ACK: [SRU Xenial 0/1] CVE-2020-29374
Kamal Mostafa
kamal at canonical.com
Thu Jan 21 21:19:18 UTC 2021
LGTM.
Acked-by: Kamal Mostafa <kamal at canonical.com>
-Kamal
On Thu, Dec 17, 2020 at 02:06:20PM -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> A child process can read CoW data from a parent. This is the first part of the
> writeup at https://bugs.chromium.org/p/project-zero/issues/detail?id=2045.
>
> [Test case]
> The code at the Project Zero writeup was the one tested. It was adapted so the
> shared data was read at the child before doing get_user_pages_fast, so the fast
> path would be taken and the fast path on s390x could be tested.
>
> [Backport]
> There were conflicts that were fixed, and FOLL_PIN does not exist on bionic.
> Also, s390x and x86 still had their own GUPF implementation at 4.4. So, they
> needed to carry a fix of their own based on the generic one.
>
> [Potential regression]
> This could break users of GUP and hugepages.
>
> [Tests]
> This was tested with and without the touching of data before vmsplice on amd64,
> i386, s390x, ppc64el.
>
> Linus Torvalds (1):
> gup: document and work around "COW can break either way" issue
>
> arch/s390/mm/gup.c | 9 ++++-
> drivers/gpu/drm/i915/i915_gem_userptr.c | 8 +++++
> mm/gup.c | 44 +++++++++++++++++++++----
> mm/huge_memory.c | 7 ++--
> 4 files changed, 57 insertions(+), 11 deletions(-)
>
> --
> 2.27.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list