: Fix LDDIR usage in setup_pw() for Loongson-3
- MIPS: OCTEON: irq: Fix potential NULL pointer dereference
- ath9k: Handle txpower changes even when TPC is disabled
- signal: Extend exec_id to 64bits
- x86/entry/32: Add missing ASM_CLAC to general_protection entry
- KVM: nVMX: Properly handle userspace interrupt window request
- KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks
- KVM: s390: vsie: Fix delivery of addressing exceptions
- KVM: x86: Allocate new rmap and large page tracking when moving memslot
- KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support
- CIFS: Fix bug which the return value by asynchronous read is error
- Btrfs: fix crash during unmount due to race with delayed inode workers
- btrfs: set update the uuid generation as soon as possible
- btrfs: drop block from cache on error in relocation
- btrfs: fix missing semaphore unlock in btrfs_sync_file
- crypto: mxs-dcp - fix scatterlist linearization for hash
- powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init()
- x86/speculation: Remove redundant arch_smt_update() invocation
- tools: gpio: Fix out-of-tree build regression
- mm: Use fixed constant in page_frag_alloc instead of size + 1
- dm verity fec: fix memory leak in verity_fec_dtr
- scsi: zfcp: fix missing erp_lock in port recovery trigger for
point-to-point
- arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
- selftests: vm: drop dependencies on page flags from mlock2 tests
- rtc: omap: Use define directive for PIN_CONFIG_ACTIVE_HIGH
- drm/etnaviv: rework perfmon query infrastructure
- NFS: Fix a page leak in nfs_destroy_unlinked_subrequests()
- ext4: fix a data race at inode->i_blocks
- fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once()
- ocfs2: no need try to truncate file beyond i_size
- perf tools: Support Python 3.8+ in Makefile
- s390/diag: fix display of diagnose call statistics
- Input: i8042 - add Acer Aspire 5738z to nomux list
- kmod: make request_module() return an error when autoloading is disabled
- cpufreq: powernv: Fix use-after-free
- hfsplus: fix crash and filesystem corruption when deleting files
- ipmi: fix hung processes in __get_guid()
- powerpc/powernv/idle: Restore AMR/UAMOR/AMOR after idle
- powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
- powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE
entries
- powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured
IPIs
- powerpc/kprobes: Ignore traps that happened in real mode
- scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug
- powerpc: Add attributes for setjmp/longjmp
- powerpc: Make setjmp/longjmp signature standard
- btrfs: use nofs allocations for running delayed items
- dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone()
- crypto: caam - update xts sector size for large input length
- Revert "drm/dp_mst: Remove VCPI while disabling topology mgr"
- drm/dp_mst: Fix clearing payload state on topology disable
- drm: Remove PageReserved manipulation from drm_pci_alloc
- ftrace/kprobe: Show the maxactive number on kprobe_events
- powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
- misc: echo: Remove unnecessary parentheses and simplify check for zero
- etnaviv: perfmon: fix total and idle HI cyleces readout
- mfd: dln2: Fix sanity checking for endpoints
- efi/x86: Fix the deletion of variables in mixed mode
* Panic on suspend/resume Kernel panic - not syncing: stack-protector: Kernel
stack is corrupted in: sata_pmp_eh_recover+0xa2b/0xa40 (LP: #1821434) //
Bionic update: upstream stable patchset 2020-04-23 (LP: #1874502)
- libata: Return correct status in sata_pmp_eh_recover_pm() when
ATA_DFLAG_DETACH is set
* Bionic update: upstream stable patchset 2020-04-15 (LP: #1873043)
- ipv4: fix a RCU-list lock in fib_triestat_seq_show
- net, ip_tunnel: fix interface lookup with no key
- sctp: fix refcount bug in sctp_wfree
- sctp: fix possibly using a bad saddr with a given dst
- drm/bochs: downgrade pci_request_region failure from error to warning
- initramfs: restore default compression behavior
- tools/power turbostat: Fix gcc build warnings
- drm/etnaviv: replace MMU flush marker with flush sequence
- blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
- blk-mq: Allow blocking queue tag iter callbacks
- misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices
- coresight: do not use the BIT() macro in the UAPI header
- padata: always acquire cpu_hotplug_lock before pinst->lock
- mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
- ipv6: don't auto-add link-local address to lag ports
- net: dsa: bcm_sf2: Ensure correct sub-node is parsed
- net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before
accessing PHY registers
- net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting
- mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE
- random: always use batched entropy for get_random_u{32,64}
- tools/accounting/getdelays.c: fix netlink attribute length
- hwrng: imx-rngc - fix an error path
- ASoC: jz4740-i2s: Fix divider written at incorrect offset in register
- IB/hfi1: Call kobject_put() when kobject_init_and_add() fails
- IB/hfi1: Fix memory leaks in sysfs registration and unregistration
- ceph: remove the extra slashes in the server path
- ceph: canonicalize server path in place
- Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
- RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
- fbcon: fix null-ptr-deref in fbcon_switch
- clk: qcom: rcg: Return failure for RCG update
- drm/msm: stop abusing dma_map/unmap for cache
- arm64: Fix size of __early_cpu_boot_status
- rpmsg: glink: Remove chunk size word align warning
- usb: dwc3: don't set gadget->is_otg flag
- drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read()
- drm/msm: Use the correct dma_sync calls in msm_gem
- misc: rtsx: set correct pcr_ops for rts522A
- mei: me: add cedar fork device ids
- power: supply: axp288_charger: Add special handling for HP Pavilion x2 10
- rxrpc: Fix sendmsg(MSG_WAITALL) handling
- bitops: protect variables in set_mask_bits() macro
- RDMA/ucma: Put a lock around every call to the rdma_cm layer
- RDMA/cma: Teach lockdep about the order of rtnl and lock
* CVE-2020-11494
- slcan: Don't transmit uninitialized stack data in padding
* add_key05 from ubuntu_ltp_syscalls failed (LP: #1869644)
- KEYS: reaching the keys quotas correctly
-- Kleber Sacilotto de Souza <kleber.so...@canonical.com> Mon, 11 May
2020 11:08:26 +0200
** Changed in: linux (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11494
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1872863
Title:
QEMU/KVM display is garbled when booting from kernel EFI stub due to
missing bochs-drm module
Status in kmod package in Ubuntu:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Status in kmod source package in Bionic:
Fix Committed
Status in linux source package in Bionic:
Fix Released
Bug description:
BugLink: https://bugs.launchpad.net/bugs/1872863
[Impact]
A recent grub2 SRU, LP #1864533, now forces the kernel to boot via the
kernel EFI stub whenever EFI is enabled. This causes problems for
QEMU/KVM virtual machines which use the VGA=std video device, as the
efifb driver yields an unreadable garbled screen. See the attached
image.
The correct framebuffer driver to use in this situation is bochs-drm,
and modprobing it from a HWE kernel fixes the issues.
bochs-drm is missing from Bionic since CONFIG_DRM_BOCHS was disabled
in LP #1378648 due to bochs-drm causing problems in a PowerKVM
machine. This problem appears to be fixed now, and bochs-drm has been
re-enabled for Disco and up, in LP #1795857 and has been proven safe.
This has also come up again in LP #1823152, as well as chatter on LP
#1795857 to get this enabled on Bionic.
The customer which is experiencing this issue cannot switch to VGA=qxl
as a workaround, and must use VGA=std, hence I suggest we re-enable
bochs-drm for Bionic.
[Fix]
I noticed on Focal, if you boot, the framebuffer is initially efifb:
[ 0.603716] efifb: probing for efifb
[ 0.603733] efifb: framebuffer at 0xc0000000, using 1876k, total 1875k
[ 0.603735] efifb: mode is 800x600x32, linelength=3200, pages=1
[ 0.603736] efifb: scrolling: redraw
[ 0.603738] efifb: Truecolor: size=8:8:8:8, shift=24:16:8:0
[ 0.604462] Console: switching to colour frame buffer device 100x37
[ 0.605829] fb0: EFI VGA frame buffer device
This soon changes to bochs-drm about a second later:
[ 0.935988] bochs-drm 0000:00:01.0: remove_conflicting_pci_framebuffers: bar
0: 0xc0000000 -> 0xc0ffffff
[ 0.937023] bochs-drm 0000:00:01.0: remove_conflicting_pci_framebuffers: bar
2: 0xc1c8c000 -> 0xc1c8cfff
[ 0.937776] checking generic (c0000000 1d5000) vs hw (c0000000 1000000)
[ 0.937776] fb0: switching to bochsdrmfb from EFI VGA
[ 0.939085] Console: switching to colour dummy device 80x25
[ 0.939117] bochs-drm 0000:00:01.0: vgaarb: deactivate vga console
[ 0.939210] [drm] Found bochs VGA, ID 0xb0c5.
