[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
** Summary changed: - [UBUNTU 18.04] kernel: fix __clear_user() inline assembly constraints + kernel: fix __clear_user() inline assembly constraints -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: New Status in linux package in Ubuntu: New Bug description: Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
** Description changed: + SRU Bug Template: + = + + [ Impact ] + + * In case clear_user() crosses two pages and faults on the second page the +kernel may write lowcore contents to the first page, instead of +clearing it. + + * The __clear_user() inline assembly misses earlyclobber constraint +modifiers. Depending on compiler and compiler options this may lead to +incorrect code which copies kernel lowcore contents to user space instead +of clearing memory, in case clear_user() faults. + + [ Test Plan ] + + * A little test program in C is used for testing (?) + + * The test will be done by IBM. + + [ Where problems could occur ] + + * The modification is limited to function 'long __clear_user'. + + * And there, just to one inline assembly constraints line. + + * This is usually difficult to trace. + + * A erroneous modification may lead to a wrong behavior in +'long __clear_user', + + * and maybe returning a wrong size (in uaccess.c). + + [ Other Info ] + + * This affects all Ubuntu releases in service, down to 18.04. + + * Since we are close to 23.04 kernel freeze, I submit a patch request for +23.04 right now, and will submit an SRU request for the all other +Ubuntu releases later. + + __ + Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the -second page the kernel may write lowcore contents to the -first page, instead of clearing it. + second page the kernel may write lowcore contents to the + first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber -constraint modifiers. Depending on compiler and compiler -options this may lead to incorrect code which copies kernel -lowcore contents to user space instead of clearing memory, -in case clear_user() faults. + constraint modifiers. Depending on compiler and compiler + options this may lead to incorrect code which copies kernel + lowcore contents to user space instead of clearing memory, + in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: -18.04 -20.04 -22.04 -22.10 -23.04 + 18.04 + 20.04 + 22.04 + 22.10 + 23.04 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: New Status in linux package in Ubuntu: New Bug description: SRU Bug Template: = [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [ Test Plan ] * A little test program in C is used for testing (?) * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 right now, and will submit an SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:ye
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
Patch request submitted for lunar: https://lists.ubuntu.com/archives/kernel-team/2023-March/thread.html#138158 Updating status for series lunar to 'In Progress'. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: In Progress Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: New Status in linux source package in Focal: New Status in linux source package in Jammy: New Status in linux source package in Kinetic: New Status in linux source package in Lunar: In Progress Bug description: SRU Bug Template: = [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [ Test Plan ] * A little test program in C is used for testing (?) * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 right now, and will submit an SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
In addition a test build for lunar's 6.2 was done in PPA at: https://launchpad.net/~fheimes/+archive/ubuntu/lp2013088 ** Also affects: linux (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Lunar) Importance: High Assignee: Skipper Bug Screeners (skipper-screen-team) Status: New ** Also affects: linux (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Kinetic) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Lunar) Status: New => In Progress ** Changed in: ubuntu-z-systems Status: New => In Progress ** Changed in: linux (Ubuntu Lunar) Assignee: Skipper Bug Screeners (skipper-screen-team) => Canonical Kernel Team (canonical-kernel-team) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: In Progress Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: New Status in linux source package in Focal: New Status in linux source package in Jammy: New Status in linux source package in Kinetic: New Status in linux source package in Lunar: In Progress Bug description: SRU Bug Template: = [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [ Test Plan ] * A little test program in C is used for testing (?) * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 right now, and will submit an SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
