[SRU][N][PATCH 0/1] CVE-2024-56765
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Wed Feb 26 15:44:44 UTC 2025
[Impact]
powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
The mapping VMA address is saved in VAS window struct when the
paste address is mapped. This VMA address is used during migration
to unmap the paste address if the window is active. The paste
address mapping will be removed when the window is closed or with
the munmap(). But the VMA address in the VAS window is not updated
with munmap() which is causing invalid access during migration.
This patch adds close() callback in vas_vm_ops vm_operations_struct
which will be executed during munmap() before freeing VMA. The VMA
address in the VAS window is set to NULL after holding the window
mmap_mutex.
[Fix]
Oracular: Fixed via upstream stable updates (LP: #2097531)
Noble: Clean cherry pick from mainline
Jammy: Not affected
Focal: Not affected
[Test case]
Compiled and boot tested on a Power10 VM.
[Where problems could occur]
The fix affetcts the VAS subsystem in the PowerPc architecture. An issue
with this fix may lead to improper handling of VAS windows. A user might
experience problems such as crashes and failures in application using
hardware acceleration.
Haren Myneni (1):
powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
arch/powerpc/platforms/book3s/vas-api.c | 36 +++++++++++++++++++++++++
1 file changed, 36 insertions(+)
--
2.43.0
More information about the kernel-team
mailing list