--- Comment on attachment From h.carst...@de.ibm.com 2023-04-03 14:32
EDT---
Attached patch applies to 18.04 and 20.04.
** Attachment added: "uaccess clear_user() fix"
https://bugs.launchpad.net/bugs/2013088/+attachment/5745283/+files/s390-uaccess.patch
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2013088
Title:
kernel: fix __clear_user() inline assembly constraints
Status in Ubuntu on IBM z Systems:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Focal:
Fix Released
Status in linux source package in Jammy:
Fix Released
Status in linux source package in Kinetic:
Fix Released
Status in linux source package in Lunar:
Fix Released
Bug description:
SRU Justification:
==
[ Impact ]
* In case clear_user() crosses two pages and faults on the second page
the kernel may write lowcore contents to the first page, instead of
clearing it.
* The __clear_user() inline assembly misses earlyclobber constraint
modifiers. Depending on compiler and compiler options this may lead to
incorrect code which copies kernel lowcore contents to user space
instead of clearing memory, in case clear_user() faults.
[Fix]
* For Kinetic and Jammy cherrypick of
89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3
"s390/uaccess: add missing earlyclobber annotations to __clear_user()"
* For Focal and Bionic a backport of the above commit is needed:
https://launchpadlibrarian.net/659551648/s390-uaccess.patch
[ Test Plan ]
* A test program in C is needed and used for testing.
* The test will be done by IBM.
[ Where problems could occur ]
* The modification is limited to function 'long __clear_user'.
* And there, just to one inline assembly constraints line.
* This is usually difficult to trace.
* A erroneous modification may lead to a wrong behavior in
'long __clear_user',
* and maybe returning a wrong size (in uaccess.c).
[ Other Info ]
* This affects all Ubuntu releases in service, down to 18.04.
* Since we are close to 23.04 kernel freeze, I submit a patch request for
23.04 separately, and submit the SRU request for the all other
Ubuntu releases later.
__
Description: kernel: fix __clear_user() inline assembly constraints
Symptom: In case clear_user() crosses two pages and faults on the
second page the kernel may write lowcore contents to the
first page, instead of clearing it.
Problem: The __clear_user() inline assembly misses earlyclobber
constraint modifiers. Depending on compiler and compiler
options this may lead to incorrect code which copies kernel
lowcore contents to user space instead of clearing memory,
in case clear_user() faults.
Solution: Add missing earlyclobber constraint modifiers.
Preventive:yes
Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3
Affected Releases:
18.04
20.04
22.04
22.10
23.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