** Changed in: linux (Ubuntu Bionic) Status: New => Incomplete ** Changed in: linux (Ubuntu Focal) Status: New => Incomplete -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: In Progress Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Incomplete Status in linux source package in Focal: Incomplete Status in linux source package in Jammy: New Status in linux source package in Kinetic: New Status in linux source package in Lunar: In Progress Bug description: SRU Bug Template: = [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [ Test Plan ] * A little test program in C is used for testing (?) * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 right now, and will submit an SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
More test kernels are being build at: https://launchpad.net/~fheimes/+archive/ubuntu/lp2013088 For the K and J series based on a cherrypick of 89aba4c26fae and for the F and B series based on the above backport (with slightly modified meta data). ** Description changed: - SRU Bug Template: - = + SRU Justification: + == [ Impact ] - * In case clear_user() crosses two pages and faults on the second page the -kernel may write lowcore contents to the first page, instead of -clearing it. + * In case clear_user() crosses two pages and faults on the second page +the kernel may write lowcore contents to the first page, instead of + clearing it. - * The __clear_user() inline assembly misses earlyclobber constraint -modifiers. Depending on compiler and compiler options this may lead to -incorrect code which copies kernel lowcore contents to user space instead -of clearing memory, in case clear_user() faults. + * The __clear_user() inline assembly misses earlyclobber constraint + modifiers. Depending on compiler and compiler options this may lead to + incorrect code which copies kernel lowcore contents to user space +instead of clearing memory, in case clear_user() faults. + + [Fix] + + * For Kinetic and Jammy cherrypick of +89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 +"s390/uaccess: add missing earlyclobber annotations to __clear_user()" + + * For Focal and Bionic a backport of the above commit is needed: +https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] - * A little test program in C is used for testing (?) + * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] - * The modification is limited to function 'long __clear_user'. + * The modification is limited to function 'long __clear_user'. - * And there, just to one inline assembly constraints line. + * And there, just to one inline assembly constraints line. - * This is usually difficult to trace. + * This is usually difficult to trace. - * A erroneous modification may lead to a wrong behavior in -'long __clear_user', + * A erroneous modification may lead to a wrong behavior in + 'long __clear_user', - * and maybe returning a wrong size (in uaccess.c). + * and maybe returning a wrong size (in uaccess.c). [ Other Info ] - - * This affects all Ubuntu releases in service, down to 18.04. - * Since we are close to 23.04 kernel freeze, I submit a patch request for -23.04 right now, and will submit an SRU request for the all other -Ubuntu releases later. + * This affects all Ubuntu releases in service, down to 18.04. + + * Since we are close to 23.04 kernel freeze, I submit a patch request for + 23.04 separately, and submit the SRU request for the all other + Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: In Progress Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Incomplete Status in linux source package in Focal: Incomplete Status in linux source package in Jammy: New Status in linux source package in Kinetic: New Status in linux source package in Lunar: In Progress Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
The SRU request for series K, J, F and B was submitted to the kernel team's mailing list: https://lists.ubuntu.com/archives/kernel-team/2023-April/thread.html#138413 ** Changed in: linux (Ubuntu Kinetic) Status: New => In Progress ** Changed in: linux (Ubuntu Jammy) Status: New => In Progress ** Changed in: linux (Ubuntu Focal) Status: Incomplete => In Progress ** Changed in: linux (Ubuntu Bionic) Status: Incomplete => In Progress ** Changed in: linux (Ubuntu Kinetic) Assignee: (unassigned) => Canonical Kernel Team (canonical-kernel-team) ** Changed in: linux (Ubuntu Jammy) Assignee: (unassigned) => Canonical Kernel Team (canonical-kernel-team) ** Changed in: linux (Ubuntu Focal) Assignee: (unassigned) => Canonical Kernel Team (canonical-kernel-team) ** Changed in: linux (Ubuntu Bionic) Assignee: (unassigned) => Canonical Kernel Team (canonical-kernel-team) ** Changed in: linux (Ubuntu Kinetic) Importance: Undecided => High ** Changed in: linux (Ubuntu Jammy) Importance: Undecided => High ** Changed in: linux (Ubuntu Focal) Importance: Undecided => High ** Changed in: linux (Ubuntu Bionic) Importance: Undecided => High -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: In Progress Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: In Progress Status in linux source package in Focal: In Progress Status in linux source package in Jammy: In Progress Status in linux source package in Kinetic: In Progress Status in linux source package in Lunar: In Progress Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
