[systemd-bugs] [Bug 90262] New: GHES/AEPI kernel panic when a network device is detected (on rare PCIe hardware)

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Thu Apr 30 17:01:06 PDT 2015 

https://bugs.freedesktop.org/show_bug.cgi?id=90262

            Bug ID: 90262
           Summary: GHES/AEPI kernel panic when a network device is
                    detected (on rare PCIe hardware)
           Product: systemd
           Version: unspecified
          Hardware: x86-64 (AMD64)
                OS: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: systemd-bugs at lists.freedesktop.org
          Reporter: jason.mcmullan at gmail.com
        QA Contact: systemd-bugs at lists.freedesktop.org

Created attachment 115490
  --> https://bugs.freedesktop.org/attachment.cgi?id=115490&action=edit
systemd-stable/v208 udev net_id PCIe config read patch

Due to fread() buffering when fetching the PCIe config space, some
rare PCIe hardware will generate a PCIe Completion Timeout when
unknown PCIe config space values are read, causing a kernel panic
on Dell r720/r730 and other systems which have AEPI/GHES reporting
enabled in the Linux kernel and motherboard BIOS.

The original code in src/udev/udev-builtin-net_id.c used fread(),
which on some libc implementations (ie glibc 2.17) would pre-read
a full 4K (PAGE_SIZE) of the PCI config space, when only 64 bytes
were requested.

I have recently come across PCIe hardware which responds with
Completion Timeouts when accesses above 256 bytes are attempted.

This can cause server systems - such as the Dell r720/r730 - that
have GHES/AEPI support to cause an immediate kernel panic due to
the failed PCI transaction.

Attached are patches against systemd-stable/v208 (the version that
I originally found the issue in) and systemd/master (head of line)
which correct this issue by using read() instead of fread().

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20150501/5648b049/attachment.html>

More information about the systemd-bugs mailing list