[Trusty->Yakkety] powerpc/64: Fix incorrect return value from __copy_tofrom_user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
Seth Forshee | ||
Trusty |
Fix Released
|
High
|
Seth Forshee | ||
Xenial |
Fix Released
|
High
|
Seth Forshee | ||
Yakkety |
Fix Released
|
High
|
Seth Forshee |
Bug Description
== SRU Justification ==
Impacts all releases from Trusty through Yakkety
http://
From ca47910e3b54950
From: Paul Mackerras <email address hidden>
Date: Tue, 11 Oct 2016 22:18:58 +1100
Subject: [PATCH] powerpc/64: Fix incorrect return value from__copy_
Debugging a data corruption issue with virtio-
the observation that __copy_tofrom_user was occasionally returning
a value 16 larger than it should. Since the return value from
__copy_tofrom_user is the number of bytes not copied, this means
that __copy_tofrom_user can occasionally return a value larger
than the number of bytes it was asked to copy. In turn this can
cause higher-level copy functions such as copy_page_
to corrupt memory by copying data into the wrong memory locations.
It turns out that the failing case involves a fault on the store
at label 79, and at that point the first unmodified byte of the
destination is at R3 + 16. Consequently the exception handler
for that store needs to add 16 to R3 before using it to work out
how many bytes were not copied, but in this one case it was not
adding the offset to R3. To fix it, this moves the label 179 to
the point where we add 16 to R3. I have checked manually all the
exception handlers for the loads and stores in this code and the
rest of them are correct (it would be excellent to have an
automated test of all the exception cases).
Signed-off-by: Paul Mackerras <email address hidden>
---
arch/powerpc/
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/
index f09899e..7b22624 100644
--- a/arch/
+++ b/arch/
@@ -359,6 +359,7 @@ END_FTR_
addi r3,r3,8
171:
177:
+179:
addi r3,r3,8
370:
372:
@@ -373,7 +374,6 @@ END_FTR_
173:
174:
175:
-179:
181:
184:
186:
--
2.7.4
tags: | added: bot-stop-nagging kernel-da-key |
Changed in linux (Ubuntu Yakkety): | |
assignee: | nobody → Seth Forshee (sforshee) |
importance: | Undecided → High |
status: | Incomplete → Fix Committed |
Changed in linux (Ubuntu Xenial): | |
assignee: | nobody → Seth Forshee (sforshee) |
importance: | Undecided → High |
status: | New → Fix Committed |
Changed in linux (Ubuntu Trusty): | |
assignee: | nobody → Seth Forshee (sforshee) |
importance: | Undecided → High |
status: | New → Fix Committed |
tags: |
added: verification-done-xenial verification-done-yakkety removed: verification-needed-xenial verification-needed-yakkety |
tags: |
added: verification-done-trusty removed: verification-needed-trusty |
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1632462
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.