| Message ID | cover.1510155735.git.joseph.salisbury@canonical.com |
|---|---|
| Headers | show |
| Series | s390/mm: fix write access check in gup_huge_pmd() | expand |
ACK, pending positive test feedback. -Kamal On Wed, Nov 08, 2017 at 04:45:11PM -0500, Joseph Salisbury wrote: > BugLink: http://bugs.launchpad.net/bugs/1730596 > > == SRU Justification == > The check for the _SEGMENT_ENTRY_PROTECT bit in gup_huge_pmd() is the > wrong way around. It must not be set for write==1, and not be checked for > write==0. Fix this similar to how it was fixed for ptes long time ago in > commit 25591b0 ("[S390] fix get_user_pages_fast"). > > One impact of this bug would be unnecessarily using the gup slow path for > write==0 on r/w mappings. A potentially more severe impact would be that > gup_huge_pmd() will succeed for write==1 on r/o mappings. > > This bug is fixed by mainline commit ba385c0594, which is in mainline as of > v4.14-rc2. It was also cc'd to upstream stable. It has already been accepted > in upstream v4.13.y, so Artful and Bionic have the fix via the 4.13.5 stable > updates. This SRU for Xenial needed a minor backport, so it is submitted > separate of Zesty. > > Full testing feedback has not been reported by IBM as of yet. However, I am > still submitting this SRU since the bug is critical and a re-spin may be needed. > > == Fix == > commit ba385c0594e723d41790ecfb12c610e6f90c7785 > Author: Gerald Schaefer <gerald.schaefer@de.ibm.com> > Date: Mon Sep 18 16:51:51 2017 +0200 > > s390/mm: fix write access check in gup_huge_pmd() > > > == Regression Potential == > This patch is specific to s390. It has also been accepted by upstream stable, > so additional upstream review has been done. > > == Test Case == > Awaiting full testing feedback from IBM. SRU still submitted due to critical > importance of bug. > > Gerald Schaefer (1): > s390/mm: fix write access check in gup_huge_pmd() > > arch/s390/mm/gup.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On 11/08/17 22:45, Joseph Salisbury wrote: > BugLink: http://bugs.launchpad.net/bugs/1730596 > > == SRU Justification == > The check for the _SEGMENT_ENTRY_PROTECT bit in gup_huge_pmd() is the > wrong way around. It must not be set for write==1, and not be checked for > write==0. Fix this similar to how it was fixed for ptes long time ago in > commit 25591b0 ("[S390] fix get_user_pages_fast"). > > One impact of this bug would be unnecessarily using the gup slow path for > write==0 on r/w mappings. A potentially more severe impact would be that > gup_huge_pmd() will succeed for write==1 on r/o mappings. > > This bug is fixed by mainline commit ba385c0594, which is in mainline as of > v4.14-rc2. It was also cc'd to upstream stable. It has already been accepted > in upstream v4.13.y, so Artful and Bionic have the fix via the 4.13.5 stable > updates. This SRU for Xenial needed a minor backport, so it is submitted > separate of Zesty. > > Full testing feedback has not been reported by IBM as of yet. However, I am > still submitting this SRU since the bug is critical and a re-spin may be needed. > > == Fix == > commit ba385c0594e723d41790ecfb12c610e6f90c7785 > Author: Gerald Schaefer <gerald.schaefer@de.ibm.com> > Date: Mon Sep 18 16:51:51 2017 +0200 > > s390/mm: fix write access check in gup_huge_pmd() > > > == Regression Potential == > This patch is specific to s390. It has also been accepted by upstream stable, > so additional upstream review has been done. > > == Test Case == > Awaiting full testing feedback from IBM. SRU still submitted due to critical > importance of bug. > > Gerald Schaefer (1): > s390/mm: fix write access check in gup_huge_pmd() > > arch/s390/mm/gup.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > Trivial backport, already on the stable kernels. Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Applied to xenial master-next branch. Thanks. Cascardo. Applied-to: xenial/master-next
BugLink: http://bugs.launchpad.net/bugs/1730596 == SRU Justification == The check for the _SEGMENT_ENTRY_PROTECT bit in gup_huge_pmd() is the wrong way around. It must not be set for write==1, and not be checked for write==0. Fix this similar to how it was fixed for ptes long time ago in commit 25591b0 ("[S390] fix get_user_pages_fast"). One impact of this bug would be unnecessarily using the gup slow path for write==0 on r/w mappings. A potentially more severe impact would be that gup_huge_pmd() will succeed for write==1 on r/o mappings. This bug is fixed by mainline commit ba385c0594, which is in mainline as of v4.14-rc2. It was also cc'd to upstream stable. It has already been accepted in upstream v4.13.y, so Artful and Bionic have the fix via the 4.13.5 stable updates. This SRU for Xenial needed a minor backport, so it is submitted separate of Zesty. Full testing feedback has not been reported by IBM as of yet. However, I am still submitting this SRU since the bug is critical and a re-spin may be needed. == Fix == commit ba385c0594e723d41790ecfb12c610e6f90c7785 Author: Gerald Schaefer <gerald.schaefer@de.ibm.com> Date: Mon Sep 18 16:51:51 2017 +0200 s390/mm: fix write access check in gup_huge_pmd() == Regression Potential == This patch is specific to s390. It has also been accepted by upstream stable, so additional upstream review has been done. == Test Case == Awaiting full testing feedback from IBM. SRU still submitted due to critical importance of bug. Gerald Schaefer (1): s390/mm: fix write access check in gup_huge_pmd() arch/s390/mm/gup.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-)