4.4 kernel panics in kvm wake_up() handler
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Description]
User reported that 4.4 kernels are affected by the bug in [1].
The bug presents itself with the following trace :
[219901.424329] CPU: 19 PID: 0 Comm: swapper/19 Tainted: G OE 4.4.0-133-generic #159~14.04.1-Ubuntu
[219901.441800] task: ffff885f62e63fc0 ti: ffff885f62e7c000 task.ti: ffff885f62e7c000
[219901.449408] RIP: 0010:[<
[219901.458791] RSP: 0018:ffff885f7c
[219901.464217] RAX: ffff885f7c040000 RBX: dead0000000000b8 RCX: ffff885f7c0586c0
[219901.471480] RDX: dead000000000100 RSI: 0000000000000000 RDI: ffff885f7c0586b0
[219901.478741] RBP: ffff885f7c043f90 R08: 0000000000000000 R09: 0000c7ffc2ec9069
[219901.486003] R10: 0000000000000494 R11: ffff885f7c057370 R12: 00000000000186b0
[219901.493267] R13: 0000000000000013 R14: 00000000000186c0 R15: ffff885f62e7c000
[219901.500528] FS: 000000000000000
[219901.511738] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[219901.517597] CR2: 00007f6d57098000 CR3: 0000003183dfe000 CR4: 0000000000362670
[219901.524860] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[219901.532121] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[219901.539384] Stack:
[219901.541509] 0000000000000000 0000000000000013 0000000000000000 0000000000000000
[219901.549120] ffff885f7c043fa8 ffffffff8102fa99 ffffffff81f40200 ffff885f62e7fe98
[219901.556747] ffffffff8182131f ffff885f62e7fde8 <EOI> ffff885f62e7c000 0000000000000000
[219901.565006] Call Trace:
[219901.567567] <IRQ>
[219901.569592] [<ffffffff8102f
[219901.576795] [<ffffffff81821
[219901.583431] <EOI>
[219901.585456] [<ffffffff81037
[219901.591621] [<ffffffff81064
[219901.597479] [<ffffffff81037
[219901.602900] [<ffffffff81038
[219901.608416] [<ffffffff810c3
[219901.614270] [<ffffffff810c4
[219901.620305] [<ffffffff81050
The root cause is blocked_vcpu_on_cpu list is corrupted.
This bug is fixed with the patchset found in [2].
Only the first 3 (out of 4) of them have made their way in upstream kernel and
are the ones needed to fix the bug.
[Test case]
It was not possible to reproduce this bug locally.
A test kernel with the fixing patches has been provided to the user and they confirmed that it resolves the issue.
[Regression Potential]
The patches have been accepted upstream in 4.14 and so far there are no known regressions.
Backporting the patches was necessary; original patches modify pi_pre/post_block functions which are not present in 4.4.
These functions are introduced by upstream commit bc22512bb24c(kvm: vmx: rename vmx_pre/post_block to pi_pre/post_block).
Appropriate changes where made for the patches to modify vmx_pre/post_block function without changing the functionality of the patches.
Testing has not revealed any regressions.
[Other]
Only 4.4 kernels are affected.
[1] https:/
[2] https://<email address hidden>/
CVE References
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
Changed in linux (Ubuntu Xenial): | |
status: | Incomplete → Confirmed |
description: | updated |
Changed in linux (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in linux (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Xenial): | |
status: | Confirmed → Fix Committed |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1908428
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.