[Kernel-packages] [Bug 1757193] Re: Boot crash with Trusty 3.13

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 3.13.0-145.194

---
linux (3.13.0-145.194) trusty; urgency=medium

  * linux: 3.13.0-145.194 -proposed tracker (LP: #1761430)

  * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
  ptrace current thread"
- x86/speculation: Use Indirect Branch Prediction Barrier in context switch

  * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
- [Packaging] include the retpoline extractor in the headers

  * retpoline hints: primary infrastructure and initial hints (LP: #1758856)
- [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
- x86/speculation, objtool: Annotate indirect calls/jumps for objtool
- x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 
32bit
- x86/paravirt, objtool: Annotate indirect calls
- x86/asm: Stop depending on ptrace.h in alternative.h
- [Packaging] retpoline -- add safe usage hint support
- [Packaging] retpoline-check -- only report additions
- [Packaging] retpoline -- widen indirect call/jmp detection
- [Packaging] retpoline -- elide %rip relative indirections
- [Packaging] retpoline -- clear hint information from packages
- SAUCE: modpost: add discard to non-allocatable whitelist
- KVM: x86: Make indirect calls in emulator speculation safe
- KVM: VMX: Make indirect call speculation safe
- x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
- SAUCE: early/late -- annotate indirect calls in early/late initialisation
  code
- SAUCE: vga_set_mode -- avoid jump tables
- [Config] retpoline -- switch to new format
- [Packaging] retpoline hints -- handle missing files when RETPOLINE not
  enabled
- [Packaging] final-checks -- remove check for empty retpoline files

  * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655)
- [Packaging] retpoline -- elide %cs:0x constants on i386

  * Boot crash with Trusty 3.13 (LP: #1757193)
- Revert "UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection"
- x86/mm: Expand the exception table logic to allow new handling options

  * Segmentation fault in ldt_gdt_64 (LP: #1755817) // CVE-2017-5754
- x86/kvm: Rename VMX's segment access rights defines
- x86/signal/64: Fix SS if needed when delivering a 64-bit signal

 -- Kleber Sacilotto de Souza   Thu, 05 Apr
2018 16:26:39 +0200

** Changed in: linux (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1757193

Title:
  Boot crash with Trusty 3.13

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Released

Bug description:
  == SRU Justification ==
  Custom compilation of the Trusty 3.13 kernel codebase results in a 
(reproducible) QEMU boot crash (see below).

  == Fix ==
  Replace UBUNTU SAUCE patch with proper upstream commit:
  548acf19234d ("x86/mm: Expand the exception table logic to allow new handling 
options")

  == Regression Potential ==
  Medium. The patch is quite large but the backport was a simple context 
adjustment. Ran the x86 selftests and perf NMI tests for several hours to 
verify stability.

  == Test Case ==
  Compile the Trusty 3.13 kernel code using the default config (make defconfig) 
and run the resulting kernel in QMEU. Crashes every time.


  Original bug description:

  While doing kernel testing using the Trusty 3.13 code base, I get the
  following boot crash with QEMU:

  [0.338393] BUG: unable to handle kernel paging request at 014142f0
  [0.338987] IP: [] 0x014142f0
  [0.339388] PGD 180f067 PUD 0
  [0.339388] Oops: 0010 [#1] SMP
  [0.339388] Modules linked in:
  [0.339388] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.13.11-ckt39-trusty 
#6
  [0.339388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1ubuntu1 04/01/2014
  [0.339388] task: 88003f708000 ti: 88003f6fa000 task.ti: 
88003f6fa000
  [0.339388] RIP: 0010:[]  [] 
0x014142f0
  [0.339388] RSP: :88003f6fbe98  EFLAGS: 00050246
  [0.339388] RAX:  RBX:  RCX: 

  [0.339388] RDX:  RSI: 88003deb9eb4 RDI: 
818b8590
  [0.339388] RBP: 88003f6fbe98 R08:  R09: 
88003fa14ae0
  [0.339388] R10: 81264c68 R11: eafdd000 R12: 

[Kernel-packages] [Bug 1757193] Re: Boot crash with Trusty 3.13

[Kleber Sacilotto de Souza]

Confirmed to be fixed with Trusty kernel linux 3.13.0-145.194.

** Tags removed: verification-needed-trusty
** Tags added: verification-done-trusty

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1757193

Title:
  Boot crash with Trusty 3.13

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Committed

Bug description:
  == SRU Justification ==
  Custom compilation of the Trusty 3.13 kernel codebase results in a 
(reproducible) QEMU boot crash (see below).

  == Fix ==
  Replace UBUNTU SAUCE patch with proper upstream commit:
  548acf19234d ("x86/mm: Expand the exception table logic to allow new handling 
options")

  == Regression Potential ==
  Medium. The patch is quite large but the backport was a simple context 
adjustment. Ran the x86 selftests and perf NMI tests for several hours to 
verify stability.

  == Test Case ==
  Compile the Trusty 3.13 kernel code using the default config (make defconfig) 
and run the resulting kernel in QMEU. Crashes every time.


