# git rev-parse -q --verify a68a0262abdaa251e12c53715f48e698a18ef402^{commit} a68a0262abdaa251e12c53715f48e698a18ef402 already have revision, skipping fetch # git checkout -q -f -B kisskb a68a0262abdaa251e12c53715f48e698a18ef402 # git clean -qxdf # < git log -1 # commit a68a0262abdaa251e12c53715f48e698a18ef402 # Author: Minchan Kim # Date: Tue Dec 8 20:57:18 2020 -0800 # # mm/madvise: remove racy mm ownership check # # Jann spotted the security hole due to race of mm ownership check. # # If the task is sharing the mm_struct but goes through execve() before # mm_access(), it could skip process_madvise_behavior_valid check. That # makes *any advice hint* to reach into the remote process. # # This patch removes the mm ownership check. With it, it will lose the # ability that local process could give *any* advice hint with vector # interface for some reason (e.g., performance). Since there is no # concrete example in upstream yet, it would be better to remove the # abiliity at this moment and need to review when such new advice comes # up. # # Fixes: ecb8ac8b1f14 ("mm/madvise: introduce process_madvise() syscall: an external memory hinting API") # Reported-by: Jann Horn # Suggested-by: Jann Horn # Signed-off-by: Minchan Kim # Signed-off-by: Linus Torvalds # < /opt/cross/kisskb/korg/gcc-4.9.4-nolibc/arm-linux-gnueabi/bin/arm-linux-gnueabi-gcc --version # < /opt/cross/kisskb/korg/gcc-4.9.4-nolibc/arm-linux-gnueabi/bin/arm-linux-gnueabi-ld --version # < git log --format=%s --max-count=1 a68a0262abdaa251e12c53715f48e698a18ef402 # < make -s -j 10 ARCH=arm O=/kisskb/build/linus_multi_v7_defconfig_arm-gcc4.9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-4.9.4-nolibc/arm-linux-gnueabi/bin/arm-linux-gnueabi- multi_v7_defconfig # make -s -j 10 ARCH=arm O=/kisskb/build/linus_multi_v7_defconfig_arm-gcc4.9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-4.9.4-nolibc/arm-linux-gnueabi/bin/arm-linux-gnueabi- /kisskb/src/arch/arm/boot/dts/mmp2.dtsi:472.23-480.6: Warning (spi_bus_bridge): /soc/apb@d4000000/spi@d4037000: incorrect #address-cells for SPI bus also defined at /kisskb/src/arch/arm/boot/dts/mmp2-olpc-xo-1-75.dts:225.7-237.3 /kisskb/src/arch/arm/boot/dts/mmp2.dtsi:472.23-480.6: Warning (spi_bus_bridge): /soc/apb@d4000000/spi@d4037000: incorrect #size-cells for SPI bus also defined at /kisskb/src/arch/arm/boot/dts/mmp2-olpc-xo-1-75.dts:225.7-237.3 arch/arm/boot/dts/mmp2-olpc-xo-1-75.dtb: Warning (spi_bus_reg): Failed prerequisite 'spi_bus_bridge' /kisskb/src/arch/arm/crypto/ghash-ce-glue.c: In function 'ghash_do_update': /kisskb/src/arch/arm/crypto/ghash-ce-glue.c:67:44: warning: passing argument 4 of 'pmull_ghash_update_p64' from incompatible pointer type pmull_ghash_update_p64(blocks, dg, src, key->h, head); ^ /kisskb/src/arch/arm/crypto/ghash-ce-glue.c:45:17: note: expected 'const u64 (*)[2]' but argument is of type 'u64 (*)[2]' asmlinkage void pmull_ghash_update_p64(int blocks, u64 dg[], const char *src, ^ /kisskb/src/arch/arm/crypto/ghash-ce-glue.c:69:43: warning: passing argument 4 of 'pmull_ghash_update_p8' from incompatible pointer type pmull_ghash_update_p8(blocks, dg, src, key->h, head); ^ /kisskb/src/arch/arm/crypto/ghash-ce-glue.c:48:17: note: expected 'const u64 (*)[2]' but argument is of type 'u64 (*)[2]' asmlinkage void pmull_ghash_update_p8(int blocks, u64 dg[], const char *src, ^ /kisskb/src/drivers/firmware/qcom_scm-smc.c: In function 'scm_smc_call': /kisskb/src/drivers/firmware/qcom_scm-smc.c:94:9: warning: missing braces around initializer [-Wmissing-braces] struct arm_smccc_args smc = {0}; ^ /kisskb/src/drivers/firmware/qcom_scm-smc.c:94:9: warning: (near initialization for 'smc.args') [-Wmissing-braces] /kisskb/src/drivers/firmware/qcom_scm-legacy.c: In function 'scm_legacy_call': /kisskb/src/drivers/firmware/qcom_scm-legacy.c:139:9: warning: missing braces around initializer [-Wmissing-braces] struct arm_smccc_args smc = {0}; ^ /kisskb/src/drivers/firmware/qcom_scm-legacy.c:139:9: warning: (near initialization for 'smc.args') [-Wmissing-braces] Completed OK # rm -rf /kisskb/build/linus_multi_v7_defconfig_arm-gcc4.9 # Build took: 0:04:59.479433