** Description changed: + SRU Bug Template: + ================= + + [ Impact ] + + * In case clear_user() crosses two pages and faults on the second page the + kernel may write lowcore contents to the first page, instead of + clearing it. + + * The __clear_user() inline assembly misses earlyclobber constraint + modifiers. Depending on compiler and compiler options this may lead to + incorrect code which copies kernel lowcore contents to user space instead + of clearing memory, in case clear_user() faults. + + [ Test Plan ] + + * A little test program in C is used for testing (?) + + * The test will be done by IBM. + + [ Where problems could occur ] + + * The modification is limited to function 'long __clear_user'. + + * And there, just to one inline assembly constraints line. + + * This is usually difficult to trace. + + * A erroneous modification may lead to a wrong behavior in + 'long __clear_user', + + * and maybe returning a wrong size (in uaccess.c). + + [ Other Info ] + + * This affects all Ubuntu releases in service, down to 18.04. + + * Since we are close to 23.04 kernel freeze, I submit a patch request for + 23.04 right now, and will submit an SRU request for the all other + Ubuntu releases later. + + __________ + Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the - second page the kernel may write lowcore contents to the - first page, instead of clearing it. + second page the kernel may write lowcore contents to the + first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber - constraint modifiers. Depending on compiler and compiler - options this may lead to incorrect code which copies kernel - lowcore contents to user space instead of clearing memory, - in case clear_user() faults. + constraint modifiers. Depending on compiler and compiler + options this may lead to incorrect code which copies kernel + lowcore contents to user space instead of clearing memory, + in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive: yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: - 18.04 - 20.04 - 22.04 - 22.10 - 23.04 + 18.04 + 20.04 + 22.04 + 22.10 + 23.04
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: New Status in linux package in Ubuntu: New Bug description: SRU Bug Template: ================= [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [ Test Plan ] * A little test program in C is used for testing (?) * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 right now, and will submit an SRU request for the all other Ubuntu releases later. __________ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive: yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
