[SRU Bionic 0/1] CVE-2020-29374
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Thu Dec 17 01:25:56 UTC 2020
[Impact]
A child process can read CoW data from a parent. This is the first part of the
writeup at https://bugs.chromium.org/p/project-zero/issues/detail?id=2045.
[Test case]
The code at the Project Zero writeup was the one tested. It was adapted so the
shared data was read at the child before doing get_user_pages_fast, so the fast
path would be taken and the fast path on s390x could be tested.
[Backport]
There were conflicts that were fixed, and FOLL_PIN does not exist on bionic.
Also, s390x is the only architecture that matters to us that still had its own
GUPF implementation at 4.15. So, it needed to carry a fix of its own based on
the generic one.
[Potential regression]
This could break users of GUP and hugepages.
Linus Torvalds (1):
gup: document and work around "COW can break either way" issue
arch/s390/mm/gup.c | 9 ++++-
drivers/gpu/drm/i915/i915_gem_userptr.c | 8 +++++
mm/gup.c | 44 +++++++++++++++++++++----
mm/huge_memory.c | 7 ++--
4 files changed, 57 insertions(+), 11 deletions(-)
--
2.27.0
More information about the kernel-team
mailing list