  Original bug description:

  While doing kernel testing using the Trusty 3.13 code base, I get the
  following boot crash with QEMU:

  [0.338393] BUG: unable to handle kernel paging request at 014142f0
  [0.338987] IP: [] 0x014142f0
  [0.339388] PGD 180f067 PUD 0
  [0.339388] Oops: 0010 [#1] SMP
  [0.339388] Modules linked in:
  [0.339388] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.13.11-ckt39-trusty 
#6
  [0.339388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1ubuntu1 04/01/2014
  [0.339388] task: 88003f708000 ti: 88003f6fa000 task.ti: 
88003f6fa000
  [0.339388] RIP: 0010:[]  [] 
0x014142f0
  [0.339388] RSP: :88003f6fbe98  EFLAGS: 00050246
  [0.339388] RAX:  RBX:  RCX: 

  [0.339388] RDX:  RSI: 88003deb9eb4 RDI: 
818b8590
  [0.339388] RBP: 88003f6fbe98 R08:  R09: 
88003fa14ae0
  [0.339388] R10: 81264c68 R11: eafdd000 R12: 
818b8590
  [0.339388] R13: 00ad R14:  R15: 

  [0.339388] FS:  () GS:88003fa0() 
knlGS:
  [0.339388] CS:  0010 DS:  ES:  CR0: 80050033
  [0.339388] CR2: 014142f0 CR3: 0180c000 CR4: 
00360770
  [0.339388] DR0:  DR1:  DR2: 

  [0.339388] DR3:  DR6: fffe0ff0 DR7: 
0400
  [0.339388] Stack:
  [0.339388]  88003f6fbf08 81000402 88003f6fbf00 
81065f88
  [0.339388]  88003f6fbef0 88003ffd96a1 817e9d28 
00ad00060006
  [0.339388]  817b013d 8196cef0 8196d018 
0006
  [0.339388] Call Trace:
  [0.339388]  [] do_one_initcall+0xf2/0x140
  [0.339388]  [] ? parse_args+0x1e8/0x320
  [0.339388]  [] kernel_init_freeable+0x14c/0x1d1
  [0.339388]  [] ? do_early_param+0x88/0x88
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388]  [] kernel_init+0x9/0x120
  [0.339388]  [] ret_from_fork+0x6e/0xa0
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388] Code:  Bad RIP value.
  [0.339388] RIP  [] 0x014142f0
  [0.339388]  RSP 
  [0.339388] CR2: 014142f0
  [0.339388] ---[ end trace a71242bdac7e8632 ]---
  [0.339388] note: swapper/0[1] exited with preempt_count 1
  [0.357079] swapper/0 (1) used greatest stack depth: 5424 bytes left
  [0.357539] Kernel panic - not syncing: Attempted to kill init! 
exitcode=0x0009
  [0.357539]
  [0.358073] Kernel Offset: 0x0 from 0x8100 (relocation range: 
0x8000-0x9fff)

  Git bisect identified the following commit as the culprit:
  commit 56764fdc3a847371531b8044155c70412fc5be76
  Author: Andy Whitcroft 
  Date:   Thu Feb 22 11:24:00 2018 +0100

  UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection

  BugLink: http://bugs.launchpad.net/bugs/1750786

  The existing code intends to identify a subset of fixups which need
  special handling, uaccess related faults need to record the failure.
  This is done by adjusting the fixup code pointer by a (random) constant
  0x7ff0.  This is detected in fixup_exception by comparing the two
  pointers.  The intent of this code is to detect the the delta between
  the original code and its fixup code being greater than the constant.
  However, the code as written triggers undefined comparison behaviour.
  In this kernel this prevents the condition triggering, leading to panics
  when jumping to the corrupted fixup address.

  Convert the code to better implement 

[Kernel-packages] [Bug 1757193] Re: Boot crash with Trusty 3.13

[Kleber Sacilotto de Souza]

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
trusty' to 'verification-done-trusty'. If the problem still exists,
change the tag 'verification-needed-trusty' to 'verification-failed-
trusty'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: verification-needed-trusty

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1757193

Title:
  Boot crash with Trusty 3.13

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Committed

Bug description:
  == SRU Justification ==
  Custom compilation of the Trusty 3.13 kernel codebase results in a 
(reproducible) QEMU boot crash (see below).

  == Fix ==
  Replace UBUNTU SAUCE patch with proper upstream commit:
  548acf19234d ("x86/mm: Expand the exception table logic to allow new handling 
options")

  == Regression Potential ==
  Medium. The patch is quite large but the backport was a simple context 
adjustment. Ran the x86 selftests and perf NMI tests for several hours to 
verify stability.

  == Test Case ==
  Compile the Trusty 3.13 kernel code using the default config (make defconfig) 
and run the resulting kernel in QMEU. Crashes every time.


