kernel-packages team mailing list archive

Thread
Date

[Bug 1352990] Re: remap_4K_pfn() safety improvement needed for Ubuntu 14.10

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Tim Gardner <tim.gardner@xxxxxxxxxxxxx>
Date: Tue, 19 Aug 2014 13:54:09 -0000
Reply-to: Bug 1352990 <1352990@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Upstream commit eeb03a6eaa02e9171f91e385c52a69b159fc6117 (powerpc: Fail
remap_4k_pfn() if PFN doesn't fit inside PTE) was released in Utopic
Ubuntu-3.16.0-8.13. Is this not sufficient safeguard ?

** Also affects: linux (Ubuntu Utopic)
   Importance: Undecided
       Status: Incomplete

** Changed in: linux (Ubuntu Utopic)
       Status: Incomplete => In Progress

** Changed in: linux (Ubuntu Utopic)
     Assignee: (unassigned) => Tim Gardner (timg-tpi)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1352990

Title:
  remap_4K_pfn() safety improvement needed for Ubuntu 14.10

Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux” source package in Utopic:
  Fix Released

Bug description:
  == Comment: #0 - Brian Hart <hartb@xxxxxxxxxx> - 2014-08-04 17:41:57 ==
  ---Problem Description---
  The current implementation of remap_4k_pfn() trusts that it's safe to map the PFN supplied by the requestor.  But there may be PFNs that are not safe to map via remap_4k_pfn().  (For example, the addresses at which PCI MMIO regions are mapped in some hypervisor configurations.)  When an unsafe PFN passes through remap_4k_pfn() some address bits may be unknowingly dropped by the underlying remapping routines.  When that happens the remap will appear to succeed, but any later attempt to use the mapping will checkstop the machine because the truncated target address is not present in the machine.

  A patch has been submitted that will cause remap_4k_pfn() to detect
  and reject these unsafe requests:

  https://lists.ozlabs.org/pipermail/linuxppc-dev/2014-July/119179.html

  Our project needs some form of this safety improvement in the Ubuntu 14.10 release.
   
  ---uname output---
  Linux tul115p1 3.16.0-6-generic #11-Ubuntu SMP Mon Jul 28 02:00:45 UTC 2014 ppc64le ppc64le ppc64le GNU/Linux
   
  Machine Type = 8286-42A 
   
  ---Debugger---
  A debugger is not configured
   
  ---Steps to Reproduce---
   The problem requires a hypervisor that allows PCI MMIO regions to span above the 46-bit line, and a device driver that maps MMIO regions using remap_4k_pfn().

  I can provide detailed instructions and a driver upon request.
   
  Stack trace output:
   no
   
  Oops output:
   no
   
  System Dump Info:
    The system is not configured to capture a system dump.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1352990/+subscriptions