Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

Default Comment by Bridge

------- Comment From <email address hidden> 2019-04-02 15:26 EDT-------
Disco appears to be missing only this patch on master, but it's included on master-next:
92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting

The HWE and Cosmic are missing these patches:
cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line
6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch()
406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific
06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions
dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush
ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush
ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings
99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings
7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting
92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting

HWE-edge is missing the last patch still at this moment.

Hi Michael R,

I tried to apply your patches to test them and support the effort to get them included in the Bionic kernel, but I'm having some trouble applying them:

ubuntu@dja-bionic:~/bionic$ git am ../patches/01-powerpc-64s-add-support-for-ori-barrier_nospec.patch
Patch format detection failed.
ubuntu@dja-bionic:~/bionic$ git am ../patches/01-powerpc-64s-add-support-for-ori-barrier_nospec.patch --patch-format mbox
Applying: commit 2eea7f067f495e33b8b116b35b5988ab2b8aec55
fatal: empty ident name (for <>) not allowed

How are you generating them? They don't look like they've been generated with git format-patch...?

Regards,
Daniel

------- Comment From <email address hidden> 2019-04-09 10:04 EDT-------
There's a couple extra patches we need to add to have all the mitigations (some that are from earlier than these DD 2.3 changes) from here:
https://github.com/linuxppc/wiki/wiki/Spectre-and-Meltdown-Related-Commits

I'll attach that later today.

------- Comment on attachment From <email address hidden> 2019-04-10 06:26 EDT-------

This is the set of patches listed above plus:
2b57ecd0208f KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char()

That one is needed for qemu. There aren't any earlier patches that are needed.

I tested this out:
mranweil@ltc-wspoon5:~$ dmesg |grep count-cache-flush
[ 0.000000] count-cache-flush: hardware assisted flush sequence enabled
mranweil@ltc-wspoon5:~$ grep -H . /sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush (hardware acceleratd)
mranweil@ltc-wspoon5:~$

6:mon> di $_switch 20
c00000000000db00 7c0802a6 mflr r0
c00000000000db04 f8010010 std r0,16(r1)
c00000000000db08 f821fe31 stdu r1,-464(r1)
c00000000000db0c f9c100e0 std r14,224(r1)
c00000000000db10 f9e100e8 std r15,232(r1)
c00000000000db14 fa0100f0 std r16,240(r1)
c00000000000db18 fa2100f8 std r17,248(r1)
c00000000000db1c fa410100 std r18,256(r1)
c00000000000db20 fa610108 std r19,264(r1)
c00000000000db24 fa810110 std r20,272(r1)
c00000000000db28 faa10118 std r21,280(r1)
c00000000000db2c fac10120 std r22,288(r1)
c00000000000db30 fae10128 std r23,296(r1)
c00000000000db34 fb010130 std r24,304(r1)
c00000000000db38 fb210138 std r25,312(r1)
c00000000000db3c fb410140 std r26,320(r1)
c00000000000db40 fb610148 std r27,328(r1)
c00000000000db44 fb810150 std r28,336(r1)
c00000000000db48 fba10158 std r29,344(r1)
c00000000000db4c fbc10160 std r30,352(r1)
c00000000000db50 fbe10168 std r31,360(r1)
c00000000000db54 f8010170 std r0,368(r1)
c00000000000db58 7ee00026 mfcr r23
c00000000000db5c fae101a0 std r23,416(r1)
c00000000000db60 f8230000 std r1,0(r3)
c00000000000db64 4bffdb1d bl c00000000000b680 # flush_count_cache+0x0/0x2480
c00000000000db68 3cc06000 lis r6,24576
c00000000000db6c 7d40322c dcbt 0,r6,10
c00000000000db70 38c4f4d0 addi r6,r4,-2864
c00000000000db74 f8cd0260 std r6,608(r13)
c00000000000db78 e9040000 ld r8,0(r4)
c00000000000db7c 48000064 b c00000000000dbe0 # _switch+0xe0/0x180
6:mon> di $flush_count_cache 4d
c00000000000b680 7d2802a6 mflr r9
c00000000000b684 48000005 bl c00000000000b688 # flush_count_cache+0x8/0x2480
 ...
c00000000000b784 4800001c b c00000000000b7a0 # flush_count_cache+0x120/0x2480
c00000000000b788 60000000 nop
 ...
c00000000000b7a0 7d2803a6 mtlr r9
c00000000000b7a4 39207fff li r9,32767
c00000000000b7a8 7d2903a6 mtctr r9
c00000000000b7ac 4c400420 bcctr- 2,lt
c00000000000b7b0 4e800020 blr
6:mon>

Michael,

I have test kernel with the patches cherry-picked/backported to 4.15
bionic. We do not have a dd2.3 hw in-house, could you please validate that
this kernel works for you and report back in the bug report?

https://launchpad.net/~ubuntu-power-triage/+archive/ubuntu/lp1822870/

Once I get the validation results I can send a pull request to the kernel
team.

Thanks
--
============================
Manoj Iyer
Ubuntu/Canonical
============================

------- Comment From <email address hidden> 2019-04-10 23:12 EDT-------
Hi Manoj,

Looks good, I think, here's some output:
mranweil@ltc-wspoon5:~$ cat /proc/version
Linux version 4.15.0-48-generic (buildd@bos02-ppc64el-015) (gcc version 7.3.0 (Ubuntu 7.3.0-27ubuntu1~18.04)) #51~lp1822870+build.2-Ubuntu SMP Wed Apr 10 21:12:08 UTC 2019
mranweil@ltc-wspoon5:~$ dmesg |grep count-cache-flush
[ 0.000000] count-cache-flush: hardware assisted flush sequence enabled
mranweil@ltc-wspoon5:~$ grep -H . /sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush (hardware acceleratd)

29:mon> di $_switch 20
<snip>
c00000000000db54 f8010170 std r0,368(r1)
c00000000000db58 7ee00026 mfcr r23
c00000000000db5c fae101a0 std r23,416(r1)
c00000000000db60 f8230000 std r1,0(r3)
c00000000000db64 4bffdb1d bl c00000000000b680 # flush_count_cache+0x0/0x2480
c00000000000db68 3cc06000 lis r6,24576
29:mon> di $flush_count_cache 4d
c00000000000b680 7d2802a6 mflr r9
c00000000000b684 48000005 bl c00000000000b688 # flush_count_cache+0x8/0x2480
...
c00000000000b784 4800001c b c00000000000b7a0 # flush_count_cache+0x120/0x2480
c00000000000b788 60000000 nop
...
c00000000000b7a0 7d2803a6 mtlr r9
c00000000000b7a4 39207fff li r9,32767
c00000000000b7a8 7d2903a6 mtctr r9
c00000000000b7ac 4c400420 bcctr- 2,lt
c00000000000b7b0 4e800020 blr
29:mon>

------- Comment From <email address hidden> 2019-04-11 03:16 EDT-------
We're missing one more patch - we need 51c3c62b58b3 powerpc: Avoid code patching freed init sections added in. I will attach a new patch tarball including that after I try that out.

Michael,

I can patch that on top of the patches I already have and build a PPA kernel out for you for testing.

Michael,

I backported that patch and built a new kernel for you to test in this PPA:

https://launchpad.net/~ubuntu-power-triage/+archive/ubuntu/lp1822870

------- Comment From <email address hidden> 2019-04-12 02:19 EDT-------
This passed my tests in simulator.

------- Comment on attachment From <email address hidden> 2019-04-12 05:43 EDT-------

Hi Manoj, thank you. I attached a tarball with patches - in addition to that one it looked best to add these in:
8cf4c05712f0 powerpc/lib/code-patching: refactor patch_instruction()
8183d99f4a22 powerpc/lib/feature-fixups: use raw_patch_instruction()
51c3c62b58b3 powerpc: Avoid code patching freed init sections
b45ba4a51cde powerpc/lib: fix book3s/32 boot failure due to code patching

The first two are just pre-reqs to keep it cleaner, but since 37bc3e5fd764 is in that seems the right thing to do. The last mostly fixes an error on 32 bit ppc kernels, which aren't supported, but this keeps it closer to upstream in the event of needing some further changes and cleans it up.

