accessing /dev/hvc1 with stress-ng on Ubuntu xenial causes crash
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
Colin Ian King | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[SRU REQUEST][XENIAL]
When running stress-ng --dev stressor accessing /dev/hvc1 causes the stressor to lock up and never terminal.
[FIX]
Upstream commmit:From bbc3dfe8805de86
From: Sam Mendoza-Jonas <email address hidden>
Date: Mon, 11 Jul 2016 13:38:57 +1000
Subject: [PATCH] tty/hvc: Use IRQF_SHARED for OPAL hvc consoles
[TESTING]
Without the fix, stress-ng --dev run as root hangs, and one gets an irq failed error and an oops:
[ 2096.476610] hvc_open: request_irq failed with rc -16.
[ 2096.476634] Unable to handle kernel paging request for data at address 0x000000a8
[ 2096.476641] Faulting instruction address: 0xc000000000b0d8a4
[ 2096.476647] Oops: Kernel access of bad area, sig: 11 [#1]
[ 2096.476650] SMP NR_CPUS=2048 NUMA PowerNV
With the fix, the stressor runs w/o any issues
[REGRESSION POTENTIAL]
This is specific to one driver for ppc64el, so the risk potential is limited. The fix has limited regression potential as it essentially marks a flag to allow interrupt to be shared and fundamentally this is a very minor change to the interrupt handling functionality in the driver.
-------
stress-ng run as root, --dev stressor, accessing /dev/hvc1:
[ 2096.476610] hvc_open: request_irq failed with rc -16.
[ 2096.476634] Unable to handle kernel paging request for data at address 0x000000a8
[ 2096.476641] Faulting instruction address: 0xc000000000b0d8a4
[ 2096.476647] Oops: Kernel access of bad area, sig: 11 [#1]
[ 2096.476650] SMP NR_CPUS=2048 NUMA PowerNV
[ 2096.476657] Modules linked in: kvm_hv kvm_pr kvm cuse userio hci_vhci bluetooth uhid hid vhost_net vhost macvtap macvlan snd_seq snd_seq_device snd_timer snd soundcore ipmi_powernv ipmi_msghandler vmx_crypto leds_powernv uio_pdrv_genirq uio powernv_rng ibmpowernv ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_
[ 2096.476718] CPU: 74 PID: 23074 Comm: stress-ng-dev Not tainted 4.4.0-92-generic #115-Ubuntu
[ 2096.476724] task: c000000fe8499030 ti: c000000f0fa0c000 task.ti: c000000f0fa0c000
[ 2096.476728] NIP: c000000000b0d8a4 LR: c00000000069648c CTR: c000000000696450
[ 2096.476732] REGS: c000000f0fa0f6b0 TRAP: 0300 Not tainted (4.4.0-92-generic)
[ 2096.476736] MSR: 9000000000009033 <SF,HV,
[ 2096.476749] CFAR: c000000000008468 DAR: 00000000000000a8 DSISR: 40000000 SOFTE: 0
[ 2096.476805] NIP [c000000000b0d8a4] _raw_spin_
[ 2096.476812] LR [c00000000069648c] hvc_open+0x3c/0x1a0
[ 2096.476815] Call Trace:
[ 2096.476818] [c000000f0fa0f930] [c000000f0fa0f970] 0xc000000f0fa0f970 (unreliable)
[ 2096.476824] [c000000f0fa0f970] [c00000000069648c] hvc_open+0x3c/0x1a0
[ 2096.476829] [c000000f0fa0f9f0] [c00000000066c514] tty_open+
[ 2096.476836] [c000000f0fa0fa90] [c0000000002ec234] chrdev_
[ 2096.476841] [c000000f0fa0faf0] [c0000000002e1480] do_dentry_
[ 2096.476846] [c000000f0fa0fb50] [c0000000002f9aa8] do_last+0x178/0xff0
[ 2096.476851] [c000000f0fa0fc10] [c0000000002fab3c] path_openat+
[ 2096.476857] [c000000f0fa0fc90] [c0000000002fca5c] do_filp_
[ 2096.476861] [c000000f0fa0fdb0] [c0000000002e3270] do_sys_
[ 2096.476867] [c000000f0fa0fe30] [c000000000009204] system_
[ 2096.476870] Instruction dump:
[ 2096.476873] fbe1fff8 f8010010 f821ffc1 7c7f1b78 60000000 60000000 39200000 8bcd02ca
[ 2096.476881] 992d02ca 39400000 994d02cc 814d0008 <7d20f829> 2c090000 40c20010 7d40f92d
[ 2096.476893] ---[ end trace c902066e4cc54f9e ]---
CVE References
