group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #19361
[Bug 1730596] Re: s390/mm: fix write access check in gup_huge_pmd()
This bug was fixed in the package linux - 4.4.0-101.124
---------------
linux (4.4.0-101.124) xenial; urgency=low
* linux: 4.4.0-101.124 -proposed tracker (LP: #1731264)
* s390/mm: fix write access check in gup_huge_pmd() (LP: #1730596)
- s390/mm: fix write access check in gup_huge_pmd()
linux (4.4.0-100.123) xenial; urgency=low
* linux: 4.4.0-100.123 -proposed tracker (LP: #1729273)
* Xenial update to 4.4.95 stable release (LP: #1729107)
- USB: devio: Revert "USB: devio: Don't corrupt user memory"
- USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
- USB: serial: metro-usb: add MS7820 device id
- usb: cdc_acm: Add quirk for Elatec TWN3
- usb: quirks: add quirk for WORLDE MINI MIDI keyboard
- usb: hub: Allow reset retry for USB2 devices on connect bounce
- ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
- can: gs_usb: fix busy loop if no more TX context is available
- usb: musb: sunxi: Explicitly release USB PHY on exit
- usb: musb: Check for host-mode using is_host_active() on reset interrupt
- can: esd_usb2: Fix can_dlc value for received RTR, frames
- drm/nouveau/bsp/g92: disable by default
- drm/nouveau/mmu: flush tlbs before deleting page tables
- ALSA: seq: Enable 'use' locking in all configurations
- ALSA: hda: Remove superfluous '-' added by printk conversion
- i2c: ismt: Separate I2C block read from SMBus block read
- brcmsmac: make some local variables 'static const' to reduce stack size
- bus: mbus: fix window size calculation for 4GB windows
- clockevents/drivers/cs5535: Improve resilience to spurious interrupts
- rtlwifi: rtl8821ae: Fix connection lost problem
- KEYS: encrypted: fix dereference of NULL user_key_payload
- lib/digsig: fix dereference of NULL user_key_payload
- KEYS: don't let add_key() update an uninstantiated key
- pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
- parisc: Avoid trashing sr2 and sr3 in LWS code
- parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels
- sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task()
- f2fs crypto: replace some BUG_ON()'s with error checks
- f2fs crypto: add missing locking for keyring_key access
- fscrypt: fix dereference of NULL user_key_payload
- KEYS: Fix race between updating and finding a negative key
- fscrypto: require write access to mount to set encryption policy
- FS-Cache: fix dereference of NULL user_key_payload
- Linux 4.4.95
* Xenial update to 4.4.94 stable release (LP: #1729105)
- percpu: make this_cpu_generic_read() atomic w.r.t. interrupts
- drm/dp/mst: save vcpi with payloads
- MIPS: Fix minimum alignment requirement of IRQ stack
- sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
- bpf/verifier: reject BPF_ALU64|BPF_END
- udpv6: Fix the checksum computation when HW checksum does not apply
- ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header
- net: emac: Fix napi poll list corruption
- packet: hold bind lock when rebinding to fanout hook
- bpf: one perf event close won't free bpf program attached by another perf
event
- isdn/i4l: fetch the ppp_write buffer in one shot
- vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit
- l2tp: Avoid schedule while atomic in exit_net
- l2tp: fix race condition in l2tp_tunnel_delete
- tun: bail out from tun_get_user() if the skb is empty
- packet: in packet_do_bind, test fanout with bind_lock held
- packet: only test po->has_vnet_hdr once in packet_snd
- net: Set sk_prot_creator when cloning sockets to the right proto
- tipc: use only positive error codes in messages
- Revert "bsg-lib: don't free job in bsg_prepare_job"
- locking/lockdep: Add nest_lock integrity test
- watchdog: kempld: fix gcc-4.3 build
- irqchip/crossbar: Fix incorrect type of local variables
- mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length
- mac80211: fix power saving clients handling in iwlwifi
- net/mlx4_en: fix overflow in mlx4_en_init_timestamp()
- netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value.
