group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #08803
[Bug 1632462] Re: [Trusty->Yakkety] powerpc/64: Fix incorrect return value from __copy_tofrom_user
This bug was fixed in the package linux - 3.13.0-101.148
---------------
linux (3.13.0-101.148) trusty; urgency=low
[ Seth Forshee ]
* Release Tracking Bug
- LP: #1635430
* [arm64] nova instances can't boot with 3.13.0-92 (LP: #1608854)
- Revert "efi: Disable interrupts around EFI calls, not in the epilog/prolog
calls"
- Revert "x86/efi: Use all 64 bit of efi_memmap in setup_e820()"
- Revert "x86/efi: Store upper bits of command line buffer address in
ext_cmd_line_ptr"
- Revert "efivarfs: Ensure VariableName is NUL-terminated"
- Revert "efi/libstub: Fix boundary checking in efi_high_alloc()"
- Revert "arm64: efi: only attempt efi map setup if booting via EFI"
- Revert "UBUNTU: arm64: Implement efi_enabled()"
- Revert "efi/arm64: ignore dtb= when UEFI SecureBoot is enabled"
- Revert "doc: arm64: add description of EFI stub support"
- Revert "UBUNTU: Move get_dram_base to arm private file"
- Revert "arm64: efi: add EFI stub"
- Revert "arm64: add EFI runtime services"
- Revert "efi: Add shared FDT related functions for ARM/ARM64"
- Revert "efi: add helper function to get UEFI params from FDT"
- Revert "doc: efi-stub.txt updates for ARM"
- Revert "efi: Add get_dram_base() helper function"
- Revert "efi: create memory map iteration helper"
- Revert "x86, ia64: Move EFI_FB vga_default_device() initialization to
pci_vga_fixup()"
- Revert "firmware: Do not use WARN_ON(!spin_is_locked())"
- Revert "efi-pstore: Fix an overflow on 32-bit builds"
- Revert "x86/efi: Fix 32-bit fallout"
- Revert "x86/efi: Check krealloc return value"
- Revert "x86/efi: Runtime services virtual mapping"
- Revert "x86/efi: Fix off-by-one bug in EFI Boot Services reservation"
- x86/efi: Simplify EFI_DEBUG
- x86/efi: Runtime services virtual mapping
- x86/efi: Check krealloc return value
- SAUCE: Merge tag 'efi-next' of
git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into x86/efi
- doc: Fix trivial spelling mistake in efi-stub.txt
- x86/efi: Remove unused variables in __map_region()
- x86/efi: Add a wrapper function efi_map_region_fixed()
- x86/efi: Fix off-by-one bug in EFI Boot Services reservation
- x86/efi: Cleanup efi_enter_virtual_mode() function
- efi: Export more EFI table variables to sysfs
- [Config] CONFIG_EFI_RUNTIME_MAP=y
- efi: Export EFI runtime memory mapping to sysfs
- x86/efi: Pass necessary EFI data for kexec via setup_data
- x86/efi: Delete superfluous global variables
- x86/efi: parse_efi_setup() build fix
- SAUCE: Merge tag 'v3.13-rc7' into x86/efi-kexec to resolve conflicts
- x86/efi: Allow mapping BGRT on x86-32
- x86/efi: Fix 32-bit fallout
- x86/efi: Check status field to validate BGRT header
- x86/efi: Quirk out SGI UV
- v3.14 - Bacported EFI up to v3.14
- efi: Move facility flags to struct efi
- efi: Set feature flags inside feature init functions
- efivarfs: 'efivarfs_file_write' function reorganization
- x86/efi: Delete out-of-date comments of efi_query_variable_store
- x86/efi: Style neatening
- x86/efi: Dump the EFI page table
- x86, pageattr: Export page unmapping interface
- x86/efi: Make efi virtual runtime map passing more robust
- x86/efi: Split efi_enter_virtual_mode
- ia64/efi: Implement efi_enabled()
- efi: Use NULL instead of 0 for pointer
- x86, tools: Consolidate #ifdef code
- x86/efi: Delete dead code when checking for non-native
- efi: Add separate 32-bit/64-bit definitions
- x86/efi: Build our own EFI services pointer table
- x86/efi: Add early thunk code to go from 64-bit to 32-bit
- x86/efi: Firmware agnostic handover entry points