I tested this with:
root@ltc-wspoon5:/home/mranweil# echo 0 > /sys/kernel/debug/powerpc/barrier_nospec
root@ltc-wspoon5:/home/mranweil# dmesg |grep -i skip
[ 345.961730] Skipping init section patching addr: 0xc0000000010e2b1c
root@ltc-wspoon5:/home/mranweil#

In addition to the previous tests.

On Fri, 12 Apr 2019, Michael Ranweiler wrote:

> Hi Manoj - were you going to spin a new test kernel with the extra patches
> or did you want to stick where we are?  It's getting late, so I wanted to
> make sure that one of those versions could go in.  The extra 3 aren't, I
> think, critical, or could be added later, though it'd be good to have them.
> Also wanted to get them posted - should I go ahead and do that?

The latest test kernel that is available in the PPA
https://launchpad.net/~ubuntu-power-triage/+archive/ubuntu/lp1822870
includes all that patches in the tarball and the patch "51c3c62b58b3
powerpc: Avoid code patching freed init sections."' In comment #11
Ellerman@ibm verified that this kernel passes his tests in the simulator.

We would like to keep the patchset to the min number of required critical
patches. The patches to clean up code etc could trigger the kernel team to
reject the SRU because these are not critical fixes.

If you are satisfied with the set of patches that are currently
in the PPA kernel I can submit these for SRU review.

Here is the list of patches in the PPA kernel, please note the shaids wont
match with yours (upstream) because this is from the Ubuntu 4.15 kernel
source.

8db52d2ad2ce (HEAD -> spectre-1822870) powerpc: Avoid code patching freed
init sections
9358c01bc816 KVM: PPC: Book3S: Add count cache flush parameters to
kvmppc_get_cpu_char()
4c3a23aaf32f powerpc/security: Fix spectre_v2 reporting
9e74ec03431a powerpc/fsl: Add nospectre_v2 command line argument
60ec56d8b314 powerpc/fsl: Fix spectre_v2 mitigations reporting
5c2a9f5f9d9e powerpc/powernv: Query firmware for count cache flush
settings
ce74f68a8bfd powerpc/pseries: Query hypervisor for count cache flush
settings
e4ebd9989cdc powerpc/64s: Add support for software count cache flush
1d49623704bf powerpc/64s: Add new security feature flags for count cache
flush
7aa198fb1644 powerpc/asm: Add a patch_site macro & helpers for patching
instructions
4b97b64ac5cd powerpc/lib/feature-fixups: use raw_patch_instruction()
6508ea530cb7 powerpc/lib/code-patching: refactor patch_instruction()
f06866d8777e powerpc/64: Make meltdown reporting Book3S 64 specific
a40b1c85cc50 powerpc/64: Call setup_barrier_nospec() from setup_arch()
c9c86099ae24 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
82cf510fab3f powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
b4d6e3d336c3 powerpc/64: Disable the speculation barrier from the command
line
4b94b84138dd powerpc64s: Show ori31 availability in spectre_v1 sysfs file
not v2
6d63c784648f powerpc/64s: Enhance the information in cpu_show_spectre_v1()
e556e8721b0f powerpc/64: Use barrier_nospec in syscall entry
b09734c0aef5 powerpc: Use barrier_nospec in copy_from_user()
59abe6f37d98 powerpc/64s: Enable barrier_nospec based on firmware settings
f9c9cbba5139 powerpc/64s: Patch barrier_nospec in modules
b7860091936e powerpc/64s: Add support for ori barrier_nospec patching

>
> Thanks!
>
> Mike
>
> Mike Ranweiler
> <email address hidden>
>
>
> -----Michael Ranweiler/Rochester/IBM wrote: -----To: Manoj Iyer
> <email address hidden>
> From: Michael Ranweiler/Rochester/IBM
> Date: 04/11/2019 12:21AM
> Cc: 1822870...

