Ubuntu
linux package

clock: overriding the clocksource should select the requested clocksource

Bug #1894591 reported by Matthew Ruffell on 2020-09-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	Undecided	Unassigned
	Xenial	Fix Released	Medium	Matthew Ruffell

Bug Description

BugLink: https://bugs.launchpad.net/bugs/1894591

[Impact]

The default clocksource for a KVM VM is kvm-clock, and I happen to need tsc.

$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
kvm-clock

If I edit /etc/default/grub and append "clocksource=tsc" to GRUB_CMDLINE_LINUX_DEFAULT and reboot, I find the clocksource is still kvm-clock.

$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
kvm-clock

I can work around this by telling the kernel that the tsc clocksource is reliable, before the watchdog has a chance to see for itself that it is reliable:

GRUB_CMDLINE_LINUX_DEFAULT="clocksource=tsc tsc=reliable"

$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
tsc

If I override the clocksource, the kernel should respect my wishes and I should receive the requested clocksource.

[Fix]

The fix landed in Linux 4.9 in the below commit:

commit 36374583f9084cdab4b5dcf5521a3ce55bebb9fa
Author: Kyle Walker <email address hidden>
Date: Sat Aug 6 12:07:30 2016 -0400
Subject: clocksource: Defer override invalidation unless clock is unstable
Link: https://github.com/torvalds/linux/commit/36374583f9084cdab4b5dcf5521a3ce55bebb9fa

The commit ensures the override doesn't get cleared before the watchdog has had an opportunity to check if the clocksource is stable or not. However, if the clocksource is known to be unstable at this point in time, it will clear the override and return to the default.

This is a clean cherry-pick to the Xenial 4.4 kernel.

[Testcase]

Start up a KVM VM, possibly enable invtsc on the QEMU command line.

The default clocksource will be kvm-clock:

$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
kvm-clock

If you set the kernel command line to:

GRUB_CMDLINE_LINUX_DEFAULT="clocksource=tsc"

If you reboot, you will see the incorrect option of kvm-clock:

$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
kvm-clock

There is a test kernel available in the below ppa, with the commit applied:

https://launchpad.net/~mruffell/+archive/ubuntu/sf291501-test

If you install the test kernel, and leave the kernel command line as:

GRUB_CMDLINE_LINUX_DEFAULT="clocksource=tsc"

You will get the requested clocksource:

$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
tsc

You will also get the following in dmesg:

$ dmesg | grep defer
[ 1.002599] clocksource: Override clocksource tsc is not currently HRT compatible - deferring

[Regression Potential]

This commit changes how the kernel treats clocksource overrides. If any users have an override set, but the kernel is clearing the override and returning to the default, when they install a patched kernel, they will change over to their requested override, which may come as a surprise.

If there is a regression, it will only affect systems who have clocksource overrides in place, and in the worst case, will revert the system to its default clocksource if the selected clocksource override is found to be unstable.

The commit is well tested, and should not cause any regressions.

See original description

Tags:

CVE References

Matthew Ruffell (mruffell) on 2020-09-07

Changed in linux (Ubuntu Xenial):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Matthew Ruffell (mruffell)
description:	updated
tags:	added: sts
Changed in linux (Ubuntu):
status:	New → Fix Released

Matthew Ruffell (mruffell) on 2020-09-07

description:

updated

William Breathitt Gray (vilhelm-gray) on 2020-09-17

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-09-22:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial

Revision history for this message

Matthew Ruffell (mruffell) wrote on 2020-09-22:

Performing verification:

First, reproducing on older kernel:

$ uname -rv
4.4.0-190-generic #220-Ubuntu SMP Fri Aug 28 23:02:15 UTC 2020
$ grep "clocksource" /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="clocksource=tsc"
$ cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-4.4.0-190-generic root=UUID=f6c72a0a-003a-4b81-9550-ba49a547e32d ro clocksource=tsc
$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
kvm-clock

kvm-clock is the default, even though we explicitly asked for tsc. We can reproduce.

