More test kernels are being build at: https://launchpad.net/~fheimes/+archive/ubuntu/lp2013088 For the K and J series based on a cherrypick of 89aba4c26fae and for the F and B series based on the above backport (with slightly modified meta data).
** Description changed: - SRU Bug Template: - ================= + SRU Justification: + ================== [ Impact ] - * In case clear_user() crosses two pages and faults on the second page the - kernel may write lowcore contents to the first page, instead of - clearing it. + * In case clear_user() crosses two pages and faults on the second page + the kernel may write lowcore contents to the first page, instead of + clearing it. - * The __clear_user() inline assembly misses earlyclobber constraint - modifiers. Depending on compiler and compiler options this may lead to - incorrect code which copies kernel lowcore contents to user space instead - of clearing memory, in case clear_user() faults. + * The __clear_user() inline assembly misses earlyclobber constraint + modifiers. Depending on compiler and compiler options this may lead to + incorrect code which copies kernel lowcore contents to user space + instead of clearing memory, in case clear_user() faults. + + [Fix] + + * For Kinetic and Jammy cherrypick of + 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 + "s390/uaccess: add missing earlyclobber annotations to __clear_user()" + + * For Focal and Bionic a backport of the above commit is needed: + https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] - * A little test program in C is used for testing (?) + * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] - * The modification is limited to function 'long __clear_user'. + * The modification is limited to function 'long __clear_user'. - * And there, just to one inline assembly constraints line. + * And there, just to one inline assembly constraints line. - * This is usually difficult to trace. + * This is usually difficult to trace. - * A erroneous modification may lead to a wrong behavior in - 'long __clear_user', + * A erroneous modification may lead to a wrong behavior in + 'long __clear_user', - * and maybe returning a wrong size (in uaccess.c). + * and maybe returning a wrong size (in uaccess.c). [ Other Info ] - - * This affects all Ubuntu releases in service, down to 18.04. - * Since we are close to 23.04 kernel freeze, I submit a patch request for - 23.04 right now, and will submit an SRU request for the all other - Ubuntu releases later. + * This affects all Ubuntu releases in service, down to 18.04. + + * Since we are close to 23.04 kernel freeze, I submit a patch request for + 23.04 separately, and submit the SRU request for the all other + Ubuntu releases later. __________ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive: yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: In Progress Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Incomplete Status in linux source package in Focal: Incomplete Status in linux source package in Jammy: New Status in linux source package in Kinetic: New Status in linux source package in Lunar: In Progress Bug description: SRU Justification: ================== [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __________ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive: yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
