Bug#977615: arm64: memory corruption bug

[Salvatore Bonaccorso <carnil@debian.org>]

Hi,

On Thu, Dec 17, 2020 at 08:08:28PM +0000, Noah Meyerhans wrote:
> Package: src:linux
> Version: 4.19.160-2
> Severity: important
> Tags: upstream fixed-upstream
> Control: fixed -1 5.9.15-1
> Control: fixed -1 5.10~rc7-1~exp1
> Control: found -1 5.9.11-1
> 
> Opening a bug for visibility.  Arguably this could be Severity: grave given
> that memory corruption can lead to data loss.  It has been fixed upstream in
> 4.19.161, 5.9.12, and 5.10.  I'm not sure about the status for 4.9/stretch
> LTS.
> 
> There is a memory corruption bug impacting arm64.  The upstream fix was made
> in 5.10 with commit ff1712f953e2 ("arm64: pgtable: Ensure dirty bit is
> preserved across pte_wrprotect()").  The upstream commit [1] describes the
> issue as:
> 
>         With hardware dirty bit management, calling pte_wrprotect() on a
>         writable, dirty PTE will lose the dirty state and return a
>         read-only, clean entry.
> 
> Impact from the issue has been observed in the real world on systems running
> redis, as described at https://github.com/redis/redis/issues/8124 (note in
> particular comments [2] and [3], where the kernel connection is made).
> 
> 1. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff1712f953e27f0b0718762ec17d0adb15c9fd0b
> 2. https://github.com/redis/redis/issues/8124#issuecomment-745791340
> 3. https://github.com/redis/redis/issues/8124#issuecomment-745838911

Thanks. Pending currently with the ongoing rebase in the v4.19.y
series in
https://salsa.debian.org/kernel-team/linux/-/merge_requests/295 .

Just we need to check if this warrants a regression update issued
earlier via stable-updates.

Salvatore