Now, I enabled -proposed and installed 4.4.0-191-generic:

$ uname -rv
4.4.0-191-generic #221-Ubuntu SMP Fri Sep 18 13:34:04 UTC 2020
$ grep "clocksource" /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="clocksource=tsc"
$ cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-4.4.0-191-generic root=UUID=f6c72a0a-003a-4b81-9550-ba49a547e32d ro clocksource=tsc
$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
tsc
$ dmesg | grep defer
[ 0.870439] clocksource: Override clocksource tsc is not currently HRT compatible - deferring

We have our requested clocksource, tsc, and we did not need to force override the reliability checks from the watchdog.

The kernel in -proposed, 4.4.0-191-generic, fixes the problem, and I am happy to mark the bug verified.

tags:

added: verification-done-xenial
removed: verification-needed-xenial

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-10-13:

Download full text (11.7 KiB)

This bug was fixed in the package linux - 4.4.0-193.224

---------------
linux (4.4.0-193.224) xenial; urgency=medium

* CVE-2020-16119
- SAUCE: dccp: avoid double free of ccid on child socket

linux (4.4.0-192.222) xenial; urgency=medium

* xenial/linux: 4.4.0-192.222 -proposed tracker (LP: #1897734)

* mwifiex stops working after kernel upgrade (LP: #1897299)
- mwifiex: Increase AES key storage size to 256 bits

  * xenial 4.4.0-191-generic in -proposed has a regression (LP: #1896725)
    - Revert "XEN uses irqdesc::irq_data_common::handler_data to store a per
      interrupt XEN data pointer which contains XEN specific information."

linux (4.4.0-191.221) xenial; urgency=medium

* xenial/linux: 4.4.0-191.221 -proposed tracker (LP: #1896067)

* Novalink (mkvterm command failure) (LP: #1892546)
- tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()

This bug was fixed in the package linux - 4.4.0-193.224

---------------
linux (4.4.0-193.224) xenial; urgency=medium

* CVE-2020-16119
    - SAUCE: dccp: avoid double free of ccid on child socket

linux (4.4.0-192.222) xenial; urgency=medium

* xenial/linux: 4.4.0-192.222 -proposed tracker (LP: #1897734)

* mwifiex stops working after kernel upgrade (LP: #1897299)
    - mwifiex: Increase AES key storage size to 256 bits

linux (4.4.0-191.221) xenial; urgency=medium

* xenial/linux: 4.4.0-191.221 -proposed tracker (LP: #1896067)

* Novalink (mkvterm command failure) (LP: #1892546)
    - tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()

