Bug#977615: arm64: memory corruption bug
Package: src:linux
Version: 4.19.160-2
Severity: important
Tags: upstream fixed-upstream
Control: fixed -1 5.9.15-1
Control: fixed -1 5.10~rc7-1~exp1
Control: found -1 5.9.11-1
Opening a bug for visibility. Arguably this could be Severity: grave given
that memory corruption can lead to data loss. It has been fixed upstream in
4.19.161, 5.9.12, and 5.10. I'm not sure about the status for 4.9/stretch
LTS.
There is a memory corruption bug impacting arm64. The upstream fix was made
in 5.10 with commit ff1712f953e2 ("arm64: pgtable: Ensure dirty bit is
preserved across pte_wrprotect()"). The upstream commit [1] describes the
issue as:
With hardware dirty bit management, calling pte_wrprotect() on a
writable, dirty PTE will lose the dirty state and return a
read-only, clean entry.
Impact from the issue has been observed in the real world on systems running
redis, as described at https://github.com/redis/redis/issues/8124 (note in
particular comments [2] and [3], where the kernel connection is made).
1. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff1712f953e27f0b0718762ec17d0adb15c9fd0b
2. https://github.com/redis/redis/issues/8124#issuecomment-745791340
3. https://github.com/redis/redis/issues/8124#issuecomment-745838911
Reply to: