From: Juergen Gross jgross@suse.com
mainline inclusion from mainline-v6.2-rc4 commit 26ce6ec364f18d2915923bc05784084e54a5c4cc category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7XLNT CVE: CVE-2022-40982
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
---------------------------
commit 26ce6ec364f18d2915923bc05784084e54a5c4cc upstream.
Commit 3f4c8211d982 ("x86/mm: Use mm_alloc() in poking_init()") broke the kernel for running as Xen PV guest.
It seems as if the new address space is never activated before being used, resulting in Xen rejecting to accept the new CR3 value (the PGD isn't pinned).
Fix that by adding the now missing call of paravirt_arch_dup_mmap() to poking_init(). That call was previously done by dup_mm()->dup_mmap() and it is a NOP for all cases but for Xen PV, where it is just doing the pinning of the PGD.
Fixes: 3f4c8211d982 ("x86/mm: Use mm_alloc() in poking_init()") Signed-off-by: Juergen Gross jgross@suse.com Signed-off-by: Peter Zijlstra (Intel) peterz@infradead.org Link: https://lkml.kernel.org/r/20230109150922.10578-1-jgross@suse.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Zeng Heng zengheng4@huawei.com --- arch/x86/mm/init.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 6d14fcaf4c30..1dc6286c7fc2 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -26,6 +26,7 @@ #include <asm/pti.h> #include <asm/text-patching.h> #include <asm/memtype.h> +#include <asm/paravirt.h>
/* * We need to define the tracepoints somewhere, and tlb.c @@ -782,6 +783,9 @@ void __init poking_init(void) poking_mm = copy_init_mm(); BUG_ON(!poking_mm);
+ /* Xen PV guests need the PGD to be pinned. */ + paravirt_arch_dup_mmap(NULL, poking_mm); + /* * Randomize the poking address, but make sure that the following page * will be mapped at the same PMD. We need 2 pages, so find space for 3,