** Changed in: linux (Ubuntu Kinetic) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu Jammy) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu Focal) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu Bionic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: In Progress Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: In Progress Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
** Changed in: ubuntu-z-systems Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: In Progress Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux-bluefield/5.4.0-1064.70 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags removed: verification-done-focal ** Tags added: kernel-spammed-focal-linux-bluefield verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug does not affect linux-bluefield, hence I'm again updating the tags to unblock the process. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux-intel- iotg/5.15.0-1031.36 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification- done-jammy'. If the problem still exists, change the tag 'verification- needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags removed: verification-done-jammy ** Tags added: kernel-spammed-jammy-linux-intel-iotg verification-needed-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug doesn't affect linux-intel-iotg. Hence I'm updating the jammy verification again to done to unblock the process. ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux-aws/5.19.0-1027.28 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags removed: verification-done-kinetic ** Tags added: kernel-spammed-kinetic-linux-aws verification-needed-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux-aws/5.15.0-1038.43 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags removed: verification-done-jammy ** Tags added: kernel-spammed-jammy-linux-aws verification-needed-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux-azure/5.15.0-1040.47 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-azure -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug does affect s390x only, so setting again tags to verified-done to unblock. ** Tags removed: verification-needed-jammy verification-needed-kinetic ** Tags added: verification-done-jammy verification-done-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux-aws/5.4.0-1104.112 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags removed: verification-done-focal ** Tags added: kernel-spammed-focal-linux-aws verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux-azure/5.4.0-1110.116 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-azure -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux-azure/5.19.0-1028.31 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags removed: verification-done-kinetic ** Tags added: kernel-spammed-kinetic-linux-azure verification-needed-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
Due to: https://lists.ubuntu.com/archives/kernel-team/2023-April/138879.html "Already applied as part of upstream stable v6.2.10." I'll update the lunar entry status to Fix Released. ** Changed in: linux (Ubuntu Lunar) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux/5.4.0-149.166 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux/5.19.0-41.42 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-kinetic-linux verification-needed-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux/4.15.0-211.222 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-bionic-linux verification-needed-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux/5.15.0-72.79 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux verification-needed-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
Many thx for the verifications! (I'm adjusting the tags accordingly ...) ** Tags removed: verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-kinetic ** Tags added: verification-done-bionic verification-done-focal verification-done-jammy verification-done-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux- nvidia-5.19/5.19.0-1010.10 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags removed: verification-done-jammy ** Tags added: kernel-spammed-jammy-linux-nvidia-5.19 verification-needed-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug does not affect nvidia-5.19, hence set jammy to done again to unblock. ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug was fixed in the package linux - 4.15.0-211.222 --- linux (4.15.0-211.222) bionic; urgency=medium * bionic/linux: 4.15.0-211.222 -proposed tracker (LP: #2016623) * Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498) - [Debian] autoreconstruct - fix restoration of execute permissions * kernel: fix __clear_user() inline assembly constraints (LP: #2013088) - s390/uaccess: add missing earlyclobber annotations to __clear_user() * Fix selftests/ftracetests/Meta-selftests (LP: #2006453) - selftests/ftrace: Fix bash specific "==" operator * Bionic update: upstream stable patchset 2023-04-05 (LP: #2015399) - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() - netrom: Fix use-after-free caused by accept on already connected socket - squashfs: harden sanity check in squashfs_read_xattr_id_table - sctp: do not check hb_timer.expires when resetting hb_timer - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new - scsi: target: core: Fix warning on RT kernels - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress - net/x25: Fix to not accept on connected socket - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait - fbcon: Check font dimension limits - watchdog: diag288_wdt: do not use stack buffers for hardware data - watchdog: diag288_wdt: fix __diag288() inline assembly - efi: Accept version 2 of memory attributes table - iio: hid: fix the retval in accel_3d_capture_sample - iio: adc: berlin2-adc: Add missing of_node_put() in error path - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others - parisc: Fix return code of pdc_iodc_print() - parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps - mm/swapfile: add cond_resched() in get_swap_pages() - Squashfs: fix handling and sanity checking of xattr_ids count - serial: 8250_dma: Fix DMA Rx completion race - serial: 8250_dma: Fix DMA Rx rearm race - btrfs: limit device extents to the device size - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() - ALSA: pci: lx6464es: fix a debug loop - pinctrl: aspeed: Fix confusing types in return value - pinctrl: single: fix potential NULL dereference - net: USB: Fix wrong-direction WARNING in plusb.c - usb: core: add quirk for Alcor Link AK9563 smartcard reader - migrate: hugetlb: check for hugetlb shared PMD in node migration - tools/virtio: fix the vringh test for virtio ring changes - net/rose: Fix to not accept on connected socket - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association - aio: fix mremap after fork null-deref - mmc: sdio: fix possible resource leaks in some error paths - ALSA: hda/conexant: add a new hda codec SN6180 - hugetlb: check for undefined shift on 32 bit architectures - revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" - i40e: add double of VLAN header when computing the max MTU - net: bgmac: fix BCM5358 support by setting correct flags - dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions. - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path - net: stmmac: Restrict warning on disabling DMA store and fwd mode - ipv6: Fix datagram socket connection with DSCP. - ipv6: Fix tcp socket connection with DSCP. - i40e: Add checking for null for nlmsg_find_attr() - kvm: initialize all of the kvm_debugregs structure before sending it to userspace - nilfs2: fix underflow in second superblock position calculations - ata: libata: Fix sata_down_spd_limit() when no link speed is reported - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF - thermal: intel: int340x: Protect trip temperature from concurrent updates - iio:adc:twl6030: Enable measurement of VAC - IB/hfi1: Restore allocated resources on failed copyout - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY - riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive - wifi: rtl8xxxu: gen2: Turn on the rate control - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G - random: always mix cycle counter in add_latent_entropy() - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2 - alarmtimer: Prevent starvation by small intervals and SIG_IGN - uaccess: Add speculation barrier to copy_from_user() - wifi: mwifiex: Add missing compatible string for SD8787 - bpf: add missing header file include - vc_screen: don't clobber retu
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug was fixed in the package linux - 5.15.0-72.79 --- linux (5.15.0-72.79) jammy; urgency=medium * jammy/linux: 5.15.0-72.79 -proposed tracker (LP: #2016548) * Add split lock detection for EMR (LP: #2015855) - x86/split_lock: Enumerate architectural split lock disable bit * selftest: fib_tests: Always cleanup before exit (LP: #2015956) - selftest: fib_tests: Always cleanup before exit * Add support for intel EMR cpu (LP: #2015372) - platform/x86: intel-uncore-freq: add Emerald Rapids support - perf/x86/intel/cstate: Add Emerald Rapids - perf/x86/rapl: Add support for Intel Emerald Rapids - intel_idle: add Emerald Rapids Xeon support - tools/power/x86/intel-speed-select: Add Emerald Rapid quirk - tools/power turbostat: Introduce support for EMR - powercap: intel_rapl: add support for Emerald Rapids - EDAC/i10nm: Add Intel Emerald Rapids server support * Kernel livepatch ftrace graph fix (LP: #2013603) - kprobes: treewide: Remove trampoline_address from kretprobe_trampoline_handler() - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly - kprobes: Add kretprobe_find_ret_addr() for searching return address - s390/unwind: recover kretprobe modified return address in stacktrace - s390/unwind: fix fgraph return address recovery * Jammy update: v5.15.98 upstream stable release (LP: #2015600) - Linux 5.15.98 * Jammy update: v5.15.97 upstream stable release (LP: #2015599) - ionic: refactor use of ionic_rx_fill() - Fix XFRM-I support for nested ESP tunnels - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc - ARM: dts: rockchip: add power-domains property to dp node on rk3288 - HID: elecom: add support for TrackBall 056E:011C - ACPI: NFIT: fix a potential deadlock during NFIT teardown - btrfs: send: limit number of clones and allocated memory size - ASoC: rt715-sdca: fix clock stop prepare timeout issue - IB/hfi1: Assign npages earlier - neigh: make sure used and confirmed times are