- [Config] CONFIG_EFI_MIXED=y
- x86/efi: Wire up CONFIG_EFI_MIXED
- x86/efi: Re-disable interrupts after calling firmware services
- SAUCE: Merge remote-tracking branch 'tip/x86/efi-mixed' into efi-for-mingo
- x86, tools: Fix up compiler warnings
- x86/efi: Preserve segment registers in mixed mode
- x86/efi: Rip out phys_efi_get_time()
- x86/efi: Restore 'attr' argument to query_variable_info()
- SAUCE: merge with v3.15
- fs/efivarfs/super.c: use static const for dentry_operations
- SAUCE: merge with v3.16
- efi: efi-stub-helper cleanup
- efi: create memory map iteration helper
- efi: Add shared printk wrapper for consistent prefixing
- efi: Add get_dram_base() helper function
- efi: x86: Handle arbitrary Unicode characters
- x86/efi: Delete most of the efi_call* macros
- x86/efi: Implement a __efi_call_virt macro
- x86/efi: Save and restore FPU context around efi_calls (x86_64)
- x86/efi: Save and restore FPU context around efi_calls (i386)
- efivars: Use local variables instead of a pointer dereference
- efivars: Check size of user object
- efivars: Stop passing a struct argument to efivar_validate()
- efivars: Refactor sanity checking code into separate function
- efivars: Add compatibility code for compat tasks
- doc: efi-stub.txt updates for ARM
- efi: add helper function to get UEFI params from FDT
- efi: Add shared FDT related functions for ARM/ARM64
- [Config] CONFIG_LIBFDT=y
- arm64: add EFI runtime services
- arm64: efi: add EFI stub
- doc: arm64: add description of EFI stub support
- efi/arm64: ignore dtb= when UEFI SecureBoot is enabled
- arm64: efi: only attempt efi map setup if booting via EFI
- efi-pstore: Fix an overflow on 32-bit builds
- firmware: Do not use WARN_ON(!spin_is_locked())
- x86, ia64: Move EFI_FB vga_default_device() initialization to
pci_vga_fixup()
- efivarfs: Ensure VariableName is NUL-terminated
- x86/efi: Store upper bits of command line buffer address in ext_cmd_line_ptr
- x86/efi: Use all 64 bit of efi_memmap in setup_e820()
- efi: Disable interrupts around EFI calls, not in the epilog/prolog calls
- x86/efi: Fix boot failure with EFI stub
- x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime,
instead of top-down
- efi/libstub: Fix boundary checking in efi_high_alloc()
- efi: Fix compiler warnings (unused, const, type)
- efi: fdt: Do not report an error during boot if UEFI is not available
- efi: Make our variable validation list include the guid
- lib/ucs2_string: Add ucs2 -> utf8 helper functions
- efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version
- efi/reboot: Add generic wrapper around EfiResetSystem()
- efi/arm64: efistub: remove local copy of linux_banner
- x86/reboot: Add EFI reboot quirk for ACPI Hardware Reduced flag
- efi/reboot: Allow powering off machines using EFI
- efi: Fix error handling in add_sysfs_runtime_map_entry()
- efi: Small leak on error in runtime map code
- arm64/efi: map the entire UEFI vendor string before reading it
- arm64/efi: add missing call to early_ioremap_reset()
- efi/arm64: Store Runtime Services revision
- SAUCE: UEFI: Add secure_modules() call
- SAUCE: UEFI: PCI: Lock down BAR access when module security is enabled
- SAUCE: UEFI: x86: Lock down IO port access when module security is enabled
- SAUCE: UEFI: ACPI: Limit access to custom_method
- SAUCE: UEFI: asus-wmi: Restrict debugfs interface when module loading is
restricted
- SAUCE: UEFI: Restrict /dev/mem and /dev/kmem when module loading is
restricted
- SAUCE: UEFI: acpi: Ignore acpi_rsdp kernel parameter when module loading is
restricted
- SAUCE: UEFI: kexec: Disable at runtime if the kernel enforces module loading
restrictions
- SAUCE: UEFI: x86: Restrict MSR access when module loading is restricted
