ACK: [SRU OEM-6.1,Lunar 00/14] CVE-2023-3269

Tim Gardner tim.gardner at canonical.com
Wed Jul 5 17:56:19 UTC 2023


On 7/5/23 6:33 AM, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> The conversion to maple tree allows an attacker to cause a use-after-free
> bug and cause a system denial of service (crash) or achieve kernel code
> execution.
> 
> [Potential regression]
> High potential regression as this touches memory management.
> 
> Ben Hutchings (3):
>    mips/mm: Convert to using lock_mm_and_find_vma()
>    riscv/mm: Convert to using lock_mm_and_find_vma()
>    arm/mm: Convert to using lock_mm_and_find_vma()
> 
> Kees Cook (1):
>    exec: Remove FOLL_FORCE for stack setup
> 
> Liam R. Howlett (1):
>    mm: make find_extend_vma() fail if write lock not held
> 
> Linus Torvalds (7):
>    mm: introduce new 'lock_mm_and_find_vma()' page fault helper
>    mm: make the page fault mmap locking killable
>    arm64/mm: Convert to using lock_mm_and_find_vma()
>    mm/fault: convert remaining simple cases to lock_mm_and_find_vma()
>    powerpc/mm: convert coprocessor fault to lock_mm_and_find_vma()
>    execve: expand new process stack manually ahead of time
>    mm: always expand the stack with the mmap write lock held
> 
> Michael Ellerman (1):
>    powerpc/mm: Convert to using lock_mm_and_find_vma()
> 
> Thadeu Lima de Souza Cascardo (1):
>    UBUNTU: [CONFIG]: Set CONFIG_LOCK_MM_AND_FIND_VMA
> 
>   arch/alpha/Kconfig            |   1 +
>   arch/alpha/mm/fault.c         |  13 +---
>   arch/arc/Kconfig              |   1 +
>   arch/arc/mm/fault.c           |  11 +--
>   arch/arm/Kconfig              |   1 +
>   arch/arm/mm/fault.c           |  63 ++++-------------
>   arch/arm64/Kconfig            |   1 +
>   arch/arm64/mm/fault.c         |  46 +++---------
>   arch/csky/Kconfig             |   1 +
>   arch/csky/mm/fault.c          |  22 ++----
>   arch/hexagon/Kconfig          |   1 +
>   arch/hexagon/mm/vm_fault.c    |  18 ++---
>   arch/ia64/mm/fault.c          |  36 ++--------
>   arch/loongarch/Kconfig        |   1 +
>   arch/loongarch/mm/fault.c     |  16 ++---
>   arch/m68k/mm/fault.c          |   9 ++-
>   arch/microblaze/mm/fault.c    |   5 +-
>   arch/mips/Kconfig             |   1 +
>   arch/mips/mm/fault.c          |  12 +---
>   arch/nios2/Kconfig            |   1 +
>   arch/nios2/mm/fault.c         |  17 +----
>   arch/openrisc/mm/fault.c      |   5 +-
>   arch/parisc/mm/fault.c        |  23 +++---
>   arch/powerpc/Kconfig          |   1 +
>   arch/powerpc/mm/copro_fault.c |  14 +---
>   arch/powerpc/mm/fault.c       |  39 +----------
>   arch/riscv/Kconfig            |   1 +
>   arch/riscv/mm/fault.c         |  31 ++++-----
>   arch/s390/mm/fault.c          |   5 +-
>   arch/sh/Kconfig               |   1 +
>   arch/sh/mm/fault.c            |  17 +----
>   arch/sparc/Kconfig            |   1 +
>   arch/sparc/mm/fault_32.c      |  32 +++------
>   arch/sparc/mm/fault_64.c      |   8 ++-
>   arch/um/kernel/trap.c         |  11 +--
>   arch/x86/Kconfig              |   1 +
>   arch/x86/mm/fault.c           |  52 +-------------
>   arch/xtensa/Kconfig           |   1 +
>   arch/xtensa/mm/fault.c        |  14 +---
>   debian.oem/config/annotations |   1 +
>   drivers/iommu/amd/iommu_v2.c  |   4 +-
>   drivers/iommu/io-pgfault.c    |   2 +-
>   fs/binfmt_elf.c               |   6 +-
>   fs/exec.c                     |  38 +++++-----
>   include/linux/mm.h            |  16 ++---
>   mm/Kconfig                    |   4 ++
>   mm/gup.c                      |   6 +-
>   mm/memory.c                   | 127 ++++++++++++++++++++++++++++++++++
>   mm/mmap.c                     | 121 +++++++++++++++++++++++++++-----
>   mm/nommu.c                    |  17 ++---
>   50 files changed, 422 insertions(+), 454 deletions(-)
> 
Acked-by: Tim Gardner <tim.gardner at canonical.com>
-- 
-----------
Tim Gardner
Canonical, Inc




More information about the kernel-team mailing list