Our internal system reported that the issue affected "do_madvise in mm/madvise.c in the Linux kernel before 5.6.8" so we assumed that it affects 5.4 and 4.19. Thank you for clarifying that 5.4 and 4.19 are not affected and it's safe to revert the commit. --Saied On Thu, Jan 14, 2021 at 6:45 PM Jens Axboe <axboe@xxxxxxxxx> wrote: > > On 1/14/21 7:43 PM, Sasha Levin wrote: > > On Thu, Jan 14, 2021 at 05:55:13PM -0800, Saied Kazemi wrote: > >> Hi Greg, > >> > >> To fix CVE-2020-29372 in COS kernel versions 4.19 and 5.4, we > >> cherry-picked the commit "mm: check that mm is still valid in > >> madvise()" (bc0c4d1e176e) that Jens introduced in kernel version 5.7.0 > >> into our kernel sources. The commit is small and the cherry-pick was > >> successful for both COS kernels versions. > >> > >> Because COS 4.19 and 5.4 kernels track 4.19.y and 5.4.y respectively, > >> can you please cherry-pick the commit to those stable branches? > > > > 5.4 didn't support IORING_OP_MADVISE and 4.19 didn't have io_uring to > > begin with, how is this an issue on those branches? > > Good point on 5.4, I didn't even think of that. So yeah, doesn't seem > like it's applicable to any of those kernels? > > -- > Jens Axboe >
