This bug is awaiting verification that the linux-azure/5.15.0-1040.47 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-azure -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: ================== [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __________ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive: yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