valid - HID: core: Fix deadloop in hid_apply_multiplier. - x86/cpu: Add Lunar Lake M - staging: mt7621-dts: change palmbus address to lower case - bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues(). - vc_screen: don't clobber return value in vcs_read - scripts/tags.sh: Invoke 'realpath' via 'xargs' - scripts/tags.sh: fix incompatibility with PCRE2 - usb: dwc3: pci: add support for the Intel Meteor Lake-M - USB: serial: option: add support for VW/Skoda "Carstick LTE" - usb: gadget: u_serial: Add null pointer check in gserial_resume - USB: core: Don't hold device lock while reading the "descriptors" sysfs file - Linux 5.15.97 * Jammy update: v5.15.96 upstream stable release (LP: #2015595) - drm/etnaviv: don't truncate physical page address - wifi: rtl8xxxu: gen2: Turn on the rate control - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink - clk: mxl: Switch from direct readl/writel based IO to regmap based IO - clk: mxl: Remove redundant spinlocks - clk: mxl: Add option to override gate clks - clk: mxl: Fix a clk entry by adding relevant flags - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G - clk: mxl: syscon_node_to_regmap() returns error pointers - random: always mix cycle counter in add_latent_entropy() - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2 - powerpc: use generic version of arch_is_kernel_initmem_freed() - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary - powerpc/64s/radix: Fix crash with unaligned relocated kernel - powerpc/64s/radix: Fix RWX mapping with relocated kernel - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry - uaccess: Add speculation barrier to copy_from_user() - binder: read pre-translated fds from sender buffer - binder: defer copies of pre-patched txn data - binder: fix pointer cast warning - binder: Address corner cases in deferred copy and fixup - binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0 - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() - wifi: mwifiex: Add missing compatible string for SD8787 - audit: update the mailing list in MAINTAINERS - ext4: Fix function prototype mismatch for ext4_feat_ktype - bpf: add missing header file include - Linux 5.15.96 * Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498) - [Debian] autoreconstruct - fix restoration of execute permissions
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug was fixed in the package linux - 5.19.0-42.43 --- linux (5.19.0-42.43) kinetic; urgency=medium * kinetic/linux: 5.19.0-42.43 -proposed tracker (LP: #2016503) * selftest: fib_tests: Always cleanup before exit (LP: #2015956) - selftest: fib_tests: Always cleanup before exit * Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498) - [Debian] autoreconstruct - fix restoration of execute permissions * Kinetic update: upstream stable patchset 2023-04-10 (LP: #2015812) - drm/etnaviv: don't truncate physical page address - wifi: rtl8xxxu: gen2: Turn on the rate control - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink - clk: mxl: Switch from direct readl/writel based IO to regmap based IO - clk: mxl: Remove redundant spinlocks - clk: mxl: Add option to override gate clks - clk: mxl: Fix a clk entry by adding relevant flags - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G - clk: mxl: syscon_node_to_regmap() returns error pointers - random: always mix cycle counter in add_latent_entropy() - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2 - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned - powerpc/64s/radix: Fix RWX mapping with relocated kernel - uaccess: Add speculation barrier to copy_from_user() - wifi: mwifiex: Add missing compatible string for SD8787 - audit: update the mailing list in MAINTAINERS - ext4: Fix function prototype mismatch for ext4_feat_ktype - Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs" - bpf: add missing header file include - wifi: ath11k: fix warning in dma_free_coherent() of memory chunks while recovery - sched/psi: Stop relying on timer_pending() for poll_work rescheduling - docs: perf: Fix PMU instance name of hisi-pcie-pmu - randstruct: disable Clang 15 support - ionic: refactor use of ionic_rx_fill() - Fix XFRM-I support for nested ESP tunnels - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc - ARM: dts: rockchip: add power-domains property to dp node on rk3288 - HID: elecom: add support for TrackBall 056E:011C - ACPI: NFIT: fix a potential deadlock during NFIT teardown - btrfs: send: limit number of clones and allocated memory size - ASoC: rt715-sdca: fix clock stop prepare timeout issue - IB/hfi1: Assign npages earlier - neigh: make sure used and confirmed times are valid - HID: core: Fix deadloop in hid_apply_multiplier. - x86/cpu: Add Lunar Lake M - bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues(). - vc_screen: don't clobber return value in vcs_read - scripts/tags.sh: fix incompatibility with PCRE2 - usb: dwc3: pci: add support for the Intel Meteor Lake-M - USB: serial: option: add support for VW/Skoda "Carstick LTE" - usb: gadget: u_serial: Add null pointer check in gserial_resume - USB: core: Don't hold device lock while reading the "descriptors" sysfs file * Kinetic update: upstream stable patchset 