  Original bug description:

  While doing kernel testing using the Trusty 3.13 code base, I get the
  following boot crash with QEMU:

  [0.338393] BUG: unable to handle kernel paging request at 014142f0
  [0.338987] IP: [] 0x014142f0
  [0.339388] PGD 180f067 PUD 0
  [0.339388] Oops: 0010 [#1] SMP
  [0.339388] Modules linked in:
  [0.339388] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.13.11-ckt39-trusty 
#6
  [0.339388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1ubuntu1 04/01/2014
  [0.339388] task: 88003f708000 ti: 88003f6fa000 task.ti: 
88003f6fa000
  [0.339388] RIP: 0010:[]  [] 
0x014142f0
  [0.339388] RSP: :88003f6fbe98  EFLAGS: 00050246
  [0.339388] RAX:  RBX:  RCX: 

  [0.339388] RDX:  RSI: 88003deb9eb4 RDI: 
818b8590
  [0.339388] RBP: 88003f6fbe98 R08:  R09: 
88003fa14ae0
  [0.339388] R10: 81264c68 R11: eafdd000 R12: 
818b8590
  [0.339388] R13: 00ad R14:  R15: 

  [0.339388] FS:  () GS:88003fa0() 
knlGS:
  [0.339388] CS:  0010 DS:  ES:  CR0: 80050033
  [0.339388] CR2: 014142f0 CR3: 0180c000 CR4: 
00360770
  [0.339388] DR0:  DR1:  DR2: 

  [0.339388] DR3:  DR6: fffe0ff0 DR7: 
0400
  [0.339388] Stack:
  [0.339388]  88003f6fbf08 81000402 88003f6fbf00 
81065f88
  [0.339388]  88003f6fbef0 88003ffd96a1 817e9d28 
00ad00060006
  [0.339388]  817b013d 8196cef0 8196d018 
0006
  [0.339388] Call Trace:
  [0.339388]  [] do_one_initcall+0xf2/0x140
  [0.339388]  [] ? parse_args+0x1e8/0x320
  [0.339388]  [] kernel_init_freeable+0x14c/0x1d1
  [0.339388]  [] ? do_early_param+0x88/0x88
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388]  [] kernel_init+0x9/0x120
  [0.339388]  [] ret_from_fork+0x6e/0xa0
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388] Code:  Bad RIP value.
  [0.339388] RIP  [] 0x014142f0
  [0.339388]  RSP 
  [0.339388] CR2: 014142f0
  [0.339388] ---[ end trace a71242bdac7e8632 ]---
  [0.339388] note: swapper/0[1] exited with preempt_count 1
  [0.357079] swapper/0 (1) used greatest stack depth: 5424 bytes left
  [0.357539] Kernel panic - not syncing: Attempted to kill init! 
exitcode=0x0009
  [0.357539]
  [0.358073] Kernel Offset: 0x0 from 0x8100 (relocation range: 
0x8000-0x9fff)

  Git bisect identified the following commit as the culprit:
  commit 56764fdc3a847371531b8044155c70412fc5be76
  Author: Andy Whitcroft 
  Date:   Thu Feb 22 11:24:00 2018 +0100

  UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection

  BugLink: http://bugs.launchpad.net/bugs/1750786

  The existing code intends to identify a subset of fixups which need
  special handling, uaccess related faults need to record the failure.
  This is done by adjusting the fixup code pointer by 

[Kernel-packages] [Bug 1757193] Re: Boot crash with Trusty 3.13

[Kleber Sacilotto de Souza]

** Changed in: linux (Ubuntu Trusty)
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1757193

Title:
  Boot crash with Trusty 3.13

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Committed

Bug description:
  == SRU Justification ==
  Custom compilation of the Trusty 3.13 kernel codebase results in a 
(reproducible) QEMU boot crash (see below).

  == Fix ==
  Replace UBUNTU SAUCE patch with proper upstream commit:
  548acf19234d ("x86/mm: Expand the exception table logic to allow new handling 
options")

  == Regression Potential ==
  Medium. The patch is quite large but the backport was a simple context 
adjustment. Ran the x86 selftests and perf NMI tests for several hours to 
verify stability.

  == Test Case ==
  Compile the Trusty 3.13 kernel code using the default config (make defconfig) 
and run the resulting kernel in QMEU. Crashes every time.


  Original bug description:

  While doing kernel testing using the Trusty 3.13 code base, I get the
  following boot crash with QEMU:

  [0.338393] BUG: unable to handle kernel paging request at 014142f0
  [0.338987] IP: [] 0x014142f0
  [0.339388] PGD 180f067 PUD 0
  [0.339388] Oops: 0010 [#1] SMP
  [0.339388] Modules linked in:
  [0.339388] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.13.11-ckt39-trusty 
#6
  [0.339388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1ubuntu1 04/01/2014
  [0.339388] task: 88003f708000 ti: 88003f6fa000 task.ti: 
88003f6fa000
  [0.339388] RIP: 0010:[]  [] 
0x014142f0
  [0.339388] RSP: :88003f6fbe98  EFLAGS: 00050246
  [0.339388] RAX:  RBX:  RCX: 

  [0.339388] RDX:  RSI: 88003deb9eb4 RDI: 
818b8590
  [0.339388] RBP: 88003f6fbe98 R08:  R09: 
88003fa14ae0
  [0.339388] R10: 81264c68 R11: eafdd000 R12: 
818b8590
  [0.339388] R13: 00ad R14:  R15: 

  [0.339388] FS:  () GS:88003fa0() 
knlGS:
  [0.339388] CS:  0010 DS:  ES:  CR0: 80050033
  [0.339388] CR2: 014142f0 CR3: 0180c000 CR4: 
00360770
  [0.339388] DR0:  DR1:  DR2: 