Changed in linux (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Colin Ian King (colin-king) |
summary: |
- accessing /dev/hvc1 with stress-ng on Ubuntu xenia causes crash + accessing /dev/hvc1 with stress-ng on Ubuntu xenial causes crash |
Changed in linux (Ubuntu Xenial): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu Xenial): | |
status: | Fix Committed → Fix Released |
status: | Fix Released → Fix Committed |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Released |
Device is OK with 4.12, however, with 4.12 we get another issue:
[ 3996.652718] INFO: rcu_sched self-detected stall on CPU 140000000000002 /0 softirq=5179/5179 fqs=2475 task+0xd4/ 0x150 (unreliable) cpu_stacks+ 0xd0/0x134 callbacks+ 0x8a0/0xb10 process_ times+0x48/ 0x90 handle. isra.8+ 0x30/0xb0 timer+0x64/ 0xd0 run_queues+ 0x144/0x370 interrupt+ 0xfc/0x350 interrupt+ 0x88/0x250 +0x90/0xe0 check_irq_ replay+ 0x54/0x70 irq_restore+ 0x74/0x90
LR = arch_local_ irq_restore+ 0x74/0x90 interrupt+ 0x190/0x350 (unreliable) 0xcc/0x41c +0x94/0xe0 check_irq_ replay+ 0x54/0x70 base+0x70/ 0x100
LR = schedule_ timeout+ 0x334/0x420 timeout+ 0x334/0x420 kernel_ thread+ 0x5c/0x74 iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear dm_round_robin ses enclosure scsi_transport_sas crct10dif_vpmsum crc32c_vpmsum tg3 ipr scsi_dh_emc scsi_dh_rdac scsi_dh_alua dm_multipath
[ 3996.652730] 23-...: (1 GPs behind) idle=73a/
[ 3996.652735] (t=5250 jiffies g=6889 c=6888 q=189)
[ 3996.652748] Task dump for CPU 23:
[ 3996.652749] kopald S 0 975 2 0x00000804
[ 3996.652752] Call Trace:
[ 3996.652759] [c000000fefafb0b0] [c000000000135a24] sched_show_
[ 3996.652763] [c000000fefafb120] [c000000000c36b3c] rcu_dump_
[ 3996.652767] [c000000fefafb170] [c0000000001867a0] rcu_check_
[ 3996.652769] [c000000fefafb2a0] [c000000000192958] update_
[ 3996.652773] [c000000fefafb2d0] [c0000000001a9f60] tick_sched_
[ 3996.652775] [c000000fefafb300] [c0000000001aa044] tick_sched_
[ 3996.652778] [c000000fefafb340] [c000000000193424] __hrtimer_
[ 3996.652780] [c000000fefafb3c0] [c00000000019449c] hrtimer_
[ 3996.652784] [c000000fefafb490] [c000000000024658] __timer_
[ 3996.652787] [c000000fefafb4e0] [c000000000024a30] timer_interrupt
[ 3996.652791] [c000000fefafb510] [c00000000000b6e0] restore_
[ 3996.652795] --- interrupt: 901 at arch_local_
[ 3996.652797] [c000000fefafb800] [c000000000194530] hrtimer_
[ 3996.652801] [c000000fefafb820] [c000000000c3298c] __do_softirq+
[ 3996.652804] [c000000fefafb900] [c0000000000fafa8] irq_exit+0xe8/0x120
[ 3996.652807] [c000000fefafb920] [c000000000024a34] timer_interrupt
[ 3996.652810] [c000000fefafb950] [c00000000000b6e0] restore_
[ 3996.652815] --- interrupt: 901 at lock_timer_
[ 3996.652817] [c000000fefafbc40] [0000000000000001] 0x1 (unreliable)
[ 3996.652821] [c000000fefafbca0] [c000000000c30a14] schedule_
[ 3996.652824] [c000000fefafbd80] [c000000000095bf0] kopald+0x90/0xe0
[ 3996.652827] [c000000fefafbdc0] [c0000000001214cc] kthread+0x1ac/0x1c0
[ 3996.652831] [c000000fefafbe30] [c00000000000b2e8] ret_from_
[ 4000.060643] NMI watchdog: BUG: soft lockup - CPU#23 stuck for 23s! [kopald:975]
[ 4000.060653] Modules linked in: kvm_hv kvm_pr kvm cuse userio hci_vhci bluetooth ecdh_generic uhid hid vhost_net vhost tap snd_seq snd_seq_device snd_timer snd soundcore powernv_op_panel uio_pdrv_genirq ipmi_powernv ipmi_devintf powernv_rng leds_powernv ibmpowernv vmx_crypto ipmi_msghandler uio ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_
[ 4000.060735] CPU: 23 PID: 975 Comm: kopald Not tainted 4.12.0-11-generic #12
[ 4000...