arm64: prevent losing page dirty state
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-aws (Ubuntu) |
New
|
High
|
Andrea Righi | ||
Bionic |
Fix Released
|
High
|
Andrea Righi | ||
Focal |
Fix Released
|
High
|
Andrea Righi | ||
Groovy |
Won't Fix
|
High
|
Andrea Righi | ||
Hirsute |
Won't Fix
|
High
|
Andrea Righi |
Bug Description
[Impact]
With hardware dirty bit management enabled calling pte_wrprotect() on a dirty PTE will clean the dirty state without flushing the content of the page to the backing store.
[Test case]
Bug reported by Amazon, a specific test case is not provided. This problem has been hit by a customer.
[Fix]
Apply commit:
ff1712f953e27f
Backport activity is minimal, it only requires to adjust the context a bit to remove the previous pte_wrprotect() implementation.
[Regression potential]
The fix is specific for arm64 pgtable, it is an upstream fix also marked for stable. The only potential downside could be the extra overhead introduced by the additional call to pte_mkdirty() in pte_wrprotect(), so worst case scenario it could introduce a performance regression. It doesn't seem to potentially introduce any other kind of regression / breakage.
CVE References
Changed in linux-aws (Ubuntu Bionic): | |
assignee: | nobody → Andrea Righi (arighi) |
Changed in linux-aws (Ubuntu Focal): | |
assignee: | nobody → Andrea Righi (arighi) |
Changed in linux-aws (Ubuntu Groovy): | |
assignee: | nobody → Andrea Righi (arighi) |
Changed in linux-aws (Ubuntu Hirsute): | |
assignee: | nobody → Andrea Righi (arighi) |
Changed in linux-aws (Ubuntu Bionic): | |
importance: | Undecided → High |
Changed in linux-aws (Ubuntu Focal): | |
importance: | Undecided → High |
Changed in linux-aws (Ubuntu Groovy): | |
importance: | Undecided → High |
Changed in linux-aws (Ubuntu Hirsute): | |
importance: | Undecided → High |
Changed in linux-aws (Ubuntu Bionic): | |
status: | New → Fix Committed |
Changed in linux-aws (Ubuntu Focal): | |
status: | New → Fix Committed |
Changed in linux-aws (Ubuntu Groovy): | |
status: | New → Fix Committed |
This bug was fixed in the package linux-aws - 5.4.0-1034.35
---------------
linux-aws (5.4.0-1034.35) focal; urgency=medium
* focal/linux-aws: 5.4.0-1034.35 -proposed tracker (LP: #1908586)
* arm64: prevent losing page dirty state (LP: #1908503)
- arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect()
linux-aws (5.4.0-1033.34) focal; urgency=medium
* focal/linux-aws: 5.4.0-1033.34 -proposed tracker (LP: #1907586)
* Focal update: v5.4.75 upstream stable release (LP: #1904450)
- [Config] aws: update config for DW_APB_TIMER
[ Ubuntu: 5.4.0-59.65 ]
* focal/linux: 5.4.0-59.65 -proposed tracker (LP: #1907604) init.skel. h: No such file or free_extent( ) max98927: Fix kabylake_ssp_fixup function HIERARCHY ext_bus_ get_link( ) echo_skb( ): fix real payload length return value for RTR echo_skb( ): fix echo skb generation: always use skb_clone()
* focal: selftests/bpf build broken: test_map_
directory (LP: #1906866)
- SAUCE: Revert selftests/ "bpf: Zero-fill re-used per-cpu map element"
* Packaging resync (LP: #1786013)
- update dkms package versions
* memory is leaked when tasks are moved to net_prio (LP: #1886859)
- netprio_cgroup: Fix unlimited memory leak of v2 cgroups
* Focal update: v5.4.78 upstream stable release (LP: #1905618)
- drm/i915/gem: Flush coherency domains on first set-domain-ioctl
- time: Prevent undefined behaviour in timespec64_to_ns()
- nbd: don't update block size after device is started
- KVM: arm64: Force PTE mapping on fault resulting in a device mapping
- PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0
- usb: dwc3: gadget: Continue to process pending requests
- usb: dwc3: gadget: Reclaim extra TRBs after request completion
- btrfs: tracepoints: output proper root owner for trace_find_
- btrfs: sysfs: init devices outside of the chunk_mutex
- btrfs: reschedule when cloning lots of extents
- ASoC: Intel: kbl_rt5663_
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_
- hv_balloon: disable warning when floor reached
- net: xfrm: fix a race condition during allocing spi
- ASoC: codecs: wcd9335: Set digital gain range correctly
- xfs: set xefi_discard when creating a deferred agfl free log intent item
- netfilter: use actual socket sk rather than skb sk when routing harder
- netfilter: nf_tables: missing validation from the abort path
- netfilter: ipset: Update byte and packet counters regardless of whether they
match
- powerpc/eeh_cache: Fix a possible debugfs deadlock
- perf trace: Fix segfault when trying to trace events by cgroup
- perf tools: Add missing swap for ino_generation
- ALSA: hda: prevent undefined shift in snd_hdac_
- iommu/vt-d: Fix a bug for PDP check in prq_event_thread
- afs: Fix warning due to unadvanced marshalling pointer
- can: rx-offload: don't call kfree_skb() from IRQ context
- can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ
context
- can: dev: __can_get_
frames
- can: can_create_
- can: j1939: swap addr and pgn in the send example
- can: j1939: j1939_sk_bind(): return failure if n...