  [0.339388] DR3:  DR6: fffe0ff0 DR7: 
0400
  [0.339388] Stack:
  [0.339388]  88003f6fbf08 81000402 88003f6fbf00 
81065f88
  [0.339388]  88003f6fbef0 88003ffd96a1 817e9d28 
00ad00060006
  [0.339388]  817b013d 8196cef0 8196d018 
0006
  [0.339388] Call Trace:
  [0.339388]  [] do_one_initcall+0xf2/0x140
  [0.339388]  [] ? parse_args+0x1e8/0x320
  [0.339388]  [] kernel_init_freeable+0x14c/0x1d1
  [0.339388]  [] ? do_early_param+0x88/0x88
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388]  [] kernel_init+0x9/0x120
  [0.339388]  [] ret_from_fork+0x6e/0xa0
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388] Code:  Bad RIP value.
  [0.339388] RIP  [] 0x014142f0
  [0.339388]  RSP 
  [0.339388] CR2: 014142f0
  [0.339388] ---[ end trace a71242bdac7e8632 ]---
  [0.339388] note: swapper/0[1] exited with preempt_count 1
  [0.357079] swapper/0 (1) used greatest stack depth: 5424 bytes left
  [0.357539] Kernel panic - not syncing: Attempted to kill init! 
exitcode=0x0009
  [0.357539]
  [0.358073] Kernel Offset: 0x0 from 0x8100 (relocation range: 
0x8000-0x9fff)

  Git bisect identified the following commit as the culprit:
  commit 56764fdc3a847371531b8044155c70412fc5be76
  Author: Andy Whitcroft 
  Date:   Thu Feb 22 11:24:00 2018 +0100

  UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection

  BugLink: http://bugs.launchpad.net/bugs/1750786

  The existing code intends to identify a subset of fixups which need
  special handling, uaccess related faults need to record the failure.
  This is done by adjusting the fixup code pointer by a (random) constant
  0x7ff0.  This is detected in fixup_exception by comparing the two
  pointers.  The intent of this code is to detect the the delta between
  the original code and its fixup code being greater than the constant.
  However, the code as written triggers undefined comparison behaviour.
  In this kernel this prevents the condition triggering, leading to panics
  when jumping to the corrupted fixup address.

  Convert the code to better implement the intent.  Convert both of the
  offsets to final addresses and 

[Kernel-packages] [Bug 1757193] Re: Boot crash with Trusty 3.13

[Stefan Bader]

I am assuming this is only needed for trusty and so invalid for the
development task.

** Changed in: linux (Ubuntu)
   Status: Triaged => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1757193

Title:
  Boot crash with Trusty 3.13

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Triaged

Bug description:
  == SRU Justification ==
  Custom compilation of the Trusty 3.13 kernel codebase results in a 
(reproducible) QEMU boot crash (see below).

  == Fix ==
  Replace UBUNTU SAUCE patch with proper upstream commit:
  548acf19234d ("x86/mm: Expand the exception table logic to allow new handling 
options")

  == Regression Potential ==
  Medium. The patch is quite large but the backport was a simple context 
adjustment. Ran the x86 selftests and perf NMI tests for several hours to 
verify stability.

  == Test Case ==
  Compile the Trusty 3.13 kernel code using the default config (make defconfig) 
and run the resulting kernel in QMEU. Crashes every time.


  Original bug description:

  While doing kernel testing using the Trusty 3.13 code base, I get the
  following boot crash with QEMU:

  [0.338393] BUG: unable to handle kernel paging request at 014142f0
  [0.338987] IP: [] 0x014142f0
  [0.339388] PGD 180f067 PUD 0
  [0.339388] Oops: 0010 [#1] SMP
  [0.339388] Modules linked in:
  [0.339388] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.13.11-ckt39-trusty 
#6
  [0.339388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1ubuntu1 04/01/2014
  [0.339388] task: 88003f708000 ti: 88003f6fa000 task.ti: 
88003f6fa000
  [0.339388] RIP: 0010:[]  [] 
0x014142f0
  [0.339388] RSP: :88003f6fbe98  EFLAGS: 00050246
  [0.339388] RAX:  RBX:  RCX: 

  [0.339388] RDX:  RSI: 88003deb9eb4 RDI: 
818b8590
  [0.339388] RBP: 88003f6fbe98 R08:  R09: 
88003fa14ae0
  [0.339388] R10: 81264c68 R11: eafdd000 R12: 
818b8590
  [0.339388] R13: 00ad R14:  R15: 

  [0.339388] FS:  () GS:88003fa0() 
knlGS:
  [0.339388] CS:  0010 DS:  ES:  CR0: 80050033
  [0.339388] CR2: 014142f0 CR3: 0180c000 CR4: 
00360770
  [0.339388] DR0:  DR1:  DR2: 