2023-04-06 (LP: #2015511) - ARM: dts: imx: Fix pca9547 i2c-mux node name - ARM: dts: vf610: Fix pca9548 i2c-mux node names - arm64: dts: freescale: Fix pca954x i2c-mux node names - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI - firmware: arm_scmi: Clear stale xfer->hdr.status - bpf: Skip task with pid=1 in send_signal_common() - erofs/zmap.c: Fix incorrect offset calculation - blk-cgroup: fix missing pd_online_fn() while activating policy - HID: playstation: sanity check DualSense calibration data. - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() - extcon: usbc-tusb320: fix kernel-doc warning - net: fix NULL pointer in skb_segment_list - net: mctp: purge receive queues on sk destruction - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() - ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use - ASoC: Intel: bytcr_rt5640: Drop reference count of ACPI device after use - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() - bpf: Fix to preserve reg parent/live fields when copying range in
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
--- Comment From boris.m...@de.ibm.com 2023-05-16 05:24 EDT--- Fix has been successfully verified and released to bionic, focal, jammy, kinetic and lunar. With that, we can close this bug. @Carsten, Frank and the teams: thanks for your work! ==> Changing status to: CLOSED ** Tags removed: targetmilestone-inin--- ** Tags added: targetmilestone-inin1804 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux-gcp/5.19.0-1024.26 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags removed: verification-done-kinetic ** Tags added: kernel-spammed-kinetic-linux-gcp verification-needed-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux- riscv-5.15/5.15.0-1034.38~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags removed: verification-done-focal ** Tags added: kernel-spammed-focal-linux-riscv-5.15 verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug doesn't affect riscv-5.15, it's an s390x inline assembler thing only. Hence I'm updating the focal verification again to done to unblock the process. ** Tags removed: verification-needed-focal verification-needed-kinetic ** Tags added: verification-done-focal verification-done-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux- allwinner/5.19.0-1012.12 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification- done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags removed: verification-done-kinetic ** Tags added: kernel-spammed-kinetic-linux-allwinner verification-needed-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug does not affect linux-allwinner/5.19.0-1012.12, hence I'm again updating the tags to unblock the process. ** Tags removed: verification-needed-kinetic ** Tags added: verification-done-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug was fixed in the package linux - 5.4.0-149.166 --- linux (5.4.0-149.166) focal; urgency=medium * focal/linux: 5.4.0-149.166 -proposed tracker (LP: #2016591) * Focal update: v5.4.233 upstream stable release (LP: #2015909) - dma-mapping: add generic helpers for mapping sgtable objects - scatterlist: add generic wrappers for iterating over sgtable objects - drm: etnaviv: fix common struct sg_table related issues - drm/etnaviv: don't truncate physical page address - wifi: rtl8xxxu: gen2: Turn on the rate control - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G - random: always mix cycle counter in add_latent_entropy() - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2 - alarmtimer: Prevent starvation by small intervals and SIG_IGN - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry - mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh - uaccess: Add speculation barrier to copy_from_user() - wifi: mwifiex: Add missing compatible string for SD8787 - ext4: Fix function prototype mismatch for ext4_feat_ktype - Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs" - bpf: add missing header file include - Linux 5.4.233 * selftest: fib_tests: Always cleanup before exit (LP: #2015956) - selftest: fib_tests: Always cleanup before exit * fib_tests.sh in ubuntu_kernel_selftests was skipped silently on Focal (LP: #2015440) - selftests: Fix the executable permissions for fib_tests.sh * Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498) - [Debian] autoreconstruct - fix restoration of execute permissions * kernel: fix __clear_user() inline assembly constraints (LP: #2013088) - s390/uaccess: add missing earlyclobber annotations to __clear_user() * i/o error if next unused loop device is queried (LP: #1856871) - loop: fix I/O error on fsync() in detached loop devices * CVE-2023-1075 - net/tls: tls_is_tx_ready() checked list_entry * Focal update: v5.4.232 upstream stable release (LP: #2011625) - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX - scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" - WRITE is "data source", not destination... - fix iov_iter_bvec() "direction" argument - fix "direction" argument of iov_iter_kvec() - netrom: Fix use-after-free caused by accept on already connected socket - netfilter: br_netfilter: disable sabotage_in hook after first suppression - squashfs: harden sanity check