ACK: [SRU Bionic 0/1] CVE-2020-29374

Wed Jan 13 10:44:11 UTC 2021

On 17.12.20 02:25, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> A child process can read CoW data from a parent. This is the first part of the
> writeup at https://bugs.chromium.org/p/project-zero/issues/detail?id=2045.
> 
> [Test case]
> The code at the Project Zero writeup was the one tested. It was adapted so the
> shared data was read at the child before doing get_user_pages_fast, so the fast
> path would be taken and the fast path on s390x could be tested.
> 
> [Backport]
> There were conflicts that were fixed, and FOLL_PIN does not exist on bionic.
> Also, s390x is the only architecture that matters to us that still had its own
> GUPF implementation at 4.15. So, it needed to carry a fix of its own based on
> the generic one.
> 
> [Potential regression]
> This could break users of GUP and hugepages.
> 
> Linus Torvalds (1):
>   gup: document and work around "COW can break either way" issue
> 
>  arch/s390/mm/gup.c                      |  9 ++++-
>  drivers/gpu/drm/i915/i915_gem_userptr.c |  8 +++++
>  mm/gup.c                                | 44 +++++++++++++++++++++----
>  mm/huge_memory.c                        |  7 ++--
>  4 files changed, 57 insertions(+), 11 deletions(-)
> 
It appears to be implementing what is described and from the area changed I
would suspect that running the reproducing tests should uncover issues. Though
there is always risk when mm code is touched. But then this has to be fixed at
some point.

Acked-by: Stefan Bader <stefan.bader at canonical.com>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210113/9cb74b80/attachment-0001.sig>