ACK: [SRU][K][J][F][B][PATCH 0/1] kernel: fix __clear_user() inline assembly constraints (LP: 2013088)

Andrei Gherzan andrei.gherzan at canonical.com
Tue Apr 4 10:15:04 UTC 2023 

On 23/04/04 11:10AM, frank.heimes at canonical.com wrote:
> BugLink: https://bugs.launchpad.net/bugs/2013088
> 
> SRU Justification:
> 
> [ Impact ] 
> 
>  * In case clear_user() crosses two pages and faults on the second page the
>    kernel may write lowcore contents to the first page, instead of
>    clearing it.
> 
>  * The __clear_user() inline assembly misses earlyclobber constraint
>    modifiers. Depending on compiler and compiler options this may lead to
>    incorrect code which copies kernel lowcore contents to user space instead
>    of clearing memory, in case clear_user() faults.
> 
> [Fix]
> 
>  * For Kinetic and Jammy cherrypick of
>    89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3
>    "s390/uaccess: add missing earlyclobber annotations to __clear_user()"
> 
>  * For Focal and Bionic a backport of the above commit is needed:
>    https://launchpadlibrarian.net/659551648/s390-uaccess.patch
> 
> [ Test Plan ]
> 
>  * A test program in C is needed and used for testing.
> 
>  * The test will be done by IBM.
> 
> [ Where problems could occur ]
> 
>  * The modification is limited to function 'long __clear_user'.
> 
>  * And there, just to one inline assembly constraints line.
> 
>  * This is usually difficult to trace.
> 
>  * A erroneous modification may lead to a wrong behavior in
>    'long __clear_user',
> 
>  * and maybe returning a wrong size (in uaccess.c).
> 
> [ Other ]
> 
>  * This affects all Ubuntu releases in service, down to 18.04.
> 
>  * Since we are close to 23.04 kernel freeze, I submit a patch request for
>    23.04 separately, and submit the SRU request for the all other
>    Ubuntu releases later.
> 
> Heiko Carstens (1):
>   s390/uaccess: add missing earlyclobber annotations to __clear_user()
> 
>  arch/s390/lib/uaccess.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> -- 
> 2.25.1
Acked-by: Andrei Gherzan <andrei.gherzan at canonical.com>

-- 
Andrei Gherzan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230404/f3d18aa6/attachment.sig>

More information about the kernel-team mailing list