[UBUNTU 20.04] zPCI attach/detach issues with PF/VF linking support
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
Medium
|
Skipper Bug Screeners | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Groovy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU Justification:
==================
[Impact]
* There is a zPCI attach/detach issue in combination with PF/VF linking support.
* On IBM Z with zPCI, VFs can be enabled/disabled individually with /sys/bus/
* If this was done with a VF that is linked to a parent PF, the PF symlink would become stale while the VF is disabled and
when turned back to the VF, it would not be properly linked back to the PF.
* The PF link is removed together with the whole VF directory.
* Hence for example qemu cannot be used since it relies on such links.
* Additionally there is a missing pci_dev_put() when searching for the parent PF. This potentially results in a reference count of the parent PFs that is becoming too high.
[Fix]
* 3cddb79afc60bcd
* 2f0230b2f2d5fd2
* b97bf44f99155e5
[Test Case]
* Assign a zPCI device, that is capable of handling PFs/VFs (like a RoCE adapter / Connect-X5) to a z15 or LinuxONE III LPAR (usually using the HMC).
* Enable/disable a VF with /sys/bus/
* Try to pass it through to qemu.
* The test needs to be done at IBM due to the special hardware requirements.
[Regression Potential]
* A larger subset of the zPCI files in arch/s390/pci is touched (pci_bus.{h,c}, pci_bus.c, pci.c, s390_pci_hpc.c and pci_event.c), hence there is a certain risk for regressions.
* zPCI is the s390x-specific PCI implementation and (aot) less wide spread compared to the traditional CCW hardware on s390x - no code is touched outside of arch/s390/.
* The modifications are mainly in the IOV and hotplug area of zPCI.
* So SR-IOV, like RoCE adapters, may be harmed by bugs or issues with hot-plugging PCI hardware on s390x.
* But on the other hand side that is the area where these patches fix existing problems.
* In worst case PCI events can be impacted as well, that may harm control and communication
* or changes in base pci_bus/pci code may even break zPCI entirely.
* Right now regular RoCE adapters (like Connect-X5) are currently not handled as real SR-IOV VFs in zPCI, but are treated as normal PCI devices.
* Hence these zPCI SR-IOV setup changes currently apply to PFs with SR-IOV capability only, and those are currently not yet available to customers outside IBM.
* The modifications were tested at IBM in house and a patched Ubuntu kernel was created and shared for further testing and got successfully verified (LP 1892849, comment #3).
[Other]
* This SRU depends on the SRU submitted for LP 1891437, which got already ACKed. So LP 1891437 is a prerequisite and needs to be applied before this one!
* The patches of the depending SRU and the ones here were successfully tested based on a patched Ubuntu test kernel (LP 1892849, comment #3).
* Since the above three patches got upstream accepted with 5.9-rc2, this SRU request is for Focal and Groovy.
__________
Problem description:
When a NVMe drive is assigned/hotplugged to a Linux LPAR then
a bug is hit in lib/list_debug.c. And the device is not accessible, there is no /dev/ file
and lspci does not report it also.
[ 1681.564462] list_add double add: new=00000000eed
[ 1681.564489] ------------[ cut here ]------------
[ 1681.564490] kernel BUG at lib/list_
[ 1681.564504] monitor event: 0040 ilc:2 [#1] SMP
[ 1681.564507] Modules linked in: ip6t_REJECT nf_reject_ipv6 ip6t_rpfilter ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat iptable_mangle iptable_raw iptable_security nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter s390_trng ghash_s390 prng aes_s390 des_s390 libdes sha512_s390 vfio_ccw sha1_s390 vfio_mdev mdev chsc_sch vfio_iommu_type1 eadm_sch vfio ip_tables dm_service_time nvme crc32_vx_s390 sha256_s390 sha_common nvme_core qeth_l2 zfcp qeth scsi_transport_fc qdio ccwgroup dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt
[ 1681.564534] CPU: 6 PID: 139 Comm: kmcheck Not tainted 5.8.0-rc1+ #2
[ 1681.564535] Hardware name: IBM 8561 T01 701 (LPAR)
[ 1681.564536] Krnl PSW : 0704c00180000000 000000003ffcadb8 (__list_
[ 1681.564544] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
[ 1681.564545] Krnl GPRS: 0000000000000040 0000000000000027 0000000000000058 0000000000000007
[ 1681.564546] 000000003ffcadb4 0000000000000000 0000000000000000 000003e0051a7ce0
[ 1681.564547] 000000004070a300 00000000eed0f808 00000000eed0f808 000000004070a300
[ 1681.564548] 00000000f56a2000 0000000040c2c788 000000003ffcadb4 000003e0051a7bc8
[ 1681.564583] Krnl Code: 000000003ffcada8: c02000302b09 larl %r2,00000000405
[ 1681.564592] Call Trace:
[ 1681.564594] [<000000003ffca
[ 1681.564596] ([<000000003ffc
[ 1681.564599] [<000000003faf2
[ 1681.564601] [<000000003faf7
[ 1681.564605] [<0000000040367
[ 1681.564607] [<000000004036f
[ 1681.564610] [<000000003fb2a
[ 1681.564613] [<00000000403a5
[ 1681.564614] Last Breaking-
[ 1681.564618] [<000000003fb70
[ 1681.564620] ---[ end trace 7ea67c348aa67e14 ]---
uname:
Linux t83lp49.lnxne.boe 5.8.0-rc1+ #2 SMP Thu Jun 18 12:38:02 CEST 2020 s390x s390x s390x GNU/Linux
How to reproduce:
1. Unassign a NVMe drive in HMC from your LPAR
2. Reassign it to your LPAR again
3. dmesg
=======
The issue with VF attach/detach is with the fact that
on IBM Z VFs can be enabled/disabled individually using
echo 0 > /sys/bus/
If this was done with a VF linked to a parent PF the
symlink in the parent (/sys/bus/
would become stale while the VF is disabled and
when turned back on the VF would not get linked to the PF
again and so could not be used e.g. with QEMU which
relies on the links.
Similarly stale virtfn links could remain after
removing VFs through.
echo 0 > /sys/bus/
Furthermore there was a missing pci_dev_put() when
searching for the parent PF potentially resulting
in a too high reference count of the parent PFs.
This has been fixed upstream and in 5.8 stable
with the following 3 upstream commits:
3cddb79afc60bcd
2f0230b2f2d5fd2
b97bf44f99155e5
These should apply cleanly after applying
b76fee1bc56c31a
from Bug 1891437.
CVE References
tags: | added: architecture-s39064 bugnameltc-186885 severity-medium targetmilestone-inin20041 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
Changed in ubuntu-z-systems: | |
importance: | Undecided → Medium |
Changed in ubuntu-z-systems: | |
status: | New → Triaged |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
Changed in linux (Ubuntu): | |
assignee: | Skipper Bug Screeners (skipper-screen-team) → Frank Heimes (fheimes) |
description: | updated |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
------- Comment From <email address hidden> 2020-08-25 07:26 EDT-------
Please ignore the Stacktrace and entire first part of the Bug Description.
We originally had this as one Bug together with what is now
LaunchPad 1891437 and this was erroneously mirrored.
The Bug is entirely described in my previous comment.