  [0.339388] DR3:  DR6: fffe0ff0 DR7: 
0400
  [0.339388] Stack:
  [0.339388]  88003f6fbf08 81000402 88003f6fbf00 
81065f88
  [0.339388]  88003f6fbef0 88003ffd96a1 817e9d28 
00ad00060006
  [0.339388]  817b013d 8196cef0 8196d018 
0006
  [0.339388] Call Trace:
  [0.339388]  [] do_one_initcall+0xf2/0x140
  [0.339388]  [] ? parse_args+0x1e8/0x320
  [0.339388]  [] kernel_init_freeable+0x14c/0x1d1
  [0.339388]  [] ? do_early_param+0x88/0x88
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388]  [] kernel_init+0x9/0x120
  [0.339388]  [] ret_from_fork+0x6e/0xa0
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388] Code:  Bad RIP value.
  [0.339388] RIP  [] 0x014142f0
  [0.339388]  RSP 
  [0.339388] CR2: 014142f0
  [0.339388] ---[ end trace a71242bdac7e8632 ]---
  [0.339388] note: swapper/0[1] exited with preempt_count 1
  [0.357079] swapper/0 (1) used greatest stack depth: 5424 bytes left
  [0.357539] Kernel panic - not syncing: Attempted to kill init! 
exitcode=0x0009
  [0.357539]
  [0.358073] Kernel Offset: 0x0 from 0x8100 (relocation range: 
0x8000-0x9fff)

  Git bisect identified the following commit as the culprit:
  commit 56764fdc3a847371531b8044155c70412fc5be76
  Author: Andy Whitcroft 
  Date:   Thu Feb 22 11:24:00 2018 +0100

  UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection

  BugLink: http://bugs.launchpad.net/bugs/1750786

  The existing code intends to identify a subset of fixups which need
  special handling, uaccess related faults need to record the failure.
  This is done by adjusting the fixup code pointer by a (random) constant
  0x7ff0.  This is detected in fixup_exception by comparing the two
  pointers.  The intent of this code is to detect the the delta between
  the original code and its fixup code being greater than the constant.
  However, the code as written triggers undefined comparison behaviour.
  In this kernel this prevents the condition triggering, leading to panics
  when jumping to the corrupted fixup address.

  Convert the code to better implement the 

[Kernel-packages] [Bug 1757193] Re: Boot crash with Trusty 3.13

[Juerg Haefliger]

** Description changed:

+ == SRU Justification ==
+ Custom compilation of the Trusty 3.13 kernel codebase results in a 
(reproducible) QEMU boot crash (see below).
+ 
+ == Fix ==
+ Replace UBUNTU SAUCE patch with proper upstream commit:
+ 548acf19234d ("x86/mm: Expand the exception table logic to allow new handling 
options")
+ 
+ == Regression Potential ==
+ Medium. The patch is quite large but the backport was a simple context 
adjustment. Ran the x86 selftests and perf NMI tests for several hours to 
verify stability.
+ 
+ == Test Case ==
+ Compile the Trusty 3.13 kernel code using the default config (make defconfig) 
and run the resulting kernel in QMEU. Crashes every time.
+ 
+ 
+ Original bug description:
+ 
  While doing kernel testing using the Trusty 3.13 code base, I get the
  following boot crash with QEMU:
  
  [0.338393] BUG: unable to handle kernel paging request at 014142f0
  [0.338987] IP: [] 0x014142f0
- [0.339388] PGD 180f067 PUD 0 
- [0.339388] Oops: 0010 [#1] SMP 
+ [0.339388] PGD 180f067 PUD 0
+ [0.339388] Oops: 0010 [#1] SMP
  [0.339388] Modules linked in:
  [0.339388] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.13.11-ckt39-trusty 
#6
  [0.339388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1ubuntu1 04/01/2014
  [0.339388] task: 88003f708000 ti: 88003f6fa000 task.ti: 
88003f6fa000
  [0.339388] RIP: 0010:[]  [] 
0x014142f0
  [0.339388] RSP: :88003f6fbe98  EFLAGS: 00050246
  [0.339388] RAX:  RBX:  RCX: 

  [0.339388] RDX:  RSI: 88003deb9eb4 RDI: 
818b8590
  [0.339388] RBP: 88003f6fbe98 R08:  R09: 
88003fa14ae0
  [0.339388] R10: 81264c68 R11: eafdd000 R12: 
818b8590
  [0.339388] R13: 00ad R14:  R15: 

  [0.339388] FS:  () GS:88003fa0() 
knlGS:
  [0.339388] CS:  0010 DS:  ES:  CR0: 80050033
  [0.339388] CR2: 014142f0 CR3: 0180c000 CR4: 
00360770
  [0.339388] DR0:  DR1:  DR2: 

  [0.339388] DR3:  DR6: fffe0ff0 DR7: 
0400
  [0.339388] Stack:
  [0.339388]  88003f6fbf08 81000402 88003f6fbf00 
81065f88
  [0.339388]  88003f6fbef0 88003ffd96a1 817e9d28 
00ad00060006
  [0.339388]  817b013d 8196cef0 8196d018 
0006
  [0.339388] Call Trace:
  [0.339388]  [] do_one_initcall+0xf2/0x140
  [0.339388]  [] ? parse_args+0x1e8/0x320
  [0.339388]  [] kernel_init_freeable+0x14c/0x1d1
  [0.339388]  [] ? do_early_param+0x88/0x88
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388]  [] kernel_init+0x9/0x120
  [0.339388]  [] ret_from_fork+0x6e/0xa0
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388] Code:  Bad RIP value.
  [0.339388] RIP  [] 0x014142f0
  [0.339388]  RSP 
  [0.339388] CR2: 014142f0
  [0.339388] ---[ end trace a71242bdac7e8632 ]---
  [0.339388] note: swapper/0[1] exited with preempt_count 1
  [0.357079] swapper/0 (1) used greatest stack depth: 5424 bytes left
  [0.357539] Kernel panic - not syncing: Attempted to kill init! 
exitcode=0x0009
- [0.357539] 
+ [0.357539]
  [0.358073] Kernel Offset: 0x0 from 0x8100 (relocation range: 
0x8000-0x9fff)
  
