Message ID | cover.1510155735.git.joseph.salisbury@canonical.com |
---|---|
Headers | show |
Series | s390/mm: fix write access check in gup_huge_pmd() | expand |
ACK, pending positive test feedback. -Kamal On Wed, Nov 08, 2017 at 04:45:11PM -0500, Joseph Salisbury wrote: > BugLink: http://bugs.launchpad.net/bugs/1730596 > > == SRU Justification == > The check for the _SEGMENT_ENTRY_PROTECT bit in gup_huge_pmd() is the > wrong way around. It must not be set for write==1, and not be checked for > write==0. Fix this similar to how it was fixed for ptes long time ago in > commit 25591b0 ("[S390] fix get_user_pages_fast"). > > One impact of this bug would be unnecessarily using the gup slow path for > write==0 on r/w mappings. A potentially more severe impact would be that > gup_huge_pmd() will succeed for write==1 on r/o mappings. > > This bug is fixed by mainline commit ba385c0594, which is in mainline as of > v4.14-rc2. It was also cc'd to upstream stable. It has already been accepted > in upstream v4.13.y, so Artful and Bionic have the fix via the 4.13.5 stable > updates. This SRU for Xenial needed a minor backport, so it is submitted > separate of Zesty. > > Full testing feedback has not been reported by IBM as of yet. However, I am > still submitting this SRU since the bug is critical and a re-spin may be needed. > > == Fix == > commit ba385c0594e723d41790ecfb12c610e6f90c7785 > Author: Gerald Schaefer <gerald.schaefer@de.ibm.com> > Date: Mon Sep 18 16:51:51 2017 +0200 > > s390/mm: fix write access check in gup_huge_pmd() > > > == Regression Potential == > This patch is specific to s390. It has also been accepted by upstream stable, > so additional upstream review has been done. > > == Test Case == > Awaiting full testing feedback from IBM. SRU still submitted due to critical > importance of bug. > > Gerald Schaefer (1): > s390/mm: fix write access check in gup_huge_pmd() > > arch/s390/mm/gup.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On 11/08/17 22:45, Joseph Salisbury wrote: > BugLink: http://bugs.launchpad.net/bugs/1730596 > > == SRU Justification == > The check for the _SEGMENT_ENTRY_PROTECT bit in gup_huge_pmd() is the > wrong way around. It must not be set for write==1, and not be checked for > write==0. Fix this similar to how it was fixed for ptes long time ago in > commit 25591b0 ("[S390] fix get_user_pages_fast"). > > One impact of this bug would be unnecessarily using the gup slow path for > write==0 on r/w mappings. A potentially more severe impact would be that > gup_huge_pmd() will succeed for write==1 on r/o mappings. > > This bug is fixed by mainline commit ba385c0594, which is in mainline as of > v4.14-rc2. It was also cc'd to upstream stable. It has already been accepted > in upstream v4.13.y, so Artful and Bionic have the fix via the 4.13.5 stable > updates. This SRU for Xenial needed a minor backport, so it is submitted > separate of Zesty. > > Full testing feedback has not been reported by IBM as of yet. However, I am > still submitting this SRU since the bug is critical and a re-spin may be needed. > > == Fix == > commit ba385c0594e723d41790ecfb12c610e6f90c7785 > Author: Gerald Schaefer <gerald.schaefer@de.ibm.com> > Date: Mon Sep 18 16:51:51 2017 +0200 > > s390/mm: fix write access check in gup_huge_pmd() > > > == Regression Potential == > This patch is specific to s390. It has also been accepted by upstream stable, > so additional upstream review has been done. > > == Test Case == > Awaiting full testing feedback from IBM. SRU still submitted due to critical > importance of bug. > > Gerald Schaefer (1): > s390/mm: fix write access check in gup_huge_pmd() > > arch/s390/mm/gup.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > Trivial backport, already on the stable kernels. Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Applied to xenial master-next branch. Thanks. Cascardo. Applied-to: xenial/master-next