[PATCH 0/3][B] Insufficient shootdown for paging-structure caches (LP: #1798897)

Tyler Hicks tyhicks at canonical.com
Fri Oct 19 22:38:18 UTC 2018


BugLink: https://launchpad.net/bugs/1798897

[Impact]

Paging structure caches are not always flushed as part of a TLB shootdown
operation on x86. See the Project Zero writeup for more details:

  https://bugs.chromium.org/p/project-zero/issues/detail?id=1633

[Test Case]

Ideally, we'd be able to use the test case described in the Project Zero bug
report. However, it depends on certain processor features as well as custom
kernel changes to make the proof-of-concept more likely to be successful.

Instead, I think we're limited to simple boot testing and then will need to
rely on our regular SRU testing.

[Regression Potential]

Considerable since the changes are in mm/ but these three patches have been
released in the upstream linux-stable trees for a while now.


This issue is worthy of a CVE ID and it is my undersatnding that Jann is going
to request one but we should move forward with reviewing/applying these patches
in the meantime.

These patches are already present in the Cosmic kernel. This issue does not
affect kernels older than Bionic's kernel.

Tyler





More information about the kernel-team mailing list