  Git bisect identified the following commit as the culprit:
  commit 56764fdc3a847371531b8044155c70412fc5be76
  Author: Andy Whitcroft 
  Date:   Thu Feb 22 11:24:00 2018 +0100
  
- UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection
- 
- BugLink: http://bugs.launchpad.net/bugs/1750786
- 
- The existing code intends to identify a subset of fixups which need
- special handling, uaccess related faults need to record the failure.
- This is done by adjusting the fixup code pointer by a (random) constant
- 0x7ff0.  This is detected in fixup_exception by comparing the two
- pointers.  The intent of this code is to detect the the delta between
- the original code and its fixup code being greater than the constant.
- However, the code as written triggers undefined comparison behaviour.
- In this kernel this prevents the condition triggering, leading to panics
- when jumping to the corrupted fixup address.
- 
- Convert the code to better implement the intent.  Convert both of the
- offsets to final addresses and compare the delta between those.  Also add
- a massive comment to explain all of this including the implicit 
assumptions
- on order of the segments that this comparison implies.
- 
- Fixes: 706276543b69 ("x86, extable: Switch to 

[Kernel-packages] [Bug 1757193] Re: Boot crash with Trusty 3.13

[Juerg Haefliger]

** Changed in: linux (Ubuntu Trusty)
 Assignee: (unassigned) => Juerg Haefliger (juergh)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1757193

Title:
  Boot crash with Trusty 3.13

Status in linux package in Ubuntu:
  Triaged
Status in linux source package in Trusty:
  Triaged

Bug description:
  While doing kernel testing using the Trusty 3.13 code base, I get the
  following boot crash with QEMU:

  [0.338393] BUG: unable to handle kernel paging request at 014142f0
  [0.338987] IP: [] 0x014142f0
  [0.339388] PGD 180f067 PUD 0 
  [0.339388] Oops: 0010 [#1] SMP 
  [0.339388] Modules linked in:
  [0.339388] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.13.11-ckt39-trusty 
#6
  [0.339388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1ubuntu1 04/01/2014
  [0.339388] task: 88003f708000 ti: 88003f6fa000 task.ti: 
88003f6fa000
  [0.339388] RIP: 0010:[]  [] 
0x014142f0
  [0.339388] RSP: :88003f6fbe98  EFLAGS: 00050246
  [0.339388] RAX:  RBX:  RCX: 

  [0.339388] RDX:  RSI: 88003deb9eb4 RDI: 
818b8590
  [0.339388] RBP: 88003f6fbe98 R08:  R09: 
88003fa14ae0
  [0.339388] R10: 81264c68 R11: eafdd000 R12: 
818b8590
  [0.339388] R13: 00ad R14:  R15: 

  [0.339388] FS:  () GS:88003fa0() 
knlGS:
  [0.339388] CS:  0010 DS:  ES:  CR0: 80050033
  [0.339388] CR2: 014142f0 CR3: 0180c000 CR4: 
00360770
  [0.339388] DR0:  DR1:  DR2: 

  [0.339388] DR3:  DR6: fffe0ff0 DR7: 
0400
  [0.339388] Stack:
  [0.339388]  88003f6fbf08 81000402 88003f6fbf00 
81065f88
  [0.339388]  88003f6fbef0 88003ffd96a1 817e9d28 
00ad00060006
  [0.339388]  817b013d 8196cef0 8196d018 
0006
  [0.339388] Call Trace:
  [0.339388]  [] do_one_initcall+0xf2/0x140
  [0.339388]  [] ? parse_args+0x1e8/0x320
  [0.339388]  [] kernel_init_freeable+0x14c/0x1d1
  [0.339388]  [] ? do_early_param+0x88/0x88
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388]  [] kernel_init+0x9/0x120
  [0.339388]  [] ret_from_fork+0x6e/0xa0
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388] Code:  Bad RIP value.
  [0.339388] RIP  [] 0x014142f0
  [0.339388]  RSP 
  [0.339388] CR2: 014142f0
  [0.339388] ---[ end trace a71242bdac7e8632 ]---
  [0.339388] note: swapper/0[1] exited with preempt_count 1
  [0.357079] swapper/0 (1) used greatest stack depth: 5424 bytes left
  [0.357539] Kernel panic - not syncing: Attempted to kill init! 
exitcode=0x0009
  [0.357539] 
  [0.358073] Kernel Offset: 0x0 from 0x8100 (relocation range: 
0x8000-0x9fff)

  Git bisect identified the following commit as the culprit:
  commit 56764fdc3a847371531b8044155c70412fc5be76
  Author: Andy Whitcroft 
  Date:   Thu Feb 22 11:24:00 2018 +0100

  UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection
  
  BugLink: http://bugs.launchpad.net/bugs/1750786
  
  The existing code intends to identify a subset of fixups which need
  special handling, uaccess related faults need to record the failure.
  This is done by adjusting the fixup code pointer by a (random) constant
  0x7ff0.  This is detected in fixup_exception by comparing the two
  pointers.  The intent of this code is to detect the the delta between
  the original code and its fixup code being greater than the constant.
  However, the code as written triggers undefined comparison behaviour.
  In this kernel this prevents the condition triggering, leading to panics
  when jumping to the corrupted fixup address.
  