* Xenial update: v4.4.236 upstream stable release (LP: #1895891)
    - HID: core: Correctly handle ReportSize being zero
    - HID: core: Sanitize event code and type when mapping input
    - perf record/stat: Explicitly call out event modifiers in the documentation
    - mm, page_alloc: remove unnecessary variable from free_pcppages_bulk
    - hwmon: (applesmc) check status earlier.
    - ceph: don't allow setlease on cephfs
    - s390: don't trace preemption in percpu macros
    - xen/xenbus: Fix granting of vmalloc'd memory
    - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
    - batman-adv: Avoid uninitialized chaddr when handling DHCP
    - batman-adv: bla: use netif_rx_ni when not in interrupt context
    - dmaengine: at_hdmac: check return value of of_find_device_by_node() in
      at_dma_xlate()
    - netfilter: nf_tables: incorrect enum nft_list_attributes definition
    - netfilter: nf_tables: fix destination register zeroing
    - dmaengine: pl330: Fix burst length if burst size is smaller than bus width
    - bnxt_en: Check for zero dir entries in NVRAM.
    - fix regression in "epoll: Keep a reference on files added to the check list"
    - tg3: Fix soft lockup when tg3_reset_task() fails.
    - iommu/vt-d: Serialize IOMMU GCMD register modifications
    - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
    - include/linux/log2.h: add missing () around n in roundup_pow_of_two()
    - btrfs: drop path before adding new uuid tree entry
    - btrfs: Remove redundant extent_buffer_get in get_old_root
    - btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind
    - btrfs: set the lockdep class for log tree extent buffers
    - uaccess: Add non-pagefault user-space read functions
    - uaccess: Add non-pagefault user-space write function
    - btrfs: fix potential deadlock in the search ioctl
    - net: qmi_wwan: MDM9x30 specific power management
    - net: qmi_wwan: support "raw IP" mode
    - net: qmi_wwan: should hold RTNL while changing netdev type
    - net: qmi_wwan: ignore bogus CDC Union descriptors
    - Add Dell Wireless 5809e Gobi 4G HSPA+ Mobile Broadband Card (rev3) to
      qmi_wwan
    - qmi_wwan: Added support for Gemalto's Cinterion PHxx WWAN interface
    - qmi_wwan: add support for Quectel EC21 and EC25
    - NET: usb: qmi_wwan: add support for Telit LE922A PID 0x1040
    - drivers: net: usb: qmi_wwan: add QMI_QUIRK_SET_DTR for Telit PID 0x1201
    - usb: qmi_wwan: add D-Link DWM-222 A2 device ID
    - net: usb: qmi_wwan: add Telit ME910 support
    - net: usb: qmi_wwan: add Telit 0x1050 composition
    - ALSA: ca0106: fix error code handling
    - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
    - dm cache metadata: Avoid returning cmd->bm wild pointer on error
    - dm thin metadata: Avoid returning cmd->bm wild pointer on error
    - net: refactor bind_bucket fastreuse into helper
    - net: initialize fastreuse on inet_inherit_port
    - checkpatch: fix the usage of capture group ( ... )
    - mm/hugetlb: fix a race between hugetlb sysctl handlers
    - cfg80211: regulatory: reject invalid hints
    - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
    - ALSA: firewire-digi00x: add support for console models of Digi00x series
    - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
    - ALSA; firewire-tascam: exclude Tascam FE-8 from detection
    - fs/affs: use octal for permissions
    - affs: fix basic permission bits to actually work
    - ravb: Fixed to be able to unload modules
    - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
    - bnxt_en: Failure to update PHY is not fatal condition.
    - bnxt: don't enable NAPI until rings are ready
    - net: usb: dm9601: Add USB ID of Keenetic Plus DSL
    - sctp: not disable bh in the whole sctp_get_port_local()
    - net: disable netpoll on fresh napis
    - Linux 4.4.236

* clock: overriding the clocksource should select the requested clocksource
    (LP: #1894591)
    - clocksource: Defer override invalidation unless clock is unstable

* alsa/hdmi: the hdmi audio stops working from Ubuntu-4.4.0-155.182
    (LP: #1895603)
    - ALSA: hda/hdmi - Read the pin sense from register when repolling
    - SAUCE: ALSA: hda/hdmi - Check pin_eld->monitor_present

* Xenial update: v4.4.235 upstream stable release (LP: #1895031)
    - net: Fix potential wrong skb->protocol in skb_vlan_untag()
    - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
    - ipvlan: fix device features
    - bonding: show saner speed for broadcast mode
    - bonding: fix a potential double-unregister
    - powerpc/pseries: Do not initiate shutdown when system is running on UPS
    - ALSA: pci: delete repeated words in comments
    - ASoC: tegra: Fix reference count leaks.
    - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA
      value in debiirq()
    - scsi: target: tcmu: Fix crash on ARM during cmd completion
    - drm/amdkfd: Fix reference count leaks.
    - drm/radeon: fix multiple reference count leak
    - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms
    - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl
    - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
    - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
    - scsi: lpfc: Fix shost refcount mismatch when deleting vport
    - selftests/powerpc: Purge extra count_pmc() calls of ebb selftests
    - PCI: Fix pci_create_slot() reference count leak
    - rtlwifi: rtl8192cu: Prevent leaking urb
    - mips/vdso: Fix resource leaks in genvdso.c
    - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
    - drm/nouveau: Fix reference count leak in nouveau_connector_detect
    - locking/lockdep: Fix overflow in presentation of average lock-time
    - scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
    - ceph: fix potential mdsc use-after-free crash
    - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()
    - EDAC/ie31200: Fallback if host bridge device is already initialized
    - media: davinci: vpif_capture: fix potential double free
    - powerpc/spufs: add CONFIG_COREDUMP dependency
    - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value
    - Revert "ath10k: fix DMA related firmware crashes on multiple devices"
    - i2c: rcar: in slave mode, clear NACK earlier
    - jbd2: make sure jh have b_transaction set in refile/unfile_buffer
    - jbd2: abort journal if free a async write error metadata buffer
    - s390/cio: add cond_resched() in the slow_eval_known_fn() loop
    - scsi: ufs: Fix possible infinite loop in ufshcd_hold
    - net: gianfar: Add of_node_put() before goto statement
    - fbcon: prevent user font height or width change from causing potential out-
      of-bounds access
    - USB: lvtest: return proper error code in probe
    - vt: defer kfree() of vc_screenbuf in vc_do_resize()
    - vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize()
    - serial: samsung: Removes the IRQ not found warning
    - serial: pl011: Don't leak amba_ports entry on driver register error
    - serial: 8250: change lock order in serial8250_do_startup()
    - writeback: Protect inode->i_io_list with inode->i_lock
    - writeback: Avoid skipping inode writeback
    - writeback: Fix sync livelock due to b_dirty_time processing
    - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN
      data pointer which contains XEN specific information.
    - xhci: Do warm-reset when both CAS and XDEV_RESUME are set
    - PM: sleep: core: Fix the handling of pending runtime resume requests
    - device property: Fix the secondary firmware node handling in
      set_primary_fwnode()
    - USB: yurex: Fix bad gfp argument
    - usb: uas: Add quirk for PNY Pro Elite
    - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge
    - usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe()
    - usb: storage: Add unusual_uas entry for Sony PSZ drives
    - btrfs: check the right error variable in btrfs_del_dir_entries_in_log
    - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
    - ALSA: usb-audio: Update documentation comment for MS2109 quirk
    - Linux 4.4.235