- [Config] CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
- SAUCE: UEFI: Add option to automatically enforce module signatures when in
Secure Boot mode
- SAUCE: UEFI: efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
- SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot
- SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode
- SAUCE: UEFI: Display MOKSBState when disabled
- SAUCE: UEFI: Add secure boot and MOK SB State disabled sysctl
- SAUCE: UEFI: Set EFI_SECURE_BOOT bit in x86_efi_facility
- Revert "x86/efi: Save and restore FPU context around efi_calls (x86_64)"
- [Config] CONFIG_RTC_DRV_EFI=y
* proc_keys_show crash when reading /proc/keys (LP: #1634496)
- KEYS: ensure xbuf is large enough to fix buffer overflow in proc_keys_show
(LP: #1634496)
* [Trusty->Yakkety] powerpc/64: Fix incorrect return value from
__copy_tofrom_user (LP: #1632462)
- SAUCE: (no-up) powerpc/64: Fix incorrect return value from
__copy_tofrom_user
* Ubuntu 16.10: Oops panic in move_page_tables/page_remove_rmap after running
memory_stress_ng. (LP: #1628976)
- SAUCE: (no-up) powerpc/pseries: Fix stack corruption in htpe code
* sha1-powerpc returning wrong results (LP: #1629977)
- crypto: sha1-powerpc - little-endian support
* linux: Implement secure boot state variables (LP: #1593075)
- SAUCE: UEFI: Add secure boot and MOK SB State disabled sysctl
- SAUCE: UEFI: Set EFI_SECURE_BOOT bit in x86_efi_facility
* linux: MokSBState is ignored (LP: #1571691)
- SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot
- SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode
- SAUCE: UEFI: Display MOKSBState when disabled
* linux: Enforce signed module loading when UEFI secure boot (LP: #1566221)
- SAUCE: UEFI: Add secure_modules() call
- SAUCE: UEFI: PCI: Lock down BAR access when module security is enabled
- SAUCE: UEFI: x86: Lock down IO port access when module security is enabled
- SAUCE: UEFI: ACPI: Limit access to custom_method
- SAUCE: UEFI: asus-wmi: Restrict debugfs interface when module loading is
restricted
- SAUCE: UEFI: Restrict /dev/mem and /dev/kmem when module loading is
restricted
- SAUCE: UEFI: acpi: Ignore acpi_rsdp kernel parameter when module loading is
restricted
- SAUCE: UEFI: kexec: Disable at runtime if the kernel enforces module loading
restrictions
- SAUCE: UEFI: x86: Restrict MSR access when module loading is restricted
- SAUCE: UEFI: Add option to automatically enforce module signatures when in
Secure Boot mode
- SAUCE: UEFI: efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
- SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot
- SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode
- SAUCE: UEFI: Display MOKSBState when disabled
* Utopic update to 3.16.7-ckt5 stable release (LP: #1419125)
- arm64/efi: add missing call to early_ioremap_reset()
* Trusty update to 3.16.7-ckt17 stable release (LP: #1500484)
- arm64/efi: map the entire UEFI vendor string before reading it
* Utopic update to 3.16.7-ckt8 stable release (LP: #1434595)
- efi: Small leak on error in runtime map code
* Utopic update to 3.16.7-ckt12 stable release (LP: #1465613)
- efi/reboot: Add generic wrapper around EfiResetSystem()
- x86/reboot: Add EFI reboot quirk for ACPI Hardware Reduced flag
- efi/reboot: Allow powering off machines using EFI
- efi: Fix error handling in add_sysfs_runtime_map_entry()
* Trusty update to 3.16.7-ckt26 stable release (LP: #1563345)
- efi: Make our variable validation list include the guid
- lib/ucs2_string: Add ucs2 -> utf8 helper functions
- efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version
* Utopic update to 3.16.7-ckt9 stable release (LP: #1441317)
