On Thu, Sep 21, 2023 at 05:35:54PM +0100, Ryan Roberts wrote: > On 21/09/2023 17:30, Andrew Morton wrote: > > On Thu, 21 Sep 2023 17:19:59 +0100 Ryan Roberts <ryan.roberts@xxxxxxx> wrote: > > > >> Hi All, > >> > >> This series fixes a bug in arm64's implementation of set_huge_pte_at(), which > >> can result in an unprivileged user causing a kernel panic. The problem was > >> triggered when running the new uffd poison mm selftest for HUGETLB memory. This > >> test (and the uffd poison feature) was merged for v6.6-rc1. However, upon > >> inspection there are multiple other pre-existing paths that can trigger this > >> bug. > >> > >> Ideally, I'd like to get this fix in for v6.6 if possible? And I guess it should > >> be backported too, given there are call sites where this can theoretically > >> happen that pre-date v6.6-rc1 (I've cc'ed stable@xxxxxxxxxxxxxxx). > > > > This gets you a naggygram from Greg. The way to request a backport is > > to add cc:stable to all the changelogs. I'll make that change to my copy. > > Ahh, sorry about that... I just got the same moan from the kernel test robot too. > > > > > > >> Ryan Roberts (8): > >> parisc: hugetlb: Convert set_huge_pte_at() to take vma > >> powerpc: hugetlb: Convert set_huge_pte_at() to take vma > >> riscv: hugetlb: Convert set_huge_pte_at() to take vma > >> s390: hugetlb: Convert set_huge_pte_at() to take vma > >> sparc: hugetlb: Convert set_huge_pte_at() to take vma > >> mm: hugetlb: Convert set_huge_pte_at() to take vma > >> arm64: hugetlb: Convert set_huge_pte_at() to take vma > >> arm64: hugetlb: Fix set_huge_pte_at() to work with all swap entries > >> > >> arch/arm64/include/asm/hugetlb.h | 2 +- > >> arch/arm64/mm/hugetlbpage.c | 22 ++++---------- > >> arch/parisc/include/asm/hugetlb.h | 2 +- > >> arch/parisc/mm/hugetlbpage.c | 4 +-- > >> .../include/asm/nohash/32/hugetlb-8xx.h | 3 +- > >> arch/powerpc/mm/book3s64/hugetlbpage.c | 2 +- > >> arch/powerpc/mm/book3s64/radix_hugetlbpage.c | 2 +- > >> arch/powerpc/mm/nohash/8xx.c | 2 +- > >> arch/powerpc/mm/pgtable.c | 7 ++++- > >> arch/riscv/include/asm/hugetlb.h | 2 +- > >> arch/riscv/mm/hugetlbpage.c | 3 +- > >> arch/s390/include/asm/hugetlb.h | 8 +++-- > >> arch/s390/mm/hugetlbpage.c | 8 ++++- > >> arch/sparc/include/asm/hugetlb.h | 8 +++-- > >> arch/sparc/mm/hugetlbpage.c | 8 ++++- > >> include/asm-generic/hugetlb.h | 6 ++-- > >> include/linux/hugetlb.h | 6 ++-- > >> mm/damon/vaddr.c | 2 +- > >> mm/hugetlb.c | 30 +++++++++---------- > >> mm/migrate.c | 2 +- > >> mm/rmap.c | 10 +++---- > >> mm/vmalloc.c | 5 +++- > >> 22 files changed, 80 insertions(+), 64 deletions(-) > > > > Looks scary but it's actually a fairly modest patchset. It could > > easily be all rolled into a single patch for ease of backporting. > > Maybe Greg has an opinion? > > Yes, I thought about doing that; or perhaps 2 patches - one for the interface > change across all arches and core code, and one for the actual bug fix? I have no issues with taking patch series, or one big patch, into stable trees, they just have to match up with what is in Linus's tree. so if it makes more sense to have this as a series (like you did here), wonderful, make it a patch series. Do not go out of your way to do things differently just for stable kernels, that is not necessary or needed at all. thanks, greg k-h