On 1/14/21 7:43 PM, Sasha Levin wrote: > On Thu, Jan 14, 2021 at 05:55:13PM -0800, Saied Kazemi wrote: >> Hi Greg, >> >> To fix CVE-2020-29372 in COS kernel versions 4.19 and 5.4, we >> cherry-picked the commit "mm: check that mm is still valid in >> madvise()" (bc0c4d1e176e) that Jens introduced in kernel version 5.7.0 >> into our kernel sources. The commit is small and the cherry-pick was >> successful for both COS kernels versions. >> >> Because COS 4.19 and 5.4 kernels track 4.19.y and 5.4.y respectively, >> can you please cherry-pick the commit to those stable branches? > > 5.4 didn't support IORING_OP_MADVISE and 4.19 didn't have io_uring to > begin with, how is this an issue on those branches? Good point on 5.4, I didn't even think of that. So yeah, doesn't seem like it's applicable to any of those kernels? -- Jens Axboe