* DELL LATITUDE 5491 touchscreen doesn't work (LP: #1889446) // Xenial update:
    v4.4.235 upstream stable release (LP: #1895031)
    - USB: quirks: Add no-lpm quirk for another Raydium touchscreen

* Xenial update: v4.4.234 upstream stable release (LP: #1893248)
    - cxl: Fix kobject memleak
    - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
    - perf probe: Fix memory leakage when the probe point is not found
    - net/compat: Add missing sock updates for SCM_RIGHTS
    - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in
      watchdog_info.options
    - watchdog: f71808e_wdt: remove use of wrong watchdog_info option
    - coredump: fix race condition between collapse_huge_page() and core dumping
    - khugepaged: khugepaged_test_exit() check mmget_still_valid()
    - khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
    - btrfs: export helpers for subvolume name/id resolution
    - btrfs: don't show full path of bind mounts in subvol=
    - romfs: fix uninitialized memory leak in romfs_dev_read()
    - mm: include CMA pages in lowmem_reserve at boot
    - mm, page_alloc: fix core hung in free_pcppages_bulk()
    - ext4: clean up ext4_match() and callers
    - ext4: fix checking of directory entry validity for inline directories
    - media: budget-core: Improve exception handling in budget_register()
    - media: vpss: clean up resources in init
    - Input: psmouse - add a newline when printing 'proto' by sysfs
    - m68knommu: fix overwriting of bits in ColdFire V3 cache control
    - xfs: fix inode quota reservation checks
    - jffs2: fix UAF problem
    - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
    - virtio_ring: Avoid loop when vq is broken in virtqueue_poll
    - xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init
    - alpha: fix annotation of io{read,write}{16,32}be()
    - ext4: fix potential negative array index in do_split()
    - ASoC: intel: Fix memleak in sst_media_open
    - powerpc: Allow 4224 bytes of stack expansion for the signal frame
    - epoll: Keep a reference on files added to the check list
    - do_epoll_ctl(): clean the failure exits up a bit
    - mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible
    - xen: don't reschedule in preemption off sections
    - omapfb: dss: Fix max fclk divider for omap36xx
    - KVM: arm/arm64: Don't reschedule in unmap_stage2_range()
    - Linux 4.4.234

* CVE-2018-10322
    - libxfs: synchronize dinode_verify with userspace
    - xfs: sanity check directory inode di_size
    - xfs: move inode fork verifiers to xfs_dinode_verify
    - xfs: enhance dinode verifier

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Tue, 06 Oct 2020 12:24:31 -0300

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

clock: overriding the clocksource should select the requested clocksource

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package