ACK: [SRU Xenial 0/1] CVE-2020-29374
Stefan Bader
stefan.bader at canonical.com
Wed Jan 13 10:49:08 UTC 2021
On 17.12.20 18:06, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> A child process can read CoW data from a parent. This is the first part of the
> writeup at https://bugs.chromium.org/p/project-zero/issues/detail?id=2045.
>
> [Test case]
> The code at the Project Zero writeup was the one tested. It was adapted so the
> shared data was read at the child before doing get_user_pages_fast, so the fast
> path would be taken and the fast path on s390x could be tested.
>
> [Backport]
> There were conflicts that were fixed, and FOLL_PIN does not exist on bionic.
> Also, s390x and x86 still had their own GUPF implementation at 4.4. So, they
> needed to carry a fix of their own based on the generic one.
>
> [Potential regression]
> This could break users of GUP and hugepages.
>
> [Tests]
> This was tested with and without the touching of data before vmsplice on amd64,
> i386, s390x, ppc64el.
>
> Linus Torvalds (1):
> gup: document and work around "COW can break either way" issue
>
> arch/s390/mm/gup.c | 9 ++++-
> drivers/gpu/drm/i915/i915_gem_userptr.c | 8 +++++
> mm/gup.c | 44 +++++++++++++++++++++----
> mm/huge_memory.c | 7 ++--
> 4 files changed, 57 insertions(+), 11 deletions(-)
>
Same reasoning as for the Bionic version. Noticed some difference but more
deteailed insights is beyond what can be done in review. Relying on testability.
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210113/98ce48ff/attachment.sig>
More information about the kernel-team
mailing list