------- Comment From <email address hidden> 2019-04-12 14:02 EDT-------
I tried out the PPA kernel you posted, Manoj, and it looks good here, too, from my testing:
mranweil@ltc-wspoon5:~$ cat /proc/version
Linux version 4.15.0-48-generic (buildd@bos02-ppc64el-002) (gcc version 7.3.0 (Ubuntu 7.3.0-27ubuntu1~18.04)) #51~lp1822870+build.4-Ubuntu SMP Thu Apr 11 21:21:18 UTC 2019
mranweil@ltc-wspoon5:~$ dmesg |grep count-cache-flush
[ 0.000000] count-cache-flush: hardware assisted flush sequence enabled
mranweil@ltc-wspoon5:~$ grep -H . /sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush (hardware acceleratd)

SRU Submitted: https://lists.ubuntu.com/archives/kernel-team/2019-April/100042.html

Marking Cosmic series as "Fix Released" following the Description comment:

"The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches."

Next steps:
1) Kernel (security) team to add verification-bionic tags
2) IBM to verify bionic -proposed pocket, and update the bug tags

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

------- Comment From <email address hidden> 2019-04-29 14:42 EDT-------
An initial test looks good, thank you!

mranweil@ltc-wspoon5:~$ dpkg --list |grep linux-image-4\.15\.0-49
ii linux-image-4.15.0-49-generic 4.15.0-49.53 ppc64el Signed kernel image generic
mranweil@ltc-wspoon5:~$ cat /proc/version
Linux version 4.15.0-49-generic (buildd@bos02-ppc64el-016) (gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) #53-Ubuntu SMP Fri Apr 26 06:44:38 UTC 2019
mranweil@ltc-wspoon5:~$ dmesg |grep count-cache-flush
[ 0.000000] count-cache-flush: hardware assisted flush sequence enabled
mranweil@ltc-wspoon5:~$ grep -H . /sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush (hardware accelerated)
mranweil@ltc-wspoon5:~$ cat /proc/cpuinfo |head
processor : 0
cpu : POWER9, altivec supported
clock : 3683.000000MHz
revision : 2.3 (pvr 004e 1203)

processor : 1
cpu : POWER9, altivec supported
clock : 3683.000000MHz
revision : 2.3 (pvr 004e 1203)

Adjusting tag according to IBM's test result in comment #19

------- Comment From <email address hidden> 2019-04-29 17:43 EDT-------
I did some more testing, including toggling /sys/kernel/debug/powerpc/count_cache_flush and checking the code in xmon before:
c00000000000db58 7ee00026 mfcr r23
c00000000000db5c fae101a0 std r23,416(r1)
c00000000000db60 f8230000 std r1,0(r3)
c00000000000db64 4bffdb1d bl c00000000000b680 # flush_count_cache+0x0/0x2480

and after:
c00000000000db58 7ee00026 mfcr r23
c00000000000db5c fae101a0 std r23,416(r1)
c00000000000db60 f8230000 std r1,0(r3)
c00000000000db64 60000000 nop

All looks correct. Thanks for flipping the tag, I think it looks good. I'll run some regression on it now, too.

This bug was fixed in the package linux - 4.15.0-50.54

---------------
linux (4.15.0-50.54) bionic; urgency=medium

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS

  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux (4.15.0-49.53) bionic; urgency=medium

  * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358)

  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD2.3) (LP: #1822870)
    - powerpc/64s: Add support for ori barrier_nospec patching
    - powerpc/64s: Patch barrier_nospec in modules
    - powerpc/64s: Enable barrier_nospec based on firmware settings
    - powerpc: Use barrier_nospec in copy_from_user()
    - powerpc/64: Use barrier_nospec in syscall entry
    - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
    - powerpc/64: Disable the speculation barrier from the command line
    - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
    - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
    - powerpc/64: Call setup_barrier_nospec() from setup_arch()
    - powerpc/64: Make meltdown reporting Book3S 64 specific
    - powerpc/lib/code-patching: refactor patch_instruction()
    - powerpc/lib/feature-fixups: use raw_patch_instruction()
    - powerpc/asm: Add a patch_site mac...