[ 0.939212] [drm] Framebuffer size 16384 kB @ 0xc0000000, mmio @ 0xc1c8c000.
[ 0.941955] lpc_ich 0000:00:1f.0: I/O space for GPIO uninitialized
[ 0.942069] [TTM] Zone kernel: Available graphics memory: 2006780 KiB
[ 0.942081] [TTM] Initializing pool allocator
[ 0.942089] [TTM] Initializing DMA pool allocator
[ 0.943026] virtio_blk virtio2: [vda] 20971520 512-byte logical blocks (10.7
GB/10.0 GiB)
[ 0.944019] [drm] Found EDID data blob.
[ 0.944162] [drm] Initialized bochs-drm 1.0.0 20130925 for 0000:00:01.0 on
minor 0
[ 0.944979] fbcon: bochs-drmdrmfb (fb0) is primary device
[ 0.947712] Console: switching to colour frame buffer device 128x48
On bionic, the framebuffer never changes from efifb, since the bochs-
drm kernel module is not built, and it is also present on the module
banlist in /etc/modprobe.d/blacklist-framebuffer.conf
bochs-drm needs to be enabled to be built in the kernel config, and
removed from the module blacklist in kmod.
[Testcase]
Create a new QEMU/KVM virtual machine, I used virt-manager. Before you
install the OS, check the box to modify settings before install. In
the "Overview" tab, enable EFI by setting the firmware to "UEFI
x86_64: /usr/share/OVMF/OVMF_CODE.secboot.fd".
Set the video device to qxl while you install Bionic. Once the install
is done, reboot, do a "apt update" and "apt upgrade", to ensure you
have grub2 2.02-2ubuntu8.15 installed.
Shut the VM down, and set the video device to VGA. Or VGA=std if you
use the QEMU command line.
Start the VM up, and the screen will be garbled. See attached picture.
If you install my test packages, which are available here:
https://launchpad.net/~mruffell/+archive/ubuntu/sf272653-test
Instructions to install (on a bionic system):
1) Enable bionic-proposed
2) sudo apt-get update
3) sudo apt install linux-image-unsigned-4.15.0-96-generic
linux-modules-4.15.0-96-generic linux-modules-extra-4.15.0-96-generic
linux-headers-4.15.0-96-generic linux-headers-4.15.0-96 libkmod2 kmod
4) sudo reboot
5) uname -rv
4.15.0-96-generic #97+TEST272653v20200409b1-Ubuntu SMP Thu Apr 9 04:09:18 UTC
2020
If you reboot, the screen will be perfectly readable, since the bochs-
drm driver will be in use.
[Regression Potential]
We are enabling a display driver on Bionic which was previously
disabled, so there will be some virtual machines making the jump to
using bochs-drm since it would now be available.
I don't think that this is a bad thing, and in many ways will probably
end up improving some user's experience. Although there are two
scenarios where a regression could happen:
1 - frequently gamers use GPU passthrough to their kvm based virtual
machines, and I have seen them expect, or hardcode their kernel
command lines to disable the efifb driver. See
https://passthroughpo.st/explaining-csm-efifboff-setting-boot-gpu-
manually/ Worst case scenario, gamers will also need to disable bochs-
drm as well. Since the PCI device of the GPU is being passed through
to the VM, I believe the kernel will make the correct choice and load
the GPU drivers, like noverau or nvidia-drm instead.
2 - if the bug with PowerKVM machines isn't actually fixed in Bionic,
it will cause a regression on POWER. We just need to test this on
POWER and ensure that the bug in LP #1378648 was fixed. If not, then
we could just disable bochs-drm on POWER, leaving it enabled for all
other archs.
Note: 2 has now been tested and verified working. See comment #7.
If a regression were to occur, it would only affect KVM machines that
use the built in SPICE graphics display. The screen would either not
show at all or be garbled. bochs-drm is limited only to kvm users, and
does not affect other virtualisation platforms like VMware or
Virtualbox. Instances will still be accessible via ssh, and work
normally.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kmod/+bug/1872863/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
