In addition a test build for lunar's 6.2 was done in PPA at:
https://launchpad.net/~fheimes/+archive/ubuntu/lp2013088
** Also affects: linux (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Lunar)
Importance: High
Assignee: Skipper Bug Screeners (skipper-screen-team)
Status: New
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Lunar)
Status: New => In Progress
** Changed in: ubuntu-z-systems
Status: New => In Progress
** Changed in: linux (Ubuntu Lunar)
Assignee: Skipper Bug Screeners (skipper-screen-team) => Canonical Kernel
Team (canonical-kernel-team)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2013088
Title:
kernel: fix __clear_user() inline assembly constraints
Status in Ubuntu on IBM z Systems:
In Progress
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Bionic:
New
Status in linux source package in Focal:
New
Status in linux source package in Jammy:
New
Status in linux source package in Kinetic:
New
Status in linux source package in Lunar:
In Progress
Bug description:
SRU Bug Template:
=================
[ Impact ]
* In case clear_user() crosses two pages and faults on the second page the
kernel may write lowcore contents to the first page, instead of
clearing it.
* The __clear_user() inline assembly misses earlyclobber constraint
modifiers. Depending on compiler and compiler options this may lead to
incorrect code which copies kernel lowcore contents to user space instead
of clearing memory, in case clear_user() faults.
[ Test Plan ]
* A little test program in C is used for testing (?)
* The test will be done by IBM.
[ Where problems could occur ]
* The modification is limited to function 'long __clear_user'.
* And there, just to one inline assembly constraints line.
* This is usually difficult to trace.
* A erroneous modification may lead to a wrong behavior in
'long __clear_user',
* and maybe returning a wrong size (in uaccess.c).
[ Other Info ]
* This affects all Ubuntu releases in service, down to 18.04.
* Since we are close to 23.04 kernel freeze, I submit a patch request for
23.04 right now, and will submit an SRU request for the all other
Ubuntu releases later.
__________
Description: kernel: fix __clear_user() inline assembly constraints
Symptom: In case clear_user() crosses two pages and faults on the
second page the kernel may write lowcore contents to the
first page, instead of clearing it.
Problem: The __clear_user() inline assembly misses earlyclobber
constraint modifiers. Depending on compiler and compiler
options this may lead to incorrect code which copies kernel
lowcore contents to user space instead of clearing memory,
in case clear_user() faults.
Solution: Add missing earlyclobber constraint modifiers.
Preventive: yes
Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3
Affected Releases:
18.04
20.04
22.04
22.10
23.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
