[Pkg-xen-devel] Bug#810379: [Xen-devel] [BUG] pci-passthrough generates "xen:events: Failed to obtain physical IRQ" for some devices

Ian Campbell ian.campbell at citrix.com
Mon Feb 1 10:43:46 UTC 2016 

On Sat, 2016-01-30 at 14:18 +0100, Tommi Airikka wrote:
> 
> 
> On Wed, Jan 27, 2016 at 7:30 PM, Konrad Rzeszutek Wilk <konrad.wilk at oracl
> e.com> wrote:
> > On Sat, Jan 23, 2016 at 05:12:04PM +0100, Tommi Airikka wrote:
> > > Xen developers,
> > >
> > > After an upgrade of my Debian Jessie dom0 and domUs, my passthroughed
> > > NIC stopped working.
> > > This bug was probably introduced in Debian Jessie sometime
> > > between 2015-12-30 and 2016-01-08 as 2015-12-30 as 2015-12-30 was the
> > > last time I upgraded without any problems according to my dpkg.log.
> > 
> > This upgrade looks to only have upgraded the hypervisor?
> > 
> > As in I see:
> > 
> > domU "bug" "uname -a":
> > Linux bug 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-
> > 02)
> > x86_64 GNU/Linux
> > 
> > domU "working" "uname -a":
> > Linux working 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2
> > (2016-01-02) x86_64 GNU/Linux
> > 
> > So same version? What was the earlier version of the hypervisor?
> I forgot to mention that I use apt-dater to upgrade both dom0 and domUs
> at the same time. domU "bug" was created for debugging purposes just a
> couple of hours after I used apt-dater and realized that there's
> something wrong with the pci passthrough. domU "bug" and domU "working"
> should have relatively similar software state.
> 
> According to dom0 dpkg.log, the xen-hypervisor-4.4-amd64 (version "4.4.1-
> 9+deb8u3") has been untouched since 2015-12-21.
> linux-image-3.16.0-4-amd64 was upgraded from "3.16.7-ckt20-1+deb8u1" to
> "3.16.7-ckt20-1+deb8u2" at the point of time when pci passthrough stopped
> working.
>  
> >  
> > The Xen version you have says:
> > > (XEN) I/O virtualisation disabled
> > 
> > Which is not very healthy for PCI passthrough. Albeit you can do
> > it with PV without IOMMU. Did the previous version of Xen have the same
> > message?
> I downgraded linux-image on dom0:
> dpkg -i linux-image-3.16.0-4-amd64_3.16.7-ckt20-1+deb8u1_amd64.deb
> 
> and now the pci passthrough seems to work!

The Debian changelog entry for the update says:

linux (3.16.7-ckt20-1+deb8u2) jessie-security; urgency=medium

  * [xen] Fix race conditions in back-end drivers (CVE-2015-8550, XSA-155)
  * [xen] pciback: Fix state validation in MSI control operations
    (CVE-2015-8551, CVE-2015-8852, XSA-157)
  * pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (CVE-2015-8569)
  * bluetooth: Validate socket address length in sco_sock_bind() (CVE-2015-8575)
  * ptrace: being capable wrt a process requires mapped uids/gids
    (CVE-2015-8709)
  * KEYS: Fix race between read and revoke (CVE-2015-7550)
  * [x86] KVM: Reload pit counters for all channels when restoring state
    (CVE-2015-7513)
  * udp: properly support MSG_PEEK with truncated buffers
    (Closes: #808293, regression in 3.16.7-ckt17)
  * Revert "xhci: don't finish a TD if we get a short transfer event mid TD"
    (Closes: #808602, #808953, regression in 3.16.7-ckt20)

The second bullet looks at first pretty interesting from this PoV,
see http://xenbits.xen.org/xsa/advisory-157.html for info on the XSA and
the various patches. Konrad is on the CC already so hopefully he has some
ideas.

I've attached the full Debian package diff from deb8u1 to u2, which has the
backported patches in it. Most of them (and all the Xen ones) have an
Origin header pointing to the upstream commit, looks like all of XSA-157
was applied and all but one (scsiback, not in this kernel) of XSA-155:

+Subject: [1/7] xen: Add RING_COPY_REQUEST()
+Origin: https://git.kernel.org/linus/454d5d882c7e412b840e3c99010fe81a9862f6fb
+Subject: [2/7] xen-netback: don't use last request to determine minimum Tx
+Origin: https://git.kernel.org/linus/0f589967a73f1f30ab4ac4dd9ce0bb399b4d6357
+Subject: [3/7] xen-netback: use RING_COPY_REQUEST() throughout
+Origin: https://git.kernel.org/linus/68a33bfd8403e4e22847165d149823a2e0e67c9c
+Subject: [4/7] xen-blkback: only read request operation from shared ring once
+Origin: https://git.kernel.org/linus/1f13d75ccb806260079e0679d55d9253e370ec8a
+Subject: [5/7] xen-blkback: read from indirect descriptors only once
+Origin: https://git.kernel.org/linus/18779149101c0dd43ded43669ae2a92d21b6f9cb
+Subject: [7/7] xen/pciback: Save xen_pci_op commands before processing it
+Origin: https://git.kernel.org/linus/8135cf8b092723dbfcc611fe6fdcb3a36c9951c5

+Subject: [1/5] xen/pciback: Return error on XEN_PCI_OP_enable_msi when device
+Origin: https://git.kernel.org/linus/56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d
+Subject: [2/5] xen/pciback: Return error on XEN_PCI_OP_enable_msix when device
+Origin: https://git.kernel.org/linus/5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9
+Subject: [3/5] xen/pciback: Do not install an IRQ handler for MSI interrupts.
+Origin: https://git.kernel.org/linus/a396f3a210c3a61e94d6b87ec05a75d0be2a60d0
+Subject: [4/5] xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if
+Origin: https://git.kernel.org/linus/7cfb905b9638982862f0331b36ccaaca5d383b49
+Subject: [5/5] xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not
+Origin: https://git.kernel.org/linus/408fb0e5aa7fda0059db282ff58c3b2a4278baa0

Ian.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3.16.7-ckt20-1+deb8u1-to-3.16.7-ckt20-1+deb8u2.diff
Type: text/x-patch
Size: 56983 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20160201/e0474220/attachment-0001.bin>

More information about the Pkg-xen-devel mailing list