ACK: [SRU][N][PATCH 0/1] CVE-2024-56765
Stewart Hore
stewart.hore at canonical.com
Wed Feb 26 23:24:39 UTC 2025
On Wed, Feb 26, 2025 at 04:44:44PM +0100, Massimiliano Pellizzer wrote:
> [Impact]
>
> powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
>
> The mapping VMA address is saved in VAS window struct when the
> paste address is mapped. This VMA address is used during migration
> to unmap the paste address if the window is active. The paste
> address mapping will be removed when the window is closed or with
> the munmap(). But the VMA address in the VAS window is not updated
> with munmap() which is causing invalid access during migration.
>
> This patch adds close() callback in vas_vm_ops vm_operations_struct
> which will be executed during munmap() before freeing VMA. The VMA
> address in the VAS window is set to NULL after holding the window
> mmap_mutex.
>
> [Fix]
>
> Oracular: Fixed via upstream stable updates (LP: #2097531)
> Noble: Clean cherry pick from mainline
> Jammy: Not affected
> Focal: Not affected
>
> [Test case]
>
> Compiled and boot tested on a Power10 VM.
>
> [Where problems could occur]
>
> The fix affetcts the VAS subsystem in the PowerPc architecture. An issue
> with this fix may lead to improper handling of VAS windows. A user might
> experience problems such as crashes and failures in application using
> hardware acceleration.
>
> Haren Myneni (1):
> powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
>
> arch/powerpc/platforms/book3s/vas-api.c | 36 +++++++++++++++++++++++++
> 1 file changed, 36 insertions(+)
>
> --
> 2.43.0
Acked-by: Stewart Hore <stewart.hore at canonical.com>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list