- efi/libstub: Fix boundary checking in efi_high_alloc()
* Trusty update to 3.16.7-ckt19 stable release (LP: #1514911)
- x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime,
instead of top-down
* Boot failure with EFI stub (LP: #1603476)
- x86/efi: Fix boot failure with EFI stub
* Trusty update to v3.13.11-ckt33 stable release (LP: #1538756)
- efi: Disable interrupts around EFI calls, not in the epilog/prolog calls
* Trusty update to 3.13.11-ckt26 stable release (LP: #1493305)
- x86/efi: Use all 64 bit of efi_memmap in setup_e820()
* Trusty update to v3.13.11.9 stable release (LP: #1381234)
- x86, ia64: Move EFI_FB vga_default_device() initialization to
pci_vga_fixup()
* CVE-2015-7833
- usbvision: revert commit 588afcc1
* CVE-2014-9904
- ALSA: compress: fix an integer overflow check
* CVE-2015-3288
- mm: avoid setting up anonymous pages into file mapping
* CVE-2016-3961 (LP: #1571020)
- mm: hugetlb: allow hugepages_supported to be architecture specific
- s390/hugetlb: add hugepages_supported define
- x86/mm/xen: Suppress hugetlbfs in PV guests
-- Seth Forshee <seth.forshee@xxxxxxxxxxxxx> Thu, 20 Oct 2016 16:50:48
-0500
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9904
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-3288
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7833
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3961
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1632462
Title:
[Trusty->Yakkety] powerpc/64: Fix incorrect return value from
__copy_tofrom_user
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Fix Committed
Bug description:
== SRU Justification ==
Impacts all releases from Trusty through Yakkety
http://paste.ubuntu.com/23309548/
From ca47910e3b549501b6a3ff786174d2f0d4748ccf Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@xxxxxxxxxx>
Date: Tue, 11 Oct 2016 22:18:58 +1100
Subject: [PATCH] powerpc/64: Fix incorrect return value from__copy_tofrom_user
Debugging a data corruption issue with virtio-net/vhost-net led to
the observation that __copy_tofrom_user was occasionally returning
a value 16 larger than it should. Since the return value from
__copy_tofrom_user is the number of bytes not copied, this means
that __copy_tofrom_user can occasionally return a value larger
than the number of bytes it was asked to copy. In turn this can
cause higher-level copy functions such as copy_page_to_iter_iovec
to corrupt memory by copying data into the wrong memory locations.
It turns out that the failing case involves a fault on the store
at label 79, and at that point the first unmodified byte of the
destination is at R3 + 16. Consequently the exception handler
for that store needs to add 16 to R3 before using it to work out
how many bytes were not copied, but in this one case it was not
adding the offset to R3. To fix it, this moves the label 179 to
the point where we add 16 to R3. I have checked manually all the
exception handlers for the loads and stores in this code and the
rest of them are correct (it would be excellent to have an
automated test of all the exception cases).
Signed-off-by: Paul Mackerras <paulus@xxxxxxxxxx>
---
arch/powerpc/lib/copyuser_64.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/lib/copyuser_64.S b/arch/powerpc/lib/copyuser_64.S
index f09899e..7b22624 100644
--- a/arch/powerpc/lib/copyuser_64.S
+++ b/arch/powerpc/lib/copyuser_64.S
@@ -359,6 +359,7 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_LD_STD)
addi r3,r3,8
171:
177:
+179:
addi r3,r3,8
370:
372:
@@ -373,7 +374,6 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_LD_STD)
173:
174:
175:
-179:
181:
184:
186:
--
2.7.4
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1632462/+subscriptions
