ACK: [SRU OEM-6.1,Lunar 00/14] CVE-2023-3269
Tim Gardner
tim.gardner at canonical.com
Wed Jul 5 17:56:19 UTC 2023
On 7/5/23 6:33 AM, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> The conversion to maple tree allows an attacker to cause a use-after-free
> bug and cause a system denial of service (crash) or achieve kernel code
> execution.
>
> [Potential regression]
> High potential regression as this touches memory management.
>
> Ben Hutchings (3):
> mips/mm: Convert to using lock_mm_and_find_vma()
> riscv/mm: Convert to using lock_mm_and_find_vma()
> arm/mm: Convert to using lock_mm_and_find_vma()
>
> Kees Cook (1):
> exec: Remove FOLL_FORCE for stack setup
>
> Liam R. Howlett (1):
> mm: make find_extend_vma() fail if write lock not held
>
> Linus Torvalds (7):
> mm: introduce new 'lock_mm_and_find_vma()' page fault helper
> mm: make the page fault mmap locking killable
> arm64/mm: Convert to using lock_mm_and_find_vma()
> mm/fault: convert remaining simple cases to lock_mm_and_find_vma()
> powerpc/mm: convert coprocessor fault to lock_mm_and_find_vma()
> execve: expand new process stack manually ahead of time
> mm: always expand the stack with the mmap write lock held
>
> Michael Ellerman (1):
> powerpc/mm: Convert to using lock_mm_and_find_vma()
>
> Thadeu Lima de Souza Cascardo (1):
> UBUNTU: [CONFIG]: Set CONFIG_LOCK_MM_AND_FIND_VMA
>
> arch/alpha/Kconfig | 1 +
> arch/alpha/mm/fault.c | 13 +---
> arch/arc/Kconfig | 1 +
> arch/arc/mm/fault.c | 11 +--
> arch/arm/Kconfig | 1 +
> arch/arm/mm/fault.c | 63 ++++-------------
> arch/arm64/Kconfig | 1 +
> arch/arm64/mm/fault.c | 46 +++---------
> arch/csky/Kconfig | 1 +
> arch/csky/mm/fault.c | 22 ++----
> arch/hexagon/Kconfig | 1 +
> arch/hexagon/mm/vm_fault.c | 18 ++---
> arch/ia64/mm/fault.c | 36 ++--------
> arch/loongarch/Kconfig | 1 +
> arch/loongarch/mm/fault.c | 16 ++---
> arch/m68k/mm/fault.c | 9 ++-
> arch/microblaze/mm/fault.c | 5 +-
> arch/mips/Kconfig | 1 +
> arch/mips/mm/fault.c | 12 +---
> arch/nios2/Kconfig | 1 +
> arch/nios2/mm/fault.c | 17 +----
> arch/openrisc/mm/fault.c | 5 +-
> arch/parisc/mm/fault.c | 23 +++---
> arch/powerpc/Kconfig | 1 +
> arch/powerpc/mm/copro_fault.c | 14 +---
> arch/powerpc/mm/fault.c | 39 +----------
> arch/riscv/Kconfig | 1 +
> arch/riscv/mm/fault.c | 31 ++++-----
> arch/s390/mm/fault.c | 5 +-
> arch/sh/Kconfig | 1 +
> arch/sh/mm/fault.c | 17 +----
> arch/sparc/Kconfig | 1 +
> arch/sparc/mm/fault_32.c | 32 +++------
> arch/sparc/mm/fault_64.c | 8 ++-
> arch/um/kernel/trap.c | 11 +--
> arch/x86/Kconfig | 1 +
> arch/x86/mm/fault.c | 52 +-------------
> arch/xtensa/Kconfig | 1 +
> arch/xtensa/mm/fault.c | 14 +---
> debian.oem/config/annotations | 1 +
> drivers/iommu/amd/iommu_v2.c | 4 +-
> drivers/iommu/io-pgfault.c | 2 +-
> fs/binfmt_elf.c | 6 +-
> fs/exec.c | 38 +++++-----
> include/linux/mm.h | 16 ++---
> mm/Kconfig | 4 ++
> mm/gup.c | 6 +-
> mm/memory.c | 127 ++++++++++++++++++++++++++++++++++
> mm/mmap.c | 121 +++++++++++++++++++++++++++-----
> mm/nommu.c | 17 ++---
> 50 files changed, 422 insertions(+), 454 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list