  Convert the code to better implement the intent.  Convert both of the
  offsets to final addresses and compare the delta between those.  Also add
  a massive comment to explain all of this including the implicit 
assumptions
  on order of the segments that this comparison implies.
  
  Fixes: 706276543b69 ("x86, extable: Switch to relative exception table 
entries")
  Signed-off-by: Andy Whitcroft 
  Acked-by: Colin Ian King 
  Acked-by: Khalid Elmously 
  Signed-off-by: Kleber Sacilotto de Souza 

To manage notifications about this bug go to:

[Kernel-packages] [Bug 1757193] Re: Boot crash with Trusty 3.13

[Joseph Salisbury]

** Also affects: linux (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Trusty)
   Status: New => Triaged

** Changed in: linux (Ubuntu)
   Status: Incomplete => Triaged

** Changed in: linux (Ubuntu Trusty)
   Importance: Undecided => High

** Changed in: linux (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1757193

Title:
  Boot crash with Trusty 3.13

Status in linux package in Ubuntu:
  Triaged
Status in linux source package in Trusty:
  Triaged

Bug description:
  While doing kernel testing using the Trusty 3.13 code base, I get the
  following boot crash with QEMU:

  [0.338393] BUG: unable to handle kernel paging request at 014142f0
  [0.338987] IP: [] 0x014142f0
  [0.339388] PGD 180f067 PUD 0 
  [0.339388] Oops: 0010 [#1] SMP 
  [0.339388] Modules linked in:
  [0.339388] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.13.11-ckt39-trusty 
#6
  [0.339388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1ubuntu1 04/01/2014
  [0.339388] task: 88003f708000 ti: 88003f6fa000 task.ti: 
88003f6fa000
  [0.339388] RIP: 0010:[]  [] 
0x014142f0
  [0.339388] RSP: :88003f6fbe98  EFLAGS: 00050246
  [0.339388] RAX:  RBX:  RCX: 

  [0.339388] RDX:  RSI: 88003deb9eb4 RDI: 
818b8590
  [0.339388] RBP: 88003f6fbe98 R08:  R09: 
88003fa14ae0
  [0.339388] R10: 81264c68 R11: eafdd000 R12: 
818b8590
  [0.339388] R13: 00ad R14:  R15: 

  [0.339388] FS:  () GS:88003fa0() 
knlGS:
  [0.339388] CS:  0010 DS:  ES:  CR0: 80050033
  [0.339388] CR2: 014142f0 CR3: 0180c000 CR4: 
00360770
  [0.339388] DR0:  DR1:  DR2: 

  [0.339388] DR3:  DR6: fffe0ff0 DR7: 
0400
  [0.339388] Stack:
  [0.339388]  88003f6fbf08 81000402 88003f6fbf00 
81065f88
  [0.339388]  88003f6fbef0 88003ffd96a1 817e9d28 
00ad00060006
  [0.339388]  817b013d 8196cef0 8196d018 
0006
  [0.339388] Call Trace:
  [0.339388]  [] do_one_initcall+0xf2/0x140
  [0.339388]  [] ? parse_args+0x1e8/0x320
  [0.339388]  [] kernel_init_freeable+0x14c/0x1d1
  [0.339388]  [] ? do_early_param+0x88/0x88
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388]  [] kernel_init+0x9/0x120
  [0.339388]  [] ret_from_fork+0x6e/0xa0
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388] Code:  Bad RIP value.
  [0.339388] RIP  [] 0x014142f0
  [0.339388]  RSP 
  [0.339388] CR2: 014142f0
  [0.339388] ---[ end trace a71242bdac7e8632 ]---
  [0.339388] note: swapper/0[1] exited with preempt_count 1
  [0.357079] swapper/0 (1) used greatest stack depth: 5424 bytes left
  [0.357539] Kernel panic - not syncing: Attempted to kill init! 
exitcode=0x0009
  [0.357539] 
  [0.358073] Kernel Offset: 0x0 from 0x8100 (relocation range: 
0x8000-0x9fff)

  Git bisect identified the following commit as the culprit:
  commit 56764fdc3a847371531b8044155c70412fc5be76
  Author: Andy Whitcroft 
  Date:   Thu Feb 22 11:24:00 2018 +0100

  UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection
  
  BugLink: http://bugs.launchpad.net/bugs/1750786
  
  The existing code intends to identify a subset of fixups which need
  special handling, uaccess related faults need to record the failure.
  This is done by adjusting the fixup code pointer by a (random) constant
  0x7ff0.  This is detected in fixup_exception by comparing the two
  pointers.  The intent of this code is to detect the the delta between
  the original code and its fixup code being greater than the constant.
  However, the code as written triggers undefined comparison behaviour.
  In this kernel this prevents the condition triggering, leading to panics
  when jumping to the corrupted fixup address.
  