The verification of the Stable Release Update for linux-aws has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Test Environment:
- Witherspoon DD2.3
- Ubu 18.04.2

Test Result:
Ubuntu 18.04.2 LTS ltc-wcwsp3 hvc0

ltc-wcwsp3 login:
Ubuntu 18.04.2 LTS ltc-wcwsp3 hvc0

ltc-wcwsp3 login: root
Password:
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-50-generic ppc64le)

 * Documentation: https://help.ubuntu.com
 * Management: https://landscape.canonical.com
 * Support: https://ubuntu.com/advantage
root@ltc-wcwsp3:~# uname -a
Linux ltc-wcwsp3 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:55:18 UTC 2019 ppc64le ppc64le ppc64le GNU/Linux
root@ltc-wcwsp3:~# tail /proc/cpuinfo
cpu : POWER9, altivec supported
clock : 3800.000000MHz
revision : 2.3 (pvr 004e 1203)

timebase : 512000000
platform : PowerNV
model : 8335-GTW
machine : PowerNV 8335-GTW
firmware : OPAL
MMU : Radix

root@ltc-wcwsp3:~# grep -H . /sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush (hardware accelerated)

root@ltc-wcwsp3:~# dmesg | grep count-cache-flush
[ 0.000000] count-cache-flush: hardware assisted flush sequence enabled

root@ltc-wcwsp3:~# echo x > /proc/sysrq-trigger
[ 337.227090] sysrq: SysRq : Entering xmon
cpu 0x50: Vector: 0 at [c000201bebeefae0]
    pc: c0000000000e59f8: sysrq_handle_xmon+0xc8/0xd0
    lr: c0000000000e59f8: sysrq_handle_xmon+0xc8/0xd0
    sp: c000201bebeefc40
   msr: 9000000000009033
  current = 0xc000201bebe67600
  paca = 0xc00000000fab7000 softe: 0 irq_happened: 0x01
    pid = 5129, comm = bash
Linux version 4.15.0-50-generic (buildd@bos02-ppc64el-006) (gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) #54-Ubuntu SMP Mon May 6 18:55:18 UTC 2019 (Ubuntu 4.15.0-50.54-generic 4.15.18)
enter ? for help
[c000201bebeefc70] c0000000007fbe28 __handle_sysrq+0xf8/0x2c0
[c000201bebeefd10] c0000000007fc638 write_sysrq_trigger+0x68/0x90
[c000201bebeefd40] c000000000487bc8 proc_reg_write+0x88/0xd0
[c000201bebeefd70] c0000000003da9fc __vfs_write+0x3c/0x70
[c000201bebeefd90] c0000000003dac58 vfs_write+0xd8/0x220
[c000201bebeefde0] c0000000003daf78 SyS_write+0x68/0x110
[c000201bebeefe30] c00000000000b288 system_call+0x5c/0x70
--- Exception: c01 (System Call) at 000070566a24e420
SP (7ffff6712c70) is in userspace
50:mon>
50:mon> di $_switch 20
c00000000000db00 7c0802a6 mflr r0
c00000000000db04 f8010010 std r0,16(r1)
c00000000000db08 f821fe31 stdu r1,-464(r1)
c00000000000db0c f9c100e0 std r14,224(r1)
c00000000000db10 f9e100e8 std r15,232(r1)
c00000000000db14 fa0100f0 std r16,240(r1)
c00000000000db18 fa2100f8 std r17,248(r1)
c00000000000db1c fa410100 std r18,256(r1)
c00000000000db20 fa610108 std r19,264(r1)
c00000000000db24 fa810110 std r20,272(r1)
c00000000000db28 faa10118 std r21,280(r1)
c00000000000db2c fac10120 std r22,288(r1)
c00000000000db30 fae10128 std r23,296(r1)
c00000000000db34 fb010130 std r24,304(r1)
c00000000000db38 fb210138 std r25,312(r1)
c00000000000db3c fb410140 std r26,320(r1)
c00000000000db40 fb610148 std r27,328(r1)
c00000000000db44 fb810150 std r28,336(r1)
c00000000000db48 fba10158 std r29,344(r1)
c00000000000db4c fbc10160 std r30,352(r1)
c000000000...

