kernel: fix __clear_user() inline assembly constraints
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Skipper Bug Screeners | ||
linux (Ubuntu) |
Fix Released
|
High
|
Canonical Kernel Team | ||
Bionic |
Fix Released
|
High
|
Canonical Kernel Team | ||
Focal |
Fix Released
|
High
|
Canonical Kernel Team | ||
Jammy |
Fix Released
|
High
|
Canonical Kernel Team | ||
Kinetic |
Fix Released
|
High
|
Canonical Kernel Team | ||
Lunar |
Fix Released
|
High
|
Canonical Kernel Team |
Bug Description
SRU Justification:
==================
[ Impact ]
* In case clear_user() crosses two pages and faults on the second page
the kernel may write lowcore contents to the first page, instead of
clearing it.
* The __clear_user() inline assembly misses earlyclobber constraint
modifiers. Depending on compiler and compiler options this may lead to
incorrect code which copies kernel lowcore contents to user space
instead of clearing memory, in case clear_user() faults.
[Fix]
* For Kinetic and Jammy cherrypick of
89aba4c26fae 89aba4c26fae4e4
"s390/uaccess: add missing earlyclobber annotations to __clear_user()"
* For Focal and Bionic a backport of the above commit is needed:
https:/
[ Test Plan ]
* A test program in C is needed and used for testing.
* The test will be done by IBM.
[ Where problems could occur ]
* The modification is limited to function 'long __clear_user'.
* And there, just to one inline assembly constraints line.
* This is usually difficult to trace.
* A erroneous modification may lead to a wrong behavior in
'long __clear_user',
* and maybe returning a wrong size (in uaccess.c).
[ Other Info ]
* This affects all Ubuntu releases in service, down to 18.04.
* Since we are close to 23.04 kernel freeze, I submit a patch request for
23.04 separately, and submit the SRU request for the all other
Ubuntu releases later.
__________
Description: kernel: fix __clear_user() inline assembly constraints
Symptom: In case clear_user() crosses two pages and faults on the
Problem: The __clear_user() inline assembly misses earlyclobber
in case clear_user() faults.
Solution: Add missing earlyclobber constraint modifiers.
Preventive: yes
Upstream-ID: 89aba4c26fae4e4
Affected Releases:
CVE References
tags: | added: architecture-s39064 bugnameltc-202103 severity-high targetmilestone-inin--- |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
Changed in linux (Ubuntu): | |
importance: | Undecided → High |
Changed in ubuntu-z-systems: | |
importance: | Undecided → High |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
summary: |
- [UBUNTU 18.04] kernel: fix __clear_user() inline assembly constraints + kernel: fix __clear_user() inline assembly constraints |
description: | updated |
Changed in linux (Ubuntu Bionic): | |
status: | New → Incomplete |
Changed in linux (Ubuntu Focal): | |
status: | New → Incomplete |
Changed in linux (Ubuntu Kinetic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Jammy): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
Patch request submitted for lunar: /lists. ubuntu. com/archives/ kernel- team/2023- March/thread. html#138158
https:/
Updating status for series lunar to 'In Progress'.