  Convert the code to better implement the intent.  Convert both of the
  offsets to final addresses and compare the delta between those.  Also add
  a massive comment to explain all of this including the implicit 
assumptions
  on order of the segments that this comparison implies.
  
  Fixes: 706276543b69 ("x86, extable: Switch to relative exception table 
entries")
  Signed-off-by: Andy Whitcroft 
  Acked-by: Colin Ian King 
 

[Kernel-packages] [Bug 1757193] Re: Boot crash with Trusty 3.13

[Juerg Haefliger]

The upstream commit that fixes 706276543b69 ("x86, extable: Switch to
relative exception table entries") (which the problematic commit tries
to do as well) is:

ommit 548acf19234dbda5a52d5a8e7e205af46e9da840
Author: Tony Luck 
Date:   Wed Feb 17 10:20:12 2016 -0800

x86/mm: Expand the exception table logic to allow new handling options

Huge amounts of help from  Andy Lutomirski and Borislav Petkov to
produce this. Andy provided the inspiration to add classes to the
exception table with a clever bit-squeezing trick, Boris pointed
out how much cleaner it would all be if we just had a new field.

Linus Torvalds blessed the expansion with:

  ' I'd rather not be clever in order to save just a tiny amount of space
in the exception table, which isn't really criticial for anybody. '

The third field is another relative function pointer, this one to a
handler that executes the actions.

We start out with three handlers:

 1: Legacy - just jumps the to fixup IP
 2: Fault - provide the trap number in %ax to the fixup code
 3: Cleaned up legacy for the uaccess error hack

Signed-off-by: Tony Luck 
Reviewed-by: Borislav Petkov 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Link: 
http://lkml.kernel.org/r/f6af78fcbd348cf4939875cfda9c19689b5e50b8.1455732970.git.tony.l...@intel.com
Signed-off-by: Ingo Molnar 

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1757193

Title:
  Boot crash with Trusty 3.13

Status in linux package in Ubuntu:
  New

Bug description:
  While doing kernel testing using the Trusty 3.13 code base, I get the
  following boot crash with QEMU:

  [0.338393] BUG: unable to handle kernel paging request at 014142f0
  [0.338987] IP: [] 0x014142f0
  [0.339388] PGD 180f067 PUD 0 
  [0.339388] Oops: 0010 [#1] SMP 
  [0.339388] Modules linked in:
  [0.339388] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.13.11-ckt39-trusty 
#6
  [0.339388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1ubuntu1 04/01/2014
  [0.339388] task: 88003f708000 ti: 88003f6fa000 task.ti: 
88003f6fa000
  [0.339388] RIP: 0010:[]  [] 
0x014142f0
  [0.339388] RSP: :88003f6fbe98  EFLAGS: 00050246
  [0.339388] RAX:  RBX:  RCX: 

  [0.339388] RDX:  RSI: 88003deb9eb4 RDI: 
818b8590
  [0.339388] RBP: 88003f6fbe98 R08:  R09: 
88003fa14ae0
  [0.339388] R10: 81264c68 R11: eafdd000 R12: 
818b8590
  [0.339388] R13: 00ad R14:  R15: 

  [0.339388] FS:  () GS:88003fa0() 
knlGS:
  [0.339388] CS:  0010 DS:  ES:  CR0: 80050033
  [0.339388] CR2: 014142f0 CR3: 0180c000 CR4: 
00360770
  [0.339388] DR0:  DR1:  DR2: 

  [0.339388] DR3:  DR6: fffe0ff0 DR7: 
0400
  [0.339388] Stack:
  [0.339388]  88003f6fbf08 81000402 88003f6fbf00 
81065f88
  [0.339388]  88003f6fbef0 88003ffd96a1 817e9d28 
00ad00060006
  [0.339388]  817b013d 8196cef0 8196d018 
0006
  [0.339388] Call Trace:
  [0.339388]  [] do_one_initcall+0xf2/0x140
  [0.339388]  [] ? parse_args+0x1e8/0x320
  [0.339388]  [] kernel_init_freeable+0x14c/0x1d1
  [0.339388]  [] ? do_early_param+0x88/0x88
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388]  [] kernel_init+0x9/0x120
  [0.339388]  [] ret_from_fork+0x6e/0xa0
  [0.339388]  [] ? rest_init+0x80/0x80
  [0.339388] Code:  Bad RIP value.
  [0.339388] RIP  [] 0x014142f0
  [0.339388]  RSP 
  [0.339388] CR2: 014142f0
  [0.339388] ---[ end trace a71242bdac7e8632 ]---
  [0.339388] note: swapper/0[1] exited with preempt_count 1
  [0.357079] swapper/0 (1) used greatest stack depth: 5424 bytes left
  [0.357539] Kernel panic - not syncing: Attempted to kill init! 
exitcode=0x0009
  [0.357539] 
  [0.358073] Kernel Offset: 0x0 from 0x8100 (relocation range: 
0x8000-0x9fff)

  Git bisect identified the following commit as the culprit:
  commit 56764fdc3a847371531b8044155c70412fc5be76
  Author: Andy Whitcroft 
  Date:   Thu Feb 22 11:24:00 2018 +0100

  UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection
  
  BugLink: http://bugs.launchpad.net/bugs/1750786