The Disco kernel is missing:
2b57ecd0208f ("KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char()")

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

This bug was fixed in the package linux - 5.0.0-31.33

---------------
linux (5.0.0-31.33) disco; urgency=medium

  * disco/linux: 5.0.0-31.33 -proposed tracker (LP: #1846026)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * /proc/self/maps paths missing on live session (was vlc won't start; eoan
    19.10 & bionic 18.04 ubuntu/lubuntu/kubuntu/xubuntu/ubuntu-mate dailies)
    (LP: #1842382)
    - SAUCE: Revert "UBUNTU: SAUCE: shiftfs: enable overlayfs on shiftfs"

linux (5.0.0-30.32) disco; urgency=medium

  * disco/linux: 5.0.0-30.32 -proposed tracker (LP: #1844362)

  * Disco update: upstream stable patchset 2019-08-20 (LP: #1840846)
    - Revert "e1000e: fix cyclic resets at link up with active tx"
    - e1000e: start network tx queue only when link is up
    - Input: synaptics - enable SMBUS on T480 thinkpad trackpad
    - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header
    - drivers: base: cacheinfo: Ensure cpu hotplug work is done before Intel RDT
    - firmware: improve LSM/IMA security behaviour
    - irqchip/gic-v3-its: Fix command queue pointer comparison bug
    - clk: ti: clkctrl: Fix returning uninitialized data
    - efi/bgrt: Drop BGRT status field reserved bits check
    - perf/core: Fix perf_sample_regs_user() mm check
    - ARM: dts: gemini Fix up DNS-313 compatible string
    - ARM: omap2: remove incorrect __init annotation
    - afs: Fix uninitialised spinlock afs_volume::cb_break_lock
    - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz
    - be2net: fix link failure after ethtool offline test
    - ppp: mppe: Add softdep to arc4
    - sis900: fix TX completion
    - ARM: dts: imx6ul: fix PWM[1-4] interrupts
    - pinctrl: mcp23s08: Fix add_data and irqchip_add_nested call order
    - dm table: don't copy from a NULL pointer in realloc_argv()
    - dm verity: use message limit for data block corruption message
    - x86/boot/64: Fix crash if kernel image crosses page table boundary
    - x86/boot/64: Add missing fixup_pointer() for next_early_pgt access
    - HID: chicony: add another quirk for PixArt mouse
    - pinctrl: mediatek: Ignore interrupts that are wake only during resume
    - cpu/hotplug: Fix out-of-bounds read when setting fail state
    - pinctrl: mediatek: Update cur_mask in mask/mask ops
    - linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL
    - genirq: Delay deactivation in free_irq()
    - genirq: Fix misleading synchronize_irq() documentation
    - genirq: Add optional hardware synchronization for shutdown
    - x86/ioapic: Implement irq_get_irqchip_state() callback
    - x86/irq: Handle spurious interrupt after shutdown gracefully
    - x86/irq: Seperate unused system vectors from spurious entry again
    - ARC: hide unused function unw_hdr_alloc
    - s390: fix stfle zero padding
    - s390/qdio: (re-)initialize tiqdio list entries
    - s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
    - crypto: talitos - move struct talitos_edesc into talitos.h
    - crypto: talitos - fix hash on SEC1.
    - crypto/NX: Set receive window credits to max number of CRBs in RxFIFO
    - drm/udl: introduce a macro to convert dev t...