[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [BUG] pci-passthrough generates "xen:events: Failed to obtain physical IRQ" for some devices



On Sat, 2016-01-30 at 14:18 +0100, Tommi Airikka wrote:
> 
> 
> On Wed, Jan 27, 2016 at 7:30 PM, Konrad Rzeszutek Wilk <konrad.wilk@oracl
> e.com> wrote:
> > On Sat, Jan 23, 2016 at 05:12:04PM +0100, Tommi Airikka wrote:
> > > Xen developers,
> > >
> > > After an upgrade of my Debian Jessie dom0 and domUs, my passthroughed
> > > NIC stopped working.
> > > This bug was probably introduced in Debian Jessie sometime
> > > between 2015-12-30 and 2016-01-08 as 2015-12-30 as 2015-12-30 was the
> > > last time I upgraded without any problems according to my dpkg.log.
> > 
> > This upgrade looks to only have upgraded the hypervisor?
> > 
> > As in I see:
> > 
> > domU "bug" "uname -a":
> > Linux bug 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-
> > 02)
> > x86_64 GNU/Linux
> > 
> > domU "working" "uname -a":
> > Linux working 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2
> > (2016-01-02) x86_64 GNU/Linux
> > 
> > So same version? What was the earlier version of the hypervisor?
> I forgot to mention that I use apt-dater to upgrade both dom0 and domUs
> at the same time. domU "bug" was created for debugging purposes just a
> couple of hours after I used apt-dater and realized that there's
> something wrong with the pci passthrough. domU "bug" and domU "working"
> should have relatively similar software state.
> 
> According to dom0 dpkg.log, the xen-hypervisor-4.4-amd64 (version "4.4.1-
> 9+deb8u3") has been untouched since 2015-12-21.
> linux-image-3.16.0-4-amd64 was upgraded from "3.16.7-ckt20-1+deb8u1" to
> "3.16.7-ckt20-1+deb8u2" at the point of time when pci passthrough stopped
> working.
> Â
> > Â
> > The Xen version you have says:
> > > (XEN) I/O virtualisation disabled
> > 
> > Which is not very healthy for PCI passthrough. Albeit you can do
> > it with PV without IOMMU. Did the previous version of Xen have the same
> > message?
> I downgraded linux-image on dom0:
> dpkg -i linux-image-3.16.0-4-amd64_3.16.7-ckt20-1+deb8u1_amd64.deb
> 
> and now the pci passthrough seems to work!

The Debian changelog entry for the update says:

linux (3.16.7-ckt20-1+deb8u2) jessie-security; urgency=medium

ÂÂ* [xen] Fix race conditions in back-end drivers (CVE-2015-8550, XSA-155)
ÂÂ* [xen] pciback: Fix state validation in MSI control operations
ÂÂÂÂ(CVE-2015-8551, CVE-2015-8852, XSA-157)
ÂÂ* pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (CVE-2015-8569)
ÂÂ* bluetooth: Validate socket address length in sco_sock_bind() (CVE-2015-8575)
ÂÂ* ptrace: being capable wrt a process requires mapped uids/gids
ÂÂÂÂ(CVE-2015-8709)
ÂÂ* KEYS: Fix race between read and revoke (CVE-2015-7550)
ÂÂ* [x86] KVM: Reload pit counters for all channels when restoring state
ÂÂÂÂ(CVE-2015-7513)
ÂÂ* udp: properly support MSG_PEEK with truncated buffers
ÂÂÂÂ(Closes: #808293, regression in 3.16.7-ckt17)
ÂÂ* Revert "xhci: don't finish a TD if we get a short transfer event mid TD"
ÂÂÂÂ(Closes: #808602, #808953, regression in 3.16.7-ckt20)

The second bullet looks at first pretty interesting from this PoV,
seeÂhttp://xenbits.xen.org/xsa/advisory-157.htmlÂfor info on the XSA and
the various patches. Konrad is on the CC already so hopefully he has some
ideas.

I've attached the full Debian package diff from deb8u1 to u2, which has the
backported patches in it. Most of them (and all the Xen ones) have an
Origin header pointing to the upstream commit, looks like all of XSA-157
was applied and all but one (scsiback, not in this kernel) of XSA-155:

+Subject: [1/7] xen: Add RING_COPY_REQUEST()
+Origin: https://git.kernel.org/linus/454d5d882c7e412b840e3c99010fe81a9862f6fb
+Subject: [2/7] xen-netback: don't use last request to determine minimum Tx
+Origin: https://git.kernel.org/linus/0f589967a73f1f30ab4ac4dd9ce0bb399b4d6357
+Subject: [3/7] xen-netback: use RING_COPY_REQUEST() throughout
+Origin: https://git.kernel.org/linus/68a33bfd8403e4e22847165d149823a2e0e67c9c
+Subject: [4/7] xen-blkback: only read request operation from shared ring once
+Origin: https://git.kernel.org/linus/1f13d75ccb806260079e0679d55d9253e370ec8a
+Subject: [5/7] xen-blkback: read from indirect descriptors only once
+Origin: https://git.kernel.org/linus/18779149101c0dd43ded43669ae2a92d21b6f9cb
+Subject: [7/7] xen/pciback: Save xen_pci_op commands before processing it
+Origin: https://git.kernel.org/linus/8135cf8b092723dbfcc611fe6fdcb3a36c9951c5

+Subject: [1/5] xen/pciback: Return error on XEN_PCI_OP_enable_msi when device
+Origin: https://git.kernel.org/linus/56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d
+Subject: [2/5] xen/pciback: Return error on XEN_PCI_OP_enable_msix when device
+Origin: https://git.kernel.org/linus/5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9
+Subject: [3/5] xen/pciback: Do not install an IRQ handler for MSI interrupts.
+Origin: https://git.kernel.org/linus/a396f3a210c3a61e94d6b87ec05a75d0be2a60d0
+Subject: [4/5] xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if
+Origin: https://git.kernel.org/linus/7cfb905b9638982862f0331b36ccaaca5d383b49
+Subject: [5/5] xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not
+Origin: https://git.kernel.org/linus/408fb0e5aa7fda0059db282ff58c3b2a4278baa0

Ian.

Attachment: 3.16.7-ckt20-1+deb8u1-to-3.16.7-ckt20-1+deb8u2.diff
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.