ACK: [L][PATCH 0/1] kernel: fix __clear_user() inline assembly constraints (LP: 2013088)
Cory Todd
cory.todd at canonical.com
Mon Apr 10 15:21:54 UTC 2023
On Tue, Mar 28, 2023 at 07:58:19PM +0200, frank.heimes at canonical.com wrote:
> BugLink: https://bugs.launchpad.net/bugs/2013088
>
> SRU Bug Template:
>
> [ Impact ]
>
> * In case clear_user() crosses two pages and faults on the second page the
> kernel may write lowcore contents to the first page, instead of
> clearing it.
>
> * The __clear_user() inline assembly misses earlyclobber constraint
> modifiers. Depending on compiler and compiler options this may lead to
> incorrect code which copies kernel lowcore contents to user space instead
> of clearing memory, in case clear_user() faults.
>
> [ Test Plan ]
>
> * A little test program in C is used for testing.
>
> * The test will be done by IBM.
>
> [ Where problems could occur ]
>
> * The modification is limited to function 'long __clear_user'.
>
> * And there, just to one inline assembly constraints line.
>
> * This is usually difficult to trace.
>
> * A erroneous modification may lead to a wrong behavior in
> 'long __clear_user',
>
> * and maybe returning a wrong size (in uaccess.c).
>
> [ Other Info ]
>
> * This affects all Ubuntu releases in service, down to 18.04.
>
> * Since we are close to 23.04 kernel freeze, I submit a patch request for
> 23.04 right now, and will submit an SRU request for the all other Ubuntu
> releases later.
>
> Heiko Carstens (1):
> s390/uaccess: add missing earlyclobber annotations to __clear_user()
>
> arch/s390/lib/uaccess.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Acked-by: Cory Todd <cory.todd at canonical.com>
More information about the kernel-team
mailing list