- iio: adc: xilinx: Fix error handling
- Btrfs: send, fix failure to rename top level inode due to name collision
- f2fs: do not wait for writeback in write_begin
- md/linear: shutup lockdep warnning
- sparc64: Migrate hvcons irq to panicked cpu
- net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new
probed PFs
- crypto: xts - Add ECB dependency
- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock
- slub: do not merge cache if slub_debug contains a never-merge flag
- scsi: scsi_dh_emc: return success in clariion_std_inquiry()
- net: mvpp2: release reference to txq_cpu[] entry after unmapping
- i2c: at91: ensure state is restored after suspending
- ceph: clean up unsafe d_parent accesses in build_dentry_path
- uapi: fix linux/rds.h userspace compilation errors
- uapi: fix linux/mroute6.h userspace compilation errors
- target/iscsi: Fix unsolicited data seq_end_offset calculation
- nfsd/callback: Cleanup callback cred on shutdown
- cpufreq: CPPC: add ACPI_PROCESSOR dependency
- Revert "tty: goldfish: Fix a parameter of a call to free_irq"
- Linux 4.4.94
linux (4.4.0-99.122) xenial; urgency=low
* linux: 4.4.0-99.122 -proposed tracker (LP: #1728945)
* Remove vmbus-rdma driver from Xenial kernel (LP: #1721538)
- SAUCE: remove hv_network_direct driver
- [Config]: Remove hv_network_direct driver
* usb 3-1: 2:1: cannot get freq at ep 0x1 (LP: #1708499)
- ALSA: usb-audio: Add sample rate quirk for Plantronics C310/C520-M
* Plantronics Blackwire C520-M - Cannot get freq at ep 0x1, 0x81
(LP: #1709282)
- ALSA: usb-audio: Add sample rate quirk for Plantronics C310/C520-M
* wait-for-root fails to detect nbd root (LP: #696435)
- nbd: Create size change events for userspace
* Fix OpenNSL GPL bugs found by CoverityScan static analysis (LP: #1718388)
- SAUCE: opennsl: bcm-knet: check for null sinfo to avoid a null pointer
dereference
- SAUCE: opennsl: bcm-knet: remove redundant null checks on dev->name
- SAUCE: opennsl: bde: check for out-of-bounds index io.dev
* HID: multitouch: Correct ALPS PTP Stick and Touchpad devices ID
(LP: #1722719)
- Revert "HID: multitouch: Support ALPS PTP stick with pid 0x120A"
* Xenial update to 4.4.93 stable release (LP: #1724836)
- brcmfmac: add length check in brcmf_cfg80211_escan_handler()
- ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets
- CIFS: Reconnect expired SMB sessions
- nl80211: Define policy for packet pattern attributes
- iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD
- rcu: Allow for page faults in NMI handlers
- USB: dummy-hcd: Fix deadlock caused by disconnect detection
- MIPS: math-emu: Remove pr_err() calls from fpu_emu()
- dmaengine: edma: Align the memcpy acnt array size with the transfer
- HID: usbhid: fix out-of-bounds bug
- crypto: shash - Fix zero-length shash ahash digest crash
- KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
- usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet
- iommu/amd: Finish TLB flush in amd_iommu_unmap()
- ALSA: usb-audio: Kill stray URB at exiting
- ALSA: seq: Fix use-after-free at creating a port
- ALSA: seq: Fix copy_from_user() call inside lock
- ALSA: caiaq: Fix stray URB at probe error path
- ALSA: line6: Fix leftover URB at error-path during probe
- usb: gadget: composite: Fix use-after-free in
usb_composite_overwrite_options
- direct-io: Prevent NULL pointer access in submit_page_section
- fix unbalanced page refcounting in bio_map_user_iov
- USB: serial: ftdi_sio: add id for Cypress WICED dev board
- USB: serial: cp210x: add support for ELV TFD500
- USB: serial: option: add support for TP-Link LTE module
- Revert "UBUNTU: SAUCE: USB: serial: qcserial: add Dell DW5818, DW5819"
- USB: serial: qcserial: add Dell DW5818, DW5819
- USB: serial: console: fix use-after-free after failed setup
- x86/alternatives: Fix alt_max_short macro to really be a max()
- Linux 4.4.93
* NULL pointer dereference in tty_write() in kernel 4.4.0-93.116+
