[SRU groovy 0/9] CVE-2021-3347

[Thadeu Lima de Souza Cascardo]

[Impact]
This fixes CVE-2021-3347, where userspace could provoke EFAULT during a futex
operation leading to inconsistent internal kernel state, which could then be
exploited. Privilege escalation cannot be ruled out.

[Test plan]
I tested stress-ng --futex, kselftest futex, glibc nptl tests, ltp futex tests,
perf bench futex, and some odd reproducers for past issues. No apparent
regressions.

[Potential regressions]
futex is used in pthreads. So, parallel programs that use futexes for mutual
exclusion can fail or deteriorate, with lockups, race conditions, or bad
performance.

[Fixes]
I ended up picking up some pre-req commits, rather than fixing up everything
with backports. Only one treewide commit was skipped and required a simple
backport. The pre-reqs were cleanups, rather than fixes for open bugs.

André Almeida (2):
  futex: Remove put_futex_key()
  futex: Remove needless goto's

Thomas Gleixner (7):
  futex: Replace pointless printk in fixup_owner()
  futex: Ensure the correct return value from futex_lock_pi()
  futex: Provide and use pi_state_update_owner()
  rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
  futex: Use pi_state_update_owner() in put_pi_state()
  futex: Simplify fixup_pi_state_owner()
  futex: Handle faults correctly for PI futexes

 kernel/futex.c                  | 300 ++++++++++++--------------------
 kernel/locking/rtmutex.c        |   3 +-
 kernel/locking/rtmutex_common.h |   3 +-
 3 files changed, 116 insertions(+), 190 deletions(-)

-- 
2.27.0