in squashfs_read_xattr_id_table - net: phy: meson-gxl: Add generic dummy stubs for MMD register access - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate - ata: libata: Fix sata_down_spd_limit() when no link speed is reported - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking - virtio-net: Keep stop() to follow mirror sequence of open() - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new - efi: fix potential NULL deref in efi_mem_reserve_persistent - scsi: target: core: Fix warning on RT kernels - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress - i2c: rk3x: fix a bunch of kernel-doc warnings - net/x25: Fix to not accept on connected socket - iio: adc: stm32-dfsdm: fill module aliases - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API - usb: dwc3: qcom: enable vbus override when in OTG dr-mode - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF - Input: i8042 - move __initconst to fix code styling warning - Input: i8042 - merge quirk tables - Input: i8042 - add TUXEDO devices to i8042 quirk tables - Input: i8042 - add Clevo PCX0DX to i8042 quirk table - fbcon: Check font dimension limits - watchdog: diag288_wdt: do not use stack buffers for hardware data - watchdog: diag288_wdt: fix __diag288() inline assembly - efi: Accept version 2 of memory attributes table - iio: hid: fix the retval in accel_3d_capture_sample - iio: adc: berlin2-adc: Add missing of_node_put() in error path - iio:adc:twl6030: Enable measurements of VUS
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
** Changed in: ubuntu-z-systems Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux-mtk/5.15.0-1030.34 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-done-jammy- linux-mtk'. If the problem still exists, change the tag 'verification- needed-jammy-linux-mtk' to 'verification-failed-jammy-linux-mtk'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-mtk-v2 verification-needed-jammy-linux-mtk -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug only affected s390x, updating all other verification requests to done (to unblock potential processes). ** Tags removed: verification-needed-focal verification-needed-focal-linux-aws-5.15 verification-needed-jammy-linux-mtk verification-needed-kinetic ** Tags added: verification-done-focal verification-done-focal-linux-aws-5.15 verification-done-jammy-linux-mtk verification-done-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
This bug is awaiting verification that the linux- aws-5.15/5.15.0-1046.51~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux- aws-5.15' to 'verification-done-focal-linux-aws-5.15'. If the problem still exists, change the tag 'verification-needed-focal-linux-aws-5.15' to 'verification-failed-focal-linux-aws-5.15'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-aws-5.15-v2 verification-needed-focal-linux-aws-5.15 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013088] Re: kernel: fix __clear_user() inline assembly constraints
** Attachment removed: "uaccess clear_user() fix" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2013088/+attachment/5660553/+files/s390-uaccess.patch -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2013088 Title: kernel: fix __clear_user() inline assembly constraints Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: SRU Justification: == [ Impact ] * In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. * The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. [Fix] * For Kinetic and Jammy cherrypick of 89aba4c26fae 89aba4c26fae4e459f755a18912845c348ee48f3 "s390/uaccess: add missing earlyclobber annotations to __clear_user()" * For Focal and Bionic a backport of the above commit is needed: https://launchpadlibrarian.net/659551648/s390-uaccess.patch [ Test Plan ] * A test program in C is needed and used for testing. * The test will be done by IBM. [ Where problems could occur ] * The modification is limited to function 'long __clear_user'. * And there, just to one inline assembly constraints line. * This is usually difficult to trace. * A erroneous modification may lead to a wrong behavior in 'long __clear_user', * and maybe returning a wrong size (in uaccess.c). [ Other Info ] * This affects all Ubuntu releases in service, down to 18.04. * Since we are close to 23.04 kernel freeze, I submit a patch request for 23.04 separately, and submit the SRU request for the all other Ubuntu releases later. __ Description: kernel: fix __clear_user() inline assembly constraints Symptom: In case clear_user() crosses two pages and faults on the second page the kernel may write lowcore contents to the first page, instead of clearing it. Problem: The __clear_user() inline assembly misses earlyclobber constraint modifiers. Depending on compiler and compiler options this may lead to incorrect code which copies kernel lowcore contents to user space instead of clearing memory, in case clear_user() faults. Solution: Add missing earlyclobber constraint modifiers. Preventive:yes Upstream-ID: 89aba4c26fae4e459f755a18912845c348ee48f3 Affected Releases: 18.04 20.04 22.04 22.10 23.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2013088/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