(LP: #1721065)
- tty: Prepare for destroying line discipline on hangup
* Xenial update to 4.4.92 stable release (LP: #1724783)
- usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write
- USB: gadgetfs: Fix crash caused by inadequate synchronization
- USB: gadgetfs: fix copy_to_user while holding spinlock
- usb: gadget: udc: atmel: set vbus irqflags explicitly
- usb-storage: unusual_devs entry to fix write-access regression for Seagate
external drives
- usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe
- usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction
- ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
- usb: pci-quirks.c: Corrected timeout values used in handshake
- USB: dummy-hcd: fix connection failures (wrong speed)
- USB: dummy-hcd: fix infinite-loop resubmission bug
- USB: dummy-hcd: Fix erroneous synchronization change
- USB: devio: Don't corrupt user memory
- usb: gadget: mass_storage: set msg_registered after msg registered
- USB: g_mass_storage: Fix deadlock when driver is unbound
- lsm: fix smack_inode_removexattr and xattr_getsecurity memleak
- ALSA: compress: Remove unused variable
- ALSA: usx2y: Suppress kernel warning at page allocation failures
- driver core: platform: Don't read past the end of "driver_override" buffer
- Drivers: hv: fcopy: restore correct transfer length
- stm class: Fix a use-after-free
- ftrace: Fix kmemleak in unregister_ftrace_graph
- HID: i2c-hid: allocate hid buffers for real worst case
- iwlwifi: add workaround to disable wide channels in 5GHz
- scsi: sd: Do not override max_sectors_kb sysfs setting
- USB: uas: fix bug in handling of alternate settings
- USB: core: harden cdc_parse_cdc_header
- usb: Increase quirk delay for USB devices
- USB: fix out-of-bounds in usb_set_configuration
- xhci: fix finding correct bus_state structure for USB 3.1 hosts
- iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()'
- iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path
of 'twl4030_madc_probe()'
- iio: ad_sigma_delta: Implement a dedicated reset function
- staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma
from stack.
- iio: core: Return error for failed read_reg
- iio: ad7793: Fix the serial interface reset
- iio: adc: mcp320x: Fix readout of negative voltages
- iio: adc: mcp320x: Fix oops on module unload
- uwb: properly check kthread_run return value
- uwb: ensure that endpoint is interrupt
- brcmfmac: setup passive scan if requested by user-space
- drm/i915/bios: ignore HDMI on port A
- sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs
- ext4: fix data corruption for mmap writes
- ext4: Don't clear SGID when inheriting ACLs
- ext4: don't allow encrypted operations without keys
- Linux 4.4.92
* Xenial update to 4.4.91 stable release (LP: #1724772)
- drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define
- drm: bridge: add DT bindings for TI ths8135
- GFS2: Fix reference to ERR_PTR in gfs2_glock_iter_next
- RDS: RDMA: Fix the composite message user notification
- ARM: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes
- MIPS: Ensure bss section ends on a long-aligned address
- MIPS: ralink: Fix incorrect assignment on ralink_soc
- igb: re-assign hw address pointer on reset after PCI error
- extcon: axp288: Use vbus-valid instead of -present to determine cable
presence
- sh_eth: use correct name for ECMR_MPDE bit
- hwmon: (gl520sm) Fix overflows and crash seen when writing into limit
attributes
- iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications
- iio: adc: hx711: Add DT binding for avia,hx711
- ARM: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM
- tty: goldfish: Fix a parameter of a call to free_irq
- IB/ipoib: Fix deadlock over vlan_mutex
- IB/ipoib: rtnl_unlock can not come after free_netdev
- IB/ipoib: Replace list_del of the neigh->list with list_del_init
- drm/amdkfd: fix improper return value on error
