Reactivate CVE-2020-29374 which is unfixed on some architectures

CVE-2020-29374 involved get_user_pages_fast() which has
architecture-specific implementations in older kernel versions, and
the initial backports didn't fix all of those.  It should now be fixed
for all architectures in upstream stable branches, but is still
unfixed for mips and s390 in 4.19-buster-security.

1 files changed, 19 insertions, 0 deletions

diff --git a/active/CVE-2020-29374 b/active/CVE-2020-29374
new file mode 100644
index 00000000..01140ddd
--- /dev/null
+++ b/active/CVE-2020-29374
@@ -0,0 +1,19 @@
+Description: gup: document and work around "COW can break either way" issue
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=2045
+ https://lore.kernel.org/stable/20210401182125.171484-1-surenb@google.com/
+ https://lore.kernel.org/stable/20211012015244.693594-1-surenb@google.com/
+Notes:
+ bwh> The issue is said to go back to "2.x kernels"
+ carnil> The backport for 4.9.y got reverted in 4.9.298, cf.
+ carnil> 6fbb8383884f2c89f4c7e2c8603b5ed1b90b815f, and then followed by
+ carnil> 0c29640bdecad332b9e2b884217c159f4aeb2556.
+Bugs:
+upstream: released (5.8-rc1) [17839856fd588f4ab6b789f482ed3ffd7c403e1f]
+5.10-upstream-stable: N/A "Fixed before branch point"
+4.19-upstream-stable: released (4.19.189) [5e24029791e809d641e9ea46a1f99806484e53fc], released (4.19.226) [294c7a9fb608c29a9e49010b515228e20ccbec8f]
+4.9-upstream-stable: released (4.9.298) [0c29640bdecad332b9e2b884217c159f4aeb2556]
+sid: released (5.7.6-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1), needed
+4.9-stretch-security: released (4.9.272-1) [bugfix/all/gup-document-and-work-around-cow-can-break-either-wa.patch]