- USB: serial: mos7720: fix control-message error handling
- USB: serial: mos7840: fix control-message error handling
- partitions/efi: Fix integer overflow in GPT size calculation
- ASoC: dapm: handle probe deferrals
- audit: log 32-bit socketcalls
- usb: chipidea: vbus event may exist before starting gadget
- ASoC: dapm: fix some pointer error handling
- MIPS: Lantiq: Fix another request_mem_region() return code check
- net: core: Prevent from dereferencing null pointer when releasing SKB
- net/packet: check length in getsockopt() called with PACKET_HDRLEN
- team: fix memory leaks
- usb: plusb: Add support for PL-27A1
- mmc: sdio: fix alignment issue in struct sdio_func
- bridge: netlink: register netdevice before executing changelink
- netfilter: invoke synchronize_rcu after set the _hook_ to NULL
- MIPS: IRQ Stack: Unwind IRQ stack onto task stack
- exynos-gsc: Do not swap cb/cr for semi planar formats
- netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max
- parisc: perf: Fix potential NULL pointer dereference
- iommu/io-pgtable-arm: Check for leaf entry before dereferencing it
- rds: ib: add error handle
- md/raid10: submit bio directly to replacement disk
- i2c: meson: fix wrong variable usage in meson_i2c_put_data
- xfs: remove kmem_zalloc_greedy
- libata: transport: Remove circular dependency at free time
- drivers: firmware: psci: drop duplicate const from psci_of_match
- IB/qib: fix false-postive maybe-uninitialized warning
- ARM: remove duplicate 'const' annotations'
- ALSA: au88x0: avoid theoretical uninitialized access
- ttpci: address stringop overflow warning
- Linux 4.4.91
-- Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx> Fri, 10 Nov
2017 08:24:10 -0200
** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1730596
Title:
s390/mm: fix write access check in gup_huge_pmd()
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Zesty:
Fix Released
Status in linux source package in Artful:
Fix Committed
Status in linux source package in Bionic:
Fix Committed
Bug description:
== SRU Justification ==
The check for the _SEGMENT_ENTRY_PROTECT bit in gup_huge_pmd() is the
wrong way around. It must not be set for write==1, and not be checked for
write==0. Fix this similar to how it was fixed for ptes long time ago in
commit 25591b0 ("[S390] fix get_user_pages_fast").
One impact of this bug would be unnecessarily using the gup slow path for
write==0 on r/w mappings. A potentially more severe impact would be that
gup_huge_pmd() will succeed for write==1 on r/o mappings.
This bug is fixed by mainline commit ba385c0594, which is in mainline
as of v4.14-rc2. It was also cc'd to upstream stable. It has already
been accepted in upstream v4.13.y, so Artful and Bionic have the fix
via the 4.13.5 stable updates.
== Fix ==
commit ba385c0594e723d41790ecfb12c610e6f90c7785
Author: Gerald Schaefer <gerald.schaefer@xxxxxxxxxx>
Date: Mon Sep 18 16:51:51 2017 +0200
s390/mm: fix write access check in gup_huge_pmd()
== Regression Potential ==
This patch is specific to s390. It has also been accepted by upstream stable, so additional upstream review has been done.
Addl information
Problem: The check for the _SEGMENT_ENTRY_PROTECT bit in
gup_huge_pmd() is the wrong way around. It must not be set
for write==1, and not be checked for write==0. Allowing
write==1 with protection bit set, instead of breaking out
to the slow path, will result in a missing faultin_page()
to clear the protection bit (for valid writable mappings),
and the async I/O write operation will fail to write to
such a mapping.
Solution: Fix it by correctly checking the protection bit like it is
also done in gup_pte_range() and gup_huge_pud().
Reproduction: Async I/O workload on buffers that are mapped as transparent
hugepages.
Upstream-ID: ba385c0594e723d41790ecfb12c610e6f90